thumbgate 1.27.4 → 1.27.7

package/adapters/policy-engine/ethicore-guardian-client.js

@@ -0,0 +1,68 @@
+#!/usr/bin/env node
+'use strict';
+
+const DEFAULT_ENDPOINT = 'https://api.oraclestechnologies.com/v1/guardian/analyze';
+
+function requireApiKey(env = process.env) {
+  const key = env.ETHICORE_API_KEY || env.GUARDIAN_API_KEY || env.ORACLES_GUARDIAN_API_KEY;
+  if (!key) {
+    throw new Error('ETHICORE_API_KEY env var is required');
+  }
+  return key;
+}
+
+async function analyzeText(text, options = {}) {
+  if (!String(text || '').trim()) {
+    throw new Error('analyzeText requires text');
+  }
+
+  const env = options.env || process.env;
+  const endpoint = options.endpoint || env.ETHICORE_GUARDIAN_ENDPOINT || DEFAULT_ENDPOINT;
+  const apiKey = options.apiKey || requireApiKey(env);
+  const fetchImpl = options.fetch || fetch;
+
+  const response = await fetchImpl(endpoint, {
+    method: 'POST',
+    headers: {
+      Authorization: `Bearer ${apiKey}`,
+      'Content-Type': 'application/json',
+    },
+    body: JSON.stringify({ text }),
+  });
+
+  const bodyText = await response.text();
+  let body = bodyText;
+  try {
+    body = bodyText ? JSON.parse(bodyText) : {};
+  } catch {
+    // Keep non-JSON body for diagnostics.
+  }
+
+  if (!response.ok) {
+    throw new Error(`Ethicore Guardian API ${response.status}: ${typeof body === 'string' ? body : JSON.stringify(body)}`);
+  }
+
+  return body;
+}
+
+function createEthicorePolicyCheck(options = {}) {
+  return async function ethicorePolicyCheck(action = {}) {
+    const toolText = [
+      action.toolName,
+      action.actionType,
+      action.command,
+      action.path,
+      action.url,
+      action.input ? JSON.stringify(action.input) : '',
+    ].filter(Boolean).join('\n');
+
+    return analyzeText(toolText || JSON.stringify(action), options);
+  };
+}
+
+module.exports = {
+  DEFAULT_ENDPOINT,
+  analyzeText,
+  createEthicorePolicyCheck,
+  requireApiKey,
+};

