Stacks Clarity MCP Server

analyze_transaction_post_conditions

Analyze contract calls to determine required post-conditions for transaction security. Essential for identifying necessary safeguards in complex blockchain transactions.

Instructions

Analyze a contract call to determine what post-conditions are required for security. Essential for complex transactions.

Input Schema

TableJSON Schema

Name	Required	Description
`contractAddress`	Yes	The contract address being called
`contractName`	Yes	The contract name being called
`expectedTransfers`	Yes	Expected asset transfers in the transaction
`functionName`	Yes	The function being called

Implementation Reference

src/tools/stacks_blockchain/security/post_conditions.ts:290-445 (handler)

Full implementation of the analyze_transaction_post_conditions tool handler, including the execute function that processes transaction details, analyzes expected transfers, generates security analysis, and provides TypeScript code for post-conditions.

export const analyzeTransactionPostConditionsTool: Tool<undefined, typeof TransactionAnalysisScheme> = {
  name: "analyze_transaction_post_conditions",
  description: "Analyze a contract call to determine what post-conditions are required for security. Essential for complex transactions.",
  parameters: TransactionAnalysisScheme,
  execute: async (args, context) => {
    try {
      await recordTelemetry({ action: "analyze_transaction_post_conditions" }, context);
      
      let analysis = `# Post-Condition Analysis

## Transaction Details
- **Contract**: ${args.contractAddress}.${args.contractName}
- **Function**: ${args.functionName}

## Required Post-Conditions

`;

      let postConditionCount = 0;
      let tsCode = `// Complete TypeScript implementation
import {
  openContractCall,
  PostConditionMode,
  makeStandardFungiblePostCondition,
  makeStandardNonFungiblePostCondition,
  makeStandardSTXPostCondition,
  FungibleConditionCode,
  NonFungibleConditionCode,
  createAssetInfo,
  uintCV
} from '@stacks/connect';

const postConditions = [
`;

      for (const transfer of args.expectedTransfers) {
        postConditionCount++;
        
        if (transfer.type === "fungible") {
          analysis += `### ${postConditionCount}. Fungible Token Transfer
- **From**: ${transfer.from || 'Unknown'}
- **To**: ${transfer.to || 'Unknown'}  
- **Amount**: ${transfer.amount || 'Unknown'} base units
- **Asset**: ${transfer.asset || 'Unknown'}

`;
          
          if (transfer.from && transfer.amount && transfer.asset) {
            const [contractAddr, contractName, assetName] = transfer.asset.includes('.') 
              ? transfer.asset.split('.') 
              : ['CONTRACT_ADDRESS', 'CONTRACT_NAME', transfer.asset];
            
            tsCode += `  makeStandardFungiblePostCondition(
    '${transfer.from}',
    FungibleConditionCode.Equal,
    ${transfer.amount},
    createAssetInfo('${contractAddr}', '${contractName}', '${assetName}')
  ),
`;
          }
        } else if (transfer.type === "non-fungible") {
          analysis += `### ${postConditionCount}. NFT Transfer
- **From**: ${transfer.from || 'Unknown'}
- **To**: ${transfer.to || 'Unknown'}
- **Token ID**: ${transfer.tokenId || 'Unknown'}
- **Asset**: ${transfer.asset || 'Unknown'}

`;
          
          if (transfer.from && transfer.tokenId && transfer.asset) {
            const [contractAddr, contractName, assetName] = transfer.asset.includes('.') 
              ? transfer.asset.split('.') 
              : ['CONTRACT_ADDRESS', 'CONTRACT_NAME', transfer.asset];
            
            tsCode += `  makeStandardNonFungiblePostCondition(
    '${transfer.from}',
    NonFungibleConditionCode.DoesNotOwn,
    createAssetInfo('${contractAddr}', '${contractName}', '${assetName}'),
    uintCV(${transfer.tokenId})
  ),
`;
          }
        } else if (transfer.type === "stx") {
          analysis += `### ${postConditionCount}. STX Transfer
- **From**: ${transfer.from || 'Unknown'}
- **To**: ${transfer.to || 'Unknown'}
- **Amount**: ${transfer.amount || 'Unknown'} microSTX

