<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Composio</title>
    <description>The latest articles on DEV Community by Composio (composiodev).</description>
    <link>https://dev.to/composiodev</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Forganization%2Fprofile_image%2F9157%2Fdf89ab52-2d48-474b-a971-087232b09f19.png</url>
      <title>DEV Community: Composio</title>
      <link>https://dev.to/composiodev</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/composiodev"/>
    <language>en</language>
    <item>
      <title>The Enterprise MCP Gateway Buyer's Guide: SSO, SCIM, Audit, and Governance Requirements</title>
      <dc:creator>Dumebi Okolo</dc:creator>
      <pubDate>Sun, 05 Jul 2026 22:31:54 +0000</pubDate>
      <link>https://dev.to/composiodev/the-enterprise-mcp-gateway-buyers-guide-sso-scim-audit-and-governance-requirements-ho7</link>
      <guid>https://dev.to/composiodev/the-enterprise-mcp-gateway-buyers-guide-sso-scim-audit-and-governance-requirements-ho7</guid>
      <description>&lt;p&gt;&lt;em&gt;MCP gateways are becoming mandatory infrastructure for any organization deploying AI agents at scale. Here is what they actually do, what they must do, and how to evaluate one honestly.&lt;/em&gt;&lt;/p&gt;




&lt;p&gt;In November 2024, Anthropic released the Model Context Protocol: a wire format for connecting AI clients to tools, data sources, and APIs. Eighteen months later, MCP has crossed 78% adoption among production AI engineering teams. The public registry has passed 9,400 servers. Anthropic, OpenAI, Google, and Microsoft all support it. Practitioners have started calling it "the USB-C of AI applications."&lt;/p&gt;

&lt;p&gt;The protocol's success created an infrastructure problem that nobody anticipated at quite this speed. Every MCP server connection expands an organization's attack surface. Every AI agent operating with tool access can read private data, write to production systems, and execute commands under the permissions of whoever authorized it. Without a governance layer, these agents are black boxes: no audit trail, no access control, no identity attribution, no way to answer "what did this agent do?" to an auditor.&lt;/p&gt;

&lt;p&gt;The answer the market has converged on is an MCP gateway: a control plane that sits between AI agents and the tools they call. But the term covers a lot of ground, from lightweight protocol proxies to full enterprise governance platforms. The differences are significant. Getting the choice wrong creates compliance exposure; getting it right creates the foundation for scaling AI safely.&lt;/p&gt;

&lt;h2&gt;
  
  
  What a gateway actually is
&lt;/h2&gt;

&lt;p&gt;The core function of an MCP gateway is collapsing what engineers call the N×M integration problem. Without a gateway, every AI agent manages its own credentials, authentication flows, and access policies for every tool it connects to. &lt;/p&gt;

&lt;p&gt;Ten agents and twenty tools produce two hundred independent connection paths, each with its own credentials, each potentially leaking secrets, each invisible to anyone trying to govern AI behavior centrally. A gateway reduces that to a single control point: N agents connect to the gateway; the gateway manages access to M tools.&lt;/p&gt;

&lt;p&gt;That description makes it sound like a proxy. It is not just a proxy. The proxy, the routing layer, accounts for roughly five percent of what an enterprise-grade gateway actually delivers. The remaining ninety-five percent is everything else: identity federation, automated user provisioning, audit logging, role-based access control, policy enforcement, and protection against attack vectors that API gateways from the previous decade were never designed to handle.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;"The proxy is roughly 5% of the actual scope. The rest is what makes it usable, governed, and defensible to your security team."&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;This distinction matters for procurement. Organizations that evaluate gateways primarily on latency benchmarks and integration counts are optimizing for the five percent. The ninety-five percent, whether the gateway can prove, in a form an auditor accepts, who did what, is what determines whether the deployment is actually enterprise-grade.&lt;/p&gt;

&lt;p&gt;The Composio MCP Gateway is designed around this reality. Rather than selling a proxy and calling it governance, it ships the full stack: 1,000+ managed integrations across enterprise SaaS, a unified authentication layer, action-level RBAC, zero data-retention architecture (tool call payloads and credentials are never stored on Composio infrastructure), and SOC 2 and ISO certification. The quickstart takes about ten minutes; the governance layer is built in from the start, not bolted on later.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fh1dbh6hq00ruqok0bcpb.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fh1dbh6hq00ruqok0bcpb.png" alt="How An MCP Gateway Collapses" width="800" height="494"&gt;&lt;/a&gt;&lt;/p&gt;




&lt;h2&gt;
  
  
  The four things that cannot be missing
&lt;/h2&gt;

&lt;p&gt;Across the compliance frameworks that govern enterprise AI deployments (SOC 2, HIPAA, GDPR, ISO 27001, and now the EU AI Act), four governance capabilities appear repeatedly, either explicitly or implicitly. Absence of any one of them creates either regulatory exposure or operational failures that scale into incidents.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fn25oypjkqt2tfskyh2lu.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fn25oypjkqt2tfskyh2lu.png" alt="mcp-governance-pillars" width="799" height="482"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  1. Identity federation and SSO
&lt;/h3&gt;

&lt;p&gt;Without SSO integration, agents authenticate using shared service account credentials or locally-stored API keys. This creates credential sprawl, blocks user-level attribution in audit logs, and prevents IT from revoking access cleanly when an employee departs. With federated identity, every tool call carries the identity of the specific user who authorized it, flowing through the gateway from the enterprise identity provider down to the MCP server.&lt;/p&gt;

&lt;p&gt;The technical baseline is support for OAuth 2.1,  standardized in the MCP specification in June 2025, alongside SAML 2.0 for enterprise SSO and OpenID Connect for modern attribute mapping. &lt;/p&gt;

&lt;p&gt;But the capability that separates governance-capable gateways from identity-aware proxies is &lt;strong&gt;On-Behalf-Of (OBO) token propagation&lt;/strong&gt;: the pattern where a gateway passes the end-user identity downstream to the MCP server rather than substituting a service account. Without OBO, an audit log records "gateway service account called database write tool." With OBO, it records "Elena Mwangi in Finance called database write tool at 14:32 UTC." The difference is the difference between an audit log and an audit trail.&lt;/p&gt;

&lt;p&gt;Composio's MCP Gateway handles this through SSO via SAML and OIDC, with documented integrations for Okta, Microsoft Entra ID, and Google Workspace. Every team gets a unique, scoped MCP endpoint. Developers paste it into Claude, Cursor, or ChatGPT. SSO authenticates. Only the tools their team is authorized to use appear, and there is no separate configuration step to restrict visibility.&lt;/p&gt;

&lt;p&gt;One practical concern worth flagging: identity provider integrations that look stable can break silently. Microsoft Entra changed its attribute mapping behavior for synchronized users in late 2024 without a deprecation notice. Every such change is a potential gap in governance coverage. When evaluating any gateway, ask vendors specifically how they monitor for and respond to IdP-side breaking changes.&lt;/p&gt;

&lt;h3&gt;
  
  
  2. SCIM provisioning
&lt;/h3&gt;

&lt;p&gt;SCIM — System for Cross-domain Identity Management — automates the user lifecycle at scale. New hires receive correct tool access on day one. Role changes propagate immediately to gateway permissions. Departing employees lose all access at the moment their directory account is disabled.&lt;/p&gt;

&lt;p&gt;Without SCIM, MCP gateway access management becomes a manual operation at every organizational boundary event. HIPAA requires that access to systems holding protected health information be revoked immediately upon role change or separation. SOC 2 CC6.2 requires that access be provisioned based on authorized requests and revoked promptly when no longer needed. Manual processes fail both tests at scale.&lt;/p&gt;

&lt;p&gt;The scenario that illustrates this most clearly: a developer departs on difficult terms. Legal advises IT to immediately revoke all access. IT disables the directory account. If SCIM is integrated, that change propagates to the gateway; every agent connection that developer had, from GitHub to Jira to Salesforce to internal APIs, terminates immediately. No gap exists between directory disabling and access revocation. Without SCIM, someone has to hunt and manually revoke individual credentials across every connected system. At any scale above a handful of users, some will be missed.&lt;/p&gt;

&lt;p&gt;Composio's SCIM 2.0 implementation maps directory groups to teams directly. The mapping logic is explicit and auditable: if &lt;code&gt;department = Engineering&lt;/code&gt; then &lt;code&gt;Team: engineering&lt;/code&gt;. New hires get the right tools on day one without any manual gateway configuration. The group sync is active and continuous, not a nightly batch job.&lt;/p&gt;

&lt;p&gt;For teams building toward this themselves: the build vs. buy analysis Composio published puts the engineering effort for SCIM provisioning at 4–8 weeks for a mid-sized team, before accounting for ongoing maintenance as IdP behavior changes. That estimate covers the SCIM endpoint, group sync logic, and conflict resolution. It does not cover the OAuth token lifecycle management that sits adjacent to it, which is typically another 4–8 weeks and carries higher ongoing maintenance cost.&lt;/p&gt;

&lt;h3&gt;
  
  
  3. Audit logging
&lt;/h3&gt;

&lt;p&gt;Audit logs answer the question every regulator and every security team will eventually ask: "what did your AI agents access, and when?" Without comprehensive, immutable, structured audit logs, the honest answer is "we don't know." That answer fails every compliance framework that governs regulated data.&lt;/p&gt;

&lt;p&gt;The minimum required fields per log entry are: timestamp in UTC at millisecond precision; user identity attributed through the IdP, not a service account; agent identity; MCP server and tool name invoked; tool input parameters; tool output or error state; authorization decision and the policy rule that produced it; and session identifier for multi-turn correlation. These fields are what make a log entry into evidence.&lt;/p&gt;

&lt;p&gt;Beyond minimum fields, enterprise-grade logs must be immutable after writing, tamper-evident, either through cryptographic signing or append-only storage. They must be structured for reliable SIEM ingestion. They must support configurable retention aligned to the organization's most demanding applicable requirement: HIPAA access records for protected health information require six-year retention; SOC 2 typically requires twelve months.&lt;/p&gt;

&lt;p&gt;Composio's audit trail logs every tool call as: user, team, tool, action, outcome. Critically, &lt;strong&gt;no payloads are stored&lt;/strong&gt; , only metadata. This zero data-retention architecture matters for regulated industries where storing tool call contents on third-party infrastructure creates its own compliance risk. The logs support CSV export for compliance reviews, and retention is configurable from 7 days to 1 year. The audit log format generates entries compliant with SOC 2, HIPAA, and GDPR requirements.&lt;/p&gt;

&lt;h3&gt;
  
  
  4. Policy enforcement
&lt;/h3&gt;

&lt;p&gt;The fourth pillar is where identity, provisioning, and audit turn from documentation tools into enforcement tools. Policy enforcement means the gateway doesn't just record that an agent attempted to call a destructive action. It blocks the call if the agent's role doesn't permit it.&lt;/p&gt;

&lt;p&gt;The critical implementation detail is the granularity at which access control operates. Standard RBAC in legacy API gateways operates at the API endpoint level. MCP gateway RBAC must operate at the action level within each toolkit. A GitHub integration may expose &lt;code&gt;GITHUB_CREATE_PR&lt;/code&gt;, &lt;code&gt;GITHUB_MERGE_PR&lt;/code&gt;, and &lt;code&gt;GITHUB_DELETE_REPO&lt;/code&gt;. Governance requires that a junior developer role can call the first two but not the third, without blocking access to the GitHub toolkit entirely.&lt;/p&gt;

&lt;p&gt;Composio enforces action-level RBAC at the gateway layer, not at the model layer. Each team gets a scoped MCP endpoint exposing only the tools they are authorized to use. Destructive actions within allowed toolkits — &lt;code&gt;GITHUB_DELETE_REPO&lt;/code&gt;, &lt;code&gt;SLACK_DELETE_CHANNEL&lt;/code&gt; — can be blocked independently of toolkit access. This is enforced in the gateway: if a model tries to call a blocked action, the gateway refuses it regardless of what the model was instructed to do.&lt;/p&gt;

&lt;p&gt;The access model supports both whitelist and blacklist modes. Teams can request access to blocked tools; admins approve or deny. This creates a self-service discovery path that doesn't require IT to anticipate every team's tooling needs in advance, while retaining central control over what actually gets enabled.&lt;/p&gt;




&lt;h2&gt;
  
  
  Attack vectors that API gateways were not built for
&lt;/h2&gt;

&lt;p&gt;Traditional API gateways were built for HTTP traffic between services. MCP traffic between AI agents and tool servers introduces attack vectors that legacy infrastructure was never designed to handle.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Tool poisoning&lt;/strong&gt; places instructions inside tool Metadata, specifically in tool descriptions and parameter documentation that AI models read to understand how tools work. If descriptions contain adversarial instructions, the model may execute them. Unlike prompt injection, tool poisoning persists across sessions: it affects every agent that interacts with the tool, not just the session in which the attack was introduced.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Rug pull attacks&lt;/strong&gt; are tool poisoning with a delayed trigger. A server publishes clean, vetted tool definitions at the time of security review. After approval, the operator modifies descriptions to inject malicious instructions. Without tool hash pinning, hashing tool descriptions on first scan and alerting when they change, the gap between approved state and live state can persist indefinitely.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Prompt injection via tool output&lt;/strong&gt; embeds adversarial instructions in tool outputs  (document contents, database records, web page responses) that the agent ingests as legitimate input. The MCP specification only "SHOULD" require a human in the loop, which is insufficient protection in production environments handling sensitive data at agent speed.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Cross-server shadowing&lt;/strong&gt; is an MCP-specific threat with no analog in traditional API security. A malicious MCP server impersonates a trusted server or embeds instructions in tool metadata that override the behavior of adjacent servers in the same agent context.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Credential sprawl&lt;/strong&gt; is the most operationally common risk. Agents storing API keys, database passwords, and OAuth tokens in local configuration files create exposure through prompts, logs, or accidental repository commits. In multi-agent architectures, credentials propagate through chained tool calls in ways invisible without gateway-level telemetry.&lt;/p&gt;

&lt;p&gt;A security leader at Medtronic described the operational concern accurately: "MCP opens a lot of opportunities to do a lot of damage very quickly." The velocity at which autonomous agents can chain tool calls makes human review an insufficient backstop without gateway-level guardrails enforcing limits in real time.&lt;/p&gt;

&lt;p&gt;Composio's zero data-retention architecture addresses the credential sprawl risk directly: tool call payloads and credentials are never stored on Composio infrastructure. This eliminates the most common vector for credential exfiltration through the gateway layer itself.&lt;/p&gt;




&lt;h2&gt;
  
  
  What compliance frameworks actually require
&lt;/h2&gt;

&lt;p&gt;No compliance framework names MCP gateways explicitly. All of them implicitly require what a gateway provides: a centralized layer where AI tool access is governed, logged, and restricted.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;SOC 2&lt;/strong&gt; Trust Services Criteria CC6.1 through CC6.3 require access to be restricted to minimum necessary permissions, action-level RBAC satisfies this. CC7.2 and CC7.3 require monitoring and investigation of anomalies,  real-time audit log alerting and SIEM integration satisfy this. CC8.1 requires change management controls; access approval workflows and configurable retention policies satisfy this.&lt;/p&gt;

&lt;p&gt;For teams pursuing SOC 2 Type II certification, the observation period is at minimum six months. That means an organization that starts building its own gateway today won't have a reportable SOC 2 Type II audit for seven or eight months at the earliest, and that timeline assumes the controls were architected correctly from day one. Composio ships with SOC 2 Type II and ISO 27001 certification already in place, which removes this timeline entirely from the governance roadmap.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;HIPAA&lt;/strong&gt; adds a harder requirement: Business Associate Agreements. Any vendor that creates, receives, maintains, or transmits protected health information on an organization's behalf is a Business Associate and legally requires a signed BAA before any PHI touches their infrastructure. Composio's enterprise plan supports BAA execution. For healthcare organizations, this is a binary filter that precedes all technical evaluation: verify BAA availability before spending time on feature comparison.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;The EU AI Act&lt;/strong&gt;, whose high-risk system provisions became fully enforceable in August 2026, requires documented risk management, human oversight mechanisms, and technical evidence of controls for AI systems operating in healthcare, financial services, employment, and critical infrastructure. MCP gateway audit logs are the primary evidence artifact for conformity assessment. Organizations that have not established audit logging infrastructure before enforcement begins cannot retroactively generate evidence for the period before capture began.&lt;/p&gt;




&lt;h2&gt;
  
  
  The build vs. buy question, answered honestly
&lt;/h2&gt;

&lt;p&gt;Internal builds of MCP gateway infrastructure are a recurring theme in enterprise AI teams. The engineering argument is usually that "a proxy is a few weeks of work." That framing is accurate for the proxy. The full enterprise stack is different.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Component&lt;/th&gt;
&lt;th&gt;Build estimate&lt;/th&gt;
&lt;th&gt;Ongoing cost&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;MCP routing proxy&lt;/td&gt;
&lt;td&gt;2–4 weeks&lt;/td&gt;
&lt;td&gt;Low&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;OAuth 2.1 implementation&lt;/td&gt;
&lt;td&gt;3–6 weeks&lt;/td&gt;
&lt;td&gt;High — each SaaS app handles OAuth differently and changes without notice&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;SAML/OIDC IdP integration&lt;/td&gt;
&lt;td&gt;2–4 weeks&lt;/td&gt;
&lt;td&gt;Medium — silent breaking changes require active monitoring&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;SCIM provisioning endpoint&lt;/td&gt;
&lt;td&gt;4–8 weeks&lt;/td&gt;
&lt;td&gt;Medium&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Per-user OAuth token lifecycle&lt;/td&gt;
&lt;td&gt;4–8 weeks&lt;/td&gt;
&lt;td&gt;High&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Audit log infrastructure&lt;/td&gt;
&lt;td&gt;3–5 weeks&lt;/td&gt;
&lt;td&gt;Medium&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Action-level RBAC policy engine&lt;/td&gt;
&lt;td&gt;6–8 weeks&lt;/td&gt;
&lt;td&gt;High&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;15 SaaS integrations&lt;/td&gt;
&lt;td&gt;~15 weeks&lt;/td&gt;
&lt;td&gt;Ongoing per-integration maintenance&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;SOC 2 Type II observation period&lt;/td&gt;
&lt;td&gt;6+ months&lt;/td&gt;
&lt;td&gt;Continuous&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;The proxy is five percent of the scope. The OAuth maintenance burden is where most internal builds stall or quietly degrade over time: every SaaS application handles OAuth slightly differently, and those implementations change without notice. GitHub OAuth app permissions behave differently depending on whether the organization has SAML SSO enabled. Entra changed its attribute mapping behavior in late 2024 without a deprecation notice. Each change is a potential silent breakage.&lt;/p&gt;

&lt;p&gt;Buying wins for most teams because they are not buying a proxy, they are buying maintained integrations, per-user OAuth lifecycle management, SSO and SCIM support, RBAC enforcement, audit logging, and compliance readiness, with the maintenance burden sitting on the vendor rather than internal engineering. Composio's MCP Gateway developer quickstart gets a working agent connected to its first toolkit in about ten minutes. That's the realistic comparison point against a multi-month internal build.&lt;/p&gt;

&lt;p&gt;The cases where building makes sense are narrower: unique deployment constraints no vendor accommodates, classified network requirements, or organizations with the appetite to own the entire AI infrastructure stack as a long-term strategic investment.&lt;/p&gt;




&lt;h2&gt;
  
  
  How to evaluate a gateway honestly
&lt;/h2&gt;

&lt;p&gt;Start with deployment model. For organizations in healthcare, finance, or government where regulated data must remain within specific boundaries, deployment model is often a legal requirement before any technical comparison begins. Cloud-hosted managed gateways reduce time to production but involve data transiting vendor infrastructure. Self-hosted or VPC-deployed options provide data sovereignty. Composio operates as managed SaaS with a zero data-retention architecture as the default; for organizations requiring VPC or on-premises deployment, that narrows the field significantly and should be the first filter applied.&lt;/p&gt;

&lt;p&gt;After deployment model, evaluate in this sequence:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Identity depth.&lt;/strong&gt; Does the gateway support OBO token propagation, or does it substitute service accounts? Ask vendors for a sample audit log entry and verify that user identity is IdP-attributed, not a service account name.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;SCIM implementation.&lt;/strong&gt; Does it support SCIM 2.0 with push provisioning? What is the documented maximum deprovisioning latency? The deprovisioning case, an employee departure or a security incident requiring immediate access revocation, is where manual processes fail most expensively.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Audit log quality.&lt;/strong&gt; Require vendors to provide a sample log entry with all fields populated. Confirm the format is structured and suitable for SIEM ingestion. Confirm logs are immutable after writing. Confirm the retention policy can be configured to your longest applicable requirement. Ask whether PII redaction in tool parameters is configurable and, in Composio's case, whether the zero data-retention architecture means payloads aren't stored at all, which is the stronger answer.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Access control granularity.&lt;/strong&gt; Confirm that RBAC operates at the action level, not the toolkit level. A gateway that blocks or enables whole toolkits but cannot distinguish between &lt;code&gt;GITHUB_CREATE_PR&lt;/code&gt; and &lt;code&gt;GITHUB_DELETE_REPO&lt;/code&gt; is not implementing least-privilege access control.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Compliance certification.&lt;/strong&gt; Request the current SOC 2 Type II report date and auditor. Confirm whether a BAA is available. For European deployments, ask whether the vendor has documented controls relevant to EU AI Act high-risk system provisions. Composio's SOC 2 and ISO 27001 certifications are current, which shortens the security review process significantly.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;MCP-specific threat coverage.&lt;/strong&gt; Ask whether tool hash pinning is implemented and whether it generates alerts when tool definitions change post-approval. Ask whether tool metadata is scanned for hidden prompt instructions. These questions distinguish purpose-built MCP governance platforms from extended API management products.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Exit terms.&lt;/strong&gt; Gateway choice shapes AI adoption architecture for three to five years. Confirm that gateway configuration, audit logs, and access policies can be exported in standard formats, and that contract exit terms do not create data portability barriers.&lt;/p&gt;




&lt;h2&gt;
  
  
  What comes next
&lt;/h2&gt;

&lt;p&gt;The MCP specification continues to evolve. Client ID Metadata Documents, added in the November 2025 spec update, introduce a new mechanism for trusted client discovery. The Agent-to-Agent protocol is emerging as a complement to MCP for multi-agent orchestration, governing agent-to-agent delegation rather than agent-to-tool connectivity. Future enterprise governance will require control planes spanning both protocols.&lt;/p&gt;

&lt;p&gt;As AI agents gain persistent memory and state across sessions, the audit and governance scope expands beyond tool calls to memory operations and state modifications. Gateways scoped only to tool call governance will require extension as these capabilities become standard.&lt;/p&gt;

&lt;p&gt;The broader trajectory is toward federated multi-gateway architectures: separate gateway instances per business unit or geographic region with centralized policy management. This pattern addresses data residency requirements without requiring monolithic governance infrastructure. Including A2A roadmap questions in current gateway evaluations is forward-looking work that belongs in any RFP issued in 2026.&lt;/p&gt;




&lt;h2&gt;
  
  
  Wrapping Up,
&lt;/h2&gt;

&lt;p&gt;The teams establishing MCP governance infrastructure now  (building audit trails, connecting identity providers, implementing SCIM provisioning, enforcing action-level access policies) are building the foundation for AI adoption that compliance teams can accept and auditors can verify. The teams deferring governance are accumulating technical debt measured not in refactoring effort but in regulatory exposure.&lt;/p&gt;

&lt;p&gt;The audit log for last quarter does not exist if it was never captured. The SOC 2 observation period clock does not start until you start running controls. The EU AI Act conformity evidence is not retroactively generatable. The compliance timeline is contracting, and the enforcement mechanisms are real.&lt;/p&gt;

&lt;p&gt;For most teams moving from pilot to production, the practical starting point is a managed gateway that handles the ninety-five percent — Composio's MCP Gateway covers the integrations, the OAuth lifecycle, the SCIM provisioning, the action-level RBAC, the audit logging, and the compliance certifications in a single product. The developer quickstart takes ten minutes. The governance is not an afterthought.&lt;/p&gt;




&lt;p&gt;&lt;em&gt;Further reading:&lt;/em&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="https://composio.dev/content/what-is-mcp-gateway-and-why-your-enterprise-need-it" rel="noopener noreferrer"&gt;&lt;em&gt;What is an MCP Gateway and why your enterprise needs one&lt;/em&gt;&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://composio.dev/content/building-vs-buying-an-enterprise-mcp-gateway" rel="noopener noreferrer"&gt;&lt;em&gt;Building vs. buying an enterprise MCP gateway&lt;/em&gt;&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://composio.dev/content/mcp-gateways-guide" rel="noopener noreferrer"&gt;&lt;em&gt;MCP Gateways: a developer's guide to AI agent architecture&lt;/em&gt;&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://composio.dev/content/best-mcp-gateway-for-developers" rel="noopener noreferrer"&gt;&lt;em&gt;10 best MCP gateways for developers in 2026&lt;/em&gt;&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

</description>
      <category>ai</category>
      <category>webdev</category>
      <category>mcp</category>
      <category>beginners</category>
    </item>
    <item>
      <title>A Definitive Comparison Between Opencode &amp; Codex</title>
      <dc:creator>Developer Harsh</dc:creator>
      <pubDate>Fri, 03 Jul 2026 10:09:29 +0000</pubDate>
      <link>https://dev.to/composiodev/a-definitive-comparison-between-opencode-codex-dna</link>
      <guid>https://dev.to/composiodev/a-definitive-comparison-between-opencode-codex-dna</guid>
      <description>&lt;p&gt;If your daily workflow looks anything like mine, your terminal is where the actual work happens.&lt;/p&gt;

&lt;p&gt;After the &lt;a href="https://www.anthropic.com/engineering/april-23-postmortem" rel="noopener noreferrer"&gt;Claude Code fiasco&lt;/a&gt; back in April, I wanted a way out of Claude ecosystem. Codex and OpenCode were the default no-brainer choices.&lt;/p&gt;

&lt;p&gt;So I spent the last few months stress-testing Codex and OpenCode to see which one could actually replace Claude Code as my daily driver.&lt;/p&gt;

&lt;p&gt;So, here’s what I found out.&lt;/p&gt;




&lt;h2&gt;
  
  
  TL;DR: Quick Reference
&lt;/h2&gt;

&lt;p&gt;If you are in a hurry, this is the simplest way to think about the comparison.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Codex is the better default. OpenCode is the better power-user tool.&lt;/strong&gt; Codex wins when I want speed, polish, and fewer setup decisions. OpenCode wins when I want model freedom, lower cost, local execution, and more control over the agent loop.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Section&lt;/th&gt;
&lt;th&gt;Winner&lt;/th&gt;
&lt;th&gt;Why&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Onboarding, Setup, and Daily UX&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Codex&lt;/td&gt;
&lt;td&gt;Faster to start, cleaner defaults, easier daily workflow&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Models&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Tie&lt;/td&gt;
&lt;td&gt;Codex has the stronger default model stack; OpenCode has far more model freedom and with GLM 5.2 it’s on-par with GPT 5.5&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Pricing / Cost&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;OpenCode&lt;/td&gt;
&lt;td&gt;Cheaper for heavy usage if you use routing, caching, or lower-cost models&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Features and Workflows&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Tie&lt;/td&gt;
&lt;td&gt;Codex is better for delegation; OpenCode is better for iterative local work&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Ecosystem: MCP, Skills, Plugins&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Codex&lt;/td&gt;
&lt;td&gt;Simpler MCP and plugin setup; OpenCode is more transparent but more manual&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Harness Engineering&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Tie&lt;/td&gt;
&lt;td&gt;Codex has the better default harness; OpenCode has the more customizable harness&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Best overall for most users&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Codex&lt;/td&gt;
&lt;td&gt;Least friction, strongest defaults, smoother path from prompt to diff&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Best overall for power users&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;OpenCode&lt;/td&gt;
&lt;td&gt;Model choice, local execution, deeper control, and better cost optimization&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;&lt;strong&gt;My take:&lt;/strong&gt; I would recommend Codex to most users first. But for my own high-control workflow, OpenCode becomes more compelling over time because the extra setup turns into flexibility.&lt;/p&gt;




&lt;h2&gt;
  
  
  1. Onboarding, Setup, and Daily UX
&lt;/h2&gt;

&lt;p&gt;Onboarding and daily UX are too closely related to treat as separate sections.&lt;/p&gt;

&lt;p&gt;The first ten minutes decide how quickly I can start. The next ten days decide whether I actually want to keep using the tool. Codex wins the first part because it removes choices. OpenCode becomes more interesting later because the choices start turning into control.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Aspect&lt;/th&gt;
&lt;th&gt;Codex&lt;/th&gt;
&lt;th&gt;OpenCode&lt;/th&gt;
&lt;th&gt;&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Install speed&lt;/td&gt;
&lt;td&gt;~90 seconds, one path&lt;/td&gt;
&lt;td&gt;~3-5 minutes, more decisions&lt;/td&gt;
&lt;td&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;First impression&lt;/td&gt;
&lt;td&gt;Polished, guided, low-friction&lt;/td&gt;
&lt;td&gt;Developer-native, terminal-first, configurable&lt;/td&gt;
&lt;td&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Provider choice&lt;/td&gt;
&lt;td&gt;OpenAI only&lt;/td&gt;
&lt;td&gt;75+ providers and 1000+ models&lt;/td&gt;
&lt;td&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Configuration&lt;/td&gt;
&lt;td&gt;Minimal setup after sign-in&lt;/td&gt;
&lt;td&gt;API keys, model choice, working directory, config files&lt;/td&gt;
&lt;td&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Learning curve&lt;/td&gt;
&lt;td&gt;Shallow; usable in minutes&lt;/td&gt;
&lt;td&gt;Moderate; rewards 1-2 months of use&lt;/td&gt;
&lt;td&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Daily workflow&lt;/td&gt;
&lt;td&gt;Open, assign task, review diff&lt;/td&gt;
&lt;td&gt;Plan, inspect, steer, execute, repeat&lt;/td&gt;
&lt;td&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Customization&lt;/td&gt;
&lt;td&gt;Opinionated defaults&lt;/td&gt;
&lt;td&gt;Deep control over models, instructions, and local setup&lt;/td&gt;
&lt;td&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Best for&lt;/td&gt;
&lt;td&gt;Users who want the agent to stay out of the way&lt;/td&gt;
&lt;td&gt;Power users who want to tune the agent like a dev tool&lt;/td&gt;
&lt;td&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;h3&gt;
  
  
  &lt;strong&gt;Codex&lt;/strong&gt;
&lt;/h3&gt;

&lt;p&gt;I installed Codex in about 90 seconds:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;npm i &lt;span class="nt"&gt;-g&lt;/span&gt; @openai/codex
codex
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Then it was basically:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;sign in with ChatGPT,&lt;/li&gt;
&lt;li&gt;pick the project,&lt;/li&gt;
&lt;li&gt;start coding.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;That is the whole appeal. The model is already selected, GitHub integration feels native, and the default workflow does not ask me to make too many decisions. I can open Codex, describe the task, review the diff, and move on.&lt;/p&gt;

&lt;p&gt;This matters because a daily coding agent should not make me think about the agent more than the code.&lt;/p&gt;

&lt;p&gt;Codex feels strongest when I need:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;a quick prototype before standup,&lt;/li&gt;
&lt;li&gt;a PR review,&lt;/li&gt;
&lt;li&gt;a clean diff for a narrow task,&lt;/li&gt;
&lt;li&gt;a background refactor,&lt;/li&gt;
&lt;li&gt;a low-friction path from prompt to patch.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The tradeoff is that Codex is opinionated. I do not get much control over the model strategy, local runtime, or workflow shape. That is fine for most tasks, but limiting when I want to tune the agent like part of my dev environment.&lt;/p&gt;

&lt;h3&gt;
  
  
  &lt;strong&gt;OpenCode&lt;/strong&gt;
&lt;/h3&gt;

&lt;p&gt;I installed OpenCode with:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;curl &lt;span class="nt"&gt;-fsSL&lt;/span&gt; https://opencode.ai/install | bash
opencode
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Then the decisions started:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Which provider do I want?&lt;/li&gt;
&lt;li&gt;Do I want the Go tier?&lt;/li&gt;
&lt;li&gt;Which model should be the default?&lt;/li&gt;
&lt;li&gt;Which API keys do I need?&lt;/li&gt;
&lt;li&gt;Which working directory should it use?&lt;/li&gt;
&lt;li&gt;How much should I configure up front?&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;That makes OpenCode feel slower on day one. It is not the tool I would recommend to someone who hates setup decisions.&lt;/p&gt;

&lt;p&gt;But the same friction becomes useful once I understand the system. OpenCode gives me control over the parts Codex hides:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;I can switch providers and models based on task type,&lt;/li&gt;
&lt;li&gt;use local models through Ollama or LM Studio,&lt;/li&gt;
&lt;li&gt;inspect the plan before execution,&lt;/li&gt;
&lt;li&gt;steer the agent step by step,&lt;/li&gt;
&lt;li&gt;encode project preferences in instruction files,&lt;/li&gt;
&lt;li&gt;keep the loop close to my repo and tools.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This makes OpenCode feel less like a polished single-purpose coding agent and more like a configurable development environment.&lt;/p&gt;

&lt;p&gt;The downside is cognitive overhead. OpenCode asks me to participate more, and that is not always what I want for routine work. But for serious refactors, debugging sessions, or production changes where I want to watch the agent think before it acts, the extra control is worth the friction.&lt;/p&gt;

&lt;h3&gt;
  
  
  Verdict
&lt;/h3&gt;

&lt;p&gt;Codex wins onboarding. OpenCode wins long-term control.&lt;/p&gt;

&lt;p&gt;If I am recommending a tool to a teammate who wants the least friction, I would recommend Codex. It is faster to start, easier to understand, and better for users who just want the agent to stay out of the way.&lt;/p&gt;

&lt;p&gt;If I am picking a tool for my own high-control workflow, OpenCode becomes more compelling over time. The setup is heavier, but the payoff is model flexibility, local execution, and tighter steering.&lt;/p&gt;

&lt;p&gt;For this section, Codex wins because the first-use and default daily experience are cleaner.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;OpenCode - 0, Codex - 1&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h2&gt;
  
  
  2. Models: Codex vs OpenCode
&lt;/h2&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Aspect&lt;/th&gt;
&lt;th&gt;Codex&lt;/th&gt;
&lt;th&gt;OpenCode&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Model Availability&lt;/td&gt;
&lt;td&gt;GPT-5.5 only&lt;/td&gt;
&lt;td&gt;~75 providers, 1000+ models&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Token Efficiency&lt;/td&gt;
&lt;td&gt;Optimized for GPT-5.5&lt;/td&gt;
&lt;td&gt;40-60% fewer tokens (MiMo)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Model Switching&lt;/td&gt;
&lt;td&gt;Single model, all tasks&lt;/td&gt;
&lt;td&gt;Switch between models per task&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Top Performers&lt;/td&gt;
&lt;td&gt;GPT-5.5 (58.6%)&lt;/td&gt;
&lt;td&gt;Qwen 3.7 (60.6%), MiMo-V2.5&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Cost Per Token&lt;/td&gt;
&lt;td&gt;$30-180 per million tokens&lt;/td&gt;
&lt;td&gt;Varies; DeepSeek $0.14-0.28&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Best For&lt;/td&gt;
&lt;td&gt;Best-in-class performance&lt;/td&gt;
&lt;td&gt;Cost-conscious, flexible workflows&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;h3&gt;
  
  
  &lt;strong&gt;Codex&lt;/strong&gt;
&lt;/h3&gt;

&lt;p&gt;The first time I ran Codex with GPT-5.5, it felt like the whole system was purpose-built around it.&lt;/p&gt;

&lt;p&gt;OpenAI’s headline is “better results with fewer tokens.” The more interesting story is &lt;em&gt;how&lt;/em&gt; they got there: Codex is a tightly tuned pipeline where the prompts, context management, tool-calling, and evaluation loop are all optimized for GPT models. This is similar to Claude &lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;OpenAI designed GPT-5.5 specifically for agentic coding, then adjusted Codex to leverage its full capabilities. GPT-5.5 uses 40% fewer output tokens than GPT-5.4 on the same Codex tasks.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;Every task I run through Codex uses this same tuned pipeline. It's like having a senior engineer trained specifically for your workflow, focused on results, rather than decisions&lt;/p&gt;

&lt;h3&gt;
  
  
  &lt;strong&gt;OpenCode&lt;/strong&gt;
&lt;/h3&gt;

&lt;p&gt;OpenCode provides integration with ~75 different providers across 1000+ models, and one might be intimidated by the cost they would incur. I had the same.  &lt;/p&gt;

&lt;p&gt;But as I  looked at benchmark data, I found something: &lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Qwen 3.7 maxes out at 60.6% on SWE-Bench Pro,&amp;nbsp;beating GPT-5.5's 58.6%.&lt;/li&gt;
&lt;li&gt;MiMo-V2.5-Pro uses 40-60% fewer tokens than GPT-5.4 for comparable output.&lt;/li&gt;
&lt;li&gt;DeepSeek V4-Flash costs $0.14 per million tokens for input / $0.28 for output, compared to $30 per million tokens&amp;nbsp;for input / $180 per million tokens for&amp;nbsp;output for GPT-5.5.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The hidden insight: &lt;strong&gt;I don't need the same model for every task.&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Architecture decisions: Qwen.&lt;/li&gt;
&lt;li&gt;Boilerplate: DeepSeek.&lt;/li&gt;
&lt;li&gt;Bug fixing: MiMo.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;If you want automation, you can connect OpenCode with&amp;nbsp;smart model routers as well; they will do the heavy lifting. &lt;/p&gt;

&lt;p&gt;This was the learning curve I was talking about earlier: model routing.&lt;/p&gt;

&lt;h3&gt;
  
  
  Verdict
&lt;/h3&gt;

&lt;p&gt;If you ask me: &lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;GPT 5.5 is undeniably the better model than anything open-source can offer right now. Though Kimi 2.7 and GLM 5.2 are great models with near SOTA coding performance.&lt;/li&gt;
&lt;li&gt;OpenCode definitely gives the freedom to select any model one wants, plus at a lower cost. For cost-conscious people, this is definitely a USP.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Codex with GPT 5.5 and OpenCode with GLM 5.2 are match made in labs. So, at this point, it’s tie.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;OpenCode - 1,  Codex - 2&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h2&gt;
  
