compare_baseline
Check a domain's security configuration against a defined policy baseline to determine compliance. Specify required grade, score, or features like SPF, DKIM, DNSSEC.
Instructions
Compare a domain's current security configuration against a fixed policy baseline to determine compliance. Use to check whether a domain meets a policy requirement — not for tracking improvement/regression over time (use analyze_drift) and not for comparing multiple domains (use compare_domains).
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| domain | Yes | Domain to scan and compare. | |
| format | No | Output verbosity. Auto-detected if omitted. | |
| baseline | Yes | Policy/requirements baseline OBJECT for compliance enforcement — "does this domain meet these required controls?" (grade/score floors, require_* flags, max_*_findings). NOT a prior scan. For drift-over-time vs a previous ScanScore (or the literal "cached"), use analyze_drift instead. | |
| force_refresh | No | Bypass cache and run a fresh check. Useful after DNS changes. |