# Sigil MCP server

Programmatic-advertising supply verification: ads.txt, schain, ATAP receipts, cross_lens_verify.

## Links
- Registry page: https://www.getdrio.com/mcp/ai-tunnelmind-sigil
- Repository: https://github.com/TunnelMind/sigil-mcp
- Website: https://tunnelmind.ai

## Install
- Endpoint: https://mcp.sigil.tunnelmind.ai/mcp
- Auth: Not captured

## Setup notes
- Remote endpoint: https://mcp.sigil.tunnelmind.ai/mcp

## Tools
- cross_lens_verify - A2 — the cross-lens join. Fuse TunnelMind's two lenses (Scry attacker
intelligence + Sigil supply graph) into ONE verdict on a single node key.
This is the moat: no siloed competitor owns both halves of the graph, so
the fused `cross_lens` block carries information neither lens can supply
alone.

Use this tool when:
- An agent must decide whether to transact with an IP, domain, ASN, or
  entity_slug, and a one-lens answer is not enough.
- You want a single composite trust verdict instead of running
  Scry + Sigil calls separately and reconciling them by hand.

Inputs:
- `node` (required): an IPv4 address, a domain, an ASN (e.g. `AS64500`),
  or an entity_slug. Type is auto-detected.
- `weights` (optional): per-component weight overrides.
- `thresholds` (optional): `{ pass, fail }` verdict cutoffs (defaults 0.7 / 0.3).
- `ait` (optional): an ATAP AIT id. When present, the verdict is chained
  onto the AIT as a witness-tier `cross_lens:verified` event signed by
  Sigil (witness OAI-2026-0000201) — replayable evidence, not just JSON.

Returns: per-lens `scry` + `sigil` blocks (transparency), a fused
`cross_lens` block with `verdict` / `trust_score` / `confidence` /
`signals` / `recommendations`, a 5-minute signed `sigil_token`, and a
`witnessed_event` block when an AIT was supplied.

Failure semantics: each lens fails independently. Single-lens answers
still return 200 with a `confidence` of 0.55. Returns 503 only when BOTH
lenses are unavailable. Endpoint: https://mcp.sigil.tunnelmind.ai/mcp
- sigil_verify_supply_path - The core pre-bid check. Verify the trustworthiness of one programmatic ad
supply path and get back a composite trust verdict plus a signed proof token.
Sigil composes ads.txt authorization, datacenter-IP classification, Scry
fraud-corpus lookup, and app-bundle checks into one score.

Use this tool when:
- An ad-buying agent is about to bid and must confirm the supply is genuine.
- You want one call instead of running ads.txt / IP / bundle checks separately.

Inputs:
- `supply_path` (required): { publisher_domain, exchange, seller_id, and
  optionally ip_address, app_bundle:{bundle_id,platform} }.
- `ait` (optional): an ATAP AIT id — when present, Sigil records this
  verification as a witnessed attestation event and binds the token to it.

Returns: `trust_score` (0-1), `verdict` (pass/warn/fail/unknown), per-check
results, `recommendations`, and a signed `sigil_token` (5-min) to attach to
the bid as proof. The submitted IP is used for lookup only — never stored. Endpoint: https://mcp.sigil.tunnelmind.ai/mcp
- sigil_verify_ads_txt - Check whether an exchange/SSP is authorized to sell a publisher's inventory,
per the publisher's ads.txt file. Fast cached lookup against Sigil's daily
crawl of the top ~10k publisher domains.

Use this tool when:
- You need a single, narrow authorization check (not a full supply-path score).
- You are validating a (publisher, exchange, seller_id) triple from a bid request.

Inputs:
- `publisher_domain`, `exchange_domain`, `seller_id` (all required).
- `resolve_chain` (optional): when true and the entry is RESELLER, Sigil walks
  one hop into the exchange's sellers.json to identify the upstream seller.

Returns: `verified` (true/false/null), `confidence`, the matched ads.txt entry,
and any `warnings` (e.g. seller_type mismatch). Endpoint: https://mcp.sigil.tunnelmind.ai/mcp
- sigil_verify_ip_type - Classify an IPv4 address as datacenter, residential, mobile, or unknown.
Detects datacenter traffic posing as real user devices. Stateless — the IP
is never logged or stored.

Use this tool when:
- You need to know whether bid-request traffic originates from a datacenter.

Inputs:
- `ip` (required): an IPv4 address.

Returns: `ip_type`, `confidence` (high/medium/low), and the ASN + AS-org name. Endpoint: https://mcp.sigil.tunnelmind.ai/mcp
- sigil_verify_app_bundle - Verify that a mobile/CTV app bundle ID actually exists in its app store and,
optionally, that the listed developer matches. Detects bundle-ID spoofing in
bid requests.

Use this tool when:
- A bid request names an app bundle and you must confirm the app is real.

Inputs:
- `bundle_id` (required), `platform` (required: ios | android | ctv_* | web),
- `claimed_developer` (optional): developer name to match against the listing.

