opa-mcp-server

MCP server for Open Policy Agent (OPA) and the Rego policy language. Wraps the OPA CLI and Regal linter with 32 tools for authoring, evaluating, and debugging Rego policies through any MCP-compatible client.

→ OrygnsCode/opa-mcp-server · listed on glama

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

Glama

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings

⚠️

Tool annotations don’t match behaviour

5 read-only tools perform write/delete/exec — rego_check_schema (line 151: writeFile(schemaFile, JSON.stringify(inlineSchema), 'utf8')); rego_format (line 44: /^(\d+)\.(\d+)\.(\d+)/.exec(v)); opa_exec (line 172: opa.exec()

⚠️

Tool descriptions don’t match what handlers do

1 tool describes read intent but its handler mutates — rego_check_schema (line 151: writeFile(schemaFile, JSON.stringify(inlineSchema), 'utf8'))

✅

No credential exfiltration, no sensitive file access, no obfuscation

Static analysis found nothing flowing your secrets to unexpected places.

✅

Open source with a license and README

Anyone can audit the code, the license is declared, and the publisher documents what it does.

🔐

You'll be asked for 2 credentials: GITHUB_TOKEN, OPA_TOKEN

These are read from process.env at runtime. Make sure you trust where they’ll be sent.

// required environment variables

This server reads these from process.env. You'll be asked to provide them before it can run.

configCONFTEST_BINARY— conftest (on PATH) Path to the conftest binary. Only required by conftest_ tools. Returns CONFTEST_NOT_FOUND if absent.

🔐 secretGITHUB_TOKEN

configOPA_BINARY— "": "/usr/local/bin/opa",

configOPA_MCP_ALLOWED_PATHS— "": "/path/to/your/policies"

configOPA_MCP_DOCKER_SMOKE

configOPA_MCP_HTTP_TIMEOUT_MS— 15000 Timeout for HTTP requests to the OPA REST API.

configOPA_MCP_LOG_FILE— tmpdir>/orygn-opa-mcp.log Path the server appends logs to. The server never writes to stdout; that channel is reserved for the MCP protocol.

configOPA_MCP_LOG_LEVEL— info One of debug, info, warn, error.

configOPA_MCP_MAX_RESPONSE_BYTES— 100000 Hard cap on a single tool response. Larger payloads are truncated with a __truncated: true marker.

configOPA_MCP_NO_TELEMETRY

configOPA_MCP_TIMEOUT_MS— 30000 Hard timeout for any spawned subprocess (opa, regal). After this, the child gets SIGTERM and then SIGKILL.

🔐 secretOPA_TOKEN— _(unset)_ Bearer token for OPA, if your instance requires auth. Treated as a secret. Never echoed in logs or tool responses.

configOPA_URL— "": "http://localhost:8181",

configREGAL_BINARY— "": "/usr/local/bin/regal",

// full audit trail

The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.

// improvement guidance — verified publishers only

We have 7 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.

// embed badge in your README

[![M8ven Score](https://m8ven.ai/badge/mcp/orygnscode-opa-mcp-server-17a4lz)](https://m8ven.ai/mcp/orygnscode-opa-mcp-server-17a4lz)

commit: d220332cfdcf5a6eeba2b9a9eab155dfe75297e3

code hash: 3ee28ca05c6ed795658590fa8ff1eb961e547a290c81bf986eb911745c1297c5

verified: 6/11/2026, 11:15:43 AM

view raw JSON →