OPA MCP

Name: OPA MCP
Author: OrygnsCode

OrygnsCode/opa-mcp-server

Author, lint, validate, and debug OPA Rego policies in your agent with optional hooks to a live OPA server.

Overview

OPA MCP is an MCP server for the Ship phase that lets agents author, validate, debug, and explain OPA Rego policies with optional live OPA runtime tools.

What is this MCP server?

rego_* language tools work without a running OPA instance
opa_* runtime tools connect via OPA_URL (default http://localhost:8181)
Optional OPA_TOKEN bearer auth and configurable OPA_BINARY paths
rego_lint integrates Regal via REGAL_BINARY defaulting to regal on PATH
npm @orygn/opa-mcp v0.1.3 with npx runtimeHint
Version 0.1.3 published as @orygn/opa-mcp on npm
Default OPA_URL http://localhost:8181
Separate rego_* language tools vs opa_* runtime tools per env docs

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Community signal: 2 GitHub stars.

What problem does it solve?

Policy-as-code is easy to get wrong, and agents without OPA-aware tooling ship brittle Rego that fails in production authz paths.

Who is it for?

Backend-focused solo builders using OPA for API or platform authorization who want Rego and Regal in Claude Code.

Skip if: Teams with no OPA footprint or builders who only need coarse RBAC in app code without Rego.

What do I get? / Deliverables

After registration, you get linted Rego, explained rules, and debug cycles against your OPA_URL without leaving the IDE.

Validated and explained Rego policy drafts
Lint output via Regal when REGAL_BINARY is available
Debug sessions against live OPA when URL and token are set

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Canonical shelf is Ship security because policy review and enforcement checks gate safe release, even though Rego is written earlier in Build. Security subphase reflects authorization policy, OPA runtime checks, and Regal linting—not generic frontend work.

How it compares

OPA-focused MCP toolkit, not a hosted policy engine or generic cloud IAM console.

Common Questions / FAQ

Who is io.github.OrygnsCode/opa-mcp for?

Developers using Open Policy Agent who want Rego authoring, validation, and debugging inside MCP clients.

When should I use io.github.OrygnsCode/opa-mcp?

While writing policies in Build and during Ship security reviews before enabling enforcement on staging or production OPA.

How do I add io.github.OrygnsCode/opa-mcp to my agent?

Run @orygn/opa-mcp via npx stdio, set OPA_URL for runtime tools, and add optional OPA_TOKEN, OPA_BINARY, and REGAL_BINARY env vars in MCP config.

OPA MCP

OrygnsCode/opa-mcp-server

Author, lint, validate, and debug OPA Rego policies in your agent with optional hooks to a live OPA server.

Overview

OPA MCP is an MCP server for the Ship phase that lets agents author, validate, debug, and explain OPA Rego policies with optional live OPA runtime tools.