AI Agent Infrastructure

The quality layer every AI agent needs

Catch hallucinations. Block injections. Redact PII. Guard trades. 15 tools. One platform. Pay per call in SOL.

API Online · <200ms avg
19.7%

of AI-generated packages are hallucinated

USENIX 2025

€20M

max GDPR fine for a single data breach

GDPR Art. 83

\$440k

lost by one agent from a single decimal error

Lobstar 2026

New · Privacy

Stop your agent from leaking regulated data

Agents write logs, file tickets, call third-party APIs, and store transcripts — and any of those can leak a customer's SSN, a card number, or a medical record. One unguarded egress is a reportable breach. The PII / PHI / PCI Firewall is the deterministic gate your agent calls before text crosses the boundary.

  • Checksum-validated: cards (Luhn), IBANs (ISO-7064), UK NHS (mod-11), SIN — plus SSN, email, phone, IP
  • PASS / FLAG / BLOCK, a redacted copy of the text, and a signed SHA-256 certificate
  • block / flag / audit modes · jurisdiction & type policy · nothing stored, raw values never returned · <20ms
Start free
scan-pii.sh
BLOCK
curl -X POST https://agent-toolbox.ai/v1/scan/pii \\
  -H "Content-Type: application/json" \\
  -d '{
    "text": "Patient SSN 219-09-9999, card 4111 1111 1111 1111"
  }'
{
  "verdict": "BLOCK",
  "categories": ["PII", "PCI"],
  "totalFindings": 2,
  "redactedText": "Patient SSN [REDACTED_US_SSN], card [REDACTED_CREDIT_CARD]",
  "certificate": "sha256:5f691771..."
}

15 tools. Three suites. One platform.

Composable, agent-callable APIs that verify and improve LLM outputs before they cause damage. Click any tool for capabilities and use cases.

Core quality checks

Security, privacy & analysis

Finance protection

Backed by real incidents: Lobstar $440k decimal error · Claude Code $1,446 unauthorized sweep

Catch it before it runs

Send AI-generated code. Get a verdict in milliseconds.

request.sh
curl -X POST https://agent-toolbox.ai/v1/validate/imports \\
  -H "Content-Type: application/json" \\
  -d '{
    "language": "python",
    "code": "import numpy\\nfrom superlogger import magic_log\\nimport pandas"
  }'
response.json
BLOCK
{
  "language": "python",
  "valid": [
    { "name": "numpy", "status": "valid", "registry": "pypi" },
    { "name": "pandas", "status": "valid", "registry": "pypi" }
  ],
  "hallucinated": [
    { "name": "superlogger", "status": "hallucinated", "evidence": "Not found on PyPI" }
  ],
  "verdict": "BLOCK",
  "totalImports": 3,
  "hallucinationRate": 0.33,
  "latencyMs": 142
}
PASS FLAG BLOCK
Model Context Protocol

Works with Claude, Warp, Cursor — any MCP client

Drop agent-toolbox into your MCP config and your agent gets all 15 tools out of the box — import validation, the hallucination firewall, secret & PII scanning, token counting, and the full finance protection suite. No SDK, no glue code.

validate_imports verify_output distill_context scan_secrets scan_injection count_tokens scan_vulnerabilities scan_pii finance_units finance_price finance_symbol finance_token_risk finance_slippage finance_order_risk finance_position_check
claude_desktop_config.json
{
  "mcpServers": {
    "agentoolbox": {
      "command": "node",
      "args": ["/path/to/agentoolbox/packages/mcp/dist/index.js"]
    }
  }
}

Start free. Pay per call in SOL.

No subscriptions. No invoices. Agents pay autonomously on-chain.

Free

$0 forever
  • 10 calls per IP
  • No auth needed
  • All 15 endpoints
Try it now
Live

Pay-as-you-go

0.0001 SOL / call
  • /v1/scan/pii new 0.0001 SOL
  • /v1/verify 0.0002 SOL
  • /v1/finance/order/risk 0.0005 SOL
  • /v1/validate/imports 0.0001 SOL

1 SOL = 10,000 calls • No subscription • Agents pay autonomously

How to pay →

Service Wallet — send SOL here to purchase credits

8qXedRydihKEETqU64UXtG2sYZaUhwR4HBFz4Suu27CV

View on Explorer →

Use your Solana transaction signature as the Bearer token on your first API call. Credits are verified on-chain instantly. Or query GET /v1/pricing for programmatic discovery.

Package Validator

POST /v1/validate/imports

Every import in AI-generated code is checked against the live package registry for its language, in parallel. Catches slopsquatting — hallucinated package names that do not exist (or worse, were registered by an attacker) before your agent runs pip or npm install.

