January 23, 2026 7 min read MemoryGate Team

MemoryGate Now Supports MCP: Trust-Aware Memory for AI Agents

Read-only MCP interface brings trust scoring and memory governance to any agent framework

AI agents need memory. But memory without trust is dangerous.

Today, we're announcing MCP (Model Context Protocol) support for MemoryGate—a read-only interface that lets any MCP-compatible agent query trust scores, scope memories, and make decisions based on the reliability of retrieved information.

This isn't about adding another API endpoint. It's about making MemoryGate's trust layer native to the agent ecosystem.

What is MCP?

MCP (Model Context Protocol) is an open standard that lets AI agents interact with external systems through a standardized interface. Think of it as a universal adapter: agents can call tools, query data, and access resources without vendor lock-in.

MemoryGate's MCP support provides three read-only functions:

  1. trust_verdict(memory_id) — Get the current trust score, confidence band, and decay reason for a specific memory
  2. memory_scope(query, limit, [agent_id]) — Find relevant memories with trust-weighted results (no raw content in privacy mode)
  3. batch_verdict(memory_ids) — Check trust scores for multiple memories in one call

All three functions respect tenant isolation, agent scoping, and privacy mode.

Why This Matters: Trust as a First-Class Primitive

Most RAG systems return memories ranked by relevance (semantic similarity). MemoryGate adds a second dimension: trust.

When an agent retrieves a memory, it needs to know:

  • Is this memory still valid? (Has it been corrected or contradicted?)
  • How confident should I be? (Trust score × relevance = confidence)
  • Should I suppress this? (Low trust = don't use, even if relevant)

Without MCP, agents would need to:

  1. Call MemoryGate's REST API directly
  2. Parse trust scores from query results
  3. Manually implement suppression logic
  4. Handle privacy mode edge cases (content is NULL)

With MCP, agents get trust-aware memory retrieval as a native capability.

Multi-Agent, Multi-Tenant Architecture

MemoryGate's MCP interface is designed for production agent deployments:

Agent Isolation

Agents can be scoped to their own memory namespace:

Tenant (API Key) → Agent ID → Memory ID (UUID)
  • Agent-scoped: Each agent sees only its own memories
  • Shared: Multiple agents can access the same memory pool
  • Default: Isolated per agent when agent_id is provided

This prevents agents from interfering with each other's memory state.

Tenant Isolation

All MCP calls are tenant-scoped by API key:

  • No cross-tenant memory access
  • No data leakage between clients
  • Enforced at the API layer (not just documentation)

Privacy Mode Support

When SVTD_PRIVACY_MODE=true:

  • MCP returns trust scores and confidence bands only
  • No raw content in responses (content is NULL)
  • Agents must store content client-side (standard MCP pattern)
  • Trust scoring works identically—only content storage changes

This makes MemoryGate suitable for enterprise deployments where PII cannot be retained.

How It Works: The Data Flow

┌─────────────┐
│ AI Agent    │
│ (Claude,    │
│  GPT-4, etc)│
└──────┬──────┘
       │
       │ MCP call: trust_verdict(memory_id)
       │
       ▼
┌─────────────┐
│ MCP Layer   │  ← Read-only facade
│ (MemoryGate)│
└──────┬──────┘
       │
       │ HTTP API: /v1/query
       │
       ▼
┌─────────────┐
│ MemoryGate  │
│ API         │
└──────┬──────┘
       │
       ├─→ Trust Storage (SVTD)
       └─→ Vector DB (Chroma/Pinecone/etc)

Key points:

  • MCP is a thin, stateless facade over MemoryGate's existing API
  • No new persistence layer
  • No mutation operations (read-only)
  • Same rate limits and safety rails as the REST API

Use Cases

1. Task Agents

Task agents can check memory trust before using retrieved information:

# Agent retrieves memory about a customer's address
memory_id = "customer_123_address"
verdict = mcp.trust_verdict(memory_id)

if verdict["confidence"] < 0.7:
    # Don't use this memory—it's been corrected or flagged
    agent.ask_user_for_confirmation()
else:
    # High trust—safe to use
    agent.use_memory(memory_id)

2. Workflow Agents

Workflow agents can scope memories by step or task:

# Find memories relevant to "invoice processing" for this agent
results = mcp.memory_scope(
    query="invoice processing",
    agent_id="invoice_agent_v2",
    limit=10
)

# Results include trust scores—low trust memories are suppressed
for memory in results:
    if memory["trust_band"] == "high":
        agent.use_memory(memory["memory_id"])

3. Evaluator Agents

Evaluator agents can batch-check trust scores for quality gates:

# Check trust for all memories used in a response
memory_ids = ["mem_1", "mem_2", "mem_3"]
verdicts = mcp.batch_verdict(memory_ids)

# Reject response if any memory has low trust
if any(v["confidence"] < 0.5 for v in verdicts):
    agent.reject_response("Low trust memories detected")

Sentinel Integration: Beyond User Corrections

MemoryGate's Sentinel correction detector works alongside MCP:

  • User corrections: Sentinel detects natural language corrections (e.g., "That's wrong, it's 1200 psi now")
  • Agent signals: Agents can report structured events (task failures, retries, tool disagreements)
  • Trust decay: Both trigger trust score adjustments, which MCP exposes to agents

This creates a feedback loop: agents use MCP to check trust, and Sentinel updates trust based on corrections and failures.

Beta Safety Rails

MCP calls are subject to the same rate limits and safety rails as MemoryGate's REST API:

  • Per API key: 100 requests/minute, 5000/hour (beta limits)
  • Per memory_id: Max 10 feedback calls/hour (prevents runaway loops)
  • Burst protection: Short bursts allowed, then sustained limits enforced
  • 429 responses: Rate limit exceeded → retry after delay

These limits prevent cost bleed and runaway agent behavior.

What's Next

MCP support is in development and will be available in beta soon. The interface is designed to be:

  • Minimal: 3–4 functions, read-only, stateless
  • Compatible: Works with any MCP-compatible agent framework
  • Privacy-safe: No content retention in privacy mode
  • Production-ready: Multi-tenant, rate-limited, auditable

If you're building agents that need trust-aware memory, MCP support makes MemoryGate a first-class citizen in your stack.

Getting Started

MCP support will be available via:

  • MCP server: Standalone server that wraps MemoryGate's API
  • In-process library: Direct integration for custom agent frameworks
  • Documentation: Full MCP surface definition and examples

Status: In development. Sign up for beta access at memorygate.io to be notified when MCP support launches.

Questions? Check out our API documentation or reach out to the team.