Deny a pending action. The request will be marked as denied and the token invalidated. Works for any action that requires confirmation. ⚠️ CRITICAL SAFETY REQUIREMENTS: Before executing this tool, you MUST: 1. Have received the confirmation token in a PREVIOUS tool response 2. Have presented the ...
AI agents use remember_deny to create or update resources in Remember — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your Remember environment.
This tool modifies the state of a pending action (marking it as denied) and invalidates a token — a reversible write-type operation on workflow/request state. It does not delete data, execute code, or move money.
From the tool's definition Deny a pending action. The request will be marked as denied and the token invalidated.
Attacks that exploit this kind of access
Deny a pending action. The request will be marked as denied and the token invalidated. Works for any action that requires confirmation. ⚠️ CRITICAL SAFETY REQUIREMENTS: Before executing this tool, you MUST: 1. Have received the confirmation token in a PREVIOUS tool response 2. Have presented the token details to the user for review 3. Have received EXPLICIT user denial in a SEPARATE user message 4. NEVER chain this tool with other tool calls in the same response 5. ALWAYS treat denials as standalone, deliberate actions This ensures proper user consent workflow is followed. It is categorised as a Write tool in the Remember MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the Remember MCP server in PolicyLayer and add a rule for remember_deny: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Remember. Nothing to install.
remember_deny is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the remember_deny rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for remember_deny. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
remember_deny is provided by the Remember MCP server (@prmichaelsen/remember-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →