TunnelMind Data API

Returns NDJSON (one JSON object per line) of audit log entries. Each entry records the operation called, the identity, hashes of the request and response, duration, and an Ed25519 signature over the canonical entry JSON. Entries are hash-chained: each entry's prev_entry_hash is SHA-256 of the previous entry's signature, making deletion of any entry detectable offline.

Authenticated callers receive only their own entries (identity_sub match). Admin key holders receive all entries.

Use this tool when:

• You want a tamper-evident record of your own API calls.

• You are auditing a sequence of requests for compliance or debugging.

• You want to verify the audit chain integrity offline.

Do NOT use this tool when:

• You are anonymous — authentication is required.

• You want task status — use get_task instead.

Inputs:

• from (query, optional): ISO 8601 start datetime. Default: 7 days ago.

• to (query, optional): ISO 8601 end datetime. Default: now.

• limit (query, optional): Max entries. 1–5000, default 1000.

Returns:

• NDJSON stream, one AuditEntry per line.

• X-Total-Count response header with entry count.

• X-Took-Ms response header.

Verify the chain offline:

• For each consecutive pair (A, B): SHA-256(A.signature) == B.prev_entry_hash.

• For each entry: verify Ed25519 signature against public key in /.well-known/atap.json.

Cost:

• Counts as one request against the daily limit.

Latency:

• Typical: <300ms for 1000 entries, p99: <1s.

Marks the task as cancelled. If the task is already in a terminal state (complete, failed, expired), returns 409 Conflict. Only the identity that created the task may cancel it.

Use this tool when:

• You submitted a probe with ?async=true and no longer need the result.

• You want to free up a pending task before it expires.

Do NOT use this tool when:

• The task is already complete — cancellation is not possible.

Inputs:

• task_id (path, required): 26-char ULID.

Returns:

• task_id and status: cancelled.

Cost:

• Free.

Latency:

• Typical: <150ms.

A2 — the cross-lens join. TunnelMind owns both halves of the open-web graph: Scry sees who is on every IP (attacker intelligence, actor class, Augur threat-intel overlap); Sigil sees the supply graph (publishers, SSPs, DSPs, ads.txt + sellers.json + SupplyChain Object). This endpoint fuses them into one verdict on a single node key.

The response contains three blocks:

• scry — the single-lens Scry view (transparency).

• sigil — the single-lens Sigil view (transparency).

• cross_lens — the fused verdict (the moat).

Fusion math: weighted-mean over evaluated components plus a co_observation_bonus when both lenses independently flag the node. Weights and thresholds are per-request overridable.

Lens unavailability is reported in-band: each lens fails independently and the cross_lens block reflects degraded confidence when only one lens has data. Returns 503 only when BOTH lenses are unavailable.

v1 lens coverage matrix:

• IP node — Scry: full; Sigil: not_indexed (v2 will reverse-DNS).

• Domain node — Scry: deferred; Sigil: full (publisher/ssp/dsp + entity).

• entity_slug node — Scry: n/a; Sigil: full (entity + sell/buy presence).

• ASN node — Scry: deferred (v2); Sigil: not_indexed.

Resolves the domain to an IP address via DNS-over-HTTPS, geolocates the IP to a country and ASN, maps it to a jurisdiction class (EU/US/FIVE_EYES/CN/RU/SANCTIONED/UNKNOWN), and issues a signed jurisdiction certificate. The certificate is stored in the public registry and can be verified at /ghostroute/{cert_id}.

Use this tool when:

• You want to know which legal jurisdiction controls a domain's infrastructure.

• You need a verifiable, tamper-evident record of a domain's hosting jurisdiction.

• You are assessing GDPR, CLOUD Act, or OFAC transfer risk for a domain.

• You want to generate evidence for a privacy impact assessment.

Do NOT use this tool when:

• You want to look up an existing certificate — use get_ghostroute_cert instead.

• You want tracker category or score data — use get_domain instead.

• You want live HTTP header or security probe — use intel_http instead.

Inputs:

• domain (body, required): Fully qualified domain name (e.g. google.com). URLs are accepted and stripped to their host component.

Returns:

• certificate_id: Unique cert ID (e.g. gr-20260417-xxxx).

• certificate: Full certificate document including target IP, country, ASN, jurisdiction, verdict, risk level, and explanatory note.

• content_hash: SHA-256 of the canonical certificate JSON.

• signature: Base64 Ed25519 signature (empty string if signing key not configured).

• signed: Boolean — true if the certificate is cryptographically signed.

• verify_url: Path to retrieve this certificate from the public registry.

Jurisdiction classes:

• EU / GDPR_COMPLIANT — risk: low

• US / FIVE_EYES / FIVE_EYES_MEMBER — risk: medium

• CN / RU / AUTHORITARIAN — risk: high

• SANCTIONED — risk: critical

• UNKNOWN / INSUFFICIENT_DATA — risk: unknown

Cost:

• Counts as one request against the daily limit.

• Performs outbound DNS resolution and IP geolocation on each call (not cached).

Latency:

• Typical: 200–600ms (DNS + ASN lookup). p99: <2s.