package/adapters/policy-engine/thumbgate-policy-engine-adapter.js

@@ -0,0 +1,260 @@
+#!/usr/bin/env node
+'use strict';
+
+const { normalizeProviderAction } = require('../../scripts/provider-action-normalizer');
+
+const BLOCK_DECISIONS = new Set([
+  'block',
+  'blocked',
+  'deny',
+  'denied',
+  'disallow',
+  'disallowed',
+  'fail',
+  'failed',
+  'forbid',
+  'forbidden',
+  'reject',
+  'rejected',
+  'unsafe',
+  'violation',
+]);
+
+const REVIEW_DECISIONS = new Set([
+  'approval',
+  'approval-required',
+  'approval_required',
+  'approve',
+  'human-review',
+  'human_review',
+  'manual-review',
+  'manual_review',
+  'review',
+  'requires-approval',
+  'requires_approval',
+  'requires-review',
+  'requires_review',
+]);
+
+const ALLOW_DECISIONS = new Set([
+  'accept',
+  'accepted',
+  'allow',
+  'allowed',
+  'ok',
+  'pass',
+  'passed',
+  'permit',
+  'permitted',
+  'safe',
+]);
+
+function asObject(value) {
+  return value && typeof value === 'object' && !Array.isArray(value) ? value : {};
+}
+
+function asArray(value) {
+  return Array.isArray(value) ? value : [];
+}
+
+function firstString(...values) {
+  for (const value of values) {
+    const text = String(value || '').trim();
+    if (text) return text;
+  }
+  return '';
+}
+
+function normalizeDecisionToken(value) {
+  return String(value || '')
+    .trim()
+    .toLowerCase()
+    .replace(/\s+/g, '-');
+}
+
+function normalizeEvidence(value) {
+  const direct = asArray(value.evidence);
+  const citations = asArray(value.citations);
+  const violations = asArray(value.violations);
+  const reasons = asArray(value.reasons);
+  const reasoning = asArray(value.reasoning);
+  const threatTypes = asArray(value.threat_types || value.threatTypes)
+    .map((threatType) => ({
+      code: String(threatType || '').trim(),
+      message: `Threat type: ${String(threatType || '').trim()}`,
+      source: 'guardian',
+      severity: firstString(value.threat_level, value.threatLevel),
+    }));
+  return [...direct, ...citations, ...violations, ...reasons, ...reasoning, ...threatTypes]
+    .map((entry) => {
+      if (typeof entry === 'string') return { text: entry };
+      const object = asObject(entry);
+      if (!Object.keys(object).length) return null;
+      return {
+        id: firstString(object.id, object.ruleId, object.rule_id, object.code),
+        text: firstString(object.text, object.reason, object.message, object.description, object.title),
+        source: firstString(object.source, object.provider, object.policy),
+        severity: firstString(object.severity, object.level),
+        raw: object,
+      };
+    })
+    .filter(Boolean);
+}
+
+function extractPolicyDecision(input = {}) {
+  const event = asObject(input);
+  for (const candidate of [
+    event.policyDecision,
+    event.policy_decision,
+    event.guardrailResult,
+    event.guardrail_result,
+    event.result,
+  ]) {
+    const object = asObject(candidate);
+    if (Object.keys(object).length) return object;
+  }
+  return event;
+}
+
+function classifyPolicyDecision(input = {}) {
+  const value = extractPolicyDecision(input);
+  const token = normalizeDecisionToken(firstString(
+    value.decision,
+    value.action,
+    value.status,
+    value.result,
+    value.verdict,
+    value.outcome,
+    value.effect,
+    value.recommended_action,
+    value.recommendedAction,
+  ));
+
+  if (
+    value.allowed === false
+    || value.is_safe === false
+    || value.isSafe === false
+    || value.accepted === false
+    || value.blocked === true
+    || value.denied === true
+    || BLOCK_DECISIONS.has(token)
+  ) {
+    return 'block';
+  }
+  if (
+    value.requiresApproval === true
+    || value.requires_approval === true
+    || value.reviewRequired === true
+    || value.review_required === true
+    || REVIEW_DECISIONS.has(token)
+  ) {
+    return 'approval_required';
+  }
+  if (
+    value.allowed === true
+    || value.is_safe === true
+    || value.isSafe === true
+    || value.accepted === true
+    || ALLOW_DECISIONS.has(token)
+  ) {
+    return 'allow';
+  }
+  return 'unknown';
+}
+
+function normalizePolicyDecision(input = {}, options = {}) {
+  const value = extractPolicyDecision(input);
+  const decision = classifyPolicyDecision(value);
+  const source = firstString(
+    options.source,
+    value.source,
+    value.provider,
+    value.engine,
+    value.policyEngine,
+    value.policy_engine,
+    'policy-engine'
+  );
+  const reason = firstString(
+    value.reason,
+    value.message,
+    value.explanation,
+    value.summary,
+    asArray(value.reasoning).join('; '),
+    asArray(value.reasons).join('; '),
+    decision === 'unknown' ? 'Policy engine returned an unknown decision; approval required before execution.' : ''
+  );
+
+  return {
+    allowed: decision === 'allow',
+    blocked: decision === 'block',
+    approvalRequired: decision === 'approval_required' || decision === 'unknown',
+    decision,
+    reason,
+    source,
+    confidence: Number.isFinite(Number(value.confidence)) ? Number(value.confidence) : null,
+    policyId: firstString(value.policyId, value.policy_id, value.ruleId, value.rule_id, value.id),
+    severity: firstString(value.severity, value.level, value.threat_level, value.threatLevel),
+    score: Number.isFinite(Number(value.score))
+      ? Number(value.score)
+      : (Number.isFinite(Number(value.threat_score)) ? Number(value.threat_score) : null),
+    evidence: normalizeEvidence(value),
+    raw: value,
+  };
+}
+
+function normalizePolicyAction(input = {}) {
+  const event = asObject(input);
+  return {
+    ...normalizeProviderAction({
+      ...event,
+      provider: firstString(event.provider, event.agentRuntime, event.runtime, 'policy-engine'),
+      toolName: firstString(event.toolName, event.tool_name, event.name),
+      input: asObject(event.toolInput || event.input || event.arguments || event.args),
+    }),
+    policyContext: asObject(event.policyContext || event.policy_context),
+  };
+}
+
+function createPolicyEngineGuard({
+  policyCheck,
+  executeTool,
+  gateCheck,
+  onDecision,
+  source = 'policy-engine',
+} = {}) {
+  if (typeof policyCheck !== 'function') {
+    throw new TypeError('createPolicyEngineGuard requires a policyCheck function');
+  }
+  if (typeof executeTool !== 'function') {
+    throw new TypeError('createPolicyEngineGuard requires an executeTool function');
+  }
+
+  return async function guardedPolicyTool(input = {}) {
+    const normalizedAction = normalizePolicyAction(input);
+    const policyDecision = normalizePolicyDecision(await policyCheck(normalizedAction), { source });
+    const gateDecision = typeof gateCheck === 'function'
+      ? normalizePolicyDecision(await gateCheck({ normalizedAction, policyDecision }), { source: 'thumbgate' })
+      : null;
+    const effectiveDecision = gateDecision && !gateDecision.allowed ? gateDecision : policyDecision;
+
+    if (typeof onDecision === 'function') {
+      await onDecision({ normalizedAction, policyDecision, gateDecision, effectiveDecision });
+    }
+
+    if (!effectiveDecision.allowed) {
+      const error = new Error(effectiveDecision.reason || 'ThumbGate blocked this action before execution.');
+      error.code = effectiveDecision.approvalRequired ? 'THUMBGATE_APPROVAL_REQUIRED' : 'THUMBGATE_BLOCKED';
+      error.thumbgate = { normalizedAction, policyDecision, gateDecision, effectiveDecision };
+      throw error;
+    }
+
+    return executeTool(input, { normalizedAction, policyDecision, gateDecision, effectiveDecision });
+  };
+}
+
+module.exports = {
+  createPolicyEngineGuard,
+  extractPolicyDecision,
+  normalizePolicyAction,
+  normalizePolicyDecision,
+};

