AI Agent Infrastructure

The quality layer every AI agent needs

Catch hallucinations. Block injections. Redact PII. Screen sanctions. Guard trades. 26 tools. One platform. Pay per call in SOL.

API Online \u00b7 <200ms avg
19.7%

of AI-generated packages are hallucinated

USENIX 2025

€20M

max GDPR fine for a single data breach

GDPR Art. 83

$440k

lost by one agent from a single decimal error

Lobstar 2026

New \u00b7 Privacy

Stop your agent from leaking regulated data

Agents write logs, file tickets, call third-party APIs, and store transcripts \u2014 and any of those can leak a customer's SSN, a card number, or a medical record. One unguarded egress is a reportable breach. The PII / PHI / PCI Firewall is the deterministic gate your agent calls before text crosses the boundary.

  • \u2713 Checksum-validated: cards (Luhn), IBANs (ISO-7064), UK NHS (mod-11), SIN \u2014 plus SSN, email, phone, IP
  • \u2713 PASS / FLAG / BLOCK, a redacted copy of the text, and a signed SHA-256 certificate
  • \u2713 block / flag / audit modes \u00b7 jurisdiction & type policy \u00b7 nothing stored, raw values never returned \u00b7 <20ms
Start free
scan-pii.sh
BLOCK
curl -X POST https://api.agent-toolbox.ai/v1/scan/pii \\
  -H "Content-Type: application/json" \\
  -d '{
    "text": "Patient SSN 219-09-9999, card 4111 1111 1111 1111"
  }'
{
  "verdict": "BLOCK",
  "categories": ["PII", "PCI"],
  "totalFindings": 2,
  "redactedText": "Patient SSN [REDACTED_US_SSN], card [REDACTED_CREDIT_CARD]",
  "certificate": "sha256:5f691771..."
}

26 tools. Six suites. One platform.

Composable, agent-callable APIs that verify and improve LLM outputs before they cause damage. Click any tool for capabilities and use cases.

Core quality checks

Security, privacy & analysis

Finance protection

Backed by real incidents: Lobstar $440k decimal error · Claude Code $1,446 unauthorized sweep

Compliance & safety

Deterministic, offline gates for regulated workflows — screen before you transact, dose before you advise

Agent, infra & legal

Deterministic guardrails for tool calls, infrastructure changes, and legal work

Data & validation

Deterministic validators for identifiers, structured output, and SQL

Catch it before it runs

Send AI-generated code. Get a verdict in milliseconds.

request.sh
curl -X POST https://api.agent-toolbox.ai/v1/validate/imports \\
  -H "Content-Type: application/json" \\
  -d '{
    "language": "python",
    "code": "import numpy\\nfrom superlogger import magic_log\\nimport pandas"
  }'
response.json
BLOCK
{
  "language": "python",
  "valid": [
    { "name": "numpy", "status": "valid", "registry": "pypi" },
    { "name": "pandas", "status": "valid", "registry": "pypi" }
  ],
  "hallucinated": [
    { "name": "superlogger", "status": "hallucinated", "evidence": "Not found on PyPI" }
  ],
  "verdict": "BLOCK",
  "totalImports": 3,
  "hallucinationRate": 0.33,
  "latencyMs": 142
}
PASS FLAG BLOCK
Model Context Protocol

Works with Claude, Warp, Cursor \u2014 any MCP client

Drop agent-toolbox into your MCP config and your agent gets all 26 tools out of the box \u2014 import validation, the hallucination firewall, secret & PII scanning, sanctions screening, medication safety, tool-argument validation, IaC risk gating, legal citation checks, token counting, and the full finance protection suite. No SDK, no glue code.

validate_imports verify_output distill_context scan_secrets scan_injection count_tokens scan_vulnerabilities scan_pii finance_units finance_price finance_symbol finance_token_risk finance_slippage finance_order_risk finance_position_check screen_sanctions rx_check check_tool_args check_infra_plan check_citation compute_deadline validate_identifier validate_schema scan_sql scan_command scan_url
mcpServers config (all clients)
{
  "mcpServers": {
    "agentoolbox": {
      "command": "npx",
      "args": ["-y", "agentoolbox-mcp"]
    }
  }
}

Add the above to your MCP config file. Works with:

  • Claude Desktop ~/Library/Application Support/Claude/claude_desktop_config.json
  • Cursor ~/.cursor/mcp.json
  • Warp ~/.warp/mcp.json
  • VS Code (Cline/Continue) .vscode/mcp.json

Or run directly: npx -y agentoolbox-mcp

Start free. Pay per call in SOL.

