thumbgate
v1.3.0
Published
ThumbGate — Make your AI coding agent self-improving. Every mistake becomes a prevention rule that physically blocks the agent from repeating it. Feedback-driven enforcement via PreToolUse hooks, Thompson Sampling for adaptive gates, SQLite+FTS5 lesson DB
Maintainers
igorganapolskyKeywords
Readme
ThumbGate
Make your AI coding agent self-improving. ThumbGate turns thumbs-up and thumbs-down into a learned control plane for autonomous development: pre-action gates, a trained intervention policy, workflow governance, and isolated execution guidance for high-risk runs.
Workflow Hardening Sprint · Pro Page · Live Dashboard · Setup Guide
Popular buyer questions: How to stop repeated AI agent mistakes · Cursor guardrails · Codex CLI guardrails · Gemini CLI memory + enforcement
Get Started
Best first paid motion for teams: the Workflow Hardening Sprint.
One workflow. One owner. One proof review. That is the fastest path to a paid team engagement because it qualifies a real blocker before anyone tries to sell a full rollout.
Self-serve for individual operators: ThumbGate Pro is the paid lane for the personal local dashboard, DPO export, and review-ready evidence.
Free stays for individual developers. Pro is $19/mo or $149/yr for solo operators. Team pricing anchors at $12/seat/mo with a 3-seat minimum, but the public Team path remains intake-first through the sprint. See pricing →
Paid path for individual operators: ThumbGate Pro is the buyer-ready page for the personal local dashboard, DPO export, and review-ready evidence. It makes the paid upgrade legible before checkout while the self-hosted path below stays optimized for open source evaluation.
Open Source (Self-Hosted):
npx thumbgate initEnterprise Story
ThumbGate is the control plane for AI coding agents:
- Feedback becomes enforcement, so repeated failures stop at the gate instead of reappearing in review.
- Workflow Sentinel scores blast radius before execution, so risky PR, release, and publish flows are visible early.
- High-risk local actions can be routed into Docker Sandboxes, while hosted team automations use a signed isolated sandbox lane.
- Team rollout stays tied to Verification Evidence instead of trust-me operator claims.
Release Confidence
Enterprise buyers do not just need a safer runtime. They need legible publishes.
- Release-relevant PRs must carry a
.changeset/*.mdentry, so every shipped package version has a customer-readable explanation before publish. - SemVer Policy and version-sync checks keep
package.json,CHANGELOG.md, plugin manifests, and installer metadata aligned. - CI enforces changeset coverage, version sync, tests, coverage, proof lanes, and operational integrity before merge.
- Final close-out requires verifying the exact
mainmerge commit, with proof anchored in Verification Evidence.
See Release Confidence for the full trust chain.
Before / After
WITHOUT THUMBGATE WITH THUMBGATE
Session 1: Session 1:
Agent force-pushes to main. Agent force-pushes to main.
You correct it. You 👎 it.
Session 2: Session 2:
Agent force-pushes again. ⛔ Gate blocks force-push.
It learned nothing. Agent uses safe push instead.
Session 3: Session 3+:
Same mistake. Again. Permanently fixed.How It Works
YOU THUMBGATE YOUR AGENT
│ │ │
│ 👎 "broke prod" │ │
├───────────────────────►│ │
│ │ distill + validate │
│ │ ┌─────────────────┐ │
│ │ │ lesson + rule │ │
│ │ │ created │ │
│ │ └─────────────────┘ │
│ │ │
│ │ PreToolUse hook fires │
│ │◄───────────────────────────┤ tries same mistake
│ │ ⛔ BLOCKED │
│ ├───────────────────────────►│ forced to try safe path
│ │ │
│ 👍 "good fix" │ │
├───────────────────────►│ │
│ │ reinforced ✅ │
│ │ │The Loop
┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐
│ Capture │────►│ Distill │────►│ Remember │────►│ Rule │────►│ Gate │
│ 👍 / 👎 │ │ history- │ │ SQLite + │ │ auto-gen │ │ PreTool │
│ │ │ aware │ │ FTS5 DB │ │ from │ │ Use hook │
│ │ │ │ │ │ │ failures │ │ enforces │
└──────────┘ └──────────┘ └──────────┘ └──────────┘ └──────────┘Quick Start (Self-Hosted)
npx thumbgate init # auto-detect agent + wire hooks
npx thumbgate doctor # health check
npx thumbgate lessons # inspect learned lessons
npx thumbgate dashboard # local dashboardOr wire MCP directly: claude mcp add thumbgate -- npx -y thumbgate serve
Works with Claude Code, Cursor, Codex, Gemini, Amp, OpenCode, and any MCP-compatible agent.
