MCPDome

MCPDome sits between your AI agent and any MCP server, intercepting every JSON-RPC message on the wire. It enforces authentication, authorization, rate limiting, and injection detection — without modifying either side.

Features

Default-deny policy engine — TOML rules evaluated by priority, first match wins
Injection detection — Regex patterns catch prompt injection, data exfiltration, encoding evasion
Schema pinning — SHA-256 hashes of tool definitions detect rug pulls and tool shadowing
Hash-chained audit logs — Tamper-evident NDJSON logging with SHA-256 chain linking
Token-bucket rate limiting — Per-identity and per-tool limits
Pre-shared key authentication — Identity resolution with label-based policy matching
0.2ms overhead — Rust performance, single binary, zero config to start

Quick Start

cargo install mcpdome
mcpdome proxy --upstream "npx -y @modelcontextprotocol/server-filesystem /tmp"

Getting Started

Policy

Architecture

MCPDome

MCPDome

Features

Quick Start

Links

Getting Started

Policy

Architecture

​MCPDome

​Features

​Quick Start

​Links

MCPDome

Features

Quick Start

Links