servers / sigil
Sigil MCP server
communitystreamable_httpremotewrite capablehealthy
Programmatic-advertising supply verification: ads.txt, schain, ATAP receipts, cross_lens_verify.
01Tools · 12
| Tool | Risk | Side effects | Approval |
|---|---|---|---|
| cross_lens_verify A2 — the cross-lens join. Fuse TunnelMind's two lenses (Scry attacker
intelligence + Sigil supply graph) into ONE verdict on a single node key.
This is the moat: no siloed competitor owns both halves of the graph, so
the fused `cross_lens` block carries information neither lens can supply
alone.
Use this tool when:
- An agent must decide whether to transact with an IP, domain, ASN, or
entity_slug, and a one-lens answer is not enough.
- You want a single composite trust verdict instead of running
Scry + Sigil calls separately and reconciling them by hand.
Inputs:
- `node` (required): an IPv4 address, a domain, an ASN (e.g. `AS64500`),
or an entity_slug. Type is auto-detected.
- `weights` (optional): per-component weight overrides.
- `thresholds` (optional): `{ pass, fail }` verdict cutoffs (defaults 0.7 / 0.3).
- `ait` (optional): an ATAP AIT id. When present, the verdict is chained
onto the AIT as a witness-tier `cross_lens:verified` event signed by
Sigil (witness OAI-2026-0000201) — replayable evidence, not just JSON.
Returns: per-lens `scry` + `sigil` blocks (transparency), a fused
`cross_lens` block with `verdict` / `trust_score` / `confidence` /
`signals` / `recommendations`, a 5-minute signed `sigil_token`, and a
`witnessed_event` block when an AIT was supplied.
Failure semantics: each lens fails independently. Single-lens answers
still return 200 with a `confidence` of 0.55. Returns 503 only when BOTH
lenses are unavailable. | unknown | unknown | unknown |
| sigil_score_entity Get the pre-computed trust score for one supply-chain entity (a publisher or
an SSP). Scores are recomputed daily from ads.txt health, supply-chain
directness, reach, and stability — deterministic, no ML black box.
Use this tool when:
- You want a fast standing trust signal for an entity without running checks.
Inputs:
- `entity_id` (required): `{type}:{domain}` — e.g. `publisher:nytimes.com` or
`ssp:pubmatic.com`.
Returns: `trust_score` (0-1), `score_components`, the 14-day `trend`, and
`warnings`. | read | false | unknown |
| sigil_score_batch Pre-computed trust scores for up to 200 entities in one call — built for an
agent evaluating many supply sources during campaign setup.
Use this tool when:
- You have a list of publishers/SSPs to grade at once.
Inputs:
- `entity_ids` (required): array of `{type}:{domain}` ids, up to 200.
- `weights` (optional): custom component weights to re-score with.
Returns: `count`, `scored_count`, and a per-entity `results` array (invalid
ids are reported inline, never failing the batch). | read | false | unknown |
| sigil_atap_register_ait Register an ATAP v0.1 Agent Identity Token for a media-buying agent. Sigil
validates the capabilities + constraints against the `sigil:media_buyer:v1`
profile, signs the AIT as the witness, and returns it. Do this once per agent
campaign before witnessing any events.
Inputs:
- `profile` (required): must be `sigil:media_buyer:v1`.
- `operator` (required): the agent operator's canonical OAI.
- `capabilities` (required): array from the profile vocabulary.
- `constraints` (required): { currency, max_bid_cpm, supply_trust_minimum,
budget_total_cap, allowed_channels, ... }.
- `attestation_policy` (required): { witness_granularity, block_interval_seconds
(60-3600), receipt_generation }.
- `expires_at` (required): ISO date-time, <= 365 days out.
Returns: the signed AIT (note its `id` for subsequent witness calls). | unknown | unknown | unknown |
| sigil_verify_supply_path The core pre-bid check. Verify the trustworthiness of one programmatic ad
supply path and get back a composite trust verdict plus a signed proof token.
Sigil composes ads.txt authorization, datacenter-IP classification, Scry
fraud-corpus lookup, and app-bundle checks into one score.
Use this tool when:
- An ad-buying agent is about to bid and must confirm the supply is genuine.
- You want one call instead of running ads.txt / IP / bundle checks separately.
Inputs:
- `supply_path` (required): { publisher_domain, exchange, seller_id, and
optionally ip_address, app_bundle:{bundle_id,platform} }.
- `ait` (optional): an ATAP AIT id — when present, Sigil records this
verification as a witnessed attestation event and binds the token to it.
Returns: `trust_score` (0-1), `verdict` (pass/warn/fail/unknown), per-check
results, `recommendations`, and a signed `sigil_token` (5-min) to attach to
the bid as proof. The submitted IP is used for lookup only — never stored. | read | false | unknown |
| sigil_verify_ads_txt Check whether an exchange/SSP is authorized to sell a publisher's inventory,
per the publisher's ads.txt file. Fast cached lookup against Sigil's daily
crawl of the top ~10k publisher domains.
Use this tool when:
- You need a single, narrow authorization check (not a full supply-path score).
- You are validating a (publisher, exchange, seller_id) triple from a bid request.
Inputs:
- `publisher_domain`, `exchange_domain`, `seller_id` (all required).
- `resolve_chain` (optional): when true and the entry is RESELLER, Sigil walks
one hop into the exchange's sellers.json to identify the upstream seller.
Returns: `verified` (true/false/null), `confidence`, the matched ads.txt entry,
and any `warnings` (e.g. seller_type mismatch). | read | false | unknown |
| sigil_verify_ip_type Classify an IPv4 address as datacenter, residential, mobile, or unknown.
