3ngram works as an MCP server for Claude Managed Agents with zero configuration changes on the 3ngram side. Your agents get structured memory types, semantic search, due-date tracking, and proactive follow-through that Anthropic’s built-in Memory Stores don’t offer.
What are Managed Agents?
Claude Managed Agents is a hosted agent runtime from Anthropic. You define an agent config (model, system prompt, tools), then start sessions where Anthropic runs the agent loop and provisions a sandboxed container for tool execution. Agents connect to external services like 3ngram via MCP servers.
Prerequisites
- A 3ngram account with at least one memory saved
- An Anthropic API key with Managed Agents beta access
- The Anthropic SDK installed (
npm install @anthropic-ai/sdk or pip install anthropic)
Step 1: Complete the 3ngram OAuth flow
Before registering credentials with Anthropic, you need OAuth tokens from 3ngram. The easiest way is through any MCP client that supports OAuth:
- Connect to
https://mcp.3ngram.ai/mcp from Claude Desktop, Claude Code, or Cursor (see Connecting Clients)
- Complete the OAuth authorization in your browser
- Note your
access_token, refresh_token, and client_id from the OAuth response
If you already use 3ngram with Claude Code or Claude Desktop, you already have valid OAuth tokens. Check your client’s MCP configuration for the stored credentials.
Step 2: Create a vault and store credentials
Vaults hold MCP credentials that Anthropic auto-refreshes on your behalf. Create one and register your 3ngram OAuth tokens:
import Anthropic from "@anthropic-ai/sdk";
const client = new Anthropic();
// Create a vault (one per workspace, reusable across agents)
const vault = await client.beta.vaults.create({
metadata: { description: "3ngram memory credentials" },
});
// Register the 3ngram OAuth credential
await client.beta.vaults.credentials.create(vault.id, {
display_name: "3ngram Memory",
auth: {
type: "mcp_oauth",
mcp_server_url: "https://mcp.3ngram.ai/mcp",
access_token: "<your-access-token>",
expires_at: "2026-05-01T00:00:00Z",
refresh: {
refresh_token: "<your-refresh-token>",
client_id: "<your-client-id>",
token_endpoint: "https://mcp.3ngram.ai/mcp/oauth/token",
token_endpoint_auth: { type: "none" },
},
},
});
console.log(`Vault ID: ${vault.id}`); // Save this for session creation
Step 3: Create an agent with 3ngram
Agents are persistent, versioned configs. Create one once, then reuse it across sessions:
const agent = await client.beta.agents.create({
name: "Knowledge Worker",
model: "claude-sonnet-4-6",
system: `You are a knowledge worker with persistent memory via 3ngram.
At the start of every session:
1. Use the briefing prompt to load open commitments, blockers, and recent decisions
2. Review what's overdue or stale
During work:
- Use remember() to persist decisions, context, and learnings
- Use search_memories() and search_content() to find relevant history
- Use propose_action() before taking irreversible actions
At the end of every session:
- Use the debrief prompt to extract and persist what was accomplished
- Use resolve() to mark completed commitments`,
mcp_servers: [
{
type: "url",
name: "3ngram",
url: "https://mcp.3ngram.ai/mcp",
},
],
tools: [
{ type: "agent_toolset_20260401", default_config: { enabled: true } },
{
type: "mcp_toolset",
mcp_server_name: "3ngram",
default_config: {
permission_policy: { type: "always_allow" },
},
},
],
});
console.log(`Agent ID: ${agent.id}`); // Save this — reuse across sessions
Don’t create a new agent every run. Store the agent ID and reuse it. To change behavior, update the existing agent with client.beta.agents.update(agentId, { ... }) — each update creates a new version.
Step 4: Start a session
Each session is one run of your agent. Reference the agent, environment, and vault:
const environment = await client.beta.environments.create({
name: "3ngram-env",
config: {
type: "cloud",
networking: { type: "unrestricted" },
},
});
const session = await client.beta.sessions.create({
agent: agent.id,
environment_id: environment.id,
vault_ids: [vault.id],
});
// Stream-first: open stream before sending the kickoff message
const stream = await client.beta.sessions.stream(session.id);
await client.beta.sessions.events.send(session.id, {
events: [
{
type: "user.message",
content: [
{ type: "text", text: "Run my briefing, then help me plan today's work." },
],
},
],
});
for await (const event of stream) {
if (event.type === "agent.message") {
for (const block of event.content) {
if (block.type === "text") process.stdout.write(block.text);
}
}
if (event.type === "session.status_terminated") break;
if (event.type === "session.status_idle" && event.stop_reason?.type !== "requires_action") break;
}
always_ask, which pauses the agent for human approval on every tool call. For autonomous operation, configure always_allow on safe tools.
