Security Deep Dive

The MCP Security Problem Is Solved

Every AI agent using MCP today is running unsigned code with unchecked capabilities and zero audit trail. ddot-mcp-bridge is a drop-in fix: Ed25519 verification, tool whitelisting, capability gating, and hash-chained audit — all transparent to your existing tools.

555
Servers Secured
553/555
Signatures Valid
0
Tools Gated
1321
Caps Enforced

The Problem No One Is Talking About

The Model Context Protocol (MCP) is becoming the standard for tool use in AI agents. Claude, Cursor, Windsurf, and dozens of other tools use it. But MCP was designed for functionality, not security. There is:

01

No Signature Verification

MCP servers are executables on disk. Nothing verifies they haven't been tampered with since installation. A supply chain attack modifies the binary and every agent call now runs compromised code.

02

No Tool Boundaries

An MCP server declares its tools at runtime via self-reporting. A malicious server can expose hidden tools that the user never approved. The AI agent has no way to distinguish legitimate tools from injected ones.

03

Full Environment Access

Every MCP server inherits the full environment of its parent process. API keys, database credentials, cloud tokens — all accessible to every server, regardless of whether it needs them.

04

Zero Audit Trail

There is no standard mechanism to log which tools were called, with what arguments, and what they returned. When something goes wrong, you have no forensic trail to investigate.

The Five-Gate Security Pipeline

ddot-mcp-bridge is a transparent stdio proxy that sits between your AI agent and its MCP servers. Every JSON-RPC message passes through five security gates before reaching the server. The server doesn't even know it's there.

AI AgentClaude Code, Cursor, etc.
stdin/stdout
ddot-mcp-bridge
Ed25519WhitelistCapsEnvAudit
stdin/stdout
MCP ServerUnchanged, unmodified

Gate by Gate

1

Ed25519 Manifest Verification

Before the MCP server process is even spawned, the bridge verifies the server's manifest signature against the publisher's Ed25519 public key. If the manifest has been modified since signing — wrong tool list, changed command, altered capabilities — the bridge refuses to start the server. Period.

Pre-executionCryptographicTamper-evident
2

Tool Whitelist Enforcement

The signed manifest declares exactly which tools the server is allowed to expose. When the AI agent calls a tool, the bridge checks the tool name against the whitelist before forwarding the request. Undeclared tools are blocked — even if the server reports them as available. The whitelist lives in the signed manifest, not in the server.

Per-requestManifest-boundServer-independent
3

Capability Gating

Each server declares its capabilities: network access (local or external), filesystem read/write (with path scoping), environment variable access, and process spawning. The bridge enforces these boundaries at the proxy layer. A server declared with net:local cannot make external HTTP calls. A server with fs:read(runtime) cannot write to disk.

Least privilegePath-scoped7 capability types
4

Environment Isolation

The bridge strips the process environment before spawning the server. Only environment variables explicitly declared in the signed manifest are passed through. Your API keys, cloud credentials, and database passwords are invisible to servers that don't need them.

Zero-leakDeclared-onlyDefense in depth
5

SHA-256 Hash-Chained Audit Trail

Every JSON-RPC request and response is logged to an append-only audit chain. Each entry contains a SHA-256 hash of the previous entry, creating a tamper-evident chain. If someone deletes or modifies a log entry, the chain breaks and the tampering is detectable. Full forensic visibility into every tool call, argument, and return value.

Append-onlyTamper-evidentForensic-grade

Attack Vectors Eliminated

These are real attack vectors against MCP-based AI agents. ddot mitigates all of them today.

Supply Chain Compromise

A malicious actor modifies an MCP server binary after installation. ddot detects the mismatch between the binary's behavior and its signed manifest and refuses to start it.

Tool Injection

A compromised server exposes hidden tools (e.g., a file-upload tool disguised as a read-only server). ddot's whitelist blocks any tool not in the signed manifest.

Credential Exfiltration

An MCP server reads AWS_SECRET_ACCESS_KEY from the environment and sends it to an external endpoint. ddot strips all undeclared env vars and blocks unauthorized network access.

Prompt-Driven Exploitation

A prompt injection tricks the AI agent into calling a dangerous tool with malicious arguments. ddot's 5-layer firewall catches injection patterns before they reach the MCP layer.

Lateral Movement

A compromised server attempts to access filesystem paths or network endpoints outside its declared scope. Capability gating blocks the request at the proxy layer.

Audit Tampering

An attacker attempts to cover tracks by modifying audit logs. The SHA-256 hash chain makes any modification detectable — every entry is cryptographically linked to the previous one.

Secured MCP Servers on This Gateway

ServerVersionPublisherToolsCapsSignature
Agentopsv1.0.0dev-tools03Valid
Lmstudiov1.0.0ai02Valid
Makev1.0.0productivity02Valid
Newrelicv1.0.0analytics03Valid
Sagemakerv1.0.0ai03Valid
Google Tag Managerv1.0.0analytics03Valid
Url Shortenerv1.0.0utility02Valid
Launchdarklyv1.0.0dev-tools03Valid
Vercelv1.0.0cloud03Valid
Svgmakerv1.0.0media02Valid
Apache Iotdbv1.0.0database03Valid
Sentryv1.0.0dev-tools03Valid
Obsidianv1.0.0productivity02Valid
Coinbasev1.0.0finance03Valid
Resendv1.0.0communication03Valid
Stability Aiv1.0.0ai03Valid
Whisperv1.0.0ai02Valid
Google Geminiv1.0.0ai03Valid
Shodanv1.0.0dev-tools03Valid
Lemon Squeezyv1.0.0finance02Valid
Serpapiv1.0.0search03Valid
Webscraping Aiv1.0.0search03Valid
Notion Calendarv1.0.0productivity02Valid
R2 Storagev1.0.0cloud03Valid
Slackv1.0.0communication03Valid
1passwordv1.0.0utility02Valid
Cloudinaryv1.0.0media03Valid
Aws Ec2v1.0.0cloud03Valid
Pocketv1.0.0productivity03Valid
Kubernetesv1.0.0cloud02Valid
Json Placeholderv1.0.0dev-tools02Valid
Microsoft Devboxv1.0.0cloud03Valid
Executeautomation Playwrightv1.0.0dev-tools02Valid
Aws Cost Analysisv1.0.0cloud03Valid
Mailchimpv1.0.0communication03Valid
Antv Chartv1.0.0analytics02Valid
Actionkit Paragonv1.0.0api03Valid
Mistralv1.0.0ai03Valid
Iftttv1.0.0productivity03Valid
Mirov1.0.0productivity02Valid
Datadogv1.0.0analytics03Valid
Zipv1.0.0utility02Valid
Dockerv1.0.0dev-tools02Valid
Nasav1.0.0api02Valid
Jira Confluencev1.0.0productivity03Valid
Google Sheetsv1.0.0productivity02Valid
Redis Officialv1.0.0database03Valid
Llamaindexv1.0.0ai02Valid
Together Aiv1.0.0ai03Valid
Herokuv1.0.0cloud02Valid
Raindropv1.0.0productivity03Valid
Network Aiv1.0.0ai02Valid
Mermaidv1.0.0utility02Valid
Vertex Aiv1.0.0ai02Valid
Jetbrainsv1.0.0dev-tools02Valid
Craftv1.0.0productivity02Valid
Vimeov1.0.0media02Valid
N8nv1.0.0productivity02Valid
Hologresv1.0.0database03Valid
Chromadbv1.0.0ai03Valid
Binancev1.0.0finance03Valid
Exa Searchv1.0.0search03Valid
Linodev1.0.0cloud02Valid
Cisco Webexv1.0.0communication03Valid
Graphqlv1.0.0dev-tools02Valid
Xerov1.0.0finance03Valid
Aws Documentationv1.0.0cloud03Valid
Knexv1.0.0database02Valid
Exav1.0.0search03Valid
Quickbooksv1.0.0finance03Valid
Pypiv1.0.0dev-tools02Valid
Google Searchv1.0.0search03Valid
Diagram Makerv1.0.0dev-tools02Valid
Embeddingsv1.0.0ai02Valid
Renderv1.0.0cloud02Valid
Databricksv1.0.0database02Valid
Elevenlabsv1.0.0ai03Valid
Gumroadv1.0.0finance02Valid
Agentqlv1.0.0search03Valid
Mapboxv1.0.0api03Valid
Puppetv1.0.0cloud02Valid
Aivenv1.0.0cloud03Valid
D3v1.0.0analytics02Valid
Twiliov1.0.0communication03Valid
Ansiblev1.0.0cloud02Valid
Gitlabv1.0.0dev-tools03Valid
Circleciv1.0.0dev-tools03Valid
Home Assistantv1.0.0iot02Valid
Codesandboxv1.0.0dev-tools02Valid
Clickhousev1.0.0database02Valid
Xcodev1.0.0dev-tools02Valid
Lokiv1.0.0analytics03Valid
Everartv1.0.0media03Valid
Bigqueryv1.0.0database02Valid
Logstashv1.0.0analytics02Valid
Pulumiv1.0.0cloud02Valid
Fluxv1.0.0ai02Valid
Crossrefv1.0.0search02Valid
Typescriptv1.0.0dev-tools02Valid
Convertkitv1.0.0communication02Valid
D1 Cloudflarev1.0.0database03Valid
Gitlab Dubuqingfengv1.0.0dev-tools03Valid
Unsplashv1.0.0media03Valid
Robots Txtv1.0.0utility02Valid
Appiumv1.0.0dev-tools02Valid
Midjourneyv1.0.0ai02Valid
Pdf Readerv1.0.0productivity02Valid
Sentimentv1.0.0ai02Valid
Raygunv1.0.0dev-tools03Valid
Gmailv1.0.0communication02Valid
Mondayv1.0.0productivity02Valid
Pastebinv1.0.0dev-tools02Valid
Sqlitev1.0.0database02Valid
Roamv1.0.0productivity02Valid
Upstashv1.0.0database02Valid
Plausiblev1.0.0analytics03Valid
Bearv1.0.0productivity02Valid
Fetchv1.0.0search02Valid
Matplotlibv1.0.0analytics02Valid
Statuspagev1.0.0dev-tools02Valid
Grafanav1.0.0analytics02Valid
Digitaloceanv1.0.0cloud03Valid
Statisticsv1.0.0analytics02Valid
Configcatv1.0.0dev-tools03Valid
Aws Terraformv1.0.0cloud02Valid
Summarizerv1.0.0ai02Valid
Smithery Cliv1.0.0dev-tools02Valid
Sshv1.0.0dev-tools02Valid
Translationv1.0.0utility02Valid
Swaggerv1.0.0dev-tools02Valid
Memoryv1.0.0productivity02Valid
Opentelemetryv1.0.0analytics03Valid
Calendar Icalv1.0.0productivity02Valid
Sitemapv1.0.0utility02Valid
Pineconev1.0.0database03Valid
Chromav1.0.0database02Valid
Deepseekv1.0.0ai03Valid
Linkedinv1.0.0communication02Valid
Squarespacev1.0.0productivity02Valid
Aws Sesv1.0.0cloud03Valid
Semantic Scholarv1.0.0search02Valid
Brave Search Extendedv1.0.0search03Valid
Google Analyticsv1.0.0analytics02Valid
Regexv1.0.0utility02Valid
Canvav1.0.0media02Valid
Githubv1.0.0dev-tools03Valid
Rssv1.0.0utility02Valid
Jirav1.0.0productivity03Valid
Pdfv1.0.0utility02Valid
Google Search Consolev1.0.0analytics03Valid
Weaviatev1.0.0database02Valid
Prometheusv1.0.0analytics02Valid
Sequential Thinkingv1.0.0ai02Valid
Etcdv1.0.0cloud02Valid
Aws Cloudwatchv1.0.0cloud03Valid
Roam Researchv1.0.0productivity03Valid
Google Adsv1.0.0analytics02Valid
Ssl Checkerv1.0.0utility02Valid
Ocrv1.0.0utility02Valid
Henkey Postgresv1.0.0database03Valid
Redditv1.0.0communication02Valid
Playwright Automatalabsv1.0.0dev-tools02Valid
Dice Rollerv1.0.0productivity02Valid
Icalv1.0.0utility02Valid
Notion Hostedv1.0.0productivity02Valid
Rest Apiv1.0.0dev-tools02Valid
Email Validatorv1.0.0utility02Valid
Vaultv1.0.0cloud02Valid
Outlookv1.0.0communication02Valid
Excalidrawv1.0.0productivity02Valid
Aws Cdkv1.0.0cloud02Valid
Google Calendarv1.0.0productivity02Valid
Perplexityv1.0.0ai03Valid
Azure Devopsv1.0.0cloud03Valid
Ngrokv1.0.0dev-tools02Valid
Jina Aiv1.0.0search03Valid
Twitchv1.0.0media02Valid
Anyqueryv1.0.0database02Valid
Groqv1.0.0ai03Valid
Dall Ev1.0.0ai03Valid
Alibaba Cloud Ecsv1.0.0cloud03Valid
Upstash Redisv1.0.0database03Valid
Heightv1.0.0productivity02Valid
Mixpanelv1.0.0analytics03Valid
Typeormv1.0.0database02Valid
Tiktokv1.0.0communication02Valid
Zapierv1.0.0productivity03Valid
Trellov1.0.0productivity03Valid
Pagerdutyv1.0.0dev-tools03Valid
Postgres Henkey Advancedv1.0.0database03Valid
Pulsarv1.0.0api03Valid
Ftpv1.0.0utility02Valid
Llm Txtv1.0.0ai02Valid
Google Mapsv1.0.0api03Valid
Replitv1.0.0dev-tools02Valid
Strapiv1.0.0productivity02Valid
Bigcommercev1.0.0finance02Valid
Loomv1.0.0communication02Valid
Aws Sqsv1.0.0cloud03Valid
Airtablev1.0.0productivity03Valid
Yepcode Sandboxv1.0.0dev-tools02Valid
Azure Mcpv1.0.0cloud03Valid
Cypressv1.0.0dev-tools02Valid
Base64v1.0.0utility02Valid
Dopplerv1.0.0dev-tools03Valid
Puppeteer Screenshotv1.0.0dev-tools02Valid
Dependabotv1.0.0dev-tools02Valid
Segmentv1.0.0analytics03Valid
Docforkv1.0.0dev-tools02Valid
Crypto Hashv1.0.0utility02Valid
Hackernewsv1.0.0search02Valid
Airbytev1.0.0analytics02Valid
Qr Codev1.0.0utility02Valid
Esp Rainmakerv1.0.0api02Valid
Tree Sitterv1.0.0dev-tools02Valid
Snowflakev1.0.0database02Valid
Playwrightv1.0.0browser02Valid
Multimailv1.0.0communication02Valid
Sanityv1.0.0productivity03Valid
Forge Terminalv1.0.0dev-tools02Valid
Matrixv1.0.0communication02Valid
Mlflowv1.0.0ai03Valid
Patternflyv1.0.0dev-tools02Valid
Exchangeratev1.0.0finance02Valid
Docker Composev1.0.0dev-tools02Valid
Opsgeniev1.0.0dev-tools02Valid
Mathv1.0.0utility02Valid
Image Magickv1.0.0media02Valid
Etherscanv1.0.0finance03Valid
Mqttv1.0.0iot02Valid
Imapv1.0.0communication02Valid
Apple Notesv1.0.0productivity02Valid
Crispv1.0.0communication02Valid
Gcpv1.0.0cloud02Valid
Calendarv1.0.0productivity02Valid
Semgrepv1.0.0dev-tools02Valid
Confluencev1.0.0productivity03Valid
Android Emulatorv1.0.0dev-tools02Valid
Desktop Commanderv1.0.0dev-tools02Valid
Drizzlev1.0.0database02Valid
Imgurv1.0.0media02Valid
Elastic Apmv1.0.0analytics03Valid
Npm Auditv1.0.0dev-tools02Valid
Rabbitmqv1.0.0cloud02Valid
Better Emailv1.0.0communication03Valid
Audiense Insightsv1.0.0analytics03Valid
Open Meteov1.0.0api02Valid
Nodit Blockchainv1.0.0finance03Valid
Zoomv1.0.0communication02Valid
Ragv1.0.0ai02Valid
Adobe Creativev1.0.0media02Valid
Snipcartv1.0.0finance02Valid
Aws Bedrockv1.0.0ai03Valid
Redshiftv1.0.0database03Valid
Contactsv1.0.0productivity02Valid
Neo4jv1.0.0database02Valid
Emojiv1.0.0utility02Valid
Unicodev1.0.0utility02Valid
Airwallexv1.0.0finance03Valid
Courierv1.0.0communication03Valid
Cheeriov1.0.0search02Valid
Redisv1.0.0database02Valid
Spaceflightnewsv1.0.0api02Valid
Woocommercev1.0.0finance02Valid
Ghostv1.0.0productivity02Valid
Algoliav1.0.0search03Valid
Basecampv1.0.0productivity02Valid
Readwisev1.0.0productivity03Valid
Fal Aiv1.0.0media03Valid
Vercel Ai Sdkv1.0.0ai02Valid
Qdrantv1.0.0database02Valid
Giphyv1.0.0media03Valid
Wandbv1.0.0ai03Valid
Mysqlv1.0.0database02Valid
Splunkv1.0.0analytics02Valid
Shellv1.0.0dev-tools02Valid
Storybookv1.0.0dev-tools02Valid
Whoisv1.0.0utility02Valid
Langchainv1.0.0ai02Valid
Tavilyv1.0.0search03Valid
Firebasev1.0.0database02Valid
Mindsdbv1.0.0ai03Valid
Fakerv1.0.0dev-tools02Valid
Replicatev1.0.0ai03Valid
Faunav1.0.0database02Valid
Comfyuiv1.0.0ai02Valid
Ffmpegv1.0.0media02Valid
Milvusv1.0.0ai03Valid
Coinmarketcapv1.0.0finance03Valid
Pexelsv1.0.0media03Valid
Wistiav1.0.0media02Valid
Diffv1.0.0utility02Valid
Figmav1.0.0dev-tools03Valid
Anilistv1.0.0media02Valid
Zoterov1.0.0productivity03Valid
Wolfram Alphav1.0.0api03Valid
Markdownv1.0.0utility02Valid
Tavily Searchv1.0.0search03Valid
Renovatev1.0.0dev-tools02Valid
Prettierv1.0.0dev-tools02Valid
2slidesv1.0.0productivity02Valid
Speech To Textv1.0.0ai02Valid
Npm Searchv1.0.0dev-tools02Valid
Pandocv1.0.0utility02Valid
Kubernetes Strowkv1.0.0cloud02Valid
Myinstantsv1.0.0media02Valid
Facebookv1.0.0communication02Valid
Aws Ccapiv1.0.0cloud03Valid
Anyscalev1.0.0ai03Valid
Salesforcev1.0.0productivity02Valid
Framerv1.0.0productivity02Valid
Tailscalev1.0.0dev-tools02Valid
Netlifyv1.0.0cloud02Valid
Intercomv1.0.0communication02Valid
Nerv1.0.0ai02Valid
Macosv1.0.0dev-tools02Valid
Cockroachdbv1.0.0database02Valid
Codav1.0.0productivity02Valid
Snsv1.0.0communication03Valid
Linearv1.0.0productivity03Valid
Sentry Officialv1.0.0dev-tools03Valid
Duckdbv1.0.0database02Valid
Dns Lookupv1.0.0api02Valid
Gitv1.0.0dev-tools02Valid
Microsoft Clarityv1.0.0analytics03Valid
Gitlab Civ1.0.0dev-tools02Valid
