Bring Authorization
to Claude Code
Learn how to connect Cerbos (Access Control) to Claude Code and start using 19 AI agent tools in minutes. Fully managed, enterprise secure, and ready to use without writing a single line of code.
GDPR Free for SubscribersCompatible with every major AI agent and IDE
Gemini
What is the Cerbos (Access Control) MCP Server?
Connect your Cerbos instance to any AI agent to streamline authorization management and policy auditing through natural language.
What you can do
- Permission Checks — Use
check_resourcesto evaluate if a principal (user) has the rights to perform specific actions on resources. - Query Planning — Generate AST query plans with
plan_resourcesto filter database results based on complex authorization logic. - Policy Management — List, retrieve, add, or delete policies (RBAC/ABAC) using the Admin API tools like
list_policiesandadd_policy. - Schema & Auditing — Inspect resource schemas and review access logs with
list_auditLogsto ensure compliance. - Health & Metrics — Monitor your PDP (Policy Decision Point) status with
get_healthandget_metricsdirectly from the chat.
How it works
- Subscribe to this server
- Enter your Cerbos PDP URL and Admin credentials (if required for policy management)
- Start auditing and managing your access control logic from Claude, Cursor, or any MCP client
Who is this for?
- Security Engineers — quickly audit existing policies and verify permission logic without manual API calls
- Backend Developers — test authorization scenarios and generate database filter plans during development
- Compliance Officers — retrieve audit logs and policy definitions to ensure organizational security standards
Built-in capabilities (19)
Add a new policy
Add or update a schema
Perform a single AuthZEN access evaluation
Perform batch AuthZEN access evaluations
Check permissions for a set of resources
Delete a policy by ID
Disable a policy
Enable a policy
Get AuthZEN configuration metadata
Get Cerbos health status
Get Prometheus metrics from Cerbos
Get a specific policy by ID
Get a specific schema by ID
Get Cerbos server version and build information
List audit logs
List all policies
List all schemas
Produce a query plan (AST) for filtering resources
Update an existing policy
Why Claude Code?
Claude Code registers Cerbos (Access Control) as an MCP server in a single terminal command. Once connected, Claude Code discovers all 19 tools at runtime and can call them headlessly. ideal for CI/CD pipelines, cron jobs, and automated workflows where Cerbos (Access Control) data drives decisions without human intervention.
- —
Single-command setup:
claude mcp addregisters the server instantly. no config files to edit or applications to restart - —
Terminal-native workflow means MCP tools integrate seamlessly into shell scripts, CI/CD pipelines, and automated DevOps tasks
- —
Claude Code runs headlessly, enabling unattended batch processing using Cerbos (Access Control) tools in cron jobs or deployment scripts
- —
Built by the same team that created the MCP protocol, ensuring first-class compatibility and the fastest adoption of new protocol features
Cerbos (Access Control) in Claude Code
Cerbos (Access Control) and 4,000+ other MCP servers. One platform. One governance layer.
Teams that connect Cerbos (Access Control) to Claude Code through Vinkius don't need to source, host, or maintain individual MCP servers. Every tool call runs inside a hardened runtime with credential isolation, DLP, and a signed audit chain.
Raw MCP | Vinkius | |
|---|---|---|
| Server catalog | Find and host yourself | 4,000+ managed |
| Infrastructure | Self-hosted | Sandboxed V8 isolates |
| Credential handling | Plaintext in config | Vault + runtime injection |
| Data loss prevention | None | Configurable DLP policies |
| Kill switch | None | Global instant shutdown |
| Financial circuit breakers | None | Per-server limits + alerts |
| Audit trail | None | Ed25519 signed logs |
| SIEM log streaming | None | Splunk, Datadog, Webhook |
| Honeytokens | None | Canary alerts on leak |
| Custom domains | Not applicable | DNS challenge verified |
| GDPR compliance | Manual effort | Automated purge + export |
Why teams choose Vinkius for Cerbos (Access Control) in Claude Code
The Cerbos (Access Control) MCP Server runs on Vinkius-managed infrastructure inside AWS — a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts. All 19 tools execute in hardened sandboxes optimized for native MCP execution.
Your AI agents in Claude Code only access the data you authorize, with DLP that blocks sensitive information from ever reaching the model, kill switch for instant shutdown, and up to 60% token savings. Enterprise-grade infrastructure, zero maintenance.
* Every MCP server runs on Vinkius-managed infrastructure inside AWS - a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts optimized for native MCP execution. See our infrastructure
How Vinkius secures
Cerbos (Access Control) for Claude Code
Every tool call from Claude Code to the Cerbos (Access Control) MCP Server is protected by DLP redaction, cryptographic audit chains, V8 sandbox isolation, kill switch, and financial circuit breakers.
Frequently asked questions
Can I test if a specific user has access to a resource without writing code?
Yes. You can ask the agent to use the check_resources tool by providing the principal (user) details and the resource you want to check. The agent will return the allowed or denied status based on your Cerbos policies.
How do I view all the authorization policies currently loaded in my Cerbos server?
Simply ask the agent to 'list all policies'. It will invoke the list_policies tool (requires Admin credentials) and display the IDs of all active policies in your environment.
Can the AI help me generate filters for my database based on permissions?
Yes, by using the plan_resources tool. The agent will generate a query plan (AST) that describes the conditions under which a user is allowed to access resources, which you can then apply to your database queries.
How do I add an MCP server to Claude Code?
Run claude mcp add <name> --transport http "<url>" in your terminal. Claude Code registers the server and discovers all tools immediately.
Can Claude Code run MCP tools in headless mode?
Yes. Claude Code supports non-interactive execution, making it ideal for scripts, cron jobs, and CI/CD pipelines that need MCP tool access.
How do I list all connected MCP servers?
Run claude mcp in your terminal to see all registered servers and their status, or type /mcp inside an active Claude Code session.
Command not found: claude
Ensure Claude Code is installed globally: npm install -g @anthropic-ai/claude-code
Connection timeout
Check your internet connection and verify the Edge URL is reachable
Explore More MCP Servers
View all →
TheMealDB
5 toolsSearch international recipes by name, category, cuisine, or ingredient — with full cooking instructions, measurements, and video tutorials.
Chatwoot
8 toolsManage customer engagement via Chatwoot — track conversations, reply to messages, and manage contacts directly from any AI agent.
Resend
10 toolsAutomate transactional and broadcast email delivery via Resend — send messages, manage domains, audiences, and contacts directly from any AI agent.
QuickNode
18 toolsManage blockchain infrastructure via QuickNode — create data streams, configure webhooks, and interact with RPC nodes directly from your AI agent.