// MCP TOOL REFERENCE

TUNNELMIND DATA API TOOLS

54 tools from the TunnelMind Data API MCP Server, categorised by risk level.

View the TunnelMind Data API policy → Token cost: 18,740 tokens →
// ALL 54 TUNNELMIND DATA API TOOLS
READ 43 tools
Read check_receipt_revoked Single-item revocation lookup per Receipt Format v1.0 §8.2. Verifiers that do not want to maintain a local ... Read cross_lens_lookup Returns all three lens views for a single node key without computing a fused verdict. Use this when you wan... Read cross_lens_verify A2 — the cross-lens join. TunnelMind owns both halves of the open-web graph: Scry sees who is on every IP (... Read explain_verdict Call this when you need to ACT ON a verdict and prove why. It returns the exact verdict `/v1/verify/{node}`... Read get_analyst_config Returns the TunnelMind analyst config bundle. Configures any LLM (Claude, GPT, Gemini, local) to behave as ... Read get_api_key Returns the tier, label, masked owner email, creation date, last-used timestamp, today's request count, and... Read get_bgp_events Returns the routing anomalies the bgp-monitor has observed against TunnelMind's BGP watchlist — the witness... Read get_domain Returns the complete surveillance intelligence record for a domain name. If the domain is in TunnelMind's t... Read get_entity Returns an entity record for a surveillance company or data broker, including its industry, estimated annua... Read get_receipt Returns metadata for a TunnelMind surveillance receipt — a signed document proving that a specific user's s... Read get_stats One public "state of the corpus" readout — the whole graph in a single call. Distinct from the Scry-only se... Read get_task Returns the current status of a task created by an `?async=true` intel request. Poll this endpoint until `s... Read health_check Returns a minimal status object confirming the API is alive. Use this to verify connectivity before chainin... Read intel_optout Checks a domain for all known AI training data opt-out mechanisms beyond robots.txt: TDM (Text and Data Min... Read intel_robots Retrieves the target domain's `robots.txt` file and parses it for AI crawler disallow rules. Specifically d... Read intel_stack Fetches up to 32KB of the domain's HTML and response headers from the edge, then fingerprints the content f... Read list_domains Returns a paginated list of domains from the tracker database. Results are ordered alphabetically by domain... Read list_entities Returns a paginated list of corporate entities in the TunnelMind surveillance database. Includes data categ... Read preflight_should_i_act The single call an agent makes before transacting with a destination on the open web. Composes the cross-le... Read profile_entity Call this before routing traffic, bidding on inventory, or trusting a counterparty. It fuses ALL THREE Tunn... Read search Searches both the domains table and the entities table simultaneously. Returns matching domains (by domain ... Read sigil_atap_ait_status Returns an AIT's status, chain head hash, event count, pending-event count, per-tier event counts, and the ... Read sigil_atap_roll_block Rolls every not-yet-blocked Witness Event for an AIT into one signed ATAP Attestation Block with a profile ... Read sigil_atap_witness Ingests one agent-reported event (`bid:submitted`, `bid:won`, `bid:lost`, `budget:decremented`) into an AIT... Read sigil_score_batch Scores up to 200 entities in one round-trip — built for agents evaluating many supply sources during campai... Read sigil_score_entity Returns the pre-computed 0.0–1.0 trust score for one entity, its component breakdown, and the 14-day trend.... Read sigil_score_weights Returns the active, versioned default weights used to combine an entity's trust-score components, plus the ... Read sigil_verify_ads_txt Confirms whether an SSP/exchange is authorized to sell a publisher's inventory according to that publisher'... Read sigil_verify_ads_txt_batch Runs up to 100 ads.txt verifications in a single call — the endpoint an ad-buying agent uses for pre-bid ch... Read sigil_verify_adscert Reports whether a domain publishes ads.cert (IAB Tech Lab Authenticated Connections) DNS records — a readin... Read sigil_verify_app_bundle Verifies