How to Use the Cerbos (Access Control) MCP in Claude Code

Automate your Cerbos access control from the terminal using Claude Code to validate policies in your CI/CD pipelines.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect Cerbos (Access Control) MCP to Claude Code

Create your Vinkius account to connect Cerbos (Access Control) to Claude Code and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup Cerbos (Access Control) with Claude Code

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Script your authorization logic

Managing permissions across multiple environments is a massive pain. You can script the entire process by having your agent run `add_policy` during your deployment phase. It pulls your YAML files from the repository and applies them to the target server via the MCP protocol. Rollbacks are just as fast. If a bad rule breaks production, the agent quickly finds the culprit with `get_policy` and reverts the change using `update_policy`. You fix the issue without ever leaving your SSH session.

Run automated permission tests

Stop merging code that breaks access rules. Hook this tool into your GitHub Actions and let the agent run `check_resources` against your staging branch. It validates every single role before the PR gets approved. Bulk testing handles the heavy lifting for massive deployments. The agent fires `authzen_evaluations` to check hundreds of edge cases in seconds. If a test fails, the terminal output tells you exactly where the logic broke down.

Monitor health via Cerbos MCP Server

Keeping tabs on your authorization layer shouldn't require a separate dashboard. Your terminal agent uses `get_metrics` to pull Prometheus data directly into your current session. You spot latency spikes before they affect users. Debugging failed requests takes seconds instead of hours. The agent runs `list_audit_logs` to fetch the exact trace for a denied action. It parses the JSON output and highlights the broken condition immediately.

Setup guide

Set up Cerbos (Access Control) MCP in Claude Code

Prerequisites

Claude Code CLI installed (npm install -g @anthropic-ai/claude-code)
Active Vinkius subscription with a valid endpoint token

1

Run the add command

Open your terminal and run the command shown on the right. Replace [YOUR_TOKEN_HERE] with your endpoint token from cloud.vinkius.com. Use --scope user to make it available across all projects.
2

Verify the connection

Start a Claude Code session and type /mcp to list connected servers. You should see cerbos-access-control-mcp with a green status indicator.
3

Start using tools

Ask Claude Code something like "Check my latest Cerbos (Access Control) transactions." It will automatically discover and invoke the available Cerbos (Access Control) tools.

Terminal

claude mcp add --transport http cerbos-access-control-mcp https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp

Get your connection token →

Prerequisites

Claude Code CLI installed
Active Vinkius subscription with a valid endpoint token

1

Open the config file

Create or edit .mcp.json in your project root for project-level scope, or ~/.claude.json for user-level scope.
2

Add the Cerbos (Access Control) MCP

Paste the JSON snippet shown on the right into the mcpServers object. Replace [YOUR_TOKEN_HERE] with your endpoint token from cloud.vinkius.com.
3

Restart Claude Code

Start a new Claude Code session. Type /mcp to confirm the server is connected. The tools will be automatically available in your conversation.

.mcp.json

{
  "mcpServers": {
    "cerbos-access-control-mcp": {
      "type": "url",
      "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    }
  }
}

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Cerbos. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect Cerbos (Access Control) now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about Cerbos (Access Control) MCP in Claude Code

Run the standard mcp add command in your terminal with the HTTP transport flag. Pass your Vinkius URL at the end of the string. The configuration saves automatically to your local JSON file.

Yes. The headless environment makes it perfect for automated deployment scripts. Your pipeline can validate and push new policies on every commit.

It pulls live status checks whenever you ask. The agent reads the response and alerts you if the service degrades.

The agent fetches Prometheus data directly from the endpoint. It formats the raw numbers into readable tables right in your shell.

Your policy files and schema definitions route through an ephemeral V8 isolate. Vinkius destroys the execution environment the moment the command finishes. Your terminal connects directly to the server with zero persistent storage during the MCP execution.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python

Pydantic AI sdk-python

Vercel AI SDK sdk-typescript