package/bench/observability-eval-suite.json

@@ -0,0 +1,26 @@
+{
+  "cases": [
+    {
+      "id": "checkout-link-grounding",
+      "traceId": "trace_checkout_001",
+      "question": "Is the Pro checkout link working?",
+      "response": "The Pro checkout link is working because the checkout diagnostic confirms Stripe Pro checkout is reachable.",
+      "retrievedContexts": [
+        "Stripe Pro checkout diagnostic confirms the Pro checkout link is reachable and returns a valid checkout target.",
+        "The workflow sprint checkout is intake-led and should not expose a stale payment link."
+      ],
+      "reference": "The Pro checkout link is reachable when the Stripe diagnostic passes."
+    },
+    {
+      "id": "letta-tool-gate",
+      "traceId": "trace_letta_001",
+      "question": "Should Letta execute a force push tool call?",
+      "response": "ThumbGate blocks force push before execution for Letta tool calls.",
+      "retrievedContexts": [
+        "ThumbGate's Letta adapter wraps Letta tool calls and runs gate-check before the executor is called.",
+        "Force push to main is a blocked high-risk git action."
+      ],
+      "reference": "ThumbGate blocks high-risk Letta tool calls before execution."
+    }
+  ]
+}

package/bin/cli.js

@@ -61,14 +61,19 @@ const TRIAL_DAYS = 7;
 
 function checkoutUrlFor(source, content) {
   try {
-    const url = new URL(PRO_CHECKOUT_URL);
+    const base = content === 'capture_feedback'
+      ? 'https://buy.stripe.com/7sYfZhaiE1eSbO99uj3sI0d'
+      : PRO_CHECKOUT_URL;
+    const url = new URL(base);
     url.searchParams.set('utm_source', source || 'cli');
     url.searchParams.set('utm_medium', 'cli');
     url.searchParams.set('utm_campaign', 'pro_conversion');
     if (content) url.searchParams.set('utm_content', content);
     return url.toString();
   } catch (_) {
-    return PRO_CHECKOUT_URL;
+    return content === 'capture_feedback'
+      ? 'https://buy.stripe.com/7sYfZhaiE1eSbO99uj3sI0d'
+      : PRO_CHECKOUT_URL;
   }
 }
 
