# TunnelMind Data API MCP server

Tracker / Sigil / Cross-lens — every TunnelMind Data API operation as one MCP surface.

## Links
- Registry page: https://www.getdrio.com/mcp/ai-tunnelmind-data
- Repository: https://github.com/TunnelMind/tunnelmind-data-api
- Website: https://tunnelmind.ai

## Install
- Endpoint: https://mcp-data.tunnelmind.ai/mcp
- Auth: Not captured

## Setup notes
- Remote endpoint: https://mcp-data.tunnelmind.ai/mcp

## Tools
- health_check - Returns a minimal status object confirming the API is alive. Use this to verify
connectivity before chaining other calls, or as a liveness check in a workflow.

Use this tool when:
- You need to verify the API is reachable before starting a multi-step investigation.
- A prior call failed with a 503 or 504 and you want to confirm the service recovered.
- You are debugging connectivity from a new environment.

Do NOT use this tool when:
- You want actual tracker data — use `get_domain` or `search` instead.
- You want to check a specific domain — this returns nothing domain-specific.

Inputs:
- None.

Returns:
- `ok`: always true if the API is up.
- `ts`: ISO 8601 timestamp of the server's current time.

Cost:
- Free. No API key required. Not rate-limited.

Latency:
- Typical: <50ms, p99: <200ms.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- get_domain - Returns the complete surveillance intelligence record for a domain name. If the
domain is in TunnelMind's tracker database (80,000+ entries), the response includes
tracker category, risk score, fingerprinting data, cookie persistence, IAB TCF
purposes, and the owning corporate entity. If the domain is not in the database,
a live probe is automatically run: RDAP registration data, DNS records (MX, SPF,
TXT verification tokens), HTTP headers, and CSP third-party actors are fetched
fresh from the edge and returned.

Use this tool when:
- You need to know whether a specific domain tracks users, and how aggressively.
- You are researching who owns a domain and what corporate entity controls it.
- You want to check HTTP security headers and third-party services embedded in a site.
- You are building a risk score for a domain before routing traffic through it.

Do NOT use this tool when:
- You want to search by keyword or category — use `search` instead.
- You want all domains for an entity — use `get_entity` instead.
- You want jurisdiction routing data — use `get_ghostroute_cert` instead.

Inputs:
- `domain` (path, required): Domain name. Strip `www.` prefix — it is removed automatically.
  Subdomains are resolved to the parent: `ads.doubleclick.net` → `doubleclick.net`.
  Examples: `doubleclick.net`, `google-analytics.com`, `intercom.io`.

Returns:
- Full `DomainRecord`. Free tier returns the domain, category, score, prevalence, and
  entity name. Pro/enterprise additionally return `tcf_vendor_id`, `tcf_purposes`,
  `tcf_features`, and `disconnect_cats`.
- If the domain is not in the tracker database, `live_lookup: true` is set and
  RDAP/DNS/HTTP probe results are returned instead of tracker fields.
- 404 if the domain cannot be found via live probe either (unknown TLD, unreachable).

Cost:
- Free tier: included in 50 req/day limit. Pro/enterprise: included in plan.

Latency:
- Database hit: typical <100ms, p99 <300ms.
- Live probe: typical 2-5s, p99 10s (external DNS/HTTP calls).
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- list_domains - Returns a paginated list of domains from the tracker database. Results are ordered
alphabetically by domain name and support cursor-based pagination for full traversal.
Filtering by category and minimum score allows targeted data extraction.

Use this tool when:
- You want to enumerate all known ad-tech or analytics domains above a risk threshold.
- You need a dataset of tracker domains for offline analysis.
- You are paginating through a category to build a block list.

Do NOT use this tool when:
- You need data for a specific domain — use `get_domain` instead.
- You are searching by keyword — use `search` instead.
- You want domains belonging to a specific company — use `get_entity` instead.

Inputs:
- `category` (query, optional): Filter by surveillance category. One of: `ad_tech`,
  `analytics`, `social`, `fingerprinting`, `content`, `cdn`, `other`.
- `min_score` (query, optional): Integer 0-100. Exclude domains scoring below this value.
- `limit` (query, optional): Number of results per page. Max 100 (paid), 20 (free). Default 50.
- `cursor` (query, optional): Pagination cursor from the previous response's `next_cursor` field.

Returns:
- Array of domain list items (domain, category, score, prevalence, entity summary).
- `meta.has_more`: true if more pages exist.
- `meta.next_cursor`: pass as `cursor` to get the next page.
- `meta.count`: number of results in this page.

Cost:
- Free tier: up to 20 results/page, 50 req/day. Pro/enterprise: up to 100 results/page.

Latency:
- Typical: <200ms, p99: <500ms.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- get_entity - Returns an entity record for a surveillance company or data broker, including its
industry, estimated annual data value per user (in USD), categories of personal data
collected, and the full list of domains it controls. Free tier returns 5 domains,
paid returns up to 200.

Use this tool when:
- You want to understand what corporate entity owns or controls a tracker domain.
- You need to assess the total surveillance footprint of a company (e.g., Alphabet,
  Meta, Oracle).
- You are building a corporate surveillance graph and need domain-to-entity mapping.

Do NOT use this tool when:
- You have a domain and need its category — use `get_domain` instead.
- You want to browse entities by industry — use `list_entities` instead.
- You are searching for an entity by name — use `search` instead.

Inputs:
- `slug` (path, required): URL-safe entity identifier (lowercase, hyphens). Examples:
  `alphabet`, `meta`, `oracle-data-cloud`, `the-trade-desk`.

Returns:
- Full `EntityRecord` with data categories, estimated data cost, and associated domains.
- `domains`: array of top-scoring domains (5 for free tier, 200 for paid).
- Pro/enterprise additionally return `website` and `description` fields.

