TunnelMind Data API

Returns the complete surveillance intelligence record for a domain name. If the domain is in TunnelMind's tracker database (80,000+ entries), the response includes tracker category, risk score, fingerprinting data, cookie persistence, IAB TCF purposes, and the owning corporate entity. If the domain is not in the database, a live probe is automatically run: RDAP registration data, DNS records (MX, SPF, TXT verification tokens), HTTP headers, and CSP third-party actors are fetched fresh from the edge and returned. Use this tool when: - You need to know whether a specific domain tracks users, and how aggressively. - You are researching who owns a domain and what corporate entity controls it. - You want to check HTTP security headers and third-party services embedded in a site. - You are building a risk score for a domain before routing traffic through it. Do NOT use this tool when: - You want to search by keyword or category — use `search` instead. - You want all domains for an entity — use `get_entity` instead. Inputs: - `domain` (path, required): Domain name. Strip `www.` prefix — it is removed automatically. Subdomains are resolved to the parent: `ads.doubleclick.net` → `doubleclick.net`. Examples: `doubleclick.net`, `google-analytics.com`, `intercom.io`. Returns: - Full `DomainRecord`. Free tier returns the domain, category, score, prevalence, and entity name. Pro/enterprise additionally return `tcf_vendor_id`, `tcf_purposes`, `tcf_features`, and `disconnect_cats`. - If the domain is not in the tracker database, `live_lookup: true` is set and RDAP/DNS/HTTP probe results are returned instead of tracker fields. - 404 if the domain cannot be found via live probe either (unknown TLD, unreachable). Cost: - Free tier: included in 50 req/day limit. Pro/enterprise: included in plan. Latency: - Database hit: typical <100ms, p99 <300ms. - Live probe: typical 2-5s, p99 10s (external DNS/HTTP calls).

Returns a paginated list of domains from the tracker database. Results are ordered alphabetically by domain name and support cursor-based pagination for full traversal. Filtering by category and minimum score allows targeted data extraction. Use this tool when: - You want to enumerate all known ad-tech or analytics domains above a risk threshold. - You need a dataset of tracker domains for offline analysis. - You are paginating through a category to build a block list. Do NOT use this tool when: - You need data for a specific domain — use `get_domain` instead. - You are searching by keyword — use `search` instead. - You want domains belonging to a specific company — use `get_entity` instead. Inputs: - `category` (query, optional): Filter by surveillance category. One of: `ad_tech`, `analytics`, `social`, `fingerprinting`, `content`, `cdn`, `other`. - `min_score` (query, optional): Integer 0-100. Exclude domains scoring below this value. - `limit` (query, optional): Number of results per page. Max 100 (paid), 20 (free). Default 50. - `cursor` (query, optional): Pagination cursor from the previous response's `next_cursor` field. Returns: - Array of domain list items (domain, category, score, prevalence, entity summary). - `meta.has_more`: true if more pages exist. - `meta.next_cursor`: pass as `cursor` to get the next page. - `meta.count`: number of results in this page. Cost: - Free tier: up to 20 results/page, 50 req/day. Pro/enterprise: up to 100 results/page. Latency: - Typical: <200ms, p99: <500ms.

Returns an entity record for a surveillance company or data broker, including its industry, estimated annual data value per user (in USD), categories of personal data collected, and the full list of domains it controls. Free tier returns 5 domains, paid returns up to 200. Use this tool when: - You want to understand what corporate entity owns or controls a tracker domain. - You need to assess the total surveillance footprint of a company (e.g., Alphabet, Meta, Oracle). - You are building a corporate surveillance graph and need domain-to-entity mapping. Do NOT use this tool when: - You have a domain and need its category — use `get_domain` instead. - You want to browse entities by industry — use `list_entities` instead. - You are searching for an entity by name — use `search` instead. Inputs: - `slug` (path, required): URL-safe entity identifier (lowercase, hyphens). Examples: `alphabet`, `meta`, `oracle-data-cloud`, `the-trade-desk`. Returns: - Full `EntityRecord` with data categories, estimated data cost, and associated domains. - `domains`: array of top-scoring domains (5 for free tier, 200 for paid). - Pro/enterprise additionally return `website` and `description` fields. Cost: - Free tier: included in 50 req/day limit. Pro/enterprise: included in plan. Latency: - Typical: <150ms, p99: <400ms.

Returns a paginated list of corporate entities in the TunnelMind surveillance database. Includes data categories, estimated data value, and industry classification. Useful for enumerating the surveillance ecosystem by sector. Use this tool when: - You want to enumerate all entities in a specific industry (e.g., all ad-tech companies). - You need a dataset of surveillance entities for analysis or reporting. - You are building a comprehensive surveillance landscape map. Do NOT use this tool when: - You need the full profile of a specific entity — use `get_entity` instead. - You are searching by entity name — use `search` instead. - You need domain-level data — use `list_domains` instead. Inputs: - `industry` (query, optional): Filter by industry classification. Examples: `ad_tech`, `analytics`, `data_broker`, `social`, `crm`. - `limit` (query, optional): Results per page. Max 100 (paid), 20 (free). Default 50. - `cursor` (query, optional): Pagination cursor from previous response's `next_cursor`. Returns: - Array of entity list items (slug, name, parent_company, industry, data_categories, data_cost_usd). - `meta.has_more` and `meta.next_cursor` for pagination. Cost: - Free tier: up to 20 results/page, 50 req/day. Pro/enterprise: up to 100 results/page. Latency: - Typical: <150ms, p99: <400ms.

Searches both the domains table and the entities table simultaneously. Returns matching domains (by domain name) and entities (by name or slug) in a single response. Minimum 2 characters, maximum 100 characters. Use this tool when: - You have a partial name and need to identify what tracker or entity it belongs to. - You want to find all TunnelMind records related to a company name like "Google" or "Oracle". - You are resolving an ambiguous domain (e.g., does `criteo.com` appear in the tracker DB?). Do NOT use this tool when: - You know the exact domain — use `get_domain` instead (faster, more complete). - You know the exact entity slug — use `get_entity` instead. - You want to browse by category or industry — use `list_domains` or `list_entities`. Inputs: - `q` (query, required): Search string, 2-100 characters. Matched against domain names and entity names/slugs. Returns: - `domains`: array of matching domain records (list item format). - `entities`: array of matching entity records (list item format). - Both arrays may be empty if no matches found. No pagination — results are capped at 20 per type. Cost: - Free tier: included in 50 req/day. Pro/enterprise: included in plan. Latency: - Typical: <200ms, p99: <500ms.

Makes a live HEAD request to the target domain from the Cloudflare edge, follows up to 5 redirects, and returns the full redirect chain, final HTTP status, key response headers, a security header score, and any third-party surveillance actors referenced in the Content-Security-Policy header. Use this tool when: - You want to verify whether a site enforces HTTPS and HSTS. - You need to inspect what third-party scripts a site loads via its CSP header. - You are assessing a domain's security posture before trusting it. - You want to detect surveillance actors embedded in a site's CSP. Do NOT use this tool when: - You need tracker database data (category, score, entity) — use `get_domain` instead. - You need the technology stack (CMS, framework) — use `intel_stack` instead. - You need robots.txt AI crawler policy — use `intel_robots` instead. Inputs: - `domain` (query, required): Domain to probe. Can include or omit `https://`. Examples: `nytimes.com`, `https://example.com`. Returns: - `reachable`: false if the domain did not respond within 6 seconds. - `redirect_chain`: each hop with URL, status code, and Location header. - `security_headers.score`: 0-100 based on presence of HSTS, CSP, X-Content-Type, X-Frame-Options, Referrer-Policy. - `security_headers.missing`: list of headers absent. - `csp_actors`: known surveillance actors detected in the CSP header. - `error`: set if the connection failed. Cost: - Free. No API key required. Latency: - Typical: 1-3s (outbound fetch), p99: 6s (timeout). Plan for async if chaining calls.

Fetches up to 32KB of the domain's HTML and response headers from the edge, then fingerprints the content for known CMS platforms, JavaScript frameworks, CDN providers, and analytics tools. Detection is based on meta generator tags, script src patterns, response headers, and cookie names. Use this tool when: - You need to know what CMS (WordPress, Drupal, Shopify) a site runs. - You are assessing a domain's infrastructure before a security review. - You want to identify analytics or marketing tools a site embeds. Do NOT use this tool when: - You want HTTP headers and security posture — use `intel_http` instead. - You want tracker database classification — use `get_domain` instead. - You need robots.txt AI policy — use `intel_robots` instead. Inputs: - `domain` (query, required): Domain to fingerprint. Returns: - `cms`: detected content management system, or null. - `frameworks`: JavaScript/backend frameworks detected. - `cdn`: CDN provider detected, or null. - `analytics`: analytics and tracking tools detected. - `meta_generators`: raw meta generator tag values. Cost: - Free. No API key required. Latency: - Typical: 2-4s (HTML fetch), p99: 7s.

Retrieves the target domain's `robots.txt` file and parses it for AI crawler disallow rules. Specifically detects policies for known AI crawlers (GPTBot, ClaudeBot, CCBot, Bytespider, etc.) and returns a structured summary of the crawling policy. Use this tool when: - You need to know whether a domain has opted out of AI training data collection. - You want to check if a specific AI crawler is blocked before citing the domain. - You are building a dataset of AI-accessible vs AI-blocked domains. Do NOT use this tool when: - You want training opt-out signals beyond robots.txt (TDM reservation, noai meta) — use `intel_optout` instead. - You want the full technology stack — use `intel_stack` instead. - You need tracker database data — use `get_domain` instead. Inputs: - `domain` (query, required): Domain to probe. Returns: - `robots_txt_found`: false if the domain returned 404 or the file is empty. - `ai_crawlers_blocked`: list of AI crawler user-agent names that are disallowed. - `all_blocked`: true if `User-agent: *` with `Disallow: /` is present. - `raw`: first 4096 characters of the robots.txt file. Cost: - Free. No API key required. Latency: - Typical: 1-2s, p99: 6s.

Probes a domain for known AI agent integration signals: `llms.txt`, `ai.txt`, `/.well-known/ai-plugin.json`, `openapi.json`, `swagger.json`, MCP manifest, MCP SSE endpoint. Returns a score based on the count of signals detected. Use this to assess whether a domain is ready for agent-to-agent interaction. Use this tool when: - You want to know whether a domain exposes an MCP server or OpenAPI spec for agents. - You are cataloguing the AI-agent-ready surface of a set of domains. - You need to decide whether to attempt programmatic API access to a domain. Do NOT use this tool when: - You need tracker/surveillance data about the domain — use `get_domain` instead. - You need the robots.txt AI crawler policy — use `intel_robots` instead. - You need HTTP security posture — use `intel_http` instead. Inputs: - `domain` (query, required): Domain to probe. Returns: - Boolean flags per signal (`llms_txt`, `ai_plugin`, `openapi`, `mcp_manifest`, `mcp_endpoint`, `mcp_sse`). - `agent_surface_score`: integer 0-8, count of signals detected. Cost: - Free. No API key required. Latency: - Typical: 2-5s (parallel probes), p99: 8s.

Fetches a domain's homepage and checks for content patterns that could constitute prompt injection attacks against AI agents that visit and ingest the page. Signals include hidden text, invisible divs, `<!-- AI: ignore -->` style comments, and known injection patterns. Use this tool when: - You are vetting a domain before feeding its content into an LLM context. - You want to assess the prompt injection risk of a URL before browsing it with an agent. - You are auditing a set of domains for adversarial AI content. Do NOT use this tool when: - You want tracker surveillance data — use `get_domain` instead. - You want AI training opt-out signals — use `intel_optout` instead. - You want the agent surface (MCP/OpenAPI) — use `intel_agent` instead. Inputs: - `domain` (query, required): Domain to scan. Returns: - `injection_signals`: list of signal types detected (e.g., `hidden_text`, `ai_instruction_comment`, `invisible_div`). - `risk_level`: `none`, `low`, `medium`, or `high` based on signal count and type. Cost: - Free. No API key required. Latency: - Typical: 2-4s (HTML fetch), p99: 7s.

Checks a domain for all known AI training data opt-out mechanisms beyond robots.txt: TDM (Text and Data Mining) reservation headers, `<meta name="ai">` tags, Creative Commons NonCommercial licenses, and other machine-readable opt-out signals. Use this tool when: - You need to determine whether a domain has opted out of AI training data collection. - You are checking compliance before using a domain's content in a training dataset. - You want a comprehensive opt-out status (robots.txt + TDM + meta tags combined). Do NOT use this tool when: - You only need robots.txt crawler policy — use `intel_robots` instead (faster). - You need tracker data — use `get_domain` instead. - You want injection risk assessment — use `intel_inject` instead. Inputs: - `domain` (query, required): Domain to probe. Returns: - `tdm_reservation`: true if the domain sends a `TDM-Reservation: 1` header. - `noai_meta`: true if the HTML contains `<meta name="robots" content="noai">`. - `license_detected`: string if a CC NonCommercial or similar license is detected, otherwise null. - `opted_out`: true if any opt-out signal is present. Cost: - Free. No API key required. Latency: - Typical: 2-4s, p99: 7s.

