Check whether a SET of documents satisfies a checklist — completeness, cheaply. USE THIS WHEN you have an application / onboarding pack and need "do we have the required documents, and what's still missing?" Each document is CLASSIFIED (one cheap page-1 read — never full field extraction or multi...
AI agents call check_pack to retrieve information from OpenWarrant without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.
| Parameter | Type | Required | Description |
|---|---|---|---|
scheme | object | — | |
documents | array | Yes | |
requirements | object | — |
Parameters from the server's own tool schema.
check_pack performs document classification and checklist matching operations that retrieve and analyze document metadata. It has no side effects, does not modify documents, execute code, delete data, or move money. The tool is explicitly scoped to read-only operations (page-1 classification) with the caveat to delegate to other tools for verification and identity checks.
From the tool's definition Tool description states it performs 'one cheap page-1 read' and 'matched against the checklist's required slots.' It checks completeness of document packs by classifying documents and comparing against a checklist, with explicit guidance to 'use…
Attacks that exploit this kind of access
Check whether a SET of documents satisfies a checklist — completeness, cheaply. USE THIS WHEN you have an application / onboarding pack and need "do we have the required documents, and what's still missing?" Each document is CLASSIFIED (one cheap page-1 read — never full field extraction or multi-page), then matched against the checklist's required slots. (For "is a document genuine?" use verify_document; to identify ONE document use classify_document; for the identity gate use verify_identity.) Define the checklist ONE of two ways: - scheme: a named preset — "income_proof", "lending_prequal", "rental_application". - requirements: an ad-hoc checklist — a list of document-type names like ["payslip","bank_statement"], or objects {"key":..., "accepts":[types], "optional":bool}. documents is a list (up to 12), each ONE of: {"url": "https://..."} (public link, fetched server-side) or {"bytes_b64": "...", "filename": "statement.pdf"} (inline). Returns {complete, slots[] (key, satisfied, matched), missing[], documents[] (filename, classified_type), unmatched_documents[]}. COVERAGE, not approval — that the right document TYPES are present, NOT that any is genuine (run verify_document) or that an application is approved. Documents are never stored. It is categorised as a Read tool in the OpenWarrant MCP Server, which means it retrieves data without modifying state.
check_pack accepts 3 parameters: scheme, documents, requirements. Required: documents. The full parameter table on this page comes from the server's own tool schema.
Register the OpenWarrant MCP server in PolicyLayer and add a rule for check_pack: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches OpenWarrant. Nothing to install.
check_pack is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the check_pack rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for check_pack. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
check_pack is provided by the OpenWarrant MCP server (https://www.stipple.sh/mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →