__GOOGLE_SITE_VERIFICATION_META__ ThumbGate โ€” Pre-action checks for AI coding agents __GA_BOOTSTRAP__
๐Ÿ‘ ๐Ÿ‘Ž Local-first ยท open-source ยท enterprise governance when agents touch real systems

Catch AI agents before they spend money, leak secrets, or break production.

Claude Code, Cursor, Codex, Gemini CLI, Amp, Cline, OpenCode, and MCP tools can touch terminals, repos, databases, SaaS APIs, and cloud systems. After a configured agent proposes a tool call, ThumbGate evaluates it before execution and records the decision. The default policy denies detected secret exfiltration plus commands that kill the ThumbGate gate process or enable its bypass environment variable; other matched high-risk classes such as destructive deletes, force-pushes, and fetch-and-run commands warn by default. Strict mode turns matching warning-mode checks into denies. The beachhead buyer is an enterprise engineering, security, or platform team that needs governed AI-agent execution before agents touch regulated or high-blast-radius workflows.

ThumbGate flagging an AI agent's rm -rf, git push --force, and chmod 777 in real time โ€” flagging them by default and hard-blocking under strict mode โ€” while letting safe commands through

Money path today: Workflow Hardening Diagnostic ($__SPRINT_DIAGNOSTIC_PRICE_DOLLARS__) or Sprint ($__WORKFLOW_SPRINT_PRICE_DOLLARS__) for one repeated agent failure. Pro stays the solo self-serve lane. Prefer scoping first? Send workflow first.

Team / enterprise: buy proof this week

One workflow. One repeated failure. Paid diagnostic or sprint with Stripe โ€” credit applies when you continue to implementation.

Pay $__SPRINT_DIAGNOSTIC_PRICE_DOLLARS__ diagnostic โ†’ Pay $__WORKFLOW_SPRINT_PRICE_DOLLARS__ sprint โ†’
Solo operator: Start Pro

Unlimited rules, recall, proof, exports after one real caught repeat.

Pay $19/mo with Stripe โ†’
Still evaluating: Free CLI or intake

2 captures/day, 3 active rules. Or send the workflow if you need fit review before paying.

Send workflow first โ†’
Ideal customer Enterprise engineering, security, and platform teams already using AI coding agents in repos, CI/CD, SaaS APIs, cloud operations, or audited workflows.
Pain Security is the pain: agents can repeat dangerous actions. Enterprise governance is the budget: policy, auditability, approvals, and shared prevention before execution.
Partnership fit Detection and coordination layers can identify drift. ThumbGate turns approved findings into enforceable PreToolUse rules with decision evidence.
weekly npm installs of thumbgate MIT open source Local-first Works with MCP-compatible agents Verification evidence in GitHub
“A better dashboard doesn’t make the agents more reliable. The hard part isn’t visibility. It’s trust.”
โ€” Rob May, CEO & co-founder, Neurometric AI, in The New Stack on Anthropic’s Claude Code Agent View (May 2026). This is Rob May describing the industry, not an endorsement of ThumbGate. ThumbGate addresses that trust problem with configured PreToolUse gates, accepted feedback, explicit prevention rules, and local decision records.

Local-first is the new default

Perplexity demoed a Personal Computer agent at Computex 2026 that asks the user before sending sensitive content to the cloud. Automation Anywhere shipped EnterpriseClaw with Cisco, NVIDIA, Okta, and OpenAI โ€” central policy, locally enforced, audit reported back. The architectural debate is settled. ThumbGate runs the same pattern for the coding agent already on your laptop.
Sources: Perplexity at Intel Computex keynote (2026-06-02), Automation Anywhere EnterpriseClaw launch (Imagine 2026), The New Stack coverage.

Run your first pre-action check locally.

Install ThumbGate, capture concrete feedback, and let the configured PreToolUse hook flag a matching action before execution. Upgrade only when you need higher limits, recall, a personal dashboard, or exports.

1. Install ThumbGate

Run npx thumbgate init in your repo. Claude, Cursor, Codex, Gemini, Amp, Cline, and OpenCode are supported through local hook or MCP-compatible setup paths.

2. Give feedback

Use thumbs up for a good pattern and thumbs down with concrete context for a failure. Accepted feedback becomes a local lesson; recurring failures can be promoted into prevention rules.

3. The repeat gets flagged

A matching tool call is evaluated and recorded before execution, with a reason the agent can use to choose a safer plan. Detected secret exfiltration and commands that kill the gate process or enable its bypass variable are denied by default; strict mode also denies matching warning-mode checks.

