// SCAN REPORT

Kage

62 tools. 19 can modify or destroy data without limits.

2 destructive tools with no built-in limits. Policy required.

Last updated: 12 Jun 2026

19 can modify or destroy data

43 read-only

62 tools total

Community server · catalogue entry verified 12/06/2026

How to control Kage ↓

TOOL MAP

What Kage exposes to your agents

Read (43) Write / Execute (17) Destructive / Financial (2)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS

Critical Risk

The most dangerous Kage tools

Destructive · High kage_context_slot_delete The tool performs irreversible deletion of context slots from a repo-local memory system. Destructive · High kage_compact When dry_run=false, this tool irreversibly prunes citations and deprecates memory packets in the repository's git-tracked JSON store. Execute · Medium kage_refresh This tool triggers a multi-step rebuild/reindex operation across repo indexes, graphs, and metadata. Write · Medium kage_graph_registry The tool 'builds' (creates/writes) a signed manifest artifact that consolidates multiple data sources.

19 of Kage's 62 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control Kage

PolicyLayer is an MCP gateway — it sits between your AI agents and Kage, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations

{
  "kage_context_slot_delete": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations

{
  "kage_graph_registry": {
    "limits": [
      {
        "counter": "kage_graph_registry_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations

{
  "kage_memory_audit": {
    "limits": [
      {
        "counter": "kage_memory_audit_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

Create a free account and register Kage — nothing to install.
Add these rules — paste them, or build them visually. Tune the limits to your setup.
Point your MCP client (Claude, Cursor, anything) at your gateway URL.

ENFORCE POLICY ON KAGE →

Free to start. No card required.

FULL CATALOGUE

All 62 Kage tools

DESTRUCTIVE 2 tools

Destructive kage_context_slot_delete Delete a repo-local context slot by label. Destructive kage_compact Consolidate repo memory: prune dead citations, deprecate hard-stale packets, and surface near-duplicate cluste

EXECUTE 1 tools

Execute kage_refresh Rebuild repo indexes, code graph, memory graph, metrics, and stale-memory metadata. Agents should run this aft

WRITE 16 tools

Write kage_graph_registry Build a signed graph-registry manifest for generated memory graph, code graph, indexes, metrics, audit, inbox, Write kage_structural_index Build the complete cache-backed structural index for large repos. This covers all supported source/config/doc Write kage_observe Store an automatic local observation event from an agent session. Observations are privacy-scanned, deduplicat Write kage_capture Create a repo-local Kage memory packet immediately. Org/global promotion still requires explicit human review. Write kage_code_index Write external code index artifacts consumed by the code graph. Prefers SCIP when scip-typescript and scip are Write kage_context_slot_set Create or update a repo-local pinned context slot. Use for durable, high-signal repo guidance that should alwa Write kage_distill Distill stored observations for one session into repo-local memory candidates. Org/global promotion still requ Write kage_feedback Record usefulness feedback on an approved repo-local memory packet: helpful, wrong, or stale. Write kage_install_policy Install or update the repo AGENTS.md policy that tells coding agents to use Kage automatically. Write kage_learn Capture an actual reusable learning from the current session as repo-local memory. Prefer this over diff propo Write kage_memory_reconcile Return agent-owned memory reconciliation work when source files linked to existing memory changed. Agents must Write kage_pr_summarize Create a PR/branch memory summary from local git diff metadata and write repo-local change memory. Use when a Write kage_propose_from_diff Create or update a branch review summary and repo-local change-memory packet from local git status and diff me Write kage_review_artifact Create a Markdown review artifact summarizing pending memory packets for PR or human review. Write kage_setup_agent Generate MCP/setup instructions for Codex, Claude Code, Cursor, Windsurf, Gemini CLI, OpenCode, Cline, Goose, Write kage_supersede Mark one repo-local memory packet as superseded by a replacement packet and write bidirectional lineage edges.

