Skip to main content

Getting Started with Dotset

This guide walks you through setting up Dotset, the unified CLI for Dotset Labs security tools.

Prerequisites

  • Node.js 20+ — Required for running Dotset and Tollgate
  • npm, yarn, or pnpm — For package installation

Step 1: Install Dotset

npm install -g @dotsetlabs/dotset
Verify the installation: 
dotset --version

Step 2: Install Dependencies

Dotset bundles three tools. Install any missing binaries: 
dotset doctor --install
This checks and installs:
  • Hardpoint — Go binary for security scanning
  • Deadfall — Go binary for honeypot traps
  • Tollgate — Bundled npm package
Example output: 
$ dotset doctor --install

Dotset Doctor

Installing hardpoint...
  Downloading hardpoint v0.1.0 for linux/amd64...
  Installed to /home/user/.dotset/bin/hardpoint

Diagnostics:

 Configuration: No dotset.yaml found (using defaults)
 hardpoint binary: /home/user/.dotset/bin/hardpoint
 deadfall binary: /home/user/.dotset/bin/deadfall
 Tollgate: npm package available
 Node.js: v20.10.0

All checks passed!

Step 3: Initialize Configuration

Create a dotset.yaml configuration file in your project: 
cd your-project
dotset init
This creates a configuration file with sensible defaults: 
version: '1'
hardpoint:
  scanOnStart: true
  minSeverity: medium
tollgate:
  timeout: 60000
  approvalMethod: terminal
  servers: {}
deadfall:
  autoServe: false
  traps: []

Step 4: Run Your First Protected Session

Start an MCP server with full protection: 
dotset run -- npx @modelcontextprotocol/server-filesystem ./
This:
  1. Runs a Hardpoint security scan
  2. Wraps the server with Tollgate access control
  3. Prompts you for approval on each tool call

Step 5: Configure for Your Workflow

Edit dotset.yaml to customize your setup: 
version: '1'

hardpoint:
  scanOnStart: true
  minSeverity: high  # Only show high+ severity

tollgate:
  timeout: 120000    # 2 minute approval timeout
  approvalMethod: terminal
  servers:
    postgres:
      command: npx
      args: ["-y", "@modelcontextprotocol/server-postgres"]
      env:
        DATABASE_URL: "${DATABASE_URL}"

deadfall:
  autoServe: true    # Auto-start honeypot server
  traps:
    - type: cursor-rules
      path: .cursorrules

What’s Next?

Configuration

Full dotset.yaml reference

Claude Desktop

Integrate with Claude Desktop

Orchestration

How the tools work together

Architecture

Understanding the architecture

Quick Reference

CommandPurpose
dotset initCreate configuration
dotset doctor --installInstall missing tools
dotset statusCheck installation status
dotset run -- <cmd>Run with full protection
dotset scanSecurity scan only
dotset wrap -- <cmd>Access control only
dotset trap <type> <path>Create honeypot trap