No subscriptions. No invoices. Agents pay autonomously on-chain.

Free

$0 forever
  • \u2713 10 calls per IP
  • \u2713 No auth needed
  • \u2713 All 26 endpoints
Try it now
Live

Pay-as-you-go

0.0001 SOL / call
  • /v1/scan/pii new 0.0001 SOL
  • /v1/compliance/sanctions new 0.0001 SOL
  • /v1/health/rx-check new 0.0002 SOL
  • /v1/agent/tool-args new 0.0001 SOL
  • /v1/infra/plan/risk new 0.0002 SOL
  • /v1/validate/identifier new 0.0001 SOL
  • /v1/scan/sql new 0.0001 SOL
  • /v1/scan/command new 0.0001 SOL
  • /v1/scan/url new 0.0001 SOL
  • /v1/verify 0.0002 SOL
  • /v1/finance/order/risk 0.0005 SOL
  • /v1/validate/imports 0.0001 SOL

1 SOL = 10,000 calls • No subscription • Agents pay autonomously

How to pay →

Service Wallet \u2014 send SOL here to purchase credits

8qXedRydihKEETqU64UXtG2sYZaUhwR4HBFz4Suu27CV

View on Explorer →

Use your Solana transaction signature as the Bearer token on your first API call. Credits are verified on-chain instantly. Or query GET /v1/pricing for programmatic discovery.

Package Validator

POST /v1/validate/imports

Every import in AI-generated code is checked against the live package registry for its language, in parallel. Catches slopsquatting — hallucinated package names that do not exist (or worse, were registered by an attacker) before your agent runs pip or npm install.

Capabilities

  • \u2022Live registry checks: PyPI, npm, crates.io, Go
  • \u2022Parallel lookups, typically under 200ms
  • \u2022Classifies each import valid / hallucinated / unknown
  • \u2022Returns a hallucination rate for the whole snippet

Use cases

  • \u2192Gate AI-generated code before install or execution
  • \u2192Coding agents and autonomous dev pipelines
  • \u2192PR bots reviewing generated dependencies
1 credit · ~$0.015 <200ms Start free \u2192

Hallucination Firewall

POST /v1/verify

The hallucination firewall runs every applicable check in parallel and returns a single PASS/FLAG/BLOCK verdict with a tamper-evident certificate. For code it validates packages; for prose it checks URLs, DOI/arXiv citations, numeric contradictions, and can ground claims against supplied source docs.

Capabilities

  • \u2022Package, URL, DOI/arXiv, and numeric-contradiction checks
  • \u2022Optional NLI grounding against supplied source texts
  • \u2022PASS / FLAG / BLOCK with per-claim evidence
  • \u2022SHA-256 certificate for audit

Use cases

  • \u2192Final gate before accepting any LLM output
  • \u2192RAG answers grounded in documents
  • \u2192Research and report generation
2 credits · ~$0.030 <500ms Start free \u2192

Context Distiller

POST /v1/distill

Compresses a bloated conversation to a token budget using TF-IDF importance scoring. Always keeps the system prompt and the most recent turns, then fills the remaining budget with the highest-signal messages — up to about 80% smaller.

Capabilities

  • \u2022TF-IDF importance scoring
  • \u2022Preserves system prompt and recency
  • \u2022Deterministic, under 50ms
  • \u2022Optional LLMLingua-2 backend

Use cases

  • \u2192Long-running agents hitting context limits
  • \u2192Cutting token spend on repeated loops
  • \u2192Summarizing history before a model call
1 credit · ~$0.015 <50ms Start free \u2192

Secret Scanner

POST /v1/scan/secrets

Detects hardcoded credentials in AI-generated code before they reach git or production. Every match is redacted — only the type, severity, and line number are returned.

