Using Engram

MCP — memory out

Engram's MCP server turns organizational memory into tools for any MCP-compatible agent — and, with a personal token, the full control plane from any chat. One endpoint, 33 tools, the same permission fence as every other surface.

Connect a client

The server speaks streamable HTTP (stateless JSON-RPC) at /api/mcp, authenticated per connection with a bearer token.

Claude Code

claude mcp add engram --transport http \
  https://<your-deployment>/api/mcp \
  --header "Authorization: Bearer egm_..."

Claude Desktop

claude_desktop_config.json
{
  "mcpServers": {
    "engram": {
      "type": "http",
      "url": "https://<your-deployment>/api/mcp",
      "headers": { "Authorization": "Bearer egm_..." }
    }
  }
}

Cursor

.cursor/mcp.json
{
  "mcpServers": {
    "engram": {
      "url": "https://<your-deployment>/api/mcp",
      "headers": { "Authorization": "Bearer egm_..." }
    }
  }
}

Any other MCP client works the same way: HTTP transport, the /api/mcp URL, and an Authorization header.

Which token to use

  • Personal token — bound to you as a workspace member; resolves your live role on every call. This is the token for your own Claude/Cursor: it can do anything you can do in the control plane, including the governance tools. Demote or remove the member and the token loses power on the next call.
  • Integration token — folder-scoped, role-clamped to viewer or contributor (never manager — a database constraint enforces it), classification-capped. The right choice for shared or embedded agents. Governance tools return a clean “requires a personal token” error.

Mint either in Settings → Tokens (secrets are shown once, stored hashed, revocable), or bootstrap the first one from the CLI — see Self-hosting.

Tool reference — all 33

Knowledge any token

search_memoryHybrid search with ranked results and snippets
get_memoryFull memory: body, frontmatter, context, provenance
ask_memoryRAG answer with citations, or an explicit refusal
recommend_for_task“Starting task X” → relevant prompts, workflows, agents, decisions
capture_memorySave a prompt/workflow/lesson back into memory (lands as draft)
list_treeBrowse the folder tree, scope-trimmed

Memory stewardship any token — role capabilities apply

get_capture_statusTrack a capture through compilation
list_memoriesBrowse/filter by kind, status, path, tags
list_versionsA node's append-only version history
edit_memoryNew draft version — the lifecycle stays intact
create_folderAdd a folder within your scopes
rename_memoryRename a node
move_memoryMove a node within your fence
rollback_versionFlip to an older version (manager-gated)

Connector ops admin

list_connectorsAll connectors and their last-run summaries
get_sync_statusA connector's sync-run history
trigger_syncStart a sync run
pause_connectorPause syncing
resume_connectorResume syncing

Governance personal token — live member role per call

list_pending_approvalsDrafts awaiting review in folders you manage
approval_actionApprove / mark reviewed / request changes / deprecate
create_taskRegister a task for routing
execute_task_with_agentRun a task with a registered agent
resolve_task_runRecord a task run's verdict and outcome
list_role_mappingsOn-behalf-of role translations (admin)
add_role_mappingAdd a role mapping (admin)
delete_role_mappingRemove a role mapping (admin)
list_tokensAPI tokens and usage hygiene (admin)
mint_tokenMint an integration token — never a manager (admin)
revoke_tokenRevoke a token (admin)
list_gapsClustered unanswered queries
usage_statsWorkspace analytics
get_activityRecent governance activity

The permission story

An MCP agent is just another API caller. Every tool call carries the connection's token context into the same SQL scope filters as search, the tree, and the web app — a prompt-injected agent can ask for /executive/finance, but the query returns nothing. There is no post-filtering and no privileged path.

Parity is structural, not conventional: the tool definitions live in one registry shared verbatim with /v1/chat and the control plane's chat panel, and each governance tool wraps the same functions the web app's own actions call. A permission check cannot drift between surfaces because there is only one implementation.

Mutating tools execute directly

Know this before your agent approves something

Over /v1/chat and the web chat panel, mutating tools (approve, role mappings, minting tokens…) pause on a confirmation card. Over MCP they execute directly — your MCP client (Claude's own tool-use approval prompt) is the human confirmation surface. Your token can never do more than you can, but review what the agent proposes before letting the call through.

The end-to-end story this enables: a Claude Code session pulls your company's approved deployment workflow, executes it, captures the outcome back as a draft — and an admin approves it without leaving their own chat.