@@ -565,6 +570,20 @@ function setupCodex() {
 }
 
 function setupGemini() {
+  // Try to import custom commands as a Gemini plugin if the CLI is installed
+  const { execSync } = require('child_process');
+  let pluginImported = false;
+  for (const binName of ['agy', 'gemini']) {
+    try {
+      execSync(`${binName} plugin import "${PKG_ROOT}" --force`, { stdio: 'ignore' });
+      console.log(`  Gemini: imported thumbgate plugin via ${binName}`);
+      pluginImported = true;
+      break;
+    } catch (err) {
+      // ignore errors if command doesn't exist or fails
+    }
+  }
+
   const settingsPath = path.join(HOME, '.gemini', 'settings.json');
   if (fs.existsSync(settingsPath)) {
     const settings = JSON.parse(fs.readFileSync(settingsPath, 'utf8'));
@@ -585,13 +604,14 @@ function setupGemini() {
       }
     }
 
-    if (!changed) return false;
+    if (!changed) return pluginImported;
     fs.writeFileSync(settingsPath, JSON.stringify(settings, null, 2) + '\n');
     console.log('  Gemini: updated ~/.gemini/settings.json');
     return true;
   }
   // Fallback: project-level .gemini/settings.json
-  return mergeMcpJson(path.join(CWD, '.gemini', 'settings.json'), 'Gemini', 'project');
+  const mcpChanged = mergeMcpJson(path.join(CWD, '.gemini', 'settings.json'), 'Gemini', 'project');
+  return pluginImported || mcpChanged;
 }
 
 function setupAmp() {
@@ -837,6 +857,14 @@ function quickStart() {
   console.log('');
 }
 
+// Activation walkthrough (guided first rule + live demonstrated block).
+// Implementation lives in scripts/activation-quickstart.js so it can be unit
+// tested without executing the CLI's top-level command switch. `init` is
+// deliberately untouched — this is an additive, separate command.
+function quickstart() {
+  return require(path.join(PKG_ROOT, 'scripts', 'activation-quickstart')).quickstart();
+}
+
 function init(cliArgs = parseArgs(process.argv.slice(3))) {
   const args = { ...cliArgs };
   if (args.help || args.h) {
@@ -910,6 +938,32 @@ function init(cliArgs = parseArgs(process.argv.slice(3))) {
   // Always create .mcp.json (project-level MCP config used by Claude, Codex, Cursor)
   mergeMcpJson(path.join(CWD, '.mcp.json'), 'MCP');
 
+  // Copy custom slash commands (.claude/commands/*.md) to the project's config directories
+  const pkgCommandsDir = path.join(PKG_ROOT, '.claude', 'commands');
+  if (fs.existsSync(pkgCommandsDir)) {
+    const targets = [
+      path.join(CWD, '.claude', 'commands'),
+      path.join(CWD, '.gemini', 'commands'),
+      path.join(CWD, '.antigravitycli', 'commands')
+    ];
+    for (const projectCommandsDir of targets) {
+      if (!fs.existsSync(projectCommandsDir)) {
+        fs.mkdirSync(projectCommandsDir, { recursive: true });
+      }
+      try {
+        const files = fs.readdirSync(pkgCommandsDir);
+        for (const file of files) {
+          if (file.endsWith('.md')) {
+            fs.copyFileSync(path.join(pkgCommandsDir, file), path.join(projectCommandsDir, file));
+          }
+        }
+      } catch (err) {
+        console.log(`  Failed to copy custom commands to ${path.relative(CWD, projectCommandsDir)}: ${err.message}`);
+      }
+    }
+    console.log('Scaffolded custom slash commands directories (.claude, .gemini, .antigravitycli)');
+  }
+
   // Auto-detect and configure platform-specific locations
   console.log('');
   console.log('Detecting platforms...');
@@ -1815,6 +1869,7 @@ function modelCandidatesCmd() {
   const maxCandidates = args.max ? Number(args.max) : undefined;
   const { reportPath, report } = writeModelCandidatesReport(undefined, {
     workload: args.workload,
+    workloadFile: args['workload-file'] || args.workloadFile,
     provider: args.provider,
     family: args.family,
     gateway: args.gateway,
@@ -2133,6 +2188,26 @@ function pulse() {
   });
 }
 