Cost:
- Free tier: included in 50 req/day limit. Pro/enterprise: included in plan.

Latency:
- Typical: <150ms, p99: <400ms.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- list_entities - Returns a paginated list of corporate entities in the TunnelMind surveillance
database. Includes data categories, estimated data value, and industry classification.
Useful for enumerating the surveillance ecosystem by sector.

Use this tool when:
- You want to enumerate all entities in a specific industry (e.g., all ad-tech companies).
- You need a dataset of surveillance entities for analysis or reporting.
- You are building a comprehensive surveillance landscape map.

Do NOT use this tool when:
- You need the full profile of a specific entity — use `get_entity` instead.
- You are searching by entity name — use `search` instead.
- You need domain-level data — use `list_domains` instead.

Inputs:
- `industry` (query, optional): Filter by industry classification. Examples:
  `ad_tech`, `analytics`, `data_broker`, `social`, `crm`.
- `limit` (query, optional): Results per page. Max 100 (paid), 20 (free). Default 50.
- `cursor` (query, optional): Pagination cursor from previous response's `next_cursor`.

Returns:
- Array of entity list items (slug, name, parent_company, industry, data_categories,
  data_cost_usd).
- `meta.has_more` and `meta.next_cursor` for pagination.

Cost:
- Free tier: up to 20 results/page, 50 req/day. Pro/enterprise: up to 100 results/page.

Latency:
- Typical: <150ms, p99: <400ms.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- search - Searches both the domains table and the entities table simultaneously. Returns
matching domains (by domain name) and entities (by name or slug) in a single
response. Minimum 2 characters, maximum 100 characters.

Use this tool when:
- You have a partial name and need to identify what tracker or entity it belongs to.
- You want to find all TunnelMind records related to a company name like "Google" or "Oracle".
- You are resolving an ambiguous domain (e.g., does `criteo.com` appear in the tracker DB?).

Do NOT use this tool when:
- You know the exact domain — use `get_domain` instead (faster, more complete).
- You know the exact entity slug — use `get_entity` instead.
- You want to browse by category or industry — use `list_domains` or `list_entities`.

Inputs:
- `q` (query, required): Search string, 2-100 characters. Matched against domain names
  and entity names/slugs.

Returns:
- `domains`: array of matching domain records (list item format).
- `entities`: array of matching entity records (list item format).
- Both arrays may be empty if no matches found. No pagination — results are capped
  at 20 per type.

Cost:
- Free tier: included in 50 req/day. Pro/enterprise: included in plan.

Latency:
- Typical: <200ms, p99: <500ms.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- intel_http - Makes a live HEAD request to the target domain from the Cloudflare edge, follows
up to 5 redirects, and returns the full redirect chain, final HTTP status, key
response headers, a security header score, and any third-party surveillance
actors referenced in the Content-Security-Policy header.

Use this tool when:
- You want to verify whether a site enforces HTTPS and HSTS.
- You need to inspect what third-party scripts a site loads via its CSP header.
- You are assessing a domain's security posture before trusting it.
- You want to detect surveillance actors embedded in a site's CSP.

Do NOT use this tool when:
- You need tracker database data (category, score, entity) — use `get_domain` instead.
- You need the technology stack (CMS, framework) — use `intel_stack` instead.
- You need robots.txt AI crawler policy — use `intel_robots` instead.

Inputs:
- `domain` (query, required): Domain to probe. Can include or omit `https://`.
  Examples: `nytimes.com`, `https://example.com`.

Returns:
- `reachable`: false if the domain did not respond within 6 seconds.
- `redirect_chain`: each hop with URL, status code, and Location header.
- `security_headers.score`: 0-100 based on presence of HSTS, CSP, X-Content-Type,
  X-Frame-Options, Referrer-Policy.
- `security_headers.missing`: list of headers absent.
- `csp_actors`: known surveillance actors detected in the CSP header.
- `error`: set if the connection failed.

Cost:
- Free. No API key required.

Latency:
- Typical: 1-3s (outbound fetch), p99: 6s (timeout). Plan for async if chaining calls.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- intel_stack - Fetches up to 32KB of the domain's HTML and response headers from the edge, then
fingerprints the content for known CMS platforms, JavaScript frameworks, CDN
providers, and analytics tools. Detection is based on meta generator tags, script
src patterns, response headers, and cookie names.

Use this tool when:
- You need to know what CMS (WordPress, Drupal, Shopify) a site runs.
- You are assessing a domain's infrastructure before a security review.
- You want to identify analytics or marketing tools a site embeds.

Do NOT use this tool when:
- You want HTTP headers and security posture — use `intel_http` instead.
- You want tracker database classification — use `get_domain` instead.
- You need robots.txt AI policy — use `intel_robots` instead.

Inputs:
- `domain` (query, required): Domain to fingerprint.

Returns:
- `cms`: detected content management system, or null.
- `frameworks`: JavaScript/backend frameworks detected.
- `cdn`: CDN provider detected, or null.
- `analytics`: analytics and tracking tools detected.
- `meta_generators`: raw meta generator tag values.

Cost:
- Free. No API key required.

Latency:
- Typical: 2-4s (HTML fetch), p99: 7s.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- intel_robots - Retrieves the target domain's `robots.txt` file and parses it for AI crawler
disallow rules. Specifically detects policies for known AI crawlers (GPTBot,
ClaudeBot, CCBot, Bytespider, etc.) and returns a structured summary of the
crawling policy.

Use this tool when:
- You need to know whether a domain has opted out of AI training data collection.
- You want to check if a specific AI crawler is blocked before citing the domain.
- You are building a dataset of AI-accessible vs AI-blocked domains.