Jestv1.0.0dev-tools02Valid
Nile Databasev1.0.0database03Valid
Aws Cost Explorerv1.0.0finance03Valid
Philips Huev1.0.0api03Valid
Hubspotv1.0.0productivity03Valid
Apollov1.0.0dev-tools03Valid
Plotlyv1.0.0analytics02Valid
Telegramv1.0.0communication03Valid
Screenshotv1.0.0browser02Valid
Brave Searchv1.0.0search03Valid
Hyperbrowserv1.0.0search03Valid
Jupyterv1.0.0dev-tools02Valid
Aws Lambda Toolv1.0.0cloud03Valid
Polygon Iov1.0.0finance03Valid
Piston Code Execv1.0.0dev-tools02Valid
Aws Supportv1.0.0cloud03Valid
Apache Pinotv1.0.0database03Valid
Unitsv1.0.0utility02Valid
Date Parserv1.0.0utility02Valid
Chromaticv1.0.0dev-tools02Valid
Posthogv1.0.0analytics03Valid
Prismav1.0.0database02Valid
Web Researchv1.0.0search02Valid
Uv Package Managerv1.0.0dev-tools02Valid
Github Copilotv1.0.0ai02Valid
Csvv1.0.0utility02Valid
Ast Grepv1.0.0dev-tools02Valid
Postgresv1.0.0database02Valid
Image Analysisv1.0.0media02Valid
Notionv1.0.0productivity03Valid
Imgbbv1.0.0media03Valid
Hotjarv1.0.0analytics03Valid
Sharpv1.0.0media02Valid
Shortcutv1.0.0productivity02Valid
Pipedreamv1.0.0api03Valid
Cassandrav1.0.0database03Valid
Serperv1.0.0search03Valid
Wikipediav1.0.0search02Valid
Aqara Iotv1.0.0api03Valid
Apache Dorisv1.0.0database03Valid
Codepenv1.0.0dev-tools02Valid
Whatsappv1.0.0communication02Valid
Mcp Remotev1.0.0dev-tools02Valid
Aws Serverlessv1.0.0cloud03Valid
Youtubev1.0.0media03Valid
Contentfulv1.0.0productivity03Valid
Pinterestv1.0.0communication02Valid
Hashingv1.0.0utility02Valid
Just Promptv1.0.0ai02Valid
Aws Iacv1.0.0cloud03Valid
Tailwindcssv1.0.0dev-tools02Valid
Grpcv1.0.0dev-tools02Valid
Aws Lambdav1.0.0cloud03Valid
Slack Zencoderv1.0.0communication03Valid
Codeinterpreterv1.0.0dev-tools02Valid
Codeqlv1.0.0dev-tools02Valid
Instagramv1.0.0communication02Valid
Claude Conciliumv1.0.0ai02Valid
Aws Ecsv1.0.0cloud03Valid
Uuid Generatorv1.0.0utility02Valid
Ip Geolocationv1.0.0api02Valid
Arxivv1.0.0search02Valid
Blueskyv1.0.0communication02Valid
Google Cloud Platformv1.0.0cloud03Valid
Openaiv1.0.0ai03Valid
Tarv1.0.0utility02Valid
Kafkav1.0.0cloud02Valid
Scrapyv1.0.0search02Valid
Sonarqubev1.0.0dev-tools02Valid
Aws Snsv1.0.0cloud03Valid
Graphlitv1.0.0ai03Valid
Asanav1.0.0productivity03Valid
Azure Openaiv1.0.0ai03Valid
Imgixv1.0.0media02Valid
Yahoo Financev1.0.0finance02Valid
Apache Kafkav1.0.0api03Valid
Astronomy Oraclev1.0.0api02Valid
Aws Kb Retrievalv1.0.0cloud03Valid
Itermv1.0.0dev-tools02Valid
Sendgridv1.0.0communication03Valid
Pagespeedv1.0.0dev-tools02Valid
Todoistv1.0.0productivity03Valid
Railwayv1.0.0cloud02Valid
Vercel Blobv1.0.0cloud03Valid
Supabasev1.0.0database03Valid
Plaidv1.0.0finance03Valid