Returns metadata for a TunnelMind surveillance receipt — a signed document proving that a specific user's surveillance exposure was observed, measured, and recorded at a specific time. Does NOT return the receipt's signature (anti-phishing protection). To verify a receipt's content integrity, use `verify_receipt` with the hash and signature from the receipt document itself. Use this tool when: - You have a receipt ID and want to confirm it was genuinely issued by TunnelMind. - You need the issuance timestamp and signing key ID for a receipt. - You want to check whether a receipt exists before attempting content verification. Do NOT use this tool when: - You have the full receipt document and want to verify it hasn't been tampered with — use `verify_receipt` instead. Inputs: - `receipt_id` (path, required): The receipt ID from the receipt document. Alphanumeric with hyphens, max 128 characters. Returns: - `status`: `FOUND` if the receipt is in the registry. - `generated_at`: ISO 8601 timestamp of receipt issuance. - `signing_key_id`: identifier of the Ed25519 key used to sign. - `schema_version`: receipt schema version. - `message`: human-readable summary with instructions for content verification. - 404 if the receipt ID is not in the registry. Cost: - Free. No API key required. Latency: - Typical: <100ms, p99: <300ms.

Tamper-detection verification for TunnelMind surveillance receipts. Submit the receipt ID, the SHA-256 content hash, and the Ed25519 signature from the receipt document. The registry compares these against what was recorded at issuance time. Returns VALID if both match exactly, INVALID with a specific mismatch reason otherwise. Use this tool when: - You received a surveillance receipt document and want to verify it hasn't been altered. - You are programmatically checking receipt authenticity in an agent workflow. - You want to prove to a third party that a receipt is genuine. Do NOT use this tool when: - You only want to check existence — use `get_receipt` instead (no body required). Inputs: - `receipt_id` (body, required): The receipt's ID field from the document. - `content_hash` (body, required): SHA-256 hex hash of the receipt JSON. Max 256 chars. - `signature` (body, required): Ed25519 signature from the receipt document. Max 512 chars. Returns: - `valid`: boolean. True only if both hash and signature match exactly. - `status`: `VALID` or `INVALID`. - `message`: human-readable explanation. On INVALID, specifies whether the hash mismatched, the signature mismatched, or both. Cost: - Free. No API key required. Latency: - Typical: <100ms, p99: <300ms.

Returns the current status of a task created by an `?async=true` intel request. Poll this endpoint until `status` is one of: `complete`, `failed`, `cancelled`, `expired`. On `complete`, the `result` field contains the same payload the sync endpoint would have returned. On `failed`, `error.message` explains the failure. Use this tool when: - You submitted an intel probe with `?async=true` and need to retrieve the result. - You want to check whether a background task finished without opening an SSE stream. Do NOT use this tool when: - You want real-time event streaming — use `stream_task` instead. - You have no task_id — submit a probe with `?async=true` first. Inputs: - `task_id` (path, required): 26-char ULID returned in the 202 response. Returns: - `status`: `pending` | `running` | `complete` | `failed` | `cancelled` | `expired`. - `result`: populated when status is `complete`. Null otherwise. - `error`: populated when status is `failed`. Null otherwise. - `expires_at`: tasks expire 1 hour after creation. Cost: - Free. Does not count against rate limits. Latency: - Typical: <100ms.

Marks the task as `cancelled`. If the task is already in a terminal state (`complete`, `failed`, `expired`), returns 409 Conflict. Only the identity that created the task may cancel it. Use this tool when: - You submitted a probe with `?async=true` and no longer need the result. - You want to free up a pending task before it expires. Do NOT use this tool when: - The task is already complete — cancellation is not possible. Inputs: - `task_id` (path, required): 26-char ULID. Returns: - `task_id` and `status: cancelled`. Cost: - Free. Latency: - Typical: <150ms.

Opens a persistent SSE connection that emits events as the task progresses. The stream closes automatically when the task reaches a terminal state or after ~90 seconds (timeout). Heartbeat comments are sent every ~15 seconds to keep the connection alive through proxies. Event types: - `status` — emitted when status changes (pending → running → complete/failed) - `result` — emitted on `complete` with the full result payload - `error` — emitted on `failed`, `cancelled`, or `expired` with error info - SSE comment (`: heartbeat`) — keepalive, no data Use this tool when: - You want real-time progress without polling. - You are in an environment that supports SSE (EventSource API). Do NOT use this tool when: - You want a simple one-shot status check — use `get_task` instead. - Your HTTP client doesn't support streaming responses. Inputs: - `task_id` (path, required): 26-char ULID. Returns: - SSE stream (`text/event-stream`). Each event is `event: <type>\\ndata: <json>\\n\\n`. Cost: - Free. Counts as one request against rate limits when the stream opens. Latency: - First event: <200ms. Stream duration: up to 90s.

Returns NDJSON (one JSON object per line) of audit log entries. Each entry records the operation called, the identity, hashes of the request and response, duration, and an Ed25519 signature over the canonical entry JSON. Entries are hash-chained: each entry's `prev_entry_hash` is SHA-256 of the previous entry's signature, making deletion of any entry detectable offline. Authenticated callers receive only their own entries (`identity_sub` match). Admin key holders receive all entries. Use this tool when: - You want a tamper-evident record of your own API calls. - You are auditing a sequence of requests for compliance or debugging. - You want to verify the audit chain integrity offline. Do NOT use this tool when: - You are anonymous — authentication is required. - You want task status — use `get_task` instead. Inputs: - `from` (query, optional): ISO 8601 start datetime. Default: 7 days ago. - `to` (query, optional): ISO 8601 end datetime. Default: now. - `limit` (query, optional): Max entries. 1–5000, default 1000. Returns: - NDJSON stream, one `AuditEntry` per line. - `X-Total-Count` response header with entry count. - `X-Took-Ms` response header. Verify the chain offline: - For each consecutive pair (A, B): `SHA-256(A.signature) == B.prev_entry_hash`. - For each entry: verify Ed25519 signature against public key in `/.well-known/atap.json`. Cost: - Counts as one request against the daily limit. Latency: - Typical: <300ms for 1000 entries, p99: <1s.