Do NOT use this tool when:
- You want training opt-out signals beyond robots.txt (TDM reservation, noai meta) —
  use `intel_optout` instead.
- You want the full technology stack — use `intel_stack` instead.
- You need tracker database data — use `get_domain` instead.

Inputs:
- `domain` (query, required): Domain to probe.

Returns:
- `robots_txt_found`: false if the domain returned 404 or the file is empty.
- `ai_crawlers_blocked`: list of AI crawler user-agent names that are disallowed.
- `all_blocked`: true if `User-agent: *` with `Disallow: /` is present.
- `raw`: first 4096 characters of the robots.txt file.

Cost:
- Free. No API key required.

Latency:
- Typical: 1-2s, p99: 6s.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- intel_agent - Probes a domain for known AI agent integration signals: `llms.txt`, `ai.txt`,
`/.well-known/ai-plugin.json`, `openapi.json`, `swagger.json`, MCP manifest, MCP
SSE endpoint. Returns a score based on the count of signals detected. Use this to
assess whether a domain is ready for agent-to-agent interaction.

Use this tool when:
- You want to know whether a domain exposes an MCP server or OpenAPI spec for agents.
- You are cataloguing the AI-agent-ready surface of a set of domains.
- You need to decide whether to attempt programmatic API access to a domain.

Do NOT use this tool when:
- You need tracker/surveillance data about the domain — use `get_domain` instead.
- You need the robots.txt AI crawler policy — use `intel_robots` instead.
- You need HTTP security posture — use `intel_http` instead.

Inputs:
- `domain` (query, required): Domain to probe.

Returns:
- Boolean flags per signal (`llms_txt`, `ai_plugin`, `openapi`, `mcp_manifest`,
  `mcp_endpoint`, `mcp_sse`).
- `agent_surface_score`: integer 0-8, count of signals detected.

Cost:
- Free. No API key required.

Latency:
- Typical: 2-5s (parallel probes), p99: 8s.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- intel_inject - Fetches a domain's homepage and checks for content patterns that could constitute
prompt injection attacks against AI agents that visit and ingest the page. Signals
include hidden text, invisible divs, `<!-- AI: ignore -->` style comments, and
known injection patterns.

Use this tool when:
- You are vetting a domain before feeding its content into an LLM context.
- You want to assess the prompt injection risk of a URL before browsing it with an agent.
- You are auditing a set of domains for adversarial AI content.

Do NOT use this tool when:
- You want tracker surveillance data — use `get_domain` instead.
- You want AI training opt-out signals — use `intel_optout` instead.
- You want the agent surface (MCP/OpenAPI) — use `intel_agent` instead.

Inputs:
- `domain` (query, required): Domain to scan.

Returns:
- `injection_signals`: list of signal types detected (e.g., `hidden_text`,
  `ai_instruction_comment`, `invisible_div`).
- `risk_level`: `none`, `low`, `medium`, or `high` based on signal count and type.

Cost:
- Free. No API key required.

Latency:
- Typical: 2-4s (HTML fetch), p99: 7s.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- intel_optout - Checks a domain for all known AI training data opt-out mechanisms beyond robots.txt:
TDM (Text and Data Mining) reservation headers, `<meta name="ai">` tags, Creative
Commons NonCommercial licenses, and other machine-readable opt-out signals.

Use this tool when:
- You need to determine whether a domain has opted out of AI training data collection.
- You are checking compliance before using a domain's content in a training dataset.
- You want a comprehensive opt-out status (robots.txt + TDM + meta tags combined).

Do NOT use this tool when:
- You only need robots.txt crawler policy — use `intel_robots` instead (faster).
- You need tracker data — use `get_domain` instead.
- You want injection risk assessment — use `intel_inject` instead.

Inputs:
- `domain` (query, required): Domain to probe.

Returns:
- `tdm_reservation`: true if the domain sends a `TDM-Reservation: 1` header.
- `noai_meta`: true if the HTML contains `<meta name="robots" content="noai">`.
- `license_detected`: string if a CC NonCommercial or similar license is detected,
  otherwise null.
- `opted_out`: true if any opt-out signal is present.

Cost:
- Free. No API key required.

Latency:
- Typical: 2-4s, p99: 7s.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- get_receipt - Returns metadata for a TunnelMind surveillance receipt — a signed document proving
that a specific user's surveillance exposure was observed, measured, and recorded at
a specific time. Does NOT return the receipt's signature (anti-phishing protection).
To verify a receipt's content integrity, use `verify_receipt` with the hash and
signature from the receipt document itself.

Use this tool when:
- You have a receipt ID and want to confirm it was genuinely issued by TunnelMind.
- You need the issuance timestamp and signing key ID for a receipt.
- You want to check whether a receipt exists before attempting content verification.

Do NOT use this tool when:
- You have the full receipt document and want to verify it hasn't been tampered with —
  use `verify_receipt` instead.
- You need jurisdiction certificate data — use `get_ghostroute_cert` instead.

Inputs:
- `receipt_id` (path, required): The receipt ID from the receipt document. Alphanumeric
  with hyphens, max 128 characters.

Returns:
- `status`: `FOUND` if the receipt is in the registry.
- `generated_at`: ISO 8601 timestamp of receipt issuance.
- `signing_key_id`: identifier of the Ed25519 key used to sign.
- `schema_version`: receipt schema version.
- `message`: human-readable summary with instructions for content verification.
- 404 if the receipt ID is not in the registry.

Cost:
- Free. No API key required.

Latency:
- Typical: <100ms, p99: <300ms.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- verify_receipt - Tamper-detection verification for TunnelMind surveillance receipts. Submit the
receipt ID, the SHA-256 content hash, and the Ed25519 signature from the receipt
document. The registry compares these against what was recorded at issuance time.
Returns VALID if both match exactly, INVALID with a specific mismatch reason otherwise.

