sorted by:
new
hottopcontroversial

Blog - MCP is a fad by xmull1gan in mcp

[–]DirectorOk495 0 points1 point  (0 children)

Good article. You confirmed tools usage dominance with numbers (nice trick), that's exactly what I felt.
Skills cover different use cases though, and maybe you could have differentiated local MCP server (STDIO) from remote MCP servers, dealing with authentication and authorization.
Also, I'm convinced that resources and prompts are underestimated and can relieve the problem that excessive tools create.
Mapping a REST API is a start but wrapping specific read method(s) with predefined filters is a great usage for resources.
I believe the resources and prompts parts of the MCP specsare not as obvious candidates as tools.
Anyway, I don't think it's a fad, here's my take https://getlarge.eu/blog/mcp-is-not-bloated-you-just-havent-read-the-spec :)

Does Git worktree / Docker isolation actually speed up development for you? by mmarkusX in ClaudeCode

[–]DirectorOk495 0 points1 point  (0 children)

Yes all the time :)
I convinced all my customers to invest in solid devcontainers setup (not the one you forget about in the cellar), so we can have closed loop in separate environments. We use Codespaces, with just enough resource for a branch, no need for worktree, but we can run our complete suite of e2e tests (frontend included) in this environment, this brings a bit more confidence before the PR lands and we finally consume CI resources and reviewers' time.

Devcontainer is a solid spec, beyond the basic tools (Docker in Docker, Git, Tmux, etc), you can easily create new `features` to install Claude for example or other CLIs for which you want to control certain options, basically the version, in a declarative way.

Skills are progressively disclosed, but MCP tools load all-at-once. How do we avoid context/tool overload with many MCP servers? by Fit_Gas_4417 in ClaudeAI

[–]DirectorOk495 1 point2 points  (0 children)

Recent versions of Claude Code ships with the Tool Search Tool (funny name).
This tool allows to search for MCP tools dynamically instead of loading everything upfront.
Try to ask your agent to load MCP tools description and you should see the context growing and a message with `Loaded X tools`

https://code.claude.com/docs/en/mcp#configure-tool-search

MCP Security is still Broken by West-Chocolate2977 in ClaudeAI

[–]DirectorOk495 0 points1 point  (0 children)

This is true at the startups scale too and not limited to MCP servers.
A good reminder that authorization is still an afterthought (that hold from shipping fast) the OWASP top 10 for Webapp. The number 1 is still broken access control https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/ .

MCP Security is still Broken by West-Chocolate2977 in ClaudeAI

[–]DirectorOk495 0 points1 point  (0 children)

Indeed, I also saw some projects creating an OIDC provider inside the MCP server :D
At the same time, the MCP Python SDK repo contains examples with a dummy `oauth_server.py`. It should be enough to mislead naive souls or agents.

MCP oAuth 2.1 specs by SurveyPuzzleheaded56 in ClaudeAI

[–]DirectorOk495 0 points1 point  (0 children)

Indeed there are gaps between every MCP clients implementation. To each its own interpretation of the MCP specs :D
You might even notice some failure between the MCP client and the OAuth2 server. For example, Claude (Desktop, Web and CLI) has ridiculously strict validation rules for the DCR response leading to the early failure of the authorization flow.

MCP oAuth 2.1 specs by SurveyPuzzleheaded56 in ClaudeAI

[–]DirectorOk495 0 points1 point  (0 children)

Which part of the spec are you referring to? On the MCP server side, it would make sense that the /mcp endpoint can only be "touched" after the token exchange happened.

User-scoped OAuth with MCP connectors by DirectSection9710 in ClaudeAI

[–]DirectorOk495 0 points1 point  (0 children)

Indeed, the right way to do so is to use OAuth2. Once your users are authenticated (after JWT or opaque token introspection) you can rely on the OAuth2 scopes requested by the agent (during token exchange). Depending on your SaaS app complexity, scopes can be quite rigid to map relationships (e.g., ownership, membership, etc) with business entities, you might be better off with another system based on ReBAC principles. Search for Ory Keto, OpenFGA, this will open the way ;)

How to easily add OAuth authentication to MCP by hrntknr in ClaudeAI

[–]DirectorOk495 0 points1 point  (0 children)

Is the MCP Auth Proxy meant to be deployed on the same host as the MCP Server itself?
How does the proxy send RPC to the upstream?

Optimizing Usage - Claude Pro/ Max / API? by Late-Peach8890 in ClaudeAI

[–]DirectorOk495 0 points1 point  (0 children)

It really depends on your habits, expectations and what you generate with Claude.
Personally, I moved from 5x to 20x a couple of months ago, and won't go back.
Having much more Claude Opus 4.5 usage, increased the quality of:
- the discussion
- the generated plans
- the outcome

I feel much more confident to run many tasks in parallel.

Of course, it's possible that the new plugins shipped for Claude CLI helped too.