Enable OPA Policies¶

Create a minimal local fetch policy:

cat > fetch.rego <<'EOF'
package mcp.fetch

default allow = false

allow if {
  input.method == "GET"
}
EOF

Point --policies-json at a JSON config file:

POLICY_PATH="$(pwd)/fetch.rego"
cat > policies.json <<EOF
{
  "fetch": {
    "policies": [
      {
        "url": "file://${POLICY_PATH}",
        "rule": "data.mcp.fetch.allow"
      }
    ]
  }
}
EOF

Start the server with that policy configuration:

mcp-v8 \
  --stateless \
  --http-port 3000 \
  --policies-json ./policies.json

--policies-json enables the policy chain used for fetch, module import auditing, and filesystem access depending on the configuration you provide. For local fetch policies, the default rule path is data.mcp.fetch.allow; this example sets it explicitly.

See Network Access, Module Loading, and Filesystem Access for capability-specific behavior.

For the underlying evaluation model, see Policy System and Policy Files.

Keys	Action
`?`	Open this help
`n`	Next page
`p`	Previous page
`s`	Search