Synamcps — permission-aware MCP server and team knowledge gatewaySynamcps

Security & access control

Synamcps security is built around least privilege: a token can only intersect a user's existing ACL with its scopes (read-only, specific storages, specific tools). A leaked token can do no more than its owner — usually far less.

Tokens that narrow access, never expand it — plus enterprise identity and observability.

Permission-narrowing tokens

Issue short-lived tokens with toolAllowlist, storageIds, maxMode, and minute/hour/day + burst limits. Rotate or revoke via the Admin API when a workflow ends or a key is suspected leaked. Misbehaving agents get 429'd instead of hammering downstream systems.

Enterprise auth and audit signals

Authenticate with OIDC, Keycloak, Google, or Teleport Proxy JWT — plus internal login for the Admin UI. Prometheus /metrics and Redis TimeSeries usage accounting answer which agent read which storage, how often.