Cerbos
Cerbos is an external policy decision point that an MCP server calls on every agent tool invocation, returning an allow/deny decision and controlling which tools are enabled for the user and context.
Description
Cerbos is an open-source, language-agnostic authorization policy decision point that centralizes access-control decisions outside application code. Used with an MCP server, it acts as a policy enforcement point: the MCP server asks Cerbos for a decision on each AI-agent tool invocation and abides by it. When clients connect, the server calls Cerbos to check which tools are permitted for that user and context, then enables or disables tools accordingly. Policies can incorporate attributes of the action, the user, and the environment.
Solution
An MCP server in front of an agent acts as a policy enforcement point. When a client connects, the server asks Cerbos which tools are permitted for that user and context and enables or disables tools accordingly, starting with no tools by default. On each tool invocation the server asks Cerbos for an allow/deny decision and abides by it, with policies evaluating attributes of the action, the user, and the environment.
Primary use cases
- externalized authorization for MCP servers
- allow/deny decisions on agent tool invocations
- per-user, per-context tool enablement for agents
- attribute-based access control for agent actions
Open the full interactive page →
Diagram, neighbourhood map, code examples, related patterns and full provenance.