  
  3. Pricing / Cost: Codex vs OpenCode
&lt;/h2&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Aspect&lt;/th&gt;
&lt;th&gt;Codex&lt;/th&gt;
&lt;th&gt;OpenCode&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Entry Price&lt;/td&gt;
&lt;td&gt;Plus at $20/month&lt;/td&gt;
&lt;td&gt;Go tier at $10/month&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Professional Cost&lt;/td&gt;
&lt;td&gt;$100-200/month&lt;/td&gt;
&lt;td&gt;$10-50/month (with routing)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Cost Savings&lt;/td&gt;
&lt;td&gt;No optimization options&lt;/td&gt;
&lt;td&gt;~70% reduction with smart routing&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Token Caching&lt;/td&gt;
&lt;td&gt;Limited caching&lt;/td&gt;
&lt;td&gt;Built-in, reduces cost ~70%&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Pricing Model&lt;/td&gt;
&lt;td&gt;Monthly subscription fixed&lt;/td&gt;
&lt;td&gt;Pay per token (variable)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Best For&lt;/td&gt;
&lt;td&gt;Predictable monthly budgets&lt;/td&gt;
&lt;td&gt;Budget-conscious developers&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;h3&gt;
  
  
  &lt;strong&gt;Codex&lt;/strong&gt;
&lt;/h3&gt;

&lt;p&gt;Codex comes bundled with ChatGPT Plus at $20/month, which sounds cheap until you start using it heavily.&lt;/p&gt;

&lt;p&gt;Here's my actual usage pattern:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Lightweight tasks: 2-3 sessions/day (covers with Plus)&lt;/li&gt;
&lt;li&gt;Serious refactoring: 4-7 hours/day (exhausts Plus)&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;When I upgraded to Pro ($100/month), things got a  little smoother. I never hit limits. But I'm now paying $1,200/year for what I actually use.&lt;/p&gt;

&lt;p&gt;That’s not a number; it's the real cost for a professional who codes 6+ hours/day, which is around&amp;nbsp;&lt;strong&gt;$100-$200/month&lt;/strong&gt;.&lt;/p&gt;

&lt;h3&gt;
  
  
  &lt;strong&gt;OpenCode&lt;/strong&gt;
&lt;/h3&gt;

&lt;p&gt;OpenCode Go is $10/month or less, but only if you actually need to figure out which models to use for which tasks.&lt;/p&gt;

&lt;p&gt;Here's my actual usage pattern:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Day 1: Confused about model selection (burning tokens on wrong model choices)&lt;/li&gt;
&lt;li&gt;Day 10: I figured out routing: Boilerplate → one model, Architecture → another, token cost starts dropping&lt;/li&gt;
&lt;li&gt;Day 30: Smart routing is dialed in (DeepSeek for routine, Qwen for complex, local models for edge cases), making costs fixed around $10/month tier&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;When I finally cracked the model-routing puzzle by month 2, I realized the real hidden advantage:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;Cached tokens cost a fraction of the normal price. So my $0.50/session cost was actually closer to $0.15 with caching baked in.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;According to the estimate, the real cost for a professional with smart routing is around &lt;strong&gt;$10-$50/month&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;That’s a ~70% deduction and makes switching non-negotiable.&lt;/p&gt;

&lt;h3&gt;
  
  
  Verdict
&lt;/h3&gt;

&lt;p&gt;Clearly, Open Code wins on this one.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;OpenCode - 2 , Codex - 2&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h2&gt;
  
  
  3. Features and Workflows
&lt;/h2&gt;

&lt;p&gt;This is where Codex and OpenCode start to feel like fundamentally different products.&lt;/p&gt;

&lt;p&gt;Codex is built around &lt;strong&gt;delegation&lt;/strong&gt;. OpenCode is built around &lt;strong&gt;iteration&lt;/strong&gt;.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Aspect&lt;/th&gt;
&lt;th&gt;Codex&lt;/th&gt;
&lt;th&gt;OpenCode&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Core workflow&lt;/td&gt;
&lt;td&gt;Define goal → delegate → review result&lt;/td&gt;
&lt;td&gt;Plan → review → execute → adjust&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Best interaction style&lt;/td&gt;
&lt;td&gt;High-level task assignment&lt;/td&gt;
&lt;td&gt;Tight local feedback loop&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Goal setting&lt;/td&gt;
&lt;td&gt;
&lt;code&gt;/goal&lt;/code&gt; command for scoped outcomes&lt;/td&gt;
&lt;td&gt;Plan mode + repo instructions&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Iteration speed&lt;/td&gt;
&lt;td&gt;Better for longer background tasks&lt;/td&gt;
&lt;td&gt;Better for fast back-and-forth changes&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Local capability&lt;/td&gt;
&lt;td&gt;Cloud-first&lt;/td&gt;
&lt;td&gt;Local-first with Ollama/LM Studio support&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Real-time control&lt;/td&gt;
&lt;td&gt;Review changes after the agent runs&lt;/td&gt;
&lt;td&gt;Review and steer before execution&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Best for&lt;/td&gt;
&lt;td&gt;Overnight refactors, PR prep, delegated work&lt;/td&gt;
&lt;td&gt;Interactive development, debugging, learning&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;h3&gt;
  
  
  &lt;strong&gt;Codex&lt;/strong&gt;
&lt;/h3&gt;

&lt;p&gt;Codex feels strongest when I treat it like an engineering teammate I can delegate to.&lt;/p&gt;

&lt;p&gt;The app lets me set up multi-agent workflows for longer-running execution:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;One agent reviews PRs,&lt;/li&gt;
&lt;li&gt;another fixes bugs,&lt;/li&gt;
&lt;li&gt;a third updates documentation.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;I close my laptop and come back to the result. That makes Codex especially good for large refactors, GitHub-native workflows, team delegation, and background engineering work.&lt;/p&gt;

&lt;p&gt;The underrated feature here is Codex’s &lt;code&gt;/goal&lt;/code&gt; command. Instead of giving the agent a vague task like “improve this repo,” I can define the actual outcome I want:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;reduce flaky tests,&lt;/li&gt;
&lt;li&gt;migrate a module,&lt;/li&gt;
&lt;li&gt;clean up auth logic,&lt;/li&gt;
&lt;li&gt;prepare a PR-ready refactor.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Codex then uses that goal as the anchor for planning, execution, and review. That makes long-running delegated work feel less like prompting and more like assigning a scoped engineering objective.&lt;/p&gt;

&lt;h3&gt;
  
  
  &lt;strong&gt;OpenCode&lt;/strong&gt;
&lt;/h3&gt;

&lt;p&gt;OpenCode does not have a direct &lt;code&gt;/goal&lt;/code&gt; equivalent, but its workflow solves the same problem differently.&lt;/p&gt;

&lt;p&gt;Instead of asking me to assign a goal and wait for the result, OpenCode keeps me inside a tight loop:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;define what I want,&lt;/li&gt;
&lt;li&gt;inspect the proposed plan,&lt;/li&gt;
&lt;li&gt;adjust the approach,&lt;/li&gt;
&lt;li&gt;execute,&lt;/li&gt;
&lt;li&gt;review the result,&lt;/li&gt;
&lt;li&gt;repeat.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This is where Plan mode becomes important. It gives me a goal-like workflow without hiding the intermediate reasoning. I can see what OpenCode intends to do before it touches the codebase, which is useful when I am debugging, exploring unfamiliar code, or doing refactors where I want control over every step.&lt;/p&gt;

&lt;p&gt;OpenCode also pairs well with repo-level instruction files like &lt;code&gt;AGENTS.md&lt;/code&gt;. That makes its goal-setting less polished than Codex’s &lt;code&gt;/goal&lt;/code&gt;, but more customizable. I can encode project conventions, testing expectations, architecture rules, and workflow preferences once, then reuse them across sessions.&lt;/p&gt;

&lt;p&gt;The other major advantage is local execution. I can pair OpenCode with Ollama or LM Studio and run the agentic loop on my own machine with zero API calls. For security-sensitive work, regulated codebases, or local-first development, this is a real advantage.&lt;/p&gt;

&lt;h3&gt;
  
  
  Verdict
&lt;/h3&gt;

&lt;p&gt;This one depends on how I want to work.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Codex wins for delegation:&lt;/strong&gt; give it a scoped objective, let it run, and review the result later.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;OpenCode wins for iteration:&lt;/strong&gt; inspect the plan, steer the agent, and keep the feedback loop tight.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Codex feels more polished. OpenCode feels more controllable.&lt;/strong&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;For routine background work, I prefer Codex. For interactive development and learning inside a codebase, I prefer OpenCode.&lt;/p&gt;

&lt;p&gt;Tie.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;OpenCode - 3, Codex - 3&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h2&gt;
  
  
  4. Ecosystem (MCP + Skills +  Plugins)
&lt;/h2&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Aspect&lt;/th&gt;
&lt;th&gt;Codex&lt;/th&gt;
&lt;th&gt;OpenCode&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;MCP Setup&lt;/td&gt;
&lt;td&gt;CLI commands (&lt;code&gt;codex mcp add&lt;/code&gt;)&lt;/td&gt;
&lt;td&gt;Manual config via &lt;code&gt;.opencode/mcp-config.json&lt;/code&gt;
&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Skill Installation&lt;/td&gt;
&lt;td&gt;Git clone to &lt;code&gt;~/.codex/skills/&lt;/code&gt;
&lt;/td&gt;
&lt;td&gt;Clone to &lt;code&gt;~/.opencode/skills/&lt;/code&gt;
&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Plugin Management&lt;/td&gt;
&lt;td&gt;Marketplace CLI integration&lt;/td&gt;
&lt;td&gt;Update &lt;code&gt;opencode.json&lt;/code&gt; manually&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Composio Integration&lt;/td&gt;
&lt;td&gt;One-click via marketplace&lt;/td&gt;
&lt;td&gt;Config file + manual setup&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;User Friendliness&lt;/td&gt;
&lt;td&gt;More convenient, less transparent&lt;/td&gt;
&lt;td&gt;More transparent, less convenient&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Best For&lt;/td&gt;
&lt;td&gt;Users who want simplicity&lt;/td&gt;
&lt;td&gt;Developers who like transparency&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;You can have the best model, the best providers, and the best features and workflow, yet it means nothing if your models can’t talk to the real world and perform specified tasks in specified ways. &lt;/p&gt;

&lt;p&gt;Codex and OpenCode both offer: MCP, Plugin &amp;amp; Skills, but both function differently.&lt;/p&gt;

&lt;h3&gt;
  
  
  Codex
&lt;/h3&gt;

&lt;p&gt;Codex supports MCP integration. This is how easy it is to install:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;I am going with Composio, as I usually use multiple MCP servers, and it's a pain to connect to and configure each one securely and to make agents handle multiple tool calls intelligently.&lt;/p&gt;


&lt;/blockquote&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="c"&gt;# Add Composio MCP server to Codex&lt;/span&gt;
codex mcp add composio

&lt;span class="c"&gt;# Authenticate&lt;/span&gt;
codex mcp auth composio
&lt;span class="c"&gt;# Opens browser for OAuth&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Verify it's connected:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;codex mcp list
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Now, to make sure the MCP works properly, you can add skills with:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="nb"&gt;mkdir&lt;/span&gt; &lt;span class="nt"&gt;-p&lt;/span&gt; ~/.codex/skills
git clone https://github.com/ComposioHQ/awesome-codex-skills.git ~/.codex/skills/composio-connect
&lt;span class="c"&gt;# Restart Codex&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;You can also add the Composio plugin using:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;codex plugin marketplace add ComposioHQ/awesome-codex-plugins
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;And restart the app:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;codex
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;But to do the same in OpenCode is a little tricky.&lt;/p&gt;

&lt;h4&gt;
  
  
  Open Code
&lt;/h4&gt;

&lt;p&gt;OpenCode also supports MCP integration, but to add any MCP server, you need to update the config at &lt;code&gt;.opencode/mcp-config.json&lt;/code&gt; .&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="c"&gt;# .opencode/mcp-config.json&lt;/span&gt;
&lt;span class="o"&gt;{&lt;/span&gt;
  &lt;span class="s2"&gt;"mcp_servers"&lt;/span&gt;: &lt;span class="o"&gt;{&lt;/span&gt;
    &lt;span class="s2"&gt;"composio"&lt;/span&gt;: &lt;span class="o"&gt;{&lt;/span&gt;
      &lt;span class="s2"&gt;"type"&lt;/span&gt;: &lt;span class="s2"&gt;"remote"&lt;/span&gt;,
      &lt;span class="s2"&gt;"url"&lt;/span&gt;: &lt;span class="s2"&gt;"https://connect.composio.dev/mcp"&lt;/span&gt;
    &lt;span class="o"&gt;}&lt;/span&gt;
  &lt;span class="o"&gt;}&lt;/span&gt;
&lt;span class="o"&gt;}&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Certainly not the most friendly interface, but good for transparency, as you can see what goes into the MCP server.&lt;/p&gt;

&lt;p&gt;Next, add skills:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;git clone https://github.com/ComposioHQ/awesome-codex-skills ~/.opencode/skills/composio
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Restart OpenCode&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;opencode
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;This works because OpenCode looks for skills in project and global locations, including &lt;code&gt;.opencode/skills&lt;/code&gt;, &lt;code&gt;~/.config/opencode/skills&lt;/code&gt;, &lt;code&gt;.claude/skills&lt;/code&gt;, and &lt;code&gt;.agents/skills&lt;/code&gt; .&lt;/p&gt;

&lt;p&gt;You can also add the Composio plugin:&lt;/p&gt;

&lt;p&gt;Add to &lt;code&gt;opencode.json&lt;/code&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="o"&gt;{&lt;/span&gt;
  &lt;span class="s2"&gt;"plugin"&lt;/span&gt;: &lt;span class="o"&gt;[&lt;/span&gt;
    &lt;span class="s2"&gt;"opencode-composio"&lt;/span&gt;,
    &lt;span class="s2"&gt;"opencode-context7"&lt;/span&gt;
  &lt;span class="o"&gt;]&lt;/span&gt;
&lt;span class="o"&gt;}&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Save and restart OpenCode:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;opencode
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Done!&lt;/p&gt;

&lt;h3&gt;
  
  
  Verdict
&lt;/h3&gt;

&lt;p&gt;So Codex wins here due to process simplicity.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;Open Code - 3 , Codex - 4&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h2&gt;
  
  
  5. Harness Engineering
&lt;/h2&gt;

&lt;p&gt;The model matters, but the harness decides how that model sees the repo, plans changes, calls tools, handles errors, and recovers when something breaks. In practice, the harness is the difference between “the model is smart” and “the agent is reliable.”&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Aspect&lt;/th&gt;
&lt;th&gt;Codex&lt;/th&gt;
&lt;th&gt;OpenCode&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Implementation&lt;/td&gt;
&lt;td&gt;Rust-based, performance-focused CLI/app stack&lt;/td&gt;
&lt;td&gt;TypeScript core with Tauri desktop app&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Design philosophy&lt;/td&gt;
&lt;td&gt;Tightly optimized around OpenAI models&lt;/td&gt;
&lt;td&gt;Provider-agnostic and modular by design&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Context handling&lt;/td&gt;
&lt;td&gt;Strong default repo understanding with fewer choices&lt;/td&gt;
&lt;td&gt;More explicit control over model, context, and instructions&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Tool execution&lt;/td&gt;
&lt;td&gt;Permission profiles, hooks, sandboxed/cloud execution&lt;/td&gt;
&lt;td&gt;Local execution with permission gates and config-level control&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Feedback loop&lt;/td&gt;
&lt;td&gt;Optimized prompting, planning, and tool-calling pipeline&lt;/td&gt;
&lt;td&gt;LSP diagnostics fed back into the agent loop&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Strength&lt;/td&gt;
&lt;td&gt;Speed, polish, and low-friction execution&lt;/td&gt;
&lt;td&gt;Control, transparency, and production thoroughness&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Tradeoff&lt;/td&gt;
&lt;td&gt;Less model/harness customization&lt;/td&gt;
&lt;td&gt;More setup and slower execution&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Best for&lt;/td&gt;
&lt;td&gt;Fast implementation and delegated engineering tasks&lt;/td&gt;
&lt;td&gt;Complex refactors where correctness matters more than speed&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;h3&gt;
  
  
  &lt;strong&gt;Codex&lt;/strong&gt;
&lt;/h3&gt;

&lt;p&gt;Codex feels like a vertically integrated agent stack.&lt;/p&gt;

&lt;p&gt;The model, prompt format, context strategy, tool-calling behavior, permission model, and review flow all feel designed to work together. That is the advantage of a closed, OpenAI-first harness: fewer knobs, fewer setup decisions, and fewer ways to misconfigure the system.&lt;/p&gt;

&lt;p&gt;The strongest part is how little I have to think about the plumbing:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;permission profiles decide what the agent can touch,&lt;/li&gt;
&lt;li&gt;hooks let me run pre- and post-execution checks,&lt;/li&gt;
&lt;li&gt;GitHub and PR workflows feel native,&lt;/li&gt;
&lt;li&gt;tool calls are routed through a polished approval flow,&lt;/li&gt;
&lt;li&gt;cloud execution keeps risky changes away from my local machine until review.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Everything is tuned around GPT-5.5. That matters because Codex is not just calling a model; it is shaping how the model receives the repo, plans the task, executes commands, and presents diffs back to me.&lt;/p&gt;

&lt;p&gt;This is why Codex often feels faster than a generic agent using the same model. The harness reduces wasted motion. It does not ask me to design the workflow first; it gives me a working default and lets me move.&lt;/p&gt;

&lt;p&gt;The downside is that this optimization comes with a ceiling. If I want to change the model strategy, deeply customize the execution loop, or route different tasks through different providers, Codex gives me much less room to experiment.&lt;/p&gt;

&lt;h3&gt;
  
  
  &lt;strong&gt;OpenCode&lt;/strong&gt;
&lt;/h3&gt;

&lt;p&gt;OpenCode takes the opposite bet.&lt;/p&gt;

&lt;p&gt;Instead of optimizing one model inside one polished workflow, it gives you a modular harness that can work across providers, models, local runtimes, MCP servers, and repo-level instructions. It is less “batteries included,” but much more inspectable.&lt;/p&gt;

&lt;p&gt;The most important engineering choice is the feedback loop. OpenCode can feed Language Server Protocol diagnostics back into the agent while it works. If the agent introduces a TypeScript error, the next step can include that error as context, so the model has a chance to self-correct before I even review the final diff.&lt;/p&gt;

&lt;p&gt;That changes the feel of the tool. OpenCode may be slower, but it often behaves more like an engineer working with compiler feedback, not just a chatbot editing files.&lt;/p&gt;

&lt;p&gt;It also gives me more control over the harness itself:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;I can switch providers and models based on task type,&lt;/li&gt;
&lt;li&gt;keep project-specific behavior in &lt;code&gt;AGENTS.md&lt;/code&gt;,&lt;/li&gt;
&lt;li&gt;run locally with Ollama or LM Studio,&lt;/li&gt;
&lt;li&gt;wire in MCP tools manually,&lt;/li&gt;
&lt;li&gt;inspect config instead of trusting a black box.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This is why OpenCode tends to feel better for production refactors. The loop is tighter, the configuration is more visible, and the agent can use local development signals instead of only relying on the initial prompt and repo context.&lt;/p&gt;

&lt;p&gt;The tradeoff is obvious: more control means more responsibility. If the model choice is bad, the config is messy, or the repo instructions are vague, OpenCode will not hide that complexity from me.&lt;/p&gt;

&lt;h3&gt;
  
  
  Verdict
&lt;/h3&gt;

&lt;p&gt;Codex has the better &lt;strong&gt;default harness&lt;/strong&gt;. OpenCode has the better &lt;strong&gt;customizable harness&lt;/strong&gt;.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Codex wins on speed and polish:&lt;/strong&gt; it is optimized end-to-end for OpenAI models and gets me to a usable diff quickly.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;OpenCode wins on control and feedback:&lt;/strong&gt; LSP diagnostics, local execution, and provider flexibility make it stronger for careful refactors.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Codex abstracts the harness away. OpenCode exposes the harness and lets you tune it.&lt;/strong&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;For a quick implementation, I would pick Codex. For a high-stakes refactor where I want visibility into every step, I would pick OpenCode.&lt;/p&gt;

&lt;p&gt;This one is a tie, but for very different reasons.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;OpenCode - 4 , Codex - 5&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h2&gt;
  
  
  The Final Verdict: When To Choose What
&lt;/h2&gt;

&lt;p&gt;Clearly, OpenCode is the winner with 6 points, but real engineers leverage both for their specific needs :&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Codex for speed, overnight refactors, and production-critical work.&lt;/li&gt;
&lt;li&gt;OpenCode for smart model routing, optimized costs, and offline critical workflows.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;A simple table summarizes them.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;&lt;/th&gt;
&lt;th&gt;&lt;strong&gt;Codex&lt;/strong&gt;&lt;/th&gt;
&lt;th&gt;&lt;strong&gt;OpenCode&lt;/strong&gt;&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Best for&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;OpenAI ecosystem&lt;/td&gt;
&lt;td&gt;Cost control, model flexibility&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Setup&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Zero friction, bundled into ChatGPT subscripton&lt;/td&gt;
&lt;td&gt;Configure providers; slight model usage learning curve&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Autonomous work&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Cloud agent, good for overnight refactors&lt;/td&gt;
&lt;td&gt;Terminal agent; depends on your model&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Integrations&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;GitHub, PR review, Slack&lt;/td&gt;
&lt;td&gt;MCP; varies by setup&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Model choice&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;GPT-5 only&lt;/td&gt;
&lt;td&gt;75+ providers; Claude via API key only&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Offline&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;No&lt;/td&gt;
&lt;td&gt;Yes, with Ollama/LM Studio&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Transparency&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Token-based credits&lt;/td&gt;
&lt;td&gt;Full model + token visibility&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Real cost&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;$20–$200/mo&lt;/td&gt;
&lt;td&gt;Free BYOK, or ~$10–$50/mo routing&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;With a few months of usage, one thing is clear to me,&lt;/p&gt;

&lt;p&gt;Choosing Codex or Opencode models is not about which benchmarks perform better; it's about picking the one that matches your workflow. Both are good in their own right, and best leveraged based on the needs.&lt;/p&gt;

</description>
      <category>ai</category>
      <category>agents</category>
      <category>productivity</category>
      <category>programming</category>
    </item>
    <item>
      <title>Claude Code vs. OpenCode without the hype</title>
      <dc:creator>Shrijal Acharya</dc:creator>
      <pubDate>Thu, 21 May 2026 13:55:18 +0000</pubDate>
      <link>https://dev.to/composiodev/claude-code-vs-opencode-without-the-hype-j1f</link>
      <guid>https://dev.to/composiodev/claude-code-vs-opencode-without-the-hype-j1f</guid>
      <description>&lt;p&gt;Everyone wants a coding agent now.&lt;/p&gt;

&lt;p&gt;Not a chatbot that explains code.&lt;/p&gt;

&lt;p&gt;An actual agent that can read your repo, edit files, run commands, use tools, and keep moving while you supervise.&lt;/p&gt;

&lt;p&gt;Claude Code and OpenCode are two of the most interesting takes on that idea.&lt;/p&gt;

&lt;p&gt;Claude Code is the polished Anthropic-native route.&lt;/p&gt;

&lt;p&gt;OpenCode is the open-source route for people who want more model choice, more control, and a setup they can tweak.&lt;/p&gt;

&lt;p&gt;And that difference matters more than it looks.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5bcj3t5mypqia64m30wr.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5bcj3t5mypqia64m30wr.png" alt="distracted man GIF" width="687" height="361"&gt;&lt;/a&gt;&lt;/p&gt;




&lt;h2&gt;
  
  
  What is OpenCode
&lt;/h2&gt;

&lt;blockquote&gt;
&lt;p&gt;ℹ️ Open-source coding agent with model and tool control&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2k02x3jygu2mwj40jz44.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2k02x3jygu2mwj40jz44.png" alt="OpenCode" width="799" height="410"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;OpenCode is an open-source coding agent for developers who want more control over their AI coding setup.&lt;/p&gt;

&lt;p&gt;It runs in the terminal, IDE, and desktop, and lets you bring your own model instead of &lt;strong&gt;locking you into one provider&lt;/strong&gt;. Claude, GPT, Gemini, local models, and 75+ other providers are supported. That is probably the biggest reason people care about it.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkem0kiznc0fm4g9gyvw9.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkem0kiznc0fm4g9gyvw9.png" alt="OpenCode tweet" width="799" height="439"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;It also comes with the things you expect from a serious coding agent now: LSP support, multi-session workflows, project memory through &lt;code&gt;AGENTS.md&lt;/code&gt;, MCP tools, custom agents, plugins, and editor support, and maybe a bunch more.&lt;/p&gt;

&lt;p&gt;So the pitch is not just “AI in your terminal.”&lt;/p&gt;

&lt;p&gt;That undersells it.&lt;/p&gt;

&lt;p&gt;OpenCode is closer to a &lt;strong&gt;coding-agent workbench&lt;/strong&gt;. You bring the model, the provider, the editor, the agents, and the workflow. OpenCode gives you the open layer that ties it all together.&lt;/p&gt;

&lt;p&gt;Not everyone needs that level of control.&lt;/p&gt;

&lt;p&gt;But some developers absolutely do.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;💁 OpenCode is for developers who want to tweak every single detail of their coding agent.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;That is what makes it interesting next to Claude Code.&lt;/p&gt;




&lt;h2&gt;
  
  
  What is Claude Code
&lt;/h2&gt;

&lt;blockquote&gt;
&lt;p&gt;ℹ️ Anthropic’s polished coding agent for your terminal.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fivw9mx75nhkdloyczjr5.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fivw9mx75nhkdloyczjr5.png" alt="Claude Code" width="800" height="208"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Claude Code is Anthropic’s coding agent that lives in your terminal.&lt;/p&gt;

&lt;p&gt;The idea is pretty same here, it can read your codebase, edit files, run commands, handle Git stuff, and all through prompts.&lt;/p&gt;

&lt;p&gt;The big difference is that Claude Code is built around Claude.&lt;/p&gt;

&lt;p&gt;That sounds obvious, but it matters.&lt;/p&gt;

&lt;p&gt;You are not coming here to mix and match ten different model providers. You are coming here because you trust Anthropic’s models, and you want the cleanest experience around them.&lt;/p&gt;

&lt;p&gt;Claude Code also comes with a lot of serious agent features: project memory through &lt;code&gt;CLAUDE.md&lt;/code&gt;, slash commands, permissions, hooks, MCP, plugins, custom subagents, and IDE integrations.&lt;/p&gt;

&lt;p&gt;Claude Code is closer to a Claude-native coding environment. The model, the agent loop, the tool use, the permissions, and the workflow all come from the same Anthropic-shaped box.&lt;/p&gt;

&lt;p&gt;Less DIY.&lt;/p&gt;

&lt;p&gt;But there is also a small shift happening.&lt;/p&gt;

&lt;p&gt;Some developers are starting to move from Claude Code to OpenCode or OpenAI’s Codex for one simple reason: &lt;strong&gt;usage limits&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fi4uxa5o6uxb1s9x87cgw.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fi4uxa5o6uxb1s9x87cgw.png" alt="Claude Code Usage Limit meme" width="800" height="830"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Claude Code is great, but when you are deep in a coding session, hitting limits feels brutal. And for heavier users, even the &lt;strong&gt;$200 Claude Max plan&lt;/strong&gt; does not always feel like enough.&lt;/p&gt;

&lt;p&gt;That is why OpenCode and Codex are tempting. Also read: &lt;a href="https://composio.dev/content/claude-code-vs-openai-codex" rel="noopener noreferrer"&gt;Claude Code vs. Codex: Detailed breakdown&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;When Claude hits the wall, people still need a way to keep shipping.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;💁 If you're an Anthropic fanboy, and don't care about other models, stick to Claude Code.&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h2&gt;
  
  
  High Level Architecture
&lt;/h2&gt;

&lt;blockquote&gt;
&lt;p&gt;ℹ️ How both the agents work&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;At a high level, both OpenCode and Claude Code follow the same basic agent loop.&lt;/p&gt;

&lt;p&gt;You give it a task.&lt;/p&gt;

&lt;p&gt;It looks at the repo.&lt;/p&gt;

&lt;p&gt;It decides what files, commands, or tools it needs.&lt;/p&gt;

&lt;p&gt;It takes an action.&lt;/p&gt;

&lt;p&gt;Then it reads the result and keeps going.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcv9tejzbqvy4whr7jcj2.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcv9tejzbqvy4whr7jcj2.png" alt="Coding Agent architecture" width="800" height="437"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;ℹ️ This is the highest-level architecture of a coding agent. A few details change from tool to tool.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;That loop is the boring part.&lt;/p&gt;

&lt;p&gt;The interesting part is everything around it.&lt;/p&gt;

&lt;p&gt;Here is a tiny example of that loop in practice.&lt;/p&gt;

&lt;p&gt;I gave Claude Code and OpenCode the same small task in a demo word-count repo:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;Add a &lt;code&gt;--json&lt;/code&gt; flag to a word-count CLI, update the tests, and run them.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;The interesting part is not the feature. It is watching both agents go through the same shape: understand the repo, plan the change, edit the files, and run the tests.&lt;/p&gt;

&lt;p&gt;  &lt;iframe src="https://www.youtube.com/embed/D74fsmbwE98"&gt;
  &lt;/iframe&gt;
&lt;/p&gt;

&lt;p&gt;Claude Code wraps that loop in Anthropic’s own product system. You get Claude, project memory through &lt;code&gt;CLAUDE.md&lt;/code&gt;, permissions, hooks, MCP, &lt;a href="https://composio.dev/content/top-claude-code-plugins" rel="noopener noreferrer"&gt;plugins&lt;/a&gt;, &lt;a href="https://composio.dev/content/top-claude-skills" rel="noopener noreferrer"&gt;Claude skills&lt;/a&gt;, and subagents in one single setup.&lt;/p&gt;

&lt;p&gt;OpenCode takes a more open route. It gives you the agent runtime, but lets you bring different models, providers, agents, tools, and workflows. Its docs split agents into primary agents and subagents, and let you configure specialized assistants with custom prompts, models, and tool access.&lt;/p&gt;

&lt;p&gt;So architecturally, the difference is not that one is an agent and the other is not.&lt;/p&gt;

&lt;p&gt;They both are.&lt;/p&gt;

&lt;p&gt;The real difference is who controls the harness around the agent.&lt;/p&gt;

&lt;p&gt;Claude Code gives you Anthropic’s harness.&lt;/p&gt;

&lt;p&gt;OpenCode gives you a harness you can inspect, and configure.&lt;/p&gt;




&lt;h2&gt;
  
  
  Context, memory and tool use
&lt;/h2&gt;

&lt;p&gt;Both Claude Code and OpenCode are doing the same basic thing: they build a giant prompt, stuff it with repo context, tool definitions, memory files, recent messages, and tool results, then ask the model what to do next.&lt;/p&gt;

&lt;p&gt;The difference is how much of that system you control.&lt;/p&gt;

&lt;p&gt;Claude Code is more vertically integrated here. It is built around Anthropic models, so it can take advantage of Anthropic-specific stuff like prompt caching, native tool calls, and Claude’s own long-context behavior.&lt;/p&gt;

&lt;p&gt;That matters.&lt;/p&gt;

&lt;p&gt;Tool definitions, system prompts, and &lt;code&gt;CLAUDE.md&lt;/code&gt; can be cached between turns, which makes long coding sessions cheaper and faster than they would be if Claude had to re-read everything from scratch every single time.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fphuqzyrqslhkmlnh7ah3.jpg" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fphuqzyrqslhkmlnh7ah3.jpg" alt="compaction in a coding agent" width="800" height="407"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;OpenCode takes a different route.&lt;/p&gt;

&lt;p&gt;It does not assume one model or one provider. Instead, it &lt;strong&gt;reads the model’s context limit&lt;/strong&gt; from the provider metadata and builds the session around that. So the same OpenCode setup can run with Claude, GPT, Gemini, Qwen, local models, or whatever else you plug in.&lt;/p&gt;

&lt;p&gt;That flexibility is the whole point.&lt;/p&gt;

&lt;p&gt;But it also means OpenCode has to normalize all the weird provider differences: tool call IDs, cache support, model limits, and tool-calling parts.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F75v9hwsvotu1qmz1k8p0.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F75v9hwsvotu1qmz1k8p0.png" alt="OpenCode support for multiple providers" width="799" height="255"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Claude Code gets to optimize deeply for Claude.&lt;/p&gt;

&lt;p&gt;OpenCode has to work with everyone.&lt;/p&gt;

&lt;p&gt;Memory works the same way.&lt;/p&gt;

&lt;p&gt;Claude Code uses &lt;code&gt;CLAUDE.md&lt;/code&gt; as the main project memory file. It can also load nested &lt;code&gt;CLAUDE.md&lt;/code&gt; files, user-level memory, and auto-memory. So it feels more like the agent has a built-in memory system.&lt;/p&gt;

&lt;p&gt;OpenCode uses &lt;code&gt;AGENTS.md&lt;/code&gt;.&lt;/p&gt;

&lt;p&gt;That is more portable. You can commit it to the repo, share it with the team, and use it as a general agent instruction file instead of something tied to one vendor. OpenCode can even fall back to &lt;code&gt;CLAUDE.md&lt;/code&gt;, which makes migration easier.&lt;/p&gt;

&lt;p&gt;At some point, every agent runs out of context.&lt;/p&gt;

&lt;p&gt;Claude Code handles this by compacting the conversation. Older tool outputs are cleared first, then the session gets summarized if needed. That is why Claude Code has commands like &lt;code&gt;/context&lt;/code&gt; and &lt;code&gt;/compact&lt;/code&gt;.&lt;/p&gt;

&lt;p&gt;OpenCode is a bit more explicit. It checks whether the session is close to the model’s context limit, keeps a buffer for output, and then prunes old tool outputs before doing a full summary. The important bit is that OpenCode stores the raw history in &lt;strong&gt;SQLite&lt;/strong&gt;, so pruning does not mean the data is gone forever.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7om4vrfngpmqdjsh3phe.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7om4vrfngpmqdjsh3phe.png" alt="OpenCode flexibility" width="800" height="351"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Tool use follows the same pattern.&lt;/p&gt;

&lt;p&gt;Claude Code gives you a polished default toolbelt: read, write, edit, grep, glob, bash, web fetch, todo tracking, MCP, hooks, skills, and subagents.&lt;/p&gt;

&lt;p&gt;OpenCode gives you a smaller but more configurable tool system: read, write, edit, patch, bash, grep, glob, web fetch, task, todo, &lt;a href="https://composio.dev/content/10-best-opencode-skills-that-are-actually-useful-in-2026" rel="noopener noreferrer"&gt;skills&lt;/a&gt;, MCP, custom tools, and experimental LSP support.&lt;/p&gt;

&lt;p&gt;The difference is who controls the tool layer.&lt;/p&gt;




&lt;h2&gt;
  
  
  Subagents and task delegation
&lt;/h2&gt;

&lt;p&gt;Subagents are basically how coding agents avoid stuffing everything into one giant conversation.&lt;/p&gt;

&lt;p&gt;Instead of making the main agent do every task itself, it can delegate a smaller job to another agent with its own context window, prompt, tools, and permissions.&lt;/p&gt;

&lt;p&gt;Claude Code and OpenCode both follow the same basic pattern here.&lt;/p&gt;

&lt;p&gt;The parent agent calls a &lt;code&gt;Task&lt;/code&gt; or &lt;code&gt;task&lt;/code&gt; tool.&lt;/p&gt;

&lt;p&gt;A child agent spins up.&lt;/p&gt;

&lt;p&gt;It does the work in isolation.&lt;/p&gt;

&lt;p&gt;Then it returns one final message back to the parent.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Main Agent
  |
  | calls Task / task
  v
Subagent
  - own context window
  - own prompt
  - own tools
  - own permissions
  |
  | returns final result only
  v
Main Agent continues...
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;


&lt;p&gt;That part is important. The parent usually does not see the full subagent conversation. It gets the result, not the whole reasoning.&lt;/p&gt;

&lt;p&gt;Claude Code has the more polished version of this.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmgfuv1jw1x2rt22d0i57.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmgfuv1jw1x2rt22d0i57.png" alt="Claude Code approach to subagents" width="799" height="269"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;It ships with built-in agents like &lt;code&gt;Explore&lt;/code&gt;, &lt;code&gt;Plan&lt;/code&gt;, and &lt;code&gt;general-purpose&lt;/code&gt;. &lt;code&gt;Explore&lt;/code&gt; is mostly read-only and useful for repo research. &lt;code&gt;Plan&lt;/code&gt; helps gather context during planning. &lt;code&gt;general-purpose&lt;/code&gt; is for broader work.&lt;/p&gt;

&lt;p&gt;You can also define custom agents in &lt;code&gt;.claude/agents/&lt;/code&gt; with YAML frontmatter for things like &lt;code&gt;tools&lt;/code&gt;, &lt;code&gt;model&lt;/code&gt;, &lt;code&gt;permissionMode&lt;/code&gt;, &lt;code&gt;maxTurns&lt;/code&gt;, &lt;code&gt;skills&lt;/code&gt;.&lt;/p&gt;

&lt;p&gt;That means you can do stuff like:&lt;/p&gt;

&lt;p&gt;Use a fast Haiku-style agent for repo search.&lt;/p&gt;

&lt;p&gt;Use a stronger model for code review.&lt;/p&gt;

&lt;p&gt;OpenCode has a similar shape, but it is more transparent.&lt;/p&gt;

&lt;p&gt;It has primary agents and subagents. Primary agents handle the main chat, while subagents are called through the &lt;code&gt;task&lt;/code&gt; tool or &lt;code&gt;@&lt;/code&gt; mentions.&lt;/p&gt;

&lt;p&gt;Custom agents can live in &lt;code&gt;.opencode/agents/*.md&lt;/code&gt; or inside &lt;code&gt;opencode.json&lt;/code&gt;, with fields like &lt;code&gt;mode&lt;/code&gt;, &lt;code&gt;model&lt;/code&gt;, &lt;code&gt;temperature&lt;/code&gt;, &lt;code&gt;steps&lt;/code&gt;, &lt;code&gt;prompt&lt;/code&gt;, and &lt;code&gt;permission&lt;/code&gt;.&lt;/p&gt;

&lt;p&gt;The interesting part is that OpenCode stores subagents as real child sessions in &lt;strong&gt;SQLite&lt;/strong&gt;. So delegation is not just a hidden prompt trick. It is represented in the session model with its own messages, permissions, and snapshots.&lt;/p&gt;

&lt;p&gt;That fits OpenCode’s whole philosophy.&lt;/p&gt;

&lt;p&gt;Claude Code gives you a cleaner subagent experience.&lt;/p&gt;

