Engram

31 tools. 15 can modify or destroy data without limits.

3 destructive tools with no built-in limits. Policy required.

Last updated:

15 can modify or destroy data
16 read-only
31 tools total

Community server · catalogue entry verified 03/07/2026

How to control Engram ↓

What Engram exposes to your agents

Read (16) Write / Execute (12) Destructive / Financial (3)
Critical Risk

The most dangerous Engram tools

15 of Engram's 31 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Engram

PolicyLayer is an MCP gateway — it sits between your AI agents and Engram, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "delete_memories": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "backup": {
    "limits": [
      {
        "counter": "backup_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "export_memories": {
    "limits": [
      {
        "counter": "export_memories_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Engram — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON ENGRAM →

Instant setup, no code required.

All 31 Engram tools

READ 16 tools
Read export_memories Exporta memorias como JSON array. Útil para backup, migración o inspección. Soporta filtros opcionales. Read get_context_snapshot Devuelve un resumen compacto de todas las memorias agrupado por categoría. Ideal para cargar contexto al inici Read get_graph Devuelve el grafo completo de memorias enlazadas. Read get_history Devuelve el historial de cambios de una memoria específica. Read get_links Lista todos los enlaces del grafo de memorias. Permite filtrar por nodo origen, nodo destino o tipo de relació Read get_memories Recupera múltiples memorias por id en una sola query. Los ids no encontrados se reportan en Read get_memory Recupera una memoria específica por su ID. Read get_related Recupera las memorias vinculadas a una memoria dada. Read get_related_deep Traversal multi-hop del grafo de memorias. Sigue enlaces salientes desde una memoria de origen Read get_stats Devuelve estadísticas agregadas de la base de datos: total, conteo por categoría, top tags, memoria más antigu Read list_memories Lista memorias con filtros opcionales por categoría, tag, metadata o rango de fechas. Retorna las más reciente Read list_projects Lista todos los proyectos que existen en la base de datos con el conteo de memorias de cada uno. Read list_tool_groups Lista las herramientas MCP agrupadas por función principal (Create, Read, Update, Delete, Graph, Ops/Admin). Ú Read search_memories Busca memorias usando búsqueda full-text. Por defecto usa OR (cualquier término). Usa mode= Read suggest_links Analiza memorias y sugiere posibles enlaces sin crearlos. Read unlink_memories Elimina el enlace entre dos memorias. Devuelve found=true si existía, false si no.

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Engram

Can an AI agent delete data through the Engram MCP server? +

Yes. The Engram server exposes 3 destructive tools including delete_memories, delete_memory, purge_expired. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Engram? +

The Engram server has 11 write tools including backup, import_memories, link_memories. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Engram.

How many tools does the Engram MCP server expose? +

31 tools across 3 categories: Destructive, Read, Write. 16 are read-only. 15 can modify, create, or delete data.

How do I enforce a policy on Engram? +

Register the Engram MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Engram tool call.

Deterministic rules across all 31 Engram tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

31 Engram tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.