Skip to main content

Gate your AI agent's MCP tool calls against Dominion Observatory runtime trust — one call, zero dependencies. Returns a signed diligence receipt.

Project description

dominion-trust-check (Python)

Gate your AI agent's MCP tool calls against Dominion Observatory runtime trust — one call, zero dependencies (stdlib only). Before your agent connects to or invokes an unfamiliar MCP server, check it, and get back a signed diligence receipt proving you did.

Timely after the ClawHavoc (OpenClaw/ClawHub) and Miasma (npm) supply-chain attacks: invoking an unvetted server without a trust check is negligent.

Install

pip install dominion-trust-check

Use

from dominion_trust_check import gate, trust_check, verify, DominionGateError

# Block on FAIL (default), or require a minimum score:
gate("https://some-mcp-server.com/mcp", min_score=60)  # raises DominionGateError on FAIL

# Non-throwing check:
res = trust_check("https://some-mcp-server.com/mcp")
print(res["verdict"], res.get("trust_score"))  # "PASS" | "UNCERTAIN" | "FAIL" | "UNRATED"

# Gate a ClawHub / OpenClaw skill instead of an MCP server:
gate("calendar", registry="clawhub")

# Independently verify any Dominion-signed receipt (no trust in us required):
v = verify(res["diligence_receipt"]["jws"])
print(v["valid"])  # True

Wrap a gate in a try/except to fail closed:

try:
    gate(server_url, min_score=60)
except DominionGateError as e:
    log.warning("blocked untrusted server: %s", e.dominion.get("verdict"))
    raise

API

  • gate(server, min_score=None, block=True, registry=None, base=None) — raises DominionGateError if the verdict is FAIL (or below min_score); otherwise returns the pre-flight result including a signed diligence receipt. block=False never raises.
  • trust_check(server, registry=None, base=None) — returns the verdict + evidence without raising.
  • verify(jws, base=None) — cryptographically verify a Dominion receipt against the published public key.

Honest by design

Servers with no runtime behavioral data return UNRATED — never a fabricated score. Verdicts reflect independently-measured runtime behavior, not static code scans. Not a security audit or a guarantee.

MIT · dominionobservatory.com/sdk

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

dominion_trust_check-0.1.0.tar.gz (2.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

dominion_trust_check-0.1.0-py3-none-any.whl (3.4 kB view details)

Uploaded Python 3

File details

Details for the file dominion_trust_check-0.1.0.tar.gz.

File metadata

  • Download URL: dominion_trust_check-0.1.0.tar.gz
  • Upload date:
  • Size: 2.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.3

File hashes

Hashes for dominion_trust_check-0.1.0.tar.gz
Algorithm Hash digest
SHA256 a89da5879dc3cdd2b26f892a437b273e401b6707c42e2bf052f00feb2181657c
MD5 68dc1bc151a6544461a0a7fd04654796
BLAKE2b-256 c92c9b70b711e015f0776c90605d6fab1d8b0b3694259cd7659fe74187e80085

See more details on using hashes here.

File details

Details for the file dominion_trust_check-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for dominion_trust_check-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 d7c13b1d748dc3aff021fb8a7a58fd4c0bb43d56b7449a05c177173c8e4f7ad8
MD5 a03c4db22c14ee7923b93c10b3fa40cc
BLAKE2b-256 bbcdfd91bdfc822ac0afa513b21ac66cf1d42e84c0631993140f2219b2ad03e5

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page