Write structured records to a memory. Records are buffered and automatically flushed to Parquet.
AI agents use write_memory to create or update resources in Structured-sh — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your Structured-sh environment.
This tool creates or modifies data in a structured memory store (Parquet format). The effects are reversible—records can be deleted via delete_memory—so it does not qualify as Destructive. The operation is a data write without executing code, running commands, or causing financial transactions.
From the tool's definition Tool is described as 'Write structured records to a memory' with automatic buffering and flushing to Parquet. The action is reversible via the sibling tool 'delete_memory' that exists on the same server.
Attacks that exploit this kind of access
Write structured records to a memory. Records are buffered and automatically flushed to Parquet. It is categorised as a Write tool in the Structured-sh MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the Structured-sh MCP server in PolicyLayer and add a rule for write_memory: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Structured-sh. Nothing to install.
write_memory is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the write_memory rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for write_memory. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
write_memory is provided by the Structured-sh MCP server (structured-sh/structured). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →