Why OAuth scopes aren't enough for autonomous LLM agents calling MCP tools, and how we wired Tenuo capability warrants end-to-end. Scope-gated rollout, two real bugs, multi-hop delegation, and an attack the warrant catches.
#mcp
3 posts tagged with #mcp. View all tags
Open-sourcing mcp-authflow and mcp-authflow-resource: an RFC-compliant OAuth 2.0 framework for MCP servers, plus a one-command example server. Why MCP deployments need real auth, what the two packages do, and three non-obvious gotchas from production.
Claude Code silently kills stdio MCP servers during idle periods, forcing manual reconnection. How I converted a fragile stdio bridge into a persistent Starlette HTTP reverse proxy — and the obscure SDK crash that followed.