openfga

This MCP server connects OpenFGA with AI agents via the Model Context Protocol, enabling AI-driven planning, code generation, and live management of OpenFGA instances. It supports both offline usage (design models and generate code without a running server) and online usage (connect to a live OpenFGA instance for full management capabilities). The server exposes a set of capabilities including stores, models, and permissions management, along with SDK documentation generation, AI prompts for design and troubleshooting, and convenient URIs for OpenFGA resources. To use it, start the server container and connect an MCP client (such as Claude, Cursor, Windsurf, or Zed) to the provided transport, then issue prompts that leverage the OpenFGA API surface for actions like creating stores, designing models, validating permissions, and generating SDK usage examples.

Prerequisites:

• Docker installed and running on your machine
• Basic familiarity with MCP clients and OpenFGA concepts

Installation steps:

1. Ensure Docker is installed:
   • macOS: https://docs.docker.com/desktop/mac/
   • Windows: https://docs.docker.com/desktop/windows/
   • Linux: install via your distro’s package manager
2. Save the OpenFGA MCP server configuration (offline mode) to a file if desired, for example mcp_config.json: { "mcpServers": { "OpenFGA": { "command": "docker", "args": [ "run", "--rm", "-i", "--pull=always", "evansims/openfga-mcp:latest" ] } } }
3. Run the server using Docker: docker run --rm -i --pull=always evansims/openfga-mcp:latest
4. For online mode (connecting to a live OpenFGA instance), supply the OPENFGA_MCP_API_URL and any needed authentication via environment variables when starting the container, e.g.: docker run --rm -i
   -e OPENFGA_MCP_API_URL=http://host.docker.internal:8080
   -e OPENFGA_MCP_API_WRITEABLE=false
   --pull=always evansims/openfga-mcp:latest
5. Connect an MCP client (Claude Desktop, Claude Code, Cursor, Windsurf, Zed, etc.) to the MCP transport exposed by the server (stdio by default or http if configured) and begin issuing prompts to manage stores, models, permissions, and to generate SDK docs.

Tips and considerations:

• By default, write operations are disabled. Set OPENFGA_MCP_API_WRITEABLE=true in the online mode to enable writes to OpenFGA, but exercise caution.
• Use host.docker.internal or container networking to reference the host OpenFGA instance when running Docker locally.
• OpenFGA MCP supports transport options including stdio and http; configure the transport according to your MCP client and network topology.
• Review docker-compose.example.yml in the repository for complete online/offline examples and environment variable configurations.
• The MCP server provides tooling for stores, models, and permissions, plus SDK documentation coverage across multiple languages. Ensure your OpenFGA instance is accessible and that required API tokens or credentials are provided when needed.