Skip to content

Security

Direktor is a local, single-user editor tool. Its security model is built around that fact, and it deliberately does not ask you to copy a token or log in for local use.

The MCP server binds to 127.0.0.1 (loopback) only. It is not reachable from another machine on your network by default. Connecting is as simple as pasting a URL because nothing off your box can reach it.

Direktor validates the Origin header on incoming requests and rejects cross-origin browser requests. This blocks DNS-rebinding attacks, where a malicious web page tries to drive your editor through the loopback port. This is a safety check, not authentication — there is no account or credential involved.

The run_python tool executes arbitrary Python inside your editor’s process. Because that is as powerful as anything you could script yourself, it is disabled by default. You opt in explicitly under Project Settings → Plugins → Direktor → Enable Python Tools. See Python & Console Tools for details.

Console commands are enabled by default, but Unreal itself blocks the destructive ones in the editor context.

  • Keep your project under version control. The AI’s edits are mostly undoable, but asset creation, saves, and Python side effects are not transactional.
  • Only enable Python tools when you need them, and treat a session with Python enabled like running a script you didn’t fully read.