opa-mcp-server

Overview Schema Related Servers Score Discussions

Batch-evaluate OPA policy against input files

opa_exec

Read-onlyIdempotent

Independently evaluate each input file against a Rego policy decision, returning per-file results and error-flagged failures. Ideal for CI pipelines checking many config files in one call.

Instructions

Evaluate a policy decision against one or more input files using opa exec --format=json. Unlike rego_eval (single input), opa exec processes every file independently and returns a per-file result -- ideal for CI pipelines that check many config files against a policy in one call. Supply bundle for bundle-based policies or dataPaths for raw policy files; these are mutually exclusive. Each file that fails evaluation appears in results with an error field rather than a result field.

Input Schema

TableJSON Schema

Name	Required	Description
`inputPaths`	Yes	One or more JSON/YAML input file paths, or a directory containing input files. OPA evaluates each file independently. Every path must be inside an allowed root.
`decision`	Yes	The policy entrypoint to evaluate for each input, e.g. `"data.authz.allow"` or `"data.policy.violations"`. Must be a fully-qualified Rego reference.
`bundle`	No	Path to an OPA bundle directory or `.tar.gz` archive to load as the policy source. Mutually exclusive with `dataPaths`.
`dataPaths`	No	Policy and/or data file or directory paths to load. Mutually exclusive with `bundle`.

Tool Definition Quality

A4.6/5.0

Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Annotations indicate read-only and idempotent behavior. The description adds that failing files produce an `error` field rather than a `result` field in `results`, which is useful behavioral detail beyond annotations. No contradictions.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Four sentences, front-loaded with the main purpose and key differentiator. Every sentence adds value without redundancy or filler.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a tool with 4 parameters and no output schema, the description explains the result format (per-file, error vs result) but could elaborate on the overall return structure. Still sufficiently complete for most use cases.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Input schema covers all parameters with descriptions (100% coverage). The description adds clarification on mutual exclusivity of `bundle` and `dataPaths` and references the CLI command, providing context that goes beyond schema definitions.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

Clearly states the tool evaluates OPA policy decisions against multiple input files using `opa exec --format=json`. It distinguishes itself from the sibling `rego_eval` by emphasizing batch processing and per-file results, making the purpose specific and unambiguous.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Explicitly recommends use in CI pipelines for checking many config files, and contrasts with `rego_eval` for single input. It also notes the mutual exclusivity of `bundle` and `dataPaths`, providing clear when-to-use and when-not-to-use guidance.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/OrygnsCode/opa-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server