Looks up each submitted domain in the TunnelMind tracker database, aggregates risk metrics (avg score, max score, fingerprinters, high-risk domains, entity ownership), and issues a signed surveillance receipt. The receipt is stored in the public registry and can be verified at `/verify/{receipt_id}`. Use this tool when: - You want a verifiable record of which trackers were observed in a context (page, app, session). - You need a signed evidence artifact for a privacy audit or compliance report. - You want to know the overall surveillance exposure level for a set of domains. - You are generating a receipt to share with a user as evidence of tracker presence. Do NOT use this tool when: - You want full tracker details per domain — use `get_domain` instead. - You want to look up an existing receipt — use `get_receipt` instead. - You need live probes (HTTP headers, stack detection) — use `/v1/intel/*` instead. Inputs: - `domains` (body, required): Array of 1–50 fully qualified domain names. Duplicates are deduplicated. URLs are stripped to host component. - `domain` (body, alternative): Single domain string (shorthand for `domains: [domain]`). Returns: - `receipt_id`: Unique receipt ID (e.g. `rcpt_01JXYZ...`). - `receipt`: Full receipt document including domains submitted, tracker findings, high-risk domains, fingerprinters, unique entities, and exposure metrics. - `content_hash`: SHA-256 of the canonical receipt JSON. - `signature`: Base64 Ed25519 signature (empty string if signing key not configured). - `signed`: Boolean — true if the receipt is cryptographically signed. - `verify_url`: Path to retrieve this receipt from the public registry. Exposure levels: `minimal` / `moderate` / `high` / `critical` Based on average tracker score and proportion of high-risk domains (score ≥ 70). Cost: - Counts as one request against the daily limit regardless of domain count. Latency: - Typical: <100ms (pure D1 lookup, no outbound probing). p99: <300ms.

Confirms whether an SSP/exchange is authorized to sell a publisher's inventory according to that publisher's ads.txt. This is a cache lookup against ads.txt files crawled daily across the top 10,000 publisher domains — it does NOT fetch the publisher's ads.txt live, so it is fast and adds no latency to a real-time bidding decision. Use this tool when: - You are an ad-buying agent and want to confirm, pre-bid, that a supply path (publisher → exchange → seller_id) is legitimate. - You are detecting domain spoofing or unauthorized resale in a bid stream. - You want to check whether a seller is listed DIRECT or RESELLER. Do NOT use this tool when: - You want a full supply-path trust score — that endpoint is Sigil P31. - You want surveillance tracker data for the domain — use `get_domain`. Inputs: - `publisher_domain` (body, required): Publisher domain, e.g. `nytimes.com`. A `www.` prefix and scheme/path are stripped automatically. - `exchange_domain` (body, required): The exchange/SSP domain as it appears in ads.txt, e.g. `google.com`, `amazon-adsystem.com`. - `seller_id` (body, required): The publisher's seller/account ID at that exchange, e.g. `pub-4177862836555934`. Matched exactly. - `seller_type` (body, optional): `DIRECT` or `RESELLER`. When supplied it is checked against the ads.txt entry; a mismatch is reported as a warning. - `resolve_chain` (body, optional): When true, a matched RESELLER entry is cross-checked against the exchange's sellers.json (one authoritative hop). Returns: - `verified`: true (entry found), false (confidently not listed), or null (ads.txt could not be retrieved — indeterminate). - `confidence`: `high` | `degraded` | `low` | `unknown`. - `seller_entry`: the matched ads.txt line (line number, raw text, parsed fields) when `verified` is true; otherwise null. - `ads_txt_parse_status`, `ads_txt_last_parsed`, `stale`: provenance of the cached crawl this answer is derived from. - `reseller_chain`: empty unless `resolve_chain: true` and the matched entry is RESELLER — then it carries the sellers.json cross-check for the seller. - `warnings`: actionable flags, e.g. `publisher_not_in_corpus`, `publisher_has_no_ads_txt`, `seller_type_mismatch`, `ads_txt_cache_stale`. Cost: - Counts as one request against the daily rate limit. Latency: - Typical: <50ms (single cache lookup, no outbound fetch). p99: <120ms.

Runs up to 100 ads.txt verifications in a single call — the endpoint an ad-buying agent uses for pre-bid checks across a whole campaign's supply. Each item is the same shape as `sigil_verify_ads_txt`. Per-item validation failures are reported inline; the batch never fails as a whole. Publisher records are fetched once per unique domain. Use this tool when: - You are evaluating many supply paths at once (campaign setup, SPO sweep). - You want one round-trip instead of N calls to `sigil_verify_ads_txt`. Inputs: - `items` (body, required): Array of 1–100 verification requests, each `{ publisher_domain, exchange_domain, seller_id, seller_type? }`. - `resolve_chain` (body, optional): Applies to every item — when true, a matched RESELLER entry is cross-checked against the exchange's sellers.json. Returns: - `count`: number of result entries (matches `items` length, in order). - `verified_count`: how many resolved to `verified: true`. - `results`: array aligned to `items`. Each entry is either a verification result with `ok: true` and `input_index`, or `{ ok: false, input_index, error, message }` for an invalid item. Cost: - Counts as one request against the daily rate limit. Latency: - Typical: <150ms. With `resolve_chain: true`, add one sellers.json fetch per unique exchange (edge-cached 12h after the first fetch).

Confirms a publisher controls a domain by checking for a DNS TXT record the owner publishes under `_tunnelmind.{domain}`. A DNS record can only be set by whoever controls the zone, so its presence proves control — a stronger signal than ads.txt, which is just a file anything in the request path can serve. Use this tool when: - You want proof a publisher actually owns the domain it claims. - You are distinguishing publishers who have opted into Sigil verification. Inputs: - `domain` (query, required): Publisher domain. `www.` and scheme stripped. Returns: - `verified`: true (record found), false (absent), or null (DNS lookup failed). - `expected`: the exact TXT record the owner must publish to verify. - `found_records`: TXT values currently present at `_tunnelmind.{domain}`. - `checked_at`: ISO 8601 timestamp of the live DNS lookup. Cost: - Counts as one request against the daily rate limit. Latency: - Typical: <300ms (one DNS-over-HTTPS lookup).

Classifies an IPv4 address by network type — the high-value ad-fraud signal being datacenter traffic posing as residential or living-room (CTV) devices. IP→ASN resolution uses Team Cymru's public service; the ASN is then classified by its registered organization name. PRIVACY: the IP is used for lookup only — never logged, never stored. Inputs: - `ip` (query, required): IPv4 address. IPv6 is not yet supported. Returns: - `ip_type`: datacenter | residential | mobile | unknown. - `confidence`: high | medium | low. - `asn`, `asn_name`: the resolved autonomous system. - `scry_signals`: reserved for Scry corpus cross-reference (empty in v1). Latency: - Typical: 100-250ms (two live DNS lookups).

Reports whether a domain publishes ads.cert (IAB Tech Lab Authenticated Connections) DNS records — a readiness signal showing the domain supports cryptographically authenticated ad-tech connections. This is not signature verification: ads.cert is pairwise, so verifying a signed bid request requires Sigil to be a delegated participant (a future build). DNS-only and stateless. Inputs: - `domain` (query, required): Domain to check. Returns: - `adscert_ready`: true | false | null (DNS lookup failed). - `adscert_records`: TXT values at `_adscert.{domain}`. - `delegation_records`: TXT values at `_delegated._adscert.{domain}`.

