PlainID Edge

PlainID Edge is a customer-deployed component of the PlainID Authorization Platform that securely bridges enterprise AI environments with PlainID’s Authorization cloud. It runs entirely within the customer infrastructure and connects directly to MCP servers and vector databases, enabling real-time discovery, enrichment, and enforcement of authorization for agentic AI workloads.

PlainID Edge operates as a plug-and-play control plane. Once connected to existing AI tooling and data, it automatically maps tools, data, and metadata into PlainID’s Authorization model without requiring changes to agents or backend systems.

Core Responsibilities

PlainID Edge includes two primary functional components:

• MCP Gateway
• RAG Enricher and Classifier

MCP Gateway (MCP GW)

The MCP Gateway connects to customer MCP servers and exposes a single, unified MCP endpoint for all internal agents.

• Acts as a secure MCP server facade for agent traffic.

• Routes all tool discovery and invocation requests through PlainID Edge.

• Performs real-time authorization checks before tool execution.

• Enforces Policy decisions at the following levels:

  • MCP server
  • Tool
  • Action
  • Tool parameters, where applicable

By centralizing MCP access through the gateway, PlainID Edge ensures that no agent can access tools outside its authorized scope, while remaining fully compatible with standard MCP protocols.

RAG Enricher and Classifier

The RAG Enricher and Classifier integrates directly with customer vector databases and prepares RAG data for Policy-based Authorization.

Its responsibilities include:

• Discovering vectorized content and metadata.
• Classifying documents, chunks, and embeddings using ML-based enrichment.
• Normalizing and mapping data Attributes into the PlainID Policy model.
• Continuously synchronizing changes, including new data, updates, and deletions.

This capability enables fine-grained, context-aware access control over RAG retrieval, ensuring that agents retrieve only data they are authorized to access based on identity, intent, and Runtime context.

Deployment Model and Lifecycle

All PlainID Edge components run inside the customer environment, close to the data and tools they protect. The deployment model is designed to be:

• Plug-and-play. Connect MCP servers and vector databases without refactoring.
• Non-intrusive. No changes are required to existing agents or data pipelines.
• Secure by design. Sensitive data never leaves the customer environment.

PlainID Edge is not limited to initial discovery and onboarding. It maintains a live connection to organizational data and tools, in addition to:

• Detecting changes in MCP servers and vector databases.
• Continuously updating PlainID Cloud with relevant authorization metadata.
• Keeping the authorization model aligned with the actual Runtime state.

Enforcement and Runtime Control

In addition to Discovery and Enrichment, PlainID Edge is responsible for Runtime Authorization enforcement for MCP-based agent interactions.

At execution time:

1. Agent requests flow through the MCP Gateway.
2. PlainID Edge evaluates authorization decisions in real time.
3. Unauthorized Actions are blocked immediately.
4. Authorized requests are forwarded transparently to the target MCP server.

PlainID Edge is the execution and integration layer of the PlainID AI authorization platform. It connects live AI tools and data to the PlainID Policy engine, keeps the authorization model continuously up to date, and enforces access decisions at Runtime. This approach enables secure, governed, and scalable agentic AI deployments.

See Deployment for next steps and more information.