# Validation
The validation endpoint checks tool calls against policies and returns a decision with an optional capability token.
Basic Validation
typescript
1const result = await api.validate('file_read', {2 path: '/home/user/document.txt',3});45// Response6{7 allowed: true,8 decision: {9 effect: 'ALLOW',10 matchedRule: { id: 'allow-file-read', ... },11 reason: 'Matched rule: allow-file-read',12 evaluatedAt: '2024-01-15T10:30:00Z'13 },14 token: 'eyJhbGciOiJIUzI1NiJ9...',15 requestId: 'req_abc123',16 latencyMs: 12.517}
With Context
typescript
1const result = await api.validate('database_query', {2 query: 'SELECT * FROM users',3}, {4 trustLevel: 'VERIFIED', // UNTRUSTED | VERIFIED | TRUSTED5 permission: 'READ', // READ | WRITE | EXECUTE6 includeToken: true,7 serverName: 'my-mcp-server',8});
Response Fields
| Field | Type | Description |
|---|---|---|
| allowed | boolean | Whether the tool call is permitted |
| decision | object | Policy evaluation details |
| token | string? | Capability token (30s TTL) |
| threats | array? | Detected security threats |
| requestId | string | Unique request ID for audit |