[Security Feature]: RBAC Plugin using Cedar

[monshri]

📝 CedarPolicyPlugin

The Cedar RBAC Plugin for MCP Gateway provides RBAC-based policy enforcement for MCP servers, allowing permissions to be defined using either Cedar’s native language or a user-friendly custom DSL. The plugin uses the cedarpy library to locally evaluate policies, handling access decisions for tools, prompts, and resources with flexible configuration and output redaction support.

• Enforces role-based access control (RBAC) where permissions are attached to roles and users inherit permissions by role assignment.
• Supports two policy syntax options: Cedar language (structured, expressive) and custom DSL (compact, human-readable) selectable via policy_lang.
• Defines policies that specify permitted actions, resources, principals, and output visibility (full/redacted) for each role.
• Output redaction is controlled with regex patterns and keywords mapped in config, allowing sensitive data to be protected at policy level.
• Includes hooks for enforcing constraints at different points: tool, prompt, resource invocation (pre/post-fetch, pre/post-invoke).

Configuration
Policies and plugin config are defined in resources/config.yaml or examples/config-dsl.yaml depending on syntax.

Key configuration fields:

• policy_lang: Select Cedar or custom DSL grammar
• policy_output_keywords: Define output modes (e.g., view_full_output, view_redacted_output)
• policy_redaction_spec: Regex for redacting sensitive output
• policy: List of RBAC policies for tools, prompts, and resources

Installation & Usage

1. Clone plugin sources under plugins/external/cedar, copy .env.example to .env
2. Configure policies in config.yaml as per chosen language
3. Build and run with make venv, make install, make build, make start to deploy as an MCP external server container
4. Integrate by registering plugin in MCP plugins/config.yaml with URL and priority settings
5. Run make test to execute test cases covering enforcement for tools, prompts, resources in cedar/tests/test_cedarpolicyplugin.py

Differences from OPA Plugin

• CedarPolicyPlugin executes policy checks using cedarpy locally (no separate policy server needed), whereas OPAPlugin requires an external OPA service.
• Cedar policies can be written in easy custom DSL or Cedar’s native syntax, whereas OPA uses Rego, which may be less user-friendly for non-experts.
• Currently enforces RBAC policies, with extension to ABAC possible in future releases.