run402
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| RUN402_API_BASE | No | API base URL | https://api.run402.com |
| RUN402_CONFIG_DIR | No | Config directory for key storage | ~/.config/run402 |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": true
} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| provision_postgres_projectA | Provision a new Postgres database. Returns project credentials on success, or payment details if x402 payment is needed. |
| run_sqlA | Execute SQL (DDL or queries) against a provisioned project. Returns results as a markdown table. |
| rest_queryB | Query or mutate data via the PostgREST REST API. Supports GET/POST/PATCH/DELETE with query params. |
| apply_exposeA | Apply a declarative authorization manifest to a project (POST /projects/v1/admin/:id/expose). The manifest describes the full authorization surface: tables (with policy, owner_column, force_owner_on_insert, i_understand_this_is_unrestricted, custom_sql), views (with base, select, filter), and rpcs (with signature, grant_to). Convergent: applying the same manifest twice is a no-op; items dropped between applies have their policies/grants/triggers/views revoked. Tables are dark by default — any table not declared with expose:true is unreachable via anon/authenticated. |
| validate_manifestA | Validate an auth/expose manifest without applying it. This checks the authorization manifest used by manifest.json, database.expose, and apply_expose; it is not deploy-manifest validation. Optional migration_sql is reference context only and is not executed. Use deploy planning/dry-run surfaces for deploy manifest questions. |
| app_upC | Plan or run the canonical app-aware |
| get_exposeA | Get the current authorization manifest for a project (GET /projects/v1/admin/:id/expose). Returns the last-applied manifest from |
| get_schemaA | Introspect the database schema — tables, columns, types, constraints, and RLS policies. Useful for understanding the database structure before writing queries. |
| get_usageB | Get project usage report — API calls, storage usage, limits, and lease expiry. |
| export_project_archiveA | Export the supported Run402 Core runtime slice of a Cloud project as a portable .r402ar archive. Can wait for readiness and write the downloaded archive to a local path. Secrets, credentials, billing, allowance, logs, fleet, and Cloud operations are never exported. |
| inspect_project_archiveA | Inspect a local run402-project-archive.v1 directory or .r402ar tar offline. Reports digest, required secrets, auth stubs, export report, portability report, and compatibility diagnostics without Cloud credentials. |
| verify_project_archiveA | Verify a local run402-project-archive.v1 directory or .r402ar tar offline. Checks integrity and compatibility only; archives remain untrusted input. |
| import_project_archiveA | Import a verified portable archive into a new local Run402 Core project through the Core gateway. Automatically verifies before import, supports dry_run and require_runnable, and reports SECRET_VALUES_REQUIRED with next actions. |
| create_project_snapshotB | Capture a manual project data snapshot. Snapshots are internal restore points, not downloadable archives. |
| list_project_snapshotsA | List project data snapshots with optional kind filter and keyset pagination. |
| get_project_snapshotB | Get one project data snapshot and its next actions. |
| restore_project_snapshotA | Plan or confirm a project snapshot restore. Omit confirm for the loss statement and confirm token; pass confirm to execute the atomic restore. |
| delete_project_snapshotB | Delete a project data snapshot and release its CAS references. |
| create_project_branchA | Create a contained branch project from a fresh or existing snapshot. Email is sandboxed/off and cron is off unless explicitly enabled. |
| list_project_branchesA | List active contained branch projects for a parent project. |
| renew_project_branchB | Extend a contained branch project's TTL. |
| delete_project_branchB | Delete a contained branch project and purge its resources. |
| deploy_rehearseA | Run a persisted apply plan against a contained branch and return the rehearsal report. Source project and plan stay untouched. |
| assets_putA | Upload a blob (file or inline content) to project storage via direct-to-S3. Accepts local_path (any size up to 5 TiB) or content (≤ 1 MB inline). Public blobs get a CDN URL; private blobs require authenticated reads. Use |
| assets_getA | Download a blob to a local file path. Writes bytes directly to disk (no context-window bloat). Returns size + SHA-256 header (if the blob has one stored). |
| assets_lsC | List blobs in a project with optional prefix filter over a flat key namespace. Supports pagination via cursor. |
| assets_rmB | Delete a blob from project storage and decrement the project's storage_bytes. |