Capabilities

  • \u202210 detectors: AWS, GitHub, OpenAI, Anthropic, private keys, DB URLs, passwords, high-entropy strings
  • \u2022Severity: critical / high / medium
  • \u2022Redacted output with line numbers
  • \u2022Under 10ms, no network calls

Use cases

  • \u2192Pre-commit and pre-deploy scanning of generated code
  • \u2192Coding agents writing config files
  • \u2192CI secret gates
1 credit · ~$0.015 <10ms Start free \u2192

Injection Detector

POST /v1/scan/injection

Screens untrusted user input for prompt-injection before it reaches your LLM — instruction overrides, role hijacking, jailbreaks, data-exfiltration attempts, and encoding tricks — returning a risk band and the matched patterns.

Capabilities

  • \u202220+ weighted attack patterns
  • \u2022Risk bands: safe / suspicious / injection
  • \u2022Unicode direction-override and base64 trick detection
  • \u2022Under 10ms

Use cases

  • \u2192Chatbots and customer-support agents
  • \u2192Any app forwarding user text to an LLM
  • \u2192RAG over user-supplied content
1 credit · ~$0.015 <10ms Start free \u2192

Token Counter

POST /v1/tokens/count

BPE-approximate token counting with per-model cost estimates. Know your spend and check context-window fit before you make the call.

Capabilities

  • \u2022Text or chat-messages input
  • \u2022GPT-4, GPT-3.5, Claude, Gemini, generic
  • \u2022Per-message breakdown plus context-window remaining
  • \u2022USD cost estimate

Use cases

  • \u2192Budget and guard token spend
  • \u2192Decide when to distill
  • \u2192Cost dashboards and quotas
1 credit · ~$0.015 <10ms Start free \u2192

Vulnerability Scanner

POST /v1/scan/vulnerabilities

Checks package names against the OSV (Open Source Vulnerabilities) database and returns the CVEs and GHSAs affecting them — before dependencies are installed.

Capabilities

  • \u2022OSV / CVE / GHSA lookup
  • \u2022PyPI, npm, crates.io, Go
  • \u2022Severity and aliases per finding
  • \u2022Batch queries

Use cases

  • \u2192Post-validation dependency safety
  • \u2192Supply-chain gates
  • \u2192Agent-written build and lock files
2 credits · ~$0.030 <500ms Start free \u2192

PII / PHI / PCI Firewall

POST /v1/scan/pii

The deterministic gate an agent calls before text crosses a trust boundary — a log line, a ticket, a third-party API, or a persisted transcript. It detects regulated personal data, redacts it, and returns a signed PASS/FLAG/BLOCK verdict. No network calls, nothing leaves the box, and raw values are never echoed back.

Capabilities

  • \u2022Checksum-validated: credit cards (Luhn), IBANs (ISO-7064 mod-97), UK NHS (mod-11), Canadian SIN (Luhn)
  • \u2022Structural: US SSN (SSA rules), email, phone, IPv4 — with overlap resolution
  • \u2022PII / PHI / PCI categories and severity scoring
  • \u2022Format-preserving masking plus a fully redacted copy of the input
  • \u2022Enforcement modes: block / flag / audit
  • \u2022Policy: severity threshold, allowTypes, jurisdictions, redact on/off
  • \u2022Tamper-evident SHA-256 certificate bound to the input hash

Use cases

  • \u2192Support agents: strip SSNs and cards before writing tickets or transcripts
  • \u2192Healthcare and telehealth copilots: keep PHI out of prompts and non-BAA vendors
  • \u2192Fintech and PCI: block raw card numbers from leaving the boundary
  • \u2192HR and recruiting agents: guard employee records and offer letters
  • \u2192GDPR / HIPAA / CCPA: a pre-flight gate plus an audit certificate for every egress
1 credit · ~$0.015 <20ms Start free \u2192

Command Safety Gate

POST /v1/scan/command

The gate an agent calls before it executes a shell command. A quote-, comment-, and substitution-aware parser splits the command into segments and matches each against a bundled catalog of dangerous patterns — recursive root deletes, piping a remote download into a shell, raw disk writes, fork bombs, world-writable chmod, privilege escalation, force-pushes to protected refs, cluster/volume destroys, security disables, and data exfiltration — without ever executing it. Keywords inside quoted strings never false-positive.