Looks up each submitted domain in the TunnelMind tracker database, aggregates risk metrics (avg score, max score, fingerprinters, high-risk domains, entity ownership), and issues a signed surveillance receipt. The receipt is stored in the public registry and can be verified at /verify/{receipt_id}.

Use this tool when:

• You want a verifiable record of which trackers were observed in a context (page, app, session).

• You need a signed evidence artifact for a privacy audit or compliance report.

• You want to know the overall surveillance exposure level for a set of domains.

• You are generating a receipt to share with a user as evidence of tracker presence.

Do NOT use this tool when:

• You want full tracker details per domain — use get_domain instead.

• You want to look up an existing receipt — use get_receipt instead.

• You need live probes (HTTP headers, stack detection) — use /v1/intel/* instead.

Inputs:

• domains (body, required): Array of 1–50 fully qualified domain names. Duplicates are deduplicated. URLs are stripped to host component.

• domain (body, alternative): Single domain string (shorthand for domains: [domain]).

Returns:

• receipt_id: Unique receipt ID (e.g. rcpt_01JXYZ...).

• receipt: Full receipt document including domains submitted, tracker findings, high-risk domains, fingerprinters, unique entities, and exposure metrics.

• content_hash: SHA-256 of the canonical receipt JSON.

• signature: Base64 Ed25519 signature (empty string if signing key not configured).

• signed: Boolean — true if the receipt is cryptographically signed.

• verify_url: Path to retrieve this receipt from the public registry.

Exposure levels: minimal / moderate / high / critical Based on average tracker score and proportion of high-risk domains (score ≥ 70).

Cost:

• Counts as one request against the daily limit regardless of domain count.

Latency:

• Typical: <100ms (pure D1 lookup, no outbound probing). p99: <300ms.

Returns the tier, label, masked owner email, creation date, last-used timestamp, today's request count, and daily request limit for the API key used in this request. Useful for agents that need to monitor their own quota consumption.

Use this tool when:

• You want to check how many requests your key has used today.

• You need to know your current tier or daily limit.

• You want to confirm that your API key is active.

Do NOT use this tool when:

• You want to manage multiple keys — this endpoint only reflects the calling key.

• You need tracker data — use the tracker endpoints instead.

Inputs:

• No body or query parameters. Auth is from the Authorization: Bearer header.

Returns:

• tier: free, supporter, pro, or enterprise.

• requests_today: integer count from KV (best-effort; resets at UTC midnight).

• limit_per_day: null for enterprise (unlimited).

• last_used: ISO 8601 timestamp, may be null if never used.

Cost:

• Free. Does not count against the daily request limit.

Latency:

• Typical: <150ms, p99: <400ms.

Returns the complete surveillance intelligence record for a domain name. If the domain is in TunnelMind's tracker database (80,000+ entries), the response includes tracker category, risk score, fingerprinting data, cookie persistence, IAB TCF purposes, and the owning corporate entity. If the domain is not in the database, a live probe is automatically run: RDAP registration data, DNS records (MX, SPF, TXT verification tokens), HTTP headers, and CSP third-party actors are fetched fresh from the edge and returned.

Use this tool when:

• You need to know whether a specific domain tracks users, and how aggressively.

• You are researching who owns a domain and what corporate entity controls it.

• You want to check HTTP security headers and third-party services embedded in a site.

• You are building a risk score for a domain before routing traffic through it.

Do NOT use this tool when:

• You want to search by keyword or category — use search instead.

• You want all domains for an entity — use get_entity instead.

• You want jurisdiction routing data — use get_ghostroute_cert instead.

Inputs:

• domain (path, required): Domain name. Strip www. prefix — it is removed automatically. Subdomains are resolved to the parent: ads.doubleclick.net → doubleclick.net. Examples: doubleclick.net, google-analytics.com, intercom.io.

Returns:

• Full DomainRecord. Free tier returns the domain, category, score, prevalence, and entity name. Pro/enterprise additionally return tcf_vendor_id, tcf_purposes, tcf_features, and disconnect_cats.

• If the domain is not in the tracker database, live_lookup: true is set and RDAP/DNS/HTTP probe results are returned instead of tracker fields.

• 404 if the domain cannot be found via live probe either (unknown TLD, unreachable).

Cost:

• Free tier: included in 50 req/day limit. Pro/enterprise: included in plan.

Latency:

• Database hit: typical <100ms, p99 <300ms.

• Live probe: typical 2-5s, p99 10s (external DNS/HTTP calls).

Returns an entity record for a surveillance company or data broker, including its industry, estimated annual data value per user (in USD), categories of personal data collected, and the full list of domains it controls. Free tier returns 5 domains, paid returns up to 200.

Use this tool when:

• You want to understand what corporate entity owns or controls a tracker domain.

• You need to assess the total surveillance footprint of a company (e.g., Alphabet, Meta, Oracle).

• You are building a corporate surveillance graph and need domain-to-entity mapping.

Do NOT use this tool when:

• You have a domain and need its category — use get_domain instead.

• You want to browse entities by industry — use list_entities instead.

• You are searching for an entity by name — use search instead.

Inputs:

• slug (path, required): URL-safe entity identifier (lowercase, hyphens). Examples: alphabet, meta, oracle-data-cloud, the-trade-desk.

Returns:

• Full EntityRecord with data categories, estimated data cost, and associated domains.

• domains: array of top-scoring domains (5 for free tier, 200 for paid).

• Pro/enterprise additionally return website and description fields.

Cost:

• Free tier: included in 50 req/day limit. Pro/enterprise: included in plan.

Latency:

• Typical: <150ms, p99: <400ms.

Returns the proof-of-existence record for a TunnelMind GhostRoute jurisdiction certificate. A GhostRoute certificate is a signed document proving that a user's network traffic was observed routing through specific legal jurisdictions during a defined time window. The full certificate stays on the issuing node; only the metadata, content hash, and signature are stored in this public registry.

Use this tool when:

• You have a GhostRoute certificate ID and want to confirm it was genuinely issued by TunnelMind.

• You want the GDPR verdict, issuance time, and signing key for a certificate.

• You are verifying a certificate's existence before attempting content verification.

Do NOT use this tool when:

• You have the full certificate and want to verify its integrity — use verify_ghostroute_cert instead.

• You want surveillance receipt verification — use get_receipt instead.

Inputs:

• cert_id (path, required): GhostRoute certificate ID in format gr-YYYYMMDD-xxxxxxxxxxxx (e.g., gr-20260417-a1b2c3d4e5f6). Lowercase hex only.

Returns:

• status: FOUND if the certificate is in the registry.

• verdict: the GDPR verdict (e.g., GDPR_VIOLATION_PROBABLE).

• generated_at: ISO 8601 timestamp.

• content_hash: SHA-256 hash of the full certificate — compare against your copy.

• message: instructions for content verification.

• 400 if the cert_id format is invalid.

• 404 if the certificate is not in the registry.

Cost:

• Free. No API key required.

Latency:

• Typical: <100ms, p99: <300ms.

Returns metadata for a TunnelMind surveillance receipt — a signed document proving that a specific user's surveillance exposure was observed, measured, and recorded at a specific time. Does NOT return the receipt's signature (anti-phishing protection). To verify a receipt's content integrity, use verify_receipt with the hash and signature from the receipt document itself.

Use this tool when:

• You have a receipt ID and want to confirm it was genuinely issued by TunnelMind.

• You need the issuance timestamp and signing key ID for a receipt.

• You want to check whether a receipt exists before attempting content verification.

Do NOT use this tool when:

• You have the full receipt document and want to verify it hasn't been tampered with — use verify_receipt instead.

• You need jurisdiction certificate data — use get_ghostroute_cert instead.

Inputs:

• receipt_id (path, required): The receipt ID from the receipt document. Alphanumeric with hyphens, max 128 characters.

Returns:

• status: FOUND if the receipt is in the registry.

• generated_at: ISO 8601 timestamp of receipt issuance.

• signing_key_id: identifier of the Ed25519 key used to sign.

• schema_version: receipt schema version.

• message: human-readable summary with instructions for content verification.

• 404 if the receipt ID is not in the registry.

Cost:

• Free. No API key required.

Latency:

• Typical: <100ms, p99: <300ms.

Returns the current status of a task created by an ?async=true intel request. Poll this endpoint until status is one of: complete, failed, cancelled, expired. On complete, the result field contains the same payload the sync endpoint would have returned. On failed, error.message explains the failure.

Use this tool when:

• You submitted an intel probe with ?async=true and need to retrieve the result.

• You want to check whether a background task finished without opening an SSE stream.

Do NOT use this tool when:

• You want real-time event streaming — use stream_task instead.

• You have no task_id — submit a probe with ?async=true first.

Inputs:

• task_id (path, required): 26-char ULID returned in the 202 response.

Returns:

• status: pending | running | complete | failed | cancelled | expired.

• result: populated when status is complete. Null otherwise.

• error: populated when status is failed. Null otherwise.

• expires_at: tasks expire 1 hour after creation.

Cost:

• Free. Does not count against rate limits.

Latency:

• Typical: <100ms.

Returns a minimal status object confirming the API is alive. Use this to verify connectivity before chaining other calls, or as a liveness check in a workflow.

Use this tool when:

• You need to verify the API is reachable before starting a multi-step investigation.

• A prior call failed with a 503 or 504 and you want to confirm the service recovered.

• You are debugging connectivity from a new environment.

Do NOT use this tool when:

• You want actual tracker data — use get_domain or search instead.

• You want to check a specific domain — this returns nothing domain-specific.

Inputs:

• None.

Returns:

• ok: always true if the API is up.

• ts: ISO 8601 timestamp of the server's current time.

Cost:

• Free. No API key required. Not rate-limited.

Latency:

• Typical: <50ms, p99: <200ms.

Probes a domain for known AI agent integration signals: llms.txt, ai.txt, /.well-known/ai-plugin.json, openapi.json, swagger.json, MCP manifest, MCP SSE endpoint. Returns a score based on the count of signals detected. Use this to assess whether a domain is ready for agent-to-agent interaction.

Use this tool when:

• You want to know whether a domain exposes an MCP server or OpenAPI spec for agents.

• You are cataloguing the AI-agent-ready surface of a set of domains.

• You need to decide whether to attempt programmatic API access to a domain.

Do NOT use this tool when:

• You need tracker/surveillance data about the domain — use get_domain instead.

• You need the robots.txt AI crawler policy — use intel_robots instead.

• You need HTTP security posture — use intel_http instead.

Inputs:

• domain (query, required): Domain to probe.

Returns:

• Boolean flags per signal (llms_txt, ai_plugin, openapi, mcp_manifest, mcp_endpoint, mcp_sse).

• agent_surface_score: integer 0-8, count of signals detected.

Cost:

• Free. No API key required.

Latency:

• Typical: 2-5s (parallel probes), p99: 8s.

Makes a live HEAD request to the target domain from the Cloudflare edge, follows up to 5 redirects, and returns the full redirect chain, final HTTP status, key response headers, a security header score, and any third-party surveillance actors referenced in the Content-Security-Policy header.

Use this tool when:

• You want to verify whether a site enforces HTTPS and HSTS.

• You need to inspect what third-party scripts a site loads via its CSP header.

• You are assessing a domain's security posture before trusting it.

• You want to detect surveillance actors embedded in a site's CSP.

Do NOT use this tool when:

• You need tracker database data (category, score, entity) — use get_domain instead.

• You need the technology stack (CMS, framework) — use intel_stack instead.

• You need robots.txt AI crawler policy — use intel_robots instead.

Inputs:

• domain (query, required): Domain to probe. Can include or omit https://. Examples: nytimes.com, https://example.com.

Returns:

• reachable: false if the domain did not respond within 6 seconds.

• redirect_chain: each hop with URL, status code, and Location header.

• security_headers.score: 0-100 based on presence of HSTS, CSP, X-Content-Type, X-Frame-Options, Referrer-Policy.

• security_headers.missing: list of headers absent.

• csp_actors: known surveillance actors detected in the CSP header.

• error: set if the connection failed.

Cost:

• Free. No API key required.

Latency:

• Typical: 1-3s (outbound fetch), p99: 6s (timeout). Plan for async if chaining calls.

Fetches a domain's homepage and checks for content patterns that could constitute prompt injection attacks against AI agents that visit and ingest the page. Signals include hidden text, invisible divs, <!-- AI: ignore --> style comments, and known injection patterns.

Use this tool when:

• You are vetting a domain before feeding its content into an LLM context.

• You want to assess the prompt injection risk of a URL before browsing it with an agent.

• You are auditing a set of domains for adversarial AI content.

Do NOT use this tool when:

• You want tracker surveillance data — use get_domain instead.

• You want AI training opt-out signals — use intel_optout instead.

• You want the agent surface (MCP/OpenAPI) — use intel_agent instead.

Inputs:

• domain (query, required): Domain to scan.

Returns:

• injection_signals: list of signal types detected (e.g., hidden_text, ai_instruction_comment, invisible_div).

• risk_level: none, low, medium, or high based on signal count and type.

Cost:

• Free. No API key required.

Latency:

• Typical: 2-4s (HTML fetch), p99: 7s.

Checks a domain for all known AI training data opt-out mechanisms beyond robots.txt: TDM (Text and Data Mining) reservation headers, <meta name="ai"> tags, Creative Commons NonCommercial licenses, and other machine-readable opt-out signals.

Use this tool when:

• You need to determine whether a domain has opted out of AI training data collection.

• You are checking compliance before using a domain's content in a training dataset.

• You want a comprehensive opt-out status (robots.txt + TDM + meta tags combined).

Do NOT use this tool when:

• You only need robots.txt crawler policy — use intel_robots instead (faster).

• You need tracker data — use get_domain instead.

• You want injection risk assessment — use intel_inject instead.

Inputs:

• domain (query, required): Domain to probe.

Returns:

• tdm_reservation: true if the domain sends a TDM-Reservation: 1 header.

• noai_meta: true if the HTML contains <meta name="robots" content="noai">.

• license_detected: string if a CC NonCommercial or similar license is detected, otherwise null.

• opted_out: true if any opt-out signal is present.

Cost:

• Free. No API key required.

Latency:

• Typical: 2-4s, p99: 7s.

Retrieves the target domain's robots.txt file and parses it for AI crawler disallow rules. Specifically detects policies for known AI crawlers (GPTBot, ClaudeBot, CCBot, Bytespider, etc.) and returns a structured summary of the crawling policy.

Use this tool when:

• You need to know whether a domain has opted out of AI training data collection.

• You want to check if a specific AI crawler is blocked before citing the domain.

• You are building a dataset of AI-accessible vs AI-blocked domains.

Do NOT use this tool when:

• You want training opt-out signals beyond robots.txt (TDM reservation, noai meta) — use intel_optout instead.

• You want the full technology stack — use intel_stack instead.

• You need tracker database data — use get_domain instead.

Inputs:

• domain (query, required): Domain to probe.

Returns:

• robots_txt_found: false if the domain returned 404 or the file is empty.

• ai_crawlers_blocked: list of AI crawler user-agent names that are disallowed.

