Skip to content

OrelliusAI/orellius-dome

BranchesTags

Repository files navigation

Orellius Labs

Orellius Dome

MCP Security Gateway — firewall proxy between AI agents and MCP servers.

Website · GitHub

What it does

Dome sits between your AI agents and MCP servers as a security gateway. It handles authentication, rate limiting, prompt injection detection, and audit logging with 0.2ms overhead. Ships as a single Rust binary.

Install

cargo install orellius-dome

Quick start

# dome.toml
[server]
listen = "127.0.0.1:3100"

[[policy]]
name = "default"
action = "deny"

[[policy]]
name = "allow-read"
tools = ["read_*", "list_*"]
action = "allow"
rate_limit = { max = 100, window = "60s" }
orellius-dome --config dome.toml

Features

  • Default-deny TOML policies with glob pattern matching
  • Injection detection (Unicode, homoglyph, zero-width characters)
  • Schema pinning with SHA-256 verification
  • Hash-chained audit logs for tamper detection
  • Token-bucket rate limiting per client
  • Argon2id authentication
  • HTTP + SSE transport support
  • 245 tests across 8 crates

Tech stack

Rust 2024, tokio, axum, 8-crate workspace

License

MIT — Orellius Labs

About

Protective Dome for AI Agents — MCP security gateway proxy (Rust)

crates.io/crates/mcpdome

Topics

rust open-source security proxy mcp gateway rate-limiting ai-safety policy-engine ai-agents audit-logging model-context-protocol injection-detection schema-pinning orellius

Resources

Readme

License

Apache-2.0 license

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages