Two MCP Servers. One STIX Key. How To Actually Use Jeevesus And Dredd From Inside Claude Code.

DugganUSA ships two public MCP servers against the same threat intelligence corpus. Jeevesus is the read side — search the IOC index in natural language, enrich an IP, summarize what is hot in the STIX feed. Dredd is the judge side — before you install or invoke any other MCP server, ask Dredd whether that server is BLOCK, ADVISORY, or ALLOW. As of today, Dredd's verdict covers both the server's own identity and the server's directly declared dependency graph against our IOC corpus. That is the new news. The rest of this post is how you actually use them.

Step One — Get A Key

Both servers honor the same Bearer token. One key, two MCPs. Register at analytics.dugganusa.com/stix/register. The free tier issues a key with five hundred queries per day across the iocs, epstein_files, pulses, and content indexes. Starter tier is forty-five dollars per month for higher caps. Enterprise is partner-tier and not on the self-service page.

The registration page returns a key on the spot. There is no email-confirmation round trip and no waiting on a sales call. The key is the product. The whole point of publishing the key flow as a one-step signup is that the first call should happen in the next sixty seconds.

Step Two — Add Both MCP Servers To Your Client

Inside Claude Code, the configuration lives in your .mcp.json or .claude.json depending on your version. The two endpoints to add are analytics.dugganusa.com/api/v1/jeevesus/mcp for jeevesus and analytics.dugganusa.com/api/v1/dredd/mcp for dredd. Both speak streamable HTTP JSON-RPC. Both accept the same Bearer token in the Authorization header. The key issued at /stix/register works against both with no extra step.

Other MCP clients — Cursor, Cline, ChatGPT desktop — follow the same shape. The two endpoints are stateless HTTP, no installation, no local binary, no node version pin. If your client speaks the streamable-HTTP MCP transport, the servers are reachable.

Once connected, your client picks up four tools. From jeevesus: search, enrich-ioc, stix-feed-summary. From dredd: check_mcp_server.

Step Three — Use Jeevesus For Lookup

Search is the natural-language query against the IOC corpus. Ask "what Russian C2s are active this week" and you get the matching IOCs back with source, family, country, confidence, and first-seen timestamps. Ask "anything new on socgholish" and you get the recent indicators tagged with that family. The corpus is currently 1.15 million IOCs across forty-four indexes and growing daily from a dozen feeds plus our own hunting crons.

Enrich-ioc takes a single indicator — an IP, a domain, a hash — and returns the cross-index correlation. Country, ASN, ISP, malware family if any, references where we have seen it. The whole point is that enrich-ioc against an indicator your SIEM just alerted on tells you in one tool call whether that indicator is in our corpus and what we think of it.

Stix-feed-summary is the time-windowed digest. Last twenty-four hours, last week, last month. What did the corpus learn. What hot families are accelerating. The kind of read you would otherwise have to scroll a dashboard to assemble.

All three tools are read-only. None of them mutate the corpus. The key is for rate limiting and provenance, not authorization on writes.

Step Four — Use Dredd Before You Install The Next MCP

The single tool on dredd is check_mcp_server. Give it a server name, optionally a version, optionally the specific tool you are about to invoke. Get back a verdict. BLOCK if the server or any directly declared dependency has a critical or high compromise finding. ADVISORY if the finding is medium severity or the signature pattern is suspicious. ALLOW if neither side trips.

This is the call to make before installing a server you found on a third-party registry, before letting Claude Code auto-install a server suggestion, before adopting a server that just appeared in your dependency tree. The corpus knows Shai-Hulud, knows the TanStack and Mistral and Guardrails compromises, knows the OpenClaw skill-payload class. The verdict is HMAC-signed so a downstream verifier — a CI gate, a hook, a desktop guard — can prove what Dredd said without trusting the network in between.

As of today the verdict also covers the dependency graph. Before today, check_mcp_server returned a verdict on the server's name and findings on the server. Now it also walks the server's declared dependencies via our mcp_dependencies index — populated every twelve hours by a cron that pulls package.json and requirements.txt from every server in the official MCP registry — and cross-references each dependency name against the IOC corpus. A compromised dependency becomes a compromised_dependency finding and rolls up into the verdict ladder exactly like a server-level finding. The response gains a dep_graph block reporting total deps scanned, count compromised, depth, and a partial flag if the call ran out of its two-second budget.

The latency target is sub-fifty milliseconds for cached calls and sub-two-seconds for cold. A Claude Code agent that calls check_mcp_server before every other tool invocation is not paying for that prudence in tool-call lag. The cache is one hour per server-version pair.

What The Key Buys You That Anonymous Does Not

Anonymous callers can hit dredd's MCP endpoint today and get a verdict on a small number of well-known servers — the free preflight surface exists for the case where someone is evaluating a server before they have decided to register. Anonymous callers cannot hit jeevesus, cannot run search or enrich-ioc, and cannot get the full dep-graph detail back from dredd. The key flips all three. Free tier has the caps high enough that a defender actually using these tools in production will not hit them. The starter and enterprise tiers raise the caps further for shops with multi-agent integrations.

The other thing the key buys is provenance. Every authenticated call lands in our mcp_calls index keyed by your tier, your key prefix, and a hashed IP. If something interesting happens — a Shai-Hulud verdict fires against a server you are evaluating, an enrich-ioc returns a critical finding on an indicator your SIEM just paged on — that signal is also visible to us. The corpus gets better. Your verdicts get faster. The feedback loop is the asymmetry.

What Slice Two Will Add

The depth-one dep-graph judgment that shipped today covers directly declared dependencies. The shai-hulud campaigns live mostly at depth two and three — the healthy direct dep silently pulls in the compromised transitive. Slice two parses package-lock.json and poetry.lock for the exact resolved transitive set and walks the full graph behind a deep flag on the tool call. The latency budget grows, the cache becomes load-bearing, the verdicts become unequivocal.

Slice three is a signed transparency log of every verdict — a public stream that turns dredd from a guard into a verifiable distribution surface.

Both are queued. Slice one is the ship that mattered today, because slice one is what closes the wedge between "your MCP server is fine" and "your MCP server depends on something that is not fine."

The Live Endpoints

Register at analytics.dugganusa.com/stix/register. Add analytics.dugganusa.com/api/v1/jeevesus/mcp and analytics.dugganusa.com/api/v1/dredd/mcp to your MCP client config. The same key works against both. The corpus is real. The verdicts are signed.

This is how we use them. This is how you use them.

How do AI models see YOUR brand?

AIPM has audited 250+ domains. 15 seconds. Free while still in beta.

Audit your site now → aipmsec.com