Capabilities

  • \u202218 rules across critical / high / medium / low severity
  • \u2022Quote-, comment- and substitution-aware segment parser
  • \u2022Detects rm -rf, curl|sh, dd, fork bombs, chmod 777, force-push, kubectl delete
  • \u2022Policy: allow-list rule IDs, protected git refs, max segments
  • \u2022Deterministic and offline (never executes), with a SHA-256 certificate

Use cases

  • \u2192Gate shell commands from coding and computer-use agents
  • \u2192Sandbox and CI command allow-listing
  • \u2192Block accidental destructive operations before they run
  • \u2192A safety net in front of any exec/tool that shells out
1 credit · ~$0.015 <5ms Start free \u2192

URL / SSRF Gate

POST /v1/scan/url

The gate an agent calls before it fetches a URL or navigates a browser. It parses the URL, normalizes IP obfuscations (decimal, octal, hex, IPv6), and classifies the host against bundled reserved-range tables — flagging cloud instance-metadata endpoints, RFC-1918 private / loopback / link-local targets, denied schemes (file:, gopher:), credentials embedded in the URL, and punycode/homograph hosts. Fully offline by default; an optional DNS check catches rebinding to internal addresses.

Capabilities

  • \u2022Blocks cloud metadata endpoints (169.254.169.254) — the classic SSRF exfiltration
  • \u2022Classifies private / loopback / link-local / reserved targets
  • \u2022Decodes decimal / octal / hex / IPv6 IP obfuscation
  • \u2022Scheme, allow/deny-host, port, and credentials-in-URL policy
  • \u2022Deterministic and offline by default (opt-in DNS-rebinding check), with a certificate

Use cases

  • \u2192Gate outbound requests from tool-calling and browser agents
  • \u2192Prevent SSRF to cloud metadata and internal services
  • \u2192Egress allow-listing for autonomous agents
  • \u2192Catch obfuscated-IP and DNS-rebinding tricks pre-fetch
1 credit · ~$0.015 <5ms Start free \u2192

Units Sanity Check

POST /v1/finance/units

Validates a raw on-chain amount against the intended UI amount using the token authoritative decimals. Catches the catastrophic decimal-scaling error — sending 1000x too many tokens.

Capabilities

  • \u2022Authoritative decimals from DexScreener and Solana RPC
  • \u2022Blocks over 1% deviation
  • \u2022Works across Solana and EVM chains
  • \u2022Under 10ms once decimals are known

Use cases

  • \u2192Any agent building a transfer transaction
  • \u2192Treasury and payout bots
  • \u2192The Lobstar $440k check
1 credit · ~$0.015 <10ms Start free \u2192

Cross-Source Price Validator

POST /v1/finance/price

Cross-validates an asset price against two independent live sources and blocks stale or divergent data. Flags a proposed price that deviates from consensus.

Capabilities

  • \u2022CoinGecko + DexScreener (crypto), yahoo-finance2 (stocks)
  • \u2022Staleness and divergence checks
  • \u2022Consensus price plus per-source breakdown
  • \u2022Proposed-price deviation flag

Use cases

  • \u2192Pre-trade price sanity
  • \u2192Guard against hallucinated prices
  • \u2192Portfolio valuation
2 credits · ~$0.030 ~300ms Start free \u2192

Symbol / Token Resolver

POST /v1/finance/symbol

Resolves a ticker or token to a confirmed identity and flags ambiguity — because symbols collide. USDC has 200+ imposters on Solana. Always resolve by address for crypto.

