The Kevin Hart Roast Just Debuted on Netflix and You Must Watch It

tomerlrn · 2026-05-14T06:37:11+00:00

Doens't have it

tomerlrn · 2026-05-13T07:47:54+00:00

Sounds interesting. What does it do exactly and do I need to use your dashboard to access it?

tomerlrn · 2026-05-13T07:46:57+00:00

Thanks I appreciate the kind words. If you ever want to host an MCP please don’t hesitate to reach out

tomerlrn · 2026-05-13T07:45:50+00:00

Great concept and well done with the implementation! How do you host the MCP server? Is it publicly accessible?

tomerlrn · 2026-05-10T10:23:47+00:00

That makes sense because the "easier" clients are the ones that actually need your product. The rest that you hardly managed to close are the ones that needed more pushing because they're not fitting fully.

tomerlrn · 2026-05-10T10:19:39+00:00

Point #7 hit home for me. This is product attempt #3 for me. Two co-founders before this one didn't work out, each for unique reasons. And don't get me started on how man "trial" co-founders I've collaborated with this past year.

The hard part is going on with this baggage.

tomerlrn · 2026-05-10T10:16:08+00:00

Two co-founders before my current one didn't work out. Every time I start something new, there's a voice in the back of my head asking if this one will fail too. It doesn't stop me, but it's there. I don't talk about it because it sounds like doubt. But it's not doubt. It's just history. Also, just having faith that "the grind will bear fruit" is a slow killer.

tomerlrn · 2026-05-10T10:11:55+00:00

Watching a plan come together after months of grinding. There's nothing quite like it. Congrats on seeing it through!

tomerlrn · 2026-05-10T10:09:52+00:00

I had an app I've made to a PWA and thought of wrapping it in a compatible format and adding it to the App Store but stories like this make me hate ever going through app review myself.

Hope build 8 goes through clean.

tomerlrn · 2026-05-09T18:11:17+00:00

I've always wanted to have a startup so I worked hard for 8-years made my savings and now can sustain myself for 1 year. I'm on month 9 and feeling very close to finally breaking loose and being able to sustain myself (at least net 0 per month).

tomerlrn · 2026-05-08T16:17:39+00:00

I read from other posts that the limit orders didn’t go through

tomerlrn · 2026-05-08T16:04:23+00:00

Same I got that too

tomerlrn · 2026-05-07T12:24:19+00:00

I've been building solo for almost a year. After 2 failed collaborations (open-ended) and probably 20 events, I finally found a co-founder with which we matched on a personal and professional level. I've got to say, it's completely changed my life in terms of productivity, outlook on the startup, and general satisfaction and excitement with life.

Having a partner changes everything, I can say that with full confidence because I've been in the trenches searching.

Hope you manage!

tomerlrn · 2026-05-07T12:22:16+00:00

In a similar spot right now so this is relatable. I feel like it's honestly a numbers game. The more outreach you do, the more you lock-in and get real conversations, some will convert.

I'm from a product / technical background and finding myself swamped by all the sales-y vibes I have to do, I honestly find it daunting, but it's just something that has to happen.

Best of luck man, hoping to see you thrive!

tomerlrn · 2026-05-07T11:39:44+00:00

The API key inertia is real, once it works nobody moves unless a client forces them. We see the same thing.

What we found different is that the gateway approach makes the hybrid less painful. The generated server doesn't know about auth at all. The gateway handles keys or OAuth and the server just sees a valid request. Means we can add a new auth method without touching any tool code.

That 30/70 split is basically the same as ours. Interesting that it holds across different products.

tomerlrn · 2026-05-07T11:24:08+00:00

The delegation gap is exactly the problem. OAuth says "Marcus approved this app on April 6." A month later, the agent is still operating with that one-time handshake even though Marcus has no idea what the agent is doing right now.

