Never build Permissions again. Zero-latency fine-grained authorization as a service for human, machine, and agentic identities.
This is the 4th launch from Permit.io. View more
Permit MCP Gateway
Launched this week
MCP lets AI agents connect to your tools, but its built-in auth is limited. There's no fine-grained authorization, no governance, and no connection to your existing IdP infrastructure. Permit MCP Gateway is a zero-trust proxy that adds what's missing to any MCP server without touching its code. Swap one URL and every tool call gets OAuth authentication, Zanzibar-style authorization, consent screens, and full decision logging. No SDK to install. No agents to rewrite. Works with any MCP server.
Free Options
Launch Team / Built With
Permit.io
Really powerful idea: handling fine-grained permissions and authorization without building everything from scratch can save dev teams a ton of complexity. How do you balance flexibility in policy creation with keeping the system simple enough for teams to actually manage day-to-day?
Permit.io
@thegreatphon that's our secret sauce here 😉
In short:
Contextual policies are generated when MCP is set up
Contextual policies are controlled via the MCP-oriented policy editor in the gateway, so you have separation of concern with general policies for consent.
To connect it to you're existing policies, the root of the context is controlled in the ReBAC model, so it has a relationship with simple organizational policies
Policies are edited, controlled, and monitored via Permit's policy editor
MCP security is the thing I keep putting off. Right now my MCP servers are basically "allow everything from anyone" — which is fine for solo dev, but the moment you think about a team or production, it's terrifying.
The one-URL-change integration is what makes this feel realistic. Every other security layer I've evaluated required rewriting half the stack.
Quick question — does the gateway add noticeable latency per tool call? For interactive agent workflows where the user is waiting, even 200ms per call adds up fast.
Permit.io
@nao_lore_ For most cases (p90) you should see see sub 60ms overhead.
Wilco
Agent interrogation - seems interesting but problematic, how can you trust the agent not to lie, or be coerced to lie ? How can this produce a consistent Identity?
Permit.io
@on The key point is: we do not trust the agent to tell the truth.
Interrogation is not there to “believe” the agent. It is there to extract a behavioral fingerprint from the agent’s intent as expressed at that moment. In our framing, even if the agent lies, the pattern of answers is still useful: it gives you a stable enough signature to say “this is the same agentic identity within threshold” versus “something changed here.” That is why the model is not “trust the answer,” but “fingerprint the intent.”
That is also why coercion is actually part of the design, not a contradiction to it. If the agent gets prompt-injected, confused, or coerced into a materially different intent, its fingerprint should change. When that happens, the identity breaks, and you renegotiate consent or block access. In other words, instability is a detection signal. It is a feature, not a bug.
So how do you get a consistent identity out of something non-deterministic? By not relying on a single static property like hostname, model version, or token. Instead, the identity is composed from three things:
the human delegator identity,
the consent boundary the human granted,
the agent’s intent fingerprint derived through interrogation.
That combination is what persists through time, even when the underlying model, runtime, or context shifts.
And then we do the second crucial thing: the agent gets zero standing permissions. We do not give it broad credentials and hope for the best. Every time it tries to act, the gateway revalidates the identity and derives only the permissions needed just in time, based on the relationship to the human and the current policy. So even if the agent is imperfect, the blast radius stays small.
So the clean answer is:
We don’t trust the agent not to lie.
We trust a control plane that:
fingerprints its intent,
detects when that fingerprint changes,
revalidates it on each interaction,
and never gives it persistent credentials in the first place.
That is how you get a consistent identity out of an inconsistent actor.
Permit.io
Hey PH ! Or Weis here, co-founder and CEO of Permit.io. Fourth time launching here, and always great to be back.
We’ve been building in authorization for years, and the shift we’re seeing with MCP feels like one of those rare infrastructure moments. Every protocol starts a little messy. HTTP was messy. TCP/IP was messy. MCP is no exception. But it is quickly becoming the connective tissue between AI agents and enterprise systems, which makes it the right place to enforce identity, trust, and governance.
Most of the market looks at MCP and asks, “How do I push this through my existing stack?” We think that is the wrong question.
Agents are not service accounts with better branding. They need a new kind of identity: dynamic, delegated, auditable, and revocable in real time.
That is why we built Permit MCP Gateway.
Permit MCP Gateway is a drop-in trust layer for MCP. It helps teams secure AI agents connecting to tools and enterprise systems with fine-grained authorization, consent, auditability, and runtime enforcement — without rewriting their stack.
A few things we think matter:
fine-grained permissions for agent actions
delegated access on behalf of users
audit logs for every tool call
zero-standing-privilege approach
built on Permit, so controls can extend deeper into APIs, services, and data for defense in depth
This is a very natural evolution for us. Permit started with application authorization, and now we’re bringing the same philosophy into the AI era.
If you’re thinking about how to bring MCP into your organization without turning your systems into open desert, we’d love to talk.
We’re here all day — would love your feedback, questions, and skepticism.
Trufflow
Having audit trails is so important, so having the ability to know who authorized which agent is really nifty. Does Permit.io flag when policies fall outside standard best practices? Or does the auto-generation capability fully manage this such that no manual configuration is required after set up?
Permit.io
@lienchueh it's hybrid. We generate contextual policies that you can then modify/extend per your need. You're more than welcome to try it yourself in the product 😉
Hey Product Hunt! David here, Solutions Engineer at Permit.io.
We just published two walkthroughs showing the MCP Gateway in action:
Enforce per-user trust levels on Linear's MCP (Developer vs PM access): https://docs.permit.io/permit-mcp-gateway/demos/linear-mcp-gateway
Gate an n8n automation workflow with real-time trust controls: https://docs.permit.io/permit-mcp-gateway/demos/n8n-linear-mcp-gateway
No changes to the underlying MCP servers — just drop the Gateway in front and control who (or what) can do what. Both demos take just a few minutes to set up. Would love to hear what MCPs you'd want to see demoed next!