&lt;p&gt;OpenCode gives you a more inspectable one.&lt;/p&gt;


&lt;h2&gt;
  
  
  Permissions, safety, and control
&lt;/h2&gt;

&lt;p&gt;This is where the two are very different.&lt;/p&gt;

&lt;p&gt;Claude Code is more conservative by default. It has permission modes, allow/ask/deny rules, hooks, and sandboxing around &lt;strong&gt;Bash&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;So you can allow boring commands like tests, deny obvious footguns like .env reads or &lt;code&gt;curl | sh&lt;/code&gt;, and ask before anything risky.&lt;/p&gt;

&lt;p&gt;The important part is that Claude Code has multiple safety layers.&lt;/p&gt;

&lt;p&gt;Permissions decide what Claude is allowed to do.&lt;/p&gt;

&lt;p&gt;Something like:&lt;br&gt;
&lt;/p&gt;
&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight json"&gt;&lt;code&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"permissions"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="nl"&gt;"allow"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="s2"&gt;"Bash(npm run test *)"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"Bash(git status *)"&lt;/span&gt;&lt;span class="p"&gt;],&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="nl"&gt;"deny"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="s2"&gt;"Read(./.env)"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"Read(./secrets/**)"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"Bash(curl *)"&lt;/span&gt;&lt;span class="p"&gt;]&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;


&lt;p&gt;Hooks can intercept tool calls before or after they run and sandboxing gives Bash an OS-level boundary.&lt;/p&gt;

&lt;p&gt;OpenCode is simpler.&lt;/p&gt;

&lt;p&gt;Most of the control lives in one permission object inside &lt;code&gt;opencode.json&lt;/code&gt;. You can set rules for &lt;code&gt;bash&lt;/code&gt;, &lt;code&gt;edit&lt;/code&gt;, &lt;code&gt;read&lt;/code&gt;, &lt;code&gt;task&lt;/code&gt;, &lt;code&gt;webfetch&lt;/code&gt;, and other tools from the same place.&lt;/p&gt;

&lt;p&gt;That is clean, but OpenCode is also more permissive by default. You are expected to configure the rules yourself.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fe8i1czi8c1lgv8ujg9l8.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fe8i1czi8c1lgv8ujg9l8.png" alt="OpenCode permissions" width="800" height="352"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Something like:&lt;br&gt;
&lt;/p&gt;
&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight json"&gt;&lt;code&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"permission"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="nl"&gt;"*"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"ask"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="nl"&gt;"bash"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"*"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"ask"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"git status *"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"allow"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"git push *"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"deny"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"rm *"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"deny"&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="p"&gt;},&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="nl"&gt;"edit"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"*"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"deny"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"packages/web/src/**/*.tsx"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"ask"&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;


&lt;p&gt;It does have some smart checks, especially for Bash. OpenCode parses shell commands with tree-sitter (the same thing you have inside NeoVim), so it can detect risky commands like &lt;code&gt;rm&lt;/code&gt;, &lt;code&gt;mv&lt;/code&gt;, &lt;code&gt;chmod&lt;/code&gt;, or paths outside the project more carefully than plain string matching.&lt;/p&gt;

&lt;p&gt;But there is no &lt;a href="https://www.anthropic.com/engineering/claude-code-sandboxing" rel="noopener noreferrer"&gt;native sandbox&lt;/a&gt; like Claude Code.&lt;/p&gt;

&lt;p&gt;The bigger OpenCode power feature is plugins. Plugins can intercept tool execution, add custom tools, and change agent behavior.&lt;/p&gt;

&lt;p&gt;That makes OpenCode way more hackable.&lt;/p&gt;


&lt;h2&gt;
  
  
  What the Claude Code leak tells us
&lt;/h2&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7h7v5xmi6q45a33xjk2v.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7h7v5xmi6q45a33xjk2v.png" alt="Claude Code leak" width="799" height="337"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The interesting part of the leak is what it showed about coding agents.&lt;/p&gt;

&lt;p&gt;A lot of Claude magic is in the harness around the model: context management, tool descriptions, prompt caching, permissions, compaction, subagents, and the agent loop.&lt;/p&gt;

&lt;p&gt;OpenCode does pretty much the same. It is not trying to clone some impossible model-level feature. It is trying to build a different harness around similar idea.&lt;/p&gt;

&lt;p&gt;OpenCode’s advantage is that the harness is open, inspectable, and replaceable.&lt;/p&gt;

&lt;p&gt;Another thing that's clear is that the future is not just about better models, but the system around them.&lt;/p&gt;

&lt;p&gt;Better context control.&lt;/p&gt;

&lt;p&gt;Better tool boundaries.&lt;/p&gt;

&lt;p&gt;Better memory.&lt;/p&gt;

&lt;p&gt;Better permissions.&lt;/p&gt;

&lt;p&gt;That is why this comparison is even interesting. Claude Code and OpenCode are not just two CLIs. They are two different answers to the same question:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;❓ How much of the agent stack should be final, and how much should developers be able to control?&lt;/p&gt;
&lt;/blockquote&gt;


&lt;h2&gt;
  
  
  So, which should you pick?
&lt;/h2&gt;

&lt;p&gt;There is no clever answer here.&lt;/p&gt;

&lt;p&gt;Pick &lt;strong&gt;Claude Code&lt;/strong&gt; if you want the cleanest Claude-native coding agent experience.&lt;/p&gt;

&lt;p&gt;Pick &lt;strong&gt;OpenCode&lt;/strong&gt; if you want more control.&lt;/p&gt;

&lt;p&gt;Personally, I still love Claude Code.&lt;/p&gt;

&lt;p&gt;I really do.&lt;/p&gt;

&lt;p&gt;Anthropic models are banger, especially for coding. The problem is that the limits have started to piss me off. When you are deep in a coding session and the limit hits, it completely breaks the flow.&lt;/p&gt;

&lt;p&gt;But there is some relief now.&lt;/p&gt;

&lt;p&gt;On May 6, Anthropic announced a new compute partnership with &lt;strong&gt;SpaceX&lt;/strong&gt; and doubled Claude Code’s 5-hour limits for &lt;strong&gt;Pro&lt;/strong&gt;, &lt;strong&gt;Max&lt;/strong&gt;, &lt;strong&gt;Team&lt;/strong&gt;, and &lt;strong&gt;seat-based Enterprise users&lt;/strong&gt;. They also removed peak-time limits for Pro and Max users.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqosm66pi1fq6pu4k76t0.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqosm66pi1fq6pu4k76t0.png" alt="Claude Code increase in usage limit" width="799" height="384"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;That makes Claude Code a lot easier to recommend again.&lt;/p&gt;

&lt;p&gt;I am personally still mostly stuck with Claude Code because the experience is just that good.&lt;/p&gt;

&lt;p&gt;But I use OpenCode when I want to try newer models like Kimi, OpenAI models, or local models. That is where OpenCode makes more sense to me. And by no means, it is to say that you can't use Anthropic models in OpenCode, you can, and that makes it even better.&lt;/p&gt;


&lt;h2&gt;
  
  
  Final thoughts
&lt;/h2&gt;

&lt;p&gt;Claude Code and OpenCode are both useful, but for different reasons.&lt;/p&gt;

&lt;p&gt;Claude Code is the one I’d pick if I just want the agent to work without thinking too much about setup. It feels cleaner, and better for getting into a repo quickly.&lt;/p&gt;

&lt;p&gt;OpenCode is more for when you want control. Different models, different providers, more ways to shape the workflow around how you actually code.&lt;/p&gt;

&lt;p&gt;I wouldn’t overthink it.&lt;/p&gt;

&lt;p&gt;If you hate setup and love Anthropic, use Claude Code.&lt;/p&gt;

&lt;p&gt;If you want more flexibility and less vendor lock-in, use OpenCode.&lt;/p&gt;

&lt;p&gt;That’s really the whole comparison.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4d09dor9q6cwva8zlg5o.gif" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4d09dor9q6cwva8zlg5o.gif" alt="steve jobs meme" width="422" height="237"&gt;&lt;/a&gt;&lt;/p&gt;


&lt;div class="ltag__user ltag__user__id__1127015"&gt;
    &lt;a href="/shricodev" class="ltag__user__link profile-image-link"&gt;
      &lt;div class="ltag__user__pic"&gt;
        &lt;img src="https://media2.dev.to/dynamic/image/width=150,height=150,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1127015%2F1c5e48a2-f602-4e7d-8312-3c0322d155c6.jpg" alt="shricodev image"&gt;
      &lt;/div&gt;
    &lt;/a&gt;
  &lt;div class="ltag__user__content"&gt;
    &lt;h2&gt;
&lt;a class="ltag__user__link" href="/shricodev"&gt;Shrijal Acharya&lt;/a&gt;Follow
&lt;/h2&gt;
    &lt;div class="ltag__user__summary"&gt;
      &lt;a class="ltag__user__link" href="/shricodev"&gt;SDE • GOLD @Microsoft Student Ambassador • Prev Lead Collab and Dev-Team Lead @oppiaorg • Mail for collaboration&lt;/a&gt;
    &lt;/div&gt;
  &lt;/div&gt;
&lt;/div&gt;



</description>
      <category>ai</category>
      <category>agents</category>
      <category>claude</category>
      <category>cli</category>
    </item>
    <item>
      <title>Per-User OAuth for AI Agents: Why It Matters and What to Look For</title>
      <dc:creator>Dumebi Okolo</dc:creator>
      <pubDate>Wed, 20 May 2026 14:21:08 +0000</pubDate>
      <link>https://dev.to/composiodev/per-user-oauth-for-ai-agents-why-it-matters-and-what-to-look-for-4h4a</link>
      <guid>https://dev.to/composiodev/per-user-oauth-for-ai-agents-why-it-matters-and-what-to-look-for-4h4a</guid>
      <description>&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdcvak90uie20wnaldj4n.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdcvak90uie20wnaldj4n.png" alt="Per-user OAuth flow for AI agents" width="800" height="447"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;AI agents are crossing a line that traditional software never had to. They read your Slack, draft your emails, push code, update your CRM, and pay your invoices. To do that, they need keys to systems that belong to specific people. Not the application. Not the company. The person.&lt;/p&gt;

&lt;p&gt;That is the entire reason per-user OAuth exists in the agent context, and it is the difference between a side project and something a customer will trust with their Gmail account.&lt;/p&gt;

&lt;p&gt;This article breaks down what per-user OAuth means for AI agents, why shared credentials fall apart at scale, what the emerging standards look like, and the exact checklist to use when picking a platform to handle it. We will also show how &lt;a href="https://composio.dev/" rel="noopener noreferrer"&gt;Composio&lt;/a&gt; approaches each of these problems so you do not have to assemble the stack yourself.&lt;/p&gt;

&lt;h2&gt;
  
  
  The problem with the way most teams start
&lt;/h2&gt;

&lt;p&gt;Most agent prototypes start with a single API key in an environment variable. It works for one developer, on one machine, for one demo. The moment a real user shows up, the model breaks.&lt;/p&gt;

&lt;p&gt;API keys identify the calling application, not the user behind the action. Every request from the agent looks the same to the downstream service. There is no concept of consent, no scoping per user, no way to revoke one person's access without invalidating everyone, and no audit trail that says "this action happened because Sarah asked the agent to do it."&lt;/p&gt;

&lt;p&gt;This becomes a real security problem fast. If the agent code accidentally passes the wrong user identifier, or an attacker tricks the agent into requesting data for a user who did not authorize it, the agent has no protocol-level defense. This is the classic confused deputy problem, and it scales horribly with autonomous systems that chain dozens of tool calls per task.&lt;/p&gt;

&lt;p&gt;Composio's own &lt;a href="https://composio.dev/blog/secure-ai-agent-infrastructure-guide" rel="noopener noreferrer"&gt;guide on AI agent infrastructure&lt;/a&gt; calls this hitting the "Authentication Wall." It is the moment a promising prototype stops being promising.&lt;/p&gt;

&lt;h2&gt;
  
  
  What per-user OAuth actually solves
&lt;/h2&gt;

&lt;p&gt;Per-user OAuth flips the model. Instead of the agent holding one master credential, each user grants the agent a scoped, revocable token tied to their own account. The agent acts with that user's identity, within the limits that user approved, for as long as that user allows.&lt;/p&gt;

&lt;p&gt;Concretely, this gives you:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Explicit consent.&lt;/strong&gt; The user sees what the agent is asking for and approves it. No assumed access.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Scoped permissions.&lt;/strong&gt; The token can be limited to read-only access on a specific resource rather than full account control. If the agent only needs to read, that is all it gets.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Short lifetimes.&lt;/strong&gt; Access tokens expire in minutes to an hour. Refresh tokens rotate. A leaked token is dangerous for a short window, not forever.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Selective revocation.&lt;/strong&gt; Revoking one user's grant does not break the agent for everyone else.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Identity in the audit log.&lt;/strong&gt; Every action traces back to a specific user, which is what SOC 2, HIPAA, and ISO 27001 actually require.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Multi-tenant isolation.&lt;/strong&gt; Each user's tokens live in their own bucket, encrypted at rest. A bug in one tenant's workflow does not expose another tenant's data.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fm8adyi8c9n3x0cyb62hj.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fm8adyi8c9n3x0cyb62hj.png" alt="Multi-tenant token isolation across users" width="800" height="471"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;That last one matters more than people think. Composio's &lt;a href="https://docs.composio.dev/docs/users-and-sessions" rel="noopener noreferrer"&gt;user and session model&lt;/a&gt; is built around exactly this idea: a user is an identifier from your app, every connection lives under that user's ID, and connections are fully isolated between users. The same agent code can serve thousands of users without any of them ever touching each other's data.&lt;/p&gt;

&lt;h2&gt;
  
  
  The standards that are actually shaping this
&lt;/h2&gt;

&lt;p&gt;The protocol layer is moving fast. There are three things worth knowing.&lt;/p&gt;

&lt;h3&gt;
  
  
  OAuth 2.1 with mandatory PKCE
&lt;/h3&gt;

&lt;p&gt;OAuth 2.1 is the current best-practice consolidation of OAuth 2.0. It makes PKCE (Proof Key for Code Exchange) mandatory and removes older, less secure flows. PKCE matters specifically for agents because most agents are public clients running in environments where you cannot reliably hide a client secret. PKCE prevents an attacker from intercepting an authorization code mid-flow.&lt;/p&gt;

&lt;p&gt;If a platform you are evaluating does not enforce PKCE, that is a red flag.&lt;/p&gt;

&lt;h3&gt;
  
  
  The MCP Authorization spec
&lt;/h3&gt;

&lt;p&gt;The &lt;a href="https://modelcontextprotocol.io/specification/2025-03-26/basic/authorization" rel="noopener noreferrer"&gt;Model Context Protocol authorization specification&lt;/a&gt; formalized OAuth as its standard in 2025. It mandates OAuth 2.1 with PKCE, requires Authorization Server Metadata discovery via RFC 8414, and supports Dynamic Client Registration via RFC 7591. The November 2025 update added step-up authorization, letting clients request additional scopes only when an operation actually requires them, rather than over-permissioning the initial token.&lt;/p&gt;

&lt;p&gt;The spec also had a real-world security crisis to address. In late 2025, security researchers at Obsidian Security disclosed &lt;a href="https://www.obsidiansecurity.com/blog/when-mcp-meets-oauth-common-pitfalls-leading-to-one-click-account-takeover" rel="noopener noreferrer"&gt;one-click account takeover vulnerabilities&lt;/a&gt; in remote MCP servers from several well-known organizations. The root cause: many MCP servers were implemented as OAuth proxies using a single static &lt;code&gt;client_id&lt;/code&gt; to talk to the upstream SaaS authorization server. Once any user consented for that shared client_id, the SaaS auth server cached the decision. An attacker could then complete the MCP-layer consent themselves, send a crafted authorization link to a victim, and the upstream server would skip the consent prompt entirely because it had seen that client_id before. The authorization code would be issued to the attacker's redirect URI.&lt;/p&gt;

&lt;p&gt;The fix is per-client identity and strict consent handling at the proxy layer. Composio's &lt;a href="https://composio.dev/toolkits/composio" rel="noopener noreferrer"&gt;Tool Router&lt;/a&gt; gives each session a secure, user-scoped MCP URL rather than a shared endpoint, which sidesteps this class of attack structurally.&lt;/p&gt;

&lt;h3&gt;
  
  
  The IETF "On-Behalf-Of" draft for AI agents
&lt;/h3&gt;

&lt;p&gt;There is an active IETF draft, &lt;a href="https://datatracker.ietf.org/doc/draft-oauth-ai-agents-on-behalf-of-user/" rel="noopener noreferrer"&gt;draft-oauth-ai-agents-on-behalf-of-user&lt;/a&gt;, that extends OAuth specifically for agent delegation. It adds a &lt;code&gt;requested_actor&lt;/code&gt; parameter so the consent screen shows the agent's identity (not just the app), and an &lt;code&gt;actor_token&lt;/code&gt; parameter so the agent authenticates itself when exchanging the authorization code.&lt;/p&gt;

&lt;p&gt;The result is an access token that documents the full delegation chain: the user delegated to this client application, which delegated to this specific agent. That chain is what makes after-the-fact auditing possible.&lt;/p&gt;

&lt;p&gt;The draft is at revision 02 as of August 2025 and has not been adopted by the working group yet, but it points clearly at where the protocol layer is headed. Multi-hop delegation (agent A calling agent B on the same user's behalf) is still an open problem in the spec.&lt;/p&gt;

&lt;h2&gt;
  
  
  Production architecture: where teams fail
&lt;/h2&gt;

&lt;p&gt;Getting an access token is the easy part. Operating at production scale is where most homegrown OAuth implementations collapse. Five things tend to go wrong.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Token storage.&lt;/strong&gt; Tokens have to be encrypted at rest, isolated per tenant, never logged, and never placed in LLM context. The last point is non-obvious and critical: if you put a refresh token in the prompt, a prompt injection attack can exfiltrate it. The pattern to use is brokered credentials, where the LLM never sees the token at all and a separate service makes the actual API call.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frr6l8q3lu5ppwg1p8db7.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frr6l8q3lu5ppwg1p8db7.png" alt="Brokered credentials pattern" width="800" height="374"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Composio's &lt;a href="https://composio.dev/content/secure-ai-agent-infrastructure-guide" rel="noopener noreferrer"&gt;secure infrastructure guide&lt;/a&gt; explains this pattern directly: the LLM asks Composio to perform an action, Composio calls the upstream API with the stored credential, and the token never enters the model's context window.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Refresh handling.&lt;/strong&gt; Refresh tokens need proactive coordination. Waiting for a 401 error and then refreshing creates race conditions, cascading retries, and unstable background jobs. Composio handles refresh automatically and only marks a connection as &lt;code&gt;EXPIRED&lt;/code&gt; after multiple refresh attempts have failed, according to its &lt;a href="https://docs.composio.dev/docs/authenticating-tools" rel="noopener noreferrer"&gt;authentication docs&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Scope discipline.&lt;/strong&gt; Composio requests sensible default scopes for each toolkit but lets you override them via &lt;a href="https://docs.composio.dev/docs/custom-auth-configs" rel="noopener noreferrer"&gt;custom auth configs&lt;/a&gt;. Tightening scopes shrinks the blast radius if something goes wrong. Most APIs still have coarse-grained scopes, which means even with discipline, agents tend to be over-permissioned. The mitigation is short token lifetimes and per-tool scoping where the API supports it.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Branding and consent screens.&lt;/strong&gt; When users hit an OAuth consent screen that says "Composio wants to access your Gmail" instead of "YourProduct wants to access your Gmail," conversion drops and trust takes a hit. Composio's &lt;a href="https://docs.composio.dev/docs/custom-app-vs-managed-app" rel="noopener noreferrer"&gt;white-labeling support&lt;/a&gt; lets you bring your own OAuth app credentials so the consent screen shows your brand. Use managed apps for prototyping and your own credentials for production.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Multi-account per user.&lt;/strong&gt; Some users connect a personal Gmail and a work Gmail. The platform needs to model that without forcing them to share a user ID across both. Composio handles this with the connected account ID layered under the user ID, so a single user can have multiple accounts on the same toolkit, as documented in the &lt;a href="https://docs.composio.dev/docs/users-and-sessions" rel="noopener noreferrer"&gt;users and sessions guide&lt;/a&gt;.&lt;/p&gt;

&lt;h2&gt;
  
  
  What to look for in a per-user OAuth platform for agents
&lt;/h2&gt;

&lt;p&gt;If you are evaluating providers, these are the non-negotiables:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Per-user token isolation&lt;/strong&gt; with encryption at rest and no cross-tenant leakage&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;OAuth 2.1 with mandatory PKCE&lt;/strong&gt; for all OAuth flows&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Automatic, proactive token refresh&lt;/strong&gt; that does not depend on the client&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Short-lived access tokens&lt;/strong&gt; with rotating refresh tokens&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Granular scope configuration&lt;/strong&gt; so each integration uses least privilege&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Brokered credentials&lt;/strong&gt; so the LLM never sees raw tokens&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Selective per-user revocation&lt;/strong&gt; without affecting other users&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Audit trail on the delegation chain&lt;/strong&gt; for compliance&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;White-label OAuth consent screens&lt;/strong&gt; for production trust&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Step-up authorization&lt;/strong&gt; to request new scopes only when needed&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Multi-account per user&lt;/strong&gt; for personal and work accounts on the same app&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;MCP-native deployment&lt;/strong&gt; so any MCP-compatible client can use the same auth layer&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;SOC 2 Type 2 and ISO 27001 compliance&lt;/strong&gt; as table stakes for enterprise customers&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;SDK support across major frameworks&lt;/strong&gt; (LangChain, CrewAI, OpenAI Agents SDK, Claude Agent SDK, Mastra, Vercel AI SDK, LlamaIndex)&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Composio covers every item on that list today. It supports 500+ toolkits, handles OAuth end-to-end with user-scoped tokens, is SOC 2 Type 2 and ISO 27001 compliant, and works as both a direct SDK and an MCP server. The full feature breakdown is on the &lt;a href="https://composio.dev/agentauth" rel="noopener noreferrer"&gt;AgentAuth product page&lt;/a&gt; and the &lt;a href="https://composio.dev/content/ai-agent-authentication-platforms" rel="noopener noreferrer"&gt;comparison guide&lt;/a&gt;.&lt;/p&gt;

&lt;h2&gt;
  
  
  What this looks like in code
&lt;/h2&gt;

&lt;p&gt;Per-user OAuth with Composio compresses into a handful of lines. The pattern below follows the current SDK as documented in Composio's &lt;a href="https://docs.composio.dev/docs/authenticating-tools" rel="noopener noreferrer"&gt;authenticating tools guide&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;First, install the SDK and set your API key:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;pip &lt;span class="nb"&gt;install &lt;/span&gt;composio
&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;COMPOSIO_API_KEY&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;your_api_key_here
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;To trigger the OAuth flow for a specific user, use the hosted Connect Link pattern. This returns a redirect URL the user opens in their browser to complete authentication:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight python"&gt;&lt;code&gt;&lt;span class="kn"&gt;from&lt;/span&gt; &lt;span class="n"&gt;composio&lt;/span&gt; &lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="n"&gt;Composio&lt;/span&gt;

&lt;span class="n"&gt;composio&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="nc"&gt;Composio&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;api_key&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;your_api_key&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;

&lt;span class="c1"&gt;# Use the "AUTH CONFIG ID" from your Composio dashboard
&lt;/span&gt;&lt;span class="n"&gt;auth_config_id&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;your_auth_config_id&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;

&lt;span class="c1"&gt;# Use a unique identifier for each user in your application
&lt;/span&gt;&lt;span class="n"&gt;user_id&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;user_1349_129_12&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;

&lt;span class="n"&gt;connection_request&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;composio&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;connected_accounts&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;link&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;
    &lt;span class="n"&gt;user_id&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="n"&gt;user_id&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
    &lt;span class="n"&gt;auth_config_id&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="n"&gt;auth_config_id&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
    &lt;span class="n"&gt;callback_url&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;https://your-app.com/callback&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;
&lt;span class="p"&gt;)&lt;/span&gt;

&lt;span class="n"&gt;redirect_url&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;connection_request&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;redirect_url&lt;/span&gt;
&lt;span class="nf"&gt;print&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sa"&gt;f&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;Visit: &lt;/span&gt;&lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="n"&gt;redirect_url&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="s"&gt; to authenticate your account&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;After the user completes the flow, Composio stores the tokens, links them to that user ID, and handles refresh automatically. The agent code never touches the token directly.&lt;/p&gt;

&lt;p&gt;To fetch tools scoped to a specific user, pass that same user ID:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight python"&gt;&lt;code&gt;&lt;span class="kn"&gt;from&lt;/span&gt; &lt;span class="n"&gt;composio&lt;/span&gt; &lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="n"&gt;Composio&lt;/span&gt;

&lt;span class="n"&gt;composio&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="nc"&gt;Composio&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;api_key&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;your_api_key&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;

&lt;span class="n"&gt;user_id&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;user_1349_129_12&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;

&lt;span class="c1"&gt;# Tools are automatically scoped to this user's connected accounts
&lt;/span&gt;&lt;span class="n"&gt;tools&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;composio&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;tools&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;get&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;user_id&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="n"&gt;user_id&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;toolkits&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;GITHUB&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;GMAIL&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;])&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Two users running the same workflow get two different sets of credentials applied transparently:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight python"&gt;&lt;code&gt;&lt;span class="n"&gt;tools_user_1&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;composio&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;tools&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;get&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;user_id&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;user_1&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;toolkits&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;GITHUB&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;])&lt;/span&gt;
&lt;span class="n"&gt;tools_user_2&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;composio&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;tools&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;get&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;user_id&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;user_2&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;toolkits&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;GITHUB&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;])&lt;/span&gt;

&lt;span class="c1"&gt;# Each set of tools uses the respective user's credentials
# when invoked by an agent
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;That is the whole point of per-user OAuth: the auth layer disappears into the platform, and the agent code reads like it is talking to a single user even when it is serving thousands.&lt;/p&gt;

&lt;p&gt;For a full working example with an LLM framework, see the framework-specific quickstart guides in &lt;a href="https://docs.composio.dev/docs" rel="noopener noreferrer"&gt;Composio's documentation&lt;/a&gt;.&lt;/p&gt;

&lt;h2&gt;
  
  
  The takeaway
&lt;/h2&gt;

&lt;p&gt;Per-user OAuth is not a feature you bolt onto an agent product later. It is the foundation that decides whether your agents can serve real customers at all. Shared API keys cap your ceiling at a single-user demo. Per-user OAuth opens the door to multi-tenant production deployment, enterprise compliance, and the kind of trust required to handle a customer's inbox, calendar, or revenue pipeline.&lt;/p&gt;

&lt;p&gt;The protocol layer is still evolving. OAuth 2.1, the MCP authorization spec, and the IETF on-behalf-of draft are all converging on the same answer: explicit user consent, scoped delegation, audited token lifecycle, and isolation per user. Build for that model now and you will not need to retrofit later.&lt;/p&gt;

&lt;p&gt;If you would rather skip the months of building it yourself, &lt;a href="https://composio.dev/" rel="noopener noreferrer"&gt;start with Composio&lt;/a&gt; or read the &lt;a href="https://composio.dev/blog/secure-ai-agent-infrastructure-guide" rel="noopener noreferrer"&gt;auth-to-action guide&lt;/a&gt; for the full architecture. The shortest path from prototype to production is using a platform that already solved this.&lt;/p&gt;

</description>
      <category>ai</category>
      <category>webdev</category>
      <category>mcp</category>
      <category>programming</category>
    </item>
    <item>
      <title>I Took Cursor Agents Out of the IDE and It Got Weirdly Powerful 🤯</title>
      <dc:creator>Developer Harsh</dc:creator>
      <pubDate>Tue, 19 May 2026 10:05:31 +0000</pubDate>
      <link>https://dev.to/composiodev/i-took-cursor-agents-out-of-the-ide-and-it-got-weirdly-powerful-286i</link>
      <guid>https://dev.to/composiodev/i-took-cursor-agents-out-of-the-ide-and-it-got-weirdly-powerful-286i</guid>
      <description>&lt;p&gt;Cursor recently released their &lt;a href="https://cursor.com/blog/typescript-sdk" rel="noopener noreferrer"&gt;cursor agents SDK&lt;/a&gt; to the public, and it's quietly powering many teams to:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;invoke agents directly from CI/CD pipelines,&lt;/li&gt;
&lt;li&gt;create automations for end-to-end workflows,&lt;/li&gt;
&lt;li&gt;and embedding agents into core products.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Basically, the SDK lets developers deploy agents without overthinking building and maintaining the entire agent stack&lt;/p&gt;

&lt;p&gt;in this blog I give a glimpse of what is possible with the cursor agents SDK and how to overcome the restrictions of limited tool access.&lt;/p&gt;

&lt;p&gt;Let's start with a brief overview of cursor agents.&lt;/p&gt;




&lt;h2&gt;
  
  
  A Primer On Cursor Agents SDK
&lt;/h2&gt;

&lt;p&gt;Building an agent from scratch is a massive headache. Cursor SDK skips the&lt;br&gt;
plumbing.&lt;/p&gt;

&lt;p&gt;Before the SDK, &lt;a href="https://cursor.com" rel="noopener noreferrer"&gt;Cursor&lt;/a&gt; was strictly an interactive IDE, but its newly released SDK turns that&lt;br&gt;
agentic power into headless infrastructure. &lt;/p&gt;

&lt;p&gt;It uses the same &lt;strong&gt;harness&lt;/strong&gt; that powers the desktop app, meaning you get IDE-grade code generation programmatically.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;Harness: context engine, workspace management, and routing&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;In fact, the cursor harness matters more than the model. &lt;a href="https://www.endorlabs.com/learn/gpt-5-5-sets-a-new-code-security-record-with-cursor-not-codex-in-agent-security-league" rel="noopener noreferrer"&gt;Endor Labs&lt;/a&gt; benched&lt;br&gt;
GPT-5.5 natively at 61.5% functional correctness. Then, dropping the same model into Cursor's harness, it scored 87.2%.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Faa4jgbjxm262koapm9nm.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Faa4jgbjxm262koapm9nm.png" alt="Proof" width="800" height="294"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Cursor spent years tuning the context management and tool dispatch; the SDK hands you that refined engine.&lt;/p&gt;

&lt;p&gt;Here is the spec list for those who care:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Spec / Feature&lt;/th&gt;
&lt;th&gt;Technical Detail&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;The Harness&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Built-in codebase indexing, semantic search, &amp;amp; instant grep.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Execution&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Cloud (sandboxed VMs with durable state), Self-Hosted, Local.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Models&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Agnostic. Uses &lt;code&gt;composer-2/composer-3&lt;/code&gt; (default), Claude, or OpenAI.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Integrations&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Deep MCP support, auto-loaded &lt;code&gt;.cursor/skills/&lt;/code&gt;, &amp;amp; hooks.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Subagents&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Main agent can spawn subagents with distinct prompts/models.&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;This means we have a perfect stack to build our agent. Let’s get started with the setup.&lt;/p&gt;


&lt;h2&gt;
  
  
  How to Set Up Cursor Agents SDK
&lt;/h2&gt;

&lt;p&gt;You can install it using &lt;code&gt;npm&lt;/code&gt; to get started, then use Cursor's native &lt;code&gt;cursor SDK skill&lt;/code&gt; for guidance.&lt;/p&gt;

&lt;p&gt;So open your terminal and type:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;npm &lt;span class="nb"&gt;install&lt;/span&gt; @cursor/sdk
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Output&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Once done, install the cursor skill for guiding the cursor / Claude Code. In the same terminal, run:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;npm add skills /cursor-sdk
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;But there is a catch: by default, the Cursor SDK agents ship with a few default tools + MCP support.&lt;/p&gt;

&lt;p&gt;However, this means connecting to or configuring multiple MCP servers is such a hassle for a production-grade product.&lt;/p&gt;

&lt;p&gt;So let's automate it with Composio as the orchestrator, connect and configure it once, and you get secure access to 1000+ tools with optimized tool calls and context.&lt;/p&gt;




&lt;h2&gt;
  
  
  Building a Production Agent With Composio MCP + Cursor Agent SDK
&lt;/h2&gt;

&lt;h3&gt;
  
  
  Why Composio?
&lt;/h3&gt;

&lt;p&gt;&lt;a href="https://composio.dev/" rel="noopener noreferrer"&gt;Composio&lt;/a&gt; offers a single MCP server you can plug into with the Cursor SDK to access &lt;a href="https://composio.dev/toolkits" rel="noopener noreferrer"&gt;1000+ apps&lt;/a&gt; instantly. &lt;/p&gt;

&lt;p&gt;When you’re building an agent that requires interacting with external applications, let’s say a Sales agent with &lt;a href="https://composio.dev/toolkits/gong" rel="noopener noreferrer"&gt;Gong&lt;/a&gt;, &lt;a href="https://composio.dev/toolkits/hubspot" rel="noopener noreferrer"&gt;HubSpot&lt;/a&gt;, &lt;a href="https://composio.dev/toolkits/salesforce" rel="noopener noreferrer"&gt;Salesforce connectors&lt;/a&gt;, etc., you’d spend weeks on partnerships and integrations. Composio completely removes this friction, so you build what matters&lt;/p&gt;

&lt;p&gt;So, let’s explore one example of a GitHub agent that pulls the repository, analyzes it, creates a dev branch, performs automatic refactoring, pushes the code, and opens a PR for review - a simple but powerful use case.&lt;/p&gt;

&lt;p&gt;Let's begin!&lt;/p&gt;

&lt;h3&gt;
  
  
  Setup Workspace
&lt;/h3&gt;

&lt;p&gt;Head to the terminal and run the following commands&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="nb"&gt;mkdir &lt;/span&gt;cursor-agent
&lt;span class="nb"&gt;cd &lt;/span&gt;cursor-agent
npm init &lt;span class="nt"&gt;-y&lt;/span&gt;
npm &lt;span class="nb"&gt;install &lt;/span&gt;typescript ts-node @types/node &lt;span class="nt"&gt;--save-dev&lt;/span&gt;
npx tsc &lt;span class="nt"&gt;--init&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The command will create a new project named &lt;code&gt;cursor_agent&lt;/code&gt; , switch to the folder, initialize a blank &lt;code&gt;npm&lt;/code&gt; project (ensure &lt;code&gt;package.json&lt;/code&gt; gets created), install typescript support for development, and initialize the typescript compiler and linter.&lt;/p&gt;

&lt;p&gt;Since our repository is set up, let’s configure environment variables.&lt;/p&gt;

&lt;h3&gt;
  
  
  Set up Environment Variables
&lt;/h3&gt;

&lt;p&gt;Add a &lt;code&gt;.env&lt;/code&gt; file to keep secrets secure and add the following values:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="nv"&gt;CURSOR_API_KEY&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;your-cursor-api-key
&lt;span class="nv"&gt;COMPOSIO_API_KEY&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;your-composio-api-key
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;You can get the &lt;code&gt;CURSOR_API_KEY&lt;/code&gt; by going to the &lt;a href="https://cursor.com/dashboard/integrations" rel="noopener noreferrer"&gt;Cursor integration&lt;/a&gt; page and creating a new API key.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Feddl8myiiaj88t15jurd.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Feddl8myiiaj88t15jurd.png" alt="Step 1" width="800" height="456"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;For COMPOSIO_API_KEY  , visit the &lt;a href="https://dashboard.composio.dev/" rel="noopener noreferrer"&gt;Composio Dashboard (Platform)&lt;/a&gt;, log in/sign up to the account, and head to the default project (or create one) → profile→ API KEY.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fv4drqq50yjgm04dz5pdu.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fv4drqq50yjgm04dz5pdu.png" alt="Step 2" width="800" height="474"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Click “Create One”, it creates one, copy and then paste it into .env . Make sure it starts with ak_ .&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpusjo38ewzyorboce28i.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpusjo38ewzyorboce28i.png" alt="Step 3" width="800" height="474"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Time to write the code.&lt;/p&gt;




&lt;h3&gt;
  
  
  The Code
&lt;/h3&gt;

&lt;p&gt;Now, create a new &lt;code&gt;index.ts&lt;/code&gt; file and paste the following code.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight tsx"&gt;&lt;code&gt;&lt;span class="c1"&gt;// imports&lt;/span&gt;
&lt;span class="k"&gt;import&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;dotenv/config&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;
&lt;span class="k"&gt;import&lt;/span&gt; &lt;span class="o"&gt;*&lt;/span&gt; &lt;span class="k"&gt;as&lt;/span&gt; &lt;span class="nx"&gt;readline&lt;/span&gt; &lt;span class="k"&gt;from&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;node:readline/promises&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;
&lt;span class="k"&gt;import&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt; &lt;span class="nx"&gt;stdin&lt;/span&gt; &lt;span class="k"&gt;as&lt;/span&gt; &lt;span class="nx"&gt;input&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nx"&gt;stdout&lt;/span&gt; &lt;span class="k"&gt;as&lt;/span&gt; &lt;span class="nx"&gt;output&lt;/span&gt; &lt;span class="p"&gt;}&lt;/span&gt; &lt;span class="k"&gt;from&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;node:process&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;
&lt;span class="k"&gt;import&lt;/span&gt; &lt;span class="kd"&gt;type&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt; &lt;span class="nx"&gt;SDKAgent&lt;/span&gt; &lt;span class="p"&gt;}&lt;/span&gt; &lt;span class="k"&gt;from&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;@cursor/sdk&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;
&lt;span class="k"&gt;import&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
  &lt;span class="nx"&gt;DEFAULT_USER_ID&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
  &lt;span class="nx"&gt;disposeAllAgents&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
  &lt;span class="nx"&gt;getComposioApiKey&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
  &lt;span class="nx"&gt;getOrCreateRuntime&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
  &lt;span class="nx"&gt;requireEnv&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;span class="p"&gt;}&lt;/span&gt; &lt;span class="k"&gt;from&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;./runtime.ts&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;

