Skip to main content
Glama
stevepridemore

Graph-Memory

by stevepridemore
OverviewSchemaRelated ServersScoreDiscussions
TypeScript
Hybrid

Graph Cypher

graph_cypher
Read-only

Execute read-only Cypher queries on the memory graph to retrieve custom data not available through standard tools. Restricted to bootstrap tenant for security.

Instructions

Execute a read-only Cypher query against the memory graph. You generate the Cypher — this tool just runs it. Enforced read-only via Neo4j executeRead(). Use for custom queries not covered by other tools. Admin-only (must be the bootstrap tenant) — non-admin tenants would otherwise be able to bypass tenant filtering by writing raw Cypher.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
cypherYesCypher query to execute (read-only)
paramsNoQuery parameters

Implementation Reference

  • src/mcp-server/index.ts:531-556 (handler)
    The MCP tool handler for graph_cypher. Registers the tool, validates admin-only access via isAdminTenant(), then delegates to client.executeCypher() for read-only Cypher execution.
    server.registerTool("graph_cypher", {
  title: "Graph Cypher",
  description:
    "Execute a read-only Cypher query against the memory graph. You generate the Cypher — this tool just runs it. Enforced read-only via Neo4j executeRead(). Use for custom queries not covered by other tools. Admin-only (must be the bootstrap tenant) — non-admin tenants would otherwise be able to bypass tenant filtering by writing raw Cypher.",
  inputSchema: {
    cypher: z.string().describe("Cypher query to execute (read-only)"),
    params: z.record(z.string(), z.unknown()).optional().describe("Query parameters"),
  },
  annotations: { readOnlyHint: true },
}, async (args) => {
  const tenantId = currentTenant();
  if (!isAdminTenant(tenantId)) {
    return toolError(
      `graph_cypher is admin-only (your tenant: ${tenantId}). Use graph_query, graph_entities, or graph_search instead — those are tenant-scoped.`,
    );
  }
  try {
    const result = await client.executeCypher(args.cypher, args.params ?? {});
    return toolResult({
      cypher: args.cypher,
      ...result,
    });
  } catch (err) {
    return toolError(`graph_cypher failed: ${err instanceof Error ? err.message : String(err)}`);
  }
});
  • src/mcp-server/index.ts:531-556 (registration)
    Tool registration via server.registerTool with name 'graph_cypher', title 'Graph Cypher', read-only annotation, and Zod input schema (cypher string + optional params record).
    server.registerTool("graph_cypher", {
  title: "Graph Cypher",
  description:
    "Execute a read-only Cypher query against the memory graph. You generate the Cypher — this tool just runs it. Enforced read-only via Neo4j executeRead(). Use for custom queries not covered by other tools. Admin-only (must be the bootstrap tenant) — non-admin tenants would otherwise be able to bypass tenant filtering by writing raw Cypher.",
  inputSchema: {
    cypher: z.string().describe("Cypher query to execute (read-only)"),
    params: z.record(z.string(), z.unknown()).optional().describe("Query parameters"),
  },
  annotations: { readOnlyHint: true },
}, async (args) => {
  const tenantId = currentTenant();
  if (!isAdminTenant(tenantId)) {
    return toolError(
      `graph_cypher is admin-only (your tenant: ${tenantId}). Use graph_query, graph_entities, or graph_search instead — those are tenant-scoped.`,
    );
  }
  try {
    const result = await client.executeCypher(args.cypher, args.params ?? {});
    return toolResult({
      cypher: args.cypher,
      ...result,
    });
  } catch (err) {
    return toolError(`graph_cypher failed: ${err instanceof Error ? err.message : String(err)}`);
  }
});
  • src/mcp-server/index.ts:535-537 (schema)
    Input schema for graph_cypher: requires a Cypher query string, optionally accepts a params record of key-value pairs for parameterized queries.
    inputSchema: {
  cypher: z.string().describe("Cypher query to execute (read-only)"),
  params: z.record(z.string(), z.unknown()).optional().describe("Query parameters"),
  • src/shared/neo4j-client.ts:1127-1135 (helper)
    Neo4jClient.executeCypher() method that runs the Cypher query via runReadOnly (READ mode, enforced read-only), returns results with count and execution time.
    async executeCypher(
  cypher: string,
  params: Record<string, unknown> = {},
): Promise<{ results: Record<string, unknown>[]; result_count: number; execution_time_ms: number }> {
  const start = Date.now();
  const rows = await this.runReadOnly(cypher, params);
  const elapsed = Date.now() - start;
  return { results: rows, result_count: rows.length, execution_time_ms: elapsed };
}
  • src/shared/auth.ts:219-223 (helper)
    Admin tenant check used as a guard by graph_cypher. Only the BOOTSTRAP_TENANT_ID tenant may execute raw Cypher queries.
    export function isAdminTenant(tenantId: string): boolean {
  const bootstrap = process.env.BOOTSTRAP_TENANT_ID;
  if (!bootstrap) return false;
  return tenantId === bootstrap;
}

Tool Definition Quality

A4.7/5.0
Behavior5/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Annotations already declare readOnlyHint=true, and description adds verification that enforcement is via Neo4j executeRead(). Also discloses the admin-only requirement, which is crucial behavioral context.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Four sentences, each earning its place: purpose, operation detail, usage scope, and security restriction. No redundancy.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Completes the picture for a custom query tool: explains read-only enforcement, admin-only restriction, and the rationale. No output schema needed since return values are standard for query results.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Input schema has 100% coverage (both parameters described). The description does not add new semantic details beyond the schema, so baseline 3 is appropriate.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

Clearly states it executes read-only Cypher queries on the memory graph. Distinguishes from sibling tools as 'for custom queries not covered by other tools.'

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Explicitly says when to use ('for custom queries not covered by other tools') and sets an exclusion: 'Admin-only (must be the bootstrap tenant).' Also states the reason for the admin restriction.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/stevepridemore/graph-memory'

If you have feedback or need assistance with the MCP directory API, please join our Discord server