io.github.crunchtools/airlock
OfficialServer Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| GEMINI_API_KEY | Yes | Required for Layer 3 (Q-Agent) and description compression | |
| TRENTINA_PROFILES_PATH | No | Path to profiles YAML file | |
| TRENTINA_GATEWAY_ENABLED | No | Enable gateway mode | |
| TRENTINA_PROFILE_MYAGENT_TOKEN | No | Bearer token for a specific profile (replace MYAGENT with the profile name) |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": true
} |
| logging | {} |
| prompts | {
"listChanged": false
} |
| resources | {
"subscribe": false,
"listChanged": false
} |
| extensions | {
"io.modelcontextprotocol/ui": {}
} |
| experimental | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| safe_fetch_toolA | Fetch URL with Layer 1 sanitization. Fails if injection detected. Trusted domains: Layer 1 only (no Q-Agent cost). Untrusted domains: Layer 1 + Q-Agent detection scan. Fails and blocks if detected. |
| quarantine_fetch_toolA | Fetch URL with full quarantine: Layer 1 sanitization + Layer 2 Q-Agent extraction. Use this for untrusted content where you need structured extraction despite the risk. IMPORTANT: If |
| safe_read_toolA | Read local file with Layer 1 sanitization. Fails if injection detected. Text files only (markdown, source code, config). Binary files rejected. |
| quarantine_read_toolA | Read local file with full quarantine: Layer 1 + Layer 2 Q-Agent extraction. Text files only. IMPORTANT: If |
| quarantine_scan_toolA | Pre-flight security scan: detect injection vectors WITHOUT returning content. Provide either url or path (not both). Returns threat assessment with risk level, vector counts, and Q-Agent observations. Always runs full detection regardless of trust level. |
| deep_quarantine_scan_toolA | Deep security scan: Q-Agent analyzes raw unsanitized content. Layer 1 runs for stats reporting, but the Q-Agent receives the original content for full semantic analysis. Use this for diagnostic deep-dives on suspicious content. Higher risk of Q-Agent compromise but better detection. IMPORTANT: The Q-Agent sees raw content in this mode. Cross-reference results with quarantine_scan for a complete assessment. |
| safe_content_toolA | Sanitize inline content with all three layers. Fails if injection detected. Always untrusted — runs L1 + L2 + L3 detection on every call. Uses SHA-256 content hash for blocklist. |
| quarantine_content_toolA | Sanitize inline content + Q-Agent extraction. Warns but proceeds on injection. IMPORTANT: If |
| scan_content_toolA | Three-layer security scan on inline content. Returns threat assessment only. L1 sanitizes the content. L2 and L3 analyze the sanitized output. No content is returned — only risk level, vector counts, and observations. |
| deep_scan_content_toolA | Deep security scan on inline content. L2/L3 analyze raw unsanitized content. L1 runs for stats reporting, but L2 classifier and L3 Q-Agent receive the original content for full semantic analysis. Higher risk of Q-Agent compromise but better detection. IMPORTANT: Cross-reference results with scan_content for a complete assessment. |
| safe_search_toolA | Search the web safely. Returns sanitized text + source URLs. Pipeline: L0 (Gemini grounding) → resolve redirects → L1 → L2. Fails if L1 or L2 detects injection in L0's output. Returns synthesized prose answer + list of source URLs that can be followed up with quarantine_fetch for full content. |
| quarantine_search_toolA | Search the web with full quarantine pipeline. Pipeline: L0 (Gemini grounding) → resolve → L1 → L2 → L3 (clean Q-Agent). The clean Q-Agent structures sanitized results with structured JSON output. Returns synthesized prose, source URLs, AND structured extraction with per-source summaries and relevance scores. IMPORTANT: If |
| quarantine_stats_toolB | Get trentina configuration, Q-Agent status, and blocklist summary. |
| cache_flush_toolA | Flush gateway tool list caches. With no arguments, flushes all cached tool lists. With a backend name, flushes just that backend's cache. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/crunchtools/mcp-trentina'
If you have feedback or need assistance with the MCP directory API, please join our Discord server