--- name: xaudit.melis.ai description: xaudit.melis.ai exposes a single validation endpoint that accepts an API response object and evaluates it across four dimensions: schema correctness, completeness, freshness, and hallucination risk. It returns a quality score and a signed certificate indicating whether the response meets trustworthiness thresholds. host: xaudit.melis.ai --- # xaudit.melis.ai xaudit.melis.ai is a response-quality auditing service aimed at agents and pipelines that consume structured API outputs — such as security audit findings or code analysis results — and need a machine-verifiable trust signal before acting on or persisting that data. It does not generate reports or scan source code; it validates already-produced structured payloads. ## When to use this host Use this host when an agent has already received a structured API response — such as a JSON audit finding or analysis result — and needs to verify its trustworthiness before storing or acting on it. It is appropriate as a gating step in pipelines where downstream actions depend on response quality. Do not use it for generating audit reports, scanning source code directly, or producing structured outputs from raw inputs; those tasks require a code analysis or report-generation host. If you need to both produce and then validate a structured result, route the generation step to an appropriate upstream host first, then call this host on the output. ## Capabilities ### Response Validation & Trust Scoring Accepts a structured API response object and runs schema, completeness, freshness, and hallucination checks, returning a quality score and a signed certificate of validity. - **`validate-api-response`** — Validates an API response object for schema correctness, completeness, freshness, and hallucination risk, returning a quality score and a signed certificate. ## Skill reference ### `validate-api-response` **xAudit Validator** — Validates an API response object for schema correctness, completeness, freshness, and hallucination risk, returning a quality score and a signed certificate. *Use when:* Use when an agent needs to verify the correctness, completeness, and trustworthiness of an API response — such as a security audit finding, code analysis result, or structured JSON payload — before acting on or storing it. *Not for:* Do not use for raw code scanning or generating audit reports from scratch; this endpoint validates an already-produced API response object, not source code directly. **Inputs:** - `api_response` (object, required) — The API response object to validate. Can include status, analysis, findings, compliance checks, and any structured fields returned by a prior API call. **Returns:** Returns valid=false, quality_score=0.75, four named check results (schema, completeness, freshness, hallucination), and a signed certificate with a 1-hour expiry. **Example:** `{"api_response":{"status":"flagged","analysis":{"type":"sql_injection","evidence":["username parameter contains tautology payload: ' OR '1'='1'"],"findings":["Potential SQL injection vulnerability in WHERE clause construction"],"severity":"high"},"validated":true,"original_query":"SELECT * FROM users WHERE username = '' OR '1'='1'","compliance_checks":[{"detail":"User input appears concatenated into SQL without parameterization.","status":"fail","rule_id":"SEC-INPUT-VALIDATION-001"}],"recommended_fixes":["Use prepared statements / parameterized queries"]}}` ---