&lt;span class="c1"&gt;// log tool calls to stdout&lt;/span&gt;
&lt;span class="kd"&gt;function&lt;/span&gt; &lt;span class="nf"&gt;logToolCall&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;
  &lt;span class="nx"&gt;name&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="kr"&gt;string&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
  &lt;span class="nx"&gt;args&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="nx"&gt;unknown&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
  &lt;span class="nx"&gt;status&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;running&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt; &lt;span class="o"&gt;|&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;completed&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt; &lt;span class="o"&gt;|&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;error&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;span class="p"&gt;):&lt;/span&gt; &lt;span class="k"&gt;void&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
  &lt;span class="k"&gt;if &lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;status&lt;/span&gt; &lt;span class="o"&gt;===&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;running&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
    &lt;span class="nx"&gt;console&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;log&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s2"&gt;`\n[tool: &lt;/span&gt;&lt;span class="p"&gt;${&lt;/span&gt;&lt;span class="nx"&gt;name&lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="s2"&gt;] &lt;/span&gt;&lt;span class="p"&gt;${&lt;/span&gt;&lt;span class="nx"&gt;JSON&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;stringify&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;args&lt;/span&gt;&lt;span class="p"&gt;)}&lt;/span&gt;&lt;span class="s2"&gt;`&lt;/span&gt;&lt;span class="p"&gt;);&lt;/span&gt;
  &lt;span class="p"&gt;}&lt;/span&gt; &lt;span class="k"&gt;else&lt;/span&gt; &lt;span class="k"&gt;if &lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;status&lt;/span&gt; &lt;span class="o"&gt;===&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;completed&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
    &lt;span class="nx"&gt;console&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;log&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s2"&gt;`[tool: &lt;/span&gt;&lt;span class="p"&gt;${&lt;/span&gt;&lt;span class="nx"&gt;name&lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="s2"&gt;] done`&lt;/span&gt;&lt;span class="p"&gt;);&lt;/span&gt;
  &lt;span class="p"&gt;}&lt;/span&gt;
&lt;span class="p"&gt;}&lt;/span&gt;

&lt;span class="c1"&gt;// stream assistant text and tool events - act as streaming handler&lt;/span&gt;
&lt;span class="k"&gt;async&lt;/span&gt; &lt;span class="kd"&gt;function&lt;/span&gt; &lt;span class="nf"&gt;runAgentChatStreaming&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;agent&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="nx"&gt;SDKAgent&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nx"&gt;message&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="kr"&gt;string&lt;/span&gt;&lt;span class="p"&gt;):&lt;/span&gt; &lt;span class="nb"&gt;Promise&lt;/span&gt;&lt;span class="o"&gt;&amp;lt;&lt;/span&gt;&lt;span class="k"&gt;void&lt;/span&gt;&lt;span class="o"&gt;&amp;gt;&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
  &lt;span class="kd"&gt;const&lt;/span&gt; &lt;span class="nx"&gt;run&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="k"&gt;await&lt;/span&gt; &lt;span class="nx"&gt;agent&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;send&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;message&lt;/span&gt;&lt;span class="p"&gt;);&lt;/span&gt;

  &lt;span class="nx"&gt;process&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;stdout&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;write&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="se"&gt;\n&lt;/span&gt;&lt;span class="s2"&gt;agent &amp;gt; &lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;);&lt;/span&gt;
  &lt;span class="k"&gt;for&lt;/span&gt; &lt;span class="k"&gt;await &lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="kd"&gt;const&lt;/span&gt; &lt;span class="nx"&gt;event&lt;/span&gt; &lt;span class="k"&gt;of&lt;/span&gt; &lt;span class="nx"&gt;run&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;stream&lt;/span&gt;&lt;span class="p"&gt;())&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
    &lt;span class="k"&gt;if &lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;event&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="kd"&gt;type&lt;/span&gt; &lt;span class="o"&gt;===&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;assistant&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
      &lt;span class="k"&gt;for &lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="kd"&gt;const&lt;/span&gt; &lt;span class="nx"&gt;block&lt;/span&gt; &lt;span class="k"&gt;of&lt;/span&gt; &lt;span class="nx"&gt;event&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;message&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;content&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
        &lt;span class="k"&gt;if &lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;block&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="kd"&gt;type&lt;/span&gt; &lt;span class="o"&gt;===&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;text&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="nx"&gt;process&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;stdout&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;write&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;block&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;text&lt;/span&gt;&lt;span class="p"&gt;);&lt;/span&gt;
      &lt;span class="p"&gt;}&lt;/span&gt;
    &lt;span class="p"&gt;}&lt;/span&gt; &lt;span class="k"&gt;else&lt;/span&gt; &lt;span class="k"&gt;if &lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;event&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="kd"&gt;type&lt;/span&gt; &lt;span class="o"&gt;===&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;tool_call&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
      &lt;span class="nf"&gt;logToolCall&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;event&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;name&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nx"&gt;event&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;args&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nx"&gt;event&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;status&lt;/span&gt;&lt;span class="p"&gt;);&lt;/span&gt;
    &lt;span class="p"&gt;}&lt;/span&gt;
  &lt;span class="p"&gt;}&lt;/span&gt;

  &lt;span class="kd"&gt;const&lt;/span&gt; &lt;span class="nx"&gt;result&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="k"&gt;await&lt;/span&gt; &lt;span class="nx"&gt;run&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;wait&lt;/span&gt;&lt;span class="p"&gt;();&lt;/span&gt;
  &lt;span class="k"&gt;if &lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;result&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;status&lt;/span&gt; &lt;span class="o"&gt;===&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;error&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
    &lt;span class="k"&gt;throw&lt;/span&gt; &lt;span class="k"&gt;new&lt;/span&gt; &lt;span class="nc"&gt;Error&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s2"&gt;`Agent run failed (&lt;/span&gt;&lt;span class="p"&gt;${&lt;/span&gt;&lt;span class="nx"&gt;result&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;id&lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="s2"&gt;)`&lt;/span&gt;&lt;span class="p"&gt;);&lt;/span&gt;
  &lt;span class="p"&gt;}&lt;/span&gt;
  &lt;span class="nx"&gt;process&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;stdout&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;write&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="se"&gt;\n\n&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;);&lt;/span&gt;
&lt;span class="p"&gt;}&lt;/span&gt;

&lt;span class="c1"&gt;// runs the chat loop, adds a readline interface and disposes agents on exit&lt;/span&gt;
&lt;span class="k"&gt;async&lt;/span&gt; &lt;span class="kd"&gt;function&lt;/span&gt; &lt;span class="nf"&gt;main&lt;/span&gt;&lt;span class="p"&gt;():&lt;/span&gt; &lt;span class="nb"&gt;Promise&lt;/span&gt;&lt;span class="o"&gt;&amp;lt;&lt;/span&gt;&lt;span class="k"&gt;void&lt;/span&gt;&lt;span class="o"&gt;&amp;gt;&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
  &lt;span class="nf"&gt;requireEnv&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;CURSOR_API_KEY&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;);&lt;/span&gt;
  &lt;span class="nf"&gt;getComposioApiKey&lt;/span&gt;&lt;span class="p"&gt;();&lt;/span&gt;

  &lt;span class="nx"&gt;console&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;log&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;Setting up Composio session...&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;);&lt;/span&gt;
  &lt;span class="kd"&gt;const&lt;/span&gt; &lt;span class="nx"&gt;runtime&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="k"&gt;await&lt;/span&gt; &lt;span class="nf"&gt;getOrCreateRuntime&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;DEFAULT_USER_ID&lt;/span&gt;&lt;span class="p"&gt;);&lt;/span&gt;
  &lt;span class="nx"&gt;console&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;log&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;
    &lt;span class="s2"&gt;`Ready (user: &lt;/span&gt;&lt;span class="p"&gt;${&lt;/span&gt;&lt;span class="nx"&gt;runtime&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;userId&lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="s2"&gt;, session: &lt;/span&gt;&lt;span class="p"&gt;${&lt;/span&gt;&lt;span class="nx"&gt;runtime&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;sessionId&lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="s2"&gt;, tools: &lt;/span&gt;&lt;span class="p"&gt;${&lt;/span&gt;&lt;span class="nx"&gt;runtime&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;toolsCount&lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="s2"&gt;).`&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
  &lt;span class="p"&gt;);&lt;/span&gt;
  &lt;span class="nx"&gt;console&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;log&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;Type a message, or 'exit' to quit.&lt;/span&gt;&lt;span class="se"&gt;\n&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;);&lt;/span&gt;

  &lt;span class="kd"&gt;const&lt;/span&gt; &lt;span class="nx"&gt;rl&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="nx"&gt;readline&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;createInterface&lt;/span&gt;&lt;span class="p"&gt;({&lt;/span&gt; &lt;span class="nx"&gt;input&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nx"&gt;output&lt;/span&gt; &lt;span class="p"&gt;});&lt;/span&gt;

  &lt;span class="k"&gt;try&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
    &lt;span class="k"&gt;while &lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="kc"&gt;true&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
      &lt;span class="kd"&gt;const&lt;/span&gt; &lt;span class="nx"&gt;userInput&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="k"&gt;await&lt;/span&gt; &lt;span class="nx"&gt;rl&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;question&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;you &amp;gt; &lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)).&lt;/span&gt;&lt;span class="nf"&gt;trim&lt;/span&gt;&lt;span class="p"&gt;();&lt;/span&gt;
      &lt;span class="k"&gt;if &lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="o"&gt;!&lt;/span&gt;&lt;span class="nx"&gt;userInput&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="k"&gt;continue&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;
      &lt;span class="k"&gt;if &lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;userInput&lt;/span&gt; &lt;span class="o"&gt;===&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;exit&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt; &lt;span class="o"&gt;||&lt;/span&gt; &lt;span class="nx"&gt;userInput&lt;/span&gt; &lt;span class="o"&gt;===&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;quit&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="k"&gt;break&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;

      &lt;span class="k"&gt;await&lt;/span&gt; &lt;span class="nf"&gt;runAgentChatStreaming&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;runtime&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;agent&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nx"&gt;userInput&lt;/span&gt;&lt;span class="p"&gt;);&lt;/span&gt;
    &lt;span class="p"&gt;}&lt;/span&gt;
  &lt;span class="p"&gt;}&lt;/span&gt; &lt;span class="k"&gt;finally&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
    &lt;span class="nx"&gt;rl&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;close&lt;/span&gt;&lt;span class="p"&gt;();&lt;/span&gt;
    &lt;span class="k"&gt;await&lt;/span&gt; &lt;span class="nf"&gt;disposeAllAgents&lt;/span&gt;&lt;span class="p"&gt;();&lt;/span&gt;
  &lt;span class="p"&gt;}&lt;/span&gt;
&lt;span class="p"&gt;}&lt;/span&gt;

&lt;span class="nf"&gt;main&lt;/span&gt;&lt;span class="p"&gt;().&lt;/span&gt;&lt;span class="k"&gt;catch&lt;/span&gt;&lt;span class="p"&gt;((&lt;/span&gt;&lt;span class="nx"&gt;err&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="o"&gt;=&amp;gt;&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
  &lt;span class="nx"&gt;console&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;error&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;err&lt;/span&gt;&lt;span class="p"&gt;);&lt;/span&gt;
  &lt;span class="nx"&gt;process&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;exit&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="mi"&gt;1&lt;/span&gt;&lt;span class="p"&gt;);&lt;/span&gt;
&lt;span class="p"&gt;});&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Let's look at the code: &lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;We start by loading dependencies from &lt;code&gt;.env&lt;/code&gt;, &lt;code&gt;readline&lt;/code&gt;, and shared helpers from &lt;a href="https://github.com/DevloperHS/cursor_agents/blob/main/runtime.ts" rel="noopener noreferrer"&gt;&lt;code&gt;runtime.ts&lt;/code&gt;&lt;/a&gt; (&lt;code&gt;getOrCreateRuntime&lt;/code&gt;, API key checks, and cleanup)&lt;/li&gt;
&lt;li&gt;For a sanity check, we validate &lt;code&gt;CURSOR_API_KEY&lt;/code&gt; and &lt;code&gt;COMPOSIO_API_KEY&lt;/code&gt; before the chat loop starts (Composio is also checked when &lt;code&gt;runtime.ts&lt;/code&gt; loads).&lt;/li&gt;
&lt;li&gt;Next, we create a Composio session for the default user and spin up a Cursor agent on &lt;code&gt;composer-2&lt;/code&gt; with the Composio MCP server for tools (handled in &lt;code&gt;runtime.ts&lt;/code&gt;).&lt;/li&gt;
&lt;li&gt;We keep the same agent in the loop for every message, so tools and sessions stay wired throughout the CLI session.&lt;/li&gt;
&lt;li&gt;We run a terminal chat loop with readline: read input → send to agent → stream assistant text and tool status → repeat until &lt;code&gt;exit&lt;/code&gt; or &lt;code&gt;quit&lt;/code&gt;.&lt;/li&gt;
&lt;li&gt;While streaming, we log tool calls on &lt;code&gt;running&lt;/code&gt; and &lt;code&gt;completed&lt;/code&gt;, and throw if the agent run ends in error.&lt;/li&gt;
&lt;li&gt;On exit, we close readline, dispose of agents via &lt;code&gt;runtime.ts&lt;/code&gt;, and log any failure from &lt;code&gt;main()&lt;/code&gt; before exiting with code 1.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;If you encounter an issue, refer to the codebase in the project's &lt;a href="https://github.com/DevloperHS/cursor_agents" rel="noopener noreferrer"&gt;GitHub repo&lt;/a&gt;.  Feel free to clone it, tweak it to your liking, or use it as it is.&lt;/p&gt;

&lt;p&gt;And that's it, all set, time to run the agent!&lt;/p&gt;




&lt;h2&gt;
  
  
  Run the agent
&lt;/h2&gt;

&lt;p&gt;To run the agent in the terminal and at the project root, type:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;npx ts-node index.ts
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;and an interactive chat opens up where you can prompt it step by step / direct it to do the entire task at once. Here is a demo of me using it in chat mode (step by step)&lt;/p&gt;

&lt;p&gt;  &lt;iframe src="https://www.youtube.com/embed/k4wfe4pJS_0"&gt;
  &lt;/iframe&gt;
&lt;/p&gt;

&lt;p&gt;As you can see, the cursor agent acts as the brain, calling the &lt;a href="https://composio.dev/toolkits/github" rel="noopener noreferrer"&gt;Composio GitHub tools&lt;/a&gt; to clone the repo, check for changes, create a dev branch, refactor the code, commit to the dev branch, and finally open a PR.&lt;/p&gt;

&lt;p&gt;Usually, this takes many human hours, but with a cursor-agent, it takes only 5 minutes.&lt;/p&gt;

&lt;p&gt;Also, with the new update, you need to add a GitHub token to use GitHub with the cursor/agent. Using Composio fixes this need as well.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;Note: For simplicity I have used terminal , but you can add a ui layer on top of the agent.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;With this, we have reached the end of the article. Here is my closing note.&lt;/p&gt;




&lt;h2&gt;
  
  
  Final Thoughts
&lt;/h2&gt;

&lt;p&gt;In this article, we learned how to use the Cursor SDK and Composio MCP to build a GitHub chatbot while keeping it optimized for asynchronous operations and following best practices, such as masking sensitive variables.&lt;/p&gt;

&lt;p&gt;But this is just the tip of the iceberg with what's possible with the cursor agent SDK. Feel free to experiment and build your own assistant/chatbot. You can explore more in the &lt;a href="https://github.com/cursor/cookbook" rel="noopener noreferrer"&gt;cursor-cookbook&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;At the end of the day, building agents / multi-agent systems is not hard; planning and orchestrating them to work efficiently, collaboratively, and securely is. In fact, it's the next valuable skill in 2026.&lt;/p&gt;

&lt;p&gt;So what are you waiting for? Get started with Cursor Agents while &lt;a href="https://composio.dev/" rel="noopener noreferrer"&gt;Composio MCP&lt;/a&gt; handles the tooling layer.&lt;/p&gt;

</description>
      <category>ai</category>
      <category>productivity</category>
      <category>agents</category>
    </item>
    <item>
      <title>Building Streamable HTTP MCP Servers from Scratch using FastMCP in 2026</title>
      <dc:creator>Developer Harsh</dc:creator>
      <pubDate>Mon, 18 May 2026 14:50:04 +0000</pubDate>
      <link>https://dev.to/composiodev/building-streamable-http-mcp-servers-from-scratch-using-fastmcp-in-2026-5fh9</link>
      <guid>https://dev.to/composiodev/building-streamable-http-mcp-servers-from-scratch-using-fastmcp-in-2026-5fh9</guid>
      <description>&lt;p&gt;If you've spent any time wiring up tools for an AI agent, you know the pain: every model vendor has its own function-calling format, every integration is bespoke glue code, and every model upgrade breaks something downstream. &lt;/p&gt;

&lt;p&gt;MCP changes this by providing a shared interface for tools, data sources, and AI clients. Instead of rebuilding integrations for every model or app, you expose capabilities once through an MCP server and let compatible clients connect to them.&lt;/p&gt;

&lt;p&gt;Anthropic released the Model Context Protocol in November 2024, and by spring 2025, OpenAI, Microsoft, and Google had adopted it. It has quickly become the de facto standard for connecting AI systems to external tools and data. That makes MCP worth learning now.&lt;/p&gt;

&lt;p&gt;This guide teaches you how to build an MCP server from scratch, expose it over two transports: &lt;strong&gt;stdio&lt;/strong&gt; and &lt;strong&gt;streamable HTTP&lt;/strong&gt;, connect it to Claude Desktop and Cursor.  and provide you with a production checklist for hardening the production MCP servers before shipping them. The full code is available in the companion repo at the end&lt;/p&gt;

&lt;h3&gt;
  
  
  tl; dr
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;What is MCP&lt;/li&gt;
&lt;li&gt;MCP Components in Nutshell&lt;/li&gt;
&lt;li&gt;Build a Local MCP server (tools, resources, and prompts)&lt;/li&gt;
&lt;li&gt;Connect to Hosted MCP Server (HTTP Streamable)&lt;/li&gt;
&lt;li&gt;MCP Server Advance Use Case&lt;/li&gt;
&lt;li&gt;Deployment Notes for Production MCP Servers&lt;/li&gt;
&lt;li&gt;Conclusion&lt;/li&gt;
&lt;li&gt;Frequently Asked Questions&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Let's Begin!&lt;/p&gt;




&lt;h2&gt;
  
  
  What is MCP
&lt;/h2&gt;

&lt;p&gt;An MCP server is a JSON-RPC 2.0 process that exposes three primitives to any compliant &lt;a href="https://composio.dev/content/mcp-client-step-by-step-guide-to-building-from-scratch" rel="noopener noreferrer"&gt;MCP client&lt;/a&gt; over stdio or streamable HTTP. Those primitives are &lt;strong&gt;tools&lt;/strong&gt; (functions the model can call), &lt;strong&gt;resources&lt;/strong&gt; (data the model can read), and &lt;strong&gt;prompts&lt;/strong&gt; (reusable templates). That's the whole protocol. &lt;/p&gt;

&lt;p&gt;Everything else is an implementation detail as given in the comparison table.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;&lt;strong&gt;Feature&lt;/strong&gt;&lt;/th&gt;
&lt;th&gt;&lt;strong&gt;Model Context Protocol (MCP)&lt;/strong&gt;&lt;/th&gt;
&lt;th&gt;&lt;strong&gt;Traditional API (REST / GraphQL / gRPC)&lt;/strong&gt;&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Primary purpose&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Give LLM-based agents a &lt;em&gt;single&lt;/em&gt; way to fetch context &lt;strong&gt;and&lt;/strong&gt; invoke side-effecting tools.&lt;/td&gt;
&lt;td&gt;General machine-to-machine data exchange &amp;amp; business logic.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Integration effort&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Once an agent speaks MCP, it can talk to any compliant server; only one SDK/wire-spec to learn.&lt;/td&gt;
&lt;td&gt;Each API exposes its own spec/SDK; you integrate them one by one.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Interaction model&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Stateful sessions + bidirectional messaging; supports long-running tasks and mid-job progress callbacks.&lt;/td&gt;
&lt;td&gt;Stateless request/response; usually unidirectional.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Streaming support&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Standardised via “Streamable HTTP” (SSE/WebSocket).&lt;/td&gt;
&lt;td&gt;Not part of the REST spec; developers bolt on WebSockets/SSE ad hoc.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Extensibility (adding new capabilities)&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;The server can add new tools/resources without breaking clients; the agent discovers them at runtime.&lt;/td&gt;
&lt;td&gt;Breaking changes need versioning, or clients must update to use new endpoints/types.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Standardisation/wire format&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;One JSON-Schema-driven spec for inputs &amp;amp; outputs, plus defined transports.&lt;/td&gt;
&lt;td&gt;Multiple styles (REST, GraphQL, gRPC) with differing auth headers, error shapes, and media types.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Maturity &amp;amp; tooling&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Rapidly growing, but still early; dozens of open-source servers and early commercial support.&lt;/td&gt;
&lt;td&gt;Decades of best-practice guides, gateways, SDKs, APM, and monitoring.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Performance path length&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Extra hop (agent → MCP → underlying API) adds a bit of latency; streaming mitigates waiting for large payloads.&lt;/td&gt;
&lt;td&gt;Direct call; generally lower overhead for high-QPS, deterministic workloads.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Typical sweet-spot use-cases&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Autonomous agents chaining multiple tools, dynamic workflows, and user-in-the-loop&lt;/td&gt;
&lt;td&gt;CRUD data services, stable integrations, high-throughput micro-services.&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;If you want a deeper conceptual primer, check out the &lt;a href="https://composio.dev/blog/what-is-model-context-protocol-mcp-explained/" rel="noopener noreferrer"&gt;Model Context Protocol explainer&lt;/a&gt;, which covers the architecture in detail. For primer, here is how this all works!&lt;/p&gt;




&lt;h2&gt;
  
  
  MCP Components in Nutshell
&lt;/h2&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fs0n3rpcv1z9e5dubyxjb.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fs0n3rpcv1z9e5dubyxjb.png" alt="MCP Component" width="800" height="541"&gt;&lt;/a&gt; %}&lt;/p&gt;

&lt;h3&gt;
  
  
  The Architecture
&lt;/h3&gt;

&lt;p&gt;The MCP architecture consists of several key components that work together to enable seamless integration:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;MCP Hosts&lt;/strong&gt;: Applications that want to use tools or data through MCP. Examples include Claude Desktop, Cursor, or any AI app that supports MCP.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;MCP Clients&lt;/strong&gt;: Client instances created by the host. Each client maintains a dedicated one-to-one connection with a single MCP server.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;MCP Servers&lt;/strong&gt;: Lightweight programs that expose tools, resources, and prompts through the MCP protocol.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Local Data Sources&lt;/strong&gt;: Files, databases, codebases, or local services that an MCP server can access on the user’s machine.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Remote Services&lt;/strong&gt;: External APIs or cloud services that an MCP server can call, such as Google Sheets, GitHub, Slack, or Postgres hosted in the cloud.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;At a high level, the host does not talk directly to your database, file system, or API. Instead, it talks to an MCP client, which talks to an MCP server, which then talks to the actual data source or service. &lt;/p&gt;

&lt;p&gt;This simple diagram might help you understand the flow better:&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhtr5ddgaqrh6fdn93k6x.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhtr5ddgaqrh6fdn93k6x.png" alt="MCP FLOW" width="800" height="893"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The key point is that MCP servers serve as the integration layer. They hide the messy parts of authentication, API calls, file access, and business logic behind a clean protocol interface.&lt;/p&gt;

&lt;p&gt;This separation of concerns makes MCP servers modular and maintainable. The AI app does not need to know how Google Sheets, GitHub, or a local database works. It only needs to know how to call the MCP server.&lt;/p&gt;

&lt;p&gt;So how does this all connect?&lt;/p&gt;




&lt;h3&gt;
  
  
  &lt;strong&gt;How The Components Work Together&lt;/strong&gt;
&lt;/h3&gt;

&lt;p&gt;Let's understand this with a practical example:&lt;/p&gt;

&lt;p&gt;Say you're using Claude Code (an MCP host) to manage your project's budget. You want to update a budget report in Google Sheets and send a summary of the changes to your team via Slack.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;a href="https://code.claude.com/docs/en/mcp" rel="noopener noreferrer"&gt;Claude Code&lt;/a&gt; (MCP host) initiates a request to the MCP client to update the budget report in Google Sheets and send a Slack notification.&lt;/li&gt;
&lt;li&gt;The MCP client connects to two MCP servers: one for Google Sheets and one for Slack.&lt;/li&gt;
&lt;li&gt;The &lt;a href="https://composio.dev/toolkits/googlesheets" rel="noopener noreferrer"&gt;Google Sheets MCP&lt;/a&gt; server calls the Google Sheets API (remote service) to update the budget report.&lt;/li&gt;
&lt;li&gt;The &lt;a href="https://composio.dev/toolkits/slack" rel="noopener noreferrer"&gt;Slack MCP&lt;/a&gt; server interacts with the Slack API (remote service) to send a notification.&lt;/li&gt;
&lt;li&gt;MCP servers send responses back to the MCP client.&lt;/li&gt;
&lt;li&gt;The MCP client forwards these responses to Cursor, which displays the result to the user.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This process happens seamlessly, allowing Cursor to integrate with multiple services through a standardized interface.&lt;/p&gt;

&lt;p&gt;That's the working in a nutshell. From here on, we will focus on building.&lt;/p&gt;




&lt;h2&gt;
  
  
  Build Local Stremable HTTP MCP Servers
&lt;/h2&gt;

&lt;p&gt;We'll build something you'd actually deploy: a &lt;strong&gt;GitHub issue search server&lt;/strong&gt; that lets your AI assistant search issues, fetch issue details, and pull recent pull requests from any repository. [subject to change]&lt;/p&gt;

&lt;p&gt;We will follow a series of steps to make sure things go smoothly. This is also industry standard, so it's best to follow along. &lt;/p&gt;

&lt;h3&gt;
  
  
  Prequires
&lt;/h3&gt;

&lt;p&gt;Before anything else, ensure you complete the prerequisites, as they will be the foundation for any MCP implementation we do.&lt;/p&gt;

&lt;p&gt;You'll need:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;Python 3.10+&lt;/strong&gt;&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Node.js 18+&lt;/strong&gt; for TypeScript (if you choose to build with TypeScript)&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Claude Desktop&lt;/strong&gt; or &lt;strong&gt;Cursor&lt;/strong&gt; for testing&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;A common question users often ask: when should you pick Python vs. TypeScript? Here is an honest review:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;a href="https://www.python.org/downloads/" rel="noopener noreferrer"&gt;Python&lt;/a&gt; with &lt;a href="https://gofastmcp.com/getting-started/welcome" rel="noopener noreferrer"&gt;FastMCP&lt;/a&gt; is faster for prototyping and works well for stdio servers.&lt;/li&gt;
&lt;li&gt;
&lt;a href="https://www.typescriptlang.org/" rel="noopener noreferrer"&gt;TypeScript&lt;/a&gt; shines for HTTP servers deployed to Cloudflare Workers, Vercel Edge, or any Node-based stack due to its type safety.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;In case you are wondering, Composio is the ultimate integration platform, empowering developers to seamlessly connect AI agents with external tools, servers, and APIs with just a single line of code.&lt;/p&gt;

&lt;p&gt;With the fully managed &lt;a href="https://composio.dev/blog/best-mcp-servers-for-chatgpt" rel="noopener noreferrer"&gt;&lt;strong&gt;MCP Server&lt;/strong&gt;s&lt;/a&gt;, developers can rapidly build powerful AI applications without the hassle of managing complex integrations. &lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;In a nutshell: Composio handles the infrastructure so developers can focus on innovation.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;Next, let's set up the working environment.&lt;/p&gt;

&lt;h3&gt;
  
  
  &lt;strong&gt;Work Environment Setup&lt;/strong&gt;
&lt;/h3&gt;

&lt;p&gt;We start by creating a project directory.&lt;/p&gt;

&lt;p&gt;Navigate to your working folder and create a folder named &lt;strong&gt;MCP,&lt;/strong&gt; or u can use the terminal command:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="nb"&gt;mkdir &lt;/span&gt;mcp_servers
&lt;span class="nb"&gt;cd &lt;/span&gt;mcp_servers
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Next, create a virtual environment using:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;python3 &lt;span class="nt"&gt;-m&lt;/span&gt; venv .venv
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Now activate the environment with:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="c"&gt;# Windows:&lt;/span&gt;
.venv&lt;span class="se"&gt;\S&lt;/span&gt;cripts&lt;span class="se"&gt;\a&lt;/span&gt;ctivate

&lt;span class="c"&gt;# Linux/Mac:&lt;/span&gt;
&lt;span class="nb"&gt;source&lt;/span&gt; .venv/bin/activate
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Ensure you see (.venv) in Front of the terminal cwd path.&lt;/p&gt;

&lt;p&gt;Finally, install the FastMCP package&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;pip &lt;span class="nb"&gt;install &lt;/span&gt;FastMCP
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h3&gt;
  
  
  Writing Server Code
&lt;/h3&gt;

&lt;p&gt;Server code is where the entire MCP server logic lives. Create a new &lt;code&gt;server.py&lt;/code&gt;  file and inside it paste the code below:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight python"&gt;&lt;code&gt;&lt;span class="c1"&gt;# server.py
&lt;/span&gt;
&lt;span class="c1"&gt;# imports
&lt;/span&gt;&lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="n"&gt;base64&lt;/span&gt;
&lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="n"&gt;os&lt;/span&gt;
&lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="n"&gt;uuid&lt;/span&gt;

&lt;span class="kn"&gt;from&lt;/span&gt; &lt;span class="n"&gt;typing&lt;/span&gt; &lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="n"&gt;List&lt;/span&gt;
&lt;span class="kn"&gt;from&lt;/span&gt; &lt;span class="n"&gt;fastmcp&lt;/span&gt; &lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="n"&gt;FastMCP&lt;/span&gt;

&lt;span class="n"&gt;mcp&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="nc"&gt;FastMCP&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;Utility MCP Server&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;

&lt;span class="c1"&gt;# generate password utility
&lt;/span&gt;&lt;span class="nd"&gt;@mcp.tool&lt;/span&gt;&lt;span class="p"&gt;()&lt;/span&gt;
&lt;span class="k"&gt;def&lt;/span&gt; &lt;span class="nf"&gt;generate_password&lt;/span&gt;&lt;span class="p"&gt;()&lt;/span&gt; &lt;span class="o"&gt;-&amp;gt;&lt;/span&gt; &lt;span class="nb"&gt;str&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;

    &lt;span class="sh"&gt;"""&lt;/span&gt;&lt;span class="s"&gt;
    Generate a pseudo-random password for development use.

    This function creates a password by encoding a UUID4 string in base64
    and then reversing the resulting string. It&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;s intended for use in
    development or testing environments where cryptographic security is not
    critical.

    Returns:
        str: A reversed base64-encoded UUID4 string, typically around 48 characters.
        May include alphanumeric characters, &lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;+&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;, &lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;/&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;, and &lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;=&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt; padding.

    Security Notes:
        - Uses the string form of UUID4 (not raw bytes), so effective entropy is lower (~190 bits of input chars)
        - Suitable for temporary or development credentials.
        - NOT recommended for production use.
        - For higher security, consider using secrets.token_urlsafe().

    Example:
&lt;/span&gt;&lt;span class="gp"&gt;        &amp;gt;&amp;gt;&amp;gt;&lt;/span&gt; &lt;span class="nf"&gt;generate_password&lt;/span&gt;&lt;span class="p"&gt;()&lt;/span&gt;
        &lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;==dGM0ZTcwLTI0ZTUtNDJlZC05Y2I1LTk3OGJjODAxMDAwNw==&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;
    &lt;span class="sh"&gt;"""&lt;/span&gt;

    &lt;span class="n"&gt;uuid_string&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="nf"&gt;str&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;uuid&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;uuid4&lt;/span&gt;&lt;span class="p"&gt;()).&lt;/span&gt;&lt;span class="nf"&gt;encode&lt;/span&gt;&lt;span class="p"&gt;()&lt;/span&gt;
    &lt;span class="n"&gt;base64_encoded&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;base64&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;b64encode&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;uuid_string&lt;/span&gt;&lt;span class="p"&gt;).&lt;/span&gt;&lt;span class="nf"&gt;decode&lt;/span&gt;&lt;span class="p"&gt;()&lt;/span&gt;
    &lt;span class="k"&gt;return&lt;/span&gt; &lt;span class="n"&gt;base64_encoded&lt;/span&gt; &lt;span class="p"&gt;[::&lt;/span&gt;&lt;span class="o"&gt;-&lt;/span&gt;&lt;span class="mi"&gt;1&lt;/span&gt;&lt;span class="p"&gt;]&lt;/span&gt;

&lt;span class="c1"&gt;# list all the files in the directory
&lt;/span&gt;&lt;span class="nd"&gt;@mcp.tool&lt;/span&gt;&lt;span class="p"&gt;()&lt;/span&gt;
&lt;span class="k"&gt;def&lt;/span&gt; &lt;span class="nf"&gt;list_files&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;directory&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="nb"&gt;str&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;.&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="o"&gt;-&amp;gt;&lt;/span&gt; &lt;span class="n"&gt;List&lt;/span&gt;&lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="nb"&gt;str&lt;/span&gt;&lt;span class="p"&gt;]:&lt;/span&gt;
    &lt;span class="sh"&gt;"""&lt;/span&gt;&lt;span class="s"&gt;
    List all files and directories in a specified path.

    This tool allows the AI to explore the file system by returning a list 
    of names of the entries in the directory given by path.

    Args:
        directory (str): The path to the directory to list. Defaults to the 
        current working directory (&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;.&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;).

    Returns:
        List[str]: A list of filenames and directory names. If an error 
        occurs (e.g., directory not found), returns a list containing 
        the error message.
    &lt;/span&gt;&lt;span class="sh"&gt;"""&lt;/span&gt;
    &lt;span class="k"&gt;try&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;
        &lt;span class="k"&gt;return&lt;/span&gt; &lt;span class="n"&gt;os&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;listdir&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;directory&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
    &lt;span class="k"&gt;except&lt;/span&gt; &lt;span class="nb"&gt;Exception&lt;/span&gt; &lt;span class="k"&gt;as&lt;/span&gt; &lt;span class="n"&gt;e&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;
        &lt;span class="k"&gt;return&lt;/span&gt; &lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="sa"&gt;f&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;Error: &lt;/span&gt;&lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="nf"&gt;str&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;e&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;]&lt;/span&gt;


&lt;span class="c1"&gt;# read the given file
&lt;/span&gt;&lt;span class="nd"&gt;@mcp.tool&lt;/span&gt;&lt;span class="p"&gt;()&lt;/span&gt;
&lt;span class="k"&gt;def&lt;/span&gt; &lt;span class="nf"&gt;read_file&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;filename&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="nb"&gt;str&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="o"&gt;-&amp;gt;&lt;/span&gt; &lt;span class="nb"&gt;str&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;
    &lt;span class="sh"&gt;"""&lt;/span&gt;&lt;span class="s"&gt;
    Read and return the full text content of a file.

    This tool enables the AI to analyze the contents of specific text files 
    within the accessible file system.

    Args:
        filename (str): The path to the file that needs to be read.

