dome-ward

Injection detection, schema integrity verification, and heuristic analysis for Thunder Dome.

What it does

• Scans tool arguments with recursive JSON extraction — walks nested objects and arrays to scan every string leaf, preventing evasion via nested payloads.
• Unicode normalization before scanning: NFKC normalization, zero-width character stripping, Cyrillic/Greek homoglyph transliteration, and Unicode whitespace collapsing.
• Implements schema pinning with canonical JSON hashing (recursively sorted keys) for deterministic SHA-256 fingerprints immune to key ordering differences.
• File-backed persistence for schema pins (~/.thunder-dome/schema-pins.json by default). Pins survive process restarts so drift detection works immediately on relaunch, preventing rug pulls during downtime. Corrupted or missing files fall back gracefully to in-memory operation.
• Combined pattern + heuristic scanning: regex patterns for injection/exfiltration plus entropy scoring (>4.5), Base64 detection, and suspicious length checks in a single scan_with_heuristics() pass.
• Returns structured InjectionMatch, SchemaDrift, and ScanResult values with severity levels for audit logging and policy decisions.

Usage

[dependencies]
dome-ward = "0.4"

use dome_ward::{InjectionScanner, SchemaPinStore, default_persistence_path};

let scanner = InjectionScanner::new();
let matches = scanner.scan_text(&tool_arguments);

// In-memory only (no persistence)
let mut store = SchemaPinStore::new();
store.pin_tools(&tools_list_result);
let drifts = store.verify_tools(&later_tools_list_result);

// With file-backed persistence (survives restarts)
let path = default_persistence_path().expect("home directory");
let mut store = SchemaPinStore::with_persistence(path);
store.pin_tools(&tools_list_result); // also writes to disk

Part of Thunder Dome

This crate is part of Thunder Dome, a security gateway for the Model Context Protocol. See the main repository for full documentation.

License

Apache-2.0