Need shared enforcement, auditability, and rollout proof for a team workflow? Start with the Workflow Hardening Sprint →
Need a personal dashboard and DPO export for yourself? See ThumbGate Pro →
Built-in Gates
┌─────────────────────────────────────────────────────────┐
│ ENFORCEMENT LAYER │
│ │
│ ⛔ force-push → blocks git push --force │
│ ⛔ protected-branch → blocks direct push to main │
│ ⛔ unresolved-threads → blocks push with open reviews │
│ ⛔ package-lock-reset → blocks destructive lock edits │
│ ⛔ env-file-edit → blocks .env secret exposure │
│ │
│ + custom gates in config/gates/custom.json │
└─────────────────────────────────────────────────────────┘Feedback Sessions
👎 thumbs down
└─► open_feedback_session
└─► "you lied about deployment" (append_feedback_context)
└─► "tests were actually failing" (append_feedback_context)
└─► finalize_feedback_session
└─► lesson inferred from full conversationHistory-aware distillation turns vague negative signals into concrete lessons. In the current Claude auto-capture path, ThumbGate can reuse up to 8 prior recorded conversation entries plus the failed tool call, then keep a linked 60-second follow-up session open for later clarification.
Free and self-hosted users can invoke search_lessons directly through MCP, and via the CLI with npx thumbgate lessons.
Pricing
┌──────────────┬──────────────────────┬──────────────────────────────┐
│ FREE │ PRO $19/mo or $149/yr│ TEAM $12/seat/mo (min 3) │
├──────────────┼──────────────────────┼──────────────────────────────┤
│ Unlimited │ Unlimited feedback │ Shared hosted lesson DB │
│ feedback │ captures + search │ Org dashboard │
│ captures │ DPO export │ Gate template library │
│ 3 captures │ Personal dashboard │ Isolated execution guidance │
│ 5 lesson │ │ │
│ searches/day │ │ │
└──────────────┴────────────────────┴──────────────────────────────┘Free includes 3 daily feedback captures, 5 daily lesson searches, unlimited recall, and gating. History-aware distillation turns vague feedback into concrete lessons, and feedback sessions (open_feedback_session → append_feedback_context → finalize_feedback_session) keep later clarification linked to one record. The current Claude auto-capture path uses up to 8 prior recorded entries for vague thumbs-down signals; the follow-up session stays open for 60 seconds and resets when more context is appended.
It does not update model weights in frontier LLMs. ThumbGate improves runtime behavior by training a local sidecar intervention policy from feedback, gate audits, and diagnostics, then using that policy to strengthen recall, verification, and enforcement decisions on future runs.
The fastest commercial path is not a generic self-serve subscription pitch. It is the Workflow Hardening Sprint: qualify one repeated failure in one valuable workflow, prove the control plane on that surface, then expand into Team seats when shared enforcement matters.
Start Workflow Hardening Sprint | Get Pro | Live Dashboard
Tech Stack
┌─────────────────────────────────────────────────────────┐
│ STORAGE │ INTELLIGENCE │ ENFORCEMENT │
│ │ │ │
│ SQLite + FTS5 │ MemAlign dual │ PreToolUse │
│ LanceDB vectors │ recall │ hook engine │
│ JSONL logs │ Thompson Sampling│ Gates config │
│ ContextFS │ │ Hook wiring │
├───────────────────┼───────────────────┼──────────────────┤
│ INTERFACES │ BILLING │ EXECUTION │
│ │ │ │
│ MCP stdio │ Stripe │ Railway │
│ HTTP API │ │ Cloudflare │
│ CLI │ │ Workers │
│ Node.js >=18 │ │ Docker │
│ │ │ Sandboxes │
└───────────────────┴───────────────────┴──────────────────┘Docs
- Commercial Truth — pricing, claims, what we don't say
- Changeset Strategy — how release notes, version bumps, and customer-facing change records are enforced
- First Dollar Playbook — the operator loop for turning one painful workflow into the next booked pilot
- Release Confidence — how Changesets, SemVer, sync checks, proof lanes, and exact-merge verification make publishes inspectable
- SemVer Policy — stable vs prerelease channel rules
- Verification Evidence — proof artifacts
- WORKFLOW.md — agent-run contract (scope, hard stops, proof commands)
- ready-for-agent issue template — intake for agent tasks
Pro overlay: thumbgate-pro — separate repo/package inheriting from this base.
License
MIT. See LICENSE.