Verifies that a mobile or CTV app bundle ID actually exists in the relevant app store — used to detect bundle spoofing in bid requests. Platform support (v1): - `ios`: verified live via Apple's iTunes Lookup API. - `android`: verified live via the Google Play store listing page. - `ctv_*` / `web`: no public store API — returns verified=null. Inputs: - `bundle_id` (body, required): e.g. `com.nytimes.NYTimes`. - `platform` (body, required): ios | android | ctv_roku | ctv_fire | ctv_samsung | ctv_lg | ctv_vizio | web. - `claimed_developer` (body, optional): checked against the store listing. Returns: - `verified`: true | false | null (not checkable on this platform). - `store_listing`: name, developer, developer_match, store_url.

A2 — the cross-lens join. TunnelMind owns multiple halves of the open-web graph: Scry sees who is on every IP (attacker intelligence, actor class, Augur threat-intel overlap); Sigil sees the supply graph (publishers, SSPs, DSPs, ads.txt + sellers.json + SupplyChain Object); GhostRoute sees routing integrity & sovereignty (RPKI origin validity, BGP prefix, claimed sovereign zone, sanctions, AI-infrastructure ownership, certificate CA). This endpoint fuses them into one verdict on a single node key. The response contains four blocks: - `scry` — the single-lens Scry view (transparency). - `sigil` — the single-lens Sigil view (transparency). - `ghostroute` — the single-lens GhostRoute view (transparency). - `cross_lens` — the fused verdict (the moat). Fusion math: weighted-mean over evaluated components plus a `co_observation_bonus` when both lenses independently flag the node. GhostRoute adds a routing-integrity component with two hard safety floors that cannot be averaged away: an RPKI-INVALID origin (a BGP hijack signal) caps its trust at 0.15, and a sanctions match zeroes it. Weights and thresholds are per-request overridable. Lens unavailability is reported in-band: each lens fails independently and the cross_lens block reflects degraded confidence when fewer lenses have data (0.55 one lens / 0.80 two / 0.94 three). GhostRoute has no routing surface for a bare entity_slug, so it drops out and the remaining weights re-normalise. Returns 503 only when ALL lenses are unavailable. v1 lens coverage matrix: - IP node — Scry: full; Sigil: not_indexed (v2 will reverse-DNS); GhostRoute: full. - Domain node — Scry: deferred; Sigil: full (publisher/ssp/dsp + entity); GhostRoute: full (resolves to IP). - entity_slug node — Scry: n/a; Sigil: full (entity + sell/buy presence); GhostRoute: n/a (no routing surface). - ASN node — Scry: deferred (v2); Sigil: not_indexed; GhostRoute: origin-AS lookup.

Returns all three lens views for a single node key without computing a fused verdict. Use this when you want raw transparency — the Tracker catalog presence, Scry attacker observations, and Sigil supply-graph position — and intend to make your own decision. For an opinionated verdict, call `cross_lens_verify` instead. For an agent-side allow/caution/deny gate plus signed consultation receipt, call `preflight_should_i_act`. Coverage block exposes which lenses responded so agents can reason about partial-data verdicts. `issued_by` carries the OAI of the answering witness so the response is attributable.

The single call an agent makes before transacting with a destination on the open web. Composes the cross-lens verdict with a bounded Tracker-presence bonus, maps the adjusted trust score to a tri-state decision (`allow` / `caution` / `deny`), and returns a 5-minute signed consultation receipt (`sigil_token` with `sub: preflight:consulted`). The receipt is the load-bearing artifact: the agent attaches it to its action log as cryptographic proof that the destination was consulted before action. The decision itself is commodity-shaped; the *receipt of having asked* is what accountability requires. When `ait` is supplied, the consultation additionally chains a witness-tier `preflight:consulted` event onto the ATAP AIT, signed by OAI-2026-0000201 — turning the consultation into a hash-chained, replayable artifact. Tracker presence applies a bounded `+0.05` trust bonus before decision mapping (capped at 1.0). Absence is never a penalty — most of the open web is not in the tracker corpus and that's expected. Defaults: `allow >= 0.70`, `caution >= 0.40`, else `deny`. Thresholds are overridable per request; weights are inherited from cross_lens_verify.

Call this when you need to ACT ON a verdict and prove why. It returns the exact verdict `/v1/verify/{node}` computes (same fusion, same weights) PLUS a traced evidence chain: every claim is attributed to where it came from — the attested sensor fleet (with attestation tier), a named Augur threat feed, sellers.json/ads.txt supply-graph presence, the cross-lens co-observation join, the DDG/IAB tracker corpus — and how much each item moved the verdict (`weight`; null = supplementary, not scored). The response is committed to by a P38 signed receipt via `evidence_digest` (a hash of the exact evidence array), so an agent can act on the verdict and leave behind a cryptographically verifiable trail of the reasoning in the same request. Empty/`none` evidence is the honest "no corpus presence", never a fabricated reason. `node` is an IPv4, ASN, domain, or entity_slug — the same key space as `/v1/verify`.

Call this before routing traffic, bidding on inventory, or trusting a counterparty. It fuses ALL THREE TunnelMind lenses for one subject — Scry (attacker intelligence + threat feeds + open ports), Sigil (ad-supply-chain position + trust score + ATAP witness count), and Tracker (DDG/IAB catalog + prevalence + categories) — into a single confidence-scored profile plus a signed P38 receipt. The `cross_lens.hits` field tells you if the same infrastructure appears in attack data AND supply-chain data — that's your highest-confidence signal, and the one no siloed competitor can give you. `cross_lens.flags` surfaces the actionable highlights (`cross_lens_overlap:scry+sigil`, `in_threat_intel:...`, `high_prevalence_tracker`, `corroborated_by_N_lenses`). Confidence weighting: each lens contributes a base score; a 1.5× multiplier applies when ≥2 lenses corroborate the same subject; and the Scry contribution is weighted by the attestation tier of the sensors that observed it (silicon_root 1.0 → self_asserted 0.5). Bounded [0,1] and carried into the receipt. Unlike `cross_lens_verify` (one node → one verdict) and `cross_lens_lookup` (one node → raw three-lens view), profile_entity takes the SUBJECT as any combination of ip / domain / entity and returns the richest fused detail for a pre-transaction decision. At least one of ip / domain / entity is required.

