Fact-check a document's REFERENCES and CLAIMS — built for AI-generated reports whose citations must be checked before they're trusted. USE THIS WHEN someone shares a report, article, whitepaper, or deep-research export (or a link to one) and asks: is this accurate / legit? are these citations rea...
AI agents call verify_references to retrieve information from OpenWarrant without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.
| Parameter | Type | Required | Description |
|---|---|---|---|
url | object | — | |
deep | boolean | — | |
text | object | — | |
filename | string | — | |
bytes_b64 | object | — |
Parameters from the server's own tool schema.
verify_references reads and analyzes document content to validate citations and claims. It fetches documents via URL server-side and performs validation checks, but does not create, modify, delete, execute code, or transfer funds. This is a pure read/query operation with informational output only.
From the tool's definition Tool performs fact-checking and verification of document references and claims: 'Fact-check a document's REFERENCES and CLAIMS', 'is this accurate / legit? are these citations real?' — these are query and retrieval operations with no data modification or side…
Risk signalsAccepts file system path (filename) · Accepts URL/endpoint input (url)
Attacks that exploit this kind of access
Fact-check a document's REFERENCES and CLAIMS — built for AI-generated reports whose citations must be checked before they're trusted. USE THIS WHEN someone shares a report, article, whitepaper, or deep-research export (or a link to one) and asks: is this accurate / legit? are these citations real? fact-check this. did the AI make this up? Also use it proactively before relying on any AI-written document. Provide the document ONE way: url (a public http(s) link to a PDF or web page — fetched server-side, the cheapest call: no need to download or encode anything), text (pasted markdown/plain prose), OR bytes_b64 (a base64 PDF; URLs are read from the PDF's link annotations, so they're exact). Default (fast): provenance (is it a ChatGPT deep-research export?), citation resolution (live / archived / dead, papers matched against arXiv/Crossref to catch 'real ID, wrong paper'), and internal MATH (recompute the doc's own arithmetic). Set deep=true to also fetch each cited source and judge whether it SUPPORTS or CONTRADICTS the claim (slower, ~a minute). Returns a trust summary, per-item tables, and a shareable permalink to the public fact-check record. HONEST BOUNDARY: this reports verification COVERAGE, not truth — 'supported' means evidence-backed (not necessarily true) and 'unsupported' means no evidence found (not necessarily false). It tells a reviewer WHERE to look; it does not bless the document, and it never affects the fraud risk band. It is categorised as a Read tool in the OpenWarrant MCP Server, which means it retrieves data without modifying state.
verify_references accepts 5 parameters: url, deep, text, filename, bytes_b64. The full parameter table on this page comes from the server's own tool schema.
Register the OpenWarrant MCP server in PolicyLayer and add a rule for verify_references: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches OpenWarrant. Nothing to install.
verify_references is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the verify_references rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for verify_references. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
verify_references is provided by the OpenWarrant MCP server (https://www.stipple.sh/mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →