// DOCUMENTATION

PolicyLayer docs

PolicyLayer is the control plane for your MCP fleet. Register upstream servers, mint scoped tokens, attach deterministic policies, and audit every tool call.

Overview
PolicyLayer is the control plane for your MCP fleet. Author policies, mint scoped tokens, and audit every tool call before it reaches the upstream.
Read
Quick start
Register an MCP server, write a policy, mint a scoped grant, and route your client through the PolicyLayer proxy. End-to-end in seven steps.
Read
Core concepts
Organisations own MCP servers. Servers carry policies and grants. Every proxy request is evaluated against policy before reaching the upstream.
Read
Roles
Three organisation-scoped roles: admin, policy_manager, viewer. Separate policy work from credentials, grants, and organisation administration.
Read
Writing policies
Use the visual policy builder or raw JSON to allow, deny, or hide MCP tools, add argument-level conditions, and set per-grant quota limits.
Read
Upstream authentication
Configure OAuth tokens or static headers that PolicyLayer injects when forwarding allowed MCP calls upstream. Grant tokens never leave the proxy.
Read
Logs and security
Proxy logs attribute every MCP tool call without storing argument values. Upstream credentials and grant tokens are encrypted at rest with versioned keys.
Read
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.