    Returns:
        str: The complete string content of the file encoded in UTF-8. 
        If the file cannot be read, returns an error message starting 
        with &lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;Error reading file:&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;.
    &lt;/span&gt;&lt;span class="sh"&gt;"""&lt;/span&gt;
    &lt;span class="k"&gt;try&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;
        &lt;span class="k"&gt;with&lt;/span&gt; &lt;span class="nf"&gt;open&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;filename&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;r&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;encoding&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;utf-8&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="k"&gt;as&lt;/span&gt; &lt;span class="nb"&gt;file&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;
            &lt;span class="k"&gt;return&lt;/span&gt; &lt;span class="nb"&gt;file&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;read&lt;/span&gt;&lt;span class="p"&gt;()&lt;/span&gt;
    &lt;span class="k"&gt;except&lt;/span&gt; &lt;span class="nb"&gt;Exception&lt;/span&gt; &lt;span class="k"&gt;as&lt;/span&gt; &lt;span class="n"&gt;e&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;
        &lt;span class="k"&gt;return&lt;/span&gt; &lt;span class="sa"&gt;f&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;Error reading file: &lt;/span&gt;&lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="nf"&gt;str&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;e&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;

&lt;span class="c1"&gt;# system info (resource)
&lt;/span&gt;&lt;span class="nd"&gt;@mcp.resource&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;data://sys-info&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
&lt;span class="k"&gt;def&lt;/span&gt; &lt;span class="nf"&gt;get_system_info&lt;/span&gt;&lt;span class="p"&gt;()&lt;/span&gt; &lt;span class="o"&gt;-&amp;gt;&lt;/span&gt; &lt;span class="nb"&gt;str&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;
    &lt;span class="sh"&gt;"""&lt;/span&gt;&lt;span class="s"&gt;
    Get a comprehensive system snapshot including time, hardware specs, 
    and real-time health metrics.
    &lt;/span&gt;&lt;span class="sh"&gt;"""&lt;/span&gt;
    &lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="n"&gt;platform&lt;/span&gt;
    &lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="n"&gt;psutil&lt;/span&gt;
    &lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="n"&gt;subprocess&lt;/span&gt;
    &lt;span class="kn"&gt;from&lt;/span&gt; &lt;span class="n"&gt;datetime&lt;/span&gt; &lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="n"&gt;datetime&lt;/span&gt;

    &lt;span class="n"&gt;now&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;datetime&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;now&lt;/span&gt;&lt;span class="p"&gt;()&lt;/span&gt;
    &lt;span class="n"&gt;timestamp&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;now&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;strftime&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;%Y-%m-%d %H:%M:%S&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
    &lt;span class="n"&gt;day_name&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;now&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;strftime&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;%A&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;


    &lt;span class="n"&gt;boot_time&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;datetime&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;fromtimestamp&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;psutil&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;boot_time&lt;/span&gt;&lt;span class="p"&gt;())&lt;/span&gt;
    &lt;span class="n"&gt;uptime&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="nf"&gt;str&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;now&lt;/span&gt; &lt;span class="o"&gt;-&lt;/span&gt; &lt;span class="n"&gt;boot_time&lt;/span&gt;&lt;span class="p"&gt;).&lt;/span&gt;&lt;span class="nf"&gt;split&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;.&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="p"&gt;)[&lt;/span&gt;&lt;span class="mi"&gt;0&lt;/span&gt;&lt;span class="p"&gt;]&lt;/span&gt;

    &lt;span class="n"&gt;sys_type&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;platform&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;system&lt;/span&gt;&lt;span class="p"&gt;()&lt;/span&gt;
    &lt;span class="n"&gt;machine&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;platform&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;machine&lt;/span&gt;&lt;span class="p"&gt;()&lt;/span&gt;
    &lt;span class="n"&gt;cpu_count&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;psutil&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;cpu_count&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;logical&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="bp"&gt;False&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
    &lt;span class="k"&gt;try&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;
        &lt;span class="n"&gt;gpu_info&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;subprocess&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;check_output&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;
            &lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;nvidia-smi&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;--query-gpu=gpu_name&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;--format=csv,noheader&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;],&lt;/span&gt; 
            &lt;span class="n"&gt;encoding&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;utf-8&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;
        &lt;span class="p"&gt;).&lt;/span&gt;&lt;span class="nf"&gt;strip&lt;/span&gt;&lt;span class="p"&gt;()&lt;/span&gt;
    &lt;span class="k"&gt;except&lt;/span&gt; &lt;span class="nb"&gt;Exception&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;
        &lt;span class="n"&gt;gpu_info&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;N/A (NVIDIA-SMI not found)&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;

    &lt;span class="n"&gt;cpu_usage&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;psutil&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;cpu_percent&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;interval&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="bp"&gt;None&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
    &lt;span class="n"&gt;memory&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;psutil&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;virtual_memory&lt;/span&gt;&lt;span class="p"&gt;()&lt;/span&gt;
    &lt;span class="n"&gt;disk&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;psutil&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;disk_usage&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;C:&lt;/span&gt;&lt;span class="se"&gt;\\&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;

    &lt;span class="k"&gt;return&lt;/span&gt; &lt;span class="sa"&gt;f&lt;/span&gt;&lt;span class="sh"&gt;"""&lt;/span&gt;&lt;span class="s"&gt;
             --- Hardware Specs ---
            OS:        &lt;/span&gt;&lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="n"&gt;sys_type&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="s"&gt; (&lt;/span&gt;&lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="n"&gt;machine&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="s"&gt;)
            CPU:       &lt;/span&gt;&lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="n"&gt;cpu_count&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="s"&gt; Physical Cores
            GPU:       &lt;/span&gt;&lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="n"&gt;gpu_info&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="s"&gt;

            --- Temporal Context ---
            Date/Time: &lt;/span&gt;&lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="n"&gt;timestamp&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="s"&gt;
            Day:       &lt;/span&gt;&lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="n"&gt;day_name&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="s"&gt;
            Uptime:    &lt;/span&gt;&lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="n"&gt;uptime&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="s"&gt;

            --- Resource Utilization ---
            CPU Load:  &lt;/span&gt;&lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="n"&gt;cpu_usage&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="s"&gt;%
            RAM Usage: &lt;/span&gt;&lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="n"&gt;memory&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;percent&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="s"&gt;% (&lt;/span&gt;&lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="n"&gt;memory&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;used&lt;/span&gt; &lt;span class="o"&gt;//&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="mi"&gt;1024&lt;/span&gt;&lt;span class="o"&gt;**&lt;/span&gt;&lt;span class="mi"&gt;2&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="s"&gt;MB / &lt;/span&gt;&lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="n"&gt;memory&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;total&lt;/span&gt; &lt;span class="o"&gt;//&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="mi"&gt;1024&lt;/span&gt;&lt;span class="o"&gt;**&lt;/span&gt;&lt;span class="mi"&gt;2&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="s"&gt;MB)
            Disk (C:): &lt;/span&gt;&lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="n"&gt;disk&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;percent&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="s"&gt;% Used (&lt;/span&gt;&lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="n"&gt;disk&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;free&lt;/span&gt; &lt;span class="o"&gt;//&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="mi"&gt;1024&lt;/span&gt;&lt;span class="o"&gt;**&lt;/span&gt;&lt;span class="mi"&gt;3&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="s"&gt;GB Free)
            &lt;/span&gt;&lt;span class="sh"&gt;"""&lt;/span&gt;

&lt;span class="c1"&gt;# general prompt
&lt;/span&gt;&lt;span class="nd"&gt;@mcp.prompt&lt;/span&gt;&lt;span class="p"&gt;()&lt;/span&gt;
&lt;span class="k"&gt;def&lt;/span&gt; &lt;span class="nf"&gt;helper_prompt&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;task&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="nb"&gt;str&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;context&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="nb"&gt;str&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="sh"&gt;""&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="o"&gt;-&amp;gt;&lt;/span&gt; &lt;span class="nb"&gt;str&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;
    &lt;span class="sh"&gt;"""&lt;/span&gt;&lt;span class="s"&gt;General purpose prompt for any task with optional context.&lt;/span&gt;&lt;span class="sh"&gt;"""&lt;/span&gt;
    &lt;span class="n"&gt;base_prompt&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="sa"&gt;f&lt;/span&gt;&lt;span class="sh"&gt;"""&lt;/span&gt;&lt;span class="s"&gt;
Task: &lt;/span&gt;&lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="n"&gt;task&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="s"&gt;

Please approach this systematically:
1. Break down the problem
2. Consider multiple solutions
3. Explain your reasoning
4. Provide clear, actionable steps
&lt;/span&gt;&lt;span class="sh"&gt;"""&lt;/span&gt;

    &lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="n"&gt;context&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;
        &lt;span class="n"&gt;base_prompt&lt;/span&gt; &lt;span class="o"&gt;+=&lt;/span&gt; &lt;span class="sa"&gt;f&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="se"&gt;\n\n&lt;/span&gt;&lt;span class="s"&gt;Additional context: &lt;/span&gt;&lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="n"&gt;context&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;

    &lt;span class="k"&gt;return&lt;/span&gt; &lt;span class="n"&gt;base_prompt&lt;/span&gt;

&lt;span class="c1"&gt;# api-design rules prompt
&lt;/span&gt;&lt;span class="nd"&gt;@mcp.prompt&lt;/span&gt;&lt;span class="p"&gt;()&lt;/span&gt;
&lt;span class="k"&gt;def&lt;/span&gt; &lt;span class="nf"&gt;api_endpoint_design_prompt&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;endpoint_name&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="nb"&gt;str&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;purpose&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="nb"&gt;str&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="o"&gt;-&amp;gt;&lt;/span&gt; &lt;span class="nb"&gt;str&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;
    &lt;span class="sh"&gt;"""&lt;/span&gt;&lt;span class="s"&gt;Specific prompt for designing RESTful API endpoints.&lt;/span&gt;&lt;span class="sh"&gt;"""&lt;/span&gt;
    &lt;span class="k"&gt;return&lt;/span&gt; &lt;span class="sa"&gt;f&lt;/span&gt;&lt;span class="sh"&gt;"""&lt;/span&gt;&lt;span class="s"&gt;
Design a RESTful API endpoint: &lt;/span&gt;&lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="n"&gt;endpoint_name&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="s"&gt;
Purpose: &lt;/span&gt;&lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="n"&gt;purpose&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="s"&gt;

Please provide:
1. HTTP method and URL pattern
2. Request/response schemas with examples
3. Status codes and error handling
4. Authentication requirements
5. Rate limiting considerations
6. OpenAPI/Swagger documentation snippet

Follow REST conventions and include proper validation.
Use JSON for data exchange and meaningful HTTP status codes.
&lt;/span&gt;&lt;span class="sh"&gt;"""&lt;/span&gt;

&lt;span class="c1"&gt;# Run MCP server
# if __name__ == "__main__":
&lt;/span&gt;    &lt;span class="c1"&gt;# mcp.run()
&lt;/span&gt;
&lt;span class="c1"&gt;# Run stremable http MCP Server (can be deployed / hosted)
&lt;/span&gt;&lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="n"&gt;__name__&lt;/span&gt; &lt;span class="o"&gt;==&lt;/span&gt; &lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;__main__&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;
   &lt;span class="n"&gt;mcp&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;run&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;transport&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;streamable-http&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;host&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;0.0.0.0&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;port&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="mi"&gt;8000&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Key points from the code:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;code&gt;mcp&lt;/code&gt; : It's the Fast MCP object named as provided. Important to initialize at the start.&lt;/li&gt;
&lt;li&gt;
&lt;code&gt;@mcp.tool()&lt;/code&gt; : Decorator wraps the entire function underneath and exposes it as a tool to the MCP client. Docstrings are very important; a good docstring leads to fewer model failures. Includes &lt;code&gt;generate_password&lt;/code&gt; , &lt;code&gt;list_files&lt;/code&gt;, &lt;code&gt;read_file&lt;/code&gt;tools.&lt;/li&gt;
&lt;li&gt;
&lt;code&gt;@mcp.resource("data://sys-info")&lt;/code&gt; : Decorator wraps the entire function and exposes it as a resource file that the client can use to fetch data. The path to the created resource is defined in &lt;code&gt;()&lt;/code&gt; . Includes &lt;code&gt;get_system_info&lt;/code&gt; resource&lt;/li&gt;
&lt;li&gt;
&lt;code&gt;@mcp.prompt()&lt;/code&gt; : Decorator wraps the entire function and exposes it to the client as a prompt builder, useful when the task requires a specific use-case prompt. Docstrings are important here. Includes &lt;code&gt;helper_prompt&lt;/code&gt; , &lt;code&gt;api_endpoint_design_prompt&lt;/code&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;code&gt;mcp.run(transport="streamable-http", host="0.0.0.0", port=8000)&lt;/code&gt; : Runs the MCP server.in a streamable HTTP mode. For stdio MCP server, use &lt;code&gt;mcp.run()&lt;/code&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Overall, we are wrapping different functions and exposing them to the client as the MCP tool, resources, and server.&lt;/p&gt;

&lt;p&gt;However, to use it with the client, additional config is required, so let's set that up. I am using a cursor for the demo.&lt;/p&gt;

&lt;p&gt;Head to the Cursor and create a new folder &lt;code&gt;.cursor&lt;/code&gt; , inside it creates a new file &lt;code&gt;mcp.json&lt;/code&gt; (the config file) and paste the following setup.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight python"&gt;&lt;code&gt;
&lt;span class="p"&gt;{&lt;/span&gt;
    &lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;mcpServers&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
        &lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;utility-server&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
            &lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;url&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;http://localhost:8000/mcp&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;
        &lt;span class="p"&gt;}&lt;/span&gt;
    &lt;span class="p"&gt;}&lt;/span&gt;
&lt;span class="p"&gt;}&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;In case you have used &lt;code&gt;mcp.run()&lt;/code&gt; then you will see the below configuration&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight python"&gt;&lt;code&gt;&lt;span class="p"&gt;{&lt;/span&gt;
    &lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;mcpServers&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
        &lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;utility_server&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
            &lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;type&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;stdio&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
            &lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;command&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;your-python-exe-path&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
            &lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;args&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;your file path&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;]&lt;/span&gt;
        &lt;span class="p"&gt;}&lt;/span&gt;
    &lt;span class="p"&gt;}&lt;/span&gt;
&lt;span class="p"&gt;}&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;In general I use local &lt;code&gt;stdio&lt;/code&gt; based servers and then when all test and specifications are met, I switch to &lt;code&gt;Streamble HTTP&lt;/code&gt; approach.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;Quick Tip: To verify this works is by pasting the command and args together; if they start the server, you are good to go; else, provide the full path. I usually go for path of .venv’s &lt;code&gt;python.exe&lt;/code&gt;&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;Open &lt;strong&gt;Cursor Settings,&lt;/strong&gt; then click &lt;strong&gt;Tools &amp;amp; MCPs&lt;/strong&gt;. You will see your local MCP name. Click Enable, &lt;/p&gt;

&lt;p&gt;To check, open the terminal, switch to the Output tab, select the MCP server, and check for the connected message.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3tup4lsejnoux9pnw2ws.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3tup4lsejnoux9pnw2ws.png" alt="CURSOR" width="800" height="474"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Now we can test our MCP Server by opening the chat/agents window and invoking any of the defined tools via the prompt. I invoked the password-generator, as I often find myself asking Claude to "think of a 16-character password" (which is terrible).&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight python"&gt;&lt;code&gt;&lt;span class="n"&gt;Generate&lt;/span&gt; &lt;span class="n"&gt;password&lt;/span&gt; &lt;span class="o"&gt;+&lt;/span&gt; &lt;span class="n"&gt;show&lt;/span&gt; &lt;span class="n"&gt;mcp&lt;/span&gt; &lt;span class="n"&gt;tool&lt;/span&gt; &lt;span class="n"&gt;usage&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Here is the output:&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fprrko7rhtl069aqb9qjg.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fprrko7rhtl069aqb9qjg.png" alt="MCP" width="800" height="265"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Saw that Ran command, it means the MCP server asked me for permission. I kept it that way, as you never want to let an agent touch your system files. &lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;Note: If docstring is poor, the mcp client might fall back to cli approach, the easiest way to fix this is add a rule to only use mcp servers for the task. You will find a similar approach in the project github repo as well.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;All this is great, but setting it up for testing a local MCP server is a hassle. Let's look at an easier approach, MCP Inspector.&lt;/p&gt;




&lt;h3&gt;
  
  
  &lt;strong&gt;Test with MCP Inspector&lt;/strong&gt;
&lt;/h3&gt;

&lt;p&gt;To test the MCP server's functionality, we will use the Fast MCP Inspector, a browser-based tool that connects to the server and lets us call tools directly, without an LLM layer. &lt;/p&gt;

&lt;p&gt;Run MCP Inspector, with:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;npx @modelcontextprotocol/inspector python server.py
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;You'll see a localhost URL. Open it in your browser, click &lt;strong&gt;Connect&lt;/strong&gt;, and you should see your server respond.&lt;/p&gt;

&lt;p&gt;Now you can run and test your tools, resources, prompts, and more right from the browser, quite handy for developers testing MCP servers' performance and understanding response schemas. Check out the &lt;a href="https://modelcontextprotocol.io/docs/tools/inspector" rel="noopener noreferrer"&gt;MCP Inspector Guide&lt;/a&gt; to learn more.&lt;/p&gt;

&lt;p&gt;Personally, I find it best for testing prompts’ responses. Here is the response it generated:&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4vlqxiftlh4s5jx2qqm1.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4vlqxiftlh4s5jx2qqm1.png" alt="MCP INSPECTOR" width="800" height="430"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Local servers are great for simple use cases, but for most industry use cases, they don't provide the required infrastructure. Let's explore better use cases.&lt;/p&gt;




&lt;h2&gt;
  
  
  Connect to Hosted Streamable HTTP MCP Server
&lt;/h2&gt;

&lt;p&gt;Having a local server is good, but not as great as the one used in production. Usually, these are hosted, secured by design, and optimized for multiple tool calls. &lt;/p&gt;

&lt;p&gt;Usually, these are servers written by expert developers, integrated with the app's internal mechanisms, and intended to serve as connectors. &lt;/p&gt;

&lt;p&gt;But here lies the issue: connecting to 30+ MCP servers for a single project is a pain. Composio solves this.&lt;/p&gt;

&lt;p&gt;Let's look at how you can connect to the hosted Composio MCP server. You connect it once and use 1K+ tools directly, all secure, optimized tool calls.&lt;/p&gt;




&lt;h3&gt;
  
  
  Connect to Composio MCP Servers (Streamable HTTP )
&lt;/h3&gt;

&lt;p&gt;Integrating with &lt;strong&gt;Composio MCP&lt;/strong&gt; is incredibly simple and takes just 5 steps.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Visit the &lt;a href="https://dashboard.composio.dev/" rel="noopener noreferrer"&gt;Composio MCP&lt;/a&gt; page. Ensure you are logged in, or else sign up&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0927enm97uwl0f7n50jk.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0927enm97uwl0f7n50jk.png" alt="step1" width="800" height="472"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;In the dashboard, head to the Install Section&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fi0c27tywfcxieu44jbfn.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fi0c27tywfcxieu44jbfn.png" alt="step2" width="800" height="473"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Select Cursor from the list, and click on Install.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsxwj0ye9pv006o7kgfaz.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsxwj0ye9pv006o7kgfaz.png" alt="step3" width="800" height="473"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;In the redirected page, click on "Install in Cursor".&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqyp4ar0wxdo9pa1c7pqb.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqyp4ar0wxdo9pa1c7pqb.png" alt="step4" width="800" height="475"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;You will be redirected to Cursor, and in the MCP server Page, click Install&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh79a70tod8hccs3liiw2.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh79a70tod8hccs3liiw2.png" alt="step5" width="800" height="475"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Once installed, click on Needs Authentication, then Authorize at redirect, and done!&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fynux23lf9ww8tjxif6zn.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fynux23lf9ww8tjxif6zn.png" alt="step6" width="800" height="474"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;You can connect to apps in advance in the Connect Apps section; most of them use OAuth. (optional). If you don't, the agent will prompt you to connect at runtime.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Febp6k5s8r0jxb2pn9klk.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Febp6k5s8r0jxb2pn9klk.png" alt="step7" width="800" height="500"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;To test the integration, open the Composer, establish a connection to the app, and ask it to perform actions.&lt;/p&gt;

&lt;p&gt;But how did all this happen?&lt;/p&gt;

&lt;p&gt;It turns out that if you go to your cursor MCP &amp;amp; Tools Page, select the ✏️ icon, and see the configuration as:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight json"&gt;&lt;code&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"mcpServers"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="nl"&gt;"composio"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
        &lt;/span&gt;&lt;span class="nl"&gt;"type"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="s2"&gt;"http"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"url"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"https://connect.composio.dev/mcp"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"headers"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;{}&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The &lt;strong&gt;http&lt;/strong&gt; here means a streamable HTTP server. This allows the MCP server to operate as a normal web server (accessible via a URL) rather than as a local subprocess on your machine (for local MCP servers)&lt;/p&gt;

&lt;p&gt;And interestingly, for any MCP to run in HTTP streamable mode, you have to replace:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight json"&gt;&lt;code&gt;&lt;span class="err"&gt;if&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="err"&gt;__name__&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="err"&gt;==&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nl"&gt;"__main__"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="err"&gt;mcp.run()&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;to&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight json"&gt;&lt;code&gt;&lt;span class="err"&gt;if&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="err"&gt;__name__&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="err"&gt;==&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nl"&gt;"__main__"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="err"&gt;mcp.run(transport=&lt;/span&gt;&lt;span class="s2"&gt;"streamable-http"&lt;/span&gt;&lt;span class="err"&gt;,&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="err"&gt;host=&lt;/span&gt;&lt;span class="s2"&gt;"0.0.0.0"&lt;/span&gt;&lt;span class="err"&gt;,&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="err"&gt;port=&lt;/span&gt;&lt;span class="mi"&gt;8000&lt;/span&gt;&lt;span class="err"&gt;)&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;And you are done, pretty handy, isn’t it?&lt;/p&gt;

&lt;p&gt;Now, let's look at an advanced use case to see where Composio MCP helps.&lt;/p&gt;




&lt;h2&gt;
  
  
  Using HTTP Streamable MCP Servers for Advanced Use Case (Financial Agent)
&lt;/h2&gt;

&lt;p&gt;Current financial institutions struggle with manual, time-intensive investment research that keeps analysts buried in data entry for weeks, delays critical decisions by days, lacks real-time risk visibility, creates compliance blind spots, and demands hiring more analysts just to manage portfolio volume - all while losing talent and clients&lt;/p&gt;

&lt;p&gt;Let's see how the analyst can build financial agents and leverage Composio MCP to connect to 10-15 financial data sources (Yahoo Finance, SEC filings, Google Sheets, Bloomberg, etc.) and enrich their analysis by aggregating structured APIs, unstructured web scraping, and internal data warehouses.&lt;/p&gt;

&lt;p&gt;The financial analyst agent will:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Aggregate financial data (Yahoo Finance, Google Sheets with company data, SEC filings via web scraping),&lt;/li&gt;
&lt;li&gt;Run Claude analysis to generate investment thesis.&lt;/li&gt;
&lt;li&gt;Create formatted reports in Google Docs,&lt;/li&gt;
&lt;li&gt;Track portfolio changes (pull from Excel sheet),&lt;/li&gt;
&lt;li&gt;and send Executive Summaries to stakeholders via email with embedded tables. (HTML format)&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;All done in parallel!&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight python"&gt;&lt;code&gt;&lt;span class="n"&gt;Web&lt;/span&gt; &lt;span class="nc"&gt;Scraping &lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;composio&lt;/span&gt; &lt;span class="o"&gt;&amp;amp;&lt;/span&gt; &lt;span class="n"&gt;search&lt;/span&gt; &lt;span class="n"&gt;api&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="o"&gt;+&lt;/span&gt; &lt;span class="n"&gt;Google&lt;/span&gt; &lt;span class="nc"&gt;Sheets &lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;composio&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="err"&gt;→&lt;/span&gt; &lt;span class="n"&gt;Claude&lt;/span&gt; &lt;span class="n"&gt;Analysis&lt;/span&gt; &lt;span class="err"&gt;→&lt;/span&gt; &lt;span class="n"&gt;Google&lt;/span&gt; &lt;span class="nc"&gt;Docs &lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;composio&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="err"&gt;→&lt;/span&gt; &lt;span class="nc"&gt;Gmail &lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;composio&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  Prerequisites
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Claude Code / Cursor / VS Code. I am going with Claude&lt;/li&gt;
&lt;li&gt;
&lt;a href="https://dashboard.composio.dev/login" rel="noopener noreferrer"&gt;Composio Account&lt;/a&gt;, login/signup&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Assuming you have pre-requisites met, let's set up Composio on Claude.&lt;/p&gt;

&lt;h3&gt;
  
  
  Set up Composio MCP in Claude
&lt;/h3&gt;

&lt;p&gt;To get started: &lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Visit the &lt;a href="https://dashboard.composio.dev/" rel="noopener noreferrer"&gt;Composio MCP&lt;/a&gt; page. Ensure you are logged in, or else sign up&lt;/li&gt;
&lt;li&gt;In the dashboard, head to the Install Section&lt;/li&gt;
&lt;li&gt;Select Claude from the list, and click on Install.&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;On the next page, select the MCP tab, then copy the command &amp;amp; paste it into the shell/terminal.&lt;br&gt;
&lt;/p&gt;
&lt;pre class="highlight python"&gt;&lt;code&gt;&lt;span class="n"&gt;claude&lt;/span&gt; &lt;span class="n"&gt;mcp&lt;/span&gt; &lt;span class="n"&gt;add&lt;/span&gt; &lt;span class="o"&gt;--&lt;/span&gt;&lt;span class="n"&gt;scope&lt;/span&gt; &lt;span class="n"&gt;user&lt;/span&gt; &lt;span class="o"&gt;--&lt;/span&gt;&lt;span class="n"&gt;transport&lt;/span&gt; &lt;span class="n"&gt;http&lt;/span&gt; &lt;span class="n"&gt;composio&lt;/span&gt; &lt;span class="n"&gt;https&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="o"&gt;//&lt;/span&gt;&lt;span class="n"&gt;connect&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;composio&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;dev&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;mcp&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Ensure &lt;code&gt;/mcp&lt;/code&gt;  shows composio as an option. It might require authentication, so authenticate once&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fr1iskit9iof67v7z3kto.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fr1iskit9iof67v7z3kto.png" alt="terminal-mcp" width="800" height="167"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;(Optional ) Once done, head to the Connect Apps page and click on Connect to connect Gmail, Google Drive, Google Sheets, and Google Docs. In case you ignore, agent will ask for these connections on runtime.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;Perfect, we only need to configure the document in the workspace&lt;/p&gt;

&lt;h3&gt;
  
  
  Set up Workspace for Agent
&lt;/h3&gt;

&lt;p&gt;We will use Google Drive as our workspace to make the file accessible from everywhere:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Head to drive, create a new folder named &lt;code&gt;financial_data&lt;/code&gt;  &amp;amp; from the URL, copy the folder ID.&lt;/li&gt;
&lt;li&gt;Inside, add an Excel file in the format &amp;amp; fill the data as:

&lt;ul&gt;
&lt;li&gt;Companies: List of all targeted companies with their analysis&lt;/li&gt;
&lt;li&gt;Portfolio Performance: How the portfolio is performing over time, all metrics for targeted companies&lt;/li&gt;
&lt;li&gt;Contact: List of all internal contacts: Portfolio Managers, Limited Partners, Investors,  Board Managers, and more&lt;/li&gt;
&lt;li&gt;Report Archive: Past report filing (sec)&lt;/li&gt;
&lt;/ul&gt;


&lt;/li&gt;

&lt;li&gt;Then add a Google Doc template for an investment report.&lt;/li&gt;

&lt;/ul&gt;

&lt;p&gt;Make sure to copy the ID / URL of both files&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;Easiest way is to use the template given in the GitHub Repo and let any AI Agent turn them in the above given format. Then copy paste that in newly created google sheet &amp;amp; google doc file.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;Now is the time to run the agent.&lt;/p&gt;

&lt;h3&gt;
  
  
  Run Financial Analyst Agent
&lt;/h3&gt;

&lt;p&gt;To run the agent, open Claude Code and paste the &lt;a href="https://gist.github.com/DevloperHS/06982896ddfc20c8ace1af213dff2ebf" rel="noopener noreferrer"&gt;financial_agent_prompt&lt;/a&gt;. You will be prompted to fill in the details with the copied values from earlier, and add your email address:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight python"&gt;&lt;code&gt;&lt;span class="n"&gt;GOOGLE_SHEETS_ID&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="n"&gt;your&lt;/span&gt; &lt;span class="n"&gt;value&lt;/span&gt;&lt;span class="p"&gt;]&lt;/span&gt;
&lt;span class="n"&gt;GOOGLE_DOC_TEMPLATE_ID&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="n"&gt;your&lt;/span&gt; &lt;span class="n"&gt;value&lt;/span&gt;&lt;span class="p"&gt;]&lt;/span&gt;
&lt;span class="n"&gt;GOOGLE_DRIVE_FOLDER_ID&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="n"&gt;optional&lt;/span&gt;&lt;span class="p"&gt;]&lt;/span&gt;
&lt;span class="n"&gt;GMAIL_SENDER_ADDRESS&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="n"&gt;your&lt;/span&gt; &lt;span class="n"&gt;gmail&lt;/span&gt;&lt;span class="p"&gt;]&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Once done, the agent handles the rest. Here is a demo of what it looks like, in production.&lt;/p&gt;

&lt;p&gt;  &lt;iframe src="https://www.youtube.com/embed/_PTeGESx6Nk"&gt;
  &lt;/iframe&gt;
&lt;/p&gt;

&lt;p&gt;The agent also works on multiple portfolio reports. I am testing it with six different portfolios; you can adjust the count as needed.&lt;/p&gt;

&lt;p&gt;Same setup, but with multiple portfolio data. Make sure to copy each one's ID, and use the financial_agent_prompt_for_multiple portfolio for the job.&lt;/p&gt;

&lt;p&gt;  &lt;iframe src="https://www.youtube.com/embed/oJzYSJ3Y6T4"&gt;
  &lt;/iframe&gt;
&lt;/p&gt;

&lt;p&gt;Note that, despite explicitly stating that Claude never created a subagent, this is because composio already has parallel execution enabled and, behind the scenes, uses subagents.&lt;/p&gt;

&lt;p&gt;Hope this gave you an idea of how hosted MCP servers work, and tools like Composio MCP provide a universal tooling layer.&lt;/p&gt;

&lt;p&gt;However, deploying a hosted MCP server for production is a different game. Let's look at a few rules to help ensure the servers don't break in real-world use.&lt;/p&gt;




&lt;h2&gt;
  
  
  Deployment Notes for Production MCP Servers
&lt;/h2&gt;

&lt;p&gt;Though we didn't cover a hosted MCP server build, if you want to build your hosted MCP server (local + later deployed), follow the production checklist before you deploy &amp;amp; put an MCP server in front of real users:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Logging to stderr or files only&lt;/strong&gt;, never stdout for stdio servers&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Errors caught on every tool&lt;/strong&gt;: return a clean error message, don't let exceptions kill the connection&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Inputs validated&lt;/strong&gt;: type hints (Python) or Zod (TypeScript) catch most issues; add explicit checks for things like SQL injection or path traversal if you're doing database/file operations&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;External API calls are rate-limited / Use Composio MCP&lt;/strong&gt;: your tool runs whenever the LLM decides to call it, which can be a lot. Let Composio MCP handle it.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Secrets in environment variables&lt;/strong&gt;, never hardcode in servers, never commit in production.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Tool descriptions for the LLM&lt;/strong&gt;: Write specific, one-purpose per tool. Five small tools beat one giant tool. The approach we followed.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Schema versioning&lt;/strong&gt;: when you change a tool's signature, bump your server's version so clients can adapt. Think API versioning.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Health check endpoint&lt;/strong&gt;: for HTTP servers, expose &lt;code&gt;/health&lt;/code&gt; for your load balancer. Provides transparency to users.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Auth on production HTTP servers&lt;/strong&gt;: Use Bearer for internal, OAuth for public. But never both for the same for public/internal (private)&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;With this, we have come to the end of this comprehensive guide. Here is what matters the most.&lt;/p&gt;




&lt;h2&gt;
  
  
  Conclusion
&lt;/h2&gt;

&lt;p&gt;As AI transforms software development, MCP will play an increasingly important role in creating seamless, integrated experiences.&lt;/p&gt;

&lt;p&gt;Whether you're building custom MCP servers or leveraging pre-built solutions like stremable http servers like Composio MCP, the protocol enables powerful enhancements to AI capabilities through external tools and data sources.  &lt;/p&gt;

&lt;p&gt;In case you need a few ideas, check out how to build an &lt;a href="https://composio.dev/blog/mcp-client-step-by-step-guide-to-building-from-scratch/" rel="noopener noreferrer"&gt;MCP client&lt;/a&gt; that talks to your server, or move up the stack and build an &lt;a href="https://composio.dev/blog/the-complete-guide-to-building-mcp-agents/" rel="noopener noreferrer"&gt;MCP-powered agent&lt;/a&gt; that orchestrates multiple servers at once. Happy building.&lt;/p&gt;

&lt;p&gt;I hope you had a great learning experience - happy building with Composio! 🚀&lt;/p&gt;

</description>
      <category>ai</category>
      <category>mcp</category>
      <category>productivity</category>
      <category>programming</category>
    </item>
    <item>
      <title>What Is an MCP Gateway — and Why Do Enterprise AI Teams Need One in 2026?</title>
      <dc:creator>Dumebi Okolo</dc:creator>
      <pubDate>Thu, 07 May 2026 14:29:51 +0000</pubDate>
      <link>https://dev.to/composiodev/what-is-an-mcp-gateway-and-why-do-enterprise-ai-teams-need-one-in-2026-1lie</link>
      <guid>https://dev.to/composiodev/what-is-an-mcp-gateway-and-why-do-enterprise-ai-teams-need-one-in-2026-1lie</guid>
      <description>&lt;p&gt;The &lt;a href="https://modelcontextprotocol.io/docs/learn/architecture" rel="noopener noreferrer"&gt;Model Context Protocol (MCP)&lt;/a&gt; was released by Anthropic in November 2024. Eighteen months later, it had 97 million monthly SDK downloads as of December 2025, backing from every major AI lab, and is now governed as a founding project of the Agentic AI Foundation (AAIF), a directed fund under the Linux Foundation.&lt;/p&gt;

&lt;p&gt;That adoption happened fast, even faster than most protocols manage. But it created an immediate problem: connecting AI agents directly to dozens of MCP servers at scale is operationally unsustainable, and the protocol itself does not solve governance.&lt;/p&gt;

&lt;p&gt;This article explains what an MCP Gateway is, what it does at the infrastructure level, and how to evaluate one for a production enterprise environment.&lt;/p&gt;




&lt;h2&gt;
  
  
  What Is MCP, and What Problem Does It Solve?
&lt;/h2&gt;

&lt;p&gt;Before understanding the gateway, you need to understand what MCP standardizes.&lt;/p&gt;

&lt;p&gt;Enterprise AI teams historically faced what is called the &lt;a href="https://composio.dev/content/mcp-gateways-guide" rel="noopener noreferrer"&gt;N×M integration problem&lt;/a&gt;: connecting N agents to M tools requires N×M custom integrations, each with its own authentication flow, error-handling logic, and credential store. Without MCP, integration complexity rises quadratically as AI agents spread through an organization; with MCP, it scales linearly.&lt;/p&gt;

&lt;p&gt;MCP defines a standardized way for AI models to discover and invoke external tools using &lt;a href="https://www.jsonrpc.org/specification" rel="noopener noreferrer"&gt;JSON-RPC 2.0&lt;/a&gt; over HTTP. An agent sends a &lt;code&gt;tools/list&lt;/code&gt; request to understand what a server exposes, then uses &lt;code&gt;call_tool&lt;/code&gt; to invoke those tools. That handshake is consistent regardless of whether the backend is GitHub, Salesforce, Postgres, or an internal API.&lt;/p&gt;

&lt;p&gt;What MCP does not define is who can call what, under whose identity, with what constraints, and at what cost. Those are governance problems, and they fall outside the protocol specification by design.&lt;/p&gt;




&lt;h2&gt;
  
  
  What Is an MCP Gateway?
&lt;/h2&gt;

&lt;p&gt;An MCP Gateway is a centralized infrastructure layer that sits between AI agents and one or more MCP servers. It acts as a &lt;a href="https://www.cloudflare.com/learning/cdn/glossary/reverse-proxy/" rel="noopener noreferrer"&gt;specialized reverse proxy&lt;/a&gt; purpose-built for MCP traffic: handling authentication, routing, policy enforcement, credential management, and observability in one place.&lt;/p&gt;

&lt;p&gt;From the agent's perspective, nothing changes. It still performs a &lt;code&gt;tools/list&lt;/code&gt; handshake and issues &lt;code&gt;call_tool&lt;/code&gt; requests. The difference is that those requests are now intercepted, evaluated against policies, and routed by the gateway before any backend system executes them.&lt;/p&gt;

&lt;p&gt;Architecturally, the shift looks like this:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Without a gateway:&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Agent A → GitHub MCP Server
Agent A → Slack MCP Server
Agent B → GitHub MCP Server
Agent B → Postgres MCP Server
Agent C → Salesforce MCP Server
... (N×M connections, each managing its own auth and credentials)
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;With a gateway:&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Agent A ──┐
Agent B ──┤──→ [MCP Gateway] ──→ GitHub MCP Server
Agent C ──┘                  ──→ Slack MCP Server
                             ──→ Postgres MCP Server
                             ──→ Salesforce MCP Server
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The gateway becomes the single chokepoint where security policy, access control, and observability can be enforced consistently. As one &lt;a href="https://news.ycombinator.com/item?id=46136222" rel="noopener noreferrer"&gt;Hacker News discussion on MCP gateways&lt;/a&gt; noted, practitioners want features like central MCP registries, OAuth integration, and curated toolset scoping; all things that make MCP viable at organizational scale, not just in a prototype.&lt;/p&gt;




&lt;h2&gt;
  
  
  Why Does MCP Alone Fall Short in Enterprise Environments?
&lt;/h2&gt;

&lt;h3&gt;
  
  
  Credential Sprawl
&lt;/h3&gt;

&lt;p&gt;Without a gateway, each agent carries its own API keys, OAuth tokens, and service account credentials for every tool it accesses. Those credentials end up in environment variables, config files, and secret stores scattered across services. This is not a theoretical risk: GitGuardian's research found 24,008 unique secrets exposed in MCP configuration files in 2025 alone, with Google API keys and PostgreSQL connection strings among the most common leaked types. Rotating credentials becomes a manual exercise across multiple codebases. Revoking access for a compromised agent requires hunting down every integration it touches. There is no single point of revocation.&lt;/p&gt;

&lt;h3&gt;
  
  
  No Centralized Access Control
&lt;/h3&gt;

&lt;p&gt;MCP does not define native role-based access control. If an agent can connect to a server, it can discover every tool that server exposes. A finance agent can see development tools. A support agent can see database administration endpoints. Principle of least privilege has to be implemented outside the protocol, in every agent individually, or not at all. As engineers in the &lt;a href="https://news.ycombinator.com/item?id=45723699" rel="noopener noreferrer"&gt;MCP-Scanner Hacker News thread&lt;/a&gt; observed, people are over-provisioning MCPs the way they install apps on a phone, without applying least-privilege access. &lt;/p&gt;

&lt;p&gt;Least-privilege access is the principle that an agent should only be able to see and invoke the specific tools it needs for its defined task, and nothing beyond that. In an MCP context, this means a support agent should have no visibility into deployment tools, and a read-only analytics agent should have no access to write operations, regardless of what the underlying server exposes..&lt;/p&gt;

&lt;h3&gt;
  
  
  Observability Black Holes
&lt;/h3&gt;

&lt;p&gt;When agents connect directly to tools, there is no aggregated view of what any agent is actually doing. Debugging a multi-step workflow requires stitching together logs from N different servers. There is no unified execution timeline, no trace correlation, no cost attribution. Anomalies go undetected because there is no baseline.&lt;/p&gt;

&lt;h3&gt;
  
  
  No Cost Governance
&lt;/h3&gt;

&lt;p&gt;MCP does not track token consumption or enforce usage limits. An agent can invoke tools repeatedly, triggering LLM calls and paid API operations, with no budget ceiling. At enterprise scale, this becomes a financial control problem, not just a technical one.&lt;/p&gt;

&lt;h3&gt;
  
  
  Security Attack Surface
&lt;/h3&gt;

&lt;p&gt;In April 2025, security researchers &lt;a href="https://en.wikipedia.org/wiki/Model_Context_Protocol" rel="noopener noreferrer"&gt;published an analysis&lt;/a&gt; identifying multiple outstanding MCP security issues, including prompt injection, tool permissions that allow combining tools to exfiltrate data, and lookalike tools that can silently replace trusted ones. A centralized gateway is the practical enforcement point for mitigating all three.&lt;/p&gt;




&lt;h2&gt;
  
  
  What Does an MCP Gateway Actually Do?
&lt;/h2&gt;

&lt;h3&gt;
  
  
  Centralized Authentication and Identity Propagation
&lt;/h3&gt;

&lt;p&gt;A production gateway validates incoming identity  (typically via JWT, OAuth 2.0 with PKCE, or OIDC) and propagates that identity downstream to MCP servers. Instead of agents running under shared service accounts, requests execute on behalf of specific authenticated users.&lt;/p&gt;

&lt;p&gt;This closes a real vulnerability. If a user cannot delete a repository, neither can the agent acting for them. Authorization is enforced at the protocol layer, not assumed in prompts. The MCP specification introduced OAuth 2.1 support in the March 2025 revision, with significant refinements in June 2025, but implementation quality varies between gateways. Some handle enterprise SSO automatically; others require manual configuration per server.&lt;/p&gt;

&lt;h3&gt;
  
  
  Tool-Level RBAC
&lt;/h3&gt;

&lt;p&gt;The gateway intercepts &lt;code&gt;tools/list&lt;/code&gt; responses and filters them based on the requesting agent's role and permissions. Sensitive tools simply do not appear in the agent's context. A configuration like:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight yaml"&gt;&lt;code&gt;&lt;span class="na"&gt;virtual_server&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
  &lt;span class="na"&gt;name&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;support-scope&lt;/span&gt;
  &lt;span class="na"&gt;allow_tools&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
    &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="s"&gt;github.list_issues&lt;/span&gt;
    &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="s"&gt;github.get_comments&lt;/span&gt;
    &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="s"&gt;crm.update_ticket&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;...means the agent calling this endpoint never sees database administration tools, deployment controls, or any capability it has no business using. This directly improves model performance, agents reason more accurately when the action space is deliberately constrained, and reduces blast radius when something goes wrong.&lt;/p&gt;

&lt;h3&gt;
  
  
  Intelligent Routing
&lt;/h3&gt;

&lt;p&gt;The gateway examines each request and routes it to the appropriate upstream MCP server based on the tool being called. Session affinity keeps stateful, multi-step agent conversations on the same backend server. Load balancing distributes traffic. Circuit breakers prevent cascading failures when an upstream tool degrades.&lt;/p&gt;

&lt;h3&gt;
  
  
  Unified Observability
&lt;/h3&gt;

&lt;p&gt;Every &lt;code&gt;tools/list&lt;/code&gt; and &lt;code&gt;call_tool&lt;/code&gt; invocation is logged with metadata: agent identity, user context, tool arguments, response status, and latency. This creates a coherent audit trail across all connected systems. Metrics export in Prometheus format. Traces follow the &lt;a href="https://opentelemetry.io/docs/what-is-opentelemetry/" rel="noopener noreferrer"&gt;OpenTelemetry standard&lt;/a&gt; for distributed tracing, which matters when debugging multi-step agent tasks that touch six different tools.&lt;/p&gt;

&lt;h3&gt;
  
  
  Cost Management
&lt;/h3&gt;

&lt;p&gt;The gateway can implement caching for repeated tool calls, enforce per-agent or per-user rate limits, and surface usage analytics. Caching strategies for repeated tool calls can meaningfully reduce LLM costs, and the gateway is the practical place to implement this at scale.&lt;/p&gt;

&lt;h3&gt;
  
  
  Credential Vaulting
&lt;/h3&gt;

&lt;p&gt;API keys, OAuth tokens, and service credentials are stored centrally in the gateway. Agents never handle raw credentials directly. Rotation policies apply once at the gateway level rather than across every agent codebase.&lt;/p&gt;




&lt;h2&gt;
  
  
  How Does an MCP Gateway Differ from an API Gateway?
&lt;/h2&gt;

&lt;p&gt;A traditional API gateway is designed for stateless, client-server request-response cycles, standard in web and mobile applications. It handles HTTP routing, authentication, rate limiting, and transformation for REST or GraphQL traffic.&lt;/p&gt;

&lt;p&gt;An MCP gateway is designed for stateful, session-aware, and often bidirectional communication patterns specific to AI agents. It understands the context of a long-running agent task. It can propagate user identity across multiple sequential tool calls. It maintains session state so that a multi-step agent workflow does not lose context mid-execution. It understands the &lt;code&gt;tools/list&lt;/code&gt; → &lt;code&gt;call_tool&lt;/code&gt; protocol cycle and can enforce policies at that semantic level, not just at the HTTP layer.&lt;/p&gt;

&lt;p&gt;In modern enterprise architectures, both typically coexist. APIs serve application services. API gateways govern traditional HTTP traffic. MCP servers expose selected capabilities to agents. An MCP gateway governs agent-to-tool communication. The relationship is complementary.&lt;/p&gt;

&lt;h3&gt;
  
  
  How Does an MCP Gateway Differ from an AI Gateway?
&lt;/h3&gt;

&lt;p&gt;This is worth separating out because it's a more common source of confusion in practice. Buyers evaluating AI gateways frequently find themselves looking at MCP gateways instead.&lt;/p&gt;

&lt;p&gt;An AI gateway sits in front of LLM inference. It manages which model gets called, routes traffic between providers (OpenAI, Anthropic, Mistral), enforces token budgets, handles prompt/response logging, and abstracts model provider APIs behind a single interface. Its job is governing &lt;em&gt;model calls&lt;/em&gt;.&lt;/p&gt;

&lt;p&gt;An MCP gateway sits between agents and the tools those agents invoke. It governs &lt;em&gt;tool calls:&lt;/em&gt; what an agent can do after the model has already decided to act. The two layers are complementary: an AI gateway controls which brain your agent uses; an MCP gateway controls which hands it has.&lt;/p&gt;

&lt;p&gt;In a mature enterprise architecture, both are present. The AI gateway handles model-level traffic. The MCP gateway handles the downstream tool execution that the model's output triggers.&lt;/p&gt;

&lt;h2&gt;
  
  
  What Are the Categories of MCP Gateway Available?
&lt;/h2&gt;

&lt;p&gt;Understanding the gateway landscape requires understanding the primary design philosophies, not just the feature checklist.&lt;/p&gt;

&lt;h3&gt;
  
  
  Managed Integration Platforms
&lt;/h3&gt;

&lt;p&gt;These prioritize developer velocity by abstracting integration complexity behind a large library of pre-built, maintained connectors. Authentication lifecycle management  (including complex OAuth 2.1 flows) is handled for you.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://composio.dev/mcp-gateway" rel="noopener noreferrer"&gt;Composio's MCP Gateway&lt;/a&gt; is the primary example. It offers 1000+ tools and actions across major enterprise SaaS applications, a unified authentication layer, SOC2 and ISO certification, action-level RBAC, and zero data-retention architecture. The architecture is designed for teams that need to connect agents to many different tools quickly without owning the integration layer: instead of juggling 22 different MCP servers for 22 different tools, you install one gateway and access a broad library of pre-built integrations with a single authentication flow and audit surface.&lt;/p&gt;

&lt;p&gt;For most enterprise teams moving from pilot to production, this is the most practical starting point. Refer to the &lt;a href="https://composio.dev/content/mcp-gateways-guide" rel="noopener noreferrer"&gt;Composio guide to MCP gateways&lt;/a&gt; for a deeper walkthrough of the architecture.&lt;/p&gt;

&lt;h3&gt;
  
  
  Security-First Proxies
&lt;/h3&gt;

&lt;p&gt;These treat security as the primary constraint and performance as secondary. &lt;a href="https://github.com/lasso-security/mcp-gateway" rel="noopener noreferrer"&gt;Lasso Security&lt;/a&gt; inspects all MCP traffic in real time to detect prompt injection, mask PII, and calculate reputation scores for MCP servers before they are loaded. The tradeoff is latency — deep security scanning adds 100–250ms overhead — which makes this category unsuitable for latency-sensitive workflows but appropriate for regulated environments where compliance is non-negotiable.&lt;/p&gt;

&lt;h3&gt;
  
  
  Infrastructure-Native Open Source
&lt;/h3&gt;

&lt;p&gt;These integrate into existing container-native DevOps workflows. &lt;a href="https://docs.docker.com/ai/mcp-catalog-and-toolkit/mcp-gateway/" rel="noopener noreferrer"&gt;Docker MCP Gateway&lt;/a&gt; runs MCP servers as isolated Docker containers with familiar &lt;code&gt;docker mcp&lt;/code&gt; CLI tooling and container-based security. &lt;a href="https://obot.ai/" rel="noopener noreferrer"&gt;Obot&lt;/a&gt; is Kubernetes-native and designed for organizations that require full data sovereignty.&lt;/p&gt;

&lt;p&gt;Both require your team to own the integration layer. Your team  brings the MCP servers, and the gateway governs them. The operational overhead is higher than a managed platform, but so is the control.&lt;/p&gt;

&lt;h2&gt;
  
  
  What Should Enterprise Teams Evaluate When Choosing a Gateway?
&lt;/h2&gt;

&lt;h3&gt;
  
  
  Deployment Model
&lt;/h3&gt;

&lt;p&gt;Cloud-hosted managed gateways reduce time-to-production but involve data transiting external infrastructure. Self-hosted or VPC-deployed gateways give you data sovereignty. For teams in healthcare, finance, or government where regulated data must stay in your cloud, deployment model is often the first filter, not an afterthought.&lt;/p&gt;

&lt;h3&gt;
  
  
  Authentication Standards
&lt;/h3&gt;

&lt;p&gt;Verify support for OAuth 2.1 with PKCE, OIDC, and SAML. Check whether the gateway integrates with your existing identity provider (Okta, Microsoft Entra ID, Auth0) and whether it supports on-behalf-of token propagation: the pattern where agents act under the authenticated user's identity rather than a shared service account.&lt;/p&gt;

&lt;h3&gt;
  
  
  RBAC Granularity
&lt;/h3&gt;

&lt;p&gt;Gateway-level RBAC (which tools each role can see) is the baseline. Tool-level RBAC, allowing read but not write within a single server, is more sophisticated and significantly reduces blast radius. Verify what the enforcement model looks like in practice, not just in the marketing copy.&lt;/p&gt;

&lt;h3&gt;
  
  
  Observability Depth
&lt;/h3&gt;

&lt;p&gt;Prometheus-compatible metrics and OpenTelemetry traces are the minimum. Look for whether the gateway can attribute tool calls to specific users and agents (not just service accounts), whether audit logs meet your compliance format requirements, and whether the dashboard supports anomaly detection or cost attribution, and whether the gateway offers a zero data retention architecture — meaning tool call payloads and credentials are never stored on the gateway provider's infrastructure, which matters for regulated industries and data sovereignty requirements.&lt;/p&gt;

&lt;h3&gt;
  
  
  Integration Breadth vs. Governance Depth
&lt;/h3&gt;

&lt;p&gt;Managed platforms offer wide integration libraries but less control over the underlying infrastructure. Governance-first platforms offer deep control but require you to bring your own servers. For teams that need both, a large library of managed integrations and enterprise-grade governance, &lt;a href="https://composio.dev/mcp-gateway" rel="noopener noreferrer"&gt;Composio's MCP Gateway&lt;/a&gt; is the only option currently combining 500+ tools and actions with SOC2 compliance, RBAC, and zero data retention in a single product.&lt;/p&gt;

&lt;p&gt;See the full comparison in &lt;a href="https://composio.dev/content/best-mcp-gateway-for-developers" rel="noopener noreferrer"&gt;Composio's breakdown of the best MCP gateways for developers&lt;/a&gt;.&lt;/p&gt;

&lt;h3&gt;
  
  
  Performance Overhead
&lt;/h3&gt;

&lt;p&gt;Every proxy adds latency. Managed platforms typically run under 10ms overhead. TrueFoundry publishes under 5ms p95. Lunar.dev MCPX publishes approximately 4ms p99. Docker MCP Gateway adds overhead due to container management; warm-path performance is significantly better than cold-start, which can add 50–200ms. Lasso Security adds 100–250ms. For conversational agents where response time is visible to users, this matters. For background automation workflows, it typically does not.&lt;/p&gt;

&lt;h2&gt;
  
  
  Building Your Own MCP Gateway
&lt;/h2&gt;

&lt;p&gt;Building a custom gateway is possible but requires solving non-trivial distributed systems problems: credential rotation, distributed rate limiting, OAuth 2.1 state management, PII redaction, and circuit breakers. The ongoing maintenance burden as the MCP spec grows as tool APIs change and security requirements mature is the real cost, not the initial build. For most teams, a managed gateway has a significantly lower total cost of ownership than a DIY solution, even when accounting for licensing costs.&lt;/p&gt;

&lt;h2&gt;
  
  
  A Note on the MCP Security Threat Landscape
&lt;/h2&gt;

&lt;p&gt;Security threats against MCP deployments are not theoretical. A representative risk: an agent running with privileged service-role access that processes user-supplied input could inadvertently execute those instructions, exfiltrating sensitive data through legitimate output channels. Principle of least privilege at the gateway level is the primary defense.&lt;/p&gt;

&lt;p&gt;The &lt;a href="https://owasp.org/www-project-top-10-for-large-language-model-applications/" rel="noopener noreferrer"&gt;OWASP guidance on LLM security&lt;/a&gt; identifies prompt injection as among the highest-risk attack vectors for AI systems. An MCP gateway is the practical enforcement layer for mitigating it through input validation against JSON-RPC schemas, allowlisted actions, PII redaction, and real-time tool reputation scoring.&lt;/p&gt;

&lt;p&gt;Without a gateway, the security posture of your MCP deployment is only as strong as the weakest link among N independently managed agents.&lt;/p&gt;

&lt;h3&gt;
  
  
  &lt;strong&gt;How much latency does a gateway add?&lt;/strong&gt;
&lt;/h3&gt;

&lt;p&gt;Managed platforms: typically under 10ms overhead. High-performance purpose-built gateways (TrueFoundry, Lunar.dev MCPX): under 5ms p99. Security-scanning gateways (Lasso Security): 100–250ms depending on inspection depth. Docker MCP Gateway warm-path latency is low; cold-start overhead can add 50–200ms.&lt;/p&gt;

&lt;h2&gt;
  
  
  What Comes Next for MCP Gateways
&lt;/h2&gt;

&lt;p&gt;Based on MCP's published direction and community discussions from early 2026, four priority areas have emerged: transport evolution (stateless Streamable HTTP for load balancer compatibility), agent communication primitives (retry semantics and expiry policies for the Tasks primitive), governance maturation (formal contributor processes), and enterprise readiness (audit trails, SSO-integrated auth, and gateway patterns).&lt;/p&gt;

&lt;p&gt;Gateway patterns are now explicitly on the protocol roadmap. The gateway layer is no  longer an addon but is becoming formalized infrastructure for enterprise MCP deployments.&lt;/p&gt;

&lt;p&gt;Start with your primary constraint. If it is integration velocity, a managed platform is the right answer. If it is compliance in a regulated industry, prioritize SOC 2 certification, audit log format, and IdP integration. If it is data sovereignty, evaluate VPC-deployable options. If it is raw performance for a latency-sensitive conversational product, benchmark the p95 numbers against your SLA.&lt;/p&gt;

&lt;p&gt;The &lt;a href="https://composio.dev/mcp-gateway" rel="noopener noreferrer"&gt;Composio MCP Gateway&lt;/a&gt; covers the first and most common case: an enterprise team that needs to move from prototype to production with a broad integration library, unified auth, and compliance controls without owning the infrastructure. For teams with narrower requirements or existing MCP server infrastructure, the list of specialized options covered above gives you the tradeoffs needed to make that call.&lt;/p&gt;




&lt;p&gt;&lt;em&gt;For a deeper look at gateway architecture patterns, see &lt;a href="https://composio.dev/content/mcp-gateways-guide" rel="noopener noreferrer"&gt;Composio's developer guide to MCP gateways&lt;/a&gt;. For a full comparison of gateway options by use case, see &lt;a href="https://composio.dev/content/best-mcp-gateway-for-developers" rel="noopener noreferrer"&gt;the best MCP gateways for developers in 2026&lt;/a&gt;.&lt;/em&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Frequently Asked Questions
&lt;/h2&gt;

&lt;h3&gt;
  
  
  &lt;strong&gt;What is an MCP Gateway, in one sentence?&lt;/strong&gt;
&lt;/h3&gt;

&lt;p&gt;A centralized infrastructure layer between AI agents and MCP servers that enforces authentication, routes requests, applies access controls, and provides observability across all agent-tool interactions.&lt;/p&gt;

&lt;h3&gt;
  
  
  &lt;strong&gt;Is an MCP Gateway required for production deployments?&lt;/strong&gt;
&lt;/h3&gt;

&lt;p&gt;Not required by the protocol specification. Required in practice for any deployment with more than two or three MCP servers, multiple teams, regulated data, or compliance obligations.&lt;/p&gt;

&lt;h3&gt;
  
  
  &lt;strong&gt;What is the difference between an MCP server and an MCP gateway?&lt;/strong&gt;
&lt;/h3&gt;

&lt;p&gt;An MCP server executes tools. It connects to GitHub, Postgres, Slack, or an internal API and performs operations. An MCP gateway governs access to those servers. It handles identity, visibility filtering, policy enforcement, and routing before any tool executes.&lt;/p&gt;

&lt;h3&gt;
  
  
  &lt;strong&gt;How do MCP gateways handle prompt injection?&lt;/strong&gt;
&lt;/h3&gt;

&lt;p&gt;Security-first gateways like Lasso Security scan all traffic in real time and block payloads that trigger injection detection. Governance platforms like MintMCP apply input schema validation and allowlisted actions. Managed platforms like Composio run tool implementations in sandboxed environments. Using multiple layers of defense is the current best practice.&lt;/p&gt;

&lt;h3&gt;
  
  
  &lt;strong&gt;What authentication standards should my gateway support?&lt;/strong&gt;
&lt;/h3&gt;

&lt;p&gt;OAuth 2.1 with PKCE, OIDC, SAML, and support for enterprise IdPs. The MCP specification introduced OAuth 2.1 in the March 2025 revision with refinements in June 2025, but implementation quality varies significantly. Test the on-behalf-of identity propagation flow specifically. This is where implementations most commonly diverge.&lt;/p&gt;

</description>
      <category>ai</category>
      <category>mcp</category>
      <category>webdev</category>
      <category>programming</category>
    </item>
    <item>
      <title>10 Gumloop Alternatives for AI Workflow Automation in 2026</title>
      <dc:creator>Aakash R</dc:creator>
      <pubDate>Thu, 07 May 2026 08:13:49 +0000</pubDate>
      <link>https://dev.to/composiodev/10-gumloop-alternatives-for-ai-workflow-automation-in-2026-1apn</link>
      <guid>https://dev.to/composiodev/10-gumloop-alternatives-for-ai-workflow-automation-in-2026-1apn</guid>
      <description>&lt;p&gt;Gumloop is a solid starting point for building AI-assisted automations. It has around 100+ platform integrations and MCP servers available. For teams that want a hosted environment where non-technical employees own their automations, Gumloop is one of the more complete options available.&lt;/p&gt;

&lt;p&gt;However, as workflows get more complex, span multiple integrations, or sit alongside agentic products you already run, it may not be the most suitable fit.&lt;/p&gt;

&lt;p&gt;But as workflows expand, the weak spots show up fast: integrations get brittle, edge cases pile up, and it becomes harder to keep outputs consistent.&lt;/p&gt;

&lt;p&gt;This guide covers 10 of the best Gumloop alternatives in 2026. You will see what each tool is best at, where it fits in a modern automation stack, and how to pick the right option based on the exact constraint you are trying to solve.&lt;/p&gt;

&lt;h2&gt;
  
  
  TL;DR
&lt;/h2&gt;

&lt;p&gt;Here’s the quick way to think about it:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Composio Connect&lt;/strong&gt;: Best when the workflow breaks at the integration layer and an AI agent needs reliable actions across many apps.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Zapier&lt;/strong&gt;: Best for well-defined, repeatable workflows that must run the same way every time.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Make&lt;/strong&gt;: Best when you need branching, conditions, and detailed control over the flow.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;n8n&lt;/strong&gt; or &lt;strong&gt;Pipedream&lt;/strong&gt;: Best when you need custom logic, direct API calls, or code-level control.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Activepieces&lt;/strong&gt;: Best when self-hosting and data control start to matter.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Relay.app&lt;/strong&gt;: Best for team workflows that need to stay readable and easy to maintain.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Lindy AI&lt;/strong&gt;: Best when you want a goal-driven agent to execute tasks across tools.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Vellum&lt;/strong&gt;: Best when you need to test, version, and monitor AI behavior in production.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Workato&lt;/strong&gt;: Best for enterprise workflows that require governance and scale across teams.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Comparison matrix
&lt;/h2&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Tool&lt;/th&gt;
&lt;th&gt;Best for&lt;/th&gt;
&lt;th&gt;AI-first&lt;/th&gt;
&lt;th&gt;Integration depth&lt;/th&gt;
&lt;th&gt;Custom code / API control&lt;/th&gt;
&lt;th&gt;Self-hosting&lt;/th&gt;
&lt;th&gt;Governance / enterprise readiness&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Composio Connect&lt;/td&gt;
&lt;td&gt;Agent-to-app actions across many tools&lt;/td&gt;
&lt;td&gt;High&lt;/td&gt;
&lt;td&gt;Very high&lt;/td&gt;
&lt;td&gt;Medium&lt;/td&gt;
&lt;td&gt;No&lt;/td&gt;
&lt;td&gt;High&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Zapier&lt;/td&gt;
&lt;td&gt;Reliable, well-defined app workflows&lt;/td&gt;
&lt;td&gt;Low&lt;/td&gt;
&lt;td&gt;High&lt;/td&gt;
&lt;td&gt;Low&lt;/td&gt;
&lt;td&gt;No&lt;/td&gt;
&lt;td&gt;Medium&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Make&lt;/td&gt;
&lt;td&gt;Branching logic and complex flow control&lt;/td&gt;
&lt;td&gt;Low&lt;/td&gt;
&lt;td&gt;Medium&lt;/td&gt;
&lt;td&gt;Low&lt;/td&gt;
&lt;td&gt;No&lt;/td&gt;
&lt;td&gt;Low&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;n8n&lt;/td&gt;
&lt;td&gt;Backend-like workflows with custom steps&lt;/td&gt;
&lt;td&gt;Low&lt;/td&gt;
&lt;td&gt;Medium&lt;/td&gt;
&lt;td&gt;High&lt;/td&gt;
&lt;td&gt;Yes&lt;/td&gt;
&lt;td&gt;Medium&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Activepieces&lt;/td&gt;
&lt;td&gt;Simple automations with hosting control&lt;/td&gt;
&lt;td&gt;Low&lt;/td&gt;
&lt;td&gt;Medium&lt;/td&gt;
&lt;td&gt;Medium&lt;/td&gt;
&lt;td&gt;Yes&lt;/td&gt;
&lt;td&gt;Low&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;a href="http://Relay.app" rel="noopener noreferrer"&gt;Relay.app&lt;/a&gt;&lt;/td&gt;
&lt;td&gt;Readable team workflows with optional AI steps&lt;/td&gt;
&lt;td&gt;Medium&lt;/td&gt;
&lt;td&gt;Medium&lt;/td&gt;
&lt;td&gt;Low&lt;/td&gt;
&lt;td&gt;No&lt;/td&gt;
&lt;td&gt;Low&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Lindy AI&lt;/td&gt;
&lt;td&gt;Goal-driven agents executing across tools&lt;/td&gt;
&lt;td&gt;High&lt;/td&gt;
&lt;td&gt;Medium&lt;/td&gt;
&lt;td&gt;Low&lt;/td&gt;
&lt;td&gt;No&lt;/td&gt;
&lt;td&gt;Low&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Vellum&lt;/td&gt;
&lt;td&gt;Testing, versioning, and monitoring AI in production&lt;/td&gt;
&lt;td&gt;High&lt;/td&gt;
&lt;td&gt;Low&lt;/td&gt;
&lt;td&gt;Medium&lt;/td&gt;
&lt;td&gt;No&lt;/td&gt;
&lt;td&gt;Medium&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Pipedream&lt;/td&gt;
&lt;td&gt;Event-driven workflows with code and APIs&lt;/td&gt;
&lt;td&gt;Low&lt;/td&gt;
&lt;td&gt;Medium&lt;/td&gt;
&lt;td&gt;Very high&lt;/td&gt;
&lt;td&gt;No&lt;/td&gt;
&lt;td&gt;Medium&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Workato&lt;/td&gt;
&lt;td&gt;Enterprise automations across teams and systems&lt;/td&gt;
&lt;td&gt;Low&lt;/td&gt;
&lt;td&gt;High&lt;/td&gt;
&lt;td&gt;Medium&lt;/td&gt;
&lt;td&gt;No&lt;/td&gt;
&lt;td&gt;Very high&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;h2&gt;
  
  
  Why Look for Gumloop Alternatives
&lt;/h2&gt;

&lt;p&gt;Gumloop works well in a contained setup. You can add AI steps, connect a few tools, and get useful output quickly. It fits early use cases that stay within clear boundaries.&lt;/p&gt;

&lt;p&gt;Growth changes the shape of the workflow. More tools come into the picture, and integrations that felt simple at first become harder to maintain. Production use raises the bar further. AI responses need to stay consistent across inputs that vary each time.&lt;/p&gt;

&lt;p&gt;Also, on the other hand, agent harnesses like Claude Code, OpenClaw, Hermes, and Codex are getting insanely powerful. They can work reliably without you needing to wire everything. Give them access to your applications and a bash tool, they will write codes to wire API end-points to execute any complex automation tasks.&lt;/p&gt;

&lt;p&gt;And this is almost no-code. You don’t have to intervene.&lt;/p&gt;

&lt;p&gt;If you’re looking for some Gumloop alternatives, I have mapped all that are available in the market. &lt;/p&gt;

&lt;h2&gt;
  
  
  Top Gumloop Alternatives in 2026
&lt;/h2&gt;

&lt;p&gt;Different tools address different breaking points. Tools in this list focus on integration depth, reliability, and AI execution across workflows.&lt;/p&gt;

&lt;h2&gt;
  
  
  1. Composio Connect
&lt;/h2&gt;

&lt;p&gt;&lt;a href="http://composio.dev/" rel="noopener noreferrer"&gt;Composio&lt;/a&gt; sits between your AI and the tools your workflow depends on. It handles how the agent connects to, authenticates with, and takes actions across systems.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffrjy3w0xhsi8uj0y67s2.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffrjy3w0xhsi8uj0y67s2.png" alt=" " width="800" height="470"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;It provides access to 1000+ applications, so one setup can extend across Slack, Gmail, GitHub, CRMs, and other systems you already use. The vast catalog almost never let’s you long for any apps.&lt;/p&gt;

&lt;p&gt;You can wire Claude and Codex with &lt;a href="https://composio.dev/for-you" rel="noopener noreferrer"&gt;Composio Connect&lt;/a&gt; via a single MCP server and voila!&lt;/p&gt;

&lt;p&gt;You have now access to hosted and managed integrations. The best thing about Connect MCP is&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;On-demand access to 1000+ application via the MCP eouter. It handles authentication and loads only relevant tools. So, your LLMs context window remains clean.&lt;/li&gt;
&lt;li&gt;Upto 50 parallel tool calls allowing the agents to handle complex automation tasks more efficiently.&lt;/li&gt;
&lt;li&gt;A remote bash tool which allows agents to write their own code to handle data cleaning and app interactions.&lt;/li&gt;
&lt;li&gt;Enterprise grade security&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  &lt;strong&gt;Why does it stand out against Gumloop&lt;/strong&gt;
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Composio Connect is simple and harness agnostic. It’s a single MCP URL that you can plug into Claude, ChatGPT, Codex or your custom agents and it will work the same.&lt;/li&gt;
&lt;li&gt;Composio has over 1000 app integrations available via MCP, API, and CLI while Gumloop has 100+ MCP servers.&lt;/li&gt;
&lt;li&gt;With Composio you can bring your own OAuth credentials and API configurations, and configure exactly which scopes and actions an agent is allowed to use per connected account. This matters for teams that need fine-grained control over what an agent can do inside a customer's Gmail or Salesforce, rather than inheriting whatever the platform's connector exposes.&lt;/li&gt;
&lt;li&gt;With Composio you can bring your own OAuth credentials and API configurations, and configure exactly which scopes and actions an agent is allowed to use per connected account. This matters for teams that need fine-grained control over what an agent can do inside a customer's Gmail or Salesforce, rather than inheriting whatever the platform's connector exposes.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  2. Zapier
&lt;/h2&gt;

&lt;p&gt;&lt;a href="https://zapier.com/" rel="noopener noreferrer"&gt;Zapier&lt;/a&gt; is an automation platform that connects apps and runs workflows based on triggers and actions. It focuses on reliability and coverage, with support for thousands of integrations. It sits at the app layer. You define a trigger, map the steps, and Zapier handles the execution across tools.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbuvgvb5o3znidhh9m3o2.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbuvgvb5o3znidhh9m3o2.png" alt=" " width="800" height="402"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;What changes when you use it&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Fast setup across apps:&lt;/strong&gt; Connect tools and build workflows without custom logic&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Large integration ecosystem:&lt;/strong&gt; Covers most common business tools out of the box&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Stable execution model:&lt;/strong&gt; Workflows follow defined triggers and actions&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Clear structure:&lt;/strong&gt; Each step is visible and easy to trace&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  &lt;strong&gt;Why does it stand out against Gumloop&lt;/strong&gt;
&lt;/h3&gt;

&lt;p&gt;Gumloop brings AI into workflows, adding flexibility but also introducing variation in outputs and behavior.&lt;/p&gt;

&lt;p&gt;Zapier takes the opposite approach. It focuses on predictable execution. Each step follows a defined path, which makes it easier to maintain workflows that need to run the same way every time. This matters in workflows where consistency is critical and the task can be defined clearly upfront.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Best for:&lt;/strong&gt; Choose Zapier when your workflow depends on reliable app-to-app automation and needs consistent, repeatable execution.&lt;/p&gt;

&lt;h2&gt;
  
  
  3. Make
&lt;/h2&gt;

&lt;p&gt;If your workflow needs branching logic, conditions, or multiple paths based on inputs, &lt;a href="https://www.notion.so/Top-10-Gumloop-Alternatives-for-Better-Automation-and-AI-Workflows-352f261a6dfe8046b35dd53d8a2ff041?pvs=21" rel="noopener noreferrer"&gt;Make&lt;/a&gt; gives you more control.&lt;/p&gt;

&lt;p&gt;Make is a visual workflow builder that lets you design flows with conditional paths, iterations, and multi-step logic. You can see how data moves through each step and adjust the flow as needed.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgvohb65c126704z3u7wj.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgvohb65c126704z3u7wj.png" alt=" " width="800" height="336"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;What changes when you use it&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Workflows can branch based on conditions&lt;/li&gt;
&lt;li&gt;Complex logic can be handled inside a single flow&lt;/li&gt;
&lt;li&gt;Data handling is more visible at each step&lt;/li&gt;
&lt;li&gt;You can build multi-step processes across tools&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  &lt;strong&gt;Why does it work better than Gumloop in this case&lt;/strong&gt;
&lt;/h3&gt;

&lt;p&gt;Gumloop focuses on AI-driven steps, which work well for flexible tasks. When the workflow depends more on structured logic, branching paths, and precise control, that approach can feel limiting. Make is built for that kind of control. You can define exactly how the workflow should behave at each step, which makes it easier to manage complex flows across tools.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Best for:&lt;/strong&gt; Use Make when your workflow depends on conditional logic, branching paths, and detailed control over execution.&lt;/p&gt;

&lt;h2&gt;
  
  
  4. n8n
&lt;/h2&gt;

&lt;p&gt;n8n usually comes up after a few rounds with no-code tools. A workflow works, but only up to a point. Then you need one step that does not fit. A custom API call, a transformation, or logic that depends on your own data. That requirement changes the kind of tool you need.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Forg2kua5g1zvli2haut2.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Forg2kua5g1zvli2haut2.png" alt=" " width="800" height="397"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;n8n is a workflow tool that treats automation closer to backend logic. You still get a visual builder, but you can write code, call APIs directly, and control how data moves through each step. It also supports self-hosting, so workflows can run on your infrastructure and connect directly with internal systems.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Where it starts to matter&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Once the workflow stops being a sequence of app connections and starts behaving like a system, the demands change. Data needs validation, routing, and transformation. Edge cases need handling. The workflow has to adapt based on inputs. Predefined steps start to feel restrictive at that stage.&lt;/p&gt;

&lt;h3&gt;
  
  
  &lt;strong&gt;What changes in practice&lt;/strong&gt;
&lt;/h3&gt;

&lt;p&gt;You define how each step behaves instead of fitting into available integrations. API calls, custom logic, and error handling become part of the workflow itself. This also changes how reusable the setup becomes. Logic can be carried across workflows, so new use cases build on existing structure instead of starting from scratch.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Best for:&lt;/strong&gt; Use n8n when your workflow needs custom logic, API-level control, and the ability to behave like a system rather than a fixed sequence of steps.&lt;/p&gt;

&lt;h2&gt;
  
  
  5. Activepieces
&lt;/h2&gt;

&lt;p&gt;&lt;a href="https://www.activepieces.com/" rel="noopener noreferrer"&gt;Activepieces&lt;/a&gt; is an open-source workflow automation tool with a visual builder. It gives you a familiar way to connect apps and build flows, with the option to host everything on your own infrastructure.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5ky1syyc5n5n7mvwqb5p.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5ky1syyc5n5n7mvwqb5p.png" alt=" " width="800" height="379"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;What changes when you use it&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;You control where workflows run:&lt;/strong&gt; Host on your own environment&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Data stays within your setup:&lt;/strong&gt; You decide how it flows across systems&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Integrations can be extended:&lt;/strong&gt; Adjust connections based on your needs&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Workflows stay easy to build:&lt;/strong&gt; Visual builder keeps the process simple&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  &lt;strong&gt;Why does it work better than Gumloop in this case&lt;/strong&gt;
&lt;/h3&gt;

&lt;p&gt;Gumloop is designed around AI-driven workflows, which work well when the focus is on logic inside the flow. Activepieces becomes a better fit when control over execution and data matters more. It’s the middle ground between fully autonomous AI workflows and programmatic workflows.&lt;/p&gt;

&lt;p&gt;Hosting workflows yourself gives you visibility into how they run and removes dependency on a managed platform. This is useful when workflows connect to internal systems or need tighter control over data handling.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Best for:&lt;/strong&gt; Use Activepieces when your workflow needs control over hosting, data flow, and integrations as it grows&lt;/p&gt;

&lt;h2&gt;
  
  
  6. Relay.app
&lt;/h2&gt;

&lt;p&gt;&lt;a href="https://www.relay.app/" rel="noopener noreferrer"&gt;Relay&lt;/a&gt; is a workflow tool built around clarity. It keeps each step visible and easy to follow, with optional AI steps that fit into the flow rather than driving it.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fv2ciqjgc5l55ck75ito8.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fv2ciqjgc5l55ck75ito8.png" alt=" " width="800" height="447"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;What changes when you use it&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Workflows stay readable:&lt;/strong&gt; Each step is clear, so you can see what is happening without tracing through layers&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Faster iteration:&lt;/strong&gt; Small changes can be made and tested quickly&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;AI fits into the flow:&lt;/strong&gt; Use AI for specific steps like summarizing, drafting, or classification&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Easier handoff:&lt;/strong&gt; Workflows can be understood and managed by others on the team&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  &lt;strong&gt;Why does it work better than Gumloop in this case&lt;/strong&gt;
&lt;/h3&gt;

&lt;p&gt;Gumloop centers the workflow around AI decisions. That works well for flexible tasks, but it also means more time spent shaping prompts, checking outputs, and handling edge cases when results vary.&lt;/p&gt;

&lt;p&gt;Relay takes a different approach. The workflow stays structured, and AI is used for defined steps inside that structure. That makes it easier to reason about what the workflow is doing and adjust it without reworking the whole flow. This becomes useful when the workflow needs to stay clear, easy to maintain, and accessible to others who did not build it.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Best for:&lt;/strong&gt; Use Relay when your workflow needs to stay readable, easy to adjust, and manageable across a team&lt;/p&gt;

&lt;h2&gt;
  
  
  7. Lindy AI
&lt;/h2&gt;

&lt;p&gt;&lt;a href="https://www.lindy.ai/" rel="noopener noreferrer"&gt;Lindy&lt;/a&gt; is a personal AI work assistant. Users delegate inbox triage, meeting attendance and notes, calendar scheduling, follow-ups, and admin work by texting Lindy through iMessage/SMS, the web app, or connected apps like Gmail, Outlook, Slack, HubSpot, Salesforce, and Zoom.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl9d6vmelsdmhhekofvdi.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl9d6vmelsdmhhekofvdi.png" alt=" " width="800" height="432"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;What changes when you use it&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Delegation by text: Tasks can be assigned from a phone without opening a builder&lt;/li&gt;
&lt;li&gt;Personal context: The assistant works across the user's connected inbox, calendar, and CRM with their voice and preferences&lt;/li&gt;
&lt;li&gt;Full meeting lifecycle: Prep before, notes during, follow-ups after&lt;/li&gt;
&lt;li&gt;Outcome-driven, not flow-driven: Users describe results instead of mapping steps&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  &lt;strong&gt;Why does it work better than Gumloop in this case?&lt;/strong&gt;
&lt;/h3&gt;

&lt;p&gt;Gumloop is a workflow platform where teams build automations on a canvas. Lindy is an assistant that runs the recurring loop of professional work — email, meetings, calendar, follow-ups — across a single user's connected tools. &lt;/p&gt;

&lt;p&gt;The two solve different problems: Gumloop fits when teams want to design and own automations; Lindy fits when an individual or team wants to hand off recurring admin work to an AI assistant.&lt;/p&gt;

&lt;p&gt;Best for: Use Lindy when the work is personal admin and coordination across email, meetings, and calendar — not workflow design.&lt;/p&gt;

&lt;h2&gt;
  
  
  8. Vellum
&lt;/h2&gt;

&lt;p&gt;&lt;a href="https://www.vellum.ai/" rel="noopener noreferrer"&gt;Vellum&lt;/a&gt; is built for teams running AI in production. It focuses on testing, versioning, and monitoring how AI behaves once workflows are live.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fiy6j6dsme8je56oydpdj.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fiy6j6dsme8je56oydpdj.png" alt=" " width="800" height="416"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;What changes when you use it&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Prompt versioning: Compare prompts, models, and parameters side by side against test cases&lt;/li&gt;
&lt;li&gt;Evaluation framework: Run hundreds of test cases with custom metrics or LLM-as-judge before deployment&lt;/li&gt;
&lt;li&gt;Production monitoring: Track real-time performance of deployed prompts and workflows&lt;/li&gt;
&lt;li&gt;Workflow orchestration: Chain prompts, business logic, APIs, and tool calls with version control&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  &lt;strong&gt;Why does it work better than Gumloop in this case&lt;/strong&gt;
&lt;/h3&gt;

&lt;p&gt;Gumloop is built for shipping AI automations across a team, with the canvas as the place where workflows are designed and run. Vellum sits one layer deeper, focused on the prompts and AI logic inside those workflows. It gives engineering and product teams the tools to test prompt and model combinations, deploy with version control, and watch how AI behaves once it's live.&lt;/p&gt;

&lt;p&gt;The two are not direct substitutes. Teams pick Gumloop when the goal is letting non-technical users build automations. Teams pick Vellum when the AI logic itself is the product and needs the same rigor as any other production system — testing, releases, monitoring, rollback.&lt;/p&gt;

&lt;p&gt;Best for: Use Vellum when AI outputs are core to your product and need to be evaluated, deployed, and monitored with the same discipline as software releases.&lt;/p&gt;

&lt;h2&gt;
  
