ThumbGateThumbGate Verification evidence
ThumbGate vs Gatekeeper (Oak & Sparrow)

Gatekeeper stops employees leaking data into ChatGPT. ThumbGate stops coding agents executing bad tool calls. Same philosophy, different layer.

Gatekeeper (by Oak & Sparrow Systems Enterprise) intercepts every input an employee types into a commercial AI system (ChatGPT, Copilot, Gemini) at the browser boundary, blocking violations of HIPAA, FERPA, CCPA, COPPA, CPNI, PCI, FINRA, and the EU AI Act before the data leaves the building. ThumbGate intercepts the tool call an AI coding agent is about to make — bash, SQL, file write, MCP tool, outbound LLM call — inside Claude Code, Cursor, OpenAI Codex CLI, Google Gemini CLI, Sourcegraph Amp, Cline, OpenCode, and Claude Desktop. Both products say *"deterministic enforcement, no AI in the gate."* They mean it.

Both deterministic Both no AI in the gate Different surfaces Use both for full coverage

Side-by-side scope comparison

Capability Gatekeeper (Oak & Sparrow) ThumbGate
What it intercepts Every input an employee types into a commercial AI system (ChatGPT, Copilot, Gemini), at the browser boundary, before transmission Every tool call an AI coding agent attempts (bash, SQL, file write, HTTP fetch, MCP tool), at the PreToolUse boundary inside the agent runtime, before execution
Who buys it Compliance officers, CISOs, legal teams at regulated firms (healthcare, finance, education, telco) Engineering leaders + devs using AI coding agents; law firms / regulated dev teams adopting agentic intake workflows
Rule source 93 deontic rules derived from active statutes (HIPAA, FERPA, CCPA/CPRA, COPPA, CPNI, PCI DSS, FINRA, EU AI Act, SB-1001 CA, Colorado AI Act). Each rule maps to a specific legal citation. Operator feedback (👍/👎) auto-promoted via Thompson Sampling; LLM-generated candidates that must pass precision/recall gates before activation. Each rule traceable to the lesson that produced it.
Enforcement primitive Deterministic pattern matching; no AI in the gate Deterministic pattern matching; no LLM in the gate
Evidence output SHA-256 linked artifacts, timestamped, hashed, chain-linked, statute-referenced — designed as legal evidence Audit log entries with rule version + source lesson + decision + reviewer + timestamp; DPO preference pairs for downstream model hardening; HuggingFace dataset export
Status surface GREEN (system ran) / YELLOW (risk caught) / RED (violation prevented) Per-agent / per-gate hit rates, agent inventory, remediations, token-savings telemetry on /dashboard
Attach point Browser extension / web boundary, before the HTTP request to OpenAI / Microsoft / Google reaches the AI provider PreToolUse hook inside the agent runtime, before the tool call (bash, SQL, MCP, etc.) hits the OS / network
License / availability Enterprise (no public pricing published as of 2026-05-27) MIT-licensed npm package (free local CLI); $19/mo Pro for hosted sync + dashboard + DPO export; $49/seat Team for shared lesson DB + workflow hardening

The shared architectural insight

Gatekeeper's site frames its core design constraint in eight words:

"Deterministic enforcement — no AI in the gate."

ThumbGate ships the same constraint, written in our own architecture docs as "no LLM on the enforcement path." Both products converge on the same conclusion for the same reason: an enforcement layer that calls an LLM to decide whether to block re-introduces the non-determinism the layer is supposed to remove. A gate that occasionally hallucinates is not a gate — it is a suggestion.

The deterministic constraint forces a different question: where does the rule corpus come from?

  • Gatekeeper's answer: derive rules from statutes. Each of the 93 deontic rules maps to a specific legal citation. The ontology is built from the law, not from assumptions. This makes the output usable as legal evidence in regulated industries.
  • ThumbGate's answer: derive rules from operator feedback. 👎 thumbs-down on a bad agent action becomes a history-aware lesson, then a candidate prevention rule, then — only after passing precision/recall gates — an enforced Pre-Action Check. The ontology is built from observed agent mistakes, not from assumed ones.

Same enforcement primitive. Different rule provenance. Use both if both data sources matter to your compliance posture.

The dual-deploy story we expect for regulated firms

The buyer who needs both products at once is a regulated firm adopting AI coding agents for internal automation. A concrete picture:

A law firm has 600 lawyers and paralegals using ChatGPT for routine drafting. Gatekeeper sits in the browser and blocks any input containing PHI markers, ABA Rule 5.5 — Unauthorized Practice of Law indicators, conflict-of-interest markers, or attorney-client privileged content from leaving the firm boundary. Every block is sealed as legal evidence the firm can produce in an ethics inquiry.

The same firm has built an AI intake bot using Cursor + Anthropic's API that handles inbound client questions. ThumbGate sits at the PreToolUse boundary inside that bot's agent runtime and blocks (a) advice-shaped output ("you should file in the Southern District of Florida") that would constitute unauthorized practice of law from a non-attorney source, (b) document fetches against parties already on the firm's adverse-parties list, and (c) outbound LLM calls carrying privilege markers. We've published interactive demos of all three gates at /ai-malpractice-prevention.

One stack: workforce-input gate + agent-action gate. End-to-end AI compliance perimeter.

FAQ

Is Gatekeeper a competitor to ThumbGate?

Architectural cousins, not competitors. Same enforcement philosophy (deterministic, no AI in the gate, sealed audit), different surfaces (employee browser input vs agent tool call). Different buyers. Different rule corpora. Zero technical overlap.

Should I use Gatekeeper or ThumbGate?

Use both if you have both threats. Gatekeeper for employees pasting regulated data into commercial AI. ThumbGate for AI coding agents executing bad tool calls. They cover different halves of the AI compliance perimeter.

Do they overlap technically?

No. Gatekeeper hooks the browser; ThumbGate hooks the PreToolUse boundary inside agent runtimes. Different attach points, different request shapes, different rule corpora. Running both does not create policy conflicts.

Both say "deterministic, no AI in the gate." Why?

An enforcement layer that calls an LLM to decide whether to block introduces the same non-determinism the layer is supposed to remove. Both products converge on pure pattern matching against a deterministic rule set for that reason.

Where do I start?

Talk to Oak & Sparrow for workforce-input governance against ChatGPT / Copilot / Gemini. npx thumbgate init for AI coding agent runtime governance against Claude Code / Cursor / Codex / Gemini CLI / Amp / Cline / OpenCode / Claude Desktop. Different sales motions, different deployment surfaces.