Enable FastMCP to filter tools, prompts, resources using a fine grained policy

[davemssavage]

Description

The authorization protocol allows MCP to implement course grained authorization checks e.g. a principal can/cannot access the server.

For advanced use cases though it is useful to be able to limit access on a per tool/resource/prompt basis.

There are a range of authorization tools that can be used however rather than being specific I suggest it is better to provide a plugin API that allows providers to pick their underlying authorization approach.

I have a patch that shows this idea, I'll open a draft pull request to illustrate the idea and allow for further testing & refinement.

References

No response

[vndee]

same here, we need this feature!

[jtemporal]

Just wanted to add a +1 in the need of this feature.

Some more context in case it helps: Adding this would bring parity with the TS SDK that already is possible to use fine grained policies. At Auth0 we implemented a sample app in TS that has this capability and can be found here and we were looking to do the same in Python which is not possible in the tests we've done so far.

[Ram9199]

@davemssavage this fine-grained policy idea is very close to the layer I am working on.

I am building Agent_Sudo as a policy/audit gateway for MCP tool execution. The policy decision takes actor, tool, prompt/resource, arguments, target resource/path, TTL, and max-use constraints, then returns allow, deny, approval-needed, or delegated-allow. Each decision is logged.

For FastMCP, would you expect this policy layer to live inside the server framework itself, or would a middleware/gateway around an MCP server be acceptable?