Run the full ethics engine v2 pipeline on content and return detailed decision trace. Exposes Layer A alarms, Layer B probabilistic risk output, aggregation logic, and final decision. Use without content to retrieve last trace. Essential for auditing and validating ethics decisions.
AI agents invoke ethics_trace to trigger actions in Celiums Memory. What it does depends on the arguments the agent supplies, and its effects often reach beyond the immediate call — builds kicked off, notifications sent, workflows started.
This tool executes a non-trivial computational pipeline (the ethics engine v2) rather than simply retrieving static data. While it appears primarily analytical, executing complex decision logic can have operational effects on downstream systems that depend on its output. The exposure of internal decision traces and alarm layers could influence safety-critical decisions in an AI agent.
From the tool's definition The tool "runs" the full ethics engine v2 pipeline and "exposes" internal layers (A, B) and decision logic. The verb "run" and language about executing a complex pipeline indicate code execution.
Documented attack patterns abuse exactly the kind of access ethics_trace gives an agent:
PolicyLayer is an MCP gateway — it sits between your AI agents and Celiums Memory, and nothing reaches the server without passing your rules. This is the rule we recommend for ethics_trace:
{
"version": "1",
"default": "deny",
"tools": {
"ethics_trace": {
"limits": [
{
"counter": "ethics_trace_rate",
"window": "minute",
"max": 10,
"scope": "grant"
}
]
}
}
}ethics_trace stays usable, but rate-capped — a runaway agent can't fire it dozens of times a minute. Everything else on the server is denied unless you say otherwise.
Free to start. No card required.
Run the full ethics engine v2 pipeline on content and return detailed decision trace. Exposes Layer A alarms, Layer B probabilistic risk output, aggregation logic, and final decision. Use without content to retrieve last trace. Essential for auditing and validating ethics decisions. It is categorised as a Execute tool in the Celiums Memory MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.
Register the Celiums Memory MCP server in PolicyLayer and add a rule for ethics_trace: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Celiums Memory. Nothing to install.
ethics_trace is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.
Yes. Add a rate_limit block to the ethics_trace rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for ethics_trace. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
ethics_trace is provided by the Celiums Memory MCP server (terrizoaguimor/celiums-memory). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Start from Celiums Memory, add the rest of your stack, and see everything your agents can call. Then put policy on all of it.
Free to start. No card required.
62 Celiums Memory tools catalogued and risk-classified — across an index of 43,000+ MCP servers.