Hacker News: mlenhard

Evolving OAuth Client Registration in the Model Context Protocol

mlenhard — Tue, 26 Aug 2025 12:35:12 +0000

Article URL: http://blog.modelcontextprotocol.io/posts/client_registration/

Comments URL: https://news.ycombinator.com/item?id=45025667

Points: 1

# Comments: 0

Monkey Patching Otel and Prometheus Support into MCP

mlenhard — Fri, 09 May 2025 14:33:56 +0000

Article URL: https://www.mcpevals.io/blog/adding-otel-and-prometheus-to-mcp

Comments URL: https://news.ycombinator.com/item?id=43937244

Points: 1

# Comments: 0

New comment by mlenhard in "Show HN: Klavis AI – Open-source MCP integration for AI applications"

mlenhard — Mon, 05 May 2025 17:41:07 +0000

I actually came across Plandex the other day. I haven't had the chance to play around with it yet, but it looked really cool.

But agree that even basic prompts can be a struggle. You often need to name the tool in the prompt to get things to work reliably, but that's an awful user experience. Tool call descriptions play a pretty vital role, but most MCP servers are severely lacking in this regard.

I hope this a result of everything being so new and the tooling and models will evolve to solve these issues over time.

New comment by mlenhard in "Show HN: Klavis AI – Open-source MCP integration for AI applications"

mlenhard — Mon, 05 May 2025 17:12:04 +0000

Agree on the unpredictability of results issue. Tool call selection is still sort of a black box.

How do you know what variations of a prompt trigger a given tool to be called or how many tools is too many before you start seeing degradation issues because of the context window. If you are building a client and not a server the issue becomes even more pronounced.

I even extracted the Claude electron source to see if I could figure out how they were doing it, but it's abstracted behind a network request. I'm guessing the system prompt handles tool call selection.

PS: I released an open source evals package if you're curious. Still a WIP, but does the basics https://github.com/mclenhard/mcp-evals

Tools vs. Agents: A Mathematical Framework

mlenhard — Thu, 01 May 2025 13:03:31 +0000

Article URL: https://www.mcpevals.io/blog/tools-vs-agents

Comments URL: https://news.ycombinator.com/item?id=43857138

Points: 2

# Comments: 0

Show HN: Open-source load balancer for distributed MCP server architecture

mlenhard — Wed, 16 Apr 2025 12:43:45 +0000

Like many others, I’ve been hacking on MCP servers lately. The issue I ran into was that running multiple MCP servers behind a unified backend was hard. I needed a way to combine all the tool calls from different MCP servers so the client got a unified view, route requests to the correct server based on the tool call, and maintain session affinity for SSE requests. This led me to build CATIE, which solves the above issues.

CATIE is a lightweight proxy that routes MCP requests to the appropriate backend services based on their content.

Key Features

- Content-Based Routing: Routes requests based on tool call. This allows server operators to use a micro-service architecture, with the user only installing one server. This separation allows server operators to scale tool calls independently.

- Unified Tool Call Response: Combine the tool list response from multiple MCP servers. - Session Stickiness: Maintains client connections to the same backend

- Pattern Matching: Uses regex patterns to route tool requests

- Real-time Monitoring: Simple dashboard to see traffic patterns and performance with built-in Prometheus integration.

- Backend Switching: Change where requests go without client reconfiguration

How It Works

CATIE sits between your clients and your MCP servers. When a request comes in, it:

- Parses the JSON-RPC request to understand what it's trying to do

- Applies your routing rules to determine the appropriate backend

- Forwards the request to the backend

- Maintains session stickiness for ongoing conversations

- Has a built-in UI for monitoring statistics and integrates with Prometheus

CATIE is fully open source under the MIT license. Contributions, feedback, and feature requests are all welcome!

- GitHub: https://github.com/mclenhard/catie-mcp - Docs: https://www.catiemcp.com/docs/

Comments URL: https://news.ycombinator.com/item?id=43704735

Points: 2

# Comments: 0

New comment by mlenhard in "Show HN: MCP-Shield – Detect security issues in MCP servers"

mlenhard — Tue, 15 Apr 2025 11:30:51 +0000

This is pretty cool. You should also attempt to scan resources if possible. Similar to the tool injection attack Invariant Labs discovered, I achieved the same result via resource injection [1].

