// SCAN REPORT

Engrams

42 tools. 18 can modify or destroy data without limits.

2 destructive tools with no built-in limits. Policy required.

Last updated:

18 can modify or destroy data
24 read-only
42 tools total

Community server · catalogue entry verified 12/06/2026

How to control Engrams ↓

TOOL MAP

What Engrams exposes to your agents

Read (24) Write / Execute (16) Destructive / Financial (2)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
Critical Risk

The most dangerous Engrams tools

Destructive · High delete_item The tool explicitly states it 'permanently deletes' items, making this an irreversible destructive action. Destructive · High unbind_code_from_item This tool irreversibly deletes data (code bindings) from the engrams system. Write · Medium create_scope This tool creates new data structures (governance scopes) within the system, making it a Write operation. Write · Medium export_engrams_to_markdown This tool writes files to the filesystem (markdown export).

18 of Engrams's 42 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control Engrams

PolicyLayer is an MCP gateway — it sits between your AI agents and Engrams, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "delete_item": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "batch_log_items": {
    "limits": [
      {
        "counter": "batch_log_items_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "check_compliance": {
    "limits": [
      {
        "counter": "check_compliance_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Engrams — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON ENGRAMS →

Free to start. No card required.

FULL CATALOGUE

All 42 Engrams tools

DESTRUCTIVE 2 tools
Destructive delete_item Permanently deletes an Engrams item. For decisions, patterns, and progress entries: provide item_type and item Destructive unbind_code_from_item Permanently removes a code binding by its numeric binding_id. Destructive and irreversible. Precondition: obta
WRITE 16 tools
Write batch_log_items Logs multiple items of the SAME type in a single call, reducing round-trips. Supported item_types: Write bind_code_to_item Creates a code binding linking an Engrams entity to file paths via glob patterns. Valid item_type values: Write link_engrams_items Creates a directional relationship link between two Engrams items (e.g., a decision Write log_custom_data Stores or updates a custom key-value entry organized by category. Use for any structured data not covered by d Write log_governance_rule Creates an enforcement rule within a governance scope. Rules define what is blocked or warned for specific ent Write log_system_pattern Creates or updates a named system/coding pattern (e.g., Write review_amendment Accepts or rejects a proposed governance scope amendment. Precondition: the amendment must exist and be in a r Write create_scope Creates a new governance scope (container for rules and items). Two types: Write export_engrams_to_markdown Exports ALL Engrams data (decisions, patterns, progress, custom data, contexts, links) to a directory of markd Write import_markdown_to_engrams Imports Engrams data from a directory of markdown files previously created by export_engrams_to_markdown. Read Write log_decision Creates a new STRATEGIC decision record — architectural choices, technology selections, coding conventions, or Write log_progress Creates a new progress/task entry with a status (TODO, IN_PROGRESS, DONE, etc.). Use this when a task begins, Write manage_budget_config Reads or updates scoring weight configuration for get_relevant_context. Omit weights to read current config; p Write update_active_context Overwrites or patches the session-level active context (current focus, open issues, recent changes). Provide c Write update_product_context Overwrites or patches the persistent product context (project goals, features, architecture). Provide content Write update_progress Modifies an existing progress entry by its ID. Use to change status (e.g., IN_PROGRESS → DONE), update descrip
READ 24 tools
Read check_compliance Evaluates a specific existing item (by item_type and item_id) against all applicable governance rules. Use AFT Read get_active_context Retrieves the session-level active context: current work focus, open issues, and recent changes. This is the Read get_bindings_for_item Lists all code bindings attached to a specific Engrams entity (by item_type and item_id). Use to see which fil Read get_context_for_files Given file paths being edited, returns ALL Engrams entities (decisions, patterns, etc.) bound to those paths. Read get_custom_data Retrieves custom data entries by exact category and/or key lookup. Provide category alone to list all entries Read get_decisions Lists decisions, filtered by tags or ordered by recency. Use when you want to browse/filter decisions by tag o Read get_effective_context Retrieves the merged governance view for a specific individual scope: team-level items (taking precedence) lay Read get_governance_rules Lists the active governance rules for a specific scope, optionally filtered by entity_type (e.g., Read get_item_history Retrieves version history for Product Context or Active Context ONLY (not decisions, progress, or other entity Read get_linked_items Retrieves all knowledge graph links for a specific item (both outgoing and incoming). Use to explore relations Read get_product_context Retrieves the stored high-level product context (project goals, features, architecture) as a single JSON objec Read get_progress Lists progress/task entries, optionally filtered by status (e.g., Read get_project_briefing Generates a structured, human-readable project briefing at a specified depth level. Levels: Read get_recent_activity_summary Returns a digest of recently created or updated items across all entity types, ideal for session start catch-u Read get_relevant_context Returns the OPTIMAL subset of ALL Engrams entities (decisions, patterns, progress, custom data) that fit withi Read get_scope_amendments Lists proposed changes (amendments) to governance scopes, optionally filtered by status ( Read get_scopes Lists all governance scopes in the workspace, optionally filtered by scope_type ( Read get_system_patterns Lists system/coding patterns, optionally filtered by tags. Returns most recent first. Use to review establishe Read search_custom_data_value_fts Keyword search across ALL custom data entries (values, categories, and keys) using SQLite FTS. Optionally narr Read search_decisions_fts Keyword search across decision text (summary, rationale, implementation_details, tags) using SQLite FTS. Use w Read semantic_search_engrams Natural-language conceptual search across ALL Engrams entity types (decisions, patterns, progress, custom data Read suggest_bindings Analyzes an Engrams entity Read tool_check_planned_action Pre-mutation governance check: verifies a planned action against all accepted team decisions before any worksp Read verify_bindings Validates code bindings against the actual filesystem — checks which file_pattern globs still match real files
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
admin
Mcp Afip 1300 tools
admin
Mcp Ap2 1300 tools
admin
BNB Chain MCP 1240 tools
admin
Nodebench 824 tools
admin
Amazon Bedrock Knowledge Base Retrieval MCP Server 805 tools
admin
Amazon Data Processing MCP Server 805 tools
admin
Amazon ECS MCP Server 805 tools
admin
FAQ

Questions about Engrams

Can an AI agent delete data through the Engrams MCP server? +

Yes. The Engrams server exposes 2 destructive tools including delete_item, unbind_code_from_item. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Engrams? +

The Engrams server has 16 write tools including batch_log_items, bind_code_to_item, link_engrams_items. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Engrams.

How many tools does the Engrams MCP server expose? +

42 tools across 3 categories: Destructive, Read, Write. 24 are read-only. 18 can modify, create, or delete data.

How do I enforce a policy on Engrams? +

Register the Engrams MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Engrams tool call.

Deterministic rules across all 42 Engrams tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON ENGRAMS →

Free to start. No card required.

42 Engrams tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.