| assets_signA | Generate a time-boxed S3 presigned GET URL for a blob. Use this to share a private blob externally without exposing your apikey. Default TTL 1 hour, max 7 days. |
| diagnose_public_urlA | Returns the live CDN state for a public blob URL (probed once from gateway-us-east-1 — NOT a global view). Use this when a deployed asset shows the wrong version or you suspect cache staleness. The result includes |
| wait_for_cdn_freshnessA | Polls the CDN until a MUTABLE blob URL serves the expected SHA-256, or the timeout elapses. For mutable URLs only — for immutable URLs (the |
| deploy_functionA | Deploy a serverless function (Node 22) to a project. Handler signature: export default async (req: Request) => Response. The function can |
| invoke_functionA | Invoke a deployed function via HTTP. Returns the function's response body and status code. Useful for testing functions without building a frontend. |
| get_function_logsB | Get recent logs from a deployed function. Shows console.log/error output and error stack traces from CloudWatch. |
| list_functionsA | List all deployed functions for a project. Shows names, URLs, runtime, timeout, memory, and (for functions deployed under bundling-at-deploy) the Functions runtime version ( |
| delete_functionB | Delete a deployed function from a project. |
| update_functionA | Update a function's timeout or memory without re-deploying code. Legacy schedule mutation remains for old simple-function surfaces; new schedule/email background triggers should be declared through ReleaseSpec |
| functions_rebuildA | Refresh function(s) onto the platform's current entry wrapper + bundled runtime WITHOUT changing source (capability function-runtime-rebuild, gateway v1.69+). Provide |
| create_function_runA | Create a durable function run with a required idempotency key. Supports immediate, delayed, or run_at scheduling, expiry, retry policy, and optional wait. Use this instead of ad hoc cron/polling when work must survive retries or be redriven. |
| list_function_runsA | List durable runs for a function, filterable by status, event_type, time window, limit, and cursor. |
| get_function_runA | Fetch one durable function run by fnrun_ id. |
| get_function_run_logsB | Fetch logs correlated to one durable function run. |
| cancel_function_runA | Cancel a scheduled/queued durable function run when it has not completed yet. |
| redrive_function_runB | Redrive a failed/cancelled/expired durable function run with an optional retry override and optional wait. |
| set_secretA | Set a project secret (e.g. STRIPE_SECRET_KEY). Values are write-only and injected as process.env variables in functions. Setting an existing key overwrites it. Use this before deploy, then declare the key with secrets.require. |
| list_secretsA | List secret keys for a project. Values and value-derived hashes are never shown; use this only to check which keys are configured. |
| delete_secretB | Delete a secret from a project. |
| jobs_submitA | Submit a platform-managed job. The request must match the gateway jobs API shape: job_type, input with input.json, and max_cost_usd_micros. The SDK supplies the required idempotency header. |
| jobs_getB | Get a managed job run by id. |
| jobs_logsA | Read recent runner logs for a managed job. Use tail to cap entries and since for an ISO-8601 lower bound; legacy epoch milliseconds are still accepted. |
| jobs_cancelB | Cancel a queued or running managed job. |
| jobs_purgeA | Purge all managed job runs for a project, terminating known active runners first. |
| jobs_download_artifactA | Download a completed managed job's artifact by filename to a local file. Discover the recorded filenames from the artifacts map returned by jobs_get; the legacy run402:// refs were retired in favor of these gateway URLs. |
| deploy_siteA | Deploy a static site (HTML/CSS/JS) from inline file bytes. Files are staged to a temp directory, then uploaded via the v1.32 plan/commit transport — only bytes the gateway doesn't already have are PUT. Served at a unique URL via CloudFront. Free with active tier. |
| deploy_site_dirA | Deploy a static site from a local directory. Walks the tree, hashes each file, and uploads only the bytes the gateway doesn't already have via the v1.32 plan/commit transport. Files named .git, node_modules, or .DS_Store are skipped; symlinks are rejected. Re-deploying an unchanged tree issues no S3 PUTs. Free with active tier. |