Observed component counts first, a labelled derived roll-up second. The components — `data_categories`, supply-surface counts (ssp + publisher + dsp + owns_seat + buys_through), and corroborating `sources` — are facts. `derived.tracker_density` (0–100) is a weighted blend of those counts, not a measurement; `data_cost_usd` is deliberately excluded (non-zero only for a curated seed, so weighting by it would fabricate precision). Anchors the `surveillance_bigtech` adversary class for the cross-lens classifier.

Reconciles every sell path a publisher declares (`sells_through`) against each SSP's own sellers.json (`exchange_seat`) and keeps three classes strictly separate: `corroborated` (seat present), `contradicted` (SSP crawled but seller_id absent — real risk), and `unchecked` (SSP not yet crawled — excluded from risk, lowers confidence). Combined with publisher-side ads.txt opacity. Two-sided corroboration is the cross-lens moat — it catches unauthorized resale a one-sided ads.txt read cannot.

Scores an entity by the trust character of its neighbours — the SSPs its publishers sell through and the DSPs it buys through. Reports neighbour counts, mean/min neighbour trust, and how many neighbours are adversary-classified (P46). `derived.halo_score` (0–100, or null when no neighbour has a computed trust) is mean neighbour trust dragged down by adversary-neighbour share. Evidence about an entity's company, not a persisted verdict — no profile poisoning.

Surfaces other entities that operate as a coordinated team with this one: they share a NARROWLY-held direct seller account (2–8 entities — network house accounts shared by hundreds are separated into `house_accounts_excluded`, not counted) or co-own an exchange seat. `derived.team_signal` (0–100) is a coordination magnitude over teammate count, shared-account breadth, and co-owned seats.

The core Sigil pre-bid call. Submit a supply path; Sigil composes its individual checks into one trust verdict and returns a signed `sigil_token` the agent can attach to its bid as proof of verification. Checks composed: - `ads_txt` — exchange authorized in the publisher's ads.txt. - `datacenter_ip` — is the IP a datacenter posing as a real user. - `fraud_signals` — is the IP in Scry's attacker-intelligence corpus. - `bundle_verified` — does the app bundle exist in its store. - `domain_authenticity` / `entity_reputation` — reserved, not evaluated in v1. Each evaluated check yields pass/warn/fail; `trust_score` is their weighted mean (override `weights` per request); `verdict` is pass/warn/fail/unknown (override `thresholds`). PRIVACY: `ip_address` is used for lookup only — never logged, never stored, never placed in the sigil_token. `geo` is accepted but unused. Returns: `trust_score` (0-1 or null), `verdict`, `checks`, `recommendations`, `sigil_token` (signed, 5-minute lifetime).

Verifies the authenticity and expiry of a `sigil_token` returned by `sigil_verify_supply_path`. Anyone can call this — no key needed; Sigil verifies the Ed25519 signature server-side. Tokens live 5 minutes. Returns `valid` (boolean), `reason` (when invalid: malformed / expired / bad_signature / unsigned), and the decoded `payload`.

The bid-time contract. Pass the SupplyChain object from an OpenRTB bid request (`source.ext.schain`) verbatim, plus the originating site domain or app bundle. Sigil verifies, per node and in aggregate: - origin ads.txt — the publisher's ads.txt authorizes node[0] (asi + sid). - per node — the node's `asi` sellers.json declares the node's `sid`. - owner-domain — node[0]'s sellers.json seller `domain` matches the publisher's ads.txt OWNERDOMAIN / MANAGERDOMAIN (spec §3.5.1). - `schain.complete` — an incomplete chain caps the verdict at `warn`. OpenRTB field mapping: `site.domain` → `site_domain`; `app.bundle` → `app_bundle`; `source.ext.schain` → `schain`. An app_bundle origin's ads.txt check is `not_evaluated` pending app-ads.txt resolution. Returns a per-node result array, an aggregate `verdict` (pass/warn/fail/unknown), `recommendations`, and a signed `sigil_token`.

Reconstructs the supply paths for a publisher domain from Sigil's own crawl and returns them ITEMIZED — distinct from `sigil_verify_supply_chain` (which verifies a schain the caller brings) and from `signal_dark_pool_risk` (which returns only aggregate counts). Every SSP the publisher declares it sells through is joined to that SSP's identity and classified two-sided against the SSP's sellers.json: `corroborated` (seat present), `contradicted` (SSP crawled but seller_id absent — real risk), `unchecked` (SSP not yet crawled — not risk). Each returned path also carries `resells_to`, one level of downstream reseller expansion. The list is ordered riskiest-first (contradicted, then reseller) so a truncated page is still the most useful; the `supply_paths` counts are always over the FULL set. `in_supply_graph:false` when the domain is not a known publisher.

GhostRoute is TunnelMind's fourth lens: routing-integrity / sovereignty verification. It answers "is this infrastructure where it claims to be, owned by who it claims, routing where it says — and does that match the sovereign jurisdiction it asserts?" It resolves the originating ASN owner, RPKI validity, the certificate-issuing CA's jurisdiction, and matches the subject against a curated AI-infrastructure corpus to recover any sovereignty CLAIM (e.g. an "EU-sovereign" AI service), then scores reality against claim. Use this tool when: - An agent is about to route data/inference to an endpoint that claims a jurisdiction (e.g. EU data residency, FedRAMP, sovereign-AI). - You want to detect a US-fronted (Cloudflare/AWS/GCP) endpoint masquerading as sovereign-EU infrastructure, an RPKI-invalid origin (possible hijack), or a sanctioned operator. Inputs: - `entity` (path, required): an IPv4, domain, ASN (AS####), or cert SHA-1/256. - `receipt` (query, optional): when `true`, issues a signed, persisted GhostRoute receipt (GR-YYYY-NNNNNNN) instead of an ephemeral verdict. Returns: - `sovereign_tier`: VERIFIED | PLAUSIBLE | MISMATCH | CRITICAL_MISMATCH (or null if no claim). - `sovereign_integrity`: [0,1] score; `origin_as`, `rpki_status`, `cert_ca`, `claimed_sovereign_zone`, `is_ai_infrastructure`, `ai_owner`, `sanctions_match`. - `_meta.caveats` / `_meta.penalties`: what was and wasn't determinable. Latency: - Typical 300-900ms on a cold subject (live BGP/RPKI/cert lookups), faster when cached.

Retrieves a previously-issued, signed GhostRoute receipt by its GR-YYYY-NNNNNNN id, for independent audit of a past sovereignty verdict. Use this tool when: - You hold a GhostRoute receipt id and want to confirm its contents/signature. - You are reconciling an agent's action log against the attestation layer. Inputs: - `receipt_id` (path, required): GR-YYYY-NNNNNNN. Returns: - The full persisted receipt row (routing, cert, sovereignty fields + signature). Latency: - Typical <200ms (single indexed read).