Use this tool when:
- You received a surveillance receipt document and want to verify it hasn't been altered.
- You are programmatically checking receipt authenticity in an agent workflow.
- You want to prove to a third party that a receipt is genuine.

Do NOT use this tool when:
- You only want to check existence — use `get_receipt` instead (no body required).
- You want jurisdiction certificate verification — use `verify_ghostroute_cert` instead.

Inputs:
- `receipt_id` (body, required): The receipt's ID field from the document.
- `content_hash` (body, required): SHA-256 hex hash of the receipt JSON. Max 256 chars.
- `signature` (body, required): Ed25519 signature from the receipt document. Max 512 chars.

Returns:
- `valid`: boolean. True only if both hash and signature match exactly.
- `status`: `VALID` or `INVALID`.
- `message`: human-readable explanation. On INVALID, specifies whether the hash
  mismatched, the signature mismatched, or both.

Cost:
- Free. No API key required.

Latency:
- Typical: <100ms, p99: <300ms.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- get_ghostroute_cert - Returns the proof-of-existence record for a TunnelMind GhostRoute jurisdiction
certificate. A GhostRoute certificate is a signed document proving that a user's
network traffic was observed routing through specific legal jurisdictions during
a defined time window. The full certificate stays on the issuing node; only the
metadata, content hash, and signature are stored in this public registry.

Use this tool when:
- You have a GhostRoute certificate ID and want to confirm it was genuinely issued
  by TunnelMind.
- You want the GDPR verdict, issuance time, and signing key for a certificate.
- You are verifying a certificate's existence before attempting content verification.

Do NOT use this tool when:
- You have the full certificate and want to verify its integrity — use
  `verify_ghostroute_cert` instead.
- You want surveillance receipt verification — use `get_receipt` instead.

Inputs:
- `cert_id` (path, required): GhostRoute certificate ID in format
  `gr-YYYYMMDD-xxxxxxxxxxxx` (e.g., `gr-20260417-a1b2c3d4e5f6`). Lowercase hex only.

Returns:
- `status`: `FOUND` if the certificate is in the registry.
- `verdict`: the GDPR verdict (e.g., `GDPR_VIOLATION_PROBABLE`).
- `generated_at`: ISO 8601 timestamp.
- `content_hash`: SHA-256 hash of the full certificate — compare against your copy.
- `message`: instructions for content verification.
- 400 if the cert_id format is invalid.
- 404 if the certificate is not in the registry.

Cost:
- Free. No API key required.

Latency:
- Typical: <100ms, p99: <300ms.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- verify_ghostroute_cert - Tamper-detection verification for GhostRoute jurisdiction certificates. Submit
the certificate ID, the SHA-256 content hash, and the Ed25519 signature from
the certificate document. The registry compares these against what was recorded
at issuance time. Returns VALID if both match exactly.

Use this tool when:
- You received a GhostRoute certificate and want to verify it hasn't been altered.
- You need to confirm a certificate's verdict is authentic and unmodified.
- You are programmatically attesting to a certificate's validity in an agent workflow.

Do NOT use this tool when:
- You only want to confirm existence — use `get_ghostroute_cert` instead.
- You want receipt verification — use `verify_receipt` instead.

Inputs:
- `certificate_id` (body, required): ID from the certificate document. Max 128 chars.
- `content_hash` (body, required): SHA-256 hex hash of the certificate JSON. Max 256 chars.
- `signature` (body, required): Ed25519 signature from the certificate. Max 512 chars.

Returns:
- `valid`: true only if both hash and signature match.
- `status`: `VALID` or `INVALID`.
- `verdict`: the GDPR verdict string from the certificate.
- `message`: on INVALID, specifies whether hash or signature mismatched.

Cost:
- Free. No API key required.

Latency:
- Typical: <100ms, p99: <300ms.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- get_api_key - Returns the tier, label, masked owner email, creation date, last-used timestamp,
today's request count, and daily request limit for the API key used in this request.
Useful for agents that need to monitor their own quota consumption.

Use this tool when:
- You want to check how many requests your key has used today.
- You need to know your current tier or daily limit.
- You want to confirm that your API key is active.

Do NOT use this tool when:
- You want to manage multiple keys — this endpoint only reflects the calling key.
- You need tracker data — use the tracker endpoints instead.

Inputs:
- No body or query parameters. Auth is from the `Authorization: Bearer` header.

Returns:
- `tier`: free, supporter, pro, or enterprise.
- `requests_today`: integer count from KV (best-effort; resets at UTC midnight).
- `limit_per_day`: null for enterprise (unlimited).
- `last_used`: ISO 8601 timestamp, may be null if never used.

Cost:
- Free. Does not count against the daily request limit.

Latency:
- Typical: <150ms, p99: <400ms.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- revoke_api_key - Permanently deactivates the API key used to make this request. This action is
irreversible. After revocation, the key will return 401 on all subsequent calls.
If you have an active Stripe subscription, you must separately cancel it at
stripe.com — revoking the key does not cancel billing.

Use this tool when:
- You want to rotate your API key (revoke old, then provision a new one).
- You believe your key has been compromised.

Do NOT use this tool when:
- You want to check quota — use `get_api_key` instead.
- You intend to keep using the API — this is permanent.

Inputs:
- No body or query parameters. Auth is from the `Authorization: Bearer` header.

Returns:
- `revoked`: true.
- `note`: reminder about Stripe subscription cancellation.

Cost:
- Free. Does not count against the daily request limit.

Latency:
- Typical: <150ms, p99: <400ms.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- get_task - Returns the current status of a task created by an `?async=true` intel request.
Poll this endpoint until `status` is one of: `complete`, `failed`, `cancelled`,
`expired`. On `complete`, the `result` field contains the same payload the sync
endpoint would have returned. On `failed`, `error.message` explains the failure.

