PHPackages                             evansims/openfga-mcp - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. evansims/openfga-mcp

AbandonedArchivedLibrary[Authentication &amp; Authorization](/categories/authentication)

evansims/openfga-mcp
====================

Query and administer OpenFGA and Auth0 FGA using AI agents.

v2.0.0(9mo ago)1005[1 issues](https://github.com/evansims/openfga-mcp/issues)[5 PRs](https://github.com/evansims/openfga-mcp/pulls)Apache-2.0PHPPHP ^8.3CI passing

Since Jul 13Pushed 6mo ago1 watchersCompare

[ Source](https://github.com/evansims/openfga-mcp)[ Packagist](https://packagist.org/packages/evansims/openfga-mcp)[ Docs](https://github.com/evansims/openfga-mcp)[ RSS](/packages/evansims-openfga-mcp/feed)WikiDiscussions main Synced 1mo ago

READMEChangelog (2)Dependencies (13)Versions (20)Used By (0)

[![](.github/openfga.png)](https://openfga.dev)

OpenFGA MCP Server
==================

[](#openfga-mcp-server)

 [![codecov](https://camo.githubusercontent.com/11645e76b0edf8ba696ee4a7f99d0aa4d020754f351d08bf9e4b8ec344d5b729/68747470733a2f2f636f6465636f762e696f2f67682f6576616e73696d732f6f70656e6667612d6d63702f67726170682f62616467652e7376673f746f6b656e3d4447364b574631454736)](https://codecov.io/gh/evansims/openfga-mcp) [![Psalm Type Coverage](https://camo.githubusercontent.com/ddef6ae1566d3e2fc185e4a832d07e60a8baf3a176320a1410cb2bf6b564fff9/68747470733a2f2f73686570686572642e6465762f6769746875622f6576616e73696d732f6f70656e6667612d6d63702f636f7665726167652e737667)](https://shepherd.dev/github/evansims/openfga-mcp) [![](https://camo.githubusercontent.com/fff5f9e67ba7cdc0c2296ea31455f4727000ba353193b5b6267176511969068e/68747470733a2f2f7777772e626573747072616374696365732e6465762f70726f6a656374732f31303930312f6261646765)](https://www.bestpractices.dev/projects/10901)

AI-powered authorization management for OpenFGA

Connect [OpenFGA](https://openfga.dev/) and [Auth0 FGA](https://auth0.com/fine-grained-authorization) to AI agents via the Model Context Protocol.

Use Cases
---------

[](#use-cases)

- **Plan &amp; Design** - Design efficient authorization model using best practice patterns
- **Generate Code** - Generate accurate SDK integrations with comprehensive documentation context
- **Manage Instances** - Query and control live OpenFGA servers through AI agents

Quick Start
-----------

[](#quick-start)

### Offline Mode (Default)

[](#offline-mode-default)

Design models and generate code without a server:

```
{
  "mcpServers": {
    "OpenFGA": {
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "--pull=always",
        "evansims/openfga-mcp:latest"
      ]
    }
  }
}
```

### Online Mode

[](#online-mode)

Connect to OpenFGA for full management capabilities:

```
{
  "mcpServers": {
    "OpenFGA": {
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "--pull=always",
        "-e",
        "OPENFGA_MCP_API_URL=http://host.docker.internal:8080",
        "evansims/openfga-mcp:latest"
      ]
    }
  }
}
```

> **Safety:** Write operations are disabled by default. Set `OPENFGA_MCP_API_WRITEABLE=true` to enable.

> **Docker Networking:** For your `OPENFGA_MCP_API_URL` use `host.docker.internal` when running OpenFGA on your local machine, container names for Docker networks, or full URLs for remote instances.

Works with [Claude Desktop](https://claude.ai/download), [Claude Code](https://www.anthropic.com/claude-code), [Cursor](https://cursor.sh), [Windsurf](https://windsurf.com), [Zed](https://zed.dev), and other MCP clients.

Configuration
-------------

[](#configuration)

### MCP Transport

[](#mcp-transport)

VariableDefaultDescription`OPENFGA_MCP_TRANSPORT``stdio`Supports `stdio` or `http` (Streamable HTTP.)`OPENFGA_MCP_TRANSPORT_HOST``127.0.0.1`IP to listen for connections on. Only applicable when using `http` transport.`OPENFGA_MCP_TRANSPORT_PORT``9090`Port to listen for connections on. Only applicable when using `http` transport.`OPENFGA_MCP_TRANSPORT_SSE``true`Enables Server-Sent Events (SSE) streams for responses.`OPENFGA_MCP_TRANSPORT_STATELESS``false`Enables stateless mode for session-less clients.### OpenFGA

[](#openfga)

VariableDefaultDescription`OPENFGA_MCP_API_URL`OpenFGA server URL`OPENFGA_MCP_API_WRITEABLE``false`Enables write operations`OPENFGA_MCP_API_STORE`Default requests to a specific store ID`OPENFGA_MCP_API_MODEL`Default requests to a specific model ID`OPENFGA_MCP_API_RESTRICT``false`Restrict requests to configured default store/model### OpenFGA Authentication

[](#openfga-authentication)

AuthenticationVariableDefaultDescriptionPre-Shared Keys`OPENFGA_MCP_API_TOKEN`API TokenClient Credentials`OPENFGA_MCP_API_CLIENT_ID`Client ID`OPENFGA_MCP_API_CLIENT_SECRET`Client Secret`OPENFGA_MCP_API_ISSUER`Token Issuer`OPENFGA_MCP_API_AUDIENCE`API AudienceSee [`docker-compose.example.yml`](docker-compose.example.yml) for complete examples.

Features
--------

[](#features)

### Management Tools

[](#management-tools)

- **Stores**: Create, list, get, delete stores
- **Models**: Create models with [DSL](https://openfga.dev/docs/configuration-language), list, get, verify
- **Permissions**: Check, grant, revoke permissions; query users and objects

### SDK Documentation

[](#sdk-documentation)

Comprehensive documentation for accurate code generation:

- All OpenFGA SDKs (PHP, Go, Python, Java, .NET, JavaScript, Laravel)
- Class and method documentation with code examples
- Advanced search with language filtering

### AI Prompts

[](#ai-prompts)

**Design &amp; Planning**

- Domain-specific model design
- RBAC to ReBAC migration
- Hierarchical relationships
- Performance optimization

**Implementation**

- Step-by-step model creation
- Relationship patterns
- Test generation
- Security patterns

**Troubleshooting**

- Permission debugging
- Security audits
- Least privilege implementation

### Resources &amp; URIs

[](#resources--uris)

- `openfga://stores` - List stores
- `openfga://store/{id}/model/{modelId}` - Model details
- `openfga://docs/{sdk}/class/{className}` - SDK documentation
- `openfga://docs/search/{query}` - Search documentation

### Smart Completions

[](#smart-completions)

Auto-completion for store IDs, model IDs, relations, users, and objects when connected.

---

- [Contributing](./.github/CONTRIBUTING.md) | [Apache 2.0 License](./LICENSE)

###  Health Score

38

—

LowBetter than 85% of packages

Maintenance61

Regular maintenance activity

Popularity9

Limited adoption so far

Community14

Small or concentrated contributor base

Maturity60

Established project with proven stability

 Bus Factor1

Top contributor holds 68.6% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~27 days

Total

2

Last Release

281d ago

Major Versions

v1.0.0 → v2.0.02025-08-10

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/3093?v=4)[Evan Sims](/maintainers/evansims)[@evansims](https://github.com/evansims)

---

Top Contributors

[![evansims](https://avatars.githubusercontent.com/u/3093?v=4)](https://github.com/evansims "evansims (205 commits)")[![renovate[bot]](https://avatars.githubusercontent.com/in/2740?v=4)](https://github.com/renovate[bot] "renovate[bot] (70 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (23 commits)")[![calclavia](https://avatars.githubusercontent.com/u/1828968?v=4)](https://github.com/calclavia "calclavia (1 commits)")

---

Tags

authorizationautomationgenerative-aimcpmodel-context-protocolopenfgasecurityAuthenticationopentelemetryauthorizationpermissionsrbacobservabilityaccess-controlabacopenfgafine-grained-authorizationrelationship-based-access-controlzanzibarauth0-fgapolicy-engine

###  Code Quality

TestsPest

Static AnalysisPHPStan, Psalm, Rector

Code StylePHP CS Fixer

Type Coverage Yes

### Embed Badge

![Health badge](/badges/evansims-openfga-mcp/health.svg)

```
[![Health](https://phpackages.com/badges/evansims-openfga-mcp/health.svg)](https://phpackages.com/packages/evansims-openfga-mcp)
```

###  Alternatives

[casbin/casbin

a powerful and efficient open-source access control library for php projects.

1.3k1.4M54](/packages/casbin-casbin)[casbin/laravel-authz

An authorization library that supports access control models like ACL, RBAC, ABAC in Laravel.

324339.9k4](/packages/casbin-laravel-authz)[pktharindu/nova-permissions

Laravel Nova Grouped Permissions (ACL)

136387.1k](/packages/pktharindu-nova-permissions)[casbin/think-authz

An authorization library that supports access control models like ACL, RBAC, ABAC for ThinkPHP.

27918.5k6](/packages/casbin-think-authz)[hasinhayder/tyro

Tyro - The ultimate Authentication, Authorization, and Role &amp; Privilege Management solution for Laravel 12 &amp; 13

6712.1k2](/packages/hasinhayder-tyro)[hosseinhezami/laravel-permission-manager

Advanced permission manager for Laravel.

403.3k](/packages/hosseinhezami-laravel-permission-manager)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)