• all_blocked: true if User-agent: * with Disallow: / is present.

• raw: first 4096 characters of the robots.txt file.

Cost:

• Free. No API key required.

Latency:

• Typical: 1-2s, p99: 6s.

Fetches up to 32KB of the domain's HTML and response headers from the edge, then fingerprints the content for known CMS platforms, JavaScript frameworks, CDN providers, and analytics tools. Detection is based on meta generator tags, script src patterns, response headers, and cookie names.

Use this tool when:

• You need to know what CMS (WordPress, Drupal, Shopify) a site runs.

• You are assessing a domain's infrastructure before a security review.

• You want to identify analytics or marketing tools a site embeds.

Do NOT use this tool when:

• You want HTTP headers and security posture — use intel_http instead.

• You want tracker database classification — use get_domain instead.

• You need robots.txt AI policy — use intel_robots instead.

Inputs:

• domain (query, required): Domain to fingerprint.

Returns:

• cms: detected content management system, or null.

• frameworks: JavaScript/backend frameworks detected.

• cdn: CDN provider detected, or null.

• analytics: analytics and tracking tools detected.

• meta_generators: raw meta generator tag values.

Cost:

• Free. No API key required.

Latency:

• Typical: 2-4s (HTML fetch), p99: 7s.

Returns a paginated list of domains from the tracker database. Results are ordered alphabetically by domain name and support cursor-based pagination for full traversal. Filtering by category and minimum score allows targeted data extraction.

Use this tool when:

• You want to enumerate all known ad-tech or analytics domains above a risk threshold.

• You need a dataset of tracker domains for offline analysis.

• You are paginating through a category to build a block list.

Do NOT use this tool when:

• You need data for a specific domain — use get_domain instead.

• You are searching by keyword — use search instead.

• You want domains belonging to a specific company — use get_entity instead.

Inputs:

• category (query, optional): Filter by surveillance category. One of: ad_tech, analytics, social, fingerprinting, content, cdn, other.

• min_score (query, optional): Integer 0-100. Exclude domains scoring below this value.

• limit (query, optional): Number of results per page. Max 100 (paid), 20 (free). Default 50.

• cursor (query, optional): Pagination cursor from the previous response's next_cursor field.

Returns:

• Array of domain list items (domain, category, score, prevalence, entity summary).

• meta.has_more: true if more pages exist.

• meta.next_cursor: pass as cursor to get the next page.

• meta.count: number of results in this page.

Cost:

• Free tier: up to 20 results/page, 50 req/day. Pro/enterprise: up to 100 results/page.

Latency:

• Typical: <200ms, p99: <500ms.

Returns a paginated list of corporate entities in the TunnelMind surveillance database. Includes data categories, estimated data value, and industry classification. Useful for enumerating the surveillance ecosystem by sector.

Use this tool when:

• You want to enumerate all entities in a specific industry (e.g., all ad-tech companies).

• You need a dataset of surveillance entities for analysis or reporting.

• You are building a comprehensive surveillance landscape map.

Do NOT use this tool when:

• You need the full profile of a specific entity — use get_entity instead.

• You are searching by entity name — use search instead.

• You need domain-level data — use list_domains instead.

Inputs:

• industry (query, optional): Filter by industry classification. Examples: ad_tech, analytics, data_broker, social, crm.

• limit (query, optional): Results per page. Max 100 (paid), 20 (free). Default 50.

• cursor (query, optional): Pagination cursor from previous response's next_cursor.

Returns:

• Array of entity list items (slug, name, parent_company, industry, data_categories, data_cost_usd).

• meta.has_more and meta.next_cursor for pagination.

Cost:

• Free tier: up to 20 results/page, 50 req/day. Pro/enterprise: up to 100 results/page.

Latency:

• Typical: <150ms, p99: <400ms.

Permanently deactivates the API key used to make this request. This action is irreversible. After revocation, the key will return 401 on all subsequent calls. If you have an active Stripe subscription, you must separately cancel it at stripe.com — revoking the key does not cancel billing.

Use this tool when:

• You want to rotate your API key (revoke old, then provision a new one).

• You believe your key has been compromised.

Do NOT use this tool when:

• You want to check quota — use get_api_key instead.

• You intend to keep using the API — this is permanent.

Inputs:

• No body or query parameters. Auth is from the Authorization: Bearer header.

Returns:

• revoked: true.

• note: reminder about Stripe subscription cancellation.

Cost:

• Free. Does not count against the daily request limit.

Latency:

• Typical: <150ms, p99: <400ms.

Searches both the domains table and the entities table simultaneously. Returns matching domains (by domain name) and entities (by name or slug) in a single response. Minimum 2 characters, maximum 100 characters.

Use this tool when:

• You have a partial name and need to identify what tracker or entity it belongs to.

• You want to find all TunnelMind records related to a company name like "Google" or "Oracle".

• You are resolving an ambiguous domain (e.g., does criteo.com appear in the tracker DB?).

Do NOT use this tool when:

• You know the exact domain — use get_domain instead (faster, more complete).

• You know the exact entity slug — use get_entity instead.

• You want to browse by category or industry — use list_domains or list_entities.