| deployA | Unified apply primitive. Accepts a structured ReleaseSpec — database (migrations + expose), value-free secrets.require/delete declarations, functions, site, site.public_paths, subdomains, and routes.replace web routes — with explicit replace vs patch semantics per resource. Migration entries use id for immutable versioned SQL or name for generated/idempotent content-tracked SQL; name compiles client-side to _<sha256(sql)[0:16]>. Use site.public_paths for clean static URLs such as /events backed by release asset events.html; explicit mode does not expose /events.html unless separately declared, while mode: 'implicit' restores filename-derived reachability and can widen access. Route entries map exact/final-wildcard browser paths like /admin and /admin/* to Node 22 Fetch Request -> Response functions, or exact GET/HEAD method-aware static aliases such as /events to { type: 'static', file: 'events.html' }; intentional read-only GET/HEAD wildcard function routes may set acknowledge_readonly: true. Direct /functions/v1/:name remains API-key protected. Secret values must be set first with set_secret, never placed in deploy specs. All bytes ride through CAS (no inline-body cap). Returns release_id, URLs, warnings, and a structured progress-event log. Stops before upload/commit on confirmation-required warnings unless reviewed codes are passed with allow_warning_codes or allow_warnings is true. |
| deploy_diagnose_urlA | Read-only authenticated diagnostics for a Run402 public URL or host/path pair. Explains whether the current live release would serve the URL, including match, diagnostic body status, static manifest/cache metadata when returned, structured warnings for ignored query/fragment, and next steps. This does not fetch bytes, purge cache, mutate deploy state, or expose internal CAS URLs. |
| deploy_resumeA | Resume a deploy operation that ended in |
| deploy_listA | List recent deploy operations for a project. Returns operation_id, status, release_id, and timestamps. Use this to build deploy-history UIs or to find a recent operation_id to feed into |
| deploy_eventsA | Fetch the recorded phase-event stream for a deploy operation. Returns the same |
| deploy_verify_edgeA | Verify gateway/edge release coherence for a deploy operation. Returns the canonical edge-coherence report, including pointer-update state, probed paths, stale-release evidence, and next actions. Set wait=true to poll until coherent or timeout_seconds elapses. |
| deploy_release_getA | Fetch a release inventory by id. Returns release metadata, effective/desired state kind, site path inventory, function inventory, secret keys, subdomains, and applied migrations. Use |
| deploy_release_activeA | Fetch the current-live release inventory for a project. Returns |
| deploy_release_diffA | Diff two release targets for a project. |
| ci_create_bindingA | Create a GitHub Actions CI/OIDC deploy binding by sending a locally signed delegation to the SDK. This MCP wrapper does not sign or broaden authority; the signed delegation defines the repository/branch or environment, allowed events/actions, and optional route_scopes. Without route_scopes, CI cannot deploy route declarations. |
| ci_list_bindingsA | List CI/OIDC deploy bindings for a project, including route_scopes when delegated. Use this to inspect which GitHub Actions subjects can deploy before editing bindings. |
| ci_get_bindingA | Get one CI/OIDC deploy binding by id, including its subject, allowed events/actions, repository id, revocation state, and route_scopes. |
| ci_revoke_bindingA | Revoke one CI/OIDC deploy binding. Revocation stops future CI gateway requests, but does not undo already deployed releases or rotate secrets. |
| claim_subdomainA | Claim a custom subdomain (e.g. myapp.run402.com) and point it at an existing deployment. Free, requires service_key auth. |
| delete_subdomainC | Release a custom subdomain. The URL will stop serving content. |
| list_subdomainsB | List all subdomains claimed by a project. |
| browse_appsB | Browse public apps available for forking. Optionally filter by tags. |
| fork_appA | Fork a published app into a new project. Creates a full copy including database, functions, site, and optionally claims a subdomain. |
| publish_appB | Publish a project as a forkable app. Set visibility and tags for discoverability. |
| list_versionsC | List published versions of a project. |
| get_quoteA | Get tier pricing for Run402 projects. Free, no auth required. Shows prices, lease durations, storage limits, and API call limits. |
| tier_statusA | Check current tier subscription — tier name, status, expiry, usage, and function authoring caps when returned (max timeout, memory, scheduled functions, min cron interval). Requires allowance auth. |
| set_tierA | Subscribe, renew, or upgrade tier. Auto-detects action based on allowance state. Returns success or payment details if x402 payment is needed. |
| delete_projectA | Immediately and irreversibly delete a project: the gateway runs the full destructive cascade (drop tenant schema, delete Lambda functions, release subdomains, tombstone mailbox, remove sender domain, wipe secrets and app versions) and sets status=purged. This tool also removes the project from the local key store. Distinct from the automatic lease-expiry grace window — this action is the explicit purge and cannot be undone. To recover from a missed renewal use |
