Add ThumbGate to Hooks and Guardrails

[IgorGanapolsky]

Adds ThumbGate to Hooks and Guardrails.

What it is: a local-first, MIT PreToolUse firewall for AI coding agents (Claude Code, Cursor, Codex, Gemini). It enforces at the tool-call boundary — blocking destructive shell, secret writes, and off-scope edits before execution — and auto-promotes thumbs-down feedback into persistent prevention rules enforced in later sessions.

Fit vs. inclusion criteria:

• Relevant — runtime security enforcement for Claude Code via PreToolUse hooks.
• Practically useful — prevents destructive agent actions and repeat mistakes.
• Technical depth — a deterministic gate engine + cross-session rule persistence, not a prompt nudge.
• Current — actively developed, MIT.

Validate: npx thumbgate init in a test repo, then prompt the agent to run rm -rf outside the working dir or write to .env — the action is blocked at the boundary with the triggering rule shown. Runs on-device.

Repo: https://github.com/IgorGanapolsky/ThumbGate

Security disclosure (network): the local gate engine runs on your machine, but the CLI sends anonymous usage telemetry by default to thumbgate-production.up.railway.app (no code or file contents). Opt out with THUMBGATE_NO_TELEMETRY=1 or DO_NOT_TRACK=1. Optional Pro features (hosted rule sync / dashboard) make additional opt-in network calls; the free firewall does not require them.

[IgorGanapolsky]

Friendly bump 🙂 Happy to tweak the formatting or which section it lands in. ThumbGate fits the Hooks & Guardrails category — a local-first PreToolUse firewall that blocks dangerous agent tool calls (destructive shell, force-push, secret exfiltration) before they run, with no server in the path. Glad to adjust anything to match your guidelines. Thanks!