Verify a wire contract (token list / field set / schemaVersion) is identical across N independent source files (iOS Swift, proxy JS, Android Kotlin). Flags missing/inconsistent tokens, schemaVersion drift, and prefix-ordering bugs (a contained token matched before the longer one). BLOCK/PASS verd...
AI agents call audit_contract to retrieve information from Raven without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.
| Parameter | Type | Required | Description |
|---|---|---|---|
file_paths | array | Yes | |
contract_spec | object | Yes |
Parameters from the server's own tool schema.
The tool performs a read-only audit/comparison of source files to detect inconsistencies in tokens, schema versions, and prefix ordering. It produces a verdict but does not create, modify, delete, or execute anything. This is purely a validation/inspection operation.
From the tool's definition 'Verify a wire contract... is identical across N independent source files' — reads and compares files, emitting a BLOCK/PASS verdict with no data modification.
Attacks that exploit this kind of access
Verify a wire contract (token list / field set / schemaVersion) is identical across N independent source files (iOS Swift, proxy JS, Android Kotlin). Flags missing/inconsistent tokens, schemaVersion drift, and prefix-ordering bugs (a contained token matched before the longer one). BLOCK/PASS verdict. It is categorised as a Read tool in the Raven MCP Server, which means it retrieves data without modifying state.
audit_contract accepts 2 parameters: file_paths, contract_spec. Required: file_paths, contract_spec. The full parameter table on this page comes from the server's own tool schema.
Register the Raven MCP server in PolicyLayer and add a rule for audit_contract: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Raven. Nothing to install.
audit_contract is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the audit_contract rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for audit_contract. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
audit_contract is provided by the Raven MCP server (raven-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →