Skip to main content

Dotset Architecture

Dotset is a unified CLI that bundles three independent security tools. This page explains how they work together.

Tool Overview

┌─────────────────────────────────────────────────────────────────────┐
│                           DOTSET CLI                                 │
│                                                                      │
│   Unified interface for AI developer security                       │
│                                                                      │
├─────────────────────────────────────────────────────────────────────┤
│                                                                      │
│  ┌─────────────────┐  ┌─────────────────┐  ┌─────────────────┐     │
│  │    HARDPOINT    │  │    TOLLGATE     │  │    DEADFALL     │     │
│  │                 │  │                 │  │                 │     │
│  │  Security       │  │  Access         │  │  Honeypot       │     │
│  │  Scanner        │  │  Control        │  │  Detection      │     │
│  │                 │  │                 │  │                 │     │
│  │  Go binary      │  │  npm package    │  │  Go binary      │     │
│  └─────────────────┘  └─────────────────┘  └─────────────────┘     │
│                                                                      │
└─────────────────────────────────────────────────────────────────────┘

The Three Tools

Hardpoint

Purpose: Pre-flight security scanning Hardpoint scans your developer environment for AI-era threats that traditional security tools miss:
ScannerWhat It Finds
aiMalicious AI config files, prompt injection
shellBackdoors in shell configs
gitHidden code in git hooks
networkExposed localhost services
secretsHardcoded credentials
When it runs: Before your MCP server starts (with dotset run)

Tollgate

Purpose: Runtime access control Tollgate acts as a proxy between AI agents and MCP servers, controlling what actions the AI can take: 
┌──────────┐     ┌──────────┐     ┌──────────┐
│   AI     │ ──→ │ Tollgate │ ──→ │  MCP     │
│  Agent   │     │  Proxy   │     │ Server   │
└──────────┘     └──────────┘     └──────────┘


                 ┌──────────┐
                 │  You     │
                 │ (approve │
                 │  /deny)  │
                 └──────────┘
When it runs: Continuously while wrapping an MCP server

Deadfall

Purpose: Compromise detection Deadfall uses cognitive honeypots to detect when AI agents are compromised or behaving unexpectedly:
  1. Trap files contain hidden instructions
  2. AI reads the file during normal operation
  3. AI follows instructions to call a verification tool
  4. Alert triggered when the trap is sprung
When it runs: Background server monitoring for trap triggers

Independence Model

Each tool operates independently: 
┌─────────────────────────────────────────────────────────────────────┐
│  DOTSET ORCHESTRATION                                               │
│                                                                      │
│  ┌─────────┐       ┌─────────┐       ┌─────────┐                   │
│  │Hardpoint│──────▶│Deadfall │──────▶│Tollgate │                   │
│  │  scan   │       │ serve   │       │  wrap   │                   │
│  └────┬────┘       └────┬────┘       └────┬────┘                   │
│       │                 │                 │                         │
│       ▼                 ▼                 ▼                         │
│  Exit code 0?      Background        Foreground                    │
│  Continue           process          process                       │
│                                                                      │
│  NO DEEP INTEGRATION - Tools don't share state                     │
│                                                                      │
└─────────────────────────────────────────────────────────────────────┘
This means:
  • Hardpoint findings don’t automatically create Tollgate policies
  • Deadfall alerts don’t automatically block Tollgate calls
  • Each tool has its own logs and configuration
Why? Independence provides flexibility. You can use any tool individually or combine them as needed.

Data Flow

With dotset run

User runs: dotset run -- npx mcp-server



┌────────────────────────┐
│ 1. Load dotset.yaml    │
└──────────┬─────────────┘


┌────────────────────────┐
│ 2. Run Hardpoint scan  │──── Critical findings? ──→ Abort
└──────────┬─────────────┘


┌────────────────────────┐
│ 3. Start Deadfall      │
│    (background)        │
└──────────┬─────────────┘


┌────────────────────────┐
│ 4. Run Tollgate wrap   │
│    (foreground)        │
└──────────┬─────────────┘


┌────────────────────────┐
│ 5. User exits (Ctrl+C) │
└──────────┬─────────────┘


┌────────────────────────┐
│ 6. Cleanup & Summary   │
└────────────────────────┘

Individual Commands

dotset scan        →  Hardpoint scan only
dotset wrap        →  Tollgate wrap only
dotset trap        →  Deadfall trap only

Binary Management

Dotset manages Go binaries in ~/.dotset/bin/: 
~/.dotset/
├── bin/
│   ├── hardpoint     # Go binary
│   └── deadfall      # Go binary
└── cache/            # Downloaded releases
Tollgate is bundled as an npm dependency and runs via npx.

Installation Flow

npm install -g @dotsetlabs/dotset


┌────────────────────────┐
│ Tollgate installed     │  (npm dependency)
└────────────────────────┘

dotset doctor --install


┌────────────────────────┐
│ Download Hardpoint     │  (from GitHub releases)
│ Download Deadfall      │  (from GitHub releases)
└────────────────────────┘

Configuration Hierarchy

┌─────────────────────────────────────────────────────────────────────┐
│                        dotset.yaml                                   │
│                                                                      │
│  ┌─────────────────────────────────────────────────────────────┐   │
│  │  version: '1'                                                │   │
│  │                                                              │   │
│  │  hardpoint:        ─────▶  Passed to Hardpoint scan        │   │
│  │    scanOnStart: true                                        │   │
│  │    minSeverity: medium                                      │   │
│  │                                                              │   │
│  │  tollgate:         ─────▶  Passed to Tollgate wrap         │   │
│  │    timeout: 60000                                           │   │
│  │    approvalMethod: terminal                                 │   │
│  │                                                              │   │
│  │  deadfall:         ─────▶  Controls Deadfall autoStart     │   │
│  │    autoServe: true                                          │   │
│  │    traps: [...]                                             │   │
│  │                                                              │   │
│  └─────────────────────────────────────────────────────────────┘   │
│                                                                      │
└─────────────────────────────────────────────────────────────────────┘

Defense in Depth

The three tools provide layered security:
LayerToolThreat Model
PreventHardpointFind threats before they execute
ControlTollgateLimit what AI can do at runtime
DetectDeadfallKnow when something’s wrong
              Time ───────────────────────────────────────────▶

        BEFORE              DURING                AFTER
        ┌────────┐          ┌────────┐           ┌────────┐
        │Hardpoint│         │Tollgate│           │Deadfall│
        │  SCAN  │          │CONTROL │           │ DETECT │
        └────────┘          └────────┘           └────────┘
              │                  │                    │
              ▼                  ▼                    ▼
        Find threats        Approve/deny         Alert on
        in configs          each action          compromise

See Also