Skip to main content

Architecture Overview

MCPDome is a Rust workspace of 8 focused crates:
CrateResponsibility
dome-coreShared types & error taxonomy
dome-transportMCP wire protocol (stdio, HTTP+SSE)
dome-gateInterceptor chain orchestration
dome-sentinelAuthentication & identity resolution
dome-policyTOML policy engine (default-deny)
dome-ledgerHash-chained audit logging
dome-throttleToken-bucket rate limiting & budgets
dome-wardInjection detection & schema pinning

Interceptor Chain

Every inbound message passes through this chain in order: 
sentinel → throttle → policy → ward → ledger → upstream server
Outbound responses pass through: 
schema-pin → ledger → client
If any interceptor rejects the message, processing stops and an error response is returned to the client.