mcpdome 0.5.0

Thunder Dome — Protective Firewall for AI Agents. MCP security gateway proxy.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86

# Thunder Dome Configuration — Example Policy
# Copy this to thunder-dome.toml and customize for your setup.

[mcpdome]
version = "1"
default_effect = "deny"

# ── Rule 1: Block secret leaks everywhere (highest priority) ──
[[rules]]
id = "block-secrets"
priority = 1
effect = "deny"
identities = "*"
tools = "*"
arguments = [
    { param = "*", deny_regex = [
        "AKIA[A-Z0-9]{16}",               # AWS access keys
        "ghp_[a-zA-Z0-9]{36}",            # GitHub PATs
        "-----BEGIN.*PRIVATE KEY-----",    # Private keys
        "sk-[a-zA-Z0-9]{20,}",            # OpenAI/Stripe keys
        "xoxb-[0-9]+-[a-zA-Z0-9]+",       # Slack bot tokens
    ] },
]

# ── Rule 2: Admins can do anything (clean args pass rule 1 first) ──
[[rules]]
id = "admin-full-access"
priority = 10
effect = "allow"
identities = { labels = ["role:admin"] }
tools = "*"

# ── Rule 3: Block destructive tools for developers ──
[[rules]]
id = "dev-no-destructive"
priority = 50
effect = "deny"
identities = { labels = ["role:developer"] }
tools = ["delete_file", "drop_table", "rm_rf", "exec_command"]

# ── Rule 4: Developers can use read tools ──
[[rules]]
id = "dev-read-tools"
priority = 100
effect = "allow"
identities = { labels = ["role:developer"] }
tools = ["read_file", "grep", "git_status", "git_log", "list_dir"]

# ── Rule 5: Developers can write, but only to safe paths ──
[[rules]]
id = "dev-write-safe-paths"
priority = 110
effect = "allow"
identities = { labels = ["role:developer"] }
tools = ["write_file"]
arguments = [
    { param = "path", allow_glob = ["/tmp/**", "/home/*/projects/**"], deny_regex = [".*\\.env$", ".*credentials.*", ".*\\.key$"] },
]

# ── Rule 6: CI bot limited to test + deploy staging ──
[[rules]]
id = "ci-bot-tools"
priority = 100
effect = "allow"
identities = { principals = ["psk:ci-bot"] }
tools = ["run_tests", "deploy_staging", "git_status"]

# ── Budget tracking (per-identity spend limits) ──
# Uncomment to enable budget tracking via config (or use --enable-budget CLI flag).
# [mcpdome.budget]
# cap = 100.0          # Max calls per identity per window (default: 100)
# window_secs = 3600   # Rolling window in seconds (default: 3600 = 1 hour)

# ── Pre-shared keys (PSK authentication) ──
# Clients send `_thunder_dome_psk` in the initialize params.
# [[psk]]
# key_id = "ci-bot"
# secret = "your-secret-key-here"
# labels = ["role:developer", "env:ci"]

# ── API keys (API key authentication) ──
# Clients send `_thunder_dome_api_key` in the initialize params.
# [[api_key]]
# key_id = "service-a"
# secret = "your-api-key-here"
# labels = ["role:service", "env:production"]