MCP — memory out
Engram's MCP server turns organizational memory into tools for any MCP-compatible agent — and, with a personal token, the full control plane from any chat. One endpoint, 33 tools, the same permission fence as every other surface.
Connect a client
The server speaks streamable HTTP (stateless JSON-RPC) at /api/mcp, authenticated per connection with a bearer token.
Claude Code
claude mcp add engram --transport http \ https://<your-deployment>/api/mcp \ --header "Authorization: Bearer egm_..."
Claude Desktop
{
"mcpServers": {
"engram": {
"type": "http",
"url": "https://<your-deployment>/api/mcp",
"headers": { "Authorization": "Bearer egm_..." }
}
}
}Cursor
{
"mcpServers": {
"engram": {
"url": "https://<your-deployment>/api/mcp",
"headers": { "Authorization": "Bearer egm_..." }
}
}
}Any other MCP client works the same way: HTTP transport, the /api/mcp URL, and an Authorization header.
Which token to use
- Personal token — bound to you as a workspace member; resolves your live role on every call. This is the token for your own Claude/Cursor: it can do anything you can do in the control plane, including the governance tools. Demote or remove the member and the token loses power on the next call.
- Integration token — folder-scoped, role-clamped to viewer or contributor (never manager — a database constraint enforces it), classification-capped. The right choice for shared or embedded agents. Governance tools return a clean “requires a personal token” error.
Mint either in Settings → Tokens (secrets are shown once, stored hashed, revocable), or bootstrap the first one from the CLI — see Self-hosting.
Tool reference — all 33
Knowledge any token
search_memory | Hybrid search with ranked results and snippets |
get_memory | Full memory: body, frontmatter, context, provenance |
ask_memory | RAG answer with citations, or an explicit refusal |
recommend_for_task | “Starting task X” → relevant prompts, workflows, agents, decisions |
capture_memory | Save a prompt/workflow/lesson back into memory (lands as draft) |
list_tree | Browse the folder tree, scope-trimmed |
Memory stewardship any token — role capabilities apply
get_capture_status | Track a capture through compilation |
list_memories | Browse/filter by kind, status, path, tags |
list_versions | A node's append-only version history |
edit_memory | New draft version — the lifecycle stays intact |
create_folder | Add a folder within your scopes |
rename_memory | Rename a node |
move_memory | Move a node within your fence |
rollback_version | Flip to an older version (manager-gated) |
Connector ops admin
list_connectors | All connectors and their last-run summaries |
get_sync_status | A connector's sync-run history |
trigger_sync | Start a sync run |
pause_connector | Pause syncing |
resume_connector | Resume syncing |
Governance personal token — live member role per call
list_pending_approvals | Drafts awaiting review in folders you manage |
approval_action | Approve / mark reviewed / request changes / deprecate |
create_task | Register a task for routing |
execute_task_with_agent | Run a task with a registered agent |
resolve_task_run | Record a task run's verdict and outcome |
list_role_mappings | On-behalf-of role translations (admin) |
add_role_mapping | Add a role mapping (admin) |
delete_role_mapping | Remove a role mapping (admin) |
list_tokens | API tokens and usage hygiene (admin) |
mint_token | Mint an integration token — never a manager (admin) |
revoke_token | Revoke a token (admin) |
list_gaps | Clustered unanswered queries |
usage_stats | Workspace analytics |
get_activity | Recent governance activity |
The permission story
An MCP agent is just another API caller. Every tool call carries the connection's token context into the same SQL scope filters as search, the tree, and the web app — a prompt-injected agent can ask for /executive/finance, but the query returns nothing. There is no post-filtering and no privileged path.
Parity is structural, not conventional: the tool definitions live in one registry shared verbatim with /v1/chat and the control plane's chat panel, and each governance tool wraps the same functions the web app's own actions call. A permission check cannot drift between surfaces because there is only one implementation.
Mutating tools execute directly
Over /v1/chat and the web chat panel, mutating tools (approve, role mappings, minting tokens…) pause on a confirmation card. Over MCP they execute directly — your MCP client (Claude's own tool-use approval prompt) is the human confirmation surface. Your token can never do more than you can, but review what the agent proposes before letting the call through.
The end-to-end story this enables: a Claude Code session pulls your company's approved deployment workflow, executes it, captures the outcome back as a draft — and an admin approves it without leaving their own chat.