This server brings ISG Agent 1's security scanning into Claude's context. It exposes operations for running AI security scans with stack-specific threat models, generating trust scores based on the platform's constitution and governance engine, and analyzing code for autonomous agent risks. You'd reach for this when auditing AI systems or agent codebases before deployment, especially if you need more than generic linting and want checks against adversarial prompts, skill quarantine violations, or missing governance gates. The free local scan runs entirely on your machine. Think of it as a security-first lens for evaluating whether an AI agent or LLM integration has the guardrails it claims to have.
Governance receipts for AI agents.
Every action a governed agent takes generates a cryptographically-signed receipt: what it decided, why, which model, which version, at what time. Built toward EU AI Act Art. 12, Colorado AI Act (SB 24-205), and NIST AI RMF requirements.
The receipt is what turns a policy document into evidence.
| Capability | Endpoint |
|---|---|
| Developer signup — issues a scoped API key | POST /v1/developers/signup |
| Governed execution — routes agent calls through metering + audit | POST /v1/govern/execute |
| Compliance classification | POST /api/v1/compliance/classify |
| Regulation lookup | GET /api/v1/compliance/regulations |
| Agent trust score + live stream | GET /api/v1/agents/{id}/trust, WS .../trust/stream |
| Billing (Stripe) | POST /api/v1/payments/create-checkout-session |
Backed by 10 governed-agent npm packages (compliance, legal, healthcare, finance, devops, marketing, sales, support, code-review, planning).
curl -X POST https://api.dingdawg.com/v1/developers/signup \
-H "Content-Type: application/json" \
-d '{"email":"you@example.com","name":"Your Name","role":"consumer"}'
# -> {"api_key": "dd_...", ...} store it — shown once
export DINGDAWG_API_KEY=dd_your_key
npx dingdawg-compliance quick-check
Client (npm package / your agent) --auth: DINGDAWG_API_KEY-->
api.dingdawg.com (FastAPI, Railway)
-> Tier isolation + rate limiting
-> Governance gate (score, log, decide)
-> Audit trail (signed receipt)
-> Stripe metering / billing
-> Response (governed, scored, receipted)
See CONTRIBUTING.md for contribution guidelines.
See SECURITY.md for our responsible disclosure policy.
MIT License. See LICENSE for details.
Innovative Systems Global. The name is not aspirational. It is a statement of fact.
DINGDAWG_API_KEYsecretAPI key for paid tier access — get free at dingdawg.com
io.github.ericm1018/skillfm-llm-cost-optimizer-openai-anthropic-usage
io.github.mikerawsonnz/llm-orchestration-agent
io.github.mikerawsonnz/authenticated-llm-agent
labforgedev/copilot-memory-mcp
csoai-org/agent-prompt-injection-firewall-mcp
io.github.mikerawsonnz/authenticated-multi-llm-agent