The three things I want solved to improve local MCP server security are file system access, version pinning, and restricted outbound network access.

I've been running my MCP servers in a Docker container and mounting only the necessary files for the server itself, but this isn't foolproof. I know some others have been experimenting with WASI and Firecracker VMs. I've also been experimenting with setting up a squid proxy in my docker container to restrict outbound access for the MCP servers. All of this being said, it would be nice if there was a standard that was set up to make these things easier.

[1] https://www.bernardiq.com/blog/resource-poisoning/

New comment by mlenhard in "Everything wrong with MCP"

mlenhard — Mon, 14 Apr 2025 12:43:14 +0000

Yeah, you aren't far off with SQL injection comparison. That being said it's not really a fault of the MCP spec, more so with current client implementations of it.

New comment by mlenhard in "Everything wrong with MCP"

mlenhard — Mon, 14 Apr 2025 12:25:58 +0000

One of the biggest issues I see, briefly discussed here, is how one MCP server tool's output can affect other tools later in the same message thread. To prevent this, there really needs to be sandboxing between tools. Invariant labs did this with tool descriptions [1], but I also achieved the same via MCP resource attachments[2]. It's a pretty major flaw exacerbated by the type of privilege and systems people are giving MCP servers access to.

This isn't necessarily the fault of the spec itself, but how most clients have implemented it allows for some pretty major prompt injections.

[1] https://invariantlabs.ai/blog/mcp-security-notification-tool... [2] https://www.bernardiq.com/blog/resource-poisoning/

MCP Resource Poisoning Prompt Injection Attacks

mlenhard — Thu, 10 Apr 2025 13:19:19 +0000

Article URL: https://www.bernardiq.com/blog/resource-poisoning/

Comments URL: https://news.ycombinator.com/item?id=43643495

Points: 5

# Comments: 0

New comment by mlenhard in "The Agent2Agent Protocol (A2A)"

mlenhard — Thu, 10 Apr 2025 11:59:06 +0000

Yeah, I plan on improving the formatting and adding a few more examples. There were even still some typos in the piece. To be honest, I didn't plan on sharing it yet; I just figured it might be helpful for the OP, so I shared it early.

I also think the docs are pretty good. There's just something about seeing the actual network requests that helps clarify things for me.

New comment by mlenhard in "The Agent2Agent Protocol (A2A)"

mlenhard — Wed, 09 Apr 2025 16:23:38 +0000

Yeah, at its core it's just a proxy, so there are a lot of other tools out there that would do the job. It does have a nice UI and I try to support projects like it when I can.

I'll check out your proxy as well, I enjoy looking at anything built around networking.

New comment by mlenhard in "The Agent2Agent Protocol (A2A)"

mlenhard — Wed, 09 Apr 2025 15:22:47 +0000

I was in the same boat in regards to trying to find the actual JSON that was going over the wire. I ended up using Charles to capture all the network requests. I haven't finished the post yet, but if you want to see the actual JSON I have all of the request and responses here https://www.catiemcp.com/blog/mcp-transport-layer/

New comment by mlenhard in "Show HN: HyperDX Local – Open-source Datadog alternative for local debugging/dev"

mlenhard — Tue, 02 Apr 2024 16:08:48 +0000

super cool. Debugging locally across multiple microservices can be a huge pain.

A small feature request/idea - packaging this as a helm chart to make local development on something like Minkikube easier.

New comment by mlenhard in "Show HN: Hydra - Open-Source Columnar Postgres"

mlenhard — Tue, 19 Sep 2023 22:02:29 +0000

Congrats on the 1.0 Release, big milestone.

I'm personally really excited about all of the recent tooling for postgres aggregates. Definitely a pain point for a lot of developers and its easy to fall in trap where things work fine in the beginning and then query times explode as requirements change and the dataset grows. Nice to not have to spin up another DB in order to solve the problem as well.

New comment by mlenhard in "Show HN: Hydra 1.0 – open-source column-oriented Postgres"

mlenhard — Thu, 03 Aug 2023 16:44:38 +0000

Congrats on the launch!

For those who have not experimented with columnar based databases, I would highly recommend toying around with them.

The performance improvements can be substantial. Obviously there are drawbacks involved with integrating a new database into your infrastructure, so it is exciting to see columnar format introduced to Postgres. Removes the hurdle of learning, deploying and monitoring another database.