Use this tool when:
- You submitted an intel probe with `?async=true` and need to retrieve the result.
- You want to check whether a background task finished without opening an SSE stream.

Do NOT use this tool when:
- You want real-time event streaming — use `stream_task` instead.
- You have no task_id — submit a probe with `?async=true` first.

Inputs:
- `task_id` (path, required): 26-char ULID returned in the 202 response.

Returns:
- `status`: `pending` | `running` | `complete` | `failed` | `cancelled` | `expired`.
- `result`: populated when status is `complete`. Null otherwise.
- `error`: populated when status is `failed`. Null otherwise.
- `expires_at`: tasks expire 1 hour after creation.

Cost:
- Free. Does not count against rate limits.

Latency:
- Typical: <100ms.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- cancel_task - Marks the task as `cancelled`. If the task is already in a terminal state
(`complete`, `failed`, `expired`), returns 409 Conflict. Only the identity
that created the task may cancel it.

Use this tool when:
- You submitted a probe with `?async=true` and no longer need the result.
- You want to free up a pending task before it expires.

Do NOT use this tool when:
- The task is already complete — cancellation is not possible.

Inputs:
- `task_id` (path, required): 26-char ULID.

Returns:
- `task_id` and `status: cancelled`.

Cost:
- Free.

Latency:
- Typical: <150ms.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- stream_task - Opens a persistent SSE connection that emits events as the task progresses.
The stream closes automatically when the task reaches a terminal state or after
~90 seconds (timeout). Heartbeat comments are sent every ~15 seconds to keep
the connection alive through proxies.

Event types:
- `status` — emitted when status changes (pending → running → complete/failed)
- `result` — emitted on `complete` with the full result payload
- `error` — emitted on `failed`, `cancelled`, or `expired` with error info
- SSE comment (`: heartbeat`) — keepalive, no data

Use this tool when:
- You want real-time progress without polling.
- You are in an environment that supports SSE (EventSource API).

Do NOT use this tool when:
- You want a simple one-shot status check — use `get_task` instead.
- Your HTTP client doesn't support streaming responses.

Inputs:
- `task_id` (path, required): 26-char ULID.

Returns:
- SSE stream (`text/event-stream`). Each event is `event: <type>\\ndata: <json>\\n\\n`.

Cost:
- Free. Counts as one request against rate limits when the stream opens.

Latency:
- First event: <200ms. Stream duration: up to 90s.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- audit_export - Returns NDJSON (one JSON object per line) of audit log entries. Each entry records
the operation called, the identity, hashes of the request and response, duration,
and an Ed25519 signature over the canonical entry JSON. Entries are hash-chained:
each entry's `prev_entry_hash` is SHA-256 of the previous entry's signature,
making deletion of any entry detectable offline.

Authenticated callers receive only their own entries (`identity_sub` match).
Admin key holders receive all entries.

Use this tool when:
- You want a tamper-evident record of your own API calls.
- You are auditing a sequence of requests for compliance or debugging.
- You want to verify the audit chain integrity offline.

Do NOT use this tool when:
- You are anonymous — authentication is required.
- You want task status — use `get_task` instead.

Inputs:
- `from` (query, optional): ISO 8601 start datetime. Default: 7 days ago.
- `to` (query, optional): ISO 8601 end datetime. Default: now.
- `limit` (query, optional): Max entries. 1–5000, default 1000.

Returns:
- NDJSON stream, one `AuditEntry` per line.
- `X-Total-Count` response header with entry count.
- `X-Took-Ms` response header.

Verify the chain offline:
- For each consecutive pair (A, B): `SHA-256(A.signature) == B.prev_entry_hash`.
- For each entry: verify Ed25519 signature against public key in `/.well-known/atap.json`.

Cost:
- Counts as one request against the daily limit.

Latency:
- Typical: <300ms for 1000 entries, p99: <1s.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- generate_ghostroute_cert - Resolves the domain to an IP address via DNS-over-HTTPS, geolocates the IP to a country
and ASN, maps it to a jurisdiction class (EU/US/FIVE_EYES/CN/RU/SANCTIONED/UNKNOWN),
and issues a signed jurisdiction certificate. The certificate is stored in the public
registry and can be verified at `/ghostroute/{cert_id}`.

Use this tool when:
- You want to know which legal jurisdiction controls a domain's infrastructure.
- You need a verifiable, tamper-evident record of a domain's hosting jurisdiction.
- You are assessing GDPR, CLOUD Act, or OFAC transfer risk for a domain.
- You want to generate evidence for a privacy impact assessment.

Do NOT use this tool when:
- You want to look up an existing certificate — use `get_ghostroute_cert` instead.
- You want tracker category or score data — use `get_domain` instead.
- You want live HTTP header or security probe — use `intel_http` instead.

Inputs:
- `domain` (body, required): Fully qualified domain name (e.g. `google.com`). URLs
  are accepted and stripped to their host component.

Returns:
- `certificate_id`: Unique cert ID (e.g. `gr-20260417-xxxx`).
- `certificate`: Full certificate document including target IP, country, ASN, jurisdiction,
  verdict, risk level, and explanatory note.
- `content_hash`: SHA-256 of the canonical certificate JSON.
- `signature`: Base64 Ed25519 signature (empty string if signing key not configured).
- `signed`: Boolean — true if the certificate is cryptographically signed.
- `verify_url`: Path to retrieve this certificate from the public registry.