โ€œWhy not just write my own PreToolUse hooks?โ€

You can โ€” on one machine, for one agent, until the next breaking change. ThumbGate is that idea, maintained: accepted feedback becomes local lessons, recurring failures can become explicit rules, and those rules can be reused by supported agents configured against the same local install scope. Claude Code, Cursor, Codex, Gemini, Amp, Cline, and OpenCode each require their documented integration setup. Hand-written hooks do not automatically provide ThumbGate's lesson store, rule promotion, local decision records, or adapter tests.

See ThumbGate vs. hand-written hooks โ†’

The market moved from โ€œagents can codeโ€ to โ€œwho is allowed to let agents act?โ€

The high-ROI buyer story is not another chatbot memory claim. June 2026 coverage is pushing the same pattern from multiple directions: tool lockdown, MCP security, managed agents, context budgets, and agent-authored production code all need pre-action governance at the execution boundary.

MCP and tool lockdown

As MCP servers and hosted tools spread, the failure mode is no longer just a bad answer. It is an agent calling the wrong tool with real developer permissions. ThumbGate provides a local allow, warn, or deny decision before a configured tool call executes.

Managed agents need receipts

Managed background agents can multiply output, but every extra autonomous run needs evidence, rollback boundaries, and approval rules. ThumbGate records why a configured pre-action check allowed, warned on, or denied a proposed action.

Tokenmaxxing backlash

Long-context agents are expensive when they repeatedly reload irrelevant history. ThumbGate keeps paid value above the free wedge with recall, search, context gating, and proof exports instead of dumping everything into every prompt.

Production code by AI

When teams claim most new production code is AI-authored, the real enterprise question becomes auditability. ThumbGate can promote accepted recurring corrections into prevention rules and retain the local gate evidence available to reviewers.

Data-science posture: treat Pro checkout starts and workflow-intake submissions as intent, not revenue. Make conversion or traction claims only from authenticated billing and analytics telemetry; this page does not publish a current customer or revenue count.

Guide, Generate, Verify, Solve still needs an execution gate.

The market is converging on agentic development as a control loop, not a code-generation trick. The New Stack's May 2026 AC/DC framing names the core stages: Guide, Generate, Verify, and Solve. ThumbGate gives that loop a hard pre-action boundary so agent work is governed before it touches files, terminals, CI, payments, or production systems.

Guide

Rules, standards, past thumbs-downs, workflow boundaries, and approval policies are loaded as concrete operating context instead of vague prompt advice.

See how feedback becomes rules โ†’

Generate

Claude Code, Cursor, Codex, Gemini, Amp, Cline, OpenCode, and MCP-compatible agents keep generating plans, edits, and tool calls.

Open the agent setup guide โ†’

Verify

Pre-Action Checks can require inspection evidence, tests, CI, screenshots, API responses, or human approval for configured high-risk actions.

Read the AC/DC map โ†’

Solve

Accepted feedback can become local lessons and recurring failures can become rules. Pro operators can export DPO data and lesson bundles for separately reviewed reuse.

Explore the lessons โ†’
ThumbGate's role: the pre-action gate between generated intent and executed action.

Verification after a pull request is useful, but it is too late for force-pushes, destructive SQL, unsafe deploys, leaked secrets, and costly external API calls. ThumbGate checks the action before it runs, then feeds the result back into the next Guide and Solve cycle.

terminal โ€” local setup
# Install the local CLI
npx thumbgate init
 
# Your agent tries to delete production db...
โš ๏ธ Check flagged: "Never run DROP on production tables" # blocks under strict mode
# Rule promoted from accepted recurring feedback
 
# Matching warning-mode checks deny when strict mode is enabled.

Install the local runtime, capture concrete feedback, and inspect the resulting lessons and checks.

Native thumbs are a black box. ThumbGate is the inspectable control layer.

Codex, Claude Code, ChatGPT, and other agent surfaces can collect preference signals, but you usually cannot see exactly what changed, which rule will fire, or why a future tool call is allowed. ThumbGate keeps the prevention layer outside the model: accepted typed feedback becomes a local lesson, recurring failures can become explicit rules, and gate results expose the matched check and decision reason available at evaluation time.

Black-box memory

Native thumbs and vendor memories may improve future behavior, but they do not provide ThumbGate's explicit local allow, warn, or deny contract at the moment a configured agent touches files, terminals, APIs, or CI.

Inspectable ThumbGate memory

Lessons live in your ThumbGate store, can be searched, exported as JSONL or DPO pairs, and traced back to the exact correction that created the rule.

Rules before execution

The final decision is not another model opinion. ThumbGate checks tool name, arguments, working directory, command shape, confidence, and required evidence before the action runs.