`;
          
          if (transfer.from && transfer.amount) {
            tsCode += `  makeStandardSTXPostCondition(
    '${transfer.from}',
    FungibleConditionCode.Equal,
    ${transfer.amount}
  ),
`;
          }
        }
      }

      tsCode += `];

await openContractCall({
  contractAddress: '${args.contractAddress}',
  contractName: '${args.contractName}',
  functionName: '${args.functionName}',
  functionArgs: [
    // Add your function arguments here
  ],
  postConditions,
  postConditionMode: PostConditionMode.Deny, // CRITICAL for security
  onFinish: (data) => {
    console.log('Transaction completed:', data.txId);
  },
});`;

      analysis += `
## Security Assessment
- **Total Post-Conditions Required**: ${postConditionCount}
- **Risk Level**: ${postConditionCount === 0 ? '🔴 HIGH - No post-conditions!' : postConditionCount < 3 ? '🟡 MEDIUM' : '🟢 LOW'}
- **Compliance**: ${postConditionCount > 0 ? '✅ SIP compliant' : '❌ Missing required post-conditions'}

## Implementation

\`\`\`typescript
${tsCode}
\`\`\`

## Critical Security Notes
${postConditionCount === 0 ? `
⚠️  **WARNING**: This transaction has no post-conditions, which is DANGEROUS!
- Users are vulnerable to unexpected token movements
- Transaction may not behave as expected
- VIOLATES SIP-009 and SIP-010 requirements
` : `
✅ **SECURE**: This transaction includes proper post-conditions
- Users are protected from unexpected behavior
- Transaction guarantees are explicit
- Compliant with SIP standards
`}

## Best Practices
1. Always use PostConditionMode.Deny
2. Include post-conditions for ALL asset movements
3. Test post-conditions thoroughly
4. Show post-conditions to users before signing
5. Use exact amounts (FungibleConditionCode.Equal) when possible`;

      return analysis;
      
    } catch (error) {
      return `❌ Failed to analyze transaction post-conditions: ${error}`;
    }
  },
};

src/tools/stacks_blockchain/security/post_conditions.ts:38-50 (schema)

Zod schema defining input parameters for the tool: contract details and expected asset transfers.

const TransactionAnalysisScheme = z.object({
  contractAddress: z.string().describe("The contract address being called"),
  contractName: z.string().describe("The contract name being called"),
  functionName: z.string().describe("The function being called"),
  expectedTransfers: z.array(z.object({
    type: PostConditionTypeScheme,
    from: z.string().optional(),
    to: z.string().optional(),
    amount: z.number().optional(),
    tokenId: z.number().optional(),
    asset: z.string().optional(),
  })).describe("Expected asset transfers in the transaction"),
});

src/tools/index.ts:62-64 (registration)
Registration of the analyzeTransactionPostConditionsTool (and related post-condition tools) to the FastMCP server.
```
server.addTool(generateSTXPostConditionTool);
server.addTool(analyzeTransactionPostConditionsTool);
server.addTool(generatePostConditionTemplateTool);
```

src/tools/index.ts:19-24 (registration)

Import of the analyzeTransactionPostConditionsTool from its implementation file.

  generateFungiblePostConditionTool,
  generateNonFungiblePostConditionTool,
  generateSTXPostConditionTool,
  analyzeTransactionPostConditionsTool,
  generatePostConditionTemplateTool
} from "./stacks_blockchain/security/post_conditions.js";

Tool Definition Quality

B3.1/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure. It mentions the tool is for security analysis but doesn't describe what the analysis entails, what output to expect, whether it's read-only or has side effects, or any performance or rate limit considerations. This leaves significant gaps for an AI agent to understand how to use it effectively.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is concise with two sentences that are front-loaded: the first states the core purpose, and the second adds context. There's no wasted text, but it could be slightly more structured by explicitly mentioning the input parameters or output expectations.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity of analyzing contract calls for security post-conditions, no annotations, and no output schema, the description is insufficient. It doesn't explain what the analysis returns, how to interpret results, or any behavioral traits. For a tool with 4 required parameters and security implications, more context is needed to be complete.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The input schema has 100% description coverage, so the schema already documents all parameters well. The description doesn't add any additional meaning or context about the parameters beyond what's in the schema. According to the rules, with high schema coverage, the baseline is 3 even without param info in the description.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'Analyze a contract call to determine what post-conditions are required for security.' It specifies the action (analyze), resource (contract call), and outcome (determine post-conditions). However, it doesn't explicitly differentiate from sibling tools like 'generate_post_condition_template' or 'generate_fungible_post_condition', which appear related to post-conditions.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides some usage context with 'Essential for complex transactions,' implying it should be used for complex rather than simple transactions. However, it doesn't offer explicit guidance on when to use this tool versus alternatives like 'generate_post_condition_template' or other post-condition tools, nor does it mention prerequisites or exclusions.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/exponentlabshq/stacks-clarity-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server