One thing worth calling out: the Cloudflare relay for hosted connections (ChatGPT, Copilot) means a third party sees your block/unblock tool calls before they reach the daemon. For a distraction blocker that's probably low-stakes, but it's worth documenting the trust boundary explicitly — /etc/hosts write access proxied through a relay isn't the same trust model as local-only. If that relay is ever misconfigured or compromised, you're one injected tool call away from arbitrary host redirection.
For Claude Code specifically, the local daemon is already on-machine — does the MCP config support a local transport mode that bypasses the relay entirely?