We're excited to announce Nexus 0.5.3, introducing Role-Based Access Control (RBAC) for MCP servers—a critical security feature for enterprise AI deployments. This release empowers organizations to implement fine-grained permission management, control tool access by user groups, and maintain complete governance over their AI infrastructure.
Nexus 0.5.3 introduces Role-Based Access Control (RBAC) for MCP servers, enabling fine-grained permission management based on user groups. You can now control which users access specific MCP servers and tools, creating tiered access levels that align with your organization's security requirements.
The RBAC system operates at two levels: server-wide rules that control access to entire MCP servers, and tool-specific overrides for granular permission management. This dual-layer approach lets you establish baseline permissions while maintaining flexibility for special cases.
[mcp.servers.premium_features]
cmd = ["premium-mcp-server"]
allow = ["premium", "enterprise", "admin"]
deny = ["suspended", "trial_expired"]
# Override for specific tools
[mcp.servers.premium_features.tools.basic_search]
allow = ["basic", "premium", "enterprise"] # Basic users can access this toolThe RBAC system follows strict security principles: deny rules always take precedence over allow rules, empty allow lists block all access by default, and tool-specific rules override server-wide settings. Without any configured rules, servers remain open for backward compatibility—but we recommend explicitly defining access controls for production deployments.
This design enables common enterprise patterns like creating tiered service levels (basic, premium, enterprise), blocking suspended or restricted accounts, and implementing department-specific tool access. The system integrates with your existing authentication infrastructure, extracting group claims from JWT tokens or session metadata.
The power of RBAC is fully realized when combined with Nexus's client identification system. While RBAC can function without client identification—allowing you to universally block certain MCP servers or tools using empty allow lists—enabling client identification unlocks user-specific access control based on group membership.
Client identification extracts user identity and group claims from incoming requests, typically through JWT tokens in production environments:
# Enable client identification via JWT
[server.client_identification]
enabled = true
client_id.jwt_claim = "sub"
group_id.jwt_claim = "grp"
[server.client_identification.validation]
group_values = ["contractors", "finance", "admin"]
# RBAC rules use these group claims
[mcp.servers.financial]
cmd = ["financial-mcp-server"]
allow = ["finance", "admin", "contractors"] # Only users with these groups in their JWT
[mcp.servers.financial.tools.check_credit]
deny = ["contractors"] # Explicitly block even if in allowed groupsFor development or private networks, you can use HTTP headers for simpler integration, though JWT remains recommended for production security.
Importantly, you don't need client identification to leverage RBAC for universal access control. An empty allow list effectively blocks all access to a server or tool, useful for deprecating features or emergency lockdowns:
# Block all access to deprecated server
[mcp.servers.legacy_tools]
cmd = ["legacy-mcp-server"]
allow = [] # Empty list blocks everyone
# Or selectively disable dangerous tools
[mcp.servers.admin_tools.tools.delete_database]
allow = [] # Nobody can use this toolThis flexibility means you can start with simple universal rules and gradually implement user-specific controls as your security requirements evolve.
Beyond RBAC, this release includes critical reliability fixes:
- Anthropic Tool Handling: Resolved duplication of tool results in Claude response streams
- Telemetry Sampling: Fixed child span sampling to respect parent decisions
Nexus 0.5.3 reinforces our commitment to enterprise-ready AI routing. The RBAC system provides the access controls necessary for multi-tenant deployments, while our reliability fixes ensure stable production operations. Combined with the recent Anthropic protocol support and hardened Docker images from previous releases, Nexus offers a solution for governing, monitoring, and securing AI agent interactions.