Ios Simulatorv1.0.0dev-tools02Valid
Duckduckgov1.0.0search02Valid
Dynamodbv1.0.0database03Valid
Sqsv1.0.0cloud03Valid
Google Drivev1.0.0productivity02Valid
Coherev1.0.0ai03Valid
Adfinv1.0.0finance03Valid
Everythingv1.0.0dev-tools02Valid
Uptimerobotv1.0.0dev-tools03Valid
Github Gistv1.0.0dev-tools02Valid
Paypalv1.0.0finance03Valid
Logseqv1.0.0productivity02Valid
Miniov1.0.0cloud03Valid
Fly Iov1.0.0cloud02Valid
Auth0v1.0.0dev-tools03Valid
Bear Notesv1.0.0productivity02Valid
Excelv1.0.0utility02Valid
Influxdbv1.0.0database02Valid
Seleniumv1.0.0browser02Valid
Postmanv1.0.0dev-tools02Valid
Raycastv1.0.0productivity02Valid
Spotifyv1.0.0media03Valid
Consulv1.0.0cloud02Valid
Cloudflarev1.0.0cloud03Valid
Pandasv1.0.0analytics02Valid
Muxv1.0.0media03Valid
Aws Cloudformationv1.0.0cloud03Valid
Alpha Vantagev1.0.0finance03Valid
Podcastv1.0.0media02Valid
Ip Apiv1.0.0api02Valid
Waystationv1.0.0productivity02Valid
Drawiov1.0.0productivity02Valid
Plantumlv1.0.0utility02Valid
Make Integromatv1.0.0productivity03Valid
Aws Mcp Proxyv1.0.0cloud02Valid
Brightdatav1.0.0search02Valid
Eslintv1.0.0dev-tools02Valid
Freshdeskv1.0.0communication02Valid
Elasticsearchv1.0.0database02Valid
Kv Cloudflarev1.0.0database03Valid
Neonv1.0.0database02Valid
Prefectv1.0.0dev-tools03Valid
Wordpressv1.0.0productivity02Valid
Bitwardenv1.0.0utility02Valid
Redis Cloudv1.0.0database03Valid
Profullstackv1.0.0dev-tools02Valid
Twitterv1.0.0communication03Valid
Todoist Extv1.0.0productivity03Valid
Bcryptv1.0.0utility02Valid
Random Userv1.0.0dev-tools02Valid
Lorem Ipsumv1.0.0utility02Valid
Aws Dynamodbv1.0.0cloud03Valid
Huggingfacev1.0.0ai03Valid
Sitbon Maggv1.0.0dev-tools02Valid
Console Automationv1.0.0dev-tools02Valid
Tursov1.0.0database02Valid
Facebook Adsv1.0.0analytics02Valid
Voyage Aiv1.0.0ai03Valid
Alphavantagev1.0.0finance03Valid
Aws S3v1.0.0cloud03Valid
Youtube Transcriptv1.0.0media02Valid
Dnsv1.0.0utility02Valid
Moralis Web3v1.0.0finance03Valid
Cloudwatchv1.0.0analytics03Valid
Zendeskv1.0.0communication02Valid
Timev1.0.0utility02Valid
S3 Advancedv1.0.0cloud03Valid
Snykv1.0.0dev-tools03Valid
Websocketv1.0.0dev-tools02Valid
Mongodbv1.0.0database02Valid
Emailv1.0.0communication03Valid
Typeformv1.0.0api03Valid
Planetscalev1.0.0database02Valid
Puppeteerv1.0.0browser02Valid
Vscodev1.0.0dev-tools02Valid
Supabase Communityv1.0.0database03Valid
Color Palettev1.0.0utility02Valid
Openweatherv1.0.0api03Valid
Personalization Mcpv1.0.0api02Valid
Teamsv1.0.0communication03Valid
Coingeckov1.0.0finance02Valid
Timezonev1.0.0utility02Valid
Composiov1.0.0api03Valid
Fullstoryv1.0.0analytics03Valid
Webflowv1.0.0productivity02Valid
Text To Speechv1.0.0ai02Valid
