Add policy-based authorization to your FastMCP servers with one-line code addition with the Eunomia authorization middleware. Control which tools, resources and prompts MCP clients can view and execute on your server. Define dynamic JSON-based policies and obtain a comprehensive audit log of all access attempts and violations.

How it Works

Exploiting FastMCP’s Middleware, the Eunomia middleware intercepts all MCP requests to your server and automatically maps MCP methods to authorization checks.

Listing Operations

The middleware behaves as a filter for listing operations (tools/list, resources/list, prompts/list), hiding to the client components that are not authorized by the defined policies.

Execution Operations

The middleware behaves as a firewall for execution operations (tools/call, resources/read, prompts/get), blocking operations that are not authorized by the defined policies.

Add Authorization to Your Server

Eunomia is an AI-specific authorization server that handles policy decisions. The server runs embedded within your MCP server by default for a zero-effort configuration, but can alternatively be run remotely for centralized policy decisions.

Create a Server with Authorization

First, install the eunomia-mcp package: 
pip install eunomia-mcp
Then create a FastMCP server and add the Eunomia middleware in one line:
server.py
from fastmcp import FastMCP
from eunomia_mcp import create_eunomia_middleware

# Create your FastMCP server
mcp = FastMCP("Secure MCP Server 🔒")

@mcp.tool()
def add(a: int, b: int) -> int:
    """Add two numbers"""
    return a + b

# Add middleware to your server
middleware = create_eunomia_middleware(policy_file="mcp_policies.json")
mcp.add_middleware(middleware)

if __name__ == "__main__":
    mcp.run()

Configure Access Policies

Use the eunomia-mcp CLI in your terminal to manage your authorization policies: 
# Create a default policy file
eunomia-mcp init

# Or create a policy file customized for your FastMCP server
eunomia-mcp init --custom-mcp "app.server:mcp"
This creates mcp_policies.json file that you can further edit to your access control needs. 
# Once edited, validate your policy file
eunomia-mcp validate mcp_policies.json

Run the Server

Start your FastMCP server normally: 
python server.py
The middleware will now intercept all MCP requests and check them against your policies. Requests include agent identification through headers like X-Agent-ID, X-User-ID, User-Agent, or Authorization and an automatic mapping of MCP methods to authorization resources and actions.
For detailed policy configuration, custom authentication, and remote deployments, visit the Eunomia MCP Middleware repository.