Ingest an architecture or flow diagram into the context memory. Converts Mermaid, PlantUML, DOT/Graphviz, or informal diagram text into a structured semantic fragment capturing nodes, edges, and relationships. The result is stored as a normal context fragment and is retrievable by optimize_contex...
AI agents use ingest_diagram to create or update resources in Entroly Context Engine — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your Entroly Context Engine environment.
This tool writes/stores data (diagram converted to semantic fragment) into the context memory system. It creates new persisted content but does not execute code, delete data, or have financial implications. The blast radius is low as it only affects the context memory store and is likely reversible.
From the tool's definition Ingest an architecture or flow diagram into the context memory... The result is stored as a normal context fragment
Documented attack patterns abuse exactly the kind of access ingest_diagram gives an agent:
PolicyLayer is an MCP gateway — it sits between your AI agents and Entroly Context Engine, and nothing reaches the server without passing your rules. This is the rule we recommend for ingest_diagram:
{
"version": "1",
"default": "deny",
"tools": {
"ingest_diagram": {
"limits": [
{
"counter": "ingest_diagram_rate",
"window": "minute",
"max": 30,
"scope": "grant"
}
]
}
}
}ingest_diagram stays usable, but capped — an agent stuck in a loop can't make hundreds of changes a minute. Everything else on the server is denied unless you say otherwise.
Free to start. No card required.
Ingest an architecture or flow diagram into the context memory. Converts Mermaid, PlantUML, DOT/Graphviz, or informal diagram text into a structured semantic fragment capturing nodes, edges, and relationships. The result is stored as a normal context fragment and is retrievable by optimize_context and recall_relevant. Args: diagram_text: Raw diagram source (Mermaid/PlantUML/DOT/text description). source: Identifier (e.g., 'arch_overview.mmd', 'db_schema.puml'). diagram_type: 'mermaid', 'plantuml', 'dot', 'text', or 'auto' (default). Returns JSON with ingestion result (same as remember_fragment). It is categorised as a Write tool in the Entroly Context Engine MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the Entroly Context Engine MCP server in PolicyLayer and add a rule for ingest_diagram: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Entroly Context Engine. Nothing to install.
ingest_diagram is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the ingest_diagram rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for ingest_diagram. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
ingest_diagram is provided by the Entroly Context Engine MCP server (juyterman1000/entroly). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Start from Entroly Context Engine, add the rest of your stack, and see everything your agents can call. Then put policy on all of it.
Free to start. No card required.
52 Entroly Context Engine tools catalogued and risk-classified — across an index of 43,000+ MCP servers.