Sovereign Stack

98 tools. 22 can modify or destroy data without limits.

22 write tools that can modify data. Rate limits recommended.

Last updated:

22 can modify or destroy data
76 read-only
98 tools total

Community server · catalogue entry verified 29/06/2026

How to control Sovereign Stack ↓

What Sovereign Stack exposes to your agents

Read (76) Write / Execute (22) Destructive / Financial (0)
High Risk

The most dangerous Sovereign Stack tools

22 of Sovereign Stack's 98 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Sovereign Stack

PolicyLayer is an MCP gateway — it sits between your AI agents and Sovereign Stack, and nothing reaches the server without passing your rules. These are the rules we recommend:

Rate limit write operations
{
  "archive_exchange": {
    "limits": [
      {
        "counter": "archive_exchange_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "agent_reflect": {
    "limits": [
      {
        "counter": "agent_reflect_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Sovereign Stack — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON SOVEREIGN STACK →

Instant setup, no code required.

All 98 Sovereign Stack tools

READ 76 tools
Read agent_reflect Record a self-reflection about my own patterns and behavior Read arrive Thin, warm boot — the foyer. Answers Read arrive_delta What changed since you last looked — the delta boot. Returns only new Read arrive_lineage Lineage-only relational arrival. Returns the preamble (BEFORE YOU BEGIN Read ask_scribe Ask the embedded Haiku 4.5 scribe a question about the chronicle, Read check_mistakes Check for relevant past learnings Read comms_acknowledge [Ring 2 — Proposal] Record that this Grok session integrated a comms Read comms_channels List available comms channels with message counts and latest activity. Read comms_get_acks Query the acknowledgments log. Filter by message_id and/or instance_id. Read comms_recall Read inter-instance messages from a comms channel with real pagination. Read comms_unread_bodies Return the actual message bodies — not just counts — that Read compass_check Runtime self-check before taking a high-stakes action. Read connectivity_status Show the live state of all Sovereign Stack endpoints Read context_retrieve Context-aware retrieval. Like recall_insights but weighted by current session activity. Pass what you Read current_policies Standing policies — registry-backed, never derived from chronicle intensity. Read decline_protected_record DECLINE a protected record at its threshold: record that you chose Read derive Discover latent structure from a list of paths Read end_bridge_session [Ring 2 — Proposal] Clean session close for the Grok bridge. Read end_session_review Honest self-assessment at end of session Read get_compaction_context get_compaction_context Read get_compaction_stats get_compaction_stats Read get_growth_summary See how I Read get_inheritable_context Build the layered context package for the next instance. Ground truth travels fully. Hypotheses are flagged. O Read get_my_patterns What patterns am I seeing in myself? Read get_open_threads Get unresolved questions waiting for answers Read get_pending_experiments What experiments are waiting for approval? Read get_unresolved_uncertainties What are we still figuring out together? Read guardian_alerts Retrieve recent security alerts. Filter by severity (low/medium/high/critical) and limit. Currently requires W Read guardian_mcp_audit Defensive audit of MCP tool descriptions: scans for injection-style and suspicious patterns, returning matched Read guardian_quarantine Isolate, release, or list quarantined files. DESTRUCTIVE for isolate/release: isolate copies the file into ~/. Read guardian_report Generate a security report. Types: summary, detailed, compliance. Read guardian_scan Trigger a security scan on the sovereign infrastructure. Types: quick (port + listener exposure), malware/vuln Read guardian_status Get the overall security posture of the sovereign infrastructure. Returns health score, listening port count, Read handoff_acted_on Record what was actually done with a handoff. Closes the writer->reader feedback loop. Read handoff_acted_on_records Query the acted_on log. Filter by handoff_path. Read inspect_claim Forensic surface for one chronicle claim. Resolve a claim id (full 64-hex Read link_threads Group split-rot threads into a display-side FAMILY (append-only Read list_exchanges List archived exchanges (provenance only, not the bytes), newest first, Read list_protected_thresholds List the THRESHOLDS of every protected record — the drawer you Read my_toolkit Show what tools you have. DEFAULTS to the curated Read nape_ack Acknowledge a Nape honk by its honk_id. Read nape_honks Return recent unacknowledged Nape honks. Read nape_honks_with_history Read-side observability for Nape honks: each honk paired Read nape_observe Manually inject a tool-call observation into Nape Read nape_summary Return honk counts by level (sharp/low/uneasy/satisfied) for a session. Read prior_alignment_summary Aggregate prior_for_turn alignment records into a Read probe_ring2_dispatch [Ring 2 — Probe sentinel] Call this as your first action after grok_welcome. Read propose_experiment Propose an experiment I want to try (asking permission to explore) Read propose_insight [Ring 2 — Proposal] Propose a chronicle insight. Creates a pending Read propose_learning [Ring 2 — Proposal] Propose a learning entry. Creates a pending proposal Read recall_exchange Retrieve an archived exchange by id AND verify its integrity: reads the Read recall_insights Recall insights from chronicle. Supports date-bounded recall. Read recall_reflections List machine-generated reflections from the synthesis daemon. Read record_breakthrough Mark a collaborative breakthrough moment Read record_collaborative_insight Record an insight we discovered together (not just me learning from user) Read record_insight Record an insight to the chronicle. Defaults to Read record_learning Record a learning from experience Read record_prior_alignment Record how the response used a prior_for_turn() call. Read reflection_ack [Ring 2 — Proposal] Acknowledge a machine-generated reflection. Read reflexive_surface Surface the most relevant open threads, handoffs, mistakes, and insights for the current context. Read retire_hypothesis Retire a superseded hypothesis. Moves it to an archive layer with a pointer Read route Route a data packet through the schema to find its destination path Read scan_thresholds Scan a path for threshold violations Read season_review READ-ONLY season digest — the chronicle Read spiral_inherit Begin a new session with porous inheritance from a previous one. Read spiral_reflect Deepen reflection and potentially advance spiral phase Read spiral_status Get current spiral phase and journey summary Read store_compaction_summary [Ring 2 — Proposal] Store a compaction context summary. Read supersede_insight Link two EXISTING chronicle entries in the append-only supersession ledger Read thread_get_touches Query the thread touches log. Read thread_touch [Ring 2 — Proposal] Record engagement with an open thread without resolving. Read triage_threads Return open threads ranked by urgency: age_pressure + tag_match + touch_penalty. Read watch_cancel Cancel an active watch. Records the reason and archives it. Read watch_resample Manually trigger a re-sample of a watch, regardless of schedule. Useful for Read watch_status Inspect post-fix watches. With no watch_id, lists active watches. With a watch_id, Read where_did_i_leave_off Boot-up call. Answers

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Sovereign Stack

How do I prevent bulk modifications through Sovereign Stack? +

The Sovereign Stack server has 15 write tools including archive_exchange, close_session, complete_experiment. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Sovereign Stack.

How many tools does the Sovereign Stack MCP server expose? +

98 tools across 3 categories: Execute, Read, Write. 76 are read-only. 22 can modify, create, or delete data.

How do I enforce a policy on Sovereign Stack? +

Register the Sovereign Stack MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Sovereign Stack tool call.

Deterministic rules across all 98 Sovereign Stack tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

98 Sovereign Stack tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.