// MCP TOOL REFERENCE
Medium Risk

save_conversation

Save complete conversations as living documents. REQUIRED: Send COMPLETE conversation in 'conversationContent' parameter (minimum 100 chars, should be thousands). Include EVERY message verbatim - NO summaries or partial content. Intelligently tracks context, extracts project details, and maintain...

Part of the Pūrmemo server.

save_conversation can modify Pūrmemo data, with no limits today. PolicyLayer puts allow, deny, and rate-limit rules on every call. Live in minutes.

SECURE PŪRMEMO →

Free to start. No card required.

WHEN AGENTS USE THIS TOOL

AI agents use save_conversation to create or modify resources in Pūrmemo. Write operations carry medium risk because an autonomous agent could trigger bulk unintended modifications. Rate limits prevent a single agent session from making hundreds of changes in rapid succession. Argument validation ensures the agent passes expected values.

Without a policy, an AI agent could call save_conversation repeatedly, creating or modifying resources faster than any human could review. PolicyLayer's rate limiting ensures write operations happen at a controlled pace, and argument validation catches malformed or unexpected inputs before they reach Pūrmemo.

RECOMMENDED POLICY

Write tools can modify data. A rate limit prevents runaway bulk operations from AI agents.

policy.json 
{
  "version": "1",
  "default": "deny",
  "tools": {
    "save_conversation": {
      "limits": [
        {
          "counter": "save_conversation_rate",
          "window": "minute",
          "max": 30,
          "scope": "grant"
        }
      ]
    }
  }
}

See the full Pūrmemo policy for all 11 tools.

Get this rule live on your own Pūrmemo server in minutes. PolicyLayer enforces it on every call, before it runs.

ENFORCE ON MY PŪRMEMO →

MORE PŪRMEMO TOOLS

Execute run_workflow Write share_memory Read discover_related_conversations Read get_memory_details Read get_public_memory Read get_user_context Read list_workflows Read recall_memories

View all 11 tools →

WHAT CAN GO WRONG

These attack patterns abuse exactly the kind of access save_conversation gives an agent. Each links to the full case and the policy that stops it:

Browse the full MCP Attack Database →

Every attack above starts with a tool call. PolicyLayer checks each one against your policy first, so save_conversation only ever does what you allow.

SECURE PŪRMEMO →

OTHER WRITE TOOLS

Other write tools across the catalogue. The same approach applies to each: rate-limit and validate the arguments.

Firecrawl Web Scraping Server firecrawl_generate_llmstxt AbraFlexi contact_create AbraFlexi contact_update AbraFlexi evidence_create AbraFlexi evidence_update AbraFlexi invoice_issued_update

RELATED READING

FAQ

What does the save_conversation tool do? +

Save complete conversations as living documents. REQUIRED: Send COMPLETE conversation in 'conversationContent' parameter (minimum 100 chars, should be thousands). Include EVERY message verbatim - NO summaries or partial content. Intelligently tracks context, extracts project details, and maintains a single memory per conversation topic. LIVING DOCUMENT + INTELLIGENT PROJECT TRACKING: - Each conversation becomes a living document that grows over time - Automatically extracts project context (name, component, feature being discussed) - Detects work iteration and status (planning/in_progress/completed/blocked) - Generates smart titles like "Purmemo - Timeline View - Implementation" (no more timestamp titles!) - Tracks technologies, tools used, and identifies relationships/dependencies - Works like Chrome extension: intelligent memory that grows with each save How memory updating works: - Conversation ID auto-generated from title (e.g., "MCP Tools" → "mcp-tools") - Same title → UPDATES existing memory (not create duplicate) - "Save progress" → Updates most recent memory for current project context - Explicit conversationId → Always updates that specific memory - Example: Saving "Project X Planning" three times = ONE memory updated three times - To force new memory: Change title or use different conversationId SERVER AUTO-CHUNKING: - Large conversations (>15K chars) automatically split into linked chunks - Small conversations (<15K chars) saved directly as single memory - You always send complete content - server handles chunking intelligently - All chunks linked together for seamless retrieval EXAMPLES: User: "Save progress" (working on Purmemo timeline feature) → System auto-generates: "Purmemo - Timeline View - Implementation" → Updates existing memory if this title was used before User: "Save this conversation" (discussing React hooks implementation) → System auto-generates: "Frontend - React Hooks - Implementation" User: "Save as conversation react-hooks-guide" → You call save_conversation with conversationId="react-hooks-guide" → Creates or updates memory with this specific ID WHAT TO INCLUDE (COMPLETE CONVERSATION REQUIRED): - EVERY user message (verbatim, not paraphrased) - EVERY assistant response (complete, not summarized) - ALL code blocks with full syntax - ALL artifacts with complete content (not just titles/descriptions) - ALL file paths, URLs, and references mentioned - ALL system messages and tool outputs - EXACT conversation flow and context - Minimum 500 characters expected - should be THOUSANDS of characters FORMAT REQUIRED: === CONVERSATION START === [timestamp] USER: [complete user message 1] [timestamp] ASSISTANT: [complete assistant response 1] [timestamp] USER: [complete user message 2] [timestamp] ASSISTANT: [complete assistant response 2] ... [continue for ALL exchanges] === ARTIFACTS === [Include ALL artifacts with full content] === CODE BLOCKS === [Include ALL code with syntax highlighting] === END === IMPORTANT: Do NOT send just "save this conversation" or summaries. If you send less than 500 chars, you're doing it wrong. Include the COMPLETE conversation with all details.. It is categorised as a Write tool in the Pūrmemo MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.

How do I enforce a policy on save_conversation? +

Register the Pūrmemo MCP server in PolicyLayer and add a rule for save_conversation: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Pūrmemo. Nothing to install.

What risk level is save_conversation? +

save_conversation is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.

Can I rate-limit save_conversation? +

Yes. Add a rate_limit block to the save_conversation rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block save_conversation completely? +

Set action: deny in the PolicyLayer policy for save_conversation. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides save_conversation? +

save_conversation is provided by the Pūrmemo MCP server (purmemo/purmemo-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

Enforce policy on every Pūrmemo tool call.

Deterministic rules across all 11 Pūrmemo tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

SECURE PŪRMEMO →

Free to start. No card required.

4,600+ MCP servers and 31,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.