Walk the supply graph for a publisher domain and get back the ITEMIZED sell paths — distinct from sigil_verify_supply_chain (which verifies a schain you BRING) and from the dark-pool-risk signal (which only returns counts). Here Sigil reconstructs the paths from its own crawl: every SSP the publi...
Risk signalsBulk/mass operation — affects multiple targets
Part of the Sigil server.
Free to start. No card required.
AI agents use traverse_supply_chain to create or modify resources in Sigil. Write operations carry medium risk because an autonomous agent could trigger bulk unintended modifications. Rate limits prevent a single agent session from making hundreds of changes in rapid succession. Argument validation ensures the agent passes expected values.
Without a policy, an AI agent could call traverse_supply_chain repeatedly, creating or modifying resources faster than any human could review. PolicyLayer's rate limiting ensures write operations happen at a controlled pace, and argument validation catches malformed or unexpected inputs before they reach Sigil.
Write tools can modify data. A rate limit prevents runaway bulk operations from AI agents.
{
"version": "1",
"default": "deny",
"tools": {
"traverse_supply_chain": {
"limits": [
{
"counter": "traverse_supply_chain_rate",
"window": "minute",
"max": 30,
"scope": "grant"
}
]
}
}
}See the full Sigil policy for all 12 tools.
These attack patterns abuse exactly the kind of access traverse_supply_chain gives an agent. Each links to the full case and the policy that stops it:
Other write tools across the catalogue. The same approach applies to each: rate-limit and validate the arguments.
Walk the supply graph for a publisher domain and get back the ITEMIZED sell paths — distinct from sigil_verify_supply_chain (which verifies a schain you BRING) and from the dark-pool-risk signal (which only returns counts). Here Sigil reconstructs the paths from its own crawl: every SSP the publisher declares it sells through, joined to that SSP's identity and classified two-sided against the SSP's sellers.json. Use this tool when: - You have a publisher domain but no schain, and want to SEE its real authorized supply paths and where the opacity is. - dark-pool-risk flagged a publisher and you need the specific contradicted paths driving the risk, not just the aggregate. Inputs: - domain (required): the publisher domain, e.g. cnn.com. - limit (optional): max paths returned (default 200, cap 500). The list is ordered riskiest-first (contradicted, then reseller) so a truncated page is still the most useful; the supply_paths counts are always over the FULL set. Returns: supply_paths aggregate counts (total / direct / reseller / corroborated / contradicted / unchecked) and paths[], each with the SSP identity, seller_id, seller_type, klass (corroborated = seat present; contradicted = SSP crawled but seller_id absent → real risk; unchecked = SSP not yet crawled → not risk), and resells_to (one level of downstream reseller expansion). Returns in_supply_graph:false if the domain is not in the crawled corpus.. It is categorised as a Write tool in the Sigil MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the Sigil MCP server in PolicyLayer and add a rule for traverse_supply_chain: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Sigil. Nothing to install.
traverse_supply_chain is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the traverse_supply_chain rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for traverse_supply_chain. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
traverse_supply_chain is provided by the Sigil MCP server (https://mcp.sigil.tunnelmind.ai/mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 12 Sigil tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
4,600+ MCP servers and 31,000+ tools scanned and risk-classified.