AI agents fetch URLs, follow links, and act on domains they've never seen before. Most of the time that's fine. Sometimes it isn't — phishing infrastructure, newly registered lookalike domains, brand impersonation sites, or plain malware hosting.
Entropy0 adds a trust gate between your agent and the external web. One API call returns a machine-readable recommended action your agent can reason about before it fetches, navigates, or transacts.
POST /v1/decide
{ "domain": "secure-login-verify-account.xyz" }
→ recommended_action: "deny"
confidence: 91%
signals: [NEWLY_REGISTERED_DOMAIN, BRAND_MISMATCH, CERTIFICATE_ANOMALY]
| Package | Registry | Description |
|---|---|---|
entropy0-langchain |
PyPI | LangChain tool — trust-gate URLs before agents fetch from them |
@entropy0/express |
npm | Express middleware — evaluate request targets through /v1/decide |
@entropy0/mcp |
npm | MCP server — source trust and URL safety tools for Claude Desktop, Cursor, Cline |
LangChain (Python)
pip install entropy0-langchainfrom entropy0_langchain import Entropy0Tool
tools = [Entropy0Tool(api_key="sk_ent0_xxxx")]
# Agent will call entropy0_trust_check before fetching any external URLExpress (Node.js)
npm install @entropy0/expressimport { entropy0Guard } from "@entropy0/express";
app.use(entropy0Guard({ apiKey: process.env.ENTROPY0_API_KEY! }));
// Requests to flagged domains are blocked before your handlers runDirect API
curl -X POST https://entropy0.ai/v1/decide \
-H "X-API-Key: sk_ent0_xxxx" \
-H "Content-Type: application/json" \
-d '{"domain": "example.com"}'Each decision runs a deterministic pipeline — same inputs always produce the same output:
- Classifies the domain (Clear Threat → Safe Known) using WHOIS, DNS, SSL, and threat intel feeds
- Maps classification to a base action under your chosen policy
- Shifts strictness based on interaction risk (fetch vs transactional vs privileged)
- Applies confidence clamps — low-confidence negatives never hard-deny
- Returns
recommended_action+ reason codes + uncertainty + bounded validity window
No probabilistic black boxes. Auditable, explainable, overridable.
| Example | Description |
|---|---|
examples/rag-agent |
LangChain agent that trust-gates every URL before fetching content |
examples/langgraph-trust-gate |
LangGraph pipeline with Entropy0 trust gate + evidence usability scoring |
This example shows a four-layer retrieval pipeline:
- Search returns candidate sources
- Entropy0 evaluates whether each source should enter the workflow
- The extraction layer retrieves page content
- The evidence usability layer determines whether the agent can safely cite the content
Example run:
[entropy0] 5 approved / 1 sandboxed / 0 denied / 0 unverified
SANDBOX outpost24.com
trust signals: ['LONG_OPERATIONAL_HISTORY', 'STRONG_BRAND_ALIGNMENT']
sandbox reason: ['ELEVATED_DEVIATION']
[evidence layer]
! microsoft.com/security/blog/... boilerplate_dominant — usability=low
! genai.owasp.org/llmrisk/... boilerplate_dominant — usability=low
✓ pmc.ncbi.nlm.nih.gov/... body_text_captured — usability=high
✓ securecodewarrior.com/... body_text_captured — usability=high
The agent answered only from high-usability evidence and refused to attribute claims to sources where article body text was not captured.
This prevents a common failure mode in AI search agents:
Treating a reputable URL as equivalent to usable evidence.
- Live playground — no sign-up required
- API reference
- Get a free API key — 150 scans/month, no credit card