Capabilities

  • Live registry checks: PyPI, npm, crates.io, Go
  • Parallel lookups, typically under 200ms
  • Classifies each import valid / hallucinated / unknown
  • Returns a hallucination rate for the whole snippet

Use cases

  • Gate AI-generated code before install or execution
  • Coding agents and autonomous dev pipelines
  • PR bots reviewing generated dependencies
1 credit · ~$0.015 <200ms Start free →

Hallucination Firewall

POST /v1/verify

The hallucination firewall runs every applicable check in parallel and returns a single PASS/FLAG/BLOCK verdict with a tamper-evident certificate. For code it validates packages; for prose it checks URLs, DOI/arXiv citations, numeric contradictions, and can ground claims against supplied source docs.

Capabilities

  • Package, URL, DOI/arXiv, and numeric-contradiction checks
  • Optional NLI grounding against supplied source texts
  • PASS / FLAG / BLOCK with per-claim evidence
  • SHA-256 certificate for audit

Use cases

  • Final gate before accepting any LLM output
  • RAG answers grounded in documents
  • Research and report generation
2 credits · ~$0.030 <500ms Start free →

Context Distiller

POST /v1/distill

Compresses a bloated conversation to a token budget using TF-IDF importance scoring. Always keeps the system prompt and the most recent turns, then fills the remaining budget with the highest-signal messages — up to about 80% smaller.

Capabilities

  • TF-IDF importance scoring
  • Preserves system prompt and recency
  • Deterministic, under 50ms
  • Optional LLMLingua-2 backend

Use cases

  • Long-running agents hitting context limits
  • Cutting token spend on repeated loops
  • Summarizing history before a model call
1 credit · ~$0.015 <50ms Start free →

Secret Scanner

POST /v1/scan/secrets

Detects hardcoded credentials in AI-generated code before they reach git or production. Every match is redacted — only the type, severity, and line number are returned.

Capabilities

  • 10 detectors: AWS, GitHub, OpenAI, Anthropic, private keys, DB URLs, passwords, high-entropy strings
  • Severity: critical / high / medium
  • Redacted output with line numbers
  • Under 10ms, no network calls

Use cases

  • Pre-commit and pre-deploy scanning of generated code
  • Coding agents writing config files
  • CI secret gates
1 credit · ~$0.015 <10ms Start free →

Injection Detector

POST /v1/scan/injection

Screens untrusted user input for prompt-injection before it reaches your LLM — instruction overrides, role hijacking, jailbreaks, data-exfiltration attempts, and encoding tricks — returning a risk band and the matched patterns.

Capabilities

  • 20+ weighted attack patterns
  • Risk bands: safe / suspicious / injection
  • Unicode direction-override and base64 trick detection
  • Under 10ms

Use cases

  • Chatbots and customer-support agents
  • Any app forwarding user text to an LLM
  • RAG over user-supplied content
1 credit · ~$0.015 <10ms Start free →

Token Counter

POST /v1/tokens/count

BPE-approximate token counting with per-model cost estimates. Know your spend and check context-window fit before you make the call.

Capabilities

  • Text or chat-messages input
  • GPT-4, GPT-3.5, Claude, Gemini, generic
  • Per-message breakdown plus context-window remaining
  • USD cost estimate

Use cases

  • Budget and guard token spend
  • Decide when to distill
  • Cost dashboards and quotas
1 credit · ~$0.015 <10ms Start free →

Vulnerability Scanner

POST /v1/scan/vulnerabilities

Checks package names against the OSV (Open Source Vulnerabilities) database and returns the CVEs and GHSAs affecting them — before dependencies are installed.

Capabilities

  • OSV / CVE / GHSA lookup
  • PyPI, npm, crates.io, Go
  • Severity and aliases per finding
  • Batch queries

Use cases

  • Post-validation dependency safety
  • Supply-chain gates
  • Agent-written build and lock files
2 credits · ~$0.030 <500ms Start free →

PII / PHI / PCI Firewall

POST /v1/scan/pii

The deterministic gate an agent calls before text crosses a trust boundary — a log line, a ticket, a third-party API, or a persisted transcript. It detects regulated personal data, redacts it, and returns a signed PASS/FLAG/BLOCK verdict. No network calls, nothing leaves the box, and raw values are never echoed back.

