Arbiter

Donate

MCP tool-call firewall. Arbiter governs what agents are allowed to do. It does not govern what agents try to do. It protects the platform by reducing the tool-call attack surface.

Sits between your AI agents and the MCP servers they talk to, enforcing deny-by-default authorization, session budgets, drift detection, and audit logging on every single tool call. Traditional access control was built for humans who log in and make decisions. Arbiter was built to govern MCP tool calls from agents that fire hundreds of requests per session.

Why MCP Tool Calls Need a Firewall

The gap between traditional access control and what MCP agents need.

Why MCP Tool Calls Need a Firewall
Quickstart

Running Arbiter in 5 minutes with Docker Compose.

Quickstart
Architecture

How a request travels through the 9-stage middleware chain.

Architecture

What You’ll Find Here

Understanding Arbiter covers the why: the problem Arbiter solves, how its architecture works, and the security model underpinning it. Start here if you’re evaluating whether Arbiter fits your stack.

Getting Started walks you from zero to a running gateway in minutes. Register your first agent, write your first policy, create your first session.

Guides go deep on individual features. Each guide opens with the problem, explains the design, and walks through configuration with real examples.

Operating Arbiter covers deployment, monitoring, and troubleshooting for production environments.

Reference is the lookup section: every configuration key, every API endpoint, every CLI command. Come back here when you know what you need but forget the syntax.