Why ddot Exists

AI agents are powerful. But every tool they call is a trust decision that nobody is making. ddot makes it.

The Problem

The Model Context Protocol (MCP) lets AI agents call external tools — file systems, APIs, databases, cloud services. It's brilliant for capability. It's terrifying for security.

Today, every MCP server runs with full environment access, self-declared tools, no signature verification, and no audit trail. A single compromised server can exfiltrate credentials, modify files, or make unauthorized API calls — and nobody would know until the damage is done.

This is not a theoretical risk. As AI agents become standard in development workflows, the attack surface grows with every MCP server added to the stack.

The Solution

ddot is a personal AI agent gateway built from the ground up for security. It wraps your existing MCP servers in a transparent security proxy that enforces signature verification, tool whitelisting, capability gating, environment isolation, and cryptographic audit logging.

You don't change your tools. You don't change your workflow. ddot sits between your AI agent and its MCP servers, enforcing security policy on every call. Your existing setup keeps working — now it's hardened.

Three Rings of Trust

Ring 3 Channels Telegram, Discord, WhatsApp adapters | v Ring 2 Gateway Firewall + Wasm Sandbox + MCP Bridge + Ed25519 | v (one-way valve) Ring 1 Twin AI DENSE hive brain + on-chain attestation

Ring 3 handles channel adapters. Ring 2 is the security core — a 5-layer prompt firewall, Wasm sandbox for skills, the MCP security bridge, and Ed25519 signature verification on everything. Ring 1 is Twin AI: the DENSE hive brain enriches responses with dimensional memory and attests integrity on-chain via Bitcoin OP_RETURN.

DoD-Grade Security

When we designed ddot's security architecture, we didn't start with a startup playbook. We started with the Department of Defense. ddot's security architecture meets all 14 CMMC Level 1 requirements out of the box. Audit chain logging, access control, system integrity, media protection — every control is built in, not bolted on.

Skill Marketplace

ddot includes a skill marketplace. Skills are WebAssembly modules that run in a strict sandbox with only their declared capabilities. Every skill is signed, verified, and inspectable before installation.

  1. A publisher writes a skill in Rust and compiles it to WebAssembly.
  2. The skill is signed with an Ed25519 key (30-day publisher key expiry).
  3. The gateway verifies the signature before every execution.
  4. User messages are routed to skills via trigger keyword matching.
  5. Skills run in a Wasm sandbox with only their declared capabilities.

Host Functions

Skills can call six host functions provided by the sandbox runtime:

ddot_kv_set
Persist key-value data (isolated per skill)
ddot_kv_get
Retrieve stored values from skill memory
ddot_http_get
Fetch data from allowed domains
ddot_time
Get current Unix timestamp
ddot_shared_publish
Publish events to a shared topic ring buffer
ddot_shared_read
Read events from another skill's shared topic

Open Source

ddot gateway is Apache 2.0 licensed (Ring 2 + Ring 3). The core security features — MCP bridge, signing, audit, firewall — are free and open source. Twin AI (Ring 1) is proprietary. The skill ecosystem is open to all publishers.

View source on GitHub · ddot.build