tardigrade-shield
Provides an air-gapped local mode for running models via Ollama, enabling compliance workflows in environments without network access.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@tardigrade-shieldcheck CMMC 2.0 access control compliance"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
tardigrade-shield
Model-agnostic cybersecurity MCP (Model Context Protocol) server built for CMMC 2.0 compliance workflows, with a local / air-gapped Ollama mode for environments that can't touch the network.
Status: in progress — nine-file Claude Code build package already assembled (see that pack for implementation task tracking; this README is the public-facing project description).
What this is
A security-tooling layer exposed as MCP tools, so any MCP-compatible model (or the model-agnostic local mode) can be given controlled, auditable access to compliance-relevant checks — rather than each check being hand-run or hand-coded per environment.
Related MCP server: DocSentinel
Design principles
Model-agnostic: the MCP interface is the contract, not any particular model's capabilities. Swapping the underlying model (cloud-hosted or local) shouldn't require rewriting the tool definitions.
Air-gapped mode: a local Ollama-backed mode for environments where no outbound network access is permitted at all — a real constraint in CMMC 2.0 contexts, not a nice-to-have.
Auditable by construction: every tool call should produce a record suitable for a compliance audit trail, not just a chat response.
Scope: CMMC 2.0
CMMC 2.0 organizes controls into families (access control, incident response, system integrity, etc.). This project does not attempt full coverage in v1 — see Open Questions for which families are prioritized.
Repo structure
tardigrade-shield/
├── src/
│ ├── mcp_server/ # MCP tool definitions and server entrypoint
│ ├── controls/ # one module per CMMC 2.0 control family covered
│ ├── ollama_mode/ # local/air-gapped model backend
│ └── audit/ # audit trail generation for compliance review
└── tests/Implementation details and task-by-task build tracking live in the nine-file Claude Code build package assembled separately — this repo should end up matching that pack's structure once built out.
Status / roadmap
Execute the nine-file build package
Validate against a representative CMMC 2.0 control set
Air-gapped mode smoke test with a local Ollama model
Open questions
Which specific CMMC 2.0 control families are covered first vs. deferred to a later version — not yet decided
Whether the model-agnostic design needs a compatibility shim per model family beyond Ollama
Requirements
Node ≥ 20 or Python ≥ 3.10 (implementation language not yet finalized — see the build package for the current decision). Ollama for local mode.
License
MIT — see LICENSE.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Blu5Morpheus/tardigrade-shield'
If you have feedback or need assistance with the MCP directory API, please join our Discord server