Capabilities

  • \u2022Address and symbol resolution
  • \u2022Liquidity-ranked matches
  • \u2022Ambiguity detection
  • \u2022Expected-name confirmation

Use cases

  • \u2192Confirm the right token before trading
  • \u2192Avoid imposter tokens
  • \u2192Symbol to address mapping
1 credit · ~$0.015 ~200ms Start free \u2192

Rug Pull Scanner

POST /v1/finance/token/risk

Rug-pull scanner: a RugCheck.xyz score plus on-chain mint and freeze authority verification. Blocks tokens with active mint authority, unlocked LP, or a rug score above threshold.

Capabilities

  • \u2022RugCheck score plus on-chain authority checks
  • \u2022Mint and freeze authority flags
  • \u2022LP-lock check
  • \u2022Configurable thresholds

Use cases

  • \u2192Screen new or unknown tokens
  • \u2192Memecoin trading agents
  • \u2192Pre-buy safety gate
3 credits · ~$0.045 ~500ms Start free \u2192

Slippage / Liquidity Guard

POST /v1/finance/slippage

Estimates price impact from live pool liquidity (constant-product AMM) so a large order does not drain a thin pool. Flags implausible volume-to-liquidity ratios that suggest wash trading.

Capabilities

  • \u2022Price-impact estimate from pool depth
  • \u2022Configurable max impact and min liquidity
  • \u2022Wash-trading flag
  • \u2022DexScreener pool data

Use cases

  • \u2192Size trades to available liquidity
  • \u2192Avoid thin-pool disasters
  • \u2192Pre-trade impact preview
2 credits · ~$0.030 ~200ms Start free \u2192

Full Order Risk Scorer

POST /v1/finance/order/risk

The full pre-trade gate: runs token risk, slippage, price validation, and position limits in parallel and returns a composite verdict with the specific check that blocked it.

Capabilities

  • \u2022Runs all applicable finance checks at once
  • \u2022Composite PASS/FLAG/BLOCK plus blockedBy
  • \u2022Per-check score breakdown
  • \u2022One call

Use cases

  • \u2192Single-call pre-trade gate
  • \u2192Trading agents
  • \u2192propose then validate then execute
5 credits · ~$0.075 ~500ms Start free \u2192

Position Guardian

POST /v1/finance/position/check

Deterministic position-limit and kill-switch gate — no external calls, pure arithmetic. The final, non-overridable gate before executing a trade.

Capabilities

  • \u2022Max position %, daily-loss, leverage, open positions
  • \u2022Asset allowlist plus a hard USD cap
  • \u2022Kill-switch
  • \u2022Under 1ms, no network

Use cases

  • \u2192Non-overridable safety gate
  • \u2192Risk limits for autonomous traders
  • \u2192The Claude Code sweep fix
1 credit · ~$0.015 <1ms Start free \u2192

Sanctions Screening

POST /v1/compliance/sanctions

The deterministic gate an agent calls before it onboards, pays, ships to, or contracts with a counterparty. Names are normalized (diacritics, punctuation, org suffixes) and matched against a bundled OFAC snapshot by exact name, alias, and token-sorted Jaro-Winkler similarity. No network calls — the lists ship with the tool — and every verdict carries a tamper-evident certificate.

Capabilities

  • \u2022OFAC SDN + Consolidated lists, matched by name and alias
  • \u2022Exact, alias, and fuzzy (token-sorted Jaro-Winkler) matching
  • \u2022PASS / FLAG / BLOCK with per-match score, program, and jurisdiction
  • \u2022Filter by list and entity type; tunable fuzzy threshold
  • \u2022Deterministic and offline, with a SHA-256 certificate

Use cases

  • \u2192KYC / onboarding agents screening new customers or vendors
  • \u2192Payments and payouts: block transfers to sanctioned parties
  • \u2192Marketplaces, logistics, and hiring — restricted-party checks
  • \u2192A pre-flight compliance gate with an audit certificate
1 credit · ~$0.015 <10ms Start free \u2192

Medication Safety Gate

POST /v1/health/rx-check

A deterministic safety net for healthcare copilots and prescription workflows. It validates dose units (catching the 1000× mg/mcg error), checks total daily doses against known maximums including weight-based ranges, and screens every drug pair against a curated interaction table. Every result carries a signed certificate and a clear not-medical-advice disclaimer.