Capabilities

  • Checksum-validated: credit cards (Luhn), IBANs (ISO-7064 mod-97), UK NHS (mod-11), Canadian SIN (Luhn)
  • Structural: US SSN (SSA rules), email, phone, IPv4 — with overlap resolution
  • PII / PHI / PCI categories and severity scoring
  • Format-preserving masking plus a fully redacted copy of the input
  • Enforcement modes: block / flag / audit
  • Policy: severity threshold, allowTypes, jurisdictions, redact on/off
  • Tamper-evident SHA-256 certificate bound to the input hash

Use cases

  • Support agents: strip SSNs and cards before writing tickets or transcripts
  • Healthcare and telehealth copilots: keep PHI out of prompts and non-BAA vendors
  • Fintech and PCI: block raw card numbers from leaving the boundary
  • HR and recruiting agents: guard employee records and offer letters
  • GDPR / HIPAA / CCPA: a pre-flight gate plus an audit certificate for every egress
1 credit · ~$0.015 <20ms Start free →

Units Sanity Check

POST /v1/finance/units

Validates a raw on-chain amount against the intended UI amount using the token authoritative decimals. Catches the catastrophic decimal-scaling error — sending 1000x too many tokens.

Capabilities

  • Authoritative decimals from DexScreener and Solana RPC
  • Blocks over 1% deviation
  • Works across Solana and EVM chains
  • Under 10ms once decimals are known

Use cases

  • Any agent building a transfer transaction
  • Treasury and payout bots
  • The Lobstar $440k check
1 credit · ~$0.015 <10ms Start free →

Cross-Source Price Validator

POST /v1/finance/price

Cross-validates an asset price against two independent live sources and blocks stale or divergent data. Flags a proposed price that deviates from consensus.

Capabilities

  • CoinGecko + DexScreener (crypto), yahoo-finance2 (stocks)
  • Staleness and divergence checks
  • Consensus price plus per-source breakdown
  • Proposed-price deviation flag

Use cases

  • Pre-trade price sanity
  • Guard against hallucinated prices
  • Portfolio valuation
2 credits · ~$0.030 ~300ms Start free →

Symbol / Token Resolver

POST /v1/finance/symbol

Resolves a ticker or token to a confirmed identity and flags ambiguity — because symbols collide. USDC has 200+ imposters on Solana. Always resolve by address for crypto.

Capabilities

  • Address and symbol resolution
  • Liquidity-ranked matches
  • Ambiguity detection
  • Expected-name confirmation

Use cases

  • Confirm the right token before trading
  • Avoid imposter tokens
  • Symbol to address mapping
1 credit · ~$0.015 ~200ms Start free →

Rug Pull Scanner

POST /v1/finance/token/risk

Rug-pull scanner: a RugCheck.xyz score plus on-chain mint and freeze authority verification. Blocks tokens with active mint authority, unlocked LP, or a rug score above threshold.

Capabilities

  • RugCheck score plus on-chain authority checks
  • Mint and freeze authority flags
  • LP-lock check
  • Configurable thresholds

Use cases

  • Screen new or unknown tokens
  • Memecoin trading agents
  • Pre-buy safety gate
3 credits · ~$0.045 ~500ms Start free →

Slippage / Liquidity Guard

POST /v1/finance/slippage

Estimates price impact from live pool liquidity (constant-product AMM) so a large order does not drain a thin pool. Flags implausible volume-to-liquidity ratios that suggest wash trading.

Capabilities

  • Price-impact estimate from pool depth
  • Configurable max impact and min liquidity
  • Wash-trading flag
  • DexScreener pool data

Use cases

  • Size trades to available liquidity
  • Avoid thin-pool disasters
  • Pre-trade impact preview
2 credits · ~$0.030 ~200ms Start free →

Full Order Risk Scorer

POST /v1/finance/order/risk

The full pre-trade gate: runs token risk, slippage, price validation, and position limits in parallel and returns a composite verdict with the specific check that blocked it.

Capabilities

  • Runs all applicable finance checks at once
  • Composite PASS/FLAG/BLOCK plus blockedBy
  • Per-check score breakdown
  • One call

Use cases

  • Single-call pre-trade gate
  • Trading agents
  • propose then validate then execute
5 credits · ~$0.075 ~500ms Start free →

Position Guardian

POST /v1/finance/position/check

Deterministic position-limit and kill-switch gate — no external calls, pure arithmetic. The final, non-overridable gate before executing a trade.

Capabilities

  • Max position %, daily-loss, leverage, open positions
  • Asset allowlist plus a hard USD cap
  • Kill-switch
  • Under 1ms, no network

Use cases

  • Non-overridable safety gate
  • Risk limits for autonomous traders
  • The Claude Code sweep fix
1 credit · ~$0.015 <1ms Start free →