Connect KeyID and its 64 tool definitions are loaded into the model's context on every request — 2.6% of a 200k window spent before your agent does anything.
QUICK ANSWER The KeyID MCP server's tool definitions consume 5,198 tokens — 2.7× the median MCP server (1,905 tokens). A scoped grant exposing only the tools you use cuts that roughly in proportion.
Tool definitions are overhead: they occupy context on every request and compete with your code, documents and conversation history for the same window.
Corpus context: KeyID ranks #1009 of 3,213 measured MCP servers by definition cost. The median is 1,905 tokens, p90 is 7,952, and the heaviest (Fusionauth) is 183,337 — 92% of a 200k window on its own.
Each row is one tool definition as a tools/list entry — name, description and
input schema — counted with o200k_base. Average: 81 tokens per tool.
| Tool | Category | Tokens | % of server |
|---|---|---|---|
| start_registration_session | Execute | 228 | 4.4% |
| list_messages | Read | 165 | 3.2% |
| create_or_update_persona | Write | 162 | 3.1% |
| web_search | Read | 158 | 3.0% |
| store_file | Write | 155 | 3.0% |
| create_cron | Write | 149 | 2.9% |
| upload_page_file | Write | 148 | 2.8% |
| wait_for_message | Execute | 138 | 2.7% |
| send_email | Write | 125 | 2.4% |
| save_registration | Write | 124 | 2.4% |
| update_cron | Write | 117 | 2.3% |
| create_page | Write | 114 | 2.2% |
| get_verification_codes | Read | 110 | 2.1% |
| list_registration_sessions | Read | 107 | 2.1% |
| wait_for_registration_artifact | Execute | 100 | 1.9% |
| block_registration_session | Read | 97 | 1.9% |
| update_message | Write | 93 | 1.8% |
| save_browser_state | Write | 91 | 1.8% |
| update_page | Write | 88 | 1.7% |
| list_files | Read | 87 | 1.7% |
| set_auto_reply | Write | 87 | 1.7% |
| list_registrations | Read | 86 | 1.7% |
| follow_verification_link | Read | 82 | 1.6% |
| list_threads | Read | 80 | 1.5% |
| provision_identity | Write | 80 | 1.5% |
| get_metrics | Read | 79 | 1.5% |
| reply_to_message | Read | 79 | 1.5% |
| complete_registration_session | Write | 78 | 1.5% |
| get_webhook_deliveries | Read | 76 | 1.5% |
| put_secret | Write | 76 | 1.5% |
| delete_page_file | Destructive | 75 | 1.4% |
| upsert_contact | Write | 74 | 1.4% |
| set_forwarding | Write | 66 | 1.3% |
| create_webhook | Write | 64 | 1.2% |
| get_file | Read | 63 | 1.2% |
| get_totp_code | Read | 63 | 1.2% |
| get_registration_artifacts | Read | 61 | 1.2% |
| get_registration_session | Read | 61 | 1.2% |
| set_signature | Write | 61 | 1.2% |
| delete_cron | Destructive | 60 | 1.2% |
| get_message | Read | 60 | 1.2% |
| delete_page | Destructive | 59 | 1.1% |
| delete_file | Destructive | 58 | 1.1% |
| get_page | Read | 58 | 1.1% |
| list_page_files | Read | 58 | 1.1% |
| load_browser_state | Read | 57 | 1.1% |
| get_thread | Read | 55 | 1.1% |
| get_registration | Read | 53 | 1.0% |
| delete_contact | Destructive | 52 | 1.0% |
| get_secret | Read | 52 | 1.0% |
| delete_secret | Destructive | 49 | 0.9% |
| get_identity | Read | 49 | 0.9% |
| list_totp_entries | Read | 48 | 0.9% |
| list_crons | Read | 47 | 0.9% |
| request_phone_number | Write | 47 | 0.9% |
| get_reputation | Read | 45 | 0.9% |
| get_auto_reply | Read | 44 | 0.8% |
| get_persona | Read | 44 | 0.8% |
| list_pages | Read | 44 | 0.8% |
| list_secrets | Read | 44 | 0.8% |
| list_webhooks | Read | 43 | 0.8% |
| get_forwarding | Read | 42 | 0.8% |
| list_contacts | Read | 42 | 0.8% |
| get_signature | Read | 41 | 0.8% |
A PolicyLayer grant exposes only the tools you allow — ungranted definitions are filtered out of the tool list, so they never enter the context window. Estimates below assume typical-weight tools (81 tokens each).
| Grant scope | Definition cost | Reduction |
|---|---|---|
| All 64 tools (no gateway) | 5,198 tokens | — |
| 3 granted tools | ~244 tokens | −95% |
| 5 granted tools | ~406 tokens | −92% |
| 10 granted tools | ~812 tokens | −84% |
Model your own stack in the token-cost calculator, or see the KeyID policy for what a sensible grant looks like.
Its 64 tool definitions total 5,198 tokens — 2.6% of a 200k context window — measured with tiktoken o200k_base over the serialised tools/list payload. Exact counts vary slightly by client and model.
MCP clients load every connected server's tool definitions — name, description, and input schema — into the model's context so it knows what it can call. That payload is charged against your context window on every request, whether or not a tool is used.
Expose fewer tools. A PolicyLayer grant scopes KeyID to only the tools you allow — ungranted definitions are filtered out of the tool list, so they never enter the context window. A grant of 3 typical tools costs roughly 244 tokens, a 95% reduction.
Partially, in some clients. Claude Code defers MCP tool schemas behind a tool-search step by default, and VS Code has experimental grouping — but you still pay tokens per search and reload, and Cursor, Windsurf and Gemini CLI load definitions upfront. Reducing the exposed tool set cuts the cost in every client.
Each tool is serialised as a tools/list entry — name, description, input schema — from the schemas in the PolicyLayer scan database. Clients differ slightly in framing, so treat counts as close estimates.
tiktoken o200k_base (GPT-4o/o-series). Anthropic's current tokeniser isn't published, so Claude's exact counts will differ; for English text and JSON schemas the totals are close enough to treat these as estimates.
Some clients now defer schema loading (Claude Code's tool search; VS Code experimental grouping). You still pay per search and reload — and Cursor, Windsurf and Gemini CLI load everything upfront.
Computed 07-06-2026 from the PolicyLayer scan database over all 64 catalogued KeyID tools. Counts refresh with every site build.
A PolicyLayer grant scopes KeyID to the tools you actually allow. Ungranted definitions never load, and every call that does run is checked against policy first.
Free to start. No card required.
4,600+ MCP servers and 31,000+ tools scanned and risk-classified.