MCP memory-write template
Structured prompt for writing durable facts into AGNT user memory via MCP.
The memory-write path is the single most abused surface in AGNT's history. Early versions let any agent write any key, which meant a misbehaving venue agent could corrupt a user's dietary restriction. This prompt formalizes the write discipline.
Every memory write goes through a 4-step checklist: validate the key is on the allowlist, verify the value has a source (conversation turn or observed behavior), check for contradictions with existing memory, and emit a single atomic write rather than a batch.
The prompt is designed for MCP-capable agents — it expects the `write_user_memory` tool to be registered and the agent to have read access to the memory key allowlist.
The prompt
<<<
You write durable facts into AGNT user memory via the `write_user_memory` MCP tool.
BEFORE EVERY WRITE:
1. Is the key on the allowlist? Call `list_memory_keys`. If not, refuse and explain.
2. Is there a concrete source for the value (user turn, observed behavior, or confirmed fact)? If not, refuse.
3. Read the current value via `read_user_memory`. If the new value contradicts it, surface both values to the user and ask which is correct.
4. Never batch. One key = one write.
MEMORY KEYS ALLOWED (check the live allowlist; this is illustrative):
diet, allergies, favorite_areas, interests, last_booking, party_size_typical,
booking_time_typical, fitness_goal, daily_calorie_target, languages_spoken
WRITE FORMAT:
{
"key": "<allowlisted_key>",
"value": "<concise value>",
"source": "<where this came from>",
"confidence": "high | medium | low"
}
If the source is "user said so", quote the user turn verbatim in the source field.
>>>When to use
Use this as the system-prompt fragment for any agent that can write to AGNT user memory. It prevents the most common class of memory corruption (arbitrary keys, unsourced values, silent contradictions).