Can I use Bumblebee and ThumbGate together?

Yes, and they compose cleanly. Bumblebee runs as a single Go binary on macOS and Linux, emits NDJSON to stdout, and exits — zero overlap with anything ThumbGate hooks. ThumbGate runs as the PreToolUse layer inside Claude Code, Cursor, Codex, Gemini, Amp, Cline, OpenCode, and Claude Desktop. Common dual-use pattern: run Bumblebee weekly to inventory which MCP servers are wired into each dev's agents, then use ThumbGate to enforce rules against the tool calls those wired-up agents try to make.

Does ThumbGate ingest Bumblebee's NDJSON output?

Not yet at the time of writing. Bumblebee's NDJSON format (one component record per line, scan_summary terminator) is well-suited to feed ThumbGate's agent-manager inventory. A `thumbgate import-bumblebee scan.ndjson` command is on the near-term roadmap. If you want it sooner, open an issue at github.com/IgorGanapolsky/ThumbGate.

Bumblebee is from Perplexity. Why should I also use ThumbGate?

Because Bumblebee answers a discovery question and ThumbGate answers an enforcement question. Bumblebee tells you 'developer machine X has Cursor wired to MCP server Y, which has the npm package Z installed and Z is on the malicious advisory list.' That is decision-grade information for incident response. ThumbGate's PreToolUse hook fires every time Cursor tries to invoke a tool on that machine and can block, replace, or log the call before it executes. Bumblebee is the X-ray; ThumbGate is the airport-security gate. Both, ideally.

ThumbGate vs Bumblebee | Runtime Enforcement Pairs With Static Inventory

Q: Is Bumblebee a ThumbGate competitor?

No. Different layers of the same supply-chain story. Bumblebee (open-sourced by Perplexity 2026-05-23) is a static read-only scanner that inventories what is installed on a developer machine: MCP host configs, editor extensions, browser extensions, and package lockfiles across npm, PyPI, Go modules, RubyGems, and Composer. It answers 'when an advisory drops, which of my dev machines have the bad version installed right now?' ThumbGate is a runtime PreToolUse firewall that intercepts AI agent tool calls before they execute. Bumblebee tells you what an agent CAN reach; ThumbGate tells the agent what it CANNOT do with that reach. Use both.

Side-by-side feature comparison

Capability	Bumblebee	ThumbGate
What it does	Static read-only inventory of on-disk metadata	Runtime PreToolUse enforcement on AI agent tool calls
When it runs	On demand: weekly baseline, project scan, or deep incident-response sweep	Every tool call an agent attempts, in real time, before execution
What it covers	MCP host configs, editor extensions (VS Code family), browser extensions (Chromium + Firefox), npm/pnpm/Yarn/Bun, PyPI, Go modules, RubyGems, Composer lockfiles	Tool calls inside Claude Code, Cursor, OpenAI Codex CLI, Google Gemini CLI, Sourcegraph Amp, Cline, OpenCode, Claude Desktop (via MCP)
What it blocks	Nothing — pure observation. Read-only by design (no execution, no package-manager calls)	The actual tool call. Bash, file write, MCP tool, HTTP fetch — gate fires before the side effect
Output format	NDJSON to stdout, scan_summary terminator, pipeable into jq / SIEM / agentic workflows	Block/allow decision + audit log entry per gate firing. DPO preference pairs for fine-tuning
Distribution	Single Go binary (zero non-stdlib deps). `go install github.com/perplexityai/bumblebee/cmd/bumblebee@latest`	npm package: `npx thumbgate init`
Platforms	macOS, Linux	macOS, Linux, Windows (Node.js >=18.18)
License	Apache 2.0	MIT (npm package); Pro/Team are hosted services
Built by	Perplexity AI (used internally to protect Perplexity dev machines behind their search product, Comet browser, and Computer AI agent)	Independent (MIT-licensed open source + hosted Pro/Team services)

Pick Bumblebee for

Supply-chain incident response: an advisory drops, you need to know which dev machines have the bad version installed RIGHT NOW.
MCP config inventory: which AI assistants on which machines are wired to which MCP servers, and which of those servers carry credentials in their env blocks.
Weekly baseline snapshots of dev-machine state, centralized so future incident response is a search instead of a phone call.
You want a single read-only Go binary that does not execute install scripts or trigger package managers.

