dome-gate

Interceptor chain orchestration for MCPDome -- the core proxy that wires all security layers together.

What it does

• Runs the MCPDome proxy loop, sitting between the MCP client and server on stdio.
• Enforces session initialization — blocks all requests until the client completes initialize with valid credentials. Returns JSON-RPC errors on auth failure (never forwards unauthenticated requests).
• Orchestrates the full inbound interceptor chain: Sentinel (auth) → Throttle (rate limit) → Ward (injection) → Policy (authz) → Ledger (audit). Ward runs before Policy so injection detection cannot be bypassed by permissive rules.
• Guards all MCP methods — not just tools/call. Rate limiting, policy, and injection scanning apply to resources/read, prompts/get, and all other methods.
• Sends proper JSON-RPC error responses on deny (rate limit, policy, injection) instead of silently dropping messages.
• Strips PSK credentials from initialize messages before forwarding to the upstream server.
• Outbound scanning — scans server responses for injection patterns and logs warnings. Blocks critical schema drift by substituting known-good schemas.
• Records every inbound and outbound decision to the hash-chained audit ledger.
• Drops invalid JSON with parse error responses instead of forwarding malformed messages.

Usage

[dependencies]
dome-gate = "0.1"

use dome_gate::{Gate, GateConfig};

let gate = Gate::new(config, authenticators, policy_engine, rate_config, budget_config, ledger);
gate.run_stdio("mcp-server", &["--stdio"]).await?;

Part of MCPDome

This crate is part of MCPDome, a security gateway for the Model Context Protocol. See the main repository for full documentation.

License

Apache-2.0