Eunomia MCP Middleware

Add policy-based authorization to your Model Context Protocol (MCP) servers built with FastMCP with one line of code.

Note

Eunomia is the official authorization middleware of FastMCP!

What is Eunomia MCP Middleware?

With the Eunomia MCP Middleware, you can control which tools, resources and prompts MCP clients can view and execute on your server. Define dynamic JSON-based policies and obtain a comprehensive audit log of all access attempts and violations.

Key Features

• 🔒 Policy-Based Authorization: Control which agents can access which MCP tools, resources, and prompts
• 📊 Audit Logging: Track all authorization decisions and violations
• ⚡ FastMCP Integration: One-line middleware integration with FastMCP servers
• 🔧 Flexible Configuration: JSON-based policies for complex dynamic rules with CLI tooling
• 🎯 MCP-Aware: Built-in understanding of MCP protocol (tools, resources, prompts)

How It Works

The Eunomia middleware intercepts all MCP requests to your server and automatically maps MCP methods to authorization checks.

Listing Operations

The middleware behaves as a filter for listing operations (tools/list, resources/list, prompts/list), hiding to the client components that are not authorized by the defined policies.

sequenceDiagram
    participant MCPClient as MCP Client
    participant EunomiaMiddleware as Eunomia Middleware
    participant MCPServer as FastMCP Server
    participant EunomiaServer as Eunomia Server

    MCPClient->>EunomiaMiddleware: MCP Listing Request (e.g., tools/list)
    EunomiaMiddleware->>MCPServer: MCP Listing Request
    MCPServer-->>EunomiaMiddleware: MCP Listing Response
    EunomiaMiddleware->>EunomiaServer: Authorization Checks
    EunomiaServer->>EunomiaMiddleware: Authorization Decisions
    EunomiaMiddleware-->>MCPClient: Filtered MCP Listing Response

Execution Operations

The middleware behaves as a firewall for execution operations (tools/call, resources/read, prompts/get), blocking operations that are not authorized by the defined policies.

sequenceDiagram
    participant MCPClient as MCP Client
    participant EunomiaMiddleware as Eunomia Middleware
    participant MCPServer as FastMCP Server
    participant EunomiaServer as Eunomia Server

    MCPClient->>EunomiaMiddleware: MCP Execution Request (e.g., tools/call)
    EunomiaMiddleware->>EunomiaServer: Authorization Check
    EunomiaServer->>EunomiaMiddleware: Authorization Decision
    EunomiaMiddleware-->>MCPClient: MCP Unauthorized Error (if denied)
    EunomiaMiddleware->>MCPServer: MCP Execution Request (if allowed)
    MCPServer-->>EunomiaMiddleware: MCP Execution Response (if allowed)
    EunomiaMiddleware-->>MCPClient: MCP Execution Response (if allowed)

Installation

pip install eunomia-mcp

Info

The middleware requires a running Eunomia server to make authorization decisions.

User Workflows

Choose your path based on what you want to accomplish:

• 🚀 Quickstart Guide: Add authorization to your MCP server in under 5 minutes
• 🔧 Policy Configuration: Create and manage authorization policies using our CLI tools
• 👥 Agent Authentication: Customize agent identification
• 🏗️ Advanced Setup: Production deployment, logging and monitoring, troubleshooting