Bumblebee is the first open-source scanner to treat MCP configuration files as a first-class security surface. That's a genuinely new contribution to the supply-chain category and the right tool for the inventory job. Recommend installing it regardless of whether you use ThumbGate.

Pick ThumbGate for

Stopping agent mistakes before they execute: bad bash, destructive DB query, unauthorized file write, privilege-violating LLM call.
Cross-agent enforcement: the same prevention rule fires inside Claude Code, Cursor, Codex, Gemini, Amp, Cline, OpenCode, and Claude Desktop with one config.
Operator-feedback learning: thumbs-down on a bad output becomes a real Pre-Action Check that blocks the repeat next time, with precision/recall gating before any rule auto-promotes.
Hosted lesson sync, dashboard, DPO export, adapter matrix maintenance, 24×7 ops on the rule engine (Pro/Team tiers).

The integration story: discovery feeds enforcement

Bumblebee scan output looks like:

{"kind":"mcp_server","host":"claude-code","name":"github","command":"npx","args":["-y","@modelcontextprotocol/server-github"],"env_keys":["GITHUB_TOKEN"]}
{"kind":"mcp_server","host":"cursor","name":"linear","command":"npx","args":["@linear/mcp-server"],"env_keys":["LINEAR_API_KEY"]}
{"kind":"npm_package","manifest":"package.json","name":"some-vulnerable-pkg","version":"1.2.3"}
{"kind":"scan_summary","components":847,"duration_ms":1240}

ThumbGate's agent-manager treats each mcp_server record as an attack-surface entry that gates can be written against. Each npm_package entry on the advisory list can become a check that blocks any agent tool call referencing it.

A first-pass integration is on the near-term roadmap: thumbgate import-bumblebee scan.ndjson will load Bumblebee inventory into ThumbGate's agent inventory + auto-seed gates from CVE-flagged components. Open an issue at github.com/IgorGanapolsky/ThumbGate if you want it sooner than later.

FAQ

Is Bumblebee a ThumbGate competitor?

No. Bumblebee answers 'what is installed on this dev machine right now' (static inventory). ThumbGate answers 'what is this agent about to do, and should we allow it' (runtime enforcement). Same supply-chain category, different halves of the answer. Use both.

Can I use them together?

Yes, and they compose cleanly with zero overlap. Bumblebee is a one-shot Go binary that scans and exits. ThumbGate is a persistent PreToolUse hook in every agent runtime you use. They don't see each other; they don't need to. The integration value is in feeding Bumblebee's MCP inventory into ThumbGate's agent dashboard so you can write gates against actual installed servers.

Does ThumbGate already ingest Bumblebee output?

Not yet. Bumblebee released 2026-05-23; the import command is on the near-term roadmap. NDJSON is a clean fit so the integration will land as a small CLI subcommand rather than a heavy adapter.

Why should I use ThumbGate if Perplexity made Bumblebee?

Bumblebee is read-only by design — it cannot block anything. Perplexity ships it to inventory developer machines, not to enforce policy on agent tool calls. ThumbGate fills the enforcement layer Bumblebee deliberately leaves to other tools. The two ship without conflict and your security posture is better with both than either alone.

Where do I start?

Both can install in under 60 seconds. Bumblebee: go install github.com/perplexityai/bumblebee/cmd/bumblebee@latest then bumblebee self-test. ThumbGate: npx thumbgate init. Run Bumblebee weekly for inventory; let ThumbGate run continuously inside your agent.

Bumblebee tells you what's installed. ThumbGate stops what's installed from doing bad things.

Side-by-side feature comparison

Pick Bumblebee for

Pick ThumbGate for

The integration story: discovery feeds enforcement

FAQ