Metadata-Version: 2.4
Name: fastmcp-dominion
Version: 0.1.0
Summary: Trust-gated MCP middleware for FastMCP via Dominion Observatory
Author-email: Dinesh Kumar <vdineshk@users.noreply.github.com>
License: MIT
Project-URL: Homepage, https://dominionobservatory.com
Project-URL: Repository, https://github.com/vdineshk/daee-engine/tree/main/packages/fastmcp-dominion
Project-URL: Issues, https://github.com/vdineshk/daee-engine/issues
Keywords: fastmcp,mcp,trust,security,middleware,dominion-observatory
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Topic :: Security
Requires-Python: >=3.10
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: fastmcp>=2.0.0
Requires-Dist: httpx>=0.24.0
Dynamic: license-file

# fastmcp-dominion

Trust-gated MCP middleware for [FastMCP](https://github.com/PrefectHQ/fastmcp) via [Dominion Observatory](https://dominionobservatory.com).

Automatically verifies MCP server trust scores before allowing tool calls. Blocks untrusted servers, caches lookups, and provides configurable failure modes.

## Installation

```bash
pip install fastmcp-dominion
```

## Quick Start

```python
from fastmcp import FastMCP
from fastmcp_dominion import TrustMiddleware

app = FastMCP("my-server")
app.add_middleware(TrustMiddleware(threshold=70))
```

That's it. All incoming tool calls are now verified against Observatory's behavioral trust scores from 14,800+ MCP servers.

## Configuration

```python
from fastmcp_dominion import TrustMiddleware, TrustConfig

config = TrustConfig(
    threshold=70.0,         # Minimum trust score (0-100)
    cache_ttl=300,          # Cache scores for 5 minutes
    fail_mode="open",       # "open" = allow on API error, "closed" = block
    log_decisions=True,     # Log trust check decisions
    bypass_tools=["ping"],  # Tools that skip verification
)

app = FastMCP("my-server")
app.add_middleware(TrustMiddleware(config=config))
```

## Synchronous Usage

For scripts or non-async code:

```python
from fastmcp_dominion.middleware import check_trust_sync

result = check_trust_sync("https://some-mcp-server.com/mcp")
print(f"Trust score: {result['trust_score']}")
print(f"Passed: {result['_passed']}")
```

## How It Works

1. Incoming MCP request arrives
2. Middleware extracts the server URL from request headers/metadata
3. Queries Observatory's trust API (cached for 5 min by default)
4. If score >= threshold: request proceeds normally
5. If score < threshold: returns JSON-RPC error with trust details
6. If Observatory unreachable: behavior depends on `fail_mode`

## API

Observatory tracks 14,800+ MCP servers with behavioral trust scores based on real interaction data. Free tier: 50 queries/day.

- Trust API: `GET https://dominionobservatory.com/api/trust?url=<server_url>`
- Docs: https://dominionobservatory.com
- GitHub: https://github.com/sgdata-io/dominion-observatory

## License

MIT