READ 43 tools

Read kage_memory_audit Return the repo-local audit trail for explicit memory mutations: capture, feedback, review, supersede, depreca Read kage_branch_overlay Build and return branch overlay metadata: branch, head, merge-base, changed files, and pending packet IDs. Read kage_contributors Build local contributor profiles from git history: commits, recent activity, touched files, modules, ownership Read kage_profile Return a compact project profile for agent orientation: repo totals, languages, top code+memory concepts, key Read kage_code_graph Query the source-derived codebase graph: files, symbols, imports, calls, routes, tests, package scripts. This Read kage_context_slots List repo-local pinned context slots. Pinned slots are small, reviewable facts that Kage includes in recall/co Read kage_fetch Fetch the full content of a specific node from the kage knowledge graph. Use after kage_search to get the comp Read kage_graph Query the repo-local Kage knowledge graph. Returns typed, evidence-backed graph facts from entities, edges, an Read kage_list_domains List all domains in the kage knowledge graph with their node counts and top tags. Use to orient before searchi Read kage_pr_check Check whether repo memory, code graph, memory graph, and stale-memory state are ready for merge. Leads with a Read kage_search Search the kage community knowledge graph for gotchas, patterns, configs, and architectural decisions across a Read kage_validate Validate repo-local Kage memory packets, pending packets, generated indexes, and sensitive-content checks. Read kage_verify_agent Verify that Kage is truly active for the current agent: config, repo policy, indexes, recall, code graph, and Read kage_verify_citations Verify that a memory packet Read kage_audit Audit whether repo memory and code intelligence are trustworthy: validation, memory inbox, structured context Read kage_benchmark Return Kage proof metrics, or set mode=memory_quality / memory_scale for synthetic memory retrieval benchmarks Read kage_benchmark_compare Compare the same task on the same repo with and without Kage. Reports estimated baseline discovery tokens/step Read kage_capabilities Return an evidence-backed Kage memory-system capability audit across repo memory, collaboration/session proof, Read kage_cleanup_candidates Find conservative cleanup candidates from Kage Read kage_decisions Summarize Kage why-memory for a repo: decisions, gotchas, runbooks, conventions, code explanations, path cover Read kage_dependency_path Find how two files are connected in Kage Read kage_graph_insights Return deterministic code graph intelligence: central files, dependency cycles, import communities, and short Read kage_graph_visual Export the repo-local Kage knowledge graph as Mermaid flowchart text for visual inspection. Read kage_inbox Return an actionable memory review inbox: pending packets, stale packets, duplicates, missing structured conte Read kage_learning_ledger Return an agent-facing ledger that classifies observed session events into save, ignore, needs-evidence, or al Read kage_memory_access Report which repo-local memory packets have actually been recalled recently. This uses local ignored access te Read kage_memory_handoff Return a teammate/agent handoff queue by combining memory inbox, lifecycle, audit, timeline, and lineage into Read kage_memory_lifecycle Return a repo-local memory lifecycle report: healthy, hot, cold, stale, disputed, ungrounded, pending, generat Read kage_memory_lineage Return memory supersession chains so agents can use current replacement packets and keep retired memory as aud Read kage_memory_timeline Return recent repo-memory activity for teammate handoff: added, updated, pending, and deprecated packets with Read kage_metrics Return concise Kage adoption and quality metrics: code graph counts, language/parser coverage, memory graph ev Read kage_module_health Return local module health scorecards from Kage Read kage_quality Return memory quality metrics: useful memory ratio, duplicate burden, stale/wrong feedback, evidence coverage, Read kage_recall Recall repo-local Kage memory from .agent_memory packets. Returns an agent-ready context block plus ranked pac Read kage_registry_recommend Recommend documentation packs, skills, and optional MCPs for this repo based on its package metadata. Recommen Read kage_reviewers Suggest reviewers for target or changed files from local git authorship, recent edits, and code-graph co-chang Read kage_risk Assess modification risk for files using Kage Read kage_session_replay Return a privacy-preserving replay digest for observed agent sessions: timeline, touched paths, commands, dura Read kage_sessions Summarize local agent observation sessions, durable capture candidates, and next distillation actions without Read kage_setup_doctor Audit Kage setup across supported agents, including Claude Code ambient hook readiness when applicable. Read kage_workspace Summarize a local multi-repo workspace: discovered git repos, Kage memory coverage, code graph counts, package Read kage_workspace_recall Recall Kage memory across every indexed repo in a local workspace and rank the combined hits. Use for cross-re Read kage_xray Return a first-use Repo X-Ray: code structure layers for entry points, core files, risk, tests, memory overlay

EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

FAQ

Questions about Kage

Can an AI agent delete data through the Kage MCP server? +

Yes. The Kage server exposes 2 destructive tools including kage_context_slot_delete, kage_compact. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Kage? +

The Kage server has 16 write tools including kage_graph_registry, kage_structural_index, kage_observe. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Kage.

How many tools does the Kage MCP server expose? +

62 tools across 4 categories: Destructive, Execute, Read, Write. 43 are read-only. 19 can modify, create, or delete data.

How do I enforce a policy on Kage? +

Register the Kage MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Kage tool call.

Deterministic rules across all 62 Kage tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON KAGE →

Free to start. No card required.

62 Kage tools catalogued and risk-classified — across an index of 43,000+ MCP servers.