compose_dispenser

WHAT IT DOES

What compose_dispenser does on 21e14

AI agents use compose_dispenser to create or update resources in 21e14 — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your 21e14 environment.

Parameter	Type	Required	Description
`asset`	string	Yes	Asset to dispense
`status`	integer	—	0=open, 10=close
`address`	string	Yes	Source Bitcoin address
`inputs_set`	string	—	Comma-separated UTXOs to use as inputs (txid:vout)
`open_address`	string	—	Open dispenser on a different address
`give_quantity`	integer	Yes	Raw integer amount of asset per dispense. For divisible: human amount * 10^8. Use 0 when closing.
`mainchainrate`	integer	Yes	BTC price per dispense (in satoshis). Use 0 when closing.
`sat_per_vbyte`	number	—	Fee rate in satoshis per virtual byte (e.g. 1, 5.5, 0.15). Check get_fee_estimate for current market rates.
`escrow_quantity`	integer	Yes	Raw integer total amount to load into dispenser. For divisible: human amount * 10^8. Use 0 when closing.

Parameters from the server's own tool schema.

THE RISK

Medium Risk

Why compose_dispenser needs a policy

This tool creates or modifies reversible blockchain state (a dispenser resource) without deleting data or immediately executing financial transfers. While dispensers involve financial automation, 'compose' indicates transaction construction rather than financial movement itself.

From the tool's definition Tool description: 'Compose a transaction to create, open, or close a dispenser.' The verb 'compose' combined with 'create, open, or close' indicates the tool constructs transaction data that modifies blockchain state.

Documented attack patterns abuse exactly the kind of access compose_dispenser gives an agent:

POLICY

How to control compose_dispenser

PolicyLayer is an MCP gateway — it sits between your AI agents and 21e14, and nothing reaches the server without passing your rules. This is the rule we recommend for compose_dispenser:

policy.json

{
  "version": "1",
  "default": "deny",
  "tools": {
    "compose_dispenser": {
      "limits": [
        {
          "counter": "compose_dispenser_rate",
          "window": "minute",
          "max": 30,
          "scope": "grant"
        }
      ]
    }
  }
}

compose_dispenser stays usable, but capped — an agent stuck in a loop can't make hundreds of changes a minute. Everything else on the server is denied unless you say otherwise.

Create a free account and register 21e14 — nothing to install.
Add this policy — paste it, or build it visually.
Point your MCP client (Claude, Cursor, anything) at your gateway URL.

LIMIT THIS TOOL →

Free to start. No card required.

EXPLORE

Related tools and policies

More 21e14 tools

Financial compose_btcpay Compose a BTC payment for a matched DEX order. Used to complete BTC trades on the DEX. Financial compose_dispense Compose a transaction to buy from a dispenser by sending BTC to it Financial compose_dividend Compose a transaction to distribute dividends to all holders of an asset Financial compose_fairmint Compose a transaction to mint tokens from an active fair minter Financial compose_sweep Compose a transaction to sweep all assets and/or BTC from one address to another Financial compose_issuance Compose a transaction to issue (create) a new Counterparty asset, or update an existing on Financial compose_mpma Compose a multi-party multi-asset send transaction. Sends multiple assets to multiple dest Financial compose_order Compose a DEX order to trade Counterparty assets. IMPORTANT: give_quantity and get_quantit

All 48 21e14 tools →

Write tools on other servers

M-Team MCP Server download_torrent YouTube MCP Server generate_video_title Android Forensics ADB MCP Server combine_reports 0xarchive web3_signup

Go deeper

The MCP Attack Database → Documented attack patterns against MCP deployments — and the policies that stop them.
Argument validation → Checking tool call arguments against schema and policy before they run.
Scoped token → Per-person credentials that grant a defined subset of servers and tools.
Rate Limiting MCP Tool Calls: A Practical Guide →
MCP Security: Why Prompt Guardrails Aren't Enough →

FAQ

Questions about compose_dispenser

What does the compose_dispenser tool do? +

Compose a transaction to create, open, or close a dispenser. Dispensers automatically sell tokens for BTC. It is categorised as a Write tool in the 21e14 MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.

What parameters does compose_dispenser accept? +

compose_dispenser accepts 9 parameters: asset, status, address, inputs_set, open_address, give_quantity, mainchainrate, sat_per_vbyte, escrow_quantity. Required: asset, address, give_quantity, mainchainrate, escrow_quantity. The full parameter table on this page comes from the server's own tool schema.

How do I enforce a policy on compose_dispenser? +

Register the 21e14 MCP server in PolicyLayer and add a rule for compose_dispenser: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches 21e14. Nothing to install.

What risk level is compose_dispenser? +

compose_dispenser is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.

Can I rate-limit compose_dispenser? +

Yes. Add a rate_limit block to the compose_dispenser rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block compose_dispenser completely? +

Set action: deny in the PolicyLayer policy for compose_dispenser. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides compose_dispenser? +

compose_dispenser is provided by the 21e14 MCP server (@21e14/mcp-server). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.