Read temporal knowledge-graph edges (subj --pred--> obj, valid over [valid_from, valid_to)), bi-temporally filtered, in EITHER direction. Forward (subj, direction="out", the default): edges originating at a subject fact. Reverse (obj, direction="in"): edges pointing AT a fact — what disagrees-wit...
Risk signalsBulk/mass operation — affects multiple targets
Part of the emem — Earth memory protocol server.
Free to start. No card required.
AI agents use emem_edges_recall to create or modify resources in emem — Earth memory protocol. Write operations carry medium risk because an autonomous agent could trigger bulk unintended modifications. Rate limits prevent a single agent session from making hundreds of changes in rapid succession. Argument validation ensures the agent passes expected values.
Without a policy, an AI agent could call emem_edges_recall repeatedly, creating or modifying resources faster than any human could review. PolicyLayer's rate limiting ensures write operations happen at a controlled pace, and argument validation catches malformed or unexpected inputs before they reach emem — Earth memory protocol.
Write tools can modify data. A rate limit prevents runaway bulk operations from AI agents.
{
"version": "1",
"default": "deny",
"tools": {
"emem_edges_recall": {
"limits": [
{
"counter": "emem_edges_recall_rate",
"window": "minute",
"max": 30,
"scope": "grant"
}
]
}
}
}See the full emem — Earth memory protocol policy for all 81 tools.
These attack patterns abuse exactly the kind of access emem_edges_recall gives an agent. Each links to the full case and the policy that stops it:
Other write tools across the catalogue. The same approach applies to each: rate-limit and validate the arguments.
Read temporal knowledge-graph edges (subj --pred--> obj, valid over [valid_from, valid_to)), bi-temporally filtered, in EITHER direction. Forward (subj, direction="out", the default): edges originating at a subject fact. Reverse (obj, direction="in"): edges pointing AT a fact — what disagrees-with / supersedes / relates-to it. Returns a signed list of edges plus the distinct neighbour fact CIDs (objs for out, subjs for in); the receipt commits the returned edge CIDs into its signature preimage. When to use: Call this to read the typed CONNECTIONS of a fact — what disagrees with it, what superseded it, what relates to it — as of a point in time. A plain recall gives you the fact; this gives you how that fact links to others in the memory graph. Ask it when the user says 'what is this related to', 'what replaced this observation', 'why is this value contested', or 'what did this place's relations look like as of date X'. Pick a direction: set subj (direction="out") to ask 'what does this fact point at'; set obj (direction="in") to ask the REVERSE — 'what disagrees-with / supersedes / points-at this fact'. Set exactly one of subj/obj — an ambiguous or empty request errors honestly rather than returning a silent empty. Pass as_of_tslot to get the latest edge per neighbour whose valid interval covers that moment (newer edges shadow older — nothing is deleted); pass pred (e.g. disagrees_with, supersedes) to filter, or omit it (empty string) for every predicate. Tip: a quicker way to get a fact + its outbound edges in one shot is emem_recall with include:["edges"]. Follow each edge's obj/subj with emem_fetch to resolve the related fact, or emem_verify_receipt to confirm the signature offline.. It is categorised as a Write tool in the emem — Earth memory protocol MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the emem — Earth memory protocol MCP server in PolicyLayer and add a rule for emem_edges_recall: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches emem — Earth memory protocol. Nothing to install.
emem_edges_recall is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the emem_edges_recall rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for emem_edges_recall. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
emem_edges_recall is provided by the emem — Earth memory protocol MCP server (oci:ghcr.io/vortx-ai/emem:latest). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 81 emem — Earth memory protocol tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
4,600+ MCP servers and 31,000+ tools scanned and risk-classified.