Skip to main content
Integrate your local LLM setup with Oso Cloud APIs via our MCP server. Use our tools to:
  • develop a better understanding of your policy
  • use natural language to ask authorization-related questions
  • debug why an authorization decision does not match what you expect
This guide assumes you have already installed and set up the CLI.

Connect

In your LLM client of choice, add the following to your MCP config file to run it against a local dev server: 
{
  "mcpServers": {
    "oso": {
      "command": "oso-cloud",
      "args": ["experimental", "mcp"],
      "env": {
        "OSO_URL": "http://localhost:8080",
        "OSO_AUTH": "e_0123456789_12345_osotesttoken01xiIn"
      }
    }
  }
}
  • You may optionally omit the OSO_URL environment variable or set it to https://cloud.osohq.com if you want to run it against a live production server.
  • The provided OSO_AUTH token is for the local dev server. You can obtain your live server OSO_AUTH token from the Oso Cloud UI.

Where can I find my MCP config file?

Here are guides for some common clients:

Usage

This server is primarily intended for use with dev servers to aid in development. Please use extra caution when using against a live environment.
Once you have your MCP server up and running, you can ask your LLM any authorization-related questions and watch it use the tools available. Currently, we expose read tools to:
  • Get your policy
  • Get all facts
  • Run an authorize query
  • Query your facts with pattern matching
  • Run policy tests
We also expose the following write tools, restricted for use only with local dev servers:
  • Update your policy
  • Add facts
  • Delete facts
  • Clear all data
Try sending any of the following messages:
  • Draw a mermaid diagram of my authorization policy
  • What permissions does <actor> have on <resource>?
    • e.g. “What permissions does Alice have on Project XYZ?”
  • Why doesn’t <actor> have permission to <action> <resource>?

Feedback

We are actively iterating on developer experience and would appreciate all feedback on the Oso MCP Server and the broader development experience with Oso Cloud. Please do not hesitate to reach out on Slack!