GlassTape Policy Builder
OfficialOptional integration for server-side natural language processing to transform natural language security requirements into Cerbos YAML policies using OpenAI GPT models.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@GlassTape Policy Buildercreate a policy for customer data access with role-based controls and audit logging"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
𧩠GlassTape Policy Builder MCP Server
Transform natural language into production-ready AI governance policies.
GlassTape Policy Builder is an open-source MCP server that converts natural-language security requirements into Cerbos YAML policies with automated validation, testing, and red-teaming.
It enables security and engineering teams to integrate AI agents and applications with policy-as-code frameworksβbringing zero-trust guardrails to tool-call interception, data access, and model workflows.
π Features
βοΈ Natural-Language to Policy β Generate Cerbos policies from plain English using Claude or AWS Q
π§ Automated Validation β Uses the Cerbos CLI (
cerbos compile,cerbos test) for syntax and logic checksπ§ͺ Red-Team Analysis β 6-point security analysis with automatic improvement suggestions
𧩠MCP Integration β Works natively in IDEs like Cursor, Zed, and Claude Desktop
π Air-Gapped Operation β Local-first design with no external dependencies
π·οΈ Topic-Based Governance β 40+ content topics with safety categorization
π§Ύ Compliance Templates β Built-in templates for SOX, HIPAA, PCI-DSS, and EU AI Act
π Quick Start
1. Prerequisites
Install Cerbos CLI (required for policy validation):
# macOS
brew install cerbos/tap/cerbos
# Linux
curl -L https://github.com/cerbos/cerbos/releases/latest/download/cerbos_Linux_x86_64 \
-o /usr/local/bin/cerbos && chmod +x /usr/local/bin/cerbos
# Verify installation
cerbos --version2. Install from Source
# Clone the repository
git clone https://github.com/glasstape/glasstape-policy-builder-mcp.git
cd glasstape-policy-builder-mcp/agent-policy-builder-mcp
# Basic installation
pip install -e .
# With optional LLM support (for server-side natural language parsing)
pip install -e ".[anthropic]" # Anthropic Claude
pip install -e ".[openai]" # OpenAI GPT
pip install -e ".[llm]" # All LLM providers
# Development installation
pip install -e ".[dev]"3. Configure Your MCP Client
Claude Desktop (~/Library/Application Support/Claude/claude_desktop_config.json):
{
"mcpServers": {
"glasstape-policy-builder": {
"command": "glasstape-policy-builder-mcp"
}
}
}Cursor/Zed: Add similar configuration in your IDE's MCP settings.
Optional: Server-side LLM (for natural language processing):
{
"mcpServers": {
"glasstape-policy-builder": {
"command": "glasstape-policy-builder-mcp",
"env": {
"LLM_PROVIDER": "anthropic",
"ANTHROPIC_API_KEY": "sk-ant-your-key"
}
}
}
}4. Usage Examples
Generate a Policy (in Claude Desktop or MCP-enabled IDE):
Create a payment policy for AI agents:
- Allow payments up to $50
- Block sanctioned entities
- Limit to 5 transactions per 5 minutesList Available Templates:
list_templatesValidate a Policy:
validate_policy with policy_yaml: "<your-cerbos-yaml>"5. Troubleshooting
Cerbos CLI not found:
Ensure Cerbos CLI is installed and in your PATH
Run
cerbos --versionto verify installation (note:--versionnotversion)
MCP server not connecting:
Check your MCP client configuration
Restart your IDE after configuration changes
Verify the command path is correct:
which glasstape-policy-builder-mcp
Installation fails with "Unable to determine which files to ship":
This is a known hatch build issue - ensure you're in the correct directory
The pyproject.toml should include
[tool.hatch.build.targets.wheel]configuration
Import errors with MCP:
Ensure you have the correct MCP imports:
from mcp.server import ServerTry reinstalling:
pip install -e . --force-reinstall
Policy validation fails:
Check YAML syntax in generated policy
Ensure Cerbos CLI is working:
cerbos compile --helpReview error messages for specific issues
Command not found after installation:
Ensure you have Python 3.10 or higher
Check that the entry point is correctly configured in pyproject.toml
π¦ Available Tools
When connected via MCP, you can use these tools in Claude or your IDE:
Tool | What it does |
| Transform natural language β validated Cerbos YAML with topic governance |
| Check policy syntax with |
| Run test suites against policies with |
| 6-point security analysis with automatic improvement suggestions |
| Browse built-in templates (finance, healthcare, AI safety) |
Example workflow:
1. "Generate a payment policy for AI agents with $50 limit..."
β Claude calls generate_policy
2. "Show me available financial templates"
β Claude calls list_templates
3. "Test this policy with the test suite"
β Claude calls test_policy
4. "Analyze this policy for security issues"
β Claude calls suggest_improvements
5. "Validate the policy syntax"
β Claude calls validate_policyπ§ͺ Example Output
Input:
"Allow AI agents to execute payments up to $50. Block sanctioned entities.
Limit cumulative hourly amount to $50. Maximum 5 transactions per 5 minutes."Generated Policy with Topic Governance:
# policies/payment_policy.yaml
apiVersion: api.cerbos.dev/v1
resourcePolicy:
version: "1.0.0"
resource: "payment"
rules:
- actions: ["execute"]
effect: EFFECT_ALLOW
condition:
match:
expr: >
request.resource.attr.amount > 0 &&
request.resource.attr.amount <= 50 &&
!(request.resource.attr.recipient in request.resource.attr.sanctioned_entities) &&
(request.resource.attr.cumulative_amount_last_hour + request.resource.attr.amount) <= 50 &&
request.resource.attr.agent_txn_count_5m < 5 &&
has(request.resource.attr.topics) &&
"payment" in request.resource.attr.topics &&
!("adult" in request.resource.attr.topics)
- actions: ["*"]
effect: EFFECT_DENYPlus:
β Topic-based governance (payment, pii detection)
β Safety categorization (G/PG/PG_13/R/adult_content)
β 15+ automated test cases
β Validated by
cerbos compileβ 6-point security analysis
β Ready-to-deploy bundle
π Complete Examples
Category | Example | Description |
Finance | Payment execution with limits | |
Healthcare | HIPAA-compliant PHI access | |
AI Safety | Model invocation with guardrails | |
Data Access | GDPR-compliant PII export control | |
System | Admin access with MFA |
See examples/README.md for complete examples.
𧱠Architecture
flowchart TD
A["Natural-language policy request"] --> B["GlassTape MCP Server"]
B --> C["Intermediate Canonical Policy - JSON"]
C --> D["Cerbos YAML policy generation"]
D --> E["Cerbos CLI validation + testing"]
E --> F["Ready-to-deploy policy bundle"]Key Innovation: ICP (Intermediate Canonical Policy) serves as a language-agnostic intermediate representation, enabling deterministic generation, policy portability, and formal verification.
π§ͺ Development
# Clone and setup
git clone https://github.com/glasstape/glasstape-policy-builder-mcp.git
cd glasstape-policy-builder-mcp
pip install -e ".[dev]"
# Run tests
pytest
# Format code
black src/ tests/π€ Contributing
We welcome contributions! See CONTRIBUTING.md for guidelines.
Quick Links:
πͺ License
Released under the Apache 2.0 License. Β© 2025 GlassTape, Inc.
π‘ Links
π GlassTape Website
π Documentation
𧱠Cerbos Documentation
π Report Issues
Built with β€οΈ by GlassTape β Making AI agents secure by default.
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Appeared in Searches
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/GlassTape/agent-policy-builder-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server