Kontexta

55 tools. 25 can modify or destroy data without limits.

5 destructive tools with no built-in limits. Policy required.

Last updated:

25 can modify or destroy data
30 read-only
55 tools total

Community server · catalogue entry verified 02/07/2026

How to control Kontexta ↓

What Kontexta exposes to your agents

Read (30) Write / Execute (20) Destructive / Financial (5)
Critical Risk

The most dangerous Kontexta tools

25 of Kontexta's 55 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Kontexta

PolicyLayer is an MCP gateway — it sits between your AI agents and Kontexta, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "delete_file": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "add_tags": {
    "limits": [
      {
        "counter": "add_tags_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "bundle_search": {
    "limits": [
      {
        "counter": "bundle_search_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Kontexta — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON KONTEXTA →

Instant setup, no code required.

All 55 Kontexta tools

WRITE 18 tools
Write add_tags Append tags to ONE file. Additive — existing tags are preserved; re-adding an existing tag is a no-op (idempot Write clip_url SIDE-EFFECTFUL — fetches an EXTERNAL URL and writes a NEW KB file. Downloads the page, extracts the main artic Write create_file Create a new markdown or mermaid file in the knowledge base or project. This operation writes a new file to di Write create_files Batch variant of Write create_folder Create a folder under a project root or the KB. Idempotent — creating an existing folder succeeds. Nested path Write distill_journal Run the distillation pipeline: read raw events since the high-water mark, group by topic, write mechanical mar Write distill_journal_commit_upgrades After dispatching subagents to upgrade mechanical journal entries to LLM-narrative, call this with the affecte Write journal_append Append a timestamped text entry to today Write journal_intent Record a topic/intent pivot. Use when the user redirects what you Write journal_note Record a free-form decision/abandonment/observation note in the current project Write move_file Move/rename a file. Destination Write onboard_agent Write or update the kontexta workflow rules block in a project Write register_project Register a new project and link it to the Kontexta knowledge system. SIDE EFFECTS: Writes project metadata to Write remove_tags Detach one or more tag IDs from ONE file. Destructive on the link only — does NOT delete the file or the globa Write set_favorite Set or clear the favorite flag on one file (idempotent — re-setting the same value is a no-op; not a toggle, y Write tag_search_results Bulk-tag — run an FTS Write update_file Update the entire content of an existing file by its ID. This replaces the file Write update_file_section Surgical write — replace the body of ONE heading without touching siblings. The heading line itself is preserv
READ 30 tools
Read bundle_search Run an FTS search and concatenate matched bodies into a single prompt-ready bundle (XML Read describe_file Return everything ABOUT a file without pulling its content (no token cost from the body). Tags, size, est_toke Read describe_hands_schema Return the complete authoring reference for Read diff_against_disk Diagnose drift between one file Read find_related Find other files sharing tags with the given file, ranked by Read get_diff Return the unified diff of one file between two commit hashes (typically obtained from Read get_history Return the git commit history for one file (newest first), each entry with hash, message, date, and author. Re Read get_profile Return the user profile stored in the Knowledge Base. The profile helps AI agents understand the user Read grep_in_file Match a JS regex against one file Read journal_status Report the journal backlog and high-water mark for a project. Read list_files List file metadata with optional filters (project_id, tag, favorite, folder, untagged) and pagination. Read-on Read list_folders List folder paths under a project root (or the Knowledge Base when Read list_hands List every Hands command tool currently registered, with project scope, tool name, danger level, confirmation Read list_projects List every registered project with id, name, absolute path, and a derived Read list_tags List every tag in the global SQLite database with id, name, and applied count. Read-only; no side effects, aut Read project_map Return a compact indented outline of folders, file titles, tags, and IDs in a single dense block — substantial Read read_file Read one file Read read_file_by_path Look up a file by its absolute on-disk path and return the same shape as Read read_file_lines Return a 1-indexed inclusive line slice of a file. Out-of-range bounds clamp silently to the file Read read_file_outline Return a flat list of markdown headings for one file (level, text, line, byteStart, byteEnd). Read-only; no si Read read_files Batch read up to 200 files by ID in one call. Returns per-file annotated records, an aggregate Read read_section Return the body of ONE heading (the heading line itself is excluded) plus level, line, size_bytes, and est_tok Read refresh_index Reconcile the FTS index against disk. For a project ( Read regex_search Match a JS regex against the body of every file in scope (project, KB, or all) and return per-file hits with l Read reload_hands Re-scan every registered project Read search Full-text (SQLite FTS5) keyword search across files. Returns ranked matches with inline match_excerpt and titl Read stats Aggregate counts for a scope: Read suggest_tags Propose tags for a file by mining the existing tag corpus via FTS — picks distinctive terms from the file (≥4 Read transfer_agent_context COPY existing agent context files (CLAUDE.md, AGENTS.md, .cursor/rules/.mdc, etc.) from a project Read whats_new List files created or modified since a checkpoint.

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Kontexta

Can an AI agent delete data through the Kontexta MCP server? +

Yes. The Kontexta server exposes 5 destructive tools including delete_file, delete_files, delete_folder. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Kontexta? +

The Kontexta server has 18 write tools including add_tags, clip_url, create_file. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Kontexta.

How many tools does the Kontexta MCP server expose? +

55 tools across 5 categories: Destructive, Execute, Financial, Read, Write. 30 are read-only. 25 can modify, create, or delete data.

How do I enforce a policy on Kontexta? +

Register the Kontexta MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Kontexta tool call.

Deterministic rules across all 55 Kontexta tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

55 Kontexta tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.