Bring Authorization
to VS Code Copilot
Learn how to connect Permit.io to VS Code Copilot and start using 18 AI agent tools in minutes. Fully managed, enterprise secure, and ready to use without writing a single line of code.
GDPR Free for SubscribersCompatible with every major AI agent and IDE
Gemini
What is the Permit.io MCP Server?
Connect your Permit.io account to any AI agent to manage your application's authorization layer through natural language. This server allows you to evaluate permissions, manage your authorization schema, and handle user facts without touching code.
What you can do
- Policy Evaluation — Instantly check if a user is permitted to perform specific actions on resources using the
check_permissiontool. - Schema Management — Create resources, define roles, and assign permissions dynamically to build RBAC or ReBAC (Relationship-Based Access Control) structures.
- Fact Management — Provision users and tenants directly into your authorization environment to keep your permission data in sync.
- AuthZen Compatibility — Use standardized AuthZen evaluation tools for interoperable access control checks.
- ReBAC Relations — Define complex relationships between resources to handle hierarchical or ownership-based permissions.
How it works
- Subscribe to this server
- Enter your Permit.io API Key (and optionally your PDP URL)
- Start managing your authorization policies from Claude, Cursor, or any MCP-compatible client
Who is this for?
- Developers — Quickly test authorization logic or provision test users and roles without leaving the IDE.
- Security Engineers — Audit and update access control policies through a conversational interface.
- Product Managers — Define new feature permissions and roles as part of the product requirements workflow.
Built-in capabilities (18)
Assign permissions to a role
Assign a role to a user in a tenant
AuthZen Access Evaluation
AuthZen Action Search
AuthZen Bulk Evaluations
AuthZen Resource Search
AuthZen Subject Search
Bulk assign roles (max 2000)
Bulk create tenants (max 2000)
Bulk create users (max 3000)
Bulk create relationship tuples (max 1000)
Check if a user is permitted to perform an action on a resource
Create a ReBAC relation between resources
Create a ReBAC relationship tuple
Create a new resource in the schema
Create a new role in the schema
Create a new tenant fact
Create a new user fact
Why VS Code Copilot?
GitHub Copilot Agent mode brings Permit.io data directly into your VS Code workflow. With a project-scoped config, the entire team shares access to 18 tools. Copilot queries live data, generates typed code, and writes tests from actual API responses, all without leaving the editor.
- —
VS Code is used by over 70% of developers. adding MCP tools to Copilot means your team can leverage external data without leaving their primary editor
- —
Project-scoped MCP configs (
.vscode/mcp.json) let you commit server configurations to your repository, ensuring the entire team shares the same tool access - —
Copilot's Agent mode integrates MCP tools seamlessly with file editing, terminal commands, and workspace search in a single agentic loop
- —
GitHub's enterprise compliance and audit features extend to MCP tool usage, providing visibility into how AI interacts with external services
Permit.io in VS Code Copilot
Permit.io and 4,000+ other MCP servers. One platform. One governance layer.
Teams that connect Permit.io to VS Code Copilot through Vinkius don't need to source, host, or maintain individual MCP servers. Every tool call runs inside a hardened runtime with credential isolation, DLP, and a signed audit chain.
Raw MCP | Vinkius | |
|---|---|---|
| Server catalog | Find and host yourself | 4,000+ managed |
| Infrastructure | Self-hosted | Sandboxed V8 isolates |
| Credential handling | Plaintext in config | Vault + runtime injection |
| Data loss prevention | None | Configurable DLP policies |
| Kill switch | None | Global instant shutdown |
| Financial circuit breakers | None | Per-server limits + alerts |
| Audit trail | None | Ed25519 signed logs |
| SIEM log streaming | None | Splunk, Datadog, Webhook |
| Honeytokens | None | Canary alerts on leak |
| Custom domains | Not applicable | DNS challenge verified |
| GDPR compliance | Manual effort | Automated purge + export |
Why teams choose Vinkius for Permit.io in VS Code Copilot
The Permit.io MCP Server runs on Vinkius-managed infrastructure inside AWS — a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts. All 18 tools execute in hardened sandboxes optimized for native MCP execution.
Your AI agents in VS Code Copilot only access the data you authorize, with DLP that blocks sensitive information from ever reaching the model, kill switch for instant shutdown, and up to 60% token savings. Enterprise-grade infrastructure, zero maintenance.
* Every MCP server runs on Vinkius-managed infrastructure inside AWS - a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts optimized for native MCP execution. See our infrastructure
How Vinkius secures
Permit.io for VS Code Copilot
Every tool call from VS Code Copilot to the Permit.io MCP Server is protected by DLP redaction, cryptographic audit chains, V8 sandbox isolation, kill switch, and financial circuit breakers.
Frequently asked questions
How do I check if a specific user has permission to access a resource?
Use the check_permission tool. You need to provide the user identifier, the action (e.g., 'read'), and the resource object (including type and tenant). The agent will query your PDP and return the authorization decision.
Can I create new roles and assign permissions to them using this server?
Yes. You can use create_role to define a new role in your schema and then use assign_permissions_to_role to specify exactly what that role is allowed to do within a project and environment.
Does this integration support AuthZen standards?
Yes, it includes several tools like authzen_access_evaluation and authzen_bulk_evaluations to perform authorization checks following the AuthZen specification.
Which VS Code version supports MCP?
MCP support requires VS Code 1.99 or later with the GitHub Copilot extension. Ensure both are updated to the latest version. Older versions of Copilot may not expose the Agent mode toggle.
How do I switch to Agent mode?
Open the Copilot Chat panel and look for two mode options: "Ask" and "Agent". Click "Agent" to enable autonomous tool calling. In Ask mode, Copilot provides conversational answers but cannot invoke MCP tools.
Can I restrict which MCP tools Copilot can access?
Yes. VS Code shows a tool consent dialog before any MCP tool is invoked for the first time. You can also configure tool access policies at the organization level through GitHub Copilot settings.
Does MCP work in VS Code Remote or Codespaces?
Yes. MCP servers configured via .vscode/mcp.json work in Remote SSH, WSL, and GitHub Codespaces environments. The MCP connection is established from the remote host, so ensure the server URL is accessible from that environment.
MCP tools not available
Ensure you are in Agent mode in Copilot Chat. MCP tools only appear in Agent mode.
Explore More MCP Servers
View all →
Eventbrite Alternative
8 toolsManage your Eventbrite events — audit organizations, attendees, and orders via AI.
Kevel
11 toolsManage ad campaigns, inventory, and creatives via the Kevel Management API.
Fortnite Player Stats & News Intelligence
11 toolsThe definitive server for Fortnite player scouting — track wins, K/D ratios, and official game news via AI.
Tomorrow.io Alternative
10 toolsAccess hyperlocal weather intelligence — real-time conditions, forecasts, historical archives, severe alerts and route weather from the Tomorrow.io API.