53% of enterprises now run at least one coding agent in production. 71% of professional developers use one daily. 18% of merged PRs list an agent as primary author or pair-coder. Coding agents are effectively new headcount — except nobody onboards them, and nothing they learn survives the session.
Corrections die in the chat session
Here's a week that should sound familiar. Dev A catches the agent force-pushing to main on Monday, corrects it, moves on. Dev B hits the identical mistake on Wednesday. Dev C on Friday. Same agent, same lesson, three separate corrections — because each one lived inside a single chat session and died there.
Humans don't work this way. Engineering orgs built postmortems, runbooks, and review norms precisely so one person's hard-won lesson becomes everyone's default. Agents have no equivalent. Every seat re-learns every lesson, and the org pays for the relearning in tokens, time, and risk.
Why prompt files don't propagate
The standard answer is "put it in CLAUDE.md / .cursorrules." Three problems:
- They're suggestions. The model can ignore them — there is no enforcement, just hope with extra context.
- They drift. Every repo and every dev maintains their own copy. Dev A's rule never reaches Dev B's file.
- They cost tokens forever. The agent re-reads them every session, whether or not they're relevant to the task at hand.
Prompt files are documentation. What teams actually need is enforcement with distribution.
What institutional memory for agents looks like
This is the design problem ThumbGate (open source, MIT, local-first) tries to solve. The shape:
Feedback becomes a rule. One thumbs-down on a bad action is promoted into a Pre-Action Check — not advice in the prompt, but a gate in front of the tool call.
The rule is enforced deterministically. It runs in the PreToolUse hook, locally: literal pattern → AST → scoped rule lookup. No LLM on the enforcement path, so a blocked repeat costs zero tokens and there's nothing for a prompt injection to negotiate with.
The rule propagates. Over MCP stdio, the same check distributes to every connected agent — Claude Code, Cursor, Codex, Gemini CLI, Cline. Dev A's Monday correction is enforced in Dev B's Wednesday session automatically.
Lessons travel between teams. Lessons export/import as portable JSON bundles with dedupe and provenance tracking, so a mature project's prevention rules can onboard a new repo — or a new teammate — on day one.
Every decision is auditable. Blocks, allows, and reroutes land in an audit trail with rule version and timestamp: a record of what agents tried, not just what they did.
Try it
npx thumbgate init # auto-detects your agent, wires the hooks, ~30 seconds
npx thumbgate capture down "Never run DROP on production tables"
From then on, any connected agent that tries to DROP a production table gets blocked before the tool call executes — for every developer wired to the same rules.
Where this fits (and where it doesn't)
This isn't a replacement for code review, tests, or least-privilege credentials — it's the missing propagation layer between them and your agents. It also doesn't make any individual agent smarter; it makes the team stop paying for the same lesson twice. If you're a solo dev on one repo with one agent, a hand-written hook may be enough. The moment there are multiple seats, multiple agents, or multiple repos, propagation is the whole game.
Repo (MIT, local-first): https://github.com/IgorGanapolsky/ThumbGate
How does your team propagate agent corrections today — shared prompt files, hand-rolled hooks, or does everyone just re-learn them? Genuinely curious what's working.
Top comments (0)