Why this matters now

  • Agent security is now mainstream risk. Coding agents run shell commands, write files, query databases, and chain actions with developer permissions, so unattended autonomy needs a local policy boundary.
  • MCP adoption is accelerating. More tools are becoming agent-callable through shared protocols, which means one cross-agent governance layer beats one-off prompt rules per app.
  • Managed-agent output needs audit evidence. Background agents, subagents, and workflow runners can ship more work, but buyers need receipts for what was blocked, approved, and verified.
  • Repeated failures waste cash and trust. Repeats can burn tokens, review time, and release confidence. ThumbGate can promote accepted recurring feedback into a reusable prevention check.

Sources to verify the market timing: Docker on AI coding agent security risks, TechRadar on enterprise agent security pressure, and current MCP adoption coverage.

See the footer before you ship the next repeat.

Claude renders the live ThumbGate footer now. npx thumbgate init --agent codex installs the same Codex hook bundle and writes the ThumbGate statusLine target so you can test it on your local Codex build immediately.

Claude Code terminal footer showing ThumbGate version, plan, thumbs up and thumbs down counts, dashboard, lessons, and latest mistake.
Claude live footer with ThumbGate stats, links, and the latest mistake summary.
OpenAI Codex terminal footer on the published ThumbGate test lane.
Codex test lane after the published ThumbGate install path writes PreToolUse, UserPromptSubmit, PostToolUse, SessionStart, and the statusLine target.

Configure ThumbGate for Claude Code or Claude Desktop.

ThumbGate ships a published Claude Desktop extension bundle (.mcpb) you can install today. Claude Code users can also add the repo marketplace plugin immediately. No waiting for directory approval.

1. Install for Claude Code

Run npx thumbgate init --agent claude-code or add via claude mcp add thumbgate -- npx --yes --package thumbgate thumbgate serve

2. Or install the Claude Extension

Download the .mcpb bundle for Claude Desktop, or use the repo marketplace: /plugin marketplace add IgorGanapolsky/ThumbGate

3. Give feedback, checks auto-generate

Type a concrete thumbs down when Claude makes a mistake. Accepted feedback can distill a lesson from up to 8 prior entries, and recurring failures can become rules evaluated by the configured PreToolUse hook. Detected secret exfiltration is denied by default; strict mode also denies matching warning-mode checks.

Download Claude Extension (.mcpb) Claude Desktop setup guide Claude plugin docs

Claude Code Skill: Type /thumbgate in any Claude Code session. Auto-triggers on โ€œcheckโ€, โ€œfeedbackโ€, โ€œblock mistakeโ€. Free skill on top of the same local gateway.

Use the GPT as a preflight desk for risky commands, refunds, deploys, and PR actions.

The live GPT is a ChatGPT entrypoint for preflighting a proposed action and finding setup guidance. It does not create a local execution boundary by itself. Local allow, warn, or deny decisions require npx thumbgate init plus the documented integration for the agent that executes the tool call.

1. Open the live GPT

Paste a proposed command, file edit, merge, deploy, refund, invoice, or API call and ask whether to allow, block, or checkpoint it.

2. Save the typed signal

Reply in chat with thumbs up: or thumbs down: plus one concrete sentence. Do not rely on ChatGPT's native rating buttons for ThumbGate memory.

3. Enforce locally

Run npx thumbgate init in the repo and configure the documented agent integration so Pre-Action Checks evaluate proposed tool calls before execution. The default policy denies detected secret exfiltration plus commands that kill the gate process or enable its bypass variable.

Open ThumbGate GPT ChatGPT Actions setup Why ChatGPT ads need checks

Find it fast: if the direct link does not open, go to Explore GPTs, search ThumbGate, and choose the GPT by Igor Ganapolsky in Programming. Plain English rule: ChatGPT is the discovery and checkpointing surface. Accepted typed feedback can become a local lesson; recurring failures can become rules. The Reliability Gateway still runs in the configured local agent or CI lane.

One gateway across the agent surfaces you already use

๐Ÿงฉ Claude Desktop Extension

Install the published Claude Desktop plugin .mcpb bundle today. Claude Code users can add the repo marketplace immediately with /plugin marketplace add. No waiting for directory approval.

Download .mcpb bundle โ†’

โšก Claude Code Skill

Type /thumbgate in any Claude Code session. Auto-triggers on "check", "feedback", "block mistake". Free skill on top of the same local gateway teams later harden into a shared workflow.

Read the Claude Code guide โ†’

๐Ÿค– AI CLIs

Claude Code, Codex, Gemini CLI, Amp, and OpenCode can use the same gateway and memory model after their documented integration is configured. Other MCP-compatible agents require an equivalent MCP or hook setup.

Open the setup guide โ†’

โ˜ค Hermes Agent guardrails

Hermes-style agents bring persistent memory, generated skills, messaging gateways, scheduled automations, and sandboxed execution. ThumbGate adds the safer self-evolution loop: propose rule and skill changes from failures, then gate them with evidence before anything overwrites stable instructions or repeats an expensive action.

Read the Hermes guardrails guide โ†’

vLLM serving guardrails

vLLM makes self-hosted inference cheaper and faster with PagedAttention, continuous batching, chunked prefill, prefix caching, and optimized kernels. ThumbGate gates the routing change with latency, cache-isolation, benchmark, and rollback proof before agent traffic moves.

Read the vLLM guardrails guide โ†’

Context and tool governance

Long-running agents need cleaner working context, approved model routes, isolated execution, tool lockdown, direct pushback, and evidence before high-risk actions. ThumbGate turns those controls into local pre-action gates.

Read the context governance guide โ†’

โ˜๏ธ Google Data Agent Kit

When database and IAM operations are exposed as agent tool calls, ThumbGate can evaluate configured patterns such as production DROP, unscoped DELETE, or IAM escalation before execution. The resulting action depends on the matched rule and enforcement mode.

Read the GCP guardrails guide โ†’

๐Ÿงฉ Codex plugin

Codex gets a standalone ThumbGate plugin bundle, a repo-local plugin profile, and the same auto-updating MCP launcher. The runtime resolves thumbgate@latest when Codex starts, so npm fixes reach active installs. The install page includes the zip, MCP config, and verification path in one place.

Open the Codex install page โ†’

๐ŸŽฏ Cursor integration

Run npx thumbgate init --agent cursor or configure .cursor/mcp.json through the documented setup path. The npm runtime path is separate from any in-app Marketplace listing.

Read the Cursor guide โ†’

โœ๏ธ Editor workflows

VS Code can host an MCP-compatible agent such as Continue or Cline. Each editor or agent still requires its MCP stdio or hook configuration; this repo does not ship a standalone VS Code extension.

Open the setup guide โ†’

๐Ÿ—‚๏ธ MCP Server Directory

ThumbGate is listed on mcp.so so MCP-compatible clients can verify the package, copy the npx config, and confirm they are installing the real Pre-Action Checks server.

View on mcp.so โ†’

๐Ÿ’ฌ ChatGPT GPT Actions

Open the ThumbGate GPT to preflight risky commands, deploys, refunds, PR actions, and setup steps. Local allow, warn, or deny enforcement for coding agents requires npx thumbgate init plus the documented integration setup.

Open ThumbGate GPT โ†’

See the enforcement before you buy anything

๐Ÿ” Live Dashboard Demo

Search lessons, inspect checks, mark a review checkpoint, and see only what changed since the last pass. No signup or install required.

Open Dashboard Demo โ†’

โ›” Check Decisions

Inspect the matched gate, allow/warn/deny decision, and reason returned by the local evaluator.

๐Ÿ“Š Local Reports

Generate local dashboard and report views from the operator's available gate and feedback data. A hosted org dashboard is not generally available.

๐Ÿงฑ Isolated Execution Lanes

Workflow Sentinel can recommend Docker Sandboxes for high-risk local actions. The package includes a signed sandbox-dispatch mechanism, but each deployment must configure and verify its isolation boundary.

Data Processing Boundaries

Local enforcement data stays in the operator's ThumbGate feedback directory by default. Checkout, intake, newsletter, and product analytics are separate hosted processing surfaces. Hosted team lesson sync is not generally available.

๐Ÿงช Thompson Sampling

Confidence tiers (none/low/medium/high) are available inputs to adaptive rule selection; they do not guarantee a correct decision.

๐Ÿชž History-Aware Lessons

When the current Claude auto-capture hook only gets a vague thumbs-down, ThumbGate can reuse up to 8 prior recorded entries plus the failed tool call, then keep a linked 60-second feedback session open for later corrections instead of creating a dead-end note.

Logs describe the damage. ThumbGate evaluates the proposed action before it runs.

Self-governance is an operator writing local rules and keeping local logs. ThumbGate starts there, then evaluates configured checks as an allow, warn, or deny decision before the tool call touches code, data, money, or customers.

Pre-action enforcement

The rule is evaluated at the execution boundary, not after the fact. Matching failures are evaluated before configured shell commands, PR actions, deploys, refunds, or production writes run. Detected secret exfiltration and gate kill/bypass commands deny by default; strict mode also denies matching warning-mode checks.

Reviewable decision trail

Gate records expose the fields available for that evaluation, including its decision, matched gate, reason, and provided context, so reviewers can inspect local evidence instead of trusting an agent summary.

Enterprise governance mode

Enterprise is intake-first and scoped around one workflow's approval boundaries, rollback plan, evidence requirements, and rollout support. Hosted team sync, org dashboards, SSO, SIEM, and compliance packaging are not general-availability runtime features.

Enforcement is the missing layer in AI orchestration.

Big orchestration suites unify data, routes, and decisions. ThumbGate sits closer to the moment of execution: the point where an agent is about to run a shell command, ship a PR, approve a release, or repeat a mistake you already corrected. That is where workflow trust is won or lost.

Broad orchestration platforms

Good at customer journeys, routing, and cross-system context. Weak when you need a coding agent or automation to stop before a destructive or low-trust action actually runs.

ThumbGate

Turns accepted operator feedback into local lessons and recurring failures into Pre-Action Checks. Supported agent integrations evaluate matching rules at the tool-call boundary. Detected secret exfiltration and gate kill/bypass commands deny by default; strict mode also denies matching warning-mode checks.

The stack that makes sense

Use orchestration to decide what should happen next. Use ThumbGate to decide what is allowed to execute. That is the control layer enterprises actually need once agents touch repos, terminals, CI, or production workflows.

Compare orchestration vs enforcement โ†’ AI deployment readiness โ†’ Platform team rollout โ†’ Regulated workflow pattern โ†’ Built for the Agent Manager โ†’
Compare ThumbGate with other agent-safety approaches
Browse the guide library Claude Code hooks Arcjet Bumblebee Claude Containment SpecLock Mem0 Fallow Compare all → Pre-action checks Agent harness optimization Code graph guardrails Developer machine supply chain Proxy pointer RAG RAG precision tuning Internal AI engineering stack SEO agent skills Claude Code skills Long-running agent context Reasoning compression AI deployment readiness Browser automation safety Native messaging host security AI search topical presence Agentic web governance Stop agents breaking production Relational knowledge Claude Code feedback Autoresearch safety

Stop self-improving coding loops from hacking the benchmark.

Autoresearch loops run experiments, inspect metrics, and accept better variants. ThumbGate gives those loops a Reliability Gateway: Pre-Action Checks for skipped holdout tests, fake proof, reward hacking, unsafe edits, and promotion without verification evidence.

Guard the metric

Require primary and holdout checks before an agent can call a variant better. Flag cherry-picked runs and missing baselines, then configure strict enforcement where a deny is required.

Preserve proof trails

Promotion needs commands, logs, changed files, and verification evidence so the win survives review instead of becoming a vague claim.

Ship into CI

Start with templates for npm test, Playwright duration, bundle size, lint, and CI failures, then add shared workflow checks for team-owned releases.

Reusable instructions are the new baseline. Enforcement is the moat.

Persistent agent skills create reusable instructions. ThumbGate adds a governed reliability layer: capture accepted feedback, export local lessons where the plan permits it, and inspect how a configured pre-action gate evaluated the next matching tool call before execution.

Portable skill memory

Accepted lessons can supply reusable rule and skill-pack context. Moving that context between supported agents requires an explicit operator-managed export/import or a shared local install scope.

Instructions plus teeth

Persistent skills tell an agent what you prefer. ThumbGate evaluates configured checks against the next proposed action and returns allow, warn, or deny before execution.

Proof for teams

Local gate results expose the matched rule and available decision context so operators can review what fired instead of relying only on hidden chatbot memory.

Three steps to catch repeated AI failures

Self-improving โ€” but for safety, not capability: human-in-the-loop accepted feedback becomes local lessons, recurring failures can become prevention rules, and regression tests help detect false-positive rule matches.

1

Feedback

Give ๐Ÿ‘ or a concrete ๐Ÿ‘Ž on your AI agent's actions. Accepted feedback is stored in a local SQLite+FTS5 lesson DB. In the current Claude auto-capture hook, a vague thumbs-down can distill from up to 8 prior recorded entries and the failed tool call before promotion, then stay linked to a 60-second feedback session. Recurring accepted failures can auto-promote into a prevention rule.

2

Distill + Rules

Repeated failures auto-promote into prevention rules. Thompson Sampling adapts which rules fire, and the reflector lane can propose a reusable rule from the same transcript so high-risk patterns get stricter enforcement while low-risk ones stay relaxed.

