Is io.github.dingdawg/dingdawg-governance safe to use?

io.github.dingdawg/dingdawg-governance has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install io.github.dingdawg/dingdawg-governance?

io.github.dingdawg/dingdawg-governance can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with io.github.dingdawg/dingdawg-governance?

io.github.dingdawg/dingdawg-governance is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.

DingDawg Governance

Every AI action receipted. Capability-gated. Rollback-ready.

AI Governance-as-a-Service via MCP. Every write, shell command, and state-changing operation your agent makes is validated before it runs and cryptographically receipted after it completes — giving you a tamper-evident audit trail you can query, export, or roll back at any time.

Works with Claude Code, Codex, Cursor, Windsurf, and any MCP-compatible agent.

Install

npm install dingdawg-governance

Quick Start

# Authenticate (free — no credit card)
npx dingdawg-governance auth login

# Start the governance MCP server
DINGDAWG_API_KEY=your_key npx dingdawg-governance

Add to your MCP client config:

{
  "mcpServers": {
    "dingdawg-governance": {
      "command": "npx",
      "args": ["dingdawg-governance"],
      "env": {
        "DINGDAWG_API_KEY": "your_key_here"
      }
    }
  }
}

Get your free API key at app.dingdawg.com/settings/api.

What You Get

Pre-execution validation — Every action checked against your policy before it runs. Blocked actions never touch your filesystem.
Cryptographic receipts — Tamper-evident record for every action with a unique ID, output hash, and public verification URL.
One-command rollback — Undo any file write by referencing its receipt ID. Prior state is captured automatically before every write.
Real-time trust scores — Behavioral pattern tracking across sessions surfaces anomalies before they become incidents.
Compliance reports in seconds — SOC 2 and ISO 27001-aligned audit reports as signed PDF or structured JSON. One API call.

MCP Tools

Tool	What it does
`validate_action`	Pre-execution check. Returns `APPROVED`, `FLAGGED`, or `BLOCKED` with reason code and risk score.
`generate_receipt`	Post-execution cryptographic receipt with tamper-evident output hash.
`capture_rollback_state`	Snapshot current state before destructive or high-risk operations.
`rollback_action`	Restore prior state from a receipt ID.
`query_receipts`	Search receipts by date, agent, action type, or status. Export-ready.
`check_status`	Current tier, daily usage, quota, and active governance alerts.
`generate_audit_report`	On-demand compliance report — SOC 2, ISO 27001, or custom policy framework.

Plans

Plan	Governed actions/day	Rollback window	Audit reports
Free	200	—	—
Pro — $29/mo	10,000	30 days	Unlimited
Business — $149/mo	Unlimited	90 days	Compliance PDF

No credit card to start. Full pricing: dingdawg.com/governance#pricing

Documentation

Full docs at dingdawg.com/governance/docs

Contributing

Issues and pull requests welcome. See CONTRIBUTING.md.

github.com/dingdawg/governance-mcp

Built by DingDawg — Trust layer for the agentic internet.

io.github.dingdawg/dingdawg-governance

Quick Install

Should you use this server?

Test This Server

Score Breakdown

MCPpedia Score

Security

Help improve this page

Reviews

Frequently Asked Questions

Similar servers

Swiss Caselaw MCP Server

eu.ansvar/cameroonian-law-mcp

io.github.thegridwork/aiact

eu.ansvar/chilean-law-mcp

Discussion