Sigil

A2 — the cross-lens join. Fuse TunnelMind's two lenses (Scry attacker intelligence + Sigil supply graph) into ONE verdict on a single node key. This is the moat: no siloed competitor owns both halves of the graph, so the fused `cross_lens` block carries information neither lens can supply alone. Use this tool when: - An agent must decide whether to transact with an IP, domain, ASN, or entity_slug, and a one-lens answer is not enough. - You want a single composite trust verdict instead of running Scry + Sigil calls separately and reconciling them by hand. Inputs: - `node` (required): an IPv4 address, a domain, an ASN (e.g. `AS64500`), or an entity_slug. Type is auto-detected. - `weights` (optional): per-component weight overrides. - `thresholds` (optional): `{ pass, fail }` verdict cutoffs (defaults 0.7 / 0.3). - `ait` (optional): an ATAP AIT id. When present, the verdict is chained onto the AIT as a witness-tier `cross_lens:verified` event signed by Sigil (witness OAI-2026-0000201) — replayable evidence, not just JSON. Returns: per-lens `scry` + `sigil` blocks (transparency), a fused `cross_lens` block with `verdict` / `trust_score` / `confidence` / `signals` / `recommendations`, a 5-minute signed `sigil_token`, and a `witnessed_event` block when an AIT was supplied. Failure semantics: each lens fails independently. Single-lens answers still return 200 with a `confidence` of 0.55. Returns 503 only when BOTH lenses are unavailable.

The core pre-bid check. Verify the trustworthiness of one programmatic ad supply path and get back a composite trust verdict plus a signed proof token. Sigil composes ads.txt authorization, datacenter-IP classification, Scry fraud-corpus lookup, and app-bundle checks into one score. Use this tool when: - An ad-buying agent is about to bid and must confirm the supply is genuine. - You want one call instead of running ads.txt / IP / bundle checks separately. Inputs: - `supply_path` (required): { publisher_domain, exchange, seller_id, and optionally ip_address, app_bundle:{bundle_id,platform} }. - `ait` (optional): an ATAP AIT id — when present, Sigil records this verification as a witnessed attestation event and binds the token to it. Returns: `trust_score` (0-1), `verdict` (pass/warn/fail/unknown), per-check results, `recommendations`, and a signed `sigil_token` (5-min) to attach to the bid as proof. The submitted IP is used for lookup only — never stored.

Check whether an exchange/SSP is authorized to sell a publisher's inventory, per the publisher's ads.txt file. Fast cached lookup against Sigil's daily crawl of the top ~10k publisher domains. Use this tool when: - You need a single, narrow authorization check (not a full supply-path score). - You are validating a (publisher, exchange, seller_id) triple from a bid request. Inputs: - `publisher_domain`, `exchange_domain`, `seller_id` (all required). - `resolve_chain` (optional): when true and the entry is RESELLER, Sigil walks one hop into the exchange's sellers.json to identify the upstream seller. Returns: `verified` (true/false/null), `confidence`, the matched ads.txt entry, and any `warnings` (e.g. seller_type mismatch).

Classify an IPv4 address as datacenter, residential, mobile, or unknown. Detects datacenter traffic posing as real user devices. Stateless — the IP is never logged or stored. Use this tool when: - You need to know whether bid-request traffic originates from a datacenter. Inputs: - `ip` (required): an IPv4 address. Returns: `ip_type`, `confidence` (high/medium/low), and the ASN + AS-org name.

Verify that a mobile/CTV app bundle ID actually exists in its app store and, optionally, that the listed developer matches. Detects bundle-ID spoofing in bid requests. Use this tool when: - A bid request names an app bundle and you must confirm the app is real. Inputs: - `bundle_id` (required), `platform` (required: ios | android | ctv_* | web), - `claimed_developer` (optional): developer name to match against the listing. Returns: `verified` (true/false/null), the store listing, and `developer_match`.

Verify a full OpenRTB SupplyChain (schain) object — every node, end to end. Per node Sigil checks the seller against the exchange sellers.json and the origin ads.txt, then returns a per-node and aggregate verdict plus a signed token. Use this tool when: - A bid request carries an OpenRTB `schain` and you want it verified verbatim. Inputs: - `schain` (required): an OpenRTB SupplyChain object ({ ver, complete, nodes:[{asi,sid,hp}] }). - `site_domain` or `app_bundle` (optional): the inventory origin, checked against node[0] via ads.txt / OWNERDOMAIN. Returns: per-node `nodes` results, an aggregate `verdict`, `recommendations`, and a signed `sigil_token`.