3

Checks

Rules become Pre-Action Checks that evaluate proposed tool calls before execution. Detected secret exfiltration and gate kill/bypass commands deny by default; matching force-push, destructive-delete, fetch-and-run, or learned checks warn unless strict enforcement turns them into denies.

Configured checks evaluate proposed tool calls before execution.

Don't trust โ€” verify

Gate results report the decision, matched gate, and available reason or evidence context.

Real tools, not wishes

Configured checks run at the tool-call boundary. Detected secret exfiltration and gate kill/bypass commands deny by default; set THUMBGATE_STRICT_ENFORCEMENT=1 to deny matching warning-mode checks.

Force models to show work

Decision reasons and Thompson Sampling confidence tiers are available where the evaluator produces them.

Review decisions and recurring failures

Recurring accepted failures can auto-promote to checks. Pro includes a personal local dashboard; a hosted org dashboard is not generally available.

Keep risky runs off the host

When Workflow Sentinel predicts a risky local action, ThumbGate can recommend Docker Sandboxes before the agent touches the host filesystem or broader credentials.

Ship with versioned proof

Changesets, SemVer, sync checks, and verification evidence make new package releases inspectable before a buyer trusts the next rollout.

terminal
# Install the local CLI
npx thumbgate init
 
# Your agent tries to delete production db...
โš ๏ธ Check flagged: "Never run DROP on production tables" # blocks under strict mode
# Rule promoted from accepted recurring feedback
 
# Works with your existing setup
npx thumbgate init # bootstraps .thumbgate and .mcp.json
# Use repo guides for Claude plugin, Codex app plugin, Cursor plugin, and OpenCode profiles

Install for Your Agent

Claude Code

npx thumbgate init --agent claude-code

Wires PreToolUse hooks automatically

Cursor

npx thumbgate init --agent cursor

4 skills: feedback, rules, search, recall

Codex

npx thumbgate init --agent codex

6 skills including adversarial review

Gemini CLI

npx thumbgate init --agent gemini

Gemini CLI integration

Amp

npx thumbgate init --agent amp

Amp agent integration

Any MCP Client

npx thumbgate serve

MCP stdio server for any compatible client

Claude Desktop

Add to your claude_desktop_config.json:

{
  "mcpServers": {
    "thumbgate": {
      "command": "npx",
      "args": ["--yes", "--package", "thumbgate", "thumbgate", "serve"]
    }
  }
}

Official directory review is separate. Claude Code users can install immediately with /plugin marketplace add IgorGanapolsky/ThumbGate and /plugin install thumbgate@thumbgate-marketplace.

Stop paying for agent mistakes you already fixed.

Free
$0 forever
Pro
$19/mo or $149/yr
Enterprise
Custom โ€” scoped after intake
Local PreToolUse enforcement (configured integrations)โœ…โœ…Scoped after intake
Feedback captures2/day (10 total)UnlimitedScoped after intake
Active auto-promoted prevention rules3UnlimitedScoped after intake
Lesson recall + search across sessionsโ€”โœ…Scoped after intake
Personal dashboard + DPO exportโ€”โœ…Scoped after intake
Hosted team lesson syncโ€”โ€”Not GA
Hosted org dashboardโ€”โ€”Not GA
Approval boundaries + rollout designโ€”โ€”Scoped after intake
SSO, SIEM + compliance packagingโ€”โ€”Not GA
Best forOne developerSolo operatorsTeams & regulated orgs
Free
$0
Catch repeated mistakes daily. Forever free for solo devs.

2 captures/day, 3 active rules. Enough to see the value โ€” upgrade when you need more.

  • 2 feedback captures/day โ€” 10 total on Free, then Pro for unlimited
  • Up to 3 active auto-promoted prevention rules
  • No recall or lesson search
  • No exports (DPO, Databricks, HuggingFace)
  • All MCP integrations (Claude Code, Cursor, Codex, Gemini, Amp, any MCP agent)
  • PreToolUse hook with built-in safety checks โ€” hard-blocks secret exfiltration by default; warns on rm -rf, force-push, and destructive SQL (blocks them under THUMBGATE_STRICT_ENFORCEMENT=1)
  • Setup guide for all agents โ†’
$ npx thumbgate init click to copy
Install Free
Pro
$19/mo
Individual local governance with higher limits. The free CLI runs configured gates locally. Pro removes the individual caps and adds the personal dashboard, recall, search, and exports. Hosted team lesson sync is not generally available.
  • Higher local limits โ€” unlimited feedback captures and active auto-promoted prevention rules (Free caps at 3 active rules)
  • Recall and search accepted lessons across sessions in the configured local scope
  • Inspect which check fired โ€” personal visual check debugger for available local gate history
  • Use supported integrations โ€” configure Claude Code, Cursor, Codex, Gemini, Amp, Cline, or OpenCode through its documented setup path
  • Export training data โ€” DPO preference-pair export for a separate fine-tuning workflow
  • Review local enforcement evidence โ€” personal dashboard for the individual operator with available gate history
  • Prepare model-hardening data โ€” Model Hardening Advisor plus HuggingFace dataset export for a separate training and evaluation workflow
  • Hand a PR with proof โ€” review-ready workflow support and exportable lesson bundles
  • Hand off without re-onboarding โ€” Lesson export/import for handoff or migration
What your Pro dashboard looks like
checks: local gate history
feedback: unlimited
exports: DPO + lessons
PAY-NOW PRO
Upgrade to Pro โ€” $19/mo

Billed today ยท cancel anytime.

Compare plans at a glance
Capability Free Pro Enterprise
Best for One developer evaluating local checks One operator who wants personal recall, dashboard proof, managed adapters, and exports Teams & regulated organizations scoping one governed workflow
Price $0 $19/mo or $149/yr Custom โ€” scoped after intake
Feedback captures 2/day, 10 total Unlimited Scoped after intake; hosted team sync is not GA
Active prevention rules 3 active rules Unlimited personal rules Approval boundaries and rollout requirements scoped after intake
Dashboard and proof Local CLI evidence Personal dashboard, check debugger, DPO/HF exports Hosted org dashboard, SIEM, and compliance packaging are not GA
How to start npx thumbgate init Self-serve Stripe checkout Send one repeated workflow failure first โ€” intake before checkout

Free provides capped local evaluation. Pro removes individual limits and adds recall, search, a personal dashboard, and exports. Enterprise starts through intake to scope one workflow; it does not imply generally available hosted team features.

Enterprise
Engineering teams ยท Banking ยท Insurance ยท Healthcare ยท Public sector
Scope one governed workflow โ€” custom pricing after intake
Enterprise is an intake-led service path for teams that need to define approval boundaries, rollback plans, evidence requirements, and rollout ownership around one workflow. The current public runtime remains local per configured operator; hosted team lesson sync and a hosted org dashboard are not generally available.
  • One-workflow discovery โ€” identify the repeated failure, runtime, owner, and decision boundary
  • Approval and rollback design โ€” document who can approve, what evidence is required, and how the workflow recovers
  • Verification plan โ€” define the local tests and proof required before a wider rollout claim
  • Deployment requirements โ€” capture data-boundary, identity, hosting, and integration constraints before making delivery commitments
  • Current availability boundary โ€” hosted team sync, a hosted org dashboard, SSO, SIEM, and compliance packaging are not general-availability features
Start enterprise intake โ†’ Read the build-vs-buy thesis first

Pricing and deliverables are scoped after intake; no hosted-team capability is promised before verification.

Start the AI Agent Governance Sprint with one repeat failure

Start with one repo, one workflow owner, and one repeated failure. The intake scopes the evidence needed to determine whether ThumbGate fits that action boundary before any wider rollout claim.

Tell us the workflow. Get a proof plan.

The highest-fit Enterprise buyer is already feeling one repeated failure in a workflow where mistakes have real consequences. Send the workflow first so the next step is scoped around the real blocker instead of a blind checkout.

Scope-first intake
Enterprise checkout happens after scope. Send the workflow first. We will qualify the blocker, confirm whether Pro or a scoped Enterprise rollout is the right next step, and keep the purchase path tied to real evidence.
Send workflow first

