Tages

56 tools. 19 can modify or destroy data without limits.

1 destructive tool with no built-in limits. Policy required.

Last updated:

19 can modify or destroy data
37 read-only
56 tools total

Community server · catalogue entry verified 29/06/2026

How to control Tages ↓

What Tages exposes to your agents

Read (37) Write / Execute (18) Destructive / Financial (1)
Critical Risk

The most dangerous Tages tools

19 of Tages's 56 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Tages

PolicyLayer is an MCP gateway — it sits between your AI agents and Tages, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "forget": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "apply_template": {
    "limits": [
      {
        "counter": "apply_template_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "agent_metrics": {
    "limits": [
      {
        "counter": "agent_metrics_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Tages — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON TAGES →

Instant setup, no code required.

All 56 Tages tools

WRITE 18 tools
Write apply_template Create a memory from a filled template with automatic key generation Write archive_memory Archive a memory to cold storage — removes it from recall but preserves it for restoration Write auto_archive Scan for stale low-quality memories and auto-archive them Write consolidate_memories Merge two duplicate memories into one, preserving all metadata Write federate_memory Promote a project memory to the org-wide federated library Write fork_branch Fork current memories into a session branch for experimentation. Branch writes won\ Write import_claude_md Parse a CLAUDE.md file and auto-create memories from its sections. Conventions, architecture notes, decisions, Write import_federated Import a federated memory from the shared library into this project Write import_memories Import memories from a JSON array or markdown file content. Handles duplicates with skip/overwrite/merge strat Write merge_branch Merge a session branch back into main memory. Detects conflicts between branch and main changes. Write observe Report what you are doing or learning — Tages silently extracts memories from your observations. Call this nat Write post_session End-of-session tool: extract memories from a session summary, optionally regenerate the project brief. Combine Write remember Store a memory about this codebase — conventions, decisions, architecture, patterns, or lessons learned Write resolve_conflict Resolve a detected memory conflict using keep_newer, keep_older, or merge strategies Write restore_memory Restore an archived memory back to live status Write session_end End the current session with a summary of what was built, decided, or learned — auto-extracts memories from th Write sharpen_memory Rewrite a memory value into imperative form (ALWAYS/NEVER/MUST/DO NOT) using Claude Haiku. Returns a before/af Write verify_memory Verify a pending auto-extracted memory — promotes it to live so it appears in recall results
READ 37 tools
Read agent_metrics Get agent effectiveness metrics — recall hit rate, memory creation quality, convention compliance Read architecture List all architecture notes and module boundaries Read archive_stats Get archive statistics — total archived, restored, expired Read check_convention Check a memory against all stored conventions — detect conflicts or duplicates before storing Read conflicts Detect potential conflicts between memories — overlapping or contradictory entries Read context Get all memories related to a specific file path Read contextual_recall Search memories filtered by execution context — current files, agent name, or phase. More precise than recall Read conventions List all coding conventions for this project Read decisions List the decision log — why things were built the way they are Read detect_duplicates Detect near-duplicate memories using Jaccard similarity on key+value tokens Read enforcement_report Get per-agent convention compliance stats and recent violations Read federation_overrides Show which federated memories have local project overrides Read file_recall Find memories related to specific file paths — matches by exact path, directory prefix, or reverse prefix. Pri Read graph_analysis Analyze the memory dependency graph — orphans, critical paths, impact scores Read impact_analysis Analyze the downstream impact of a memory — how many others depend on it Read list_archived List archived memories with their archive reasons and dates Read list_branches List memories in a session branch Read list_conflicts List unresolved memory conflicts for this project Read list_federated List all memories in the federated library Read list_templates List available memory templates (api-endpoint, react-component, database-migration, test-suite, cli-command) Read match_templates Find templates matching given file paths — prompts agent to fill required fields Read memory_audit Audit project memory coverage and quality: type distribution, brief-critical coverage score, imperative phrasi Read memory_graph Build a relationship graph from crossSystemRefs and output as a Mermaid diagram Read memory_history Get the version history of a memory — shows past values, confidence changes, and who changed it. Optionally re Read memory_quality Score a specific memory on completeness, freshness, consistency, and usefulness (0-100) Read memory_stats_detail Detailed memory statistics — counts by type and status, average confidence, top 5 agents, and total count Read pending_memories List auto-extracted memories that need verification before they appear in recall Read pre_check Before starting a task, get a list of gotchas: anti-patterns to avoid, conventions to follow, and lessons lear Read project_brief Generate a token-budgeted project brief for system prompt injection. Returns gotchas, conventions, architectur Read project_health Get overall project memory health score with dimension breakdown and improvement suggestions Read recall Search codebase memories by fuzzy query — finds conventions, decisions, patterns, and lessons Read risk_report Get project-wide risk ranking — which memories are most dangerous to change Read session_replay Replay a session timeline showing all tool calls with metrics Read staleness Check for stale memories that may be outdated or no longer relevant Read stats Show memory usage statistics — counts by type, recall hit rate, agent sessions, most/least accessed Read suggestions Get suggestions for memories you should store, based on queries that returned no results Read trends Detect performance trends across sessions — improvements and regressions

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Tages

Can an AI agent delete data through the Tages MCP server? +

Yes. The Tages server exposes 1 destructive tools including forget. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Tages? +

The Tages server has 18 write tools including apply_template, archive_memory, auto_archive. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Tages.

How many tools does the Tages MCP server expose? +

56 tools across 4 categories: Destructive, Execute, Read, Write. 37 are read-only. 19 can modify, create, or delete data.

How do I enforce a policy on Tages? +

Register the Tages MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Tages tool call.

Deterministic rules across all 56 Tages tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

56 Tages tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.