contract_call

Submit a smart-contract write call from a KMS signer. The gateway encodes via viem, signs the digest via AWS KMS, and broadcasts. Idempotent on optional idempotency_key. Cost: chain gas at-cost + $0.000005 KMS sign fee per call.

Server Run402 kychee-com/run402
Category Financial
Risk class Critical
Parameters 00 required

What contract_call does on Run402

AI agents use contract_call to commit financial operations through Run402 — usually the final step of a payment, billing, or trading workflow. A call moves real money.

Why contract_call needs a policy

This tool executes on-chain transactions by signing and broadcasting smart contract calls using a KMS-managed private key. This directly commits financial resources (gas costs + signing fees) and can trigger arbitrary contract logic with real monetary consequences. It spans Execute and Financial categories; Financial is most severe given it moves on-chain assets/state and incurs real costs per invocation.

From the tool's definition Submit a smart-contract write call from a KMS signer... signs the digest via AWS KMS, and broadcasts. Cost: chain gas at-cost + $0.000005 KMS sign fee per call.

Questions about contract_call

What does the contract_call tool do? +

Submit a smart-contract write call from a KMS signer. The gateway encodes via viem, signs the digest via AWS KMS, and broadcasts. Idempotent on optional idempotency_key. Cost: chain gas at-cost + $0.000005 KMS sign fee per call. It is categorised as a Financial tool in the Run402 MCP Server, which means it involves financial transactions. Block by default and require explicit approval.

How do I enforce a policy on contract_call? +

Register the Run402 MCP server in PolicyLayer and add a rule for contract_call: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Run402. Nothing to install.

What risk level is contract_call? +

contract_call is a Financial tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.

Can I rate-limit contract_call? +

Yes. Add a rate_limit block to the contract_call rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block contract_call completely? +

Set action: deny in the PolicyLayer policy for contract_call. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides contract_call? +

contract_call is provided by the Run402 MCP server (kychee-com/run402). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

// LOOK UP ANOTHER SERVER

Every MCP server has a record like this.

Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.

Teams ship this data inside their own products. See what a licence covers →

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.