# check-comms-security

`station__comms-systems__check-comms-security` · external (needs EXECUTION_BACKEND_URL configured) · domain `comms-systems` · pv-relevance `non-pv`

Validate communication security posture before transmitting. Gates on mTLS, firmware signature, replay protection, and certificate pinning. Blocks transmission if security requirements unmet. VHF/ADS-B always pass (unencrypted by aviation regulation).

> **Note:** This tool routes through an external execution backend. If `EXECUTION_BACKEND_URL` is unset on the server, calls return JSON-RPC error `-32603 "Tool execution backend not configured"`. Tools with `backend: native` execute in-process and are always callable.

## Agent metadata

- `idempotent`: unknown
- `read_only`: unknown
- `expected_latency_ms`: unknown (not yet contract-tested)
- `cost_tokens_estimate`: unknown

## Input schema

- `link_type` *string* (required) — Link type: ble_5, wifi_6e, fiveg_modem, lora_sx1276, iridium_certus, vhf_radio, adsb_out
- `mtls_active` *boolean* — Whether mTLS handshake is established
- `firmware_signed` *boolean* — Whether modem firmware signature verified at boot
- `replay_nonce_valid` *boolean* — Whether replay protection nonce counter is current
- `certificate_pinned` *boolean* — Whether TLS certificate is pinned to known CA

## Example call

```json
POST /api/mcp
Content-Type: application/json

{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "tools/call",
  "params": {
    "name": "station__comms-systems__check-comms-security",
    "arguments": {
      "link_type": ""
    }
  }
}
```

## Related

- [/tools](/tools) — all 3062 tools
- [/tools/comms-systems__check-comms-security](/tools/comms-systems__check-comms-security) — HTML page
- [/tools/comms-systems__check-comms-security/json](/tools/comms-systems__check-comms-security/json) — JSON form (agent-friendly)
- [/api/mcp](/api/mcp) — endpoint
- [/AGENTS.md](/AGENTS.md) — agent guide