Jurisdiction classes:
- `EU` / `GDPR_COMPLIANT` — risk: low
- `US` / `FIVE_EYES` / `FIVE_EYES_MEMBER` — risk: medium
- `CN` / `RU` / `AUTHORITARIAN` — risk: high
- `SANCTIONED` — risk: critical
- `UNKNOWN` / `INSUFFICIENT_DATA` — risk: unknown

Cost:
- Counts as one request against the daily limit.
- Performs outbound DNS resolution and IP geolocation on each call (not cached).

Latency:
- Typical: 200–600ms (DNS + ASN lookup). p99: <2s.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- generate_receipt - Looks up each submitted domain in the TunnelMind tracker database, aggregates risk
metrics (avg score, max score, fingerprinters, high-risk domains, entity ownership),
and issues a signed surveillance receipt. The receipt is stored in the public registry
and can be verified at `/verify/{receipt_id}`.

Use this tool when:
- You want a verifiable record of which trackers were observed in a context (page, app, session).
- You need a signed evidence artifact for a privacy audit or compliance report.
- You want to know the overall surveillance exposure level for a set of domains.
- You are generating a receipt to share with a user as evidence of tracker presence.

Do NOT use this tool when:
- You want full tracker details per domain — use `get_domain` instead.
- You want to look up an existing receipt — use `get_receipt` instead.
- You need live probes (HTTP headers, stack detection) — use `/v1/intel/*` instead.

Inputs:
- `domains` (body, required): Array of 1–50 fully qualified domain names.
  Duplicates are deduplicated. URLs are stripped to host component.
- `domain` (body, alternative): Single domain string (shorthand for `domains: [domain]`).

Returns:
- `receipt_id`: Unique receipt ID (e.g. `rcpt_01JXYZ...`).
- `receipt`: Full receipt document including domains submitted, tracker findings,
  high-risk domains, fingerprinters, unique entities, and exposure metrics.
- `content_hash`: SHA-256 of the canonical receipt JSON.
- `signature`: Base64 Ed25519 signature (empty string if signing key not configured).
- `signed`: Boolean — true if the receipt is cryptographically signed.
- `verify_url`: Path to retrieve this receipt from the public registry.

Exposure levels: `minimal` / `moderate` / `high` / `critical`
Based on average tracker score and proportion of high-risk domains (score ≥ 70).

Cost:
- Counts as one request against the daily limit regardless of domain count.

Latency:
- Typical: <100ms (pure D1 lookup, no outbound probing). p99: <300ms.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- sigil_verify_ads_txt - Confirms whether an SSP/exchange is authorized to sell a publisher's
inventory according to that publisher's ads.txt. This is a cache lookup
against ads.txt files crawled daily across the top 10,000 publisher
domains — it does NOT fetch the publisher's ads.txt live, so it is fast
and adds no latency to a real-time bidding decision.

Use this tool when:
- You are an ad-buying agent and want to confirm, pre-bid, that a supply
  path (publisher → exchange → seller_id) is legitimate.
- You are detecting domain spoofing or unauthorized resale in a bid stream.
- You want to check whether a seller is listed DIRECT or RESELLER.

Do NOT use this tool when:
- You want a full supply-path trust score — that endpoint is Sigil P31.
- You want surveillance tracker data for the domain — use `get_domain`.

Inputs:
- `publisher_domain` (body, required): Publisher domain, e.g. `nytimes.com`.
  A `www.` prefix and scheme/path are stripped automatically.
- `exchange_domain` (body, required): The exchange/SSP domain as it appears
  in ads.txt, e.g. `google.com`, `amazon-adsystem.com`.
- `seller_id` (body, required): The publisher's seller/account ID at that
  exchange, e.g. `pub-4177862836555934`. Matched exactly.
- `seller_type` (body, optional): `DIRECT` or `RESELLER`. When supplied it
  is checked against the ads.txt entry; a mismatch is reported as a warning.
- `resolve_chain` (body, optional): When true, a matched RESELLER entry is
  cross-checked against the exchange's sellers.json (one authoritative hop).

Returns:
- `verified`: true (entry found), false (confidently not listed), or null
  (ads.txt could not be retrieved — indeterminate).
- `confidence`: `high` | `degraded` | `low` | `unknown`.
- `seller_entry`: the matched ads.txt line (line number, raw text, parsed
  fields) when `verified` is true; otherwise null.
- `ads_txt_parse_status`, `ads_txt_last_parsed`, `stale`: provenance of the
  cached crawl this answer is derived from.
- `reseller_chain`: empty unless `resolve_chain: true` and the matched entry
  is RESELLER — then it carries the sellers.json cross-check for the seller.
- `warnings`: actionable flags, e.g. `publisher_not_in_corpus`,
  `publisher_has_no_ads_txt`, `seller_type_mismatch`, `ads_txt_cache_stale`.

Cost:
- Counts as one request against the daily rate limit.

Latency:
- Typical: <50ms (single cache lookup, no outbound fetch). p99: <120ms.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- sigil_verify_ads_txt_batch - Runs up to 100 ads.txt verifications in a single call — the endpoint an
ad-buying agent uses for pre-bid checks across a whole campaign's supply.
Each item is the same shape as `sigil_verify_ads_txt`. Per-item
validation failures are reported inline; the batch never fails as a
whole. Publisher records are fetched once per unique domain.

Use this tool when:
- You are evaluating many supply paths at once (campaign setup, SPO sweep).
- You want one round-trip instead of N calls to `sigil_verify_ads_txt`.

Inputs:
- `items` (body, required): Array of 1–100 verification requests, each
  `{ publisher_domain, exchange_domain, seller_id, seller_type? }`.
- `resolve_chain` (body, optional): Applies to every item — when true, a
  matched RESELLER entry is cross-checked against the exchange's sellers.json.

Returns:
- `count`: number of result entries (matches `items` length, in order).
- `verified_count`: how many resolved to `verified: true`.
- `results`: array aligned to `items`. Each entry is either a verification
  result with `ok: true` and `input_index`, or `{ ok: false, input_index,
  error, message }` for an invalid item.

