Home
Coming Soon
Dome
Your code doesn't build unless it's secure.
Security policies as a type system. One file per endpoint. Build-time enforcement, runtime proxy, and kernel-level sandboxing. Dome discovers your routes, generates policies with AI, and enforces them at three layers.
Build Time
Static Analysis
ast-grep rules enforce code structure constraints. Missing auth, raw SQL, and filesystem access in sandboxed handlers fail the build.
Runtime
Reverse Proxy
Pingora-based proxy enforces rate limits, auth validation, webhook signatures, and response body scanning. Sub-millisecond overhead.
Kernel
OS Sandboxing
Landlock and Seatbelt profiles enforced by the kernel. Different endpoints get different sandbox profiles with isolated worker pools.