Returns: `verified` (true/false/null), the store listing, and `developer_match`. Endpoint: https://mcp.sigil.tunnelmind.ai/mcp
- sigil_verify_supply_chain - Verify a full OpenRTB SupplyChain (schain) object — every node, end to end.
Per node Sigil checks the seller against the exchange sellers.json and the
origin ads.txt, then returns a per-node and aggregate verdict plus a signed
token.

Use this tool when:
- A bid request carries an OpenRTB `schain` and you want it verified verbatim.

Inputs:
- `schain` (required): an OpenRTB SupplyChain object ({ ver, complete,
  nodes:[{asi,sid,hp}] }).
- `site_domain` or `app_bundle` (optional): the inventory origin, checked
  against node[0] via ads.txt / OWNERDOMAIN.

Returns: per-node `nodes` results, an aggregate `verdict`, `recommendations`,
and a signed `sigil_token`. Endpoint: https://mcp.sigil.tunnelmind.ai/mcp
- sigil_score_entity - Get the pre-computed trust score for one supply-chain entity (a publisher or
an SSP). Scores are recomputed daily from ads.txt health, supply-chain
directness, reach, and stability — deterministic, no ML black box.

Use this tool when:
- You want a fast standing trust signal for an entity without running checks.

Inputs:
- `entity_id` (required): `{type}:{domain}` — e.g. `publisher:nytimes.com` or
  `ssp:pubmatic.com`.

Returns: `trust_score` (0-1), `score_components`, the 14-day `trend`, and
`warnings`. Endpoint: https://mcp.sigil.tunnelmind.ai/mcp
- sigil_score_batch - Pre-computed trust scores for up to 200 entities in one call — built for an
agent evaluating many supply sources during campaign setup.

Use this tool when:
- You have a list of publishers/SSPs to grade at once.

Inputs:
- `entity_ids` (required): array of `{type}:{domain}` ids, up to 200.
- `weights` (optional): custom component weights to re-score with.

Returns: `count`, `scored_count`, and a per-entity `results` array (invalid
ids are reported inline, never failing the batch). Endpoint: https://mcp.sigil.tunnelmind.ai/mcp
- sigil_atap_register_ait - Register an ATAP v0.1 Agent Identity Token for a media-buying agent. Sigil
validates the capabilities + constraints against the `sigil:media_buyer:v1`
profile, signs the AIT as the witness, and returns it. Do this once per agent
campaign before witnessing any events.

Inputs:
- `profile` (required): must be `sigil:media_buyer:v1`.
- `operator` (required): the agent operator's canonical OAI.
- `capabilities` (required): array from the profile vocabulary.
- `constraints` (required): { currency, max_bid_cpm, supply_trust_minimum,
  budget_total_cap, allowed_channels, ... }.
- `attestation_policy` (required): { witness_granularity, block_interval_seconds
  (60-3600), receipt_generation }.
- `expires_at` (required): ISO date-time, <= 365 days out.

Returns: the signed AIT (note its `id` for subsequent witness calls). Endpoint: https://mcp.sigil.tunnelmind.ai/mcp
- sigil_atap_witness - Witness one agent-reported bid or budget event into an AIT's hash-chained
attestation log. Sigil validates the payload (rejecting any PII), classifies
the evidence tier — `anchored` if a bid cites a valid Sigil token, else
`asserted` — derives constraint violations, and signs the event.

Use this tool when:
- An ATAP-enrolled media-buyer agent submits a bid, win, loss, or budget
  decrement and you want it on the attestation record.

Inputs:
- `ait` (required): the AIT id.
- `event_type` (required): bid:submitted | bid:won | bid:lost | budget:decremented.
- `payload` (required): the event payload (see the sigil:media_buyer:v1 profile).

Returns: the signed witness event(s), the assigned `tier`, and any derived
constraint violations. (supply:verified events come from verify_supply_path,
not this tool.) Endpoint: https://mcp.sigil.tunnelmind.ai/mcp
- sigil_generate_receipt - Generate the ATAP v0.1 compliance Receipt for an AIT — the portable, signed
artifact a media buyer hands its principal. The receipt grades every event
witnessed / anchored / asserted and is verifiable offline with the bundled
verify.sh.

Use this tool when:
- A reporting period closes and you need a compliance export for the AIT.

Inputs:
- `ait` (required): the AIT id.
- `format` (optional): `full` (default) or `summary`.

Returns: JSON with `receipt_id` and `zip_base64` — base64-decode `zip_base64`
to a .zip, unpack it, and run verify.sh to verify the chain independently. Endpoint: https://mcp.sigil.tunnelmind.ai/mcp

## Resources
Not captured

## Prompts
Not captured

## Metadata
- Owner: ai.tunnelmind
- Version: 0.2.0
- Runtime: Streamable Http
- Transports: HTTP
- License: Not captured
- Language: Not captured
- Stars: Not captured
- Updated: May 25, 2026
- Source: https://registry.modelcontextprotocol.io