Permit MCP Gateway

Secure MCP access for developers and AI agents — without rewriting your tools.

Permit MCP Gateway is a drop-in proxy between MCP clients (Cursor, Claude, VS Code, and other AI tools) and the MCP servers they connect to. It adds authentication, authorization, consent, and audit to every tool call — so your team can adopt MCP with identity-aware controls and full visibility from day one.

No SDK. No agent rewrites. No changes to your MCP servers. Just a URL switch.

For Developers and Platform Teams

Set up in minutes — create a host, import an MCP server, share the gateway URL
Works with existing MCP servers — GitHub, Linear, Slack, Jira, and any server that speaks MCP
Copy-paste client configs — ready-to-use snippets for Cursor, Claude Desktop, VS Code, and Claude Code
Predictable runtime — allowed calls pass through transparently; denied calls return a clear error

For Security, IAM, and Governance Teams

Identity-aware access control — every tool call is tied to a specific human and agent identity
Least privilege by default — tools classified by risk, admins set per-user trust ceilings
Consent-based delegation — humans explicitly authorize agent access within admin-defined boundaries
Complete audit trail — every decision logged with who, what, where, when, and allow/deny result
Deny by default — no user or agent can access any tool until explicitly granted permission

Read the Overview for the full explanation of how the gateway works, the security and trust model, and how it compares to existing tools.

Built on Permit.io

Permit MCP Gateway is powered by Permit.io, which serves as the control plane and default data plane for every gateway instance.

Every gateway host maps 1:1 to a Permit environment — all policies, users, and audit data for that host live in the linked environment
The full power of Permit's policy engine is available: RBAC, ABAC, ReBAC, real-time updates, and policy-as-code
Two dashboards work together: app.permit.io for policy management and audit analysis, app.agent.security for gateway and MCP server management

See Permit.io Integration for the detailed policy model.

Start Here

Read the Overview to understand what the gateway enforces and when to use it
Follow the Getting Started Guide to set up your first gateway and make your first authorized tool call

Go Deeper

Platform Reference — Admin UI for managing hosts, servers, and users
Humans & Agents — Managing users and the AI agents acting on their behalf
Host Setup Guide — Multi-host patterns, onboarding at scale, and rollout guidance
Authentication Methods — SSO, OAuth, and sign-in configuration
Consent Service — The user consent journey in detail
Audit Logs — Reading, filtering, and investigating activity logs
Architecture — Technical architecture, data flows, and sequence diagrams
Permit.io Integration — Policy engine internals and authorization model
Advanced Features — Enterprise capabilities and roadmap

Prerequisites

A Permit.io account (free tier available)
Access to the Permit MCP Gateway admin dashboard where you create hosts, import MCP servers, manage users, and monitor activity

Support

Join our Slack Community for discussions and updates
Access the Permit.io API Reference for the underlying authorization API
Contact support@permit.io for direct assistance

For Developers and Platform Teams​

For Security, IAM, and Governance Teams​

Built on Permit.io​

Start Here​

Go Deeper​

Prerequisites​

Support​

Contents