Dragon Crypt
Zero-Trust MCP Interceptor Proxy
Dragon Crypt sits as a middleman between your local file system and AI coding assistants. It intercepts MCP file requests, masks proprietary logic using a regex-based redaction engine, and logs every outbound byte to a local SQLite audit trail.
βNothing leaves your machine unmasked. Nothing leaves unlogged.β
// The Redaction Flow
How It Works
Every file request flows through an 8-step interception pipeline. Sensitive content is masked on the way out, and aliases are restored on the way back in.
LLM requests a file via MCP read_file
Path Guard validates against allowed roots and blocklist
Masker scans content and replaces sensitive matches with aliases
Shadow Audit logs the masked payload, byte size, and timestamp
Masked content returned to the LLM β it never sees originals
LLM sends patched code back via write_file
Unmasker restores all aliases to original values
Clean code written to disk β no aliases persist in your files
// The Bypass Toggle
Inert By Default
Dragon Crypt ships disabled β like a browser extension you install turned off. Full transparency when you want it, full protection when you need it.
Bypass Mode
defaultPassthrough β all MCP traffic flows unmodified. Zero overhead, zero masking. Use when working on non-sensitive code.
Secure Mode
activeMasking engine active, audit logging enabled. Sensitive patterns redacted before reaching any cloud LLM. Toggle via menu bar, CLI, or IPC.
// Core Capabilities
IP Protection Layer
Dragon Crypt ensures that every line of proprietary code, every trade secret, and every sensitive pattern is masked before it reaches any cloud-based AI model.
Zero-Trust Proxy
Every request to cloud LLMs passes through Crypt's interception layer. Proprietary IP is masked before it ever reaches an external endpoint. Nothing leaves unmasked.
Shadow Audit Trail
Full SQLite-backed audit log of every request, every response, every redaction. Complete forensic visibility without network exposure. Every outbound byte is logged.
MCP Interceptor
Sits between your MCP client and server. Passthrough mode for safe traffic, masking mode for sensitive operations β toggled instantly via menu bar or CLI.
Zero Network Calls
Crypt itself makes no outbound connections. It intercepts, inspects, and masks β all within your local environment. No phone-home, ever. Binds to localhost only.
Dual-Mode Operation
Ships inert by default β like a browser extension installed disabled. Toggle between passthrough and secure masking with a single click. State persists across daemon restarts.
macOS Menu Bar
Native macOS integration via the menu bar. Start, stop, and toggle modes without leaving your workflow. Built with py2app for native performance.
// Security Model
What Gets Masked
Default regex patterns automatically catch the most common categories of sensitive data. Fully customizable to match your codebase.
What Gets Blocked
Paths matching the blocklist are fully denied β the LLM gets an error, not redacted content. Environment files, PEM keys, credential directories, and Crypt's own state are all blocked at the path level.
Path Traversal Prevention
All file paths are resolved to absolute paths, checked against allowed root directories, and rejected if they attempt to escape via directory traversal or symlinks.
// Constraints
Your AI assistant sees what it needs β not what it shouldn't.
// Companion System
Dragon Vault
Dragon Crypt protects your code in transit. Dragon Vault protects it at rest. Together they form a complete IP protection stack.