Inputs:

• q (query, required): Search string, 2-100 characters. Matched against domain names and entity names/slugs.

Returns:

• domains: array of matching domain records (list item format).

• entities: array of matching entity records (list item format).

• Both arrays may be empty if no matches found. No pagination — results are capped at 20 per type.

Cost:

• Free tier: included in 50 req/day. Pro/enterprise: included in plan.

Latency:

• Typical: <200ms, p99: <500ms.

Returns a publisher's ads.txt change log — one entry per crawl in which its authorized-seller set changed. A publisher quietly adding a reseller line is a real fraud signal; this is how a buyer audits supply over time.

Inputs:

• domain (path, required): publisher domain.

• since (query, optional): ISO date / date-time lower bound on observed_at.

• limit (query, optional): max entries — default 50, max 200.

Returns changes[], newest first — each with observed_at, added_count, removed_count, additions, removals, directive_changes.

Returns an AIT's status, chain head hash, event count, pending-event count, per-tier event counts, and the anchored-bid coverage ratio.

Registers an ATAP v0.1 AIT for a media-buying agent under the sigil:media_buyer:v1 profile. Sigil validates the capability set and constraints against the published profile, signs the AIT as the witness (OAI-2026-0000201), stores it, and returns the signed token.

Sigil is the ATAP witness — there is no kernel observer. See https://github.com/TunnelMind/atap-profiles.

Rolls every not-yet-blocked Witness Event for an AIT into one signed ATAP Attestation Block with a profile period_summary, chained onto the prior block.

Ingests one agent-reported event (bid:submitted, bid:won, bid:lost, budget:decremented) into an AIT's hash-chained attestation log. Sigil validates the payload (rejecting any PII per ATAP §7.6), classifies the evidence tier — anchored if a bid:submitted cites a valid Sigil token issued for this AIT and matching the bid's supply path, otherwise asserted — derives any constraint:violated events, then chains and signs each event.

supply:verified / supply:rejected are witness-emitted by sigil_verify_supply_path, never accepted here — that is what makes the witnessed tier non-bypassable.

Assembles the ATAP v0.1 §7.5 Receipt ZIP for an AIT — the signed Receipt (manifest.json), the AIT, the Attestation Block chain, the witness public key, a tier-graded summary.json, the bundled verify.sh reference verifier, and the witness events + sigil_tokens as profile artifacts. Any pending events are rolled into a final block first.

The ZIP verifies offline — unpack it and run verify.sh; keys are at https://tunnelmind.ai/atap/keys. The summary grades every event as witnessed, anchored, or asserted and reports the anchored-bid coverage ratio.

Scores up to 200 entities in one round-trip — built for agents evaluating many supply sources during campaign setup. Per-item parse failures are returned inline; the batch never fails as a whole.

An optional weights object re-weights every entity in the call.

Returns the pre-computed 0.0–1.0 trust score for one entity, its component breakdown, and the 14-day trend. Scores are refreshed daily by a database job — this endpoint never recomputes from raw data, so it is fast and deterministic.

entity_id is {entity_type}:{key} — e.g. publisher:nytimes.com or ssp:pubmatic.com. Entity types: publisher, ssp, dsp, app_bundle (publishers and SSPs are scored today).

v1 evaluates structural components only (ads_txt_health, supply_chain_directness, historical_stability for publishers; supply_reach, directness for SSPs). The not_evaluated list names spec components without an enrichment path yet.

Optional weights query param (URL-encoded JSON) re-weights the stored components for this call.

Returns the active, versioned default weights used to combine an entity's trust-score components, plus the list of spec components that are not yet evaluated. Pass a custom weights object to sigil_score_batch to re-weight without changing the defaults.

Reports whether a domain publishes ads.cert (IAB Tech Lab Authenticated Connections) DNS records — a readiness signal showing the domain supports cryptographically authenticated ad-tech connections. This is not signature verification: ads.cert is pairwise, so verifying a signed bid request requires Sigil to be a delegated participant (a future build). DNS-only and stateless.

Inputs:

• domain (query, required): Domain to check.

Returns:

• adscert_ready: true | false | null (DNS lookup failed).

• adscert_records: TXT values at _adscert.{domain}.

• delegation_records: TXT values at _delegated._adscert.{domain}.

Confirms whether an SSP/exchange is authorized to sell a publisher's inventory according to that publisher's ads.txt. This is a cache lookup against ads.txt files crawled daily across the top 10,000 publisher domains — it does NOT fetch the publisher's ads.txt live, so it is fast and adds no latency to a real-time bidding decision.

Use this tool when:

• You are an ad-buying agent and want to confirm, pre-bid, that a supply path (publisher → exchange → seller_id) is legitimate.

• You are detecting domain spoofing or unauthorized resale in a bid stream.

• You want to check whether a seller is listed DIRECT or RESELLER.

Do NOT use this tool when:

• You want a full supply-path trust score — that endpoint is Sigil P31.

• You want surveillance tracker data for the domain — use get_domain.

Inputs:

• publisher_domain (body, required): Publisher domain, e.g. nytimes.com. A www. prefix and scheme/path are stripped automatically.

• exchange_domain (body, required): The exchange/SSP domain as it appears in ads.txt, e.g. google.com, amazon-adsystem.com.

• seller_id (body, required): The publisher's seller/account ID at that exchange, e.g. pub-4177862836555934. Matched exactly.

• seller_type (body, optional): DIRECT or RESELLER. When supplied it is checked against the ads.txt entry; a mismatch is reported as a warning.

• resolve_chain (body, optional): When true, a matched RESELLER entry is cross-checked against the exchange's sellers.json (one authoritative hop).

Returns:

• verified: true (entry found), false (confidently not listed), or null (ads.txt could not be retrieved — indeterminate).

• confidence: high | degraded | low | unknown.

• seller_entry: the matched ads.txt line (line number, raw text, parsed fields) when verified is true; otherwise null.

• ads_txt_parse_status, ads_txt_last_parsed, stale: provenance of the cached crawl this answer is derived from.

• reseller_chain: empty unless resolve_chain: true and the matched entry is RESELLER — then it carries the sellers.json cross-check for the seller.

• warnings: actionable flags, e.g. publisher_not_in_corpus, publisher_has_no_ads_txt, seller_type_mismatch, ads_txt_cache_stale.

Cost:

• Counts as one request against the daily rate limit.

Latency:

• Typical: <50ms (single cache lookup, no outbound fetch). p99: <120ms.

Runs up to 100 ads.txt verifications in a single call — the endpoint an ad-buying agent uses for pre-bid checks across a whole campaign's supply. Each item is the same shape as sigil_verify_ads_txt. Per-item validation failures are reported inline; the batch never fails as a whole. Publisher records are fetched once per unique domain.

Use this tool when:

• You are evaluating many supply paths at once (campaign setup, SPO sweep).

• You want one round-trip instead of N calls to sigil_verify_ads_txt.

Inputs:

• items (body, required): Array of 1–100 verification requests, each { publisher_domain, exchange_domain, seller_id, seller_type? }.

• resolve_chain (body, optional): Applies to every item — when true, a matched RESELLER entry is cross-checked against the exchange's sellers.json.

Returns:

• count: number of result entries (matches items length, in order).

• verified_count: how many resolved to verified: true.

• results: array aligned to items. Each entry is either a verification result with ok: true and input_index, or { ok: false, input_index, error, message } for an invalid item.

Cost:

• Counts as one request against the daily rate limit.

Latency:

• Typical: <150ms. With resolve_chain: true, add one sellers.json fetch per unique exchange (edge-cached 12h after the first fetch).

Verifies that a mobile or CTV app bundle ID actually exists in the relevant app store — used to detect bundle spoofing in bid requests.

Platform support (v1):

• ios: verified live via Apple's iTunes Lookup API.

• android: verified live via the Google Play store listing page.

• ctv_* / web: no public store API — returns verified=null.

Inputs:

• bundle_id (body, required): e.g. com.nytimes.NYTimes.

• platform (body, required): ios | android | ctv_roku | ctv_fire | ctv_samsung | ctv_lg | ctv_vizio | web.

• claimed_developer (body, optional): checked against the store listing.

Returns:

• verified: true | false | null (not checkable on this platform).

• store_listing: name, developer, developer_match, store_url.

Confirms a publisher controls a domain by checking for a DNS TXT record the owner publishes under _tunnelmind.{domain}. A DNS record can only be set by whoever controls the zone, so its presence proves control — a stronger signal than ads.txt, which is just a file anything in the request path can serve.

Use this tool when:

• You want proof a publisher actually owns the domain it claims.

• You are distinguishing publishers who have opted into Sigil verification.

Inputs:

• domain (query, required): Publisher domain. www. and scheme stripped.

Returns:

• verified: true (record found), false (absent), or null (DNS lookup failed).

• expected: the exact TXT record the owner must publish to verify.

• found_records: TXT values currently present at _tunnelmind.{domain}.

• checked_at: ISO 8601 timestamp of the live DNS lookup.

Cost:

• Counts as one request against the daily rate limit.

Latency:

• Typical: <300ms (one DNS-over-HTTPS lookup).

Classifies an IPv4 address by network type — the high-value ad-fraud signal being datacenter traffic posing as residential or living-room (CTV) devices. IP→ASN resolution uses Team Cymru's public service; the ASN is then classified by its registered organization name.

PRIVACY: the IP is used for lookup only — never logged, never stored.

Inputs:

• ip (query, required): IPv4 address. IPv6 is not yet supported.

Returns:

• ip_type: datacenter | residential | mobile | unknown.

• confidence: high | medium | low.

• asn, asn_name: the resolved autonomous system.

• scry_signals: reserved for Scry corpus cross-reference (empty in v1).

Latency:

• Typical: 100-250ms (two live DNS lookups).

The bid-time contract. Pass the SupplyChain object from an OpenRTB bid request (source.ext.schain) verbatim, plus the originating site domain or app bundle. Sigil verifies, per node and in aggregate:

• origin ads.txt — the publisher's ads.txt authorizes node[0] (asi + sid).

• per node — the node's asi sellers.json declares the node's sid.

