Access Control List (ACL)

It is possible to define global-level, service-level and/or tool-level access control, per consumer.

MCPX will extract the x-lunar-consumer-tag header in order to identify the consumer group of the client. See MCPX Consumer Tags for more information about passing headers.

Tool Groups

In order to define tool groups, the top-level toolGroups field is used. It expects an array of objects, each containing a name (string) and services, which is a map of MCP server names (corresponding to those that were defined in config/mcp.json). Per service, you can either refer to all the its tools by passing an asterisk (the literal string "*"), or to specific tools within this service, by listing their names in an array of strings.

Let's examine a possible config/app.yaml for example:

  permissions:
    default:
      block: []
    consumers:
      marketing:
        allow: 
          - reads 
  toolGroups:
    - name: reads 
      services: 
        slack: 
          - "read_messages"
          - "read_comments"
    - name: writes
      services:
        slack:
          - "post_message"
          - "post_reaction"
    - name: admin
      services:
        slack:
          - "create_channel"
          - "delete_channel"       

In this YAML definition, we declare that:

• By default, all consumers can access any tool defined since none are blocked (block: []).
• However, the marketing consumer is only allowed to access the reads tool group and doesn't have access to any other tools.

warning

The MCPX ACL feature is designed for authorization, not authentication. It operates on the assumption that consumers are trusted and will not attempt to impersonate others. Its primary role is to organize permissions into easily managed groups.