| rename_projectA | Rename a project (PATCH /projects/v1/:id) — fix an auto-generated name. Authorization is org-membership based (admin+ on the owning org, or a project:write grant) and authorize-before-reveal: an unauthorized or guessed id returns the same 403 as a real-but-unauthorized project, never a not-found oracle. Uses the wallet's SIWX auth (not a project service key), so it works even if the project isn't in the local key store. The server validates the name (non-empty, ≤ 200 chars, no control characters). |
| admin_set_lease_perpetualA | Toggle an organization's |
| admin_archive_projectA | Operator moderation action — archive a single project (sets |
| admin_reactivate_projectA | Operator un-archive — flips |
| initiate_project_transferA | Initiate a project transfer (owned-org recipient shape v1.96+). Addressed to a WALLET ( |
| preview_project_transferA | Fetch the preview document for a project transfer of any pending kind (v1.93+). Returns the safe review payload: project name, custom domains, subdomains, function names, secret NAMES (values are never returned), CI bindings that will be revoked at completion, mailbox summary, billing implications, and — on email transfers — the retain_collaborator offer. Caller must be a party to the transfer. Calls GET /agent/v1/transfers/:transfer_id. |
| accept_project_transferA | Accept an incoming WALLET transfer (v1.93+). Your wallet must equal the transfer's to_wallet. The accept transaction atomically: (a) flips ownership to your wallet, (b) revokes the previous owner's CI bindings on the project, (c) enqueues notifications to both parties, (d) stamps a persistent |
| claim_project_transferA | Claim an incoming EMAIL transfer into an org (v1.93+) — the email analog of |
| cancel_project_transferA | Cancel a pending project transfer of any kind (v1.93+). You must be authorized for the row's kind (a wallet signing party, an owner/admin of the offering org, or the addressed-email principal). Already-accepted/cancelled/expired transfers return 409 TRANSFER_ALREADY_PROCESSED. Calls POST /agent/v1/transfers/:transfer_id/cancel. |
| list_incoming_transfersA | List pending project transfers OFFERED TO the authenticated wallet (v1.59+). Each entry carries |
| list_outgoing_transfersA | List pending project transfers INITIATED BY the authenticated wallet (v1.59+). Each entry carries |
| promote_userA | Promote a user to project_admin role by email. Admins can manage secrets from the browser. Requires service_key. |
| demote_userB | Demote a user from project_admin role by email. Reverts to default authenticated role. Requires service_key. |
| check_balanceA | Check the organization balance for the agent's allowance wallet — available and held funds. The wallet is resolved to its organization over SIWX (signed automatically); reading a wallet that is not linked to yours requires an admin key. |
| list_projectsA | List projects from the named, domain-aware inventory (GET /projects/v1). Membership-scoped by default: every project owned by an org the agent's wallet is an active member of, with name, site_url, custom_domains, org (org_id), and status. SIWX wallet auth is signed automatically. Pass org_id to filter to one org (authorize-before-reveal: non-member/guessed → 403, non-UUID → 400), all:true to read the cross-wallet inventory across every wallet controlling your operator email, or limit/cursor to paginate. |
| allowance_statusA | Check local agent allowance status — address, network, and funding status. |
| allowance_createA | Create a new local agent allowance (Base Sepolia testnet). Generates a private key and derives the Ethereum address. Saved to ~/.config/run402/allowance.json. |
| allowance_exportA | Export the local agent allowance address. Safe to share publicly. |
| request_faucetA | Request free testnet USDC from the Run402 faucet (Base Sepolia). Rate limit: 1 per IP per 24h. Returns 0.25 USDC — enough for 2 prototype databases. |
| generate_imageA | Generate a PNG image from a text prompt. Costs $0.03 USDC via x402. Aspect ratios: square (1:1), landscape (16:9), portrait (9:16). |
| create_mailboxA | Create a project-scoped mailbox local part. The managed address is @.mail.run402.com; matching slugs in other projects are allowed. Returns mailbox_settings and next_actions when the gateway provides default-role repair guidance. Not idempotent: same-project slug conflicts/cooldowns/limit errors are surfaced. |
| list_mailboxesA | List a project's mailboxes, including address/managed_address, default-role metadata ( |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/kychee-com/run402'
If you have feedback or need assistance with the MCP directory API, please join our Discord server