What is PolicyArc?
PolicyArc is the authorization layer that sits between your identities and your systems. One policy plane — across every application, every identity provider, and every AI agent — with every decision logged for audit.
The launch focus for this release is MCP — the Model Context Protocol. If your team uses Claude Code, OpenCode, or any other agent that calls tools via MCP, the PBAC Gateway is the Policy Enforcement Point that sits between the agent and your backend APIs. Every tool call is introspected. Every scope is checked. Every decision is logged.
PBAC is not limited to agents — it is the same platform that governs employee, partner, and machine-to-machine access. But the launch narrative leads with the agent problem because it is the most urgent gap most organizations have today.
The problems we solve
- Agent access is ungoverned. Claude Code and similar MCP clients run with the human's credentials. There is no agent identity, no audit trail per agent, no policy at the tool-call boundary. See The Agent Access Problem.
- Audit gaps. When an auditor asks "who had access to system X on this date," you pull logs from a dozen different applications and hope nothing is missing. PBAC gives you one source of truth for every access decision.
- Integration cost. Every new app, partner, or acquired company is another custom authorization project. PBAC lets you swap bespoke code for policy that any OAuth-speaking app can consume.
- No single source of truth. Authorization logic is scattered across applications. Your CISO cannot demonstrate compliance posture because there is no one place that governs who can access what.
What you get
| Capability | What it means for you |
|---|---|
| MCP Gateway | One PEP between MCP clients (Claude Code, OpenCode, etc.) and your backend APIs. Every tool call introspected. Every scope enforced. Every call logged. |
| Centralized policy | Rego policies plus policy data in one place. Applies everywhere — applications, resource servers, identity providers. No per-app authorization code. |
| Every actor, one model | Employees, contractors, federated partners, M2M services, AI agents — governed by the same policy plane. |
| Agent trust tiers | Software statements and DCR carry agent identity. Policy discriminates by provider, model, and trust tier. Single-use tokens available for high-risk agents. |
| Live policy change | Policy data changes are in effect on the next introspection — no token reissue, no agent restart, no deployment. |
| Context-aware decisions | Time, location, risk, MFA status, transaction context. Step-up and obligations at token issuance and at token use. |
| Standards, not lock-in | OAuth 2.0, OIDC, UMA, OPA Rego. Your clients already speak these protocols. Swap at any time. |
Who this is for
For CISOs and security leaders
You need to answer three questions before your next board meeting:
- "Which of our agents can access customer data?"
- "When did that access happen, and what did they do?"
- "If we change our policy today, when does it take effect?"
With PBAC, the answers are in the policy data and the audit log — the platform is the answer. Start with The Agent Access Problem.
For solution architects and engineering leads
You need a control plane that does not require rewriting every integration, that speaks standard OAuth so any MCP client or resource server drops in, and that gives you Rego for the hard policy cases. Start with How it works and Start Here.
For the team running agents in production
You need a fast path to "Claude Code talks to our tools through a gateway that enforces policy." Start with Start Here — five steps from signing into the dashboard to a live 403 from Claude Code.
What PBAC protects
The launch catalog of MCP servers PBAC sits in front of includes GitHub, GitLab, Google Workspace, Drive, Slack, Jira, Jenkins, and PostgreSQL — with the same gateway pattern working for any HTTP API you add. See the MCP servers catalog for the scope models and policy templates for each.
PBAC is the same platform underneath for non-MCP authorization too — OAuth 2.0 clients, resource servers, federated identities — but the launch focus is the agent problem. If you have a non-MCP scenario, talk to us.
Next steps
- The Agent Access Problem — why agent access is the load-bearing security problem of 2026
- Why PBAC? — how PBAC compares to OPA, auth libraries, and IdP add-ons
- Start Here — the dashboard onboarding, from sign-in to live policy decision
- How it works — the access model in one page