  
  9. Pipedream
&lt;/h2&gt;

&lt;p&gt;Pipedream sits between a workflow tool and a backend. It lets you write code, call APIs, and connect services, all inside an event-driven workflow.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb6myj5mc82hw3ox7trmh.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb6myj5mc82hw3ox7trmh.png" alt=" " width="800" height="383"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;What changes when you use it&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Code inside workflows:&lt;/strong&gt; Write JavaScript or Python for each step&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Direct API access:&lt;/strong&gt; Connect to any service, not just prebuilt integrations&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Event-driven execution:&lt;/strong&gt; Trigger workflows based on real-time events&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Fine control over data:&lt;/strong&gt; Transform and route data at each step&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  &lt;strong&gt;Why does it work better than Gumloop in this case&lt;/strong&gt;
&lt;/h3&gt;

&lt;p&gt;Gumloop is designed around structured workflows with AI steps. That works well when integrations are available, and the flow can be defined clearly.&lt;/p&gt;

&lt;p&gt;Pipedream becomes useful when the workflow depends on APIs not covered by standard integrations or requires logic that goes beyond predefined steps. You can write exactly what each step should do, which removes the need to work around tool limitations.&lt;/p&gt;

&lt;p&gt;This makes it a better fit for workflows that behave more like backend processes than visual automations.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Best for:&lt;/strong&gt; Use Pipedream when your workflow depends on APIs, custom code, and event-driven execution across services.&lt;/p&gt;

&lt;h2&gt;
  
  
  10. Workato
&lt;/h2&gt;

&lt;p&gt;&lt;a href="https://www.workato.com/" rel="noopener noreferrer"&gt;Workato&lt;/a&gt; is an enterprise automation platform designed for large-scale workflows across business systems. It focuses on reliability, governance, and deep integrations with enterprise tools.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzk4lobx31ra6a2szk2dp.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzk4lobx31ra6a2szk2dp.png" alt=" " width="800" height="437"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;What changes when you use it&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Deep enterprise connectors: Pre-built integrations for Workday, NetSuite, SAP, ServiceNow, Salesforce, and other systems of record&lt;/li&gt;
&lt;li&gt;Governance: Role-based access, environment promotion, audit trails, and centralized recipe management&lt;/li&gt;
&lt;li&gt;Scale: Built to run high-volume, mission-critical workflows across business units&lt;/li&gt;
&lt;li&gt;AI agents: Genie agents work alongside automation recipes for natural-language interfaces to enterprise data&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  &lt;strong&gt;Why does it work better than Gumloop in this case&lt;/strong&gt;
&lt;/h3&gt;

&lt;p&gt;Both Gumloop and Workato are used inside enterprises, but they enter the organization from different directions. &lt;/p&gt;

&lt;p&gt;Gumloop is bottom-up — individual employees and teams build automations on a canvas, often without IT involvement. Workato is top-down — IT and integration teams own the platform, model the systems of record, and grant access to business units.&lt;/p&gt;

&lt;p&gt;That changes the workflows each is suited for. Gumloop fits AI-driven, fast-moving automations owned by the people who use them. Workato fits cross-system processes that need IT oversight, formal change management, and integration with enterprise systems where downtime or bad data has real cost.&lt;/p&gt;

&lt;p&gt;Best for: Use Workato when workflows span enterprise systems of record, need IT governance, and serve multiple business units with formal access control.&lt;/p&gt;

&lt;h2&gt;
  
  
  How to Choose the Right Alternative
&lt;/h2&gt;

&lt;p&gt;The choice becomes clearer once you look at where your workflow starts to break.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;If the issue shows up at the integration layer, where multiple tools need to work together reliably, tools like &lt;a href="http://composio.dev/" rel="noopener noreferrer"&gt;Composio&lt;/a&gt; or Workato make more sense.&lt;/li&gt;
&lt;li&gt;If the workflow itself is well-defined and needs to run the same way every time, Zapier or Make are a better fit. If the logic within the workflow becomes the constraint and triggers and webhools become important, n8n or Pipedream fit better.&lt;/li&gt;
&lt;li&gt;If the challenge is AI behavior and its performance in production, Vellum becomes relevant. If the workflow itself needs to shift toward personal execution, Lindy AI is a better direction.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The right choice depends on the constraint you are trying to solve, not just the features each tool offers.&lt;/p&gt;

&lt;h2&gt;
  
  
  Conclusion
&lt;/h2&gt;

&lt;p&gt;Gumloop is part of a broader shift in how workflows are built. It brings AI into the process and makes it easier to handle tasks that do not fit strict rules.&lt;/p&gt;

&lt;p&gt;That works well up to a point. The limits show up in different places depending on the workflow. Sometimes it is integrations. Sometimes it is control over AI behavior. Sometimes it is how reusable the setup is.&lt;/p&gt;

&lt;p&gt;Tools like Composio highlight how the space is evolving. Instead of focusing only on workflows, they focus on giving AI reliable access to tools and actions across systems.&lt;/p&gt;

&lt;p&gt;Each alternative in this list focuses on one of those areas. There is no single replacement that fits every case.&lt;/p&gt;

&lt;p&gt;The right move is to look at your workflow and identify the exact point where it starts to strain. The tool you choose should solve that specific constraint, not try to cover everything at once.&lt;/p&gt;

</description>
      <category>ai</category>
      <category>automation</category>
      <category>productivity</category>
      <category>webdev</category>
    </item>
    <item>
      <title>13 Best AI Marketing Tools to Beat Your Competitors (2026 Edition)</title>
      <dc:creator>Aakash R</dc:creator>
      <pubDate>Thu, 07 May 2026 08:03:56 +0000</pubDate>
      <link>https://dev.to/composiodev/13-best-ai-marketing-tools-to-beat-your-competitors-2026-edition-1o47</link>
      <guid>https://dev.to/composiodev/13-best-ai-marketing-tools-to-beat-your-competitors-2026-edition-1o47</guid>
      <description>&lt;p&gt;I’ve been doing growth marketing for a while now and if I’ll be honest with you it’s a cut throat competition out there for slightest of attention and winning distribution has become more important then ever before. You have to do everything, SEO, GEO, Reddit, TikTok, YouTube, Performance marketing, Emails, Twitter, and any channel you can think of. And with all the AI tools available right now, there simply is no excuse.&lt;/p&gt;

&lt;p&gt;So, I’ve curated all the AI tools that we use in-house for all thing marketing. It covers the entire spectrum copy writing, short video creation to scheduling tools. So, nothing is missed.&lt;/p&gt;

&lt;p&gt;So, let’s get all the ingredients for building an effective marketing stack.&lt;/p&gt;

&lt;h2&gt;
  
  
  Quick Summary
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Composio&lt;/strong&gt; – Connects your entire marketing stack (ads, analytics, CRM) so AI can act on real campaign data instead of isolated inputs.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;ChatGPT Deep Research&lt;/strong&gt; – Breaks down competitors, content strategies, and market gaps with reasoning, not just surface-level summaries.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Seedance (ByteDance)&lt;/strong&gt; – Converts ideas into full short-form videos (visuals + motion + audio) for rapid content testing.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Lovable&lt;/strong&gt; – Generates and deploys landing pages from prompts, making campaign launches and experiments fast.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Notion&lt;/strong&gt; – Central workspace to manage content calendars, campaign planning, and ongoing marketing workflows.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Manus&lt;/strong&gt; – Creates presentations, documents, and visuals from simple prompts, helping turn ideas into shareable assets quickly.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Midjourney&lt;/strong&gt; – Produces high-quality, distinctive visuals for ads, thumbnails, and creatives that stand out.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;ElevenLabs&lt;/strong&gt; – Generates realistic voiceovers with control over tone and pacing for ads and video content.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Surfer SEO&lt;/strong&gt; – Guides blog structure, keywords, and depth based on what’s already ranking to improve search performance.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Jasper&lt;/strong&gt; – Generates ad copy, email sequences, and variations optimized for different audiences and campaign goals.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;HubSpot&lt;/strong&gt; – Manages CRM, tracks leads, and connects campaigns to actual conversions and revenue.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Hootsuite&lt;/strong&gt; – Schedules and manages social media content across platforms with built-in AI assistance.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Pebblely&lt;/strong&gt; – Creates clean, ready-to-use product visuals with different backgrounds and styles from a single image.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Grammarly&lt;/strong&gt; – Refines writing by improving clarity, tone, and correctness across all marketing content.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  How to Use AI Tools for Marketing
&lt;/h2&gt;

&lt;p&gt;AI works best when it fits into the main parts of your workflow and helps you make better decisions as you go.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Email marketing and lifecycle&lt;/strong&gt; — AI can draft sequences, personalize subject lines, segment lists based on behavior, and predict the best send times. This is one of the highest-ROI uses and it's missing entirely.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Customer research and insights&lt;/strong&gt; — Analyzing reviews, support tickets, survey responses, and social comments to surface pain points, objections, and the actual language customers use. This often feeds everything else (ads, SEO, content).&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Analytics and reporting&lt;/strong&gt; — Summarizing campaign performance, pulling insights from GA4 or ad platforms, and turning raw numbers into plain-language reports for stakeholders.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Image and visual asset creation&lt;/strong&gt; — Product photos, ad creatives, thumbnails, social graphics. You mention video but skip static visuals, which are still a huge chunk of marketing output.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Personalization at scale&lt;/strong&gt; — Dynamic landing pages, tailored email content, and product recommendations based on user behavior.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Brand voice and consistency&lt;/strong&gt; — Training a custom assistant or style guide so all AI-generated content sounds like &lt;em&gt;your&lt;/em&gt; brand instead of generic AI output. Worth flagging because it's a common failure mode of the workflow you described.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  13 Best AI Marketing Tools I’ve tried and tested in 2026
&lt;/h2&gt;

&lt;p&gt;There are way too many AI tools right now, and most of them sound useful until you actually try to fit them into your work. A lot of them overlap, and some just slow you down. The ones that matter are the ones you keep coming back to because they actually help you get things done.&lt;/p&gt;

&lt;p&gt;Here are some of the tools that I used and kept using:&lt;/p&gt;

&lt;h2&gt;
  
  
  &lt;strong&gt;1. Composio: Connecting Your Marketing apps with Claude and ChatGPT&lt;/strong&gt;
&lt;/h2&gt;

&lt;p&gt;&lt;a href="https://www.notion.so/13-Best-AI-Marketing-Tools-to-Beat-Your-Competitors-2026-Edition-350f261a6dfe80c7a1cac56eb562b90d?pvs=21" rel="noopener noreferrer"&gt;Composio&lt;/a&gt; is an AI integration platform that connects with 1000+ tools across marketing, analytics, and productivity. It plugs into tools like &lt;a href="https://composio.dev/toolkits/google_analytics" rel="noopener noreferrer"&gt;Google Analytics&lt;/a&gt;, &lt;a href="https://composio.dev/toolkits/metaads" rel="noopener noreferrer"&gt;Meta Ads&lt;/a&gt;, &lt;a href="https://composio.dev/toolkits/googleads" rel="noopener noreferrer"&gt;Google Ads&lt;/a&gt;, &lt;a href="https://composio.dev/toolkits/ahrefs" rel="noopener noreferrer"&gt;Ahrefs&lt;/a&gt;, and &lt;a href="https://composio.dev/toolkits/googlesuper" rel="noopener noreferrer"&gt;Google Workspace&lt;/a&gt;, and works directly with assistants like ChatGPT and Claude.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F610jujfidrz99pwq1avb.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F610jujfidrz99pwq1avb.png" alt=" " width="800" height="340"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;After using it across a few campaigns, the biggest shift was how everything started to feel connected. Checking performance, pulling numbers, and figuring out what to do next all happen within a single flow. There is no need to keep jumping across dashboards to piece things together.&lt;/p&gt;

&lt;p&gt;It has been especially useful when multiple campaigns are running simultaneously. Looking at ad performance, spotting patterns, and making changes can all happen without losing context, making day-to-day work feel much smoother.&lt;/p&gt;

&lt;p&gt;Here are a few ways it has been helping:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;All data in one place:&lt;/strong&gt; Campaign performance, analytics, and content signals come together, so it is easier to see what is working&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Less switching during work:&lt;/strong&gt; Metrics, insights, and actions stay in the same flow&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;AI with real context:&lt;/strong&gt; Outputs are based on actual campaign data, which makes them more useful&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Better day-to-day flow:&lt;/strong&gt; Reviewing performance and making updates feels more continuous&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Getting started is simple. Connect the tools you already use on the &lt;a href="https://dashboard.composio.dev/" rel="noopener noreferrer"&gt;Composio platform&lt;/a&gt;, link your AI assistant, and start with something basic, like checking campaign performance. From there, it naturally becomes part of how campaigns are managed.&lt;/p&gt;

&lt;h2&gt;
  
  
  &lt;strong&gt;2. Competitor Research with ChatGPT Deep Research&lt;/strong&gt;
&lt;/h2&gt;

&lt;p&gt;&lt;a href="https://chat.openai.com/chat" rel="noopener noreferrer"&gt;ChatGPT’s&lt;/a&gt; Deep Research mode has been one of the tools I keep coming back to for competitor analysis. It started as a quick way to gather info, but after a few uses, it became something I rely on during early research.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk2m2blm3z0vlzn1cw77v.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk2m2blm3z0vlzn1cw77v.png" alt=" " width="800" height="482"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The way it usually plays out is simple. I give it a competitor or a niche and ask for a full breakdown. It pulls their positioning, the type of content they post, how often they publish, how they show up in search, and how people react to them across platforms. Having all of this in one place saves a lot of back and forth and makes it easier to see the full picture.&lt;/p&gt;

&lt;p&gt;Prompting made a big difference over time. Early prompts gave basic summaries. Once I started asking for comparisons, gaps, audience reactions, and reasons behind performance, the output became much more useful. It started to feel less like getting answers and more like having a proper research partner.&lt;/p&gt;

&lt;p&gt;One thing I found genuinely helpful is how it explains patterns. It does not just list what competitors are doing. It shows why something works and where they are missing out. That is usually where new content ideas or campaign angles come from.&lt;/p&gt;

&lt;p&gt;It has been especially useful when looking at a few competitors together before starting a campaign. It gives a clear sense of what is already crowded and what still has space, which makes planning a lot more focused.&lt;/p&gt;

&lt;h2&gt;
  
  
  &lt;strong&gt;3, AI Video Creation with Seedance by ByteDance&lt;/strong&gt;
&lt;/h2&gt;

&lt;p&gt;&lt;a href="https://openart.ai/suite/animate-video/byte-plus-seedance-2" rel="noopener noreferrer"&gt;Seedance&lt;/a&gt; is an AI video generation model by ByteDance that can turn text, images, and clips into full videos. It handles visuals, motion, and audio together, making the output feel more complete without requiring multiple tools.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8bk25jnel6v7dyvqycm3.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8bk25jnel6v7dyvqycm3.png" alt=" " width="800" height="409"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;After using it for short-form content, I found it much easier to take an idea and turn it into a video. A simple prompt can turn into a clip with movement, transitions, and sound. It works well for things like Reels, Shorts, and ad creatives, especially when testing different concepts.&lt;/p&gt;

&lt;p&gt;Over time, it became more useful for creating variations. One idea can be turned into multiple versions with different hooks or styles, which helps when testing what actually works. It also works well with references like images or clips, which makes the output feel more intentional.&lt;/p&gt;

&lt;p&gt;Here are a few ways it has been useful:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Fast video creation:&lt;/strong&gt; Ideas turn into videos quickly without going through heavy editing&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Multiple variations:&lt;/strong&gt; One concept can be tested in different styles, hooks, and formats&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Good for short-form content:&lt;/strong&gt; Works well for TikTok, Reels, Shorts, and ad creatives&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;More control over output:&lt;/strong&gt; Prompts can guide scenes, motion, and overall look of the video&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Less editing effort:&lt;/strong&gt; Most of the work is handled in one place, so there is less need to jump across tools&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  &lt;strong&gt;4. Website Creation and Launch with Lovable&lt;/strong&gt;
&lt;/h2&gt;

&lt;p&gt;I started using &lt;a href="https://lovable.dev/" rel="noopener noreferrer"&gt;Lovable&lt;/a&gt; recently, and it’s been surprisingly useful for turning simple ideas into clean landing pages. You can describe what you want, and it builds a proper page that actually looks good and is ready to go live. It also handles deployment, so you are not stuck figuring out how to host or publish it.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg8cr1vkcpdp1anjujk2s.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg8cr1vkcpdp1anjujk2s.png" alt=" " width="800" height="414"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;For marketing work, this makes a big difference. When there is a new campaign idea or offer, a page can be created and live pretty quickly without getting blocked on design or dev. The first version usually comes out solid, and small tweaks are enough to get it ready.&lt;/p&gt;

&lt;p&gt;It has made testing much easier. Trying different messaging or offers no longer feels heavy, since each version can be turned into its own page. That makes it simpler to validate ideas and move forward with more confidence.&lt;/p&gt;

&lt;h2&gt;
  
  
  &lt;strong&gt;5. Keeping Everything Organized with Notion&lt;/strong&gt;
&lt;/h2&gt;

&lt;p&gt;&lt;a href="https://www.notion.com/" rel="noopener noreferrer"&gt;Notion&lt;/a&gt; became my go to place for almost everything. It has all the information I need in one place, and it is easy to navigate and organize, which makes managing work much simpler.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy4g0sizry9wkfsrkpwh6.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy4g0sizry9wkfsrkpwh6.png" alt=" " width="800" height="390"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;It has been really useful for keeping content calendars, tracking campaigns, and writing things out properly. Ideas usually start messy, and Notion makes it easy to shape them into something usable without overthinking the structure.&lt;/p&gt;

&lt;p&gt;What I like most is how flexible it is. Pages can be simple or detailed as needed, and everything stays connected. Campaign notes, content ideas, and tasks all sit in one place, so nothing gets lost.&lt;/p&gt;

&lt;p&gt;Over time, it just became the place I keep going back to. Planning, writing, tracking progress, everything happens there, which makes it easier to stay focused and keep things moving.&lt;/p&gt;

&lt;h2&gt;
  
  
  &lt;strong&gt;6. Creating Presentations, Docs, and Visuals with Manus&lt;/strong&gt;
&lt;/h2&gt;

&lt;p&gt;&lt;a href="https://www.notion.so/13-Best-AI-Marketing-Tools-to-Beat-Your-Competitors-2026-Edition-350f261a6dfe80c7a1cac56eb562b90d?pvs=21" rel="noopener noreferrer"&gt;Manus&lt;/a&gt; is one of those tools I started using when I needed to quickly pull together different types of content. It can generate presentations, documents, simple websites, and even basic graphics from a prompt, making it useful when ideas need to turn into something presentable quickly.&lt;br&gt;
&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkke0p4qg2etvb9qr7k6m.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkke0p4qg2etvb9qr7k6m.png" alt=" " width="800" height="420"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;It became handy during campaign work and internal reviews. Slides for a pitch, a quick doc to explain a plan, or even visuals for content can be created without starting from scratch. A rough idea is usually enough to get a solid first version, and small edits take it the rest of the way.&lt;/p&gt;

&lt;p&gt;What made it stick is how it handles multiple formats in one place. Instead of jumping between tools for slides, docs, and visuals, everything can be created in a single flow. That makes it easier to keep things consistent and move faster when working on different pieces of the same campaign.&lt;/p&gt;

&lt;p&gt;It has been useful when something needs to be shared quickly, whether it is a presentation, a doc, or a visual asset. It takes away the friction of starting from a blank page and helps get to a usable version much faster.&lt;/p&gt;

&lt;h2&gt;
  
  
  &lt;strong&gt;7. Designing Scroll-Stopping Creatives with &lt;a href="https://www.midjourney.com/" rel="noopener noreferrer"&gt;Midjourney&lt;/a&gt;&lt;/strong&gt;
&lt;/h2&gt;

&lt;p&gt;Midjourney is the tool I reach for when a visual needs to catch attention. The images have a distinct look that feels more styled and less generic, which helps when everything online starts to look similar.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8xh8n7eddf9metzw1nhc.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8xh8n7eddf9metzw1nhc.png" alt=" " width="800" height="410"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Most of the use has been around ad creatives and thumbnails. A rough idea can turn into a strong visual in a few tries, and those visuals often shape the direction of the content itself. It is not just about filling space; it actually influences how the message is presented.&lt;/p&gt;

&lt;p&gt;Getting better results comes down to how the prompt is written. Small changes in wording, style cues, or references can change the entire feel of the image. Over time, it becomes easier to guide it toward a specific look.&lt;/p&gt;

&lt;p&gt;It also works well for exploring different directions. One concept can be turned into multiple styles, which makes it easier to see what fits and what stands out before using it in a campaign.&lt;/p&gt;

&lt;h2&gt;
  
  
  &lt;strong&gt;8. Voiceovers and Audio with ElevenLabs&lt;/strong&gt;
&lt;/h2&gt;

&lt;p&gt;&lt;a href="https://www.notion.so/13-Best-AI-Marketing-Tools-to-Beat-Your-Competitors-2026-Edition-350f261a6dfe80c7a1cac56eb562b90d?pvs=21" rel="noopener noreferrer"&gt;ElevenLabs&lt;/a&gt; is what I’ve been using for voiceovers, especially for short videos and ads. It turns text into natural-sounding speech, and the voices actually feel real, which makes a big difference when the content is meant to hold attention.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvpensqp4tsed441o2nxl.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvpensqp4tsed441o2nxl.png" alt=" " width="800" height="512"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;It became useful while working on video content. Writing a script is one part, but getting a clean voiceover used to take extra effort. With ElevenLabs, a script can turn into a usable voice track in minutes, and small edits are easy to try without redoing everything.&lt;/p&gt;

&lt;p&gt;The control over tone and pacing is what stands out. You can adjust how the voice sounds based on the content type to better match the mood of the video or ad. It also works well when testing different versions of the same script with slight variations.&lt;/p&gt;

&lt;p&gt;It fits well into content workflows where audio matters. Videos feel more complete, and the process of getting from script to final output becomes much smoother.&lt;/p&gt;

&lt;h2&gt;
  
  
  &lt;strong&gt;9. Writing SEO Blogs That Actually Rank with Surfer SEO&lt;/strong&gt;
&lt;/h2&gt;

&lt;p&gt;Figuring out what to include in an SEO blog used to feel like guesswork. &lt;a href="https://www.notion.so/13-Best-AI-Marketing-Tools-to-Beat-Your-Competitors-2026-Edition-350f261a6dfe80c7a1cac56eb562b90d?pvs=21" rel="noopener noreferrer"&gt;Surfer SEO&lt;/a&gt; changed that by providing clear direction on what the content should cover, based on what is already ranking.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3774f9s9rmmmymmkqt6i.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3774f9s9rmmmymmkqt6i.png" alt=" " width="800" height="415"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Working on blog posts helped shape the structure before writing even started. It shows the kinds of headings, keywords, and depth that top pages have, making planning much easier. The content ends up feeling more complete and aligned with what people are searching for.&lt;/p&gt;

&lt;p&gt;Another thing that helped was staying on track while writing. It is easy to drift or miss important points, and Surfer keeps things focused without forcing a rigid style. The content still feels natural, just more aligned with search intent.&lt;/p&gt;

&lt;h2&gt;
  
  
  &lt;strong&gt;10. Writing Ad Copy and Emails with Jasper&lt;/strong&gt;
&lt;/h2&gt;

&lt;p&gt;Coming up with good copy on demand is harder than it looks, especially when you need multiple versions for ads or emails. &lt;a href="https://www.jasper.ai/" rel="noopener noreferrer"&gt;Jasper&lt;/a&gt; has been useful in those moments when ideas are there, but the wording needs to be sharper.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd8myrmlkxqc338zp21u1.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd8myrmlkxqc338zp21u1.png" alt=" " width="800" height="416"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;It works well for creating variations. A single idea can turn into multiple ad copies, email drafts, or landing page lines, which helps when testing different angles. The output usually feels more structured for marketing compared to general AI tools.&lt;/p&gt;

&lt;p&gt;The part that stands out is how it handles tone and intent. You can guide it based on the audience or goal, and it adjusts the writing to match. That makes it easier to keep the message aligned with the campaign. It works well in workflows where copy needs to be tested and improved. Having multiple options ready makes it easier to pick what works and build on it.&lt;/p&gt;

&lt;h2&gt;
  
  
  &lt;strong&gt;11. Managing Marketing and CRM with HubSpot&lt;/strong&gt;
&lt;/h2&gt;

&lt;p&gt;&lt;a href="https://www.hubspot.com/" rel="noopener noreferrer"&gt;HubSpot&lt;/a&gt; is something that comes in once everything starts growing. Content, leads, emails, campaigns, all of it needs a place to stay organized, and this is where HubSpot starts to help.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F05vmcix52xfesjy47sm7.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F05vmcix52xfesjy47sm7.png" alt=" " width="800" height="384"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;It has been useful for tracking leads and seeing how people move from first touch to conversion. Instead of guessing what is working, you can actually see which campaigns or channels are bringing results. That makes it easier to decide where to focus.&lt;/p&gt;

&lt;p&gt;Email campaigns and follow-ups also become easier to manage. Setting up flows, tracking engagement, and keeping everything connected to the same contact data makes things feel more structured.&lt;/p&gt;

&lt;p&gt;It works well when marketing starts getting serious. Everything from campaigns to customer interactions sits in one place, which makes it easier to manage and improve over time.&lt;/p&gt;

&lt;h2&gt;
  
  
  &lt;strong&gt;12. Scheduling and Social Media Management with Hootsuite&lt;/strong&gt;
&lt;/h2&gt;

&lt;p&gt;Keeping up with multiple social platforms can get messy once posting becomes a regular habit. &lt;a href="https://www.hootsuite.com/" rel="noopener noreferrer"&gt;Hootsuite&lt;/a&gt; made that part easier by bringing everything into one place and adding AI support for content and scheduling.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F34zq3g3pz9lnx8d5b1gc.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F34zq3g3pz9lnx8d5b1gc.png" alt=" " width="800" height="444"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;It has been useful for planning posts in advance and maintaining a consistent flow. Content for different platforms can be scheduled in one go, which helps avoid last-minute posting. It also gives a clear view of what is going out and when. The AI features help generate captions and adjust tone based on the platform. &lt;/p&gt;

&lt;p&gt;That saves time when you need variations of the same content. It also helps when you are not sure how to phrase something.&lt;/p&gt;

&lt;p&gt;It works well when managing multiple channels. Posting, tracking engagement, and staying consistent become easier, helping keep the social presence active without too much effort.&lt;/p&gt;

&lt;h2&gt;
  
  
  &lt;strong&gt;13. Turning Ideas into Product Shots with Pebblely&lt;/strong&gt;
&lt;/h2&gt;

&lt;p&gt;Getting good product images usually takes time or a proper setup. &lt;a href="https://pebblely.com/" rel="noopener noreferrer"&gt;Pebblely&lt;/a&gt; made that part much easier by generating clean product shots from a simple image.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fa5b5trnh1v6dak1nggw0.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fa5b5trnh1v6dak1nggw0.png" alt=" " width="800" height="414"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;It has been useful for quick creatives, especially when testing ads or trying different visual styles. A basic product image can be turned into multiple backgrounds and setups, helping create variety without a full shoot.&lt;/p&gt;

&lt;p&gt;A big advantage is the speed at which you can try different looks. Changing the setting, style, or feel of the image takes a few clicks, so it becomes easy to explore different directions for a campaign. It works well when visuals are needed quickly. Product images come out clean and ready to use, which helps keep ad creatives and content moving without extra effort.&lt;/p&gt;

&lt;h2&gt;
  
  
  Conclusion
&lt;/h2&gt;

&lt;p&gt;AI tools can feel overwhelming at first because there are so many options. After trying a bunch of them, it usually comes down to a smaller set that actually fits into your day to day work. Those are the ones that end up sticking.&lt;/p&gt;

&lt;p&gt;Each of these tools solves a different part of marketing, from research and content to ads and tracking. When they start working together, things feel a lot more clear and manageable. You spend less time figuring things out and more time improving what is already working.&lt;/p&gt;

&lt;p&gt;At the end of the day, the tools are just support. The real difference comes from how you use them, how often you test ideas, and how you build on the results.&lt;/p&gt;

</description>
      <category>marketing</category>
      <category>ai</category>
      <category>automation</category>
      <category>productivity</category>
    </item>
    <item>
      <title>AI Workflow Automation Tools Are a Mess, Here’s What I Learned the Hard Way</title>
      <dc:creator>VK</dc:creator>
      <pubDate>Tue, 05 May 2026 13:53:16 +0000</pubDate>
      <link>https://dev.to/composiodev/anyone-else-waste-days-switching-between-automation-tools-before-committing-5flp</link>
      <guid>https://dev.to/composiodev/anyone-else-waste-days-switching-between-automation-tools-before-committing-5flp</guid>
      <description>&lt;p&gt;I spent days testing tools, trying to build a simple AI workflow automation setup, and it was way harder than it should have been.&lt;/p&gt;

&lt;p&gt;What is AI Workflow Automation?&lt;/p&gt;

&lt;p&gt;AI workflow automation is the process of using AI tools to connect, trigger, and execute tasks across apps without manual intervention.&lt;br&gt;
In theory, it should simplify work. In reality, most tools make it fragmented.&lt;/p&gt;

&lt;p&gt;Built a lead routing workflow last week that should've taken two hours. New form submission comes in, gets scored, lands in HubSpot, pings the right Slack channel. Done this before. Should've been an afternoon.&lt;/p&gt;

&lt;p&gt;Took three days. Not because it was hard, because I kept convincing myself the next tool would be cleaner. Got halfway through in one platform, hit some friction, jumped to the next one. By day two I had half-finished automations in four different tools and a creeping feeling that most of the "AI automation" category is just the same three features in different packaging.&lt;/p&gt;

&lt;p&gt;Eventually I did the only reasonable thing: scrapped everything and rebuilt the same workflow in every tool I was curious about. Back to back. Same workflow, every platform.&lt;/p&gt;

&lt;p&gt;Here's what I actually learned from that:&lt;/p&gt;

&lt;p&gt;n8n is the one I keep coming back to for client work. Self-hosted it on a cheap Hetzner box and had something running before lunch. The real moment was when a client needed an audit trail, pulled up the canvas, traced every branch visually, exported something readable in five minutes. Nothing else I tried lets you do that cleanly.&lt;/p&gt;

&lt;p&gt;Make was the surprise for internal stuff. Handed it to my content team with zero hand-holding. Monday someone asked if it was broken. Wednesday I got a screenshot, they'd built an entire RSS-to-Notion briefing pipeline end to end. The economics vs Zapier at any real volume aren't close either.&lt;/p&gt;

&lt;p&gt;Composio was the thing I didn't expect to change how I work. I'd been writing OAuth boilerplate by hand every time I added a new integration to an agent. Connected Gmail, GitHub, Notion, and Slack to a LangChain agent in under an hour with zero auth code. The three devs I've recommended it to are all still using it months later.&lt;/p&gt;

&lt;p&gt;Zapier I've rage-quit twice and come back twice. The docs are just the best in the category, when something breaks at 11pm and a client is waiting, that genuinely matters more than features. Expensive at volume though, that part isn't a myth.&lt;/p&gt;

&lt;p&gt;Also been playing with Claude Cowork for simpler delegation stuff, typed a natural language instruction for a recurring research task and it just ran with no workflow setup at all. Falls apart on anything with real conditional logic but for straightforward recurring tasks it's kind of wild.&lt;/p&gt;

&lt;p&gt;Tried Lindy too. The meeting prep agent is genuinely useful, drops a research brief before every discovery call without me thinking about it. Tried using it for anything beyond that and it struggled. Feels like it has a narrow sweet spot but inside that sweet spot it's really good.&lt;/p&gt;

&lt;p&gt;Hadn't touched Bardeen until a sales rep on my team mentioned she was spending two hours a day copying LinkedIn profiles into our CRM manually. Set her up with a playbook in 25 minutes, cut the task to four minutes. Main limitation is your browser has to stay open, not great for anything you want running in the background overnight.&lt;/p&gt;

&lt;p&gt;Probably the most useful thing I took from the whole exercise: most people are treating these tools like they're interchangeable and they're really not. There's a difference between tools for delegation, tools for structured data routing, tools for agent infrastructure, and tools for browser work. Picking the wrong category for your problem is why people keep jumping between platforms and feeling like nothing works.&lt;/p&gt;

&lt;p&gt;Until AI workflow automation tools become more unified, developers will keep wasting time stitching together workflows instead of building actual products.&lt;/p&gt;

&lt;p&gt;Complete analysis: Read the full blog post: &lt;a href="https://composio.dev/content/top-ai-workflow-automation-tools-you-must-not-miss-in-2026" rel="noopener noreferrer"&gt; top AI Automation tools&lt;br&gt;
&lt;/a&gt;&lt;/p&gt;

</description>
      <category>ai</category>
      <category>productivity</category>
      <category>learning</category>
      <category>beginners</category>
    </item>
    <item>
      <title>Kimi K2.6 vs. Claude Opus 4.7 in a Weird Game Coding Test ✅</title>
      <dc:creator>Shrijal Acharya</dc:creator>
      <pubDate>Tue, 05 May 2026 13:04:03 +0000</pubDate>
      <link>https://dev.to/composiodev/kimi-k26-vs-claude-opus-47-in-a-weird-game-coding-test-2ck3</link>
      <guid>https://dev.to/composiodev/kimi-k26-vs-claude-opus-47-in-a-weird-game-coding-test-2ck3</guid>
      <description>&lt;p&gt;Kimi K2.6 has been getting a lot of love lately, especially from devs who want a strong coding model without paying premium model prices every time they run a big prompt.&lt;/p&gt;

&lt;p&gt;So I wanted to see how good this model actually is. But this time, I wanted to compare it with something much heavier, the developers darling &lt;strong&gt;Claude Opus 4.7&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;On paper, Claude Opus 4.7 and Kimi K2.6 are very different models.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9me1tc37trrs3wur8p6o.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9me1tc37trrs3wur8p6o.png" alt="Kimi K2.6 and Opus 4.7 benchmarks" width="800" height="422"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;One is a premium frontier model from Anthropic. The other is Moonshot AI's much cheaper open model for coding and agentic tasks.&lt;/p&gt;

&lt;p&gt;The pricing difference is pretty wild too. Claude Opus 4.7 costs $5/M input tokens and $25/M output tokens. Kimi K2.6 is listed at $0.95/M input tokens and $4/M output tokens, with cached input going even lower at $0.16/M tokens.&lt;/p&gt;

&lt;p&gt;That is a pretty big gap.&lt;/p&gt;

&lt;p&gt;So in this article, we'll see how the cheaper model, Kimi K2.6, does against Claude Opus 4.7.&lt;/p&gt;

&lt;p&gt;For the test, I gave both models the same coding task: build a small Minetest (similar to Minecraft) bounty board with a TypeScript backend, then extend it with Google Sheets logging through Composio.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4zpwug27ph8tc9d8dti6.gif" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4zpwug27ph8tc9d8dti6.gif" alt="Angrybird interacting with a telescope" width="480" height="260"&gt;&lt;/a&gt;&lt;/p&gt;




&lt;h2&gt;
  
  
  TL;DR
&lt;/h2&gt;

&lt;p&gt;If you want the quick take, Claude Opus 4.7 clearly won this test, but it was painfully expensive.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Opus was better at the real task.&lt;/strong&gt; The local build was cleaner, and it was the only one that got the real Google Sheets integration working.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Kimi did pretty well in Test 1.&lt;/strong&gt; It got the local bounty board working for way less money, but it needed more debugging.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Test 2 changed the whole comparison.&lt;/strong&gt; Opus was expensive, but it finished. Kimi just could not put it all together.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The cost difference was wild though.&lt;/p&gt;

&lt;p&gt;For the first local bounty board test, Opus cost around &lt;strong&gt;$3.59&lt;/strong&gt;, while Kimi came in at around &lt;strong&gt;$0.39&lt;/strong&gt;. That is a huge gap. For the basic version, Kimi honestly did pretty well for the price.&lt;/p&gt;

&lt;p&gt;But once the task got a little more real, the gap became way more obvious.&lt;/p&gt;

&lt;p&gt;Opus got it working, even though it needed a little back and forth. The Google Sheets sync worked, and the project was modular enough that I could test the whole flow with two &lt;code&gt;curl&lt;/code&gt; requests without even opening the game.&lt;/p&gt;

&lt;p&gt;The painful part is that the Composio run alone cost &lt;strong&gt;$16&lt;/strong&gt; and took around &lt;strong&gt;28min 52sec API time&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;Kimi, on the other hand, burned &lt;strong&gt;135k+ tokens&lt;/strong&gt;, took around &lt;strong&gt;25 minutes&lt;/strong&gt;, cost around &lt;strong&gt;$5.03&lt;/strong&gt;, and still did not really get any closer.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;👀 So yeah, Kimi K2.6 is a usable and interesting cheaper model. But in this test, it could not really come close to Opus 4.7 for real-world coding.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;h2&gt;
  
  
  Evaluation
&lt;/h2&gt;

&lt;p&gt;I treated this like a real project, not a benchmark chart. Both models got the same prompts, and I compared the results based on whether it actually worked, how clean the code was, how much debugging it needed, how long it took, and how much it cost. That last one matters a lot here.&lt;/p&gt;

&lt;h3&gt;
  
  
  Setup
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Same tasks and prompts&lt;/strong&gt; for both models (Test 1: local-only bounty board, Test 2: real Composio Google Sheets sync).&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Same target architecture&lt;/strong&gt;: Minetest/Luanti Lua mod + TypeScript backend.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Same success criteria&lt;/strong&gt;: &lt;code&gt;/bounty&lt;/code&gt; flow works in-game, backend APIs behave correctly, and in Test 2 the completion is appended to Google Sheets via Composio.&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  What I measured
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Functional correctness (most important):&lt;/strong&gt; Did it work end-to-end with real verification?

