interceptedtype mismatch · recipient: 12345 (expected email string) · send_email
correctedmissing required · api_key · send_slack_message
interceptedmaxLength · subject 312 chars (max 200) · send_email
correctedenum violation · status="active" not in allowed values · hubspot.update_contact
interceptedformat · date "2026/05/30" not ISO 8601 · airtable.create_record
correctedmissing required · body · atlassian.jira_post
lint pre-flightgitlab.create_branch · empty schema · OpenAI would reject at registration
interceptedtype mismatch · recipient: 12345 (expected email string) · send_email
correctedmissing required · api_key · send_slack_message
interceptedmaxLength · subject 312 chars (max 200) · send_email
correctedenum violation · status="active" not in allowed values · hubspot.update_contact
interceptedformat · date "2026/05/30" not ISO 8601 · airtable.create_record
correctedmissing required · body · atlassian.jira_post
lint pre-flightgitlab.create_branch · empty schema · OpenAI would reject at registration
running in production

Your agent said
it sent the email.
It didn't.

Cruxial sits between your LLM and your tool executors. It catches hallucinated arguments before they hit production, auto-repairs them in a single round-trip, and never adds more than a millisecond of latency. Drop-in for OpenAI, Anthropic, Azure, and any MCP server.

Star on GitHub → See how it works

pip install cruxialcopied! · OpenAI · Anthropic · LiteLLM

cruxial · intercepting live
0
silent passes across 342 live LLM tool calls
51 MCP servers · 2 runs · gpt-4o · 95% CI 0–1.1%
5.85%
schema-violation rate caught on Azure gpt-4o
pooled across 342 calls · 95% CI 3.8–8.9%
877
real production schemas validated synthetically
52 public MCP servers · 26 domains
<1ms
p99 cruxial overhead per call
243 tests · fail-open · open source
numbers, not vibes

Real runs. Public servers.
Clone it and get your own number.

51 public MCP servers. 603 tools. 352 prompts across 2 runs, 342 tool calls total. Every number below is reproducible from the repo. Intercept rate scales with schema complexity, not with model tier.

Benchmark Model Intercept rate One-shot repair Sample
Real public MCP servers, pooled across 2 runs
github · kubernetes · notion · salesforce · airtable · slack · ms-teams · atlassian · playwright · firecrawl · hubspot · zendesk · supabase · +38 more		 Azure gpt-4o 5.85%95% CI 3.8 – 8.9% 90.0%18 / 20 intercepts 342 calls
51 servers
603 tools
352 prompts
Constraint-heavy production schemas
enums · formats · regex · nested objects · datetime ranges		 Azure gpt-4o 17.1% 66.7% 15 tools
70 prompts
Same schemas, smaller model
what changing model tier alone does on the same prompts		 Azure gpt-5-mini-2 1.4%92% fewer than gpt-4o 100% 74 calls
same 15 tools
Simple-schema control group
filesystem, memory, time, fetch (the easy half of MCP)		 Azure gpt-4o 0.0% 7 servers
25 prompts
Robustness audit (no LLM)
synthetic violation classification across the full real-world schema corpus		 classifier only 100%rejection · 0 silent passes 877 real schemas
1,947 violations
"
Zero silent passes across 342 live LLM tool calls. Twice. Same corpus, same result on the one metric that matters for a validation layer.
pooled across 2 independent runs · gpt-4o · 51 real public MCP servers · Wilson 95% upper bound: 1.1%
reproduce yourself pip install cruxial && python examples/azure_mcp_suite.pycopied!
the problem

You've shipped the integration.
It works in staging. Then production.

Three weeks later a customer tells you the email was never sent. Your logs show HTTP 200.

01 · wrong arguments
hallucination

The model invents its own arguments

It passes "sample_id" instead of the real ID. Or an integer where an email is required. The tool fails silently. The model writes "done." Your user never gets what they asked for.

02 · regressions
the fix loop

Every fix breaks something else

You patch the retry logic. The integration works. Two days later a different tool fails. You spend another afternoon on a problem that should be solved once — at the layer level, not per-feature.

03 · silent errors
no signal

Failures your logs will never show

The agent wrote "done" without calling the tool. No error. No log entry. HTTP 200. You find out three days later from a customer — after the damage is already done.

integration

Add it in 30 seconds.
Remove it just as fast.

One import. Wrap your tool list. Every call validated from that moment. No configuration, no schema changes, nothing to maintain.

before — failing silently
# your existing code               
response = client.chat(
  model="gpt-4o",
  tools=my_tools,
  messages=messages
)

# wrong args pass through.
# tool never called.
# user finds out last.
after — caught before it fires
# one import, nothing else changes
from cruxial import guard

response = client.chat(
  model="gpt-4o",
  tools=guard(my_tools),
  messages=messages
)

# validated before execution.
# bad args corrected + retried.
# every failure logged.
mechanics

Five things happen
on every tool call.

Valid calls pass through in under 50ms. Invalid calls get caught, corrected, and logged before the tool ever fires.

01
Intercept
always · zero overhead
02
Validate
before execution
03
Correct
on failure
04
Retry
on failure
05
Log
always
01 / 05
Intercept
Wraps your tool list in one function call. Sits between the model response and your execution layer. Zero changes to your tool definitions, prompts, or app logic.
guard(my_tools) → validation layer → execution
interception log · 14ms ago
{
  "tool": "send_email",
  "status": "intercepted",
  "original_args": { "recipient": 12345, "subject": "Follow up" },
  "failure": "type_error: recipient must be email string, got int",
  "retry_args": { "recipient": "user@company.com", "subject": "Follow up" },
  "retry_outcome": "success",
  "latency_added_ms": 340
}
what the community is reporting

It's not just us saying this.

Three numbers from independent research, and one line from every developer who's shipped an agent.

~0%
GPT-4's success rate on real-world multi-step agent tasks. Most failures trace back to tool calls, not reasoning.
τ-bench · Anthropic + Princeton · 2024 · arxiv 2406.12045
0–19%
Accuracy drop for top frontier models when the user simply rephrases the same request.
Berkeley Function Calling Leaderboard · gorilla.cs.berkeley.edu
0%
Schema reliability OpenAI added in Structured Outputs. They shipped it because the unenforced baseline wasn't good enough.
openai.com · Structured Outputs launch · Aug 2024
"
The hardest part of running an LLM agent in production isn't getting it to call the right tool. It's everything after: the call succeeds, returns 200, and silently does the wrong thing.
recurring sentiment across developer discussions · Hacker News · 2024–2025
deployment models

Open Core for dev.
Cloud for scale.

The validation engine is open-source and self-hostable. The central workspace that visualizes schema drift, audits token consumption, and tracks agent health is what we manage.

cruxial core
Free
MIT licensed · Self-Hosted
  • Inline JSON/XML Schema Validation
  • Structured Micro-Retry Argument Repair
  • Fail-Open Runtime Protection
  • Local JSON logging to stdout
  • Real-time Dashboard
  • Schema drift alerts
  • Cross-model analytics
View GitHub Repository →
cruxial cloud
Waitlist
Fully Managed Middleware Service
  • Everything in Cruxial Core
  • Real-time Dashboard & Performance Monitoring
  • Cross-Model Optimized Repair Latency (<15ms)
  • Visual Tracing for Hallucination Patterns
  • Slack, Webhook, and PagerDuty Alerts
  • Schema drift auto-sync
  • Community fix propagation

We'll only email you about Cruxial Cloud. No newsletters.

Know your interception rate
in 5 minutes.

Free forever. No credit card. Works on your existing code without changes.

pip install cruxial → copied!