dome-gate 0.5.0

Interceptor chain orchestration for Thunder Dome
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51

# dome-gate

Interceptor chain orchestration for Thunder Dome -- the core proxy that wires all security layers together.

## What it does

- Runs the Thunder Dome proxy loop, sitting between the MCP client and server over **stdio or HTTP+SSE transport**.
- **Enforces session initialization** — blocks all requests until the client completes `initialize` with valid credentials. Returns JSON-RPC errors on auth failure (never forwards unauthenticated requests).
- Orchestrates the full inbound interceptor chain: Sentinel (auth) → Throttle (rate limit) → **Ward (injection)** → Policy (authz) → Ledger (audit). Ward runs before Policy so injection detection cannot be bypassed by permissive rules.
- **Guards all MCP methods** — not just `tools/call`. Rate limiting, policy, and injection scanning apply to `resources/read`, `prompts/get`, and all other methods. Uses method-specific resource extraction (tool names, URIs, prompt names) for fine-grained policy evaluation.
- **Sends proper JSON-RPC error responses** on deny (rate limit, policy, injection) instead of silently dropping messages.
- **Strips all credentials** (PSK and API key) from `initialize` messages before forwarding to the upstream server.
- **Configurable outbound injection blocking** — scans server responses for injection patterns with option to block (not just warn) when threats are detected in outbound messages.
- **Bounded client reads** — enforces 10MB max message size and 5-minute read timeout on client connections.
- **Graceful child termination** — sends EOF to child process stdin and waits up to 5 seconds for clean exit; only force-kills as a last resort.
- Records every inbound and outbound decision to the hash-chained audit ledger.
- Drops invalid JSON with parse error responses instead of forwarding malformed messages.

## Features

- `http` — enables `run_http()` for HTTP+SSE client transport (adds `dome-transport/http` dependency).

## Usage

```toml
[dependencies]
dome-gate = "0.4"

# With HTTP+SSE transport support:
# dome-gate = { version = "0.4", features = ["http"] }
```

```rust
use dome_gate::{Gate, GateConfig};

let gate = Gate::new(config, authenticators, policy_engine, rate_config, budget_config, ledger);

// Stdio transport (default):
gate.run_stdio("mcp-server", &["--stdio"]).await?;

// HTTP+SSE transport (requires "http" feature):
// gate.run_http("mcp-server", &["--stdio"], http_config).await?;
```

## Part of Thunder Dome

This crate is part of [Thunder Dome](https://github.com/Orellius/thunder-dome), a security gateway for the Model Context Protocol. See the main repository for full documentation.

## License

Apache-2.0