Common questions

Does ThumbGate support model fine-tuning?
ThumbGate Pro includes a Model Hardening Advisor plus LoRA JSONL and DPO preference-pair exports for use in a separate fine-tuning workflow. An export does not guarantee that a trained model will avoid a mistake; that outcome depends on the dataset, training process, model, and evaluation.
ThumbGate's runtime keeps lessons and rules outside the model. A configured hook evaluates proposed tool calls before execution. Detected secret exfiltration plus commands that kill the gate process or enable its bypass variable deny by default; matching destructive deletes, force-pushes, and fetch-and-run commands warn by default. Strict mode (THUMBGATE_STRICT_ENFORCEMENT=1) turns matching warning-mode checks into denies.
Persistent agent skills are reusable instructions. ThumbGate adds a local enforcement loop: accepted feedback becomes lessons, recurring failures can become rules, and configured Pre-Action Checks return allow, warn, or deny before tool execution. Pro adds a personal dashboard and operator-managed exports; hosted team sync and a hosted org dashboard are not generally available.
SQLite+FTS5 lesson DB for fast full-text search. MemAlign-inspired dual recall (principle-based rules + episodic context). Thompson Sampling for adaptive check sensitivity per failure domain. LanceDB + Apache Arrow for local vector search with Hugging Face embeddings. ContextFS for context assembly. Bayesian belief updates on each memory. Configured PreToolUse hooks evaluate known-bad actions before execution; detected secret exfiltration and gate kill/bypass commands deny by default, while strict mode also denies matching warning-mode checks. The local path requires no cloud account.
ThumbGate includes documented integration paths for Claude Code, Cursor, Codex, Gemini CLI, Amp, Cline, and OpenCode. Each agent must be configured through its hook or MCP setup; MCP compatibility alone does not install enforcement automatically. The Cursor runtime setup is npx thumbgate init --agent cursor, while the in-app Marketplace listing remains separate. VS Code can host an MCP-compatible agent, but this repo does not ship a standalone VS Code extension.
No. The ThumbGate GPT is a ChatGPT entrypoint for checking proposed actions and getting setup help. Local allow, warn, or deny enforcement runs where the coding agent executes and requires npx thumbgate init plus the documented integration setup.
Start with the setup guide if you only need the local path. Choose Pro when an individual operator wants higher limits, personal recall, a local dashboard, DPO export, and operator-managed lesson bundles. Choose the Workflow Hardening Sprint when one workflow owner needs to scope approval boundaries, rollback safety, and evidence requirements before a wider rollout claim.
ThumbGate combines pre-action checks with execution guidance. Workflow Sentinel can recommend Docker Sandboxes for risky local actions. The package also contains a signed sandbox-dispatch mechanism, but each deployment must configure and verify that isolation boundary; it is not hosted team lesson sync or a generally available hosted org service.
ThumbGate does not rely on vibes, making it the safety net for vibe coding. Release-relevant PRs need a Changeset, SemVer rules keep version bumps honest, sync checks keep manifests aligned, proof lanes run before merge, and the exact main-branch merge commit is verified before the work is called done.
No. Free keeps local enforcement on your machine with 2 feedback captures/day, up to 3 active auto-promoted prevention rules, and built-in checks. Recall, lesson search, unlimited rules and captures, a personal dashboard, and operator-managed exports open up on Pro. Enterprise is custom and scoped after intake around one workflow. Hosted team lesson sync and a hosted org dashboard are not general-availability runtime features.
For the current Claude auto-capture hook, ThumbGate can reuse up to 8 prior recorded entries and the failed tool call for a vague thumbs-down, then keep a linked 60-second feedback session open for later clarification. The timer resets when more context arrives, so the lesson stays attached to one feedback record instead of fragmenting into duplicates.
Prompt rules are a starting point, not a finish line. ThumbGate adds a human-feedback loop plus configured Pre-Action Checks at the tool-call boundary. The default policy denies detected secret exfiltration and gate kill/bypass commands while other matching high-risk checks warn; strict mode also denies matching warning-mode checks.
Agentic development is not just generation. Teams need Guide, Generate, Verify, and Solve working as a repeatable loop. ThumbGate can serve as the pre-action execution gate: guidance and accepted feedback can become rules, generated tool calls are evaluated before execution, rules can require verification evidence, and recurring solved failures can become reusable prevention gates.
Pro is $19/mo or $149/yr for individual operators and bills through Stripe. Enterprise is custom pricing, scoped after intake around one workflow's approval boundaries, rollback plan, evidence requirements, and rollout support. Hosted team features are not implied by intake.
The package ships a npx thumbgate setup-vertex setup helper for operators who choose the optional Vertex adapter. Whether evaluations stay within a particular VPC depends on the operator's Google Cloud configuration and must be verified in that deployment. Dialogflow CX governance is an intake-scoped integration requirement, not a generally available hosted deployment claim.
FrontierBudget provides a local client-side token ledger and configurable routing or cost-containment limits. Reported token savings are estimates based on configured assumptions, not provider-billing measurements or a spend guarantee; verify actual costs in the provider's billing telemetry.

Get notified when we ship new checks and integrations.

Join the mailing list for new check patterns, agent integration updates, and product news. If you later choose Pro, we keep checkout prefilled on this device.

Stop the same mistake before it runs again.

Install the local CLI without a credit card or account, then configure the integration for your agent.

$ npx thumbgate init click to copy
Install Free CLI
Install Claude Extension Upgrade to Pro โ€” $19/mo Start Workflow Hardening Sprint
Pro unlocks recall, proof, exports โ€” free CLI is capped at 2 captures/day
$ npx thumbgate init copy
Go Pro โ€” $19/mo