4,500+ servers built on MCP Fusion
Vinkius
Cerbos logo
Vinkius
Mastra AI logo

How to Use the Cerbos MCP in Mastra AI

Build authorization checks and policy enforcement directly into your Mastra AI automated workflows.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

Cerbos MCP on Cursor AI Code Editor MCP Client Cerbos MCP on Claude Desktop App MCP Integration Cerbos MCP on OpenAI Agents SDK MCP Compatible Cerbos MCP on Visual Studio Code MCP Extension Client Cerbos MCP on GitHub Copilot AI Agent MCP Integration Cerbos MCP on Google Gemini AI MCP Integration Cerbos MCP on Lovable AI Development MCP Client Cerbos MCP on Mistral AI Agents MCP Compatible Cerbos MCP on Amazon AWS Bedrock MCP Support
MCP Servers - Free for Subscribers
Mastra AI

Connect Cerbos MCP to Mastra AI

Create your Vinkius account to connect Cerbos to Mastra AI and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers
Setup Cerbos with Mastra AI
ChatGPT ChatGPT Claude Claude Perplexity Perplexity

Gate Your Workflows with Auth Checks

Place a Cerbos check right inside your Mastra AI agent's logic. Before your workflow attempts a sensitive operation like updating a record, it first calls `check_resources` to confirm the acting principal has the required permissions. This turns your authorization policy into an active gatekeeper. If the check fails, Mastra's workflow engine can branch the logic—maybe to a step that notifies an admin or simply terminates the run. You build safer, more predictable automations.

Generate Resource Plans for Next Steps

An agent's job often involves processing a list of items. Instead of guessing which ones are accessible, have the first step in your workflow call `plan_resources`. Cerbos returns a precise query plan to fetch only the resources the principal is allowed to act on. The next step in the workflow receives this targeted list. This is perfect for building agents that perform batch operations, like an agent that adds a comment to every document a specific user is allowed to edit. It defines the scope of work automatically.

Run Batch Evaluations in Your Mastra AI Agent

Some workflows need to confirm a whole set of permissions before proceeding. Your Mastra AI agent can use the `authzen_evaluations` tool to run these checks as a single, atomic step. You can configure it to stop on the first denial or wait for the full report. Combined with Mastra's built-in retry logic, this is incredibly reliable. If a network issue causes the batch check to fail, Mastra can automatically retry the `authzen_evaluations` call before failing the entire workflow. This MCP Server makes your agent's decisions more robust.

Setup guide

Set up Cerbos MCP in Mastra AI

Prerequisites

  • Node.js 18+ and a TypeScript project
  • @mastra/mcp + @mastra/core packages
  • Active Vinkius subscription with a valid endpoint token
  1. 1

    Install dependencies

    Run npm install @mastra/mcp @mastra/core plus your preferred model provider (e.g. @ai-sdk/openai).

  2. 2

    Configure the MCPClient

    Create an MCPClient with your Vinkius endpoint as a URL object. Replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com.

  3. 3

    Discover and inject tools

    Call mcpClient.listTools() and spread the result into your agent's tools object. All Cerbos tools become native Mastra tools.

  4. 4

    Run with any model

    Swap openai("gpt-4o") for any AI SDK-compatible provider. Call agent.generate() and the agent routes tool calls through MCP automatically.

agent.ts 
import { MCPClient } from "@mastra/mcp";
import { Agent } from "@mastra/core/agent";
import { openai } from "@ai-sdk/openai";

const mcpClient = new MCPClient({
  id: "cerbos-mcp-client",
  servers: {
    "cerbos-mcp": {
      url: new URL(
        "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
      ),
    },
  },
});

const agent = new Agent({
  name: "Cerbos Agent",
  model: openai("gpt-4o"),
  instructions: "You have access to Cerbos tools.",
  tools: {
    ...(await mcpClient.listTools()),
  },
});

const result = await agent.generate(
  "List recent Cerbos transactions"
);
console.log(result.text);
Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Cerbos. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect Cerbos now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about Cerbos MCP in Mastra AI

You connect the Cerbos MCP to your `MCPClient`. Then, in your workflow definition, you can call `mcpClient.tools.cerbos.check_resources` as a step. The result of that check can then determine the next step in your agent's logic.
Yes, easily. The result of a Cerbos tool call can be used in a conditional step. If a `check_resources` call returns 'denied', you can direct the Mastra AI workflow to a different branch, for instance, to log the failure or send an alert.
It lets you create powerful, dynamic workflows. A Mastra AI agent can start by calling `plan_resources` to get a list of accessible items, then loop through that list in subsequent steps to perform an action on each one safely.
Yes, your agent can call the `get_authzen_config` tool. This returns the endpoint URLs for the AuthZEN APIs, which can be useful for more advanced integrations or diagnostics within your workflow.
The Cerbos server processes only the specific request data your Mastra AI agent sends for an evaluation. This typically includes a principal ID, resource IDs, and action names. Vinkius ensures this data is processed in an isolated environment and is never logged or persisted.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

Claude Desktop ide
Cursor ide
VS Code Copilot ide
Windsurf ide
Cline ide
Claude Code cli
OpenAI Agents SDK sdk-python
Google ADK sdk-python
Pydantic AI sdk-python
Vercel AI SDK sdk-typescript
Mastra AI sdk-typescript
Mastra AI
CrewAI framework
LangChain framework
LlamaIndex framework
LlamaIndex
AutoGen framework
AutoGen

Start using the Cerbos MCP today

We host it, we monitor it, we maintain it. You just paste one token.

Get started
Built & Managed by Vinkius 30s setup 6 tools

We've already built the connector for Cerbos. Just plug in your AI agents and start using Vinkius.

No hosting. No infrastructure. No complex setup.
All 6 tools are live and waiting. You're up and running in seconds.

Claude Claude
ChatGPT ChatGPT
Cursor Cursor
Gemini Gemini
Windsurf Windsurf
VS Code VS Code
JetBrains JetBrains
Vercel Vercel
+ other MCP clients

Vinkius gives your AI agents access to the full catalog of app connectors, all fully managed, secure, and enterprise-ready. One subscription, every tool you need.

Zero hosting required Full MCP catalog included Enterprise-grade security Auto-updated by Vinkius

Built, hosted, and secured by Vinkius. You just connect and go.