{
  "service": "netlens",
  "version": "0.1.0",
  "tools": [
    {
      "name": "analyze_input",
      "description": "Auto-detect input type (domain, IP, or URL) and return a normalized object."
    },
    {
      "name": "resolve_dns",
      "description": "Resolve A/AAAA/CNAME/MX/TXT/NS/CAA/SOA for a domain over DoH."
    },
    {
      "name": "lookup_txt",
      "description": "Fetch TXT records at a specific name (useful for _dmarc, _mta-sts, DKIM selectors)."
    },
    {
      "name": "inspect_http",
      "description": "Fetch a URL and return status, redirect chain, and categorized response headers."
    },
    {
      "name": "check_email_security",
      "description": "Check SPF, DMARC, MTA-STS, BIMI, MX, and probe common DKIM selectors for a domain."
    },
    {
      "name": "inspect_tls",
      "description": "Retrieve recent TLS certificate metadata from crt.sh (CT logs). Not a live peer handshake."
    },
    {
      "name": "infer_infrastructure",
      "description": "Correlate DNS + HTTP headers to infer CDN/proxy and detect possible origin exposure."
    },
    {
      "name": "analyze",
      "description": "Run the full netlens analysis pipeline for an input and return a correlated report."
    },
    {
      "name": "compare_targets",
      "description": "Produce correlated reports for two inputs and diff their DNS, HTTP, CDN, and email posture."
    }
  ]
}