Detects datacenter traffic posing as real user devices. Stateless — the IP
is never logged or stored.
Use this tool when:
- You need to know whether bid-request traffic originates from a datacenter.
Inputs:
- `ip` (required): an IPv4 address.
Returns: `ip_type`, `confidence` (high/medium/low), and the ASN + AS-org name. | unknown | unknown | unknown |
| sigil_verify_app_bundle Verify that a mobile/CTV app bundle ID actually exists in its app store and,
optionally, that the listed developer matches. Detects bundle-ID spoofing in
bid requests.
Use this tool when:
- A bid request names an app bundle and you must confirm the app is real.
Inputs:
- `bundle_id` (required), `platform` (required: ios | android | ctv_* | web),
- `claimed_developer` (optional): developer name to match against the listing.
Returns: `verified` (true/false/null), the store listing, and `developer_match`. | unknown | unknown | unknown |
| sigil_verify_supply_chain Verify a full OpenRTB SupplyChain (schain) object — every node, end to end.
Per node Sigil checks the seller against the exchange sellers.json and the
origin ads.txt, then returns a per-node and aggregate verdict plus a signed
token.
Use this tool when:
- A bid request carries an OpenRTB `schain` and you want it verified verbatim.
Inputs:
- `schain` (required): an OpenRTB SupplyChain object ({ ver, complete,
nodes:[{asi,sid,hp}] }).
- `site_domain` or `app_bundle` (optional): the inventory origin, checked
against node[0] via ads.txt / OWNERDOMAIN.
Returns: per-node `nodes` results, an aggregate `verdict`, `recommendations`,
and a signed `sigil_token`. | unknown | unknown | unknown |
| traverse_supply_chain Walk the supply graph for a publisher domain and get back the ITEMIZED
sell paths — distinct from sigil_verify_supply_chain (which verifies a
schain you BRING) and from the dark-pool-risk signal (which only returns
counts). Here Sigil reconstructs the paths from its own crawl: every SSP
the publisher declares it sells through, joined to that SSP's identity and
classified two-sided against the SSP's sellers.json.
Use this tool when:
- You have a publisher domain but no schain, and want to SEE its real
authorized supply paths and where the opacity is.
- dark-pool-risk flagged a publisher and you need the specific contradicted
paths driving the risk, not just the aggregate.
Inputs:
- `domain` (required): the publisher domain, e.g. `cnn.com`.
- `limit` (optional): max paths returned (default 200, cap 500). The list
is ordered riskiest-first (contradicted, then reseller) so a truncated
page is still the most useful; the `supply_paths` counts are always over
the FULL set.
Returns: `supply_paths` aggregate counts (total / direct / reseller /
corroborated / contradicted / unchecked) and `paths[]`, each with the SSP
identity, `seller_id`, `seller_type`, `klass` (corroborated = seat present;
contradicted = SSP crawled but seller_id absent → real risk; unchecked =
SSP not yet crawled → not risk), and `resells_to` (one level of downstream
reseller expansion). Returns in_supply_graph:false if the domain is not in
the crawled corpus. | write | true | unknown |
| sigil_atap_witness Witness one agent-reported bid or budget event into an AIT's hash-chained
attestation log. Sigil validates the payload (rejecting any PII), classifies
the evidence tier — `anchored` if a bid cites a valid Sigil token, else
`asserted` — derives constraint violations, and signs the event.
Use this tool when:
- An ATAP-enrolled media-buyer agent submits a bid, win, loss, or budget
decrement and you want it on the attestation record.
Inputs:
- `ait` (required): the AIT id.
- `event_type` (required): bid:submitted | bid:won | bid:lost | budget:decremented.
- `payload` (required): the event payload (see the sigil:media_buyer:v1 profile).
Returns: the signed witness event(s), the assigned `tier`, and any derived
constraint violations. (supply:verified events come from verify_supply_path,
not this tool.) | unknown | unknown | unknown |
| sigil_generate_receipt Generate the ATAP v0.1 compliance Receipt for an AIT — the portable, signed
artifact a media buyer hands its principal. The receipt grades every event
witnessed / anchored / asserted and is verifiable offline with the bundled
verify.sh.
Use this tool when:
- A reporting period closes and you need a compliance export for the AIT.
Inputs:
- `ait` (required): the AIT id.
- `format` (optional): `full` (default) or `summary`.
Returns: JSON with `receipt_id` and `zip_base64` — base64-decode `zip_base64`
to a .zip, unpack it, and run verify.sh to verify the chain independently. | write | true | unknown |
02Install & source
https://mcp.sigil.tunnelmind.ai/mcp
remote_url- repohttps://github.com/TunnelMind/sigil-mcp
- homepagehttps://mcp.sigil.tunnelmind.ai/mcp
- licenseApache-2.0
- adoption0 stars · 0 forks
03Access granted
Scrape a website · write
The access this server can exercise, inferred from its verified tools — not a declared OAuth scope.
05Provenance & freshness
sourcesOfficial MCP Registry [p1]
last_checked2026-07-06 20:51Z
next_check2026-07-08 01:29Z
cadenceevery 29h
verifiedtools_list:passed handshake:passed metadata:passed
index_statusindex — 9 unique facts >= 5
06Badge
Add the “as seen on MCPExplorer” badge to your README.
[](https://mcpexplorer.com/servers/sigil)
Next step
This is one server. A loadout combines the right servers, governance, and proven plays for a whole job — assembled deliberately, not tool-dumped.
Explore loadouts →