Cost:
- Counts as one request against the daily rate limit.

Latency:
- Typical: <150ms. With `resolve_chain: true`, add one sellers.json fetch
  per unique exchange (edge-cached 12h after the first fetch).
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- sigil_verify_domain - Confirms a publisher controls a domain by checking for a DNS TXT record
the owner publishes under `_tunnelmind.{domain}`. A DNS record can only
be set by whoever controls the zone, so its presence proves control — a
stronger signal than ads.txt, which is just a file anything in the
request path can serve.

Use this tool when:
- You want proof a publisher actually owns the domain it claims.
- You are distinguishing publishers who have opted into Sigil verification.

Inputs:
- `domain` (query, required): Publisher domain. `www.` and scheme stripped.

Returns:
- `verified`: true (record found), false (absent), or null (DNS lookup failed).
- `expected`: the exact TXT record the owner must publish to verify.
- `found_records`: TXT values currently present at `_tunnelmind.{domain}`.
- `checked_at`: ISO 8601 timestamp of the live DNS lookup.

Cost:
- Counts as one request against the daily rate limit.

Latency:
- Typical: <300ms (one DNS-over-HTTPS lookup).
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- sigil_verify_ip_type - Classifies an IPv4 address by network type — the high-value ad-fraud
signal being datacenter traffic posing as residential or living-room
(CTV) devices. IP→ASN resolution uses Team Cymru's public service; the
ASN is then classified by its registered organization name.

PRIVACY: the IP is used for lookup only — never logged, never stored.

Inputs:
- `ip` (query, required): IPv4 address. IPv6 is not yet supported.

Returns:
- `ip_type`: datacenter | residential | mobile | unknown.
- `confidence`: high | medium | low.
- `asn`, `asn_name`: the resolved autonomous system.
- `scry_signals`: reserved for Scry corpus cross-reference (empty in v1).

Latency:
- Typical: 100-250ms (two live DNS lookups).
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- sigil_verify_adscert - Reports whether a domain publishes ads.cert (IAB Tech Lab Authenticated
Connections) DNS records — a readiness signal showing the domain
supports cryptographically authenticated ad-tech connections. This is
not signature verification: ads.cert is pairwise, so verifying a signed
bid request requires Sigil to be a delegated participant (a future
build). DNS-only and stateless.

Inputs:
- `domain` (query, required): Domain to check.

Returns:
- `adscert_ready`: true | false | null (DNS lookup failed).
- `adscert_records`: TXT values at `_adscert.{domain}`.
- `delegation_records`: TXT values at `_delegated._adscert.{domain}`.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- sigil_verify_app_bundle - Verifies that a mobile or CTV app bundle ID actually exists in the
relevant app store — used to detect bundle spoofing in bid requests.

Platform support (v1):
- `ios`: verified live via Apple's iTunes Lookup API.
- `android`: verified live via the Google Play store listing page.
- `ctv_*` / `web`: no public store API — returns verified=null.

Inputs:
- `bundle_id` (body, required): e.g. `com.nytimes.NYTimes`.
- `platform` (body, required): ios | android | ctv_roku | ctv_fire |
  ctv_samsung | ctv_lg | ctv_vizio | web.
- `claimed_developer` (body, optional): checked against the store listing.

Returns:
- `verified`: true | false | null (not checkable on this platform).
- `store_listing`: name, developer, developer_match, store_url.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- cross_lens_verify - A2 — the cross-lens join. TunnelMind owns both halves of the open-web
graph: Scry sees who is on every IP (attacker intelligence, actor
class, Augur threat-intel overlap); Sigil sees the supply graph
(publishers, SSPs, DSPs, ads.txt + sellers.json + SupplyChain Object).
This endpoint fuses them into one verdict on a single node key.

The response contains three blocks:
- `scry` — the single-lens Scry view (transparency).
- `sigil` — the single-lens Sigil view (transparency).
- `cross_lens` — the fused verdict (the moat).

Fusion math: weighted-mean over evaluated components plus a
`co_observation_bonus` when both lenses independently flag the node.
Weights and thresholds are per-request overridable.

Lens unavailability is reported in-band: each lens fails
independently and the cross_lens block reflects degraded confidence
when only one lens has data. Returns 503 only when BOTH lenses are
unavailable.

v1 lens coverage matrix:
- IP node           — Scry: full;     Sigil: not_indexed (v2 will reverse-DNS).
- Domain node       — Scry: deferred; Sigil: full (publisher/ssp/dsp + entity).
- entity_slug node  — Scry: n/a;      Sigil: full (entity + sell/buy presence).
- ASN node          — Scry: deferred (v2); Sigil: not_indexed.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- sigil_verify_supply_path - The core Sigil pre-bid call. Submit a supply path; Sigil composes its
individual checks into one trust verdict and returns a signed
`sigil_token` the agent can attach to its bid as proof of verification.

Checks composed:
- `ads_txt` — exchange authorized in the publisher's ads.txt.
- `datacenter_ip` — is the IP a datacenter posing as a real user.
- `fraud_signals` — is the IP in Scry's attacker-intelligence corpus.
- `bundle_verified` — does the app bundle exist in its store.
- `domain_authenticity` / `entity_reputation` — reserved, not evaluated in v1.

Each evaluated check yields pass/warn/fail; `trust_score` is their
weighted mean (override `weights` per request); `verdict` is
pass/warn/fail/unknown (override `thresholds`).

PRIVACY: `ip_address` is used for lookup only — never logged, never
stored, never placed in the sigil_token. `geo` is accepted but unused.

