How to Use the Cerbos (Access Control) MCP in CrewAI

Q: How do I set up a CrewAI agent to only use the read-only tools from Cerbos (Access Control)?

When defining your agent in CrewAI, use the toolfilter option in the MCPServerHTTP configuration. You can provide a function that only returns true for tools like getpolicy, listpolicies, and checkresources.

Q: How can my CrewAI agents collaborate on an access issue using Cerbos (Access Control)?

One agent can find an issue using listauditlogs, then put the log entry into the crew's shared context. A second agent can then pick up that context, use the getpolicy tool to get more details, and decide on the next action.

Q: How do I check the health of my Cerbos instance from a CrewAI agent?

It's a simple tool call. Just have an agent execute the gethealth tool. It will return the operational status of the Cerbos service.

Deploy a crew of autonomous agents to manage, monitor, and enforce your Cerbos access control policies with CrewAI.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect Cerbos (Access Control) MCP to CrewAI

Create your Vinkius account to connect Cerbos (Access Control) to CrewAI and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup Cerbos (Access Control) with CrewAI

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Assign a Security Policy Manager Agent

Delegate policy management to a specialized agent in your crew. This agent's role is to use tools like `add_policy`, `update_policy`, and `list_policies`. It can be tasked with keeping policies in sync with an external source of truth, all managed via this MCP server. In a CrewAI setup, this 'Policy Manager' agent can work sequentially. For example, it could `add_schema` first, wait for success, then `add_policy` that depends on it. This ensures your authorization rules are always consistent and applied in the right order.

Run an Autonomous Audit and Compliance Crew

Create a crew dedicated to security oversight. One agent's job is to periodically call `list_audit_logs` and scan for suspicious activity. If it finds something, it passes the details to a second 'Analyst' agent. The Analyst agent can then use `get_policy` to fetch the exact policy involved and `check_resources` to reproduce the scenario. CrewAI's shared memory lets the agents collaborate on the investigation. A third 'Notifier' agent can then alert a human based on the Analyst's findings.

A Dedicated CrewAI Agent for Access Control

Build an 'Access Broker' agent whose only job is to answer permission questions. Other agents in your crew, when they need to perform a sensitive action, will delegate the check to this specialist. It uses `check_resources` and `plan_resources` to provide clear allow/deny answers. This role-based specialization is what makes CrewAI powerful. Your 'Content Writer' agent doesn't need to know anything about Cerbos. It just asks the 'Access Broker' agent, 'Can I edit this document?', and gets a simple yes/no back, all orchestrated through this MCP server.

Setup guide

Set up Cerbos (Access Control) MCP in CrewAI

Prerequisites

Python 3.10+ installed
crewai package (pip install crewai)
Active Vinkius subscription with a valid endpoint token

1

Install CrewAI
Run pip install crewai to install the framework. MCP support is built-in via the mcps parameter.
2

Add the MCP URL to your agent
Pass your Vinkius endpoint directly to the mcps list. Replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com. CrewAI handles tool discovery and caching automatically.
3

Kick off your crew
Create a Crew with your agent and tasks. Call crew.kickoff() — the agent will automatically invoke Cerbos (Access Control) tools as needed.

crew.py

from crewai import Agent, Task, Crew

agent = Agent(
    role="Cerbos (Access Control) Analyst",
    goal="Access and analyze Cerbos (Access Control) data via MCP.",
    backstory="Expert analyst with direct Cerbos (Access Control) access.",
    mcps=[
        "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    ],
)

task = Task(
    description="List recent Cerbos (Access Control) transactions",
    agent=agent,
    expected_output="A summary of recent activity",
)

crew = Crew(agents=[agent], tasks=[task])
result = crew.kickoff()
print(result)

Get your connection token →

Prerequisites

Python 3.10+ installed
crewai + crewai-tools packages
Active Vinkius subscription with a valid endpoint token

1

Install dependencies
Run pip install crewai crewai-tools. The MCPServerAdapter handles lifecycle management and tool conversion.
2

Connect with MCPServerAdapter
Use MCPServerAdapter as a context manager with SseServerParameters pointing to your Vinkius endpoint. The adapter automatically manages connection lifecycle.
3

Assign tools and run
Pass the returned mcp_tools to your agent's tools parameter. The adapter converts MCP tools to native BaseTool objects compatible with all CrewAI agents.

crew.py

from crewai import Agent, Task, Crew
from crewai_tools import MCPServerAdapter
from mcp import SseServerParameters

server_params = SseServerParameters(
    url="https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
)

with MCPServerAdapter(server_params) as mcp_tools:
    agent = Agent(
        role="Cerbos (Access Control) Analyst",
        goal="Access and analyze Cerbos (Access Control) data via MCP.",
        backstory="Expert analyst with direct Cerbos (Access Control) access.",
        tools=mcp_tools,
    )

    task = Task(
        description="List recent Cerbos (Access Control) transactions",
        agent=agent,
        expected_output="A summary of recent activity",
    )

    crew = Crew(agents=[agent], tasks=[task])
    result = crew.kickoff()
    print(result)

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Cerbos. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect Cerbos (Access Control) now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about Cerbos (Access Control) MCP in CrewAI

When defining your agent in CrewAI, use the `tool_filter` option in the `MCPServerHTTP` configuration. You can provide a function that only returns `true` for tools like `get_policy`, `list_policies`, and `check_resources`.

Absolutely. This is a perfect use case for CrewAI. You'd create two agents with different roles and give them access to different tools from this MCP server—one gets `update_policy`, the other gets `list_audit_logs`.

One agent can find an issue using `list_audit_logs`, then put the log entry into the crew's shared context. A second agent can then pick up that context, use the `get_policy` tool to get more details, and decide on the next action.

It's a simple tool call. Just have an agent execute the `get_health` tool. It will return the operational status of the Cerbos service.

Your authorization logic—the policies and schemas you define—is processed by the server. Vinkius ensures this data is handled within a zero-trust, ephemeral sandbox for each request. All communication is encrypted, and access is controlled by your Vinkius API token, so your policies remain confidential.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python

Pydantic AI sdk-python

Vercel AI SDK sdk-typescript