that a mobile or CTV app bundle ID actually exists in the relevant app store — used to detect bund... Read sigil_verify_domain Confirms a publisher controls a domain by checking for a DNS TXT record the owner publishes under `_tunnelm... Read sigil_verify_ip_type Classifies an IPv4 address by network type — the high-value ad-fraud signal being datacenter traffic posing... Read sigil_verify_supply_chain The bid-time contract. Pass the SupplyChain object from an OpenRTB bid request (`source.ext.schain`) verbat... Read sigil_verify_supply_path The core Sigil pre-bid call. Submit a supply path; Sigil composes its individual checks into one trust verd... Read sigil_verify_token Verifies the authenticity and expiry of a `sigil_token` returned by `sigil_verify_supply_path`. Anyone can ... Read signal_dark_pool_risk Reconciles every sell path a publisher declares (`sells_through`) against each SSP's own sellers.json (`exc... Read signal_halo_score Scores an entity by the trust character of its neighbours — the SSPs its publishers sell through and the DS... Read signal_team_signal Surfaces other entities that operate as a coordinated team with this one: they share a NARROWLY-held direct... Read signal_tracker_density Observed component counts first, a labelled derived roll-up second. The components — `data_categories`, sup... Read stream_task Opens a persistent SSE connection that emits events as the task progresses. The stream closes automatically... Read verify_receipt Tamper-detection verification for TunnelMind surveillance receipts. Submit the receipt ID, the SHA-256 cont... Read x402_echo Validates an agent's x402 v1 client implementation against a TunnelMind surface end-to-end. Two operating m...
WRITE 9 tools
Write audit_export Returns NDJSON (one JSON object per line) of audit log entries. Each entry records the operation called, th... Write generate_receipt Looks up each submitted domain in the TunnelMind tracker database, aggregates risk metrics (avg score, max ... Write intel_agent Probes a domain for known AI agent integration signals: `llms.txt`, `ai.txt`, `/.well-known/ai-plugin.json`... Write intel_http Makes a live HEAD request to the target domain from the Cloudflare edge, follows up to 5 redirects, and ret... Write intel_inject Fetches a domain's homepage and checks for content patterns that could constitute prompt injection attacks ... Write sigil_ads_txt_history Returns a publisher's ads.txt change log — one entry per crawl in which its authorized-seller set changed. ... Write sigil_atap_register_ait Registers an ATAP v0.1 AIT for a media-buying agent under the `sigil:media_buyer:v1` profile. Sigil validat... Write sigil_receipt_generate Assembles the ATAP v0.1 §7.5 Receipt ZIP for an AIT — the signed Receipt (`manifest.json`), the AIT, the At... Write sigil_traverse Reconstructs the supply paths for a publisher domain from Sigil's own crawl and returns them ITEMIZED — dis...
DESTRUCTIVE 2 tools
Destructive cancel_task Marks the task as `cancelled`. If the task is already in a terminal state (`complete`, `failed`, `expired`)... Destructive revoke_api_key Permanently deactivates the API key used to make this request. This action is irreversible. After revocatio...
// FAQ
How many tools does the TunnelMind Data API MCP server have? +

The TunnelMind Data API MCP server exposes 54 tools across 3 categories: Read, Write, Destructive.

How do I enforce policies on TunnelMind Data API tools? +

Route the TunnelMind Data API server through the PolicyLayer gateway. Define allow, deny, or approval rules per tool in the dashboard — they are enforced on every call before it reaches the server.

What risk categories do TunnelMind Data API tools fall into? +

TunnelMind Data API tools are categorised as Read (43), Write (9), Destructive (2). Each category has a recommended default policy.

Let agents act without letting them run wild.

Route your MCP servers through PolicyLayer and every tool call is checked against your policy before it runs — allow, deny, or require approval. Per-identity grants. Full audit log. Live in minutes.

SECURE YOUR MCP →

Free to start. No card required.

4,600+ MCP servers and 31,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.