Validate structured data and automatically compute repairs if it fails. Single call that combines validate + repair. Different from validate: validate returns only the verdict; if the data fails, you'd then call repair separately. validate_repair returns the verdict AND the repaired payload in on...
Risk signalsHandles credentials or secrets (api_key)
Part of the Governance Platform server.
Free to start. No card required.
AI agents call validate_repair to retrieve information from Governance Platform without modifying any data. This is common in research, monitoring, and reporting workflows where the agent needs context before taking action. Because read operations don't change state, they are generally safe to allow without restrictions -- but you may still want rate limits to control API costs.
Even though validate_repair only reads data, uncontrolled read access can leak sensitive information or rack up API costs. An agent caught in a retry loop could make thousands of calls per minute. A rate limit gives you a safety net without blocking legitimate use.
Read-only tools are safe to allow by default. No rate limit needed unless you want to control costs.
{
"version": "1",
"default": "deny",
"tools": {
"validate_repair": {}
}
}See the full Governance Platform policy for all 31 tools.
These attack patterns abuse exactly the kind of access validate_repair gives an agent. Each links to the full case and the policy that stops it:
Other read tools across the catalogue. The same approach applies to each: allow, with a rate cap to control cost.
Validate structured data and automatically compute repairs if it fails. Single call that combines validate + repair. Different from validate: validate returns only the verdict; if the data fails, you'd then call repair separately. validate_repair returns the verdict AND the repaired payload in one call. Different from repair: repair always returns repair suggestions regardless of whether the input was valid; validate_repair only computes repairs when validation actually fails. If PASS: returns the validated data with determinism hash. If FAIL: returns the failure details AND a repaired payload with field-by-field corrections and confidence scores. The agent can inspect the repairs and resubmit the corrected data. If REVIEW: returns the flagged data with review reasoning. This is the recommended starting point for most agent integrations. Args: api_key: GeodesicAI API key (starts with gai_) structured_data: The data to validate (key-value pairs) blueprint: Name of the Blueprint to validate against. Use list_blueprints to see options.. It is categorised as a Read tool in the Governance Platform MCP Server, which means it retrieves data without modifying state.
Register the Governance Platform MCP server in PolicyLayer and add a rule for validate_repair: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Governance Platform. Nothing to install.
validate_repair is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the validate_repair rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for validate_repair. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
validate_repair is provided by the Governance Platform MCP server (https://app.geodesiclabs.ai/mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 31 Governance Platform tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
4,600+ MCP servers and 31,000+ tools scanned and risk-classified.