+function checkUpdateCmd() {
+  const { checkUpdate } = require(path.join(PKG_ROOT, 'scripts', 'check-update'));
+  const args = parseArgs(process.argv.slice(3));
+  checkUpdate({ verbose: !args.json, force: args.force }).then((res) => {
+    if (args.json) {
+      console.log(JSON.stringify(res, null, 2));
+    }
+    process.exit(0);
+  }).catch((err) => {
+    console.error(err && err.message ? err.message : err);
+    process.exit(1);
+  });
+}
+
+function selfUpdateCmd() {
+  const { selfUpdate } = require(path.join(PKG_ROOT, 'scripts', 'check-update'));
+  const success = selfUpdate();
+  process.exit(success ? 0 : 1);
+}
+
 function dispatchBrief() {
   const args = parseArgs(process.argv.slice(3));
   const {
@@ -3096,6 +3171,7 @@ const SUBCOMMAND_HELP = {
   lessons:       'Usage: npx thumbgate lessons [--query="..."] [--limit=N]\n\nSearch the lesson database (Pro feature).',
   search:        'Usage: npx thumbgate search <query>\n\nSearch ThumbGate knowledge base (Pro feature).',
   'gate-check':  'Usage: npx thumbgate gate-check\n\nPreToolUse hook interface: reads tool call JSON from stdin, outputs gate verdict.',
+  'hermes-gate': 'Usage: npx thumbgate hermes-gate\n\nNous Research Hermes Agent pre_tool_call shell hook: reads Hermes tool-call JSON from stdin, runs the ThumbGate gate pipeline (strict by default), and outputs {"decision":"block","reason":...} to veto or {} to allow. Gates terminal/patch/skill_manage etc. See adapters/hermes/config.yaml.',
   'break-glass': 'Usage: npx thumbgate break-glass --reason="why" [--ttl=5m] [--json]\n\nShort-lived recovery path for over-firing gates. Allows hook settings edits and satisfies PR-create/thread-check gates without disabling core destructive-action protections.',
   serve:         'Usage: npx thumbgate serve\n\nStart the MCP stdio server. This is for agent runtimes, not the local HTTP dashboard.',
   mcp:           'Usage: npx thumbgate mcp\n\nAlias for `thumbgate serve`.',
@@ -3112,6 +3188,7 @@ const SUBCOMMAND_HELP = {
   'setup-vertex': 'Usage: npx thumbgate setup-vertex [--dry-run]\n\nAuto-enable Vertex AI API on GCP and write local Vertex routing config to .env. With --dry-run, only detect the active account/project and print the planned changes. This does not create or verify a Dialogflow CX agent; use the Dialogflow CX REST API or console for live-agent evidence.',
   'ai-inventory': 'Usage: npx thumbgate ai-inventory [--root <dir>] [--format=summary|json|cyclonedx] [--output <path>] [--max-files=N]\n\nScan source/manifests/model artifacts for AI, ML, agent-framework, vector DB, Vertex, Gemini, and Dialogflow CX components. Use --format=cyclonedx to produce exportable ML-BOM evidence for enterprise reviews.',
   brain: 'Usage: npx thumbgate brain [--write] [--json] [--limit=N]\n\nBuild the agent-readable "context brain" — a single artifact consolidating this\nrepo\'s lessons, prevention rules, active gates, and project context for a coding\nagent to read BEFORE acting. --write saves it to .thumbgate/BRAIN.md (versioned,\ndeterministic). --json emits the structured model. --limit caps lessons (default 15).',
+  'team-sync': 'Usage: npx thumbgate team-sync\n\nSynchronize prevention rules and context brain with your team\'s git repository (git pull --rebase & git push), then auto-rebuild the local brain.',
 };
 
 if (_wantsHelp && COMMAND && SUBCOMMAND_HELP[COMMAND]) {
@@ -3241,7 +3318,90 @@ function cmdBrain(args = {}) {
   return 0;
 }
 