Capabilities

  • \u2022Unit-confusion detection (e.g. levothyroxine dosed in mg vs mcg)
  • \u2022Overdose checks vs. max daily dose, incl. weight-based (mg/kg)
  • \u2022Drug-drug interaction screening across a curated table
  • \u2022Severity moderate / major / contraindicated → FLAG or BLOCK
  • \u2022Deterministic and offline; signed certificate; not medical advice

Use cases

  • \u2192Telehealth and clinical copilots drafting medication lists
  • \u2192Pharmacy and e-prescribing assistants
  • \u2192Patient-facing agents that must never suggest an unsafe combo
  • \u2192A final safety gate before any dosing instruction is shown
2 credits · ~$0.030 <10ms Start free \u2192

Tool-Argument Firewall

POST /v1/agent/tool-args

A generic business-rules gate for any function/tool call an agent is about to make. Declare a schema (types, required, enums, ranges, patterns, units) plus cross-field rules, and it returns PASS/FLAG/BLOCK with a precise list of violations before the call executes — catching the class of bug where an agent passes dollars where cents are expected, a null into a required field, or a value outside its allowed range.

Capabilities

  • \u2022Type, required, enum, range, length, and regex checks
  • \u2022Null-safety and unknown-argument detection
  • \u2022Unit-coercion heuristics (dollars vs cents, the Stripe ×100 bug)
  • \u2022Cross-field rules (e.g. min <= max) with severity-based verdicts
  • \u2022Deterministic and offline, with a SHA-256 certificate

Use cases

  • \u2192Gate any agent tool/function call touching money or quantities
  • \u2192Validate arguments before a destructive or irreversible action
  • \u2192Enforce business policy on LLM-generated parameters
  • \u2192A cheap, universal pre-execution guardrail
1 credit · ~$0.015 <5ms Start free \u2192

IaC Risk Gate

POST /v1/infra/plan/risk

The gate an agent calls before it applies infrastructure changes. Feed it a Terraform plan JSON (terraform show -json), an AWS IAM policy, or a Kubernetes manifest and it statically flags high-blast-radius risks — public 0.0.0.0/0 exposure, public buckets, IAM Action/Resource wildcards, destroy/replace of stateful resources, privileged or hostNetwork pods — with no cloud credentials and no network calls.

Capabilities

  • \u2022Terraform plan JSON, AWS IAM, and Kubernetes manifests
  • \u202220 bundled CIS/OPA-style rules across the three formats
  • \u2022Flags public exposure, IAM wildcards, stateful destroys, privileged pods
  • \u2022Severity-ranked findings with rule IDs; tunable block threshold
  • \u2022Deterministic and offline (no cloud credentials)

Use cases

  • \u2192Gate IaC changes an agent proposes before apply
  • \u2192PR bots reviewing Terraform / Kubernetes / IAM diffs
  • \u2192Guardrails for autonomous DevOps and platform agents
  • \u2192Catch blast-radius mistakes before they reach production
2 credits · ~$0.030 <10ms Start free \u2192

Citation Validator

POST /v1/legal/cite

The gate for any agent that cites case law. It parses and validates citations like "347 U.S. 483 (1954)" against a bundled table of 150+ reporter abbreviations, flags malformed structure, unknown reporters, and implausible years, and — when you supply the source text — verifies the quote actually appears, catching fabricated quotations before they reach a brief or a client.

Capabilities

  • \u2022Parses volume / reporter / page / year
  • \u2022150+ Bluebook reporter abbreviations
  • \u2022Flags malformed, unknown-reporter, and implausible-year cites
  • \u2022Quote-fidelity check against supplied source text
  • \u2022Deterministic and offline, with a SHA-256 certificate

Use cases

  • \u2192Legal research and brief-drafting copilots
  • \u2192Catch hallucinated or fabricated case citations
  • \u2192Verify quotations against the record before filing
  • \u2192A citation gate for any law-facing agent
2 credits · ~$0.030 <5ms Start free \u2192

Deadline Calculator

POST /v1/legal/deadline

Deterministic deadline arithmetic for legal and compliance workflows. Count a number of court days (skipping weekends and US federal holidays, with observed-day rules) or calendar days, forward or backward from a start date, and get the resolved date plus exactly which days were skipped — so an agent never miscounts a filing deadline.

