mcp-authz-spicedb-demo

MCP Tool

databased/mcp-authz-spicedb-demo

AI agent tool-call authorization using SpiceDB (Google Zanzibar) via Model Context Protocol (MCP)

Install

$ npx loaditout add databased/mcp-authz-spicedb-demo

Platform-specific configuration:

.claude/settings.json

{
  "mcpServers": {
    "mcp-authz-spicedb-demo": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-authz-spicedb-demo"
      ]
    }
  }
}

Add the config above to .claude/settings.json under the mcpServers key.

About

mcp-authz-spicedb-demo

MCP server that uses AuthZed Cloud (SpiceDB) to authorize every tool call before execution.

Architecture

┌──────────────────┐     ┌──────────────────┐     ┌──────────────────┐
│                  │     │                  │     │                  │
│   MCP Client     │────▶│   MCP Server     │────▶│  AuthZed Cloud   │
│  (Claude, etc.)  │     │  (this demo)     │     │  (SpiceDB)       │
│                  │◀────│                  │◀────│                  │
└──────────────────┘     └──────────────────┘     └──────────────────┘
                               │
                               ▼
                         ┌──────────────┐
                         │  In-Memory   │
                         │  Document &  │
                         │  Refund      │
                         │  Store       │
                         └──────────────┘

Every tool call follows this flow:

MCP client sends tool call (e.g., read_document("q1-report") as user alice)
MCP server extracts: user, action, resource
Server calls AuthZed Cloud: CheckPermission(user:alice, read, document:q1-report)
If ALLOWED → execute tool, return result
If DENIED → return insufficient_scope error

Design Principles

Deny-by-default — no tool executes without an explicit SpiceDB permission grant
ReBAC, not RBAC — team membership flows through the permission graph
Separation of concerns — MCP server handles tool execution; SpiceDB handles authorization

SpiceDB Schema

definition user {}

definition team {
    relation member: user
}

definition document {
    relation owner: user
    relation editor: user | team#member
    relation viewer: user | team#member

    permission read = owner + editor + viewer
    permission write = owner + editor
}

definition refund {
    relation approver: user

    permission approve = approver
}

Tools

| Tool | Description | SpiceDB

Reviews

Loading reviews...

Quality Signals

Quality Score4000

Installs

Last updatedtoday

Security: AREADME

New

mcp-authz-spicedb-demo

Install

About

Tags

Reviews

Quality Signals

Safety

Details

Embed Badge