The table below shows recommended policies based on each tool’s behavior:
Recommended: always_allow
These tools are safe for autonomous use. Read-only tools have no side effects; write tools like remember and resolve are core to the agent’s memory workflow.
| Tool | Read-only | Why allow |
|---|
search_memories | Yes | Semantic search, no side effects |
search_content | Yes | Content search, no side effects |
get_prompt | Yes | Reads prompt template |
get_schedule_history | Yes | Reads schedule history |
get_trigger_history | Yes | Reads trigger history |
docs_export | Yes | Exports Google Doc as text |
remember | No | Core memory persistence |
resolve | No | Marks commitments complete |
unresolve | No | Reopens resolved items |
reclassify_memory | No | Changes memory type |
batch_reclassify | No | Bulk type changes |
set_preference | No | Stores user/project settings |
configure_scope | No | Maps project to scope |
propose_action | No | Externalizes decisions for approval |
Recommended: always_ask
These tools create, update, or delete resources. Require human approval to prevent unintended changes.
| Tool | Destructive | Why ask |
|---|
archive_memories | Yes | Soft-deletes memories |
delete_prompt | Yes | Removes prompt template |
delete_schedule | Yes | Removes scheduled run |
delete_trigger | Yes | Removes trigger |
create_schedule | No | Creates recurring agent runs |
create_trigger | No | Creates event listeners |
create_prompt | No | Creates prompt template |
update_prompt | No | Modifies existing prompt |
update_schedule | No | Modifies schedule config |
update_trigger | No | Modifies trigger config |
docs_create | No | Creates Google Doc (external) |
decide_action | No | Approves/rejects proposed actions |
reindex | No | Triggers content re-indexing |
sync_source | No | Triggers source re-sync |
reapply_scope_mappings | No | Bulk scope updates |
configs on the mcp_toolset:
{
"type": "mcp_toolset",
"mcp_server_name": "3ngram",
"default_config": {
"permission_policy": { "type": "always_allow" }
},
"configs": [
{ "name": "archive_memories", "permission_policy": { "type": "always_ask" } },
{ "name": "delete_prompt", "permission_policy": { "type": "always_ask" } },
{ "name": "delete_schedule", "permission_policy": { "type": "always_ask" } },
{ "name": "delete_trigger", "permission_policy": { "type": "always_ask" } },
{ "name": "create_schedule", "permission_policy": { "type": "always_ask" } },
{ "name": "create_trigger", "permission_policy": { "type": "always_ask" } }
]
}
Multi-agent pattern
Managed Agents support multi-agent sessions where a coordinator delegates to specialists. All agents in a session authenticate as the same user (via the shared vault), so they share the same 3ngram memory namespace.
Pattern: The coordinator reads commitments for overall status and delegates tasks. Specialists use remember to persist findings and search_memories to access shared context. All agents see the same memory pool.
Use project tags and scopes for finer isolation between agents or workstreams within the shared namespace.
See multi-agent-coordinator.json for a complete example config.
System prompt examples
Session startup
At the start of this session, use the 3ngram briefing prompt to load your
current context. Review open commitments, blockers, and overdue items before
beginning any work.
During work
When you learn something worth remembering, use remember() with an appropriate
memory type (decision, context, commitment, blocker, or learning).
Before making irreversible changes, use propose_action() to get user approval.
Use search_memories() to check if relevant context exists before starting
new research.
Session end
Before ending this session, use the 3ngram debrief prompt to extract and
persist decisions, commitments, and learnings from this conversation.
Mark completed work with resolve().
Troubleshooting
Token refresh fails
Anthropic auto-refreshes tokens using the refresh.token_endpoint stored in your vault credential. If refresh fails:
- Verify
token_endpoint is https://mcp.3ngram.ai/mcp/oauth/token
- Ensure the original refresh token hasn’t expired (7-day TTL)
- Re-authorize via any MCP client and update the vault credential
- Confirm the MCP server URL is exactly
https://mcp.3ngram.ai/mcp
- Check that
mcp_toolset in tools references the correct mcp_server_name
- Verify the vault credential’s
mcp_server_url matches the agent’s mcp_servers[].url
MCP resources not accessible
Managed Agents cannot read MCP resources (like engram://commitments) directly. Use the equivalent tools instead:
commitments() for open commitmentsblockers() for active blockersoverdue() for past-due itemsstale_commitments() for items with no recent activity
Rate limits
3ngram’s rate limiter is tuned for interactive use. Long-running agent sessions with many tool calls may hit per-tool cooldowns. If you see rate limit errors, space out tool calls or contact support for higher limits.
Budget limits
Each MCP tool call counts against your 3ngram plan budget. Monitor usage on the dashboard and consider upgrading if agent sessions exhaust your monthly allowance.
What’s next