Walk the supply graph for a publisher domain and get back the ITEMIZED sell paths — distinct from sigil_verify_supply_chain (which verifies a schain you BRING) and from the dark-pool-risk signal (which only returns counts). Here Sigil reconstructs the paths from its own crawl: every SSP the publisher declares it sells through, joined to that SSP's identity and classified two-sided against the SSP's sellers.json. Use this tool when: - You have a publisher domain but no schain, and want to SEE its real authorized supply paths and where the opacity is. - dark-pool-risk flagged a publisher and you need the specific contradicted paths driving the risk, not just the aggregate. Inputs: - `domain` (required): the publisher domain, e.g. `cnn.com`. - `limit` (optional): max paths returned (default 200, cap 500). The list is ordered riskiest-first (contradicted, then reseller) so a truncated page is still the most useful; the `supply_paths` counts are always over the FULL set. Returns: `supply_paths` aggregate counts (total / direct / reseller / corroborated / contradicted / unchecked) and `paths[]`, each with the SSP identity, `seller_id`, `seller_type`, `klass` (corroborated = seat present; contradicted = SSP crawled but seller_id absent → real risk; unchecked = SSP not yet crawled → not risk), and `resells_to` (one level of downstream reseller expansion). Returns in_supply_graph:false if the domain is not in the crawled corpus.

Get the pre-computed trust score for one supply-chain entity (a publisher or an SSP). Scores are recomputed daily from ads.txt health, supply-chain directness, reach, and stability — deterministic, no ML black box. Use this tool when: - You want a fast standing trust signal for an entity without running checks. Inputs: - `entity_id` (required): `{type}:{domain}` — e.g. `publisher:nytimes.com` or `ssp:pubmatic.com`. Returns: `trust_score` (0-1), `score_components`, the 14-day `trend`, and `warnings`.

Pre-computed trust scores for up to 200 entities in one call — built for an agent evaluating many supply sources during campaign setup. Use this tool when: - You have a list of publishers/SSPs to grade at once. Inputs: - `entity_ids` (required): array of `{type}:{domain}` ids, up to 200. - `weights` (optional): custom component weights to re-score with. Returns: `count`, `scored_count`, and a per-entity `results` array (invalid ids are reported inline, never failing the batch).

Register an ATAP v0.1 Agent Identity Token for a media-buying agent. Sigil validates the capabilities + constraints against the `sigil:media_buyer:v1` profile, signs the AIT as the witness, and returns it. Do this once per agent campaign before witnessing any events. Inputs: - `profile` (required): must be `sigil:media_buyer:v1`. - `operator` (required): the agent operator's canonical OAI. - `capabilities` (required): array from the profile vocabulary. - `constraints` (required): { currency, max_bid_cpm, supply_trust_minimum, budget_total_cap, allowed_channels, ... }. - `attestation_policy` (required): { witness_granularity, block_interval_seconds (60-3600), receipt_generation }. - `expires_at` (required): ISO date-time, <= 365 days out. Returns: the signed AIT (note its `id` for subsequent witness calls).

Witness one agent-reported bid or budget event into an AIT's hash-chained attestation log. Sigil validates the payload (rejecting any PII), classifies the evidence tier — `anchored` if a bid cites a valid Sigil token, else `asserted` — derives constraint violations, and signs the event. Use this tool when: - An ATAP-enrolled media-buyer agent submits a bid, win, loss, or budget decrement and you want it on the attestation record. Inputs: - `ait` (required): the AIT id. - `event_type` (required): bid:submitted | bid:won | bid:lost | budget:decremented. - `payload` (required): the event payload (see the sigil:media_buyer:v1 profile). Returns: the signed witness event(s), the assigned `tier`, and any derived constraint violations. (supply:verified events come from verify_supply_path, not this tool.)

Generate the ATAP v0.1 compliance Receipt for an AIT — the portable, signed artifact a media buyer hands its principal. The receipt grades every event witnessed / anchored / asserted and is verifiable offline with the bundled verify.sh. Use this tool when: - A reporting period closes and you need a compliance export for the AIT. Inputs: - `ait` (required): the AIT id. - `format` (optional): `full` (default) or `summary`. Returns: JSON with `receipt_id` and `zip_base64` — base64-decode `zip_base64` to a .zip, unpack it, and run verify.sh to verify the chain independently.