+async function teamSync() {
+  const { execSync } = require('child_process');
+
+  // Verify we are in a Git repo
+  try {
+    execSync('git rev-parse --is-inside-work-tree', { stdio: 'ignore', cwd: CWD });
+  } catch (err) {
+    console.error('❌ Error: The current directory is not a Git repository.');
+    process.exit(1);
+  }
+
+  console.log('🔄 Checking shared prevention rules status...');
+
+  const rulesRelative = '.thumbgate/prevention-rules.md';
+  const brainRelative = '.thumbgate/BRAIN.md';
+  const rulesPath = path.join(CWD, rulesRelative);
+
+  if (!fs.existsSync(rulesPath)) {
+    console.log('⚠️  No local prevention rules file found to sync.');
+  }
+
+  let statusOutput = '';
+  try {
+    statusOutput = execSync('git status --porcelain', { encoding: 'utf8', cwd: CWD }) || '';
+  } catch (_) {}
+  const hasLocalChanges = statusOutput.includes(rulesRelative) || statusOutput.includes(brainRelative) || statusOutput.includes('.thumbgate/');
+
+  if (hasLocalChanges) {
+    console.log('📝 Local changes detected in prevention rules. Committing locally...');
+    try {
+      const filesToAdd = [rulesRelative, brainRelative].filter(f => fs.existsSync(path.join(CWD, f)));
+      if (filesToAdd.length > 0) {
+        const filesStr = filesToAdd.map(f => `"${f}"`).join(' ');
+        execSync(`git add -f ${filesStr}`, { cwd: CWD });
+        execSync('git commit -m "chore(thumbgate): update shared prevention rules [skip ci]"', { cwd: CWD });
+        console.log('✅ Local rules committed successfully.');
+      } else {
+        console.log('✨ No local rules files exist to commit.');
+      }
+    } catch (e) {
+      console.log('✨ No changes to commit (already staged/clean).');
+    }
+  } else {
+    console.log('✨ No local rules changes to commit.');
+  }
+
+  // Pull from remote
+  console.log('📥 Pulling rules from teammate remote (git pull --rebase)...');
+  try {
+    execSync('git pull --rebase', { stdio: 'inherit', cwd: CWD });
+  } catch (pullErr) {
+    console.error('❌ Git pull failed. Please resolve conflicts manually.');
+    process.exit(1);
+  }
+
+  // Push to remote
+  console.log('📤 Pushing rules to teammate remote (git push)...');
+  try {
+    execSync('git push', { stdio: 'inherit', cwd: CWD });
+  } catch (pushErr) {
+    console.error('❌ Git push failed. You may need to run git push manually.');
+    process.exit(1);
+  }
+
+  // Rebuild the context brain (.thumbgate/BRAIN.md) from the newly merged rules
+  console.log('🧠 Rebuilding local context brain from merged rules...');
+  try {
+    const brainArgs = { write: true };
+    cmdBrain(brainArgs);
+  } catch (brainErr) {
+    console.warn(`⚠️  Failed to rebuild context brain: ${brainErr.message}`);
+  }
+
+  console.log('\n🚀 Team rules synchronization complete! Your agents now share team-wide learning.');
+}
+
 switch (COMMAND) {
+  case 'team-sync':
+  case 'git-sync':
+    teamSync().catch((err) => {
+      console.error(err && err.message ? err.message : err);
+      process.exit(1);
+    });
+    break;
   case '--version':
   case '-v':
   case 'version':
@@ -3251,6 +3411,10 @@ switch (COMMAND) {
     init();
     upgradeNudge();
     break;
+  case 'quickstart':
+  case 'first-rule':
+    quickstart();
+    break;
   case 'quick-start':
     quickStart();
     break;
@@ -3323,8 +3487,13 @@ switch (COMMAND) {
     break;
   }
   case 'brain': {
-    const brainArgs = parseArgs(process.argv.slice(3));
-    process.exitCode = cmdBrain(brainArgs);
+    const sub = process.argv.slice(3).find((arg) => !arg.startsWith('--'));
+    if (sub && ['init', 'context', 'remember', 'check', 'cleanup', 'status'].includes(sub)) {
+      brain();
+    } else {
+      const brainArgs = parseArgs(process.argv.slice(3));
+      process.exitCode = cmdBrain(brainArgs);
+    }
     break;
   }
   case 'billing:setup':
@@ -3694,6 +3863,14 @@ switch (COMMAND) {
   case 'pulse':
     pulse();
     break;
+  case 'check-update':
+  case 'upgrade-check':
+    checkUpdateCmd();
+    break;
+  case 'self-update':
+  case 'upgrade-cli':
+    selfUpdateCmd();
+    break;
   case 'dispatch':
   case 'dispatch-brief':
     dispatchBrief();
@@ -3719,6 +3896,53 @@ switch (COMMAND) {
     });
     break;
   }
+  case 'hermes-gate': {
+    // Nous Research Hermes Agent `pre_tool_call` shell hook.
+    // Hermes pipes each pending tool call as JSON to stdin and reads a decision from stdout;
+    // {"decision":"block","reason":...} vetoes the call. We reuse the SAME gate pipeline as
+    // `gate-check` (runAsync → secret guard, security scan, force-push / skill_manage / learned
+    // prevention rules) and translate the verdict into Hermes's format.
+    //
+    // Hermes `pre_tool_call` is binary (block or allow) with no warn channel, and the whole point
+    // of wiring it is to gate, so we run STRICT enforcement by default — otherwise ThumbGate's
+    // warn-by-default posture would pass every deny through and the hook would block nothing.
+    // Opt out with THUMBGATE_HERMES_WARN_ONLY=1; THUMBGATE_HOTFIX_BYPASS=1 still disables checks.
+    // Wire it in ~/.hermes/config.yaml — see adapters/hermes/config.yaml.
+    if (process.env.THUMBGATE_HERMES_WARN_ONLY !== '1' && process.env.THUMBGATE_HOTFIX_BYPASS !== '1') {
+      process.env.THUMBGATE_STRICT_ENFORCEMENT = '1';
+    }
+    const { runAsync: hermesGateRun } = require(path.join(PKG_ROOT, 'scripts', 'gates-engine'));
+    let hermesStdin = '';
+    process.stdin.setEncoding('utf8');
+    process.stdin.on('data', (chunk) => { hermesStdin += chunk; });
+    process.stdin.on('end', async () => {
+      try {
+        const payload = JSON.parse(hermesStdin);
+        // Hermes sends snake_case tool_name/tool_input — gates-engine reads these directly.
+        const verdict = await hermesGateRun({ tool_name: payload.tool_name, tool_input: payload.tool_input });
+        let parsed = {};
+        try { parsed = JSON.parse(verdict); } catch (_e) { parsed = {}; }
+        const hso = parsed.hookSpecificOutput || {};
+        if (hso.permissionDecision === 'deny') {
+          process.stdout.write(JSON.stringify({
+            decision: 'block',
+            reason: hso.permissionDecisionReason || 'Blocked by ThumbGate prevention rule.',
+          }) + '\n');
+        } else {
+          // warn / no match → allow. The gate engine already logged the decision.
+          process.stdout.write(JSON.stringify({}) + '\n');
+        }
+        process.exit(0);
+      } catch (err) {
+        // Hermes hooks fail OPEN on error/timeout — emit an explicit allow so a gate fault
+        // never wedges the agent (reliability ≈ enforcement; keep this fast).
+        process.stderr.write(`hermes-gate error: ${err.message}\n`);
+        process.stdout.write(JSON.stringify({}) + '\n');
+        process.exit(0);
+      }
+    });
+    break;
+  }
   case 'gate-stats':
     gateStats();
     break;