Returns: `trust_score` (0-1 or null), `verdict`, `checks`,
`recommendations`, `sigil_token` (signed, 5-minute lifetime).
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- sigil_verify_token - Verifies the authenticity and expiry of a `sigil_token` returned by
`sigil_verify_supply_path`. Anyone can call this — no key needed; Sigil
verifies the Ed25519 signature server-side. Tokens live 5 minutes.

Returns `valid` (boolean), `reason` (when invalid: malformed / expired /
bad_signature / unsigned), and the decoded `payload`.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- sigil_verify_supply_chain - The bid-time contract. Pass the SupplyChain object from an OpenRTB bid
request (`source.ext.schain`) verbatim, plus the originating site domain
or app bundle. Sigil verifies, per node and in aggregate:

- origin ads.txt — the publisher's ads.txt authorizes node[0] (asi + sid).
- per node — the node's `asi` sellers.json declares the node's `sid`.
- owner-domain — node[0]'s sellers.json seller `domain` matches the
  publisher's ads.txt OWNERDOMAIN / MANAGERDOMAIN (spec §3.5.1).
- `schain.complete` — an incomplete chain caps the verdict at `warn`.

OpenRTB field mapping: `site.domain` → `site_domain`; `app.bundle` →
`app_bundle`; `source.ext.schain` → `schain`. An app_bundle origin's
ads.txt check is `not_evaluated` pending app-ads.txt resolution.

Returns a per-node result array, an aggregate `verdict`
(pass/warn/fail/unknown), `recommendations`, and a signed `sigil_token`.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- sigil_ads_txt_history - Returns a publisher's ads.txt change log — one entry per crawl in which
its authorized-seller set changed. A publisher quietly adding a reseller
line is a real fraud signal; this is how a buyer audits supply over time.

Inputs:
- `domain` (path, required): publisher domain.
- `since` (query, optional): ISO date / date-time lower bound on `observed_at`.
- `limit` (query, optional): max entries — default 50, max 200.

Returns `changes[]`, newest first — each with `observed_at`,
`added_count`, `removed_count`, `additions`, `removals`,
`directive_changes`.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- sigil_score_weights - Returns the active, versioned default weights used to combine an
entity's trust-score components, plus the list of spec components that
are not yet evaluated. Pass a custom `weights` object to
`sigil_score_batch` to re-weight without changing the defaults.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- sigil_score_entity - Returns the pre-computed 0.0–1.0 trust score for one entity, its
component breakdown, and the 14-day trend. Scores are refreshed daily
by a database job — this endpoint never recomputes from raw data, so it
is fast and deterministic.

`entity_id` is `{entity_type}:{key}` — e.g. `publisher:nytimes.com` or
`ssp:pubmatic.com`. Entity types: `publisher`, `ssp`, `dsp`,
`app_bundle` (publishers and SSPs are scored today).

v1 evaluates structural components only (`ads_txt_health`,
`supply_chain_directness`, `historical_stability` for publishers;
`supply_reach`, `directness` for SSPs). The `not_evaluated` list names
spec components without an enrichment path yet.

Optional `weights` query param (URL-encoded JSON) re-weights the stored
components for this call.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- sigil_score_batch - Scores up to 200 entities in one round-trip — built for agents
evaluating many supply sources during campaign setup. Per-item parse
failures are returned inline; the batch never fails as a whole.

An optional `weights` object re-weights every entity in the call.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- sigil_atap_register_ait - Registers an ATAP v0.1 AIT for a media-buying agent under the
`sigil:media_buyer:v1` profile. Sigil validates the capability set and
constraints against the published profile, signs the AIT as the witness
(`OAI-2026-0000201`), stores it, and returns the signed token.

Sigil is the ATAP witness — there is no kernel observer. See
https://github.com/TunnelMind/atap-profiles.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- sigil_atap_witness - Ingests one agent-reported event (`bid:submitted`, `bid:won`,
`bid:lost`, `budget:decremented`) into an AIT's hash-chained
attestation log. Sigil validates the payload (rejecting any PII per
ATAP §7.6), classifies the evidence tier — `anchored` if a
`bid:submitted` cites a valid Sigil token issued for this AIT and
matching the bid's supply path, otherwise `asserted` — derives any
`constraint:violated` events, then chains and signs each event.

`supply:verified` / `supply:rejected` are witness-emitted by
`sigil_verify_supply_path`, never accepted here — that is what makes
the `witnessed` tier non-bypassable.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- sigil_atap_roll_block - Rolls every not-yet-blocked Witness Event for an AIT into one signed
ATAP Attestation Block with a profile `period_summary`, chained onto the
prior block.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- sigil_atap_ait_status - Returns an AIT's status, chain head hash, event count, pending-event
count, per-tier event counts, and the anchored-bid coverage ratio.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp
- sigil_receipt_generate - Assembles the ATAP v0.1 §7.5 Receipt ZIP for an AIT — the signed
Receipt (`manifest.json`), the AIT, the Attestation Block chain, the
witness public key, a tier-graded `summary.json`, the bundled
`verify.sh` reference verifier, and the witness events + sigil_tokens
as profile artifacts. Any pending events are rolled into a final block
first.

The ZIP verifies offline — unpack it and run `verify.sh`; keys are at
https://tunnelmind.ai/atap/keys. The summary grades every event as
`witnessed`, `anchored`, or `asserted` and reports the anchored-bid
coverage ratio.
 Endpoint: https://mcp-data.tunnelmind.ai/mcp

## Resources
Not captured

## Prompts
Not captured

## Metadata
- Owner: ai.tunnelmind
- Version: 1.0.0
- Runtime: Streamable Http
- Transports: HTTP
- License: Not captured
- Language: Not captured
- Stars: Not captured
- Updated: May 25, 2026
- Source: https://registry.modelcontextprotocol.io