Returns GhostRoute's ownership-graph record for an autonomous system: the registrant/parent organisation, its HQ country and sovereign zone, RIR, and cloud/AI-infrastructure flags. The long-term moat — who actually owns the network a route originates from. Use this tool when: - You have an origin ASN and need its corporate owner + jurisdiction. - You are assessing whether an ASN belongs to a cloud front or the real operator. Inputs: - `asn` (path, required): AS#### or a bare AS number. Returns: - `registrant_org`, `parent_org`, `parent_org_country`, `sovereign_zone`, `rir`, `is_cloud_provider`, `is_ai_infrastructure`, or `{matched:false}`. Latency: - Typical <300ms (cached corpus read, RDAP fallback on a miss).

Checks whether a domain or ASN belongs to a known AI company's infrastructure and what sovereignty it CLAIMS (program, zone, HQ), the baseline GhostRoute scores routing reality against. Use this tool when: - You want to know "whose AI infrastructure is this, and what does it claim?" - You are enriching an endpoint before deciding whether to send it inference. Inputs: - `entity` (path, required): a domain or ASN (AS####). Returns: - `matched`, `match_basis` (domain|asn), `ai_company`, `ai_product`, `sovereign_ai_program`, `claimed_sovereign_zone`, `hq_country`, `verified_sovereign`. Latency: - Typical <300ms (cached corpus read).

Returns GhostRoute's per-cert inclusion proofs: each is a cryptographic demonstration that the exact certificate a host serves is included in an append-only CT log whose root TunnelMind signature-verified — upgrading "a monitor said this cert exists" to "proven in a log we witness". Failed attempts are included with a `reason`; a cert that suddenly cannot be proven is itself a signal. Use this tool when: - You want to know whether a specific AI host's live cert is provably logged (pass `domain`), or - You want the corpus-wide proof rollup across watched hosts (omit `domain`). Inputs: - `domain` (query, optional): a hostname to filter to; omit for corpus-wide. - `limit` (query, optional): max recent rows, 1–200, default 50. Returns: - `domain` (echo, null when corpus-wide). - `summary`: `total_attempts`, `proven`, `unproven`, `domains`, `last_observed_at`. - `recent[]`: recent attempts (`log_operator`, `leaf_index`, `tree_size`, `sth_root_hash`, `inclusion_proven`, `reason`, ...). - `by_domain[]`: per-host `attempts` / `proven` rollup. Latency: - Typical <300ms (KV-cached 5m).

Returns the durable, deduplicated ledger of CT equivocation events the GhostRoute witness worker detects and pushes — a tree_size_rewind (an append-only log shrank), a root_fork (one tree_size witnessed with two different Merkle roots = a split-view log), or an sth_signature_invalid (a log's latest Signed Tree Head failed signature verification). Where `/v1/ghostroute/witness` shows live computed health, this is the immutable first-detection log: each entry's `detected_at` is when TunnelMind first raised the alarm. A healthy CT ecosystem returns an empty feed — any row here is a serious trust event. Use this tool when: - You want a chronological record of CT trust violations, not live state. - You're polling for new equivocation events (check `summary.last_detected_at`). Inputs: - `limit` (query, optional): max recent alerts, 1–200, default 50. Returns: - `summary`: `total`, `undelivered`, `rewinds`, `forks`, `bad_signatures`, `last_detected_at`. - `alerts[]`: each `kind`, `severity`, `log_url`, `log_operator`, `from_tree_size`, `to_tree_size`, `distinct_roots`, `event_observed_at`, `detected_at`, `delivered`. Latency: - Typical <200ms (KV-cached 1m).

Returns the routing anomalies the bgp-monitor has observed against TunnelMind's BGP watchlist — the witnessability layer's routing dimension. The monitor polls RIPEstat (RIPE NCC) on a cron, self-baselines each watched prefix's origin set on first sight, then records an event whenever a later poll deviates from that baseline. Use this to check whether a prefix or ASN you depend on (an SSP's egress, a publisher's network, your own infrastructure) has shown a hijack-shaped routing event. `event_type` is one of: - `origin_change` — an origin AS not in the baseline is announcing the prefix (severity `critical` if that announcement also fails RPKI, else `high`). - `rpki_invalid` — a current announcement fails RPKI ROA validation. - `withdrawn` — a previously-announced prefix is no longer visible. - `new_more_specific` / `visibility_drop` — reserved for a later monitor pass. `prev_origins` is the baseline the event deviated from. `count` is the full filtered set; `events` is bounded by `limit`, newest first. An empty `events` array means no anomalies in the window — the honest "all clear".

Returns a publisher's ads.txt change log — one entry per crawl in which its authorized-seller set changed. A publisher quietly adding a reseller line is a real fraud signal; this is how a buyer audits supply over time. Inputs: - `domain` (path, required): publisher domain. - `since` (query, optional): ISO date / date-time lower bound on `observed_at`. - `limit` (query, optional): max entries — default 50, max 200. Returns `changes[]`, newest first — each with `observed_at`, `added_count`, `removed_count`, `additions`, `removals`, `directive_changes`.

Returns the pre-computed 0.0–1.0 trust score for one entity, its component breakdown, and the 14-day trend. Scores are refreshed daily by a database job — this endpoint never recomputes from raw data, so it is fast and deterministic. `entity_id` is `{entity_type}:{key}` — e.g. `publisher:nytimes.com` or `ssp:pubmatic.com`. Entity types: `publisher`, `ssp`, `dsp`, `app_bundle` (publishers and SSPs are scored today). v1 evaluates structural components only (`ads_txt_health`, `supply_chain_directness`, `historical_stability` for publishers; `supply_reach`, `directness` for SSPs). The `not_evaluated` list names spec components without an enrichment path yet. Optional `weights` query param (URL-encoded JSON) re-weights the stored components for this call.

Scores up to 200 entities in one round-trip — built for agents evaluating many supply sources during campaign setup. Per-item parse failures are returned inline; the batch never fails as a whole. An optional `weights` object re-weights every entity in the call.

Registers an ATAP v0.1 AIT for a media-buying agent under the `sigil:media_buyer:v1` profile. Sigil validates the capability set and constraints against the published profile, signs the AIT as the witness (`OAI-2026-0000201`), stores it, and returns the signed token. Sigil is the ATAP witness — there is no kernel observer. See https://github.com/TunnelMind/atap-profiles.

Ingests one agent-reported event (`bid:submitted`, `bid:won`, `bid:lost`, `budget:decremented`) into an AIT's hash-chained attestation log. Sigil validates the payload (rejecting any PII per ATAP §7.6), classifies the evidence tier — `anchored` if a `bid:submitted` cites a valid Sigil token issued for this AIT and matching the bid's supply path, otherwise `asserted` — derives any `constraint:violated` events, then chains and signs each event. `supply:verified` / `supply:rejected` are witness-emitted by `sigil_verify_supply_path`, never accepted here — that is what makes the `witnessed` tier non-bypassable.

Rolls every not-yet-blocked Witness Event for an AIT into one signed ATAP Attestation Block with a profile `period_summary`, chained onto the prior block.

Returns an AIT's status, chain head hash, event count, pending-event count, per-tier event counts, and the anchored-bid coverage ratio.

Assembles the ATAP v0.1 §7.5 Receipt ZIP for an AIT — the signed Receipt (`manifest.json`), the AIT, the Attestation Block chain, the witness public key, a tier-graded `summary.json`, the bundled `verify.sh` reference verifier, and the witness events + sigil_tokens as profile artifacts. Any pending events are rolled into a final block first. The ZIP verifies offline — unpack it and run `verify.sh`; keys are at https://tunnelmind.ai/atap/keys. The summary grades every event as `witnessed`, `anchored`, or `asserted` and reports the anchored-bid coverage ratio.

Returns the TunnelMind analyst config bundle. Configures any LLM (Claude, GPT, Gemini, local) to behave as a TunnelMind analyst that knows the data graph, follows the 5-call golden path, and surfaces attestation_tier on every claim. The bundle is signed inline (Ed25519, key_id from /.well-known/receipt-signing-key.json). Add `?receipt=true` to wrap the response in a Receipt v1.0 envelope for end-to-end audit. Use this tool when: - You want to configure a new LLM runtime to act as a TunnelMind analyst - You want to verify the system prompt you're running matches what TunnelMind serves - You're building a BYOM (bring-your-own-model) deployment and need the canonical config Do NOT use this tool when: - You want to call individual TunnelMind data tools — use the tools directly - You want to verify a specific receipt — use check_receipt_revoked or @tunnelmindai/receipt-verify Inputs (all optional): - `surface` (query): "data" (default, full surface), "scry", or "sigil" - `version` (query): pin a specific bundle version (e.g. "1.0.0" or "1" for latest 1.x.y) - `receipt` (query): "true" to wrap the response in a signed Receipt v1.0 envelope Content negotiation (via Accept header): - `application/json` (default) — full bundle JSON - `text/markdown` — system prompt only (Anthropic flavor) - `application/vnd.anthropic.config+json` — Anthropic-shaped subset - `application/vnd.openai.config+json` — OpenAI-shaped subset Returns: - `version`, `schema`, `issuer`, `surface`, `surface_label` - `system_prompts.{anthropic,openai,generic}` — three encodings of the same semantic prompt - `tools.surface_subset` — array of operationIds for this surface (null = all) - `response_format` — JSON Schema the analyst's verdicts must conform to - `attestation_tiers` — the 4-tier vocabulary (self_asserted → silicon_root) - `graph_state` — live corpus counts at serve time - `references` — URLs to the rest of the open-protocol layer - `bundle_signature` — inline Ed25519 signature for offline verification - `pin_recommended` — stable supply-chain identifier (survives hourly graph_state updates) Headers: `X-Bundle-Version`, `X-Pin-Recommended`, `ETag`, `X-RateLimit-*`. Cost: - Free, anonymous-accessible. Rate-limited on a SEPARATE counter from data-API calls (`cfg:ip:<ip>` identity) so a config refetch loop can't burn your data quota. Latency: - Typical <100ms (cached); cold fetch <500ms (live Supabase counts).

Single-item revocation lookup per Receipt Format v1.0 §8.2. Verifiers that do not want to maintain a local mirror of `/.well-known/receipt-revocations.json` call this endpoint instead. The response includes `feed_version` for cache coherence. Use this tool when: - You are verifying a receipt and need to confirm its `signature.key_id` is still trusted. - You are verifying a receipt and need to confirm the specific `receipt_id` was not retracted by its issuer. - You hold receipts long-term and want to recheck trust before acting on them. Do NOT use this tool when: - You want the full revocation set — fetch `/.well-known/receipt-revocations.json` directly. - You want to *publish* a revocation — that is operator-controlled and not exposed via this API. Inputs: - `key_id` (query, optional): Receipt-format key_id (e.g., `tm-receipt-2026-05`). Provide one of `key_id` or `id`. - `id` (query, optional): UUIDv7 of a specific receipt. Provide one of `key_id` or `id`. Returns: - `revoked`: boolean. - When revoked: `revoked_at` (ISO 8601), `reason` (human-readable), `replacement_key_id` (for keys). - Always: `checked_at` (ISO 8601), `feed_version` (integer). Cost: - Free; rate-limited like the rest of the data API. Edge-cached 60s. Latency: - Typical <100ms (warm cache); p99 <500ms (cold fetch from well-known).

Validates an agent's x402 v1 client implementation against a TunnelMind surface end-to-end. Two operating modes: - `mode: "demo"` — HMAC over a nonce against a publicly-published secret. Does not move USDC. Smoke proves the WIRE works, not money movement. - `mode: "x402"` — real Coinbase facilitator dispatch (gated on operator wallet provisioning; currently returns "facilitator not configured"). Without an `X-PAYMENT` header, the endpoint returns HTTP 402 with a standards- compliant `accepts[]` array (USDC on Base, $0.001). With a valid `X-PAYMENT` header (base64-encoded payment payload), echoes the request body and returns an `X-PAYMENT-RESPONSE` settlement header. Use this tool when: - You are validating your agent's x402 v1 client implementation against a real public endpoint. - You want to demonstrate the full 402 → retry → settle wire end-to-end. Do NOT use this tool when: - You need a real paid operation — no TunnelMind production endpoint is gated behind x402 yet. Inputs: - `X-PAYMENT` (header, optional): base64(JSON) per the x402 v1 spec. Without it, a 402 challenge is returned. - Request body (optional): any JSON object to be echoed back on successful payment. Returns: - On no header: HTTP 402 + `{ x402Version, accepts: [...] }`. - On valid payment: HTTP 200 + `{ ok: true, data: { echoed, paid_micro_usdc, x402 } }` and an `X-PAYMENT-RESPONSE` header carrying the settlement record. - On invalid payment: HTTP 402 + `{ error: "invalid payment", reason }`. Discovery: - `https://tunnelmind.ai/.well-known/x402.json` carries the public demo secret and the HMAC construction recipe. Cost: - Free in demo mode (no USDC moved). $0.001 USDC in real-mode (when activated). Latency: - Typical <100ms (demo mode); real mode is bounded by facilitator latency.