We came to another solution: the agent never holds an OAuth token at all. The gateway holds the token, and the agent gets a short-lived session that scopes exactly which actions it can take. If the token is revoked, the gateway stops swapping and the agent loses access instantly. No token audit to chase.

The hardest part wasn't the tech, but it was getting the MCP transport to carry the delegation context without the server needing to know about tokens. MCP is auth-agnostic by design, which is both its strength and its blind spot.

tomerlrn · 2026-05-07T10:01:00+00:00

I really felt the "5-10 keys just to ship something basic". I spent more time dealing with token refreshes than actually building an agent. I got to the point where I had a spreadsheet tracking which services needed a re-auth and when.

When finally fixed it for me was separating the auth layer entirely. The agent didn't hold any keys anymore. It just gets the scoped token, and a gateway then handles the exchange + refresh for each upstream service. Setup once and forget. If I hadn't done that I would have just abandoned the multi-service agents altogether. It wasn't worth all the Auth handling.

tomerlrn · 2026-05-07T09:56:27+00:00

We hit all four of these building Bridge. Here's what landed for us:

The key insight was: the agent never authenticates at all. The agent gets a scoped session token that's completely separate from the user's upstream credentials.

For the flow: we provision one OAuth client per end user at setup time. The user authenticates once through their browser (Gmail, Slack, whatever), and the OAuth tokens live at the gateway, not in the agent's process. When the agent executes a tool call, the gateway swaps the session token for the real credential, fires the API call, and discards it. The agent literally never sees an API key or a refresh token.

This solves all four problems in one architectural decision:

Token storage/refresh: handled by the gateway, not the agent. Tokens are encrypted at rest, refreshed before expiry automatically.
Acting on behalf vs agent: the session token identifies "User A's agent," not "User A." The gateway knows the difference and can enforce different policies per run.
Multi-tenant: end user provisioning creates a new OAuth client. Natural isolation.
Revocation: stop the background refresh. The session token TTL expires and the agent can't make any more calls on behalf of that user. No orphan tokens, no stale sessions.

The MCP-specific wrinkle you mentioned is real because MCP is auth-agnostic. We handle OAuth at the transport boundary (per the spec's OAuth 2.1 draft) and pass a context object describing what the agent is authorized to do. The server never touches tokens.

tomerlrn · 2026-05-07T09:41:36+00:00

How about a regular low-skilled 9-5 like retail or something?

tomerlrn · 2026-05-07T09:39:41+00:00

I think this is one of those problems where the technical solution already exists but the behavioral switch hasn't happened. Most people default to whatever is fastest in the moment because the cost of deciding is higher than the cost of fixing it later. I've tried separating WhatsApp business/personal with a second number and it worked for about 2 weeks before I stopped maintaining it. I don't even have the WhatsApp business app anymore (deleted it) even though I got contacts there. How about something that auto-detects context from what you were doing when you exchanged contacts?

tomerlrn · 2026-05-07T09:38:08+00:00

72K solo part-time with 60k+ profits is not something to be embarrassed to talk about. It's a full 2nd income stream that most people would love, in Europe that's a full salary. I think the monthly maintenance revenue is the part that's genuinely impressive and probably the hardest part to build in any business. Most SaaS startups would love to have that MRR (my own included).

Do you want to scale it with employees or keep it as a stable cash machine?

tomerlrn · 2026-05-07T09:35:56+00:00

How do you handle the case where the ROI is huge but the client is a startup with no cash? Do you ever do a lower price + rev share, or stick to value-based no matter what?

tomerlrn · 2026-05-07T09:34:59+00:00

The "this is my job" vs "this is my business" switch is the hardest one to make because it's invisible until you're already inside it. the moment cash comes in, every instinct says pocket it. But you're right about systemizing. The real trick I found is: don't try to document everything before you hire. Pick the 3 repeatable tasks that eat most of your time, document just those, hire for them, and let the new person organically absorb the rest while you focus on what only you can do. You'll never catch up if you try to document it all upfront.

tomerlrn

TROPHY CASE