• owner-domain — node[0]'s sellers.json seller domain matches the publisher's ads.txt OWNERDOMAIN / MANAGERDOMAIN (spec §3.5.1).

• schain.complete — an incomplete chain caps the verdict at warn.

OpenRTB field mapping: site.domain → site_domain; app.bundle → app_bundle; source.ext.schain → schain. An app_bundle origin's ads.txt check is not_evaluated pending app-ads.txt resolution.

Returns a per-node result array, an aggregate verdict (pass/warn/fail/unknown), recommendations, and a signed sigil_token.

The core Sigil pre-bid call. Submit a supply path; Sigil composes its individual checks into one trust verdict and returns a signed sigil_token the agent can attach to its bid as proof of verification.

Checks composed:

• ads_txt — exchange authorized in the publisher's ads.txt.

• datacenter_ip — is the IP a datacenter posing as a real user.

• fraud_signals — is the IP in Scry's attacker-intelligence corpus.

• bundle_verified — does the app bundle exist in its store.

• domain_authenticity / entity_reputation — reserved, not evaluated in v1.

Each evaluated check yields pass/warn/fail; trust_score is their weighted mean (override weights per request); verdict is pass/warn/fail/unknown (override thresholds).

PRIVACY: ip_address is used for lookup only — never logged, never stored, never placed in the sigil_token. geo is accepted but unused.

Returns: trust_score (0-1 or null), verdict, checks, recommendations, sigil_token (signed, 5-minute lifetime).

Verifies the authenticity and expiry of a sigil_token returned by sigil_verify_supply_path. Anyone can call this — no key needed; Sigil verifies the Ed25519 signature server-side. Tokens live 5 minutes.

Returns valid (boolean), reason (when invalid: malformed / expired / bad_signature / unsigned), and the decoded payload.

Opens a persistent SSE connection that emits events as the task progresses. The stream closes automatically when the task reaches a terminal state or after ~90 seconds (timeout). Heartbeat comments are sent every ~15 seconds to keep the connection alive through proxies.

Event types:

• status — emitted when status changes (pending → running → complete/failed)

• result — emitted on complete with the full result payload

• error — emitted on failed, cancelled, or expired with error info

• SSE comment (: heartbeat) — keepalive, no data

Use this tool when:

• You want real-time progress without polling.

• You are in an environment that supports SSE (EventSource API).

Do NOT use this tool when:

• You want a simple one-shot status check — use get_task instead.

• Your HTTP client doesn't support streaming responses.

Inputs:

• task_id (path, required): 26-char ULID.

Returns:

• SSE stream (text/event-stream). Each event is event: <type>\\ndata: <json>\\n\\n.

Cost:

• Free. Counts as one request against rate limits when the stream opens.

Latency:

• First event: <200ms. Stream duration: up to 90s.

Tamper-detection verification for GhostRoute jurisdiction certificates. Submit the certificate ID, the SHA-256 content hash, and the Ed25519 signature from the certificate document. The registry compares these against what was recorded at issuance time. Returns VALID if both match exactly.

Use this tool when:

• You received a GhostRoute certificate and want to verify it hasn't been altered.

• You need to confirm a certificate's verdict is authentic and unmodified.

• You are programmatically attesting to a certificate's validity in an agent workflow.

Do NOT use this tool when:

• You only want to confirm existence — use get_ghostroute_cert instead.

• You want receipt verification — use verify_receipt instead.

Inputs:

• certificate_id (body, required): ID from the certificate document. Max 128 chars.

• content_hash (body, required): SHA-256 hex hash of the certificate JSON. Max 256 chars.

• signature (body, required): Ed25519 signature from the certificate. Max 512 chars.

Returns:

• valid: true only if both hash and signature match.

• status: VALID or INVALID.

• verdict: the GDPR verdict string from the certificate.

• message: on INVALID, specifies whether hash or signature mismatched.

Cost:

• Free. No API key required.

Latency:

• Typical: <100ms, p99: <300ms.

Tamper-detection verification for TunnelMind surveillance receipts. Submit the receipt ID, the SHA-256 content hash, and the Ed25519 signature from the receipt document. The registry compares these against what was recorded at issuance time. Returns VALID if both match exactly, INVALID with a specific mismatch reason otherwise.

Use this tool when:

• You received a surveillance receipt document and want to verify it hasn't been altered.

• You are programmatically checking receipt authenticity in an agent workflow.

• You want to prove to a third party that a receipt is genuine.

Do NOT use this tool when:

• You only want to check existence — use get_receipt instead (no body required).

• You want jurisdiction certificate verification — use verify_ghostroute_cert instead.

Inputs:

• receipt_id (body, required): The receipt's ID field from the document.

• content_hash (body, required): SHA-256 hex hash of the receipt JSON. Max 256 chars.

• signature (body, required): Ed25519 signature from the receipt document. Max 512 chars.

Returns:

• valid: boolean. True only if both hash and signature match exactly.

• status: VALID or INVALID.

• message: human-readable explanation. On INVALID, specifies whether the hash mismatched, the signature mismatched, or both.

Cost:

• Free. No API key required.

Latency:

• Typical: <100ms, p99: <300ms.