{"id":30091940,"url":"https://github.com/permitio/permit-fastmcp","last_synced_at":"2025-08-09T07:54:28.151Z","repository":{"id":304585308,"uuid":"1012534151","full_name":"permitio/permit-fastmcp","owner":"permitio","description":"Permit.io authorization middleware for FastMCP servers","archived":false,"fork":false,"pushed_at":"2025-07-29T10:17:05.000Z","size":557,"stargazers_count":10,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-07-30T01:06:26.962Z","etag":null,"topics":["abac","authorization","mcp","mcp-server","rbac","rebac"],"latest_commit_sha":null,"homepage":"https://agent.security","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/permitio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-07-02T13:31:09.000Z","updated_at":"2025-07-24T14:01:54.000Z","dependencies_parsed_at":"2025-07-14T04:55:24.501Z","dependency_job_id":"b3fddfdf-53f0-4e87-b914-ef41851a626d","html_url":"https://github.com/permitio/permit-fastmcp","commit_stats":null,"previous_names":["permitio/permit-fastmcp"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/permitio/permit-fastmcp","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/permitio%2Fpermit-fastmcp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/permitio%2Fpermit-fastmcp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/permitio%2Fpermit-fastmcp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/permitio%2Fpermit-fastmcp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/permitio","download_url":"https://codeload.github.com/permitio/permit-fastmcp/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/permitio%2Fpermit-fastmcp/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":269548490,"owners_count":24436109,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-09T02:00:10.424Z","response_time":111,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["abac","authorization","mcp","mcp-server","rbac","rebac"],"created_at":"2025-08-09T07:54:27.398Z","updated_at":"2025-08-09T07:54:28.128Z","avatar_url":"https://github.com/permitio.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# permit-fastmcp\n\nA FastMCP middleware that adds Permit.io authorization to your MCP servers. This middleware intercepts MCP requests and validates them against Permit.io policies before allowing them to proceed.\n\n## Installation\n\n```bash\n# Using UV (recommended)\nuv add permit-fastmcp\n\n# Using pip\npip install permit-fastmcp\n```\n\n## Quick Start\n\n```python\nfrom fastmcp import FastMCP\nfrom permit_fastmcp.middleware.middleware import PermitMcpMiddleware\n\nmcp = FastMCP(\"My MCP Server\")\n\n# Add Permit.io authorization middleware\nmcp.add_middleware(PermitMcpMiddleware(\n    permit_pdp_url=\"http://localhost:7766\",\n    permit_api_key=\"your-permit-api-key\"\n))\n\n@mcp.tool\ndef my_tool(data: str) -\u003e str:\n    return f\"Processed: {data}\"\n\nif __name__ == \"__main__\":\n    mcp.run(transport=\"http\")\n```\n\n## How Policy Mapping Works\n\n- **MCP server methods** (e.g., `tools/list`, `resources/read`):\n  - **Resource**: `{server_name}_{component}` (e.g., `myserver_tools`)\n  - **Action**: The method verb (e.g., `list`, `read`)\n- **Tool execution** (method `tools/call`):\n  - **Resource**: `{server_name}` (e.g., `myserver`)\n  - **Action**: The tool name (e.g., `greet`)\n\n![Permit.io Policy Mapping Example](./docs/images/policy_mapping.png)\n\n*Example: In Permit.io, the 'Admin' role is granted permissions on resources and actions as mapped by the middleware. For example, 'greet', 'greet-jwt', and 'login' are actions on the 'mcp_server' resource, and 'list' is an action on the 'mcp_server_tools' resource.*\n\n\u003e **Note:**\n\u003e Don’t forget to assign the relevant role (e.g., Admin, User) to the user authenticating to your MCP server (such as the user in the JWT) in the Permit.io Directory. Without the correct role assignment, users will not have access to the resources and actions you’ve configured in your policies.\n\u003e\n\u003e ![Permit.io Directory Role Assignment Example](./docs/images/role_assignement.png)\n\u003e\n\u003e *Example: In Permit.io Directory, both 'client' and 'admin' users are assigned the 'Admin' role, granting them the permissions defined in your policy mapping.*\n\n## ABAC Policies with Tool Arguments\n\nThe middleware supports Attribute-Based Access Control (ABAC) policies that can evaluate tool arguments as attributes. Tool arguments are automatically flattened as individual attributes (e.g., `arg_name`, `arg_number`) for granular policy conditions.\n\n![ABAC Condition Example](./docs/images/abac_condition_example.png)\n\n*Example: Create dynamic resources with conditions like `resource.arg_number greater-than 10` to allow the `conditional-greet` tool only when the number argument exceeds 10.*\n\nFor detailed ABAC configuration and examples, see [ABAC Policies with Tool Arguments](./docs/policy-mapping.md#abac-policies-with-tool-arguments).\n\n## Example: JWT Authentication\n\nSee [`permit_fastmcp/example_server/example.py`](permit_fastmcp/example_server/example.py) for a full example of JWT-based authentication and usage.\n\n## More Documentation\n\n- [Advanced Configuration](./docs/advanced-configuration.md)\n- [Identity Modes \u0026 Environment Variables](./docs/identity-modes.md)\n- [Detailed Policy Mapping](./docs/policy-mapping.md)\n- [Configuration Reference](./docs/configuration-reference.md)\n- [Troubleshooting](./docs/troubleshooting.md)\n- [Getting Started \u0026 FAQ](./docs/getting-started.md)\n\n## License\n\nThis project is licensed under the Apache License 2.0. See the LICENSE file for details.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpermitio%2Fpermit-fastmcp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpermitio%2Fpermit-fastmcp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpermitio%2Fpermit-fastmcp/lists"}