Skip to main content

Understanding Orchestration

When you run dotset run, Dotset orchestrates all three security tools in a specific sequence to provide comprehensive protection.

The Workflow

┌─────────────────────────────────────────────────────────────────────┐
│                          dotset run                                  │
│                                                                      │
│  ┌───────────────┐    ┌───────────────┐    ┌───────────────┐       │
│  │   HARDPOINT   │ →  │   DEADFALL    │ →  │   TOLLGATE    │       │
│  │  Pre-flight   │    │   Honeypot    │    │  Access       │       │
│  │    Scan       │    │   Server      │    │  Control      │       │
│  └───────────────┘    └───────────────┘    └───────────────┘       │
│                                                                      │
│  Exit if critical     Background        Wraps your                  │
│  issues found         process           MCP server                  │
│                                                                      │
└─────────────────────────────────────────────────────────────────────┘

Stage 1: Hardpoint Scan

Purpose: Detect threats before they can cause harm. When you run dotset run, Hardpoint scans your environment first: 
$ dotset run -- npx @modelcontextprotocol/server-filesystem ./

 Running Hardpoint security scan...
 Hardpoint scan passed

Starting Tollgate proxy...

What It Checks

  • AI config files.cursorrules, CLAUDE.md, mcp.json
  • Shell configs.bashrc, .zshrc for malicious aliases
  • Git hooks — Hidden backdoors in pre-commit, post-checkout
  • Network exposure — Exposed localhost services
  • Secrets — Hardcoded credentials

Failure Behavior

If critical issues are found, dotset run aborts: 
$ dotset run -- npx server

 Running Hardpoint security scan...
 Hardpoint found security issues

  CRITICAL  AI-001: Instruction Override Detected
            File: .cursorrules:15
            Pattern attempts to override AI safety guidelines

Aborting due to Hardpoint scan failure

Skipping the Scan

dotset run --skip-scan -- npx server

Stage 2: Deadfall Server

Purpose: Detect AI agent compromise via cognitive honeypots. If deadfall.autoServe is enabled in your config, Dotset starts the Deadfall Honey-MCP server in the background: 
# dotset.yaml
deadfall:
  autoServe: true
  traps:
    - type: cursor-rules
      path: .cursorrules

How It Works

  1. Deadfall runs in the background — Listens for trap triggers
  2. AI reads trap files — During normal operation
  3. Alert triggered — If AI follows hidden instructions

Skipping Deadfall

dotset run --skip-deadfall -- npx server

Stage 3: Tollgate Proxy

Purpose: Control what the AI agent can do. Tollgate wraps your MCP server, intercepting every tool call: 
Starting Tollgate proxy: npx @modelcontextprotocol/server-filesystem ./

[Tollgate] Tool call: read_file
  Arguments: { "path": "src/index.ts" }
  Risk: read

  Allow? [y/n/a/d]

Risk Levels

LevelDescriptionExamples
safeNo riskList tools, get metadata
readRead-onlyRead files, query databases
writeModificationsWrite files, update records
destructiveIrreversibleDelete files, drop tables
dangerousSystem-levelExecute shell, network access

Approval Options

  • y — Allow this call
  • n — Deny this call
  • a — Always allow (session grant)
  • d — Always deny (session grant)

Signal Handling

Dotset handles shutdown gracefully:
  1. Ctrl+C pressed — SIGINT received
  2. Tollgate stopped — Clean proxy shutdown
  3. Deadfall stopped — Background server terminated
  4. Summary printed — Final status report
^C
Received SIGINT, shutting down...

───────────────────────────────────────
Dotset Run Summary

  Hardpoint: passed
  Deadfall: ran
  Tollgate: completed
───────────────────────────────────────

Independence Note

Each tool operates independently. Dotset orchestrates them but does not provide deep integration between tools.
This means:
  • Hardpoint findings don’t automatically create Tollgate policies
  • Deadfall alerts don’t automatically block Tollgate calls
  • Each tool maintains its own state and logs
For deeper integration, use each tool’s individual configuration.

Configuration

Control orchestration behavior in dotset.yaml: 
version: '1'

hardpoint:
  scanOnStart: true      # Enable pre-flight scan
  minSeverity: medium    # Sensitivity level

tollgate:
  timeout: 60000         # Approval timeout
  approvalMethod: terminal

deadfall:
  autoServe: true        # Start honeypot server

Example Session

Complete example of a protected session: 
$ dotset run -- npx @modelcontextprotocol/server-filesystem ./

 Running Hardpoint security scan... (2.3s)
 Started Deadfall Honey-MCP server

Starting Tollgate proxy: npx @modelcontextprotocol/server-filesystem ./

[Tollgate] Connected to upstream server
[Tollgate] Available tools: read_file, write_file, list_directory

# AI requests to read a file
[Tollgate] Tool call: read_file
  Arguments: { "path": "package.json" }
  Risk: read
  Allow? [y/n/a/d] y

# AI requests to write a file
[Tollgate] Tool call: write_file
  Arguments: { "path": "package.json", "content": "..." }
  Risk: write
  Allow? [y/n/a/d] n
  Denied.

^C
Received SIGINT, shutting down...

───────────────────────────────────────
Dotset Run Summary

  Hardpoint: passed
  Deadfall: ran
  Tollgate: completed
───────────────────────────────────────

See Also