Skip to main content
AI/MLIgorGanapolsky

programmatic-agent-runs

Govern Cursor SDK local, cloud, self-hosted, and subagent coding runs before they create branches or PRs.

Stars
21
Source
IgorGanapolsky/ThumbGate
Updated
2026-05-30
Slug
IgorGanapolsky--ThumbGate--programmatic-agent-runs
View on GitHubRaw SKILL.md

// install — copy + paste into any project

mkdir -p .claude/skills && curl -fsSL https://raw.githubusercontent.com/IgorGanapolsky/ThumbGate/HEAD/plugins/cursor-marketplace/skills/programmatic-agent-runs/SKILL.md -o .claude/skills/programmatic-agent-runs.md

Drops the SKILL.md into .claude/skills/programmatic-agent-runs.md. Works with Claude Code, Cursor, and any agent that loads SKILL.md files from .claude/skills/.

Programmatic Agent Runs

Use this skill before launching a coding agent through the Cursor SDK, Cursor cloud agents, self-hosted workers, or subagents.

When to use

  • A task starts from code, CI, a backend service, a kanban automation, or any unattended workflow
  • The run can edit files, push a branch, create a PR, publish a package, deploy, or call shell tools
  • The run delegates work to subagents with different prompts, models, or scopes

Launch checklist

  1. Recall lessons with search_lessons for the repo, branch, files, and intended action.
  2. Check active gates with prevention_rules before enabling writes or autoCreatePR.
  3. Use the narrowest runtime: local for developer-in-the-loop work, cloud for isolated async work, self-hosted for private network/data requirements.
  4. Give each subagent a bounded file or responsibility scope.
  5. Persist run metadata: runtime, repo URL, starting ref, run id, agent id, branch, PR URL, and linked ThumbGate evidence.
  6. Require verification output before merge, publish, deploy, or customer-facing claims.

Cursor SDK guardrails

  • Attach ThumbGate MCP through the run environment so the agent can retrieve lessons and gates.
  • Prefer a clean starting ref and a disposable branch for cloud VM runs.
  • Do not set autoCreatePR for destructive, billing, release, or production tasks unless the gate check is clean.
  • If a cloud run finishes while the developer is offline, inspect the run transcript and PR diff before treating the result as accepted.
  • Capture thumbs_down feedback when a run violates scope, skips proof, repeats a known mistake, or opens a noisy PR.

Output

For each governed run, report:

  • Runtime: local, cloud, or self-hosted
  • Scope: files, modules, or workflow the agent may touch
  • Gates checked and result
  • Verification evidence
  • Branch or PR URL
  • Any feedback captured for future prevention