2 min read · Works with Claude Code, Cursor, Codex, and any MCP agent
You write never force-push to main in your CLAUDE.md. Your agent reads it. Then it force-pushes to main anyway. Prompt rules are suggestions. Agents can and do ignore them when the context window fills up or when a chain of reasoning overrides the instruction.
git push --force origin main during a rebase. The CLAUDE.md said "never force-push." The agent did it anyway.
A pre-action gate intercepts the tool call before it executes. It pattern-matches the command against known-bad actions and blocks them. The agent cannot bypass it because the gate runs outside the agent's control, at the MCP hook layer.
npx mcp-memory-gateway initThis auto-detects your agent (Claude Code, Cursor, etc.) and configures the PreToolUse hook.
The next time your agent tries a force-push (or anything dangerous), give it a thumbs-down with context:
👎 "Never force-push to main. This destroyed 14 commits last time."ThumbGate captures the feedback, matches it against the tool call pattern, and auto-generates a prevention rule. After repeated failures (configurable), it promotes to a hard gate:
# Auto-generated prevention rule
pattern: "git push --force"
target_branch: "main"
action: BLOCK
reason: "Force-push to main blocked — destroyed 14 commits (2026-03-15)"The PreToolUse hook checks every Bash tool call. If it matches git push --force targeting main, the action is blocked before execution. The agent receives a rejection with the reason and adapts.
The same pattern works for any tool call you want to prevent:
DROP TABLE on production databasesrm -rf on project directories.env files with secretsEvery thumbs-down teaches the system. Thompson Sampling adapts gate sensitivity: high-risk patterns get strict enforcement, low-risk ones stay relaxed.
One command. Your agent stops repeating mistakes today.