"namespace:io.github.apology-is-policy" matching MCP tools:

• inspect_security_headers

  Ground Truth

  Fetch a public URL and inspect security-relevant response headers before you claim that a product or endpoint has a strong browser-facing security baseline. Use this for quick due diligence on public apps and docs sites. It checks for common headers such as HSTS, CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy, and X-Content-Type-Options. It does not replace a real security review, authenticated testing, or vulnerability scanning.

  Connector

• get_domain_stats

  DMARKOFF — DMARC, SPF & DKIM Analytics

  Quick compliance summary for a domain over a date range: total messages, SPF/DKIM pass/fail counts, compliance percentages. Key fields: • compliantPct — overall DMARC compliance rate: dmarcAligned / total * 100. A message is "DMARC aligned" when it passes the DMARC policy check (either SPF or DKIM aligned with the From domain). • spfCompliantPct — SPF alignment rate: spfPass / total * 100 (SPF result matches the From domain). • dkimCompliantPct — DKIM alignment rate: dkimPass / total * 100 (DKIM signing domain matches the From domain). Note: compliantPct ≥ max(spfCompliantPct, dkimCompliantPct) because DMARC passes if either SPF or DKIM is aligned. Use this for a fast numeric check of a single domain's authentication rates. For a complete diagnostic including records, timeline, and health trends, use get_domain_full_data instead.

  Connector

• dossier_mta_sts

  drwho.me developer tools

  Core dossier check: Fetch and validate a domain's MTA-STS policy (mode, mx, max_age, policy id). Use to confirm inbound SMTP is locked to TLS for this domain. Resolves the _mta-sts TXT record, then fetches the policy from mta-sts.<domain>/.well-known/mta-sts.txt; 10s timeout. Returns a CheckResult; not_applicable when no MTA-STS TXT is published.

  Connector

• get_domain_full_data

  DMARKOFF — DMARC, SPF & DKIM Analytics

  Primary tool for diagnosing a single domain. Returns everything in one call: • Base info — severity, DMARC status, policy (none/quarantine/reject), report status, user override • Health status per dimension — DMARC record, SPF record, DKIM record, SPF alignment, DKIM alignment, DMARC compliance, message volume • Stats summary — compliance %, source counts, fail counts for the period • SPF records — return paths, SPF record text, lookup count, errors, pass/fail volume • DKIM records — selectors, signing domains, record text, errors, pass/fail volume • Daily timeline — per-day message volume and compliance breakdown • Quantiles — statistical thresholds (5th, 90th, 95th percentile) for volumes, unknown, dmarcFail, dkimFail, spfFail over the period. Use these as baselines to detect anomalies: a daily value exceeding q90/q95 signals an unusual spike. Key fields: • pctEligibleForPolicy — percentage of messages subject to DMARC policy enforcement (excludes forwarded mail that is not evaluated against the policy). E.g. 99.66 means 99.66% of messages can be acted on by the DMARC policy. • pctFromKnownSources — percentage of messages from recognized/legitimate sending sources. When to use: after projects_overview or list_domains identified a domain that needs investigation. Prefer this over get_domain_detail, get_spf_records, get_dkim_records, get_domain_stats — those are narrower tools useful only when you need a specific slice of data. For day-by-day activity health history (SPF/DKIM/DMARC quantile trend, volume anomaly direction), call get_domain_activity_health separately.

  Connector

• request_sandbox_funds

  Conductor Relay MCP

  Request the closed-economy sandbox faucet for trial CPTM (one grant per agent per 24h). Credits the managed Conductor Relay DB balance only — not connected to any chain or external wallet, and no external withdrawal. Bearer token required. See /agents/cptm-policy.

  Connector

• get_trade_policy_impacts

  supply-chain-intelligence

  Get active trade policy actions currently impacting supply chain risk — tariffs, sanctions, export controls, import restrictions, and regulatory changes. Unlike news alerts that expire after 72 hours, policy adjustments persist as long as the policy is in effect and continue to modify GDI risk scores. Each policy includes the affected GDI pillar, score modifier, effective date, and source event. Used by procurement teams navigating tariff exposure, compliance officers tracking sanctions, and supply chain strategists adapting sourcing to policy shifts.

  Connector

• get_legal_documents

  Molt2Meet

  Get all active legal documents an agent must accept on registration. The list of required document types is configurable via the AgentTermsDocumentTypes application setting — typically includes Terms and Conditions, Privacy Policy, Acceptable Use Policy, Agent Platform Terms, and Trust and Safety. Each document includes its type reference, name, version, effective date, and full markdown content. Call this before register_agent so you know what the agent is accepting when setting acceptedTerms=true. No authentication required.

  Connector

• congressgov_bill_lookup

  congressgov-mcp-server

  Browse and retrieve U.S. legislative bill data from Congress.gov. Discover bills by filtering on congress, bill type, and date range — there is no keyword search. Use 'list' to browse (requires congress, defaults to most-recently-updated first), 'get' for full bill detail (sponsor, policy area, CBO estimates, law info), or drill into a specific bill with 'actions', 'amendments', 'cosponsors', 'committees', 'subjects', 'summaries', 'text', 'titles', or 'related' (each requires congress + billType + billNumber).

  Connector

• check_package

  Hextrap MCP

  Check if a package is allowed by a hextrap firewall and verify it is not a suspected typosquat. Call this BEFORE suggesting any npm, PyPI, or Go dependency to ensure it meets security policy.

  Connector

• check_action

  icme-preflight-mcp

  Enforce a guardrail: verify an agent action against a compiled policy using formal verification. An SMT solver — not an LLM — determines whether the action satisfies every rule. Returns SAT (allowed) or UNSAT (blocked) with extracted values and a cryptographic ZK proof that the check was performed correctly. Cannot be jailbroken. 1 credit ($0.01). Requires api_key. Tip: end the action with an explicit claim like 'I assert this complies with the policy' for best extraction.

  Connector

• improvement_guidance

  The Cracks Index

  Return constructive improvement guidance for one area. Given an area identifier — an ISO-3166 alpha-3 country code, an EU NUTS-2 region code or a Dutch municipality CBS GM-code — returns that area's highest-impact improvement lever from the Cracks Index, together with Fynqo's approach to earlier, joined-up coordination and a link to the public "claim your score" page where an organisation can request a deeper local report. Read-only, no personal data. The lever is framed as "the change most associated with improvement". It is general, aggregated guidance, not policy, medical, legal or financial advice, and carries no promise of a guaranteed score gain (sales-engine §3.4, §5).

  Connector

• rating_load_context

  website-search

  Load Lenny Zeltser's complete cybersecurity-writing rating toolkit: all 7 sheets, scoring policy, scoring playbook, and cross-references to the writing guidelines. This server never requests your draft and instructs your AI to keep it local—rating sheets and scoring instructions flow to your AI.

  Connector

• get_ai_news

  Ai Briefing

  Get AI industry news — model releases, funding, acquisitions, policy changes, benchmarks. Returns news events with dates and summaries for industry context.

  Connector

• get_domain_source_details

  DMARKOFF — DMARC, SPF & DKIM Analytics

  Detailed per-record view of email sources for a domain with flexible grouping and filtering. Grouping (group_by, default: "isp"): • "isp" — by ISP/provider (shows ISP, hostname, brand domain, country). Best starting point for investigation. • "ip" — by sending IP address (shows IP, ISP, PTR, country, source type) • "host" — by hostname (ip_domain_name) • "reporter" — by DMARC report sender (shows reporter organization) Note: with group_by=isp, the same provider may appear multiple times with different countries — this is correct (one row per provider+country combination). Each row includes: message count, disposition, policy override, SPF/DKIM/DMARC evaluation, SPF auth details (return-path, result, scope), DKIM auth details (domain, selector, result). The "comment" field comes from the DMARC XML report and is populated when ARC (Authenticated Received Chain) overrides the DMARC policy — e.g. when a forwarded message would fail DMARC but ARC trusts the forwarding chain, applying a different effective policy than the p= tag in the DMARC record. Empty when no override occurred. Optional filters: source_ip, isp, ip_domain_name, eval_spf, eval_dkim, eval_dmarc, source_type, disposition, dkim_domain, dkim_selector, spf_domain. For ISP grouping set problems_only=true to see only rows with authentication failures. Use this to investigate specific sending sources, drill down into authentication failures, or analyze traffic by provider/IP/reporter.

  Connector

• parliament_vibe_check

  UK Legal Research

  Assess the likely parliamentary reception of a policy proposal. Searches Hansard for relevant debate contributions, then uses LLM sampling to classify sentiment and extract supporters, opponents, and key concerns. Degrades gracefully if sampling is unavailable — returns contributions only.

  Connector

• law_parliament_vibe_check

  UK Business Tools - Ledgerhall

  Assess the likely parliamentary reception of a policy proposal. Searches Hansard for relevant debate contributions, then uses LLM sampling to classify sentiment and extract supporters, opponents, and key concerns. Degrades gracefully if sampling is unavailable — returns contributions only.

  Connector

• congressgov_crs_reports

  congressgov-mcp-server

  Browse and retrieve CRS (Congressional Research Service) reports — nonpartisan policy analyses by subject-matter experts at the Library of Congress, covering policy areas, legislative proposals, and legal questions. Report IDs use letter-number codes (e.g., R40097, RL33612, IF12345). Use 'list' to browse available reports or 'get' for full detail (authors, topics, summary, download formats).

  Connector

• policy_register

  agentguard

  View the central policy registry. Query tiers (T1-T4), tool classifications, escalation rules. Actions: summary (default), lookup (by tool_name), tiers, rules, tools (by tier_id).

  Connector

• hemmabo_booking_cancel

  hemmabo-mcp-server

  Cancel a confirmed booking and process the Stripe refund. Use this tool when the guest explicitly requests cancellation. Do NOT use for pending/unpaid bookings — those expire automatically. Refund amount is calculated based on the host's cancellation policy. Returns cancellation confirmation with refund amount and status.

  Connector

• email_mx

  ContrastAPI

  Analyze email security: MX records, SPF policy, DMARC policy, DKIM probe across common+date-based selectors, mail provider, grade. Use to verify email-auth setup and phishing risk; for full audit use domain_report. Free: 30/hr, Pro: 500/hr. email_security.dkim_status reports honest evidence: 'verified' iff at least one selector responded, else 'unverifiable' (custom selectors cannot be discovered without prior knowledge). Grade: when DKIM verified, A=SPF+DMARC+DKIM/B=2of3/C=1of3; when DKIM unverifiable, A=SPF+DMARC/B=one/F=neither — DKIM absence is NOT penalized because it is unprovable in DNS. Returns {mx_records, mail_provider, email_security:{spf, dmarc, dkim_selectors, dkim_status, grade, issues}, summary}.

  Connector