Arcade.dev

MCP set the standard for agent tool interoperability. But standards need foundations. At Arcade.dev, we've been running MCP servers in production for months. Every deployment hit the same walls: OAuth breaks on deploy, secrets management becomes a nightmare. After solving this problem internally, we decided to build it once, properly, and open-source it. It's not just code. It's the production patterns we learned the hard way: →OAuth that survives security review →Secrets management that scales →Deployment configs that work beyond localhost Local-first development. Cloud-ready deployment. One framework. This is what MCP needs to go from research demos to production systems. We're sharing it because the ecosystem deserves better than everyone solving the same auth nightmares separately. Arcade-mcp, the secure MCP framework, is live on Product Hunt now. Let's build the agent infrastructure that should've shipped yesterday. Check out the launch: https://lnkd.in/ePMnBCrr

Your MCP server passed the demo. Now try deploying it. Suddenly you're rewriting OAuth flows, hardcoding secrets "temporarily," and debugging why User A's credentials just leaked into User B's session. Welcome to the part nobody tells you about. We've built hundreds of MCP servers and thousands of tools at Arcade.dev. Every single one hit the same wall: localhost works, production breaks. So we open-sourced the framework we actually use. The Secure MCP Framework takes your MCP server from prototype to production without rewrites: - Tool-level auth scoping — OAuth handled server-side, never touches the LLM - Secrets management that won't get you fired - Built-in evals with your own credentials - Deploy with one command, zero config changes Same code on localhost and in prod. No surprises. No security reviews that kill your launch three weeks late. The LLM never sees tokens. Neither does the client. Your server handles auth the way it should: invisibly and securely. It's how we build. Now it's yours. → Get started: https://lnkd.in/gxeJiADH → Star it on GitHub: https://lnkd.in/gSddjQ7u Build an MCP server your CISO will actually let you ship.

MCP unlocked a new way for agents to talk to tools. But here's the thing nobody mentions: MCP doesn't actually DO anything. It's a protocol. A handshake. A spec. To make agents work in production, you still need:  → Tools that connect to real APIs (we have 3,553)  → Auth that doesn't create security holes (we handle OAuth for you)  → An execution engine that picks the right tool at the right time (not blow up the LLM context window with all the tools) MCP is the handshake. Arcade.dev is what happens next. Browse the full catalog: https://lnkd.in/gPa5vaKg

Most “agents” aren’t agents. They’re just chatbots with better marketing. Real agents take action. And that means solving the problem every team hits around month three: the auth wall. Here’s what usually kills agent projects in production: →The Bot Token Trap Give your agent its own credentials, and suddenly your intern has CEO-level access through the agent. Your CISO will love that conversation. →The User Credential Nightmare Hand over your own tokens and watch your agent try to delete your root directory. The Right Way: 🚀Delegated Authorization Your agent should only do what it’s registered to do and what the user is allowed to do. The intersection of those two. Nothing more. This is why 70% of agents never make it to production. They nail the demo with one user, then hit the security wall when they try to scale. The solution isn’t more LLM calls or bigger context windows. It’s an execution layer built around user intent, not raw APIs. “Reply to Alex’s email” shouldn’t require your agent to: - Search emails (40+ parameters, hallucination city) - Identify which Alex - Unpack MIME structures - Repack and thread correctly - Finally hit send That’s five decision points where the model can fail. If you’re building agents that need to touch Gmail, Slack, Salesforce, or any authenticated system—this is the layer between “cool demo” and “actually ships.” Arcade.dev turns human intent into secure, authorized action.

Ever tried to make an agent reply to an email? You quickly realize you're not building AI — you're unpacking MIME and juggling 40 Gmail API parameters. That's not intelligence. That's punishment. There’s no replyToEmail() endpoint. You have to decode MIME, rebuild headers, re-encode them, and pray Gmail threads it right. Hundreds of lines of brittle code... just to send a reply. A great tool doesn’t just call an API — it understands intent. It knows what you’re trying to achieve and handles the plumbing for you. That’s what we built at Arcade.dev. Tools that understand the difference between “send an email” and “reply to Alex about the API window.” Tools that abstract away MIME hell, OAuth edge cases, and all the friction between model intention and real action. The next wave of agentic AI won’t be won by bigger models. It’ll be won by better tools — the ones that make complex things feel stupid easy. If you’re tired of fighting APIs and just want to ship agents that do stuff, try Arcade.dev. We built the tools so you don’t have to.

"How do I give my agent its own identity?" Wrong question. Your agent doesn't need identity. It's not a user. It's making API calls on someone's behalf. Better question: "How do I let my agent use OAuth?" Same flow every web app uses: →App registration →Scoped permissions →Delegated authorization →Real-time permission checks The only difference? We authorize after the LLM decides what to do, not before. Just-in-time auth. No god-mode service accounts. No hardcoded tokens. We wrote about why this reframe changes everything: https://lnkd.in/gqfPZK32

We built the auth infrastructure that makes MCP agents actually work. Now we're sharing how. Join us Wednesday, October 8th for: ✓ Panel with the engineers making MCP scale ✓ Live MongoDB integration demo  ✓ Open bar, great music, and high-quality discussion This isn't a sales pitch. It's a gathering of builders solving the same problems you are. RSVP: https://lnkd.in/g7JxZB5x

Building AI agents that can touch production systems can feel impossible. The auth complexity alone can take months. The security reviews can take longer. The integration pain can break you. But Tradestack didn't get the memo. Here's their secret: they didn't compromise on tool quality. While others ship "good enough" integrations, Tradestack deliberately chose a smaller number of deeply integrated, high-quality tools over thousands of half-baked ones. Why? Because when your AI is creating real invoices in Xero and managing actual contractor workflows, "mostly works" isn't an option. Their UK contractor customers get: - Consistent, reliable automations every time - Tools that handle edge cases and nuances - AI that understands context, not just commands The platform behind it all? One that treats tool design as a first-class performance lever, not an afterthought. Join the developers building agents that do real work. A generous free tier, real tools, and no auth nightmares → Arcade.dev

Your users are literally telling you what's wrong. 2.3 stars vs 4.8 stars. That's not a bug - that's users choosing agents that don't waste their time. At Arcade.dev we realized: why ask users for information the agent should already know? WhoAmI tools are now live in 20+ services. No more digital amnesia. Build with Arcade.dev - get WhoAmI tools before your competitors do. Learn more here: https://lnkd.in/gBYw847Z

Half our pipeline: Fortune 1000 companies Surprised? You shouldn't be. The pattern we're seeing: Startups: Moving at lightspeed, need auth that can keep up Enterprises: Complex requirements, need auth that scales Both asking the same question: "How do we ship agents without compromising security?" Why are enterprises moving so fast? Their identity team immediately recognizes what we built - agents as applications with proper auth flows, not another identity paradigm to manage. The magic: Whether you're a 5-person startup or Fortune 500, you get enterprise-grade auth that deploys in minutes. Security isn't the barrier. It's the accelerator.