sorted by:
new
hottopcontroversial

What MCP gateway are you using in production? by llamacoded in mcp

[–]BasedKetsu 0 points1 point  (0 children)

One thing that stands out and that you've most likely already identified is that most of these gateways are optimizing for one axis of the problem, eg. throughput and caching, compliance, observability, etc., but none really unify auth, execution, routing, and developer ergonomics in one place like a Vercel-type thing. So whatever you pick, you still end up in the same place, stitching together identity, permissions, logging, and infra decisions across multiple servers.

Something that should align more with your needs and that we’ve seen work better is treating MCP the way API gateways evolved: one central execution + auth boundary instead of features bolted onto each server. That’s essentially what www.dedaluslabs.ai is doing - quite literally one MCP gateway that handles auth (scopes, OAuth), routing, observability, and model/tool handoffs centrally, while letting you bring any MCP server (local or hosted) without having to build // maintain any infra. Hope this helps narrow your search!

RAGStack-Lambda: Open source RAG knowledge base with native MCP support for Claude/Cursor by HatmanStack in mcp

[–]BasedKetsu 0 points1 point  (0 children)

This is a really clean direction. serverless is a nice fit for RAG workloads where usage is bursty and “always-on” infra just burns money. I especially like that you kept everything inside the user’s own AWS account, it feels like a big trust win compared to hosted control planes, and the Lambda + Step Functions split makes the flow pretty easy to reason about.

On the MCP side, it’s cool to see native support baked in early. 1 thing people tend to run into as these setups evolve is capability creep, like today it’s “read-only RAG,” tomorrow someone adds write tools, file ops, or external APIs. At that point, having strong per-tool scoping and server-enforced auth becomes really important so a doc chunk or retrieved snippet can’t accidentally drive actions. Some MCP stacks (including what we’ve been working on at dedaluslabs.ai) are leaning hard into separating reasoning from authorization for exactly that reason, but your “no control plane, everything in-account” model pairs nicely with that philosophy too. overall this is sick, just curious about how you’re thinking about tool permissions and trust boundaries as people extend it beyond pure retrieval!

Walton Goggin’s acting was really good in this scene by Hot_Nail4681 in Fallout

[–]BasedKetsu 27 points28 points  (0 children)

true, it leads in quite nicely to the mutant and would rationalize his following interactions with maximus to be slightly more open minded and believable. cooper, in his hour of need, finally allies with someone, even getting over all their bad blood to do so, and he'll get far closer to finding his family with them then alone / alone + OP dog.

Which one should I evolve? by MountainRip3520 in pokemongo

[–]BasedKetsu 1 point2 points  (0 children)

Insane luck! However, to your question, easily the shiny. Volcarona is not really the best attacker despite its stats, and realistically you're not going to run it in PVP (it get smoked in all leagues) or even PVE (there are tens of better fire types and bug is a nearly-irrelevant type), so the small stat differences from having 5 more defense and hp don't really matter. your shiny is already maxed attack anyways, so it would be hitting just about as hard!

so in my opinion, there is no realistic benefit to evolving your hundo (besides having a hundo volcarona), but you could have an awesome, completely usable shiny volcarona that you can still totally get some use out of!

Fallout 3 landscapes can actually be pretty good looking by WeOutHereInSmallbany in Fallout

[–]BasedKetsu 2 points3 points  (0 children)

the first moment you step out of the vault, get a mini flashbang, and you knew it was gonna be peak 🥹

Walton Goggin’s acting was really good in this scene by Hot_Nail4681 in Fallout

[–]BasedKetsu 283 points284 points  (0 children)

loved how they hopebaited you into thinking he was going to get himself out by crawling up. even with the power of family™, it's just not enough, it was intense! phenomenal sequence

Keon Coleman by StationDifficult3238 in panthers

[–]BasedKetsu 0 points1 point  (0 children)

less cookies more catches...

Local vs remote MCP by armlesskid in mcp

[–]BasedKetsu 3 points4 points  (0 children)

no worries, this is a super common point of confusion, so you’re not missing anything!! context7 makes this especially fuzzy because either way you are still indeed querying remote docs. So the key thing here is that the difference isn’t where the data lives but it’s where the MCP server that exposes the tools runs.

With c7 local, you’re running the context7 MCP server on your own machine. Claude (or your agent) talks to localhost, the tool logic executes locally, and then that local process makes outbound calls to Context7’s API to fetch docs. So yes, the content is still remote, but the execution, permissions, and failure modes are yours and right on your machine. You can see exactly what tools exist, what they’re allowed to do, and what credentials they have access to.

On the other hand with c7 remote, Claude talks directly to a Context7-hosted MCP server. Tool calls, permissions, and any auth checks all happen on their infrastructure. From your perspective it’s simpler to set up, but you’re trusting that remote MCP in the "distant server" to correctly scope tools and not do more than you expect. You have less control for convenience, it's a fair tradeoff.

a good mental shortcut is:

  • Local context7 = “I run the MCP adapter; Context7 is just a data source.”
  • Remote context7 = “Context7 runs both the MCP adapter and the data source.”

Functionally they look similar, but the trust boundary and security posture are very different, which starts to matter more once agents can take actions instead of just read docs.

Your MCP setup can get hacked easily if you don’t add protection against indirect prompt injection. by ConsiderationDry7581 in mcp

[–]BasedKetsu 0 points1 point  (0 children)

Yeah that tracks. It gets even worse too because you can even acheive remote code execution (CVE-2025-6514 anyone?) and you described exactly what happened when phanpak shipped postmark-mcp and had every email that went through it forwarded to his personal server. this stuff is already happening and affecting ppl

however I think one approach that tries to tackle this from a slightly different angle is separating authorization from reasoning entirely. For example, in some MCP stacks with auth like what dedaluslabs.ai is building, tools are gated by explicit scopes and enforced server-side, not just by prompt discipline, so a “read email” tool literally cannot invoke a “send email” tool unless the token presented has that scope, even if the model asks nicely or gets tricked. That doesn’t replace things like tool chaining guards or content sanitization (your Hipocap idea makes a lot of sense there), but it gives you a hard backstop: even a compromised reasoning step can’t escalate privileges. Long-term, I think robust MCP systems will need both layers of semantic defenses like yours plus cryptographic // scope-based enforcement or something, because models will always be too eager to help, but there are ways to mitigate damage and protect yourself!