Authorization
ToolMesh uses OpenFGA for fine-grained authorization. The model follows a User → Plan → Tool relationship structure.
| Mode | Config | Behavior |
|---|---|---|
bypass | OPENFGA_MODE=bypass | No authorization checks (default) |
restrict | OPENFGA_MODE=restrict | OpenFGA enforced on every tool call |
Start with bypass for development, switch to restrict for production.
Authorization Model
Section titled “Authorization Model”User --member_of--> Plan --can_execute--> ToolEach user (from OAuth login or API key) has an assigned plan. Plans grant access to specific tools. When a tool call arrives, ToolMesh checks:
Check(user, can_execute, tool)If denied, the execution stops immediately with an unauthorized error.
DADL Access Levels
Section titled “DADL Access Levels”DADL tools declare an access classification:
| Level | Meaning |
|---|---|
read | Read-only operations |
write | Create/update operations |
admin | Administrative operations |
dangerous | Destructive or irreversible operations |
| custom | Extendable with any string value |
Policy files bundle these access levels into roles, and OpenFGA assigns roles to users.
Configuration
Section titled “Configuration”OPENFGA_API_URL=http://localhost:8080 # OpenFGA API endpointOPENFGA_STORE_ID=your-store-id # OpenFGA store IDOPENFGA_MODE=restrict # Enable enforcementUse tm-bootstrap to load the authorization model and create example tuples:
./tm-bootstrap --openfga-url http://localhost:8080Caller-Origin Integration
Section titled “Caller-Origin Integration”Authorization decisions can also consider the CallerClass (trusted, standard, untrusted). This allows policies like “untrusted clients cannot access admin tools” even if the user’s plan would normally allow it.