Calendlyv1.0.0productivity02Valid
Github Actionsv1.0.0dev-tools03Valid
Timescaledbv1.0.0database02Valid
Soundcloudv1.0.0media02Valid
Markitdownv1.0.0dev-tools02Valid
Openapiv1.0.0dev-tools02Valid
Jenkinsv1.0.0dev-tools02Valid
Openstreetmapv1.0.0api02Valid
Discordv1.0.0communication03Valid
Alpacav1.0.0finance03Valid
Curlv1.0.0api02Valid
Restcountriesv1.0.0api02Valid
Anthropicv1.0.0ai03Valid
Clickupv1.0.0productivity02Valid
Aws Finchv1.0.0cloud03Valid
Npm Helperv1.0.0dev-tools02Valid
Tui Mcpv1.0.0dev-tools02Valid
Terraformv1.0.0cloud02Valid
Microsoft Teamsv1.0.0communication02Valid
Natsv1.0.0cloud02Valid
Mastodonv1.0.0communication02Valid
Aws Eksv1.0.0cloud03Valid
Context7v1.0.0dev-tools02Valid
Cronv1.0.0utility02Valid
Kibanav1.0.0analytics02Valid
Stackblitzv1.0.0dev-tools02Valid
Sequelizev1.0.0database02Valid
Wappalyzerv1.0.0dev-tools02Valid
Readabilityv1.0.0utility02Valid
Google Newsv1.0.0search02Valid
Dbtv1.0.0analytics02Valid
Vercel Kvv1.0.0database03Valid
Filesystemv1.0.0filesystem02Valid
Weatherxmv1.0.0api03Valid
Lighthousev1.0.0dev-tools02Valid
Azurev1.0.0cloud02Valid
Jwtv1.0.0utility02Valid
Weatherv1.0.0api03Valid
Anthropic Apiv1.0.0ai03Valid
Bitbucketv1.0.0dev-tools02Valid
1mcp Agentv1.0.0dev-tools02Valid
Deeplv1.0.0utility03Valid
Latexv1.0.0utility02Valid
Ollamav1.0.0ai02Valid
Couchdbv1.0.0database03Valid
Hashicorp Vaultv1.0.0dev-tools03Valid
Stripev1.0.0finance03Valid
Kaspersky Opentipv1.0.0dev-tools03Valid
Taskmanagerv1.0.0productivity02Valid
Amplitudev1.0.0analytics03Valid
Fivetranv1.0.0analytics02Valid
Resend Emailv1.0.0communication03Valid
Apifyv1.0.0search03Valid
Alfredv1.0.0productivity02Valid
Shopifyv1.0.0finance03Valid
E2bv0.0.0code-execution00Expired
Firecrawlv0.0.0web-scraping00Expired

Enterprise Compliance

ddot's security model maps directly to industry compliance frameworks:

CMMC Level 1

We started with the Department of Defense's security standards. ddot's architecture meets all 14 CMMC Level 1 requirements. Not 13 out of 14. All 14. Audit chain, access control, identification, media protection, physical protection, system integrity — covered.

14/14

SOC 2 Type II

Hash-chained audit trail, cryptographic verification, and least-privilege capability model map to SOC 2 trust principles.

Ready

NIST 800-88

Built-in data purge command (ddot purge) with NIST 800-88 compliant media sanitization for audit and memory data.

Built-in

Start Securing Your Agents Today

Open source. Self-hosted. No data leaves your machine. Install ddot and secure your MCP stack in minutes.

cargo install ddot-cli && ddot initApache 2.0 (Ring 2 + Ring 3) — free forever for core security