Goodmem MCP Policy -- 44 Tools

// TOOL MAP

Read (21) Write / Execute (15) Destructive / Financial (8)

// WHAT CAN GO WRONG

✕

Destructive tools (goodmem_admin_background_jobs_purge, goodmem_apikeys_delete, goodmem_embedders_delete) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.

✕

Write operations (goodmem_apikeys_create, goodmem_apikeys_update, goodmem_configure) modify state. Without rate limits, an agent can make hundreds of changes in seconds — faster than any human can review or revert.

✕

Execute tools (goodmem_ocr_document, goodmem_system_info) trigger processes with side effects. Builds, notifications, workflows — all fired without throttling.

// RECOMMENDED RULES

Deny destructive operations

goodmem_admin_background_jobs_purge:
  rules:
    - action: deny

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations

goodmem_apikeys_create:
  rules:
    - rate_limit: 30/hour

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations

goodmem_admin_drain:
  rules:
    - rate_limit: 60/minute

Controls API costs and prevents retry loops from exhausting upstream rate limits.

// ALL 44 GOODMEM TOOLS

DESTRUCTIVE 8 tools

Destructive goodmem_admin_background_jobs_purge Destructive goodmem_apikeys_delete Destructive goodmem_embedders_delete Destructive goodmem_llms_delete Destructive goodmem_memories_batch_delete Destructive goodmem_memories_delete Destructive goodmem_rerankers_delete Destructive goodmem_spaces_delete

EXECUTE 2 tools

Execute goodmem_ocr_document Execute goodmem_system_info

WRITE 13 tools

Write goodmem_apikeys_create Write goodmem_apikeys_update Write goodmem_configure Write goodmem_embedders_create Write goodmem_embedders_update Write goodmem_llms_create Write goodmem_llms_update Write goodmem_memories_batch_create Write goodmem_memories_create Write goodmem_rerankers_create Write goodmem_rerankers_update Write goodmem_spaces_create Write goodmem_spaces_update

// FAQ

Can an AI agent delete data through the Goodmem MCP server? +

Yes. The Goodmem server exposes 8 destructive tools including goodmem_admin_background_jobs_purge, goodmem_apikeys_delete, goodmem_embedders_delete. These permanently remove resources with no undo. Intercept blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Goodmem? +

The Goodmem server has 13 write tools including goodmem_apikeys_create, goodmem_apikeys_update, goodmem_configure. Set rate limits in your policy file -- for example, rate_limit: 10/hour prevents an agent from making more than 10 modifications per hour. Intercept enforces this at the transport layer.

How many tools does the Goodmem MCP server expose? +

44 tools across 4 categories: Destructive, Execute, Read, Write. 21 are read-only. 23 can modify, create, or delete data.

How do I add Intercept to my Goodmem setup? +

One line change. Instead of running the Goodmem server directly, prefix it with Intercept: intercept -c goodmem.yaml -- npx -y @@pairsystems/goodmem-mcp. Download a pre-built policy from policylayer.com/policies/goodmem and adjust the limits to match your use case.

// RELATED SERVERS

Other MCP servers with similar tools.

Starter policies available for each. Same risk classification, same one-command setup.

Goodmem

Other MCP servers with similar tools.

Let agents act without letting them run wild.