Capabilities

  • \u2022Court-day mode skips weekends + US federal holidays (2020–2035)
  • \u2022Calendar-day mode counts every day
  • \u2022Count forward (after) or backward (before)
  • \u2022Returns the resolved date and the days skipped
  • \u2022Deterministic and offline, with a SHA-256 certificate

Use cases

  • \u2192Compute filing and response deadlines
  • \u2192Statute-of-limitations math
  • \u2192Docketing and calendaring agents
  • \u2192Any deadline an agent must not miscount
1 credit · ~$0.015 <5ms Start free \u2192

Identifier Validator

POST /v1/validate/identifier

The deterministic gate an agent calls before it stores, pays to, or transacts against a structured identifier. Each value is validated by its real check digit or format rule — Luhn for cards, ISO-7064 mod-97 for IBANs, mod-11 transliteration for VINs, EIP-55 for Ethereum addresses, base58 for Solana — and the type is auto-detected when not given. Sensitive values (cards, SSNs) are masked in the response.

Capabilities

  • \u202211 identifier types: IBAN, ABA, SWIFT/BIC, card, EIN, EU VAT, VIN, NPI, SSN, ETH, SOL
  • \u2022Real checksums: Luhn, ISO-7064, mod-11, EIP-55 keccak, base58
  • \u2022Auto-detection or explicit type; batch input
  • \u2022Card and SSN values masked to the last 4
  • \u2022Deterministic and offline, with a SHA-256 certificate

Use cases

  • \u2192KYC / onboarding and payment-setup agents
  • \u2192Validate bank, tax, and crypto identifiers before use
  • \u2192Catch mistyped or fabricated account numbers pre-transaction
  • \u2192A cross-industry data-entry guardrail
1 credit · ~$0.015 <5ms Start free \u2192

Schema Conformance

POST /v1/validate/schema

The gate an agent calls to prove its own (or a tool's) structured output matches the contract before acting on it. A dependency-free JSON Schema validator (Draft-07 subset) that returns every error with a precise JSON path — types, required fields, enums, numeric ranges, string patterns and formats, array/object constraints, and oneOf/anyOf/allOf/not.

Capabilities

  • \u2022Draft-07 subset: type, required, enum, const, ranges, pattern, format
  • \u2022Arrays (tuple + single), uniqueItems, additionalProperties
  • \u2022oneOf / anyOf / allOf / not and local $ref
  • \u2022Per-error JSON paths; depth + size guards
  • \u2022Deterministic and offline, with a SHA-256 certificate

Use cases

  • \u2192Gate an LLM's structured / tool-call output before acting
  • \u2192Validate API request/response payloads in agent pipelines
  • \u2192Enforce a data contract without shipping ajv
  • \u2192Catch malformed JSON before it hits downstream systems
1 credit · ~$0.015 <5ms Start free \u2192

SQL Safety Gate

POST /v1/scan/sql

The gate an agent calls before it runs SQL. A comment- and string-literal-aware tokenizer scans each statement for high-risk patterns — an unbounded DELETE/UPDATE, DROP or TRUNCATE, a WHERE 1=1 tautology, stacked statements, UNION-based injection, or a privilege change — without ever connecting to a database. Keywords inside string literals never false-positive.

Capabilities

  • \u2022Unbounded DELETE/UPDATE, DROP/TRUNCATE, tautology, UNION-injection rules
  • \u2022Comment- and string-literal-aware tokenizer (no false positives)
  • \u2022Postgres / MySQL / SQLite / T-SQL / generic dialects
  • \u2022Severity-ranked findings; tunable policy (allow DDL, max statements)
  • \u2022Deterministic and offline (no DB connection), with a certificate

Use cases

  • \u2192Gate agent-generated SQL before execution
  • \u2192Text-to-SQL and analytics copilots
  • \u2192Block accidental mass deletes and drops
  • \u2192A safety net in front of any database tool
1 credit · ~$0.015 <5ms Start free \u2192