&lt;ul&gt;
&lt;li&gt;Local run: could a player generate, progress, and complete bounties without breaking state?&lt;/li&gt;
&lt;li&gt;Backend: did &lt;code&gt;/health&lt;/code&gt;, &lt;code&gt;/api/bounty/generate&lt;/code&gt;, &lt;code&gt;/api/bounty/complete&lt;/code&gt;, and &lt;code&gt;/api/leaderboard&lt;/code&gt; return the expected shapes?&lt;/li&gt;
&lt;li&gt;Test 2: did the Google Sheets append succeed, and could I validate it from the API without needing to be in the game?&lt;/li&gt;
&lt;/ul&gt;


&lt;/li&gt;

&lt;li&gt;

&lt;strong&gt;Code quality and structure:&lt;/strong&gt; modularity, clarity, and whether the repo was easy to reason about and test.&lt;/li&gt;

&lt;li&gt;

&lt;strong&gt;Debug burden:&lt;/strong&gt; how many follow-ups were needed, how confusing the failure modes were, and whether issues were “real bugs” vs. “misconfiguration traps.”&lt;/li&gt;

&lt;li&gt;

&lt;strong&gt;Time:&lt;/strong&gt; API time and wall time for each run.&lt;/li&gt;

&lt;li&gt;

&lt;strong&gt;Cost and token usage:&lt;/strong&gt; input, output, cache behavior, and total run cost.&lt;/li&gt;

&lt;li&gt;

&lt;strong&gt;Practical ergonomics:&lt;/strong&gt; whether I could validate quickly (for example, testing the full backend + Composio flow with &lt;code&gt;curl&lt;/code&gt;).&lt;/li&gt;

&lt;/ul&gt;

&lt;h3&gt;
  
  
  How I verified outcomes
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Test 1:&lt;/strong&gt; ran the backend locally, joined a local Minetest world, used &lt;code&gt;/bounty&lt;/code&gt;, and confirmed task tracking, rewards, and leaderboard persistence.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Test 2:&lt;/strong&gt; verified the end-to-end sync by generating and completing a bounty via the backend API, and confirming a successful Google Sheets append through Composio.&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Scoring approach
&lt;/h3&gt;

&lt;p&gt;This was not a “unit test leaderboard” benchmark. It was a real build-and-ship check.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;A model “wins” when the project works with minimal intervention.&lt;/li&gt;
&lt;li&gt;A model “loses” when it cannot reach a working state in reasonable time/cost, even if parts of the code look promising.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Coding Test
&lt;/h2&gt;

&lt;p&gt;For this test, I used the following CLI coding agents:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Claude Opus 4.7:&lt;/strong&gt; Claude Code, Anthropic's terminal-based agentic coding tool&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvc5bfm8a9ump0ebp5f7o.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvc5bfm8a9ump0ebp5f7o.png" alt="Claude Opus 4.7 model in CC" width="800" height="159"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Kimi K2.6:&lt;/strong&gt; OpenCode via OpenRouter&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxbg1utbhx6wenvgpszln.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxbg1utbhx6wenvgpszln.png" alt="Kimi K2.6 in OpenRouter" width="800" height="270"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;ℹ️ This is a practical coding test, so both models get the same prompt. I will compare time taken, code quality, token usage, cost, and all that stuff.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;h3&gt;
  
  
  What are we building?
&lt;/h3&gt;

&lt;p&gt;For this test, I wanted something small enough to verify properly, but still weird enough to show how each model handles an unusual idea.&lt;/p&gt;

&lt;p&gt;So, we're building a simple Minetest/Luanti bounty board.&lt;/p&gt;

&lt;p&gt;A player can join a local world, run &lt;code&gt;/bounty&lt;/code&gt;, get a task like mining dirt or placing torches, and receive a reward after completing it.&lt;/p&gt;

&lt;p&gt;After that, the backend records the completion, logs it to Google Sheets through Composio.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;I get it, the concept is a little unusual on purpose.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;h3&gt;
  
  
  Test Prompts
&lt;/h3&gt;

&lt;p&gt;Both models received the same prompts for each test.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Test 1 Prompt:&lt;/strong&gt; &lt;a href="https://gist.github.com/shricodev/a9fa4512142e74c72afc0e8b6b121384" rel="noopener noreferrer"&gt;Local Bounty Board Prompt&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Test 2 Prompt:&lt;/strong&gt; &lt;a href="https://gist.github.com/shricodev/5e8f4803f1a9af152403e246b7bcd617" rel="noopener noreferrer"&gt;Real Composio Integration Prompt&lt;/a&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Test 1: Local Bounty Board
&lt;/h3&gt;

&lt;p&gt;This first test is the basic version of the idea.&lt;/p&gt;

&lt;p&gt;No external tools, no Composio. Just the game, the backend, and the local bounty flow working properly.&lt;/p&gt;

&lt;p&gt;The goal was simple. A player runs &lt;code&gt;/bounty&lt;/code&gt;, gets a task, completes it inside the game, and the backend tracks the progress without everything falling apart.&lt;/p&gt;

&lt;h3&gt;
  
  
  Claude Opus 4.7
&lt;/h3&gt;

&lt;p&gt;Claude Opus 4.7 handled the first test really well.&lt;/p&gt;

&lt;p&gt;The local bounty board worked end to end. It built the TypeScript backend, the Minetest/Luanti Lua mod, the command flow, progress tracking, rewards, and leaderboard persistence without needing a bunch of follow-up fixes.&lt;/p&gt;

&lt;p&gt;The file structure also felt nice, which I had specifically asked for in the prompt:&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1ldggdwrwcrk42jgswb0.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1ldggdwrwcrk42jgswb0.png" alt="Claude Opus 4.7 created file structure" width="800" height="345"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The backend was built with Express, Zod, and Vitest. It also handled the boring stuff properly, which honestly matters a lot here:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;code&gt;npm test&lt;/code&gt; passed with &lt;strong&gt;11/11 tests&lt;/strong&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;code&gt;npm run build&lt;/code&gt; passed cleanly&lt;/li&gt;
&lt;li&gt;
&lt;code&gt;/health&lt;/code&gt;, &lt;code&gt;/api/bounty/generate&lt;/code&gt;, &lt;code&gt;/api/bounty/complete&lt;/code&gt;, and &lt;code&gt;/api/leaderboard&lt;/code&gt; returned the right response shapes&lt;/li&gt;
&lt;li&gt;incomplete bounty completions returned a clean &lt;code&gt;400&lt;/code&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;It created the Lua files cleanly, used &lt;code&gt;minetest.request_http_api()&lt;/code&gt;, handled &lt;code&gt;secure.http_mods&lt;/code&gt;, tracked digging and placing, stored player bounty state, and handled inventory rewards properly.&lt;/p&gt;

&lt;p&gt;The whole run took around &lt;strong&gt;12 minutes of API time&lt;/strong&gt;, with about &lt;strong&gt;23 minutes wall time&lt;/strong&gt;. That is a bit longer than a quick web app build test, but for this kind of cross-stack project, it felt fair.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frwsc4lkcx6f9o43eujev.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frwsc4lkcx6f9o43eujev.png" alt="Claude Opus 4.7 time taken for the build" width="800" height="286"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The cost came out to &lt;strong&gt;$3.59&lt;/strong&gt;, which is definitely not cheap. But to be fair, the output was actually useful. It added a lot of code, but most of it was real implementation, not random filler like &lt;code&gt;CONTRIBUTING.md&lt;/code&gt;, &lt;code&gt;INSTALLATION.md&lt;/code&gt;, and all those extra files models sometimes create for no reason.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgj4v5gc4wfmy9bov64qq.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgj4v5gc4wfmy9bov64qq.png" alt="Claude Opus 4.7 cost for the build" width="800" height="126"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;You can find the code it generated here: &lt;a href="https://github.com/shricodev/opus-kimi-minetest-game-mod/tree/04fe23a6f6eb363ef7cfb6af9e0e91993568a718" rel="noopener noreferrer"&gt;Claude Opus 4.7 Code&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Here's the demo:&lt;/p&gt;

&lt;p&gt;  &lt;iframe src="https://www.youtube.com/embed/ZAB9fTdTV5Y"&gt;
  &lt;/iframe&gt;
&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Cost:&lt;/strong&gt; ~$3.59&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Duration:&lt;/strong&gt; 12min 3sec API time, 23min 53sec wall time&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Code Changes:&lt;/strong&gt; +1,688 lines, 0 lines removed&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Token Usage:&lt;/strong&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Input:&lt;/strong&gt; 65&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Output:&lt;/strong&gt; 54.8k&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Cache read:&lt;/strong&gt; 2.8M&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Cache write:&lt;/strong&gt; 129.8k&lt;/li&gt;
&lt;/ul&gt;


&lt;/li&gt;

&lt;/ul&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Quick Verdict&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;It worked end to end without much tweaking. I only had to configure &lt;code&gt;~/.minetest/minetest.conf&lt;/code&gt; and add this line:&lt;/p&gt;


&lt;pre class="highlight plaintext"&gt;&lt;code&gt;secure.http_mods = bountyboard
&lt;/code&gt;&lt;/pre&gt;


&lt;p&gt;Pretty much everything else was smooth. Great quick MVP.&lt;/p&gt;

&lt;p&gt;I noticed one small issue: &lt;code&gt;mine_node&lt;/code&gt; bounties can be farmed by placing and then re-mining the same blocks, because vanilla Minetest does not track who placed a node.&lt;/p&gt;

&lt;p&gt;But that's fine. That is not really a code issue here.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;h3&gt;
  
  
  Kimi K2.6
&lt;/h3&gt;

&lt;p&gt;The core idea worked. Kimi created the TypeScript backend, the Minetest/Luanti mod, the bounty commands, task tracking, completion flow, rewards, and leaderboard logic.&lt;/p&gt;

&lt;p&gt;The backend side looked solid enough. It used Express, Zod, and Vitest, and the main routes were there:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;code&gt;/health&lt;/code&gt;&lt;/li&gt;
&lt;li&gt;&lt;code&gt;/api/bounty/generate&lt;/code&gt;&lt;/li&gt;
&lt;li&gt;&lt;code&gt;/api/bounty/complete&lt;/code&gt;&lt;/li&gt;
&lt;li&gt;&lt;code&gt;/api/leaderboard&lt;/code&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;It also created the Lua mod files properly and handled the basic &lt;code&gt;/bounty&lt;/code&gt; flow inside Minetest. The code was not bad either. I just felt like it was not as clean or modular as what Opus 4.7 wrote.&lt;/p&gt;

&lt;p&gt;But there was one really irritating issue.&lt;/p&gt;

&lt;p&gt;Somehow, Kimi wrote the global Minetest config in &lt;code&gt;~/.minetest/minetest.conf&lt;/code&gt; with this:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight properties"&gt;&lt;code&gt;&lt;span class="py"&gt;secure.http_mods&lt;/span&gt; &lt;span class="p"&gt;=&lt;/span&gt; &lt;span class="s"&gt;bountykimi&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;


&lt;p&gt;But then it also created a world config and added a different mod name there.&lt;/p&gt;

&lt;p&gt;So when I loaded the world, Minetest used the world-level config. That basically overrode the global config behavior I was expecting. Because of that, the HTTP API was not enabled for the actual mod that was running.&lt;/p&gt;

&lt;p&gt;This took me more than half an hour to debug.&lt;/p&gt;

&lt;p&gt;And honestly, because I do not have much experience with Minetest config behavior, this was super annoying.&lt;/p&gt;

&lt;p&gt;The run itself was much cheaper and faster than Opus. Kimi used around &lt;strong&gt;52k context tokens&lt;/strong&gt;, took about &lt;strong&gt;9 minutes 27 seconds&lt;/strong&gt;, and cost around &lt;strong&gt;$0.39&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxi3s6ic25sy6620np9wf.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxi3s6ic25sy6620np9wf.png" alt="Kimi K2.6 token usage and time for the build" width="800" height="424"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;That price difference is pretty wild. Opus cost around $3.59 for the first test, while Kimi came in under $0.40.&lt;/p&gt;

&lt;p&gt;You can find the code it generated here: &lt;a href="https://github.com/shricodev/opus-kimi-minetest-game-mod/tree/5c9033f77f2dff7792578b3fa126f7343643b5d1" rel="noopener noreferrer"&gt;Kimi K2.6 Code&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Here's the demo:&lt;/p&gt;

&lt;p&gt;  &lt;iframe src="https://www.youtube.com/embed/kpE4EbWdqu4"&gt;
  &lt;/iframe&gt;
&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Cost:&lt;/strong&gt; ~$0.39&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Duration:&lt;/strong&gt; ~9min 27sec&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Code Changes:&lt;/strong&gt; +4,671 lines, 0 lines removed&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Context Used:&lt;/strong&gt; 52,073 tokens&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Context Window Used:&lt;/strong&gt; 20%&lt;/li&gt;
&lt;/ul&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Quick Verdict&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;The local bounty board idea worked, the code was usable, and the model clearly understood the Lua + TypeScript setup. But if you notice, Kimi wrote more than twice as much code as Opus 4.7.&lt;/p&gt;

&lt;p&gt;The main problem was the Minetest config mess. It added &lt;code&gt;secure.http_mods = bountykimi&lt;/code&gt; globally, but then created another world-level config with a different mod name, which made debugging way more painful.&lt;/p&gt;

&lt;p&gt;So yeah, Kimi passed the first test, but not as smoothly as Opus.&lt;/p&gt;
&lt;/blockquote&gt;
&lt;h3&gt;
  
  
  Test 2: Real Composio Integration
&lt;/h3&gt;

&lt;p&gt;Now this is where the actual test, and the fun, begins.&lt;/p&gt;

&lt;p&gt;The custom mod is ready, so now it is time to integrate Composio and give the game a quick agentic touch.&lt;/p&gt;

&lt;p&gt;The idea is simple. As players progress through the game, their bounty completions get logged into Google Sheets with Composio.&lt;/p&gt;
&lt;h3&gt;
  
  
  Claude Opus 4.7
&lt;/h3&gt;

&lt;p&gt;Claude Opus 4.7 did manage to add the real Composio integration, but this one was not as smooth as Test 1.&lt;/p&gt;

&lt;p&gt;The backend could sync bounty completions to Google Sheets. The nice thing is that I did not even need to open Minetest to test whether it was working. Because the project was structured cleanly, I could test the whole backend flow with just two &lt;code&gt;curl&lt;/code&gt; requests.&lt;/p&gt;

&lt;p&gt;First, generate a bounty:&lt;br&gt;
&lt;/p&gt;
&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;curl &lt;span class="nt"&gt;-s&lt;/span&gt; &lt;span class="nt"&gt;-X&lt;/span&gt; POST http://localhost:8787/api/bounty/generate &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-H&lt;/span&gt; &lt;span class="s1"&gt;'Content-Type: application/json'&lt;/span&gt; &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-d&lt;/span&gt; &lt;span class="s1"&gt;'{"player":"singleplayer","availableTasks":["collect_item"]}'&lt;/span&gt; &lt;span class="se"&gt;\&lt;/span&gt;
  | &lt;span class="nb"&gt;tee&lt;/span&gt; /tmp/b.json | jq
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;


&lt;p&gt;Then complete it:&lt;br&gt;
&lt;/p&gt;
&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;curl &lt;span class="nt"&gt;-s&lt;/span&gt; &lt;span class="nt"&gt;-X&lt;/span&gt; POST http://localhost:8787/api/bounty/complete &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-H&lt;/span&gt; &lt;span class="s1"&gt;'Content-Type: application/json'&lt;/span&gt; &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-d&lt;/span&gt; &lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="si"&gt;$(&lt;/span&gt;jq &lt;span class="nt"&gt;-nc&lt;/span&gt; &lt;span class="se"&gt;\&lt;/span&gt;
        &lt;span class="nt"&gt;--argjson&lt;/span&gt; b &lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="si"&gt;$(&lt;/span&gt;jq .bounty /tmp/b.json&lt;span class="si"&gt;)&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt; &lt;span class="se"&gt;\&lt;/span&gt;
        &lt;span class="nt"&gt;--arg&lt;/span&gt; ts &lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="si"&gt;$(&lt;/span&gt;&lt;span class="nb"&gt;date&lt;/span&gt; &lt;span class="nt"&gt;-u&lt;/span&gt; +%Y-%m-%dT%H:%M:%SZ&lt;span class="si"&gt;)&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt; &lt;span class="se"&gt;\&lt;/span&gt;
        &lt;span class="s1"&gt;'{player:"singleplayer", bounty:$b, progress:{current:$b.target.count, required:$b.target.count}, completedAt:$ts}'&lt;/span&gt;&lt;span class="si"&gt;)&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt; &lt;span class="se"&gt;\&lt;/span&gt;
  | jq
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;


&lt;p&gt;And if everything is configured correctly, the second response looks like this:&lt;br&gt;
&lt;/p&gt;
&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight json"&gt;&lt;code&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"ok"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="kc"&gt;true&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"message"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"Bounty completed."&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"leaderboard"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="nl"&gt;"player"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"singleplayer"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="nl"&gt;"points"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="mi"&gt;8&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="nl"&gt;"completedBounties"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="mi"&gt;1&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="p"&gt;},&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"sync"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="nl"&gt;"googleSheets"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"ok"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="kc"&gt;true&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"message"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"Google Sheets row appended."&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;


&lt;p&gt;This is one of the things I love about Opus the most. It usually creates a pretty modular setup. The game mod, backend logic, and external sync were separated well enough that I could test the Composio part directly from the API without needing to run around inside the game every time.&lt;/p&gt;

&lt;p&gt;It did run into a dev server issue where the &lt;code&gt;tsx&lt;/code&gt; command was parsing &lt;code&gt;watch&lt;/code&gt; incorrectly and treating it like the entry file.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3mdm9m29o5a7q6mq10oe.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3mdm9m29o5a7q6mq10oe.png" alt="Claude Opus 4.7 build error" width="800" height="218"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;After a bit of back and forth, it fixed the error. It eventually built a small runtime env loader and adjusted the config import so the backend could read the environment properly before the rest of the app booted.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fe4e3gju1m8fore381kvx.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fe4e3gju1m8fore381kvx.png" alt="Claude Opus 4.7 build error fix" width="800" height="203"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;After that, the build worked and the Google Sheets sync started working.&lt;/p&gt;

&lt;p&gt;But that cost was painful. It literally cost me around &lt;strong&gt;$16&lt;/strong&gt;. Like, actually :(. If you are not watching usage, this thing can make you broke real fast.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffe8rgfuafxakh1oucp9j.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffe8rgfuafxakh1oucp9j.png" alt="Claude Opus 4.7 time and cost" width="800" height="94"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;It took &lt;strong&gt;28min 52sec API time&lt;/strong&gt;, and about &lt;strong&gt;1hr 17min wall time&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;Apart from that, the code did work. But it cost way more than I expected for one run.&lt;/p&gt;

&lt;p&gt;You can find the code it generated here: &lt;a href="https://github.com/shricodev/opus-kimi-minetest-game-mod/tree/0c9c0fa3641796fd97890530c4116e05912b04f4" rel="noopener noreferrer"&gt;Claude Opus 4.7 Code - Composio&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Here's the demo:&lt;/p&gt;

&lt;p&gt;  &lt;iframe src="https://www.youtube.com/embed/HWUmlysy18Q"&gt;
  &lt;/iframe&gt;
&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Cost:&lt;/strong&gt; $16.03&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Duration:&lt;/strong&gt; 28min 52sec API time, 1hr 17min 40sec wall time&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Code Changes:&lt;/strong&gt; +1,848 lines, 507 lines removed&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Token Usage:&lt;/strong&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Input:&lt;/strong&gt; 100.2k with Claude Haiku 4.5, plus Opus usage shown in the session&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Output:&lt;/strong&gt; 3.2k with Claude Haiku 4.5, 123.3k with Claude Opus 4.7&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Cache read:&lt;/strong&gt; 22.3M&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Cache write:&lt;/strong&gt; 269.3k&lt;/li&gt;
&lt;/ul&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Quick Verdict:&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Claude Opus 4.7 got the real Composio integration working, especially the Google Sheets logging.&lt;/p&gt;

&lt;p&gt;How cool is that? You add a custom agentic feature inside a game. A literal public game.&lt;/p&gt;

&lt;p&gt;So yes, it worked. But $16 for this one run hurt.&lt;/p&gt;
&lt;/blockquote&gt;
&lt;h3&gt;
  
  
  Kimi K2.6
&lt;/h3&gt;

&lt;p&gt;Kimi K2.6 did not do well on this test. It was pretty much busted.&lt;/p&gt;

&lt;p&gt;From the start, it ran into a bunch of errors. The dev server broke, tests were failing, and even after a little handholding, it only managed to fix part of the test situation.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj3viy07x6cen4f8a6lxh.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj3viy07x6cen4f8a6lxh.png" alt="Kimi K2.6 error in the build" width="800" height="193"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;It eventually got past some of those failures, but the bigger problem was the actual Composio implementation. It did not seem fully sure how to wire the integration cleanly into the existing backend.&lt;/p&gt;

&lt;p&gt;I had to stop and help again and again, but it still could not make meaningful progress with the build.&lt;/p&gt;

&lt;p&gt;After spending more than &lt;strong&gt;25 minutes&lt;/strong&gt; and burning over &lt;strong&gt;130k tokens&lt;/strong&gt;, there was still no real progress. At that point, I had to stop the run.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flpehtobp7tgmpolmyhr4.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flpehtobp7tgmpolmyhr4.png" alt="Kimi K2.6 build error" width="800" height="121"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Why on earth is it reading a &lt;code&gt;version.txt&lt;/code&gt; file?&lt;/p&gt;

&lt;p&gt;So yeah, I am calling this one a fail for Kimi K2.6.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Cost:&lt;/strong&gt; ~$5.03&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Duration:&lt;/strong&gt; ~25min&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Token Usage:&lt;/strong&gt; 135,109+&lt;/li&gt;
&lt;/ul&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Quick Verdict:&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Kimi K2.6 failed this test.&lt;/p&gt;

&lt;p&gt;It got stuck around tests, build issues, and the real Composio implementation. Even with manual help, it could not get the integration into a clean working state.&lt;/p&gt;

&lt;p&gt;For the local bounty board, Kimi was surprisingly usable. But once the task moved into real external integration, it struggled a lot more.&lt;/p&gt;
&lt;/blockquote&gt;


&lt;h2&gt;
  
  
  Final Thoughts
&lt;/h2&gt;

&lt;p&gt;Both Claude Opus 4.7 and Kimi K2.6 were pretty solid in this test, at least for the local version.&lt;/p&gt;

&lt;p&gt;The task was not that simple either. It had Lua, TypeScript, SDK docs, backend logic, game commands, and the full flow had to work end to end.&lt;/p&gt;

&lt;p&gt;Plus, the idea itself is not that common. Building an AI agent concept inside a custom game mod is not easy, and it is definitely not a one-shot thing, so props to both models.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fu9zolwkatuaoztum6991.gif" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fu9zolwkatuaoztum6991.gif" alt="Clap" width="480" height="270"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Opus 4.7 did better overall. The code was cleaner, and as usual, Anthropic models are pretty good at that.&lt;/p&gt;

&lt;p&gt;The only thing I hate with Anthropic models is the session limit.&lt;/p&gt;

&lt;p&gt;I absolutely hate how little session usage you get. Opus 4.7 especially just eats through it completely in like 3 to 5 prompts.&lt;/p&gt;

&lt;p&gt;Kimi K2.6 is an interesting model. Open models have not always been the best in my experience with real-world projects, but with every new model, my expectations rise a little.&lt;/p&gt;

&lt;p&gt;Let's see where Kimi K2.6 goes from here.&lt;/p&gt;


&lt;div class="ltag__user ltag__user__id__1127015"&gt;
    &lt;a href="/shricodev" class="ltag__user__link profile-image-link"&gt;
      &lt;div class="ltag__user__pic"&gt;
        &lt;img src="https://media2.dev.to/dynamic/image/width=150,height=150,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1127015%2F1c5e48a2-f602-4e7d-8312-3c0322d155c6.jpg" alt="shricodev image"&gt;
      &lt;/div&gt;
    &lt;/a&gt;
  &lt;div class="ltag__user__content"&gt;
    &lt;h2&gt;
&lt;a class="ltag__user__link" href="/shricodev"&gt;Shrijal Acharya&lt;/a&gt;Follow
&lt;/h2&gt;
    &lt;div class="ltag__user__summary"&gt;
      &lt;a class="ltag__user__link" href="/shricodev"&gt;SDE • GOLD @Microsoft Student Ambassador • Prev Lead Collab and Dev-Team Lead @oppiaorg • Mail for collaboration&lt;/a&gt;
    &lt;/div&gt;
  &lt;/div&gt;
&lt;/div&gt;



</description>
      <category>ai</category>
      <category>programming</category>
      <category>gamedev</category>
      <category>typescript</category>
    </item>
    <item>
      <title>Top 10 Skills to Use with Antigravity 🤖</title>
      <dc:creator>Aakash R</dc:creator>
      <pubDate>Tue, 28 Apr 2026 05:34:08 +0000</pubDate>
      <link>https://dev.to/composiodev/top-10-skills-to-use-with-antigravity-4ada</link>
      <guid>https://dev.to/composiodev/top-10-skills-to-use-with-antigravity-4ada</guid>
      <description>&lt;p&gt;I use Antigravity almost every day while building things. In the beginning, I was just running agents and connecting tools, but it still felt like I was doing a lot of work outside the flow.&lt;/p&gt;

&lt;p&gt;Then I came across agent skills. They are basically plug-and-play capabilities that let your agent connect with different tools and actually get things done. I got curious and started trying them out in my own workflow.&lt;/p&gt;

&lt;p&gt;That is when things started to click. I was not jumping between tools or writing extra logic for every step. I could use a skill and keep everything inside one flow. It made the whole setup feel much more natural and a lot less messy.&lt;/p&gt;

&lt;p&gt;So in this article, I am sharing 10 useful skills you can use with Antigravity, what they do, and where they can help in real workflows.&lt;/p&gt;

&lt;h3&gt;
  
  
  1. &lt;strong&gt;Tool Integration with Composio&lt;/strong&gt;
&lt;/h3&gt;

&lt;p&gt;The &lt;a href="https://github.com/ComposioHQ/skills" rel="noopener noreferrer"&gt;Composio skill&lt;/a&gt; is what connects your agent to external tools and services. It gives you access to 1000+ tools through a single interface, so you don't have to deal with separate APIs, auth flows, or custom integrations for each one. &lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmyy15p9oprrct2cho3j7.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmyy15p9oprrct2cho3j7.png" alt=" " width="800" height="405"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Everything shows up as simple actions your agent can call when needed. It also takes care of things like sessions, tokens, and maintaining stable connections, so you do not have to worry about the setup.&lt;/p&gt;

&lt;p&gt;In real use, your agent can find a tool, connect to it, and run actions as part of one flow. It can pull data from one place, use it, and trigger something somewhere else without extra code. You can also chain multiple steps, handle errors, and react to events, which makes it work well for real workflows.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Why it matters&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;No need to deal with OAuth or token handling for every tool&lt;/li&gt;
&lt;li&gt;You can chain actions across tools in one run&lt;/li&gt;
&lt;li&gt;Works with different frameworks, so you are not locked in&lt;/li&gt;
&lt;li&gt;Handles sessions, errors, and execution flow for you&lt;/li&gt;
&lt;li&gt;Supports triggers, so your agent can react to events&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Who is it useful for:&lt;/strong&gt; If your agent needs to talk to more than one tool, you will need this. It is useful for anyone building multi-step workflows or connecting to tools like GitHub, Slack, or other platforms where setup usually takes time.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;How to install it&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;npx skills add composiohq/skills
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  2. Web Data Extraction with Apify
&lt;/h2&gt;

&lt;p&gt;The &lt;a href="https://blog.apify.com/introducing-apify-agent-skills/" rel="noopener noreferrer"&gt;Apify skill&lt;/a&gt; lets your agent pull real, structured data from the web, not just search results. It can scrape platforms like Instagram, YouTube, Google Maps, Amazon, and more, returning clean JSON that your agent can use directly. &lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9yfrnabe89nkw3hymu8z.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9yfrnabe89nkw3hymu8z.png" alt=" " width="800" height="494"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;You can also build and run custom scrapers, so you are not limited to predefined sources. In practice, your agent can collect live data, track updates, and combine multiple sources in one flow, working with fresh information that it can actually act on.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Why it matters&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Gives your agent access to real-time web data&lt;/li&gt;
&lt;li&gt;Supports many platforms out of the box&lt;/li&gt;
&lt;li&gt;Returns structured data your agent can directly use&lt;/li&gt;
&lt;li&gt;Let's you build and run custom scrapers&lt;/li&gt;
&lt;li&gt;Helps avoid relying on outdated information&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Who is it useful for:&lt;/strong&gt; This is useful if your agent needs live external data. It works well for tracking prices, monitoring competitors, collecting leads, following trends, or building data pipelines.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;How to install it&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;npx skills add apify/agent-skills
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  3. Real-World Communication with Twilio
&lt;/h2&gt;

&lt;p&gt;&lt;a href="https://www.twilio.com/en-us" rel="noopener noreferrer"&gt;Twilio&lt;/a&gt; lets your agent send messages, make calls, and handle communication over SMS, WhatsApp, and voice. It turns your agent from just processing data into something that can actually reach people. You can use it for notifications, alerts, OTP verification, reminders, or automated voice calls.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3a1q694ksu74opsydpwj.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3a1q694ksu74opsydpwj.png" alt=" " width="800" height="358"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Your agent can trigger messages or calls as part of a workflow, like sending alerts, confirming actions, or verifying users. It supports both outbound and inbound communication, including text-to-speech, call handling, and message tracking.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Why it matters&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Let your agent interact with real users&lt;/li&gt;
&lt;li&gt;Supports SMS, WhatsApp, and voice in one place&lt;/li&gt;
&lt;li&gt;Enables OTP and verification workflows&lt;/li&gt;
&lt;li&gt;Works for alerts, notifications, and escalations&lt;/li&gt;
&lt;li&gt;Helps complete workflows without human handoff&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Who is it useful for:&lt;/strong&gt; Useful for any workflow that needs human interaction. This includes DevOps alerts, customer notifications, verification flows, support systems, and any case where your agent needs to reach someone directly.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;How to install and use it&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;npx skills add openclaw/skills-twilio
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  4. Multimodal AI with Replicate
&lt;/h2&gt;

&lt;p&gt;The &lt;a href="https://replicate.com/" rel="noopener noreferrer"&gt;Replicate skill&lt;/a&gt; gives your agent access to a wide range of AI models for things beyond text. It includes models for image generation, video, audio, speech, and more, all available through a simple API without needing to manage GPUs or setup. This means your agent can generate visuals, process audio, or work with video as part of its workflow.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg9vcq9sw2z77ovn288kv.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg9vcq9sw2z77ovn288kv.png" alt=" " width="800" height="399"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Your agent can pick the right model, run it, and use the output directly. It also supports fine-tuning and lets you work with production-ready models that scale automatically, so you can build real features without worrying about infrastructure.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Why it matters&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Adds image, video, audio, and speech capabilities to your agent&lt;/li&gt;
&lt;li&gt;No need to manage GPUs or ML infrastructure&lt;/li&gt;
&lt;li&gt;Access to a large collection of ready-to-use models&lt;/li&gt;
&lt;li&gt;Supports fine-tuning for custom use cases&lt;/li&gt;
&lt;li&gt;Scales automatically based on usage&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Who is it useful for: A&lt;/strong&gt;nyone building agents that need more than text. This includes generating images, creating videos, processing audio, or building multimodal applications without having to handle ML infrastructure.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;How to install and use it&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;npx skills add replicate/skills
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  5. Data Insights with Metabase
&lt;/h2&gt;

&lt;p&gt;The &lt;a href="https://github.com/metabase/agent-skills" rel="noopener noreferrer"&gt;Metabase skill&lt;/a&gt; connects your agent to your internal business data. It lets your agent query databases using natural language, generate and run SQL, create dashboards, and surface insights using the semantic layer your team has already set up. &lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3u9lctoxfz9dbu3aen6l.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3u9lctoxfz9dbu3aen6l.png" alt=" " width="800" height="472"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;This means your agent is not just working with external data; it is working with the data that actually matters to your business.&lt;/p&gt;

&lt;p&gt;Your agent can explore data, detect patterns, create visualizations, and even manage dashboards. It can turn plain questions into queries, refine results, and keep everything within your existing data permissions and structure.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Why it matters&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Gives access to internal business data, not just public data&lt;/li&gt;
&lt;li&gt;Converts natural language into SQL queries&lt;/li&gt;
&lt;li&gt;Helps generate insights and dashboards automatically&lt;/li&gt;
&lt;li&gt;Works within your existing data governance setup&lt;/li&gt;
&lt;li&gt;Reduces the need for manual data analysis&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Who is it useful for:&lt;/strong&gt; Useful for teams that rely on internal data, like operations, finance, product, and analytics. It is also helpful for developers building agents that need to monitor systems or generate insights from structured data.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;How to install it&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;npx skills add metabase/agent-skills
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  6. Infrastructure and Edge Control with Cloudflare
&lt;/h2&gt;

&lt;p&gt;The &lt;a href="https://github.com/cloudflare/skills" rel="noopener noreferrer"&gt;Cloudflare skill&lt;/a&gt; gives your agent access to Cloudflare’s full developer and infrastructure stack. It covers topics such as Workers, storage, networking, security, and AI tools, and helps your agent choose the right service for the task. Instead of relying on static docs, the agent receives up-to-date guidance and patterns for building or managing systems.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb5b2i6w8b69o5q7i6p1z.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb5b2i6w8b69o5q7i6p1z.png" alt=" " width="800" height="382"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Your agent can work with deployments, manage infrastructure, apply security rules, and build or update edge services. It can also generate production-ready setups using Cloudflare tools and follow best practices without you needing to look everything up manually.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Why it matters&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Covers a wide range of infrastructure and edge services&lt;/li&gt;
&lt;li&gt;Helps choose the right tools based on use case&lt;/li&gt;
&lt;li&gt;Uses up-to-date documentation and patterns&lt;/li&gt;
&lt;li&gt;Supports building and deploying directly on Cloudflare&lt;/li&gt;
&lt;li&gt;Useful for both development and security workflows&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Who it is useful for:&lt;/strong&gt; Useful for developers and teams working with deployment, infrastructure, or edge computing. It is especially helpful for platform engineers, security workflows, and anyone building or managing apps on Cloudflare.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;How to install and use it&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;npx skills add cloudflare/skills
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  7. Programmatic Video Creation with Remotion
&lt;/h2&gt;

&lt;p&gt;The &lt;a href="https://www.remotion.dev/" rel="noopener noreferrer"&gt;Remotion skill&lt;/a&gt; lets your agent create videos using code. It is built around the Remotion framework, where videos are defined using React components, animations, and data. This means your agent can describe a video and generate it without using a traditional editor. &lt;/p&gt;

&lt;p&gt;It covers things like animations, captions, charts, media handling, and timing, so everything needed to build a video is handled through code.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9e19msop7olhp15xkdt3.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9e19msop7olhp15xkdt3.png" alt=" " width="800" height="348"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Your agent can generate videos from data, text, or events, and control every part of the output. Since everything is code, the videos are repeatable, editable, and easy to update. It also supports advanced features like animations, audio sync, and visual effects, making it useful for more than just simple clips.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Why it matters&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Turns data and text into videos automatically&lt;/li&gt;
&lt;li&gt;No need for manual editing or design tools&lt;/li&gt;
&lt;li&gt;Supports animations, charts, captions, and effects&lt;/li&gt;
&lt;li&gt;Videos are version-controlled and repeatable&lt;/li&gt;
&lt;li&gt;Useful for automated and scalable content creation&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Who is it useful for:&lt;/strong&gt; Useful for teams that need to generate videos as part of workflows. This includes marketing content, data reports, product updates, or any case where a video output is more useful than text or static files.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;How to install it&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;npx skills add remotion-dev/skills
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  8. API Testing and Validation with Postman
&lt;/h2&gt;

&lt;p&gt;The &lt;a href="https://learning.postman.com/docs/agent-mode/skills" rel="noopener noreferrer"&gt;Postman skill&lt;/a&gt; gives your agent a way to test and validate APIs before using them in a workflow. It acts as a pre-check layer, ensuring endpoints are working, responses are correct, and nothing breaks mid-run. It can also generate tests, update collections, and work with various APIs, including REST, GraphQL, and more.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkv6g5xmwdts7ncip8ljm.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkv6g5xmwdts7ncip8ljm.png" alt=" " width="800" height="418"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Your agent can check APIs, catch issues early, and even automatically create or update test cases. This helps avoid failures during execution and keeps workflows stable when dealing with multiple external services.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Why it matters&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Prevents workflows from failing due to broken APIs&lt;/li&gt;
&lt;li&gt;Automatically generates and runs API tests&lt;/li&gt;
&lt;li&gt;Supports multiple API types in one place&lt;/li&gt;
&lt;li&gt;Helps maintain reliability across workflows&lt;/li&gt;
&lt;li&gt;Reduces manual testing effort&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Who is it useful for:&lt;/strong&gt; Useful for any agent that depends on APIs. It is especially important for multi-step workflows, platform engineering, QA automation, and systems where reliability is critical.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;How to install it&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;npx skills add postman/agent-skills
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  9. Backend and Database Workflows with Supabase
&lt;/h2&gt;

&lt;p&gt;The &lt;a href="https://supabase.com/docs/guides/getting-started/ai-skills" rel="noopener noreferrer"&gt;Supabase skill&lt;/a&gt; provides access to backend capabilities like databases, authentication, storage, realtime updates, and edge functions. It also includes strong Postgres best practices, helping with query optimization, performance tuning, and handling common issues around auth, sessions, and permissions.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3l2egzn2nyhwd8a1ias6.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3l2egzn2nyhwd8a1ias6.png" alt=" " width="800" height="427"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;It can be used to create and manage databases, run queries, handle user authentication, and build backend logic as part of a workflow. It also guides how to write efficient SQL, avoid performance bottlenecks, and follow patterns that are suitable for production use.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Why it matters&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Full backend capabilities in one place&lt;/li&gt;
&lt;li&gt;Helps generate optimized and secure SQL&lt;/li&gt;
&lt;li&gt;Covers auth, storage, realtime, and edge functions&lt;/li&gt;
&lt;li&gt;Includes production-ready patterns&lt;/li&gt;
&lt;li&gt;Reduces common database mistakes&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Who it is useful for:&lt;/strong&gt; Useful for developers building full-stack or backend-heavy workflows, especially when working with databases, authentication, or Postgres in production.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;How to install and use it&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;npx skills add supabase/agent-skills
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  10. Payments and Billing with Stripe
&lt;/h2&gt;

&lt;p&gt;The &lt;a href="https://github.com/stripe/ai/blob/main/skills/stripe-best-practices/SKILL.md" rel="noopener noreferrer"&gt;Stripe skill&lt;/a&gt; helps handle payments, subscriptions, and billing workflows with the right APIs and patterns. It guides how to use modern Stripe features like Checkout Sessions, Payment Intents, and webhooks, while avoiding outdated methods. It also supports working with events, customer data, and payment states in a structured way.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqd21kv8kj3y92lwukwy6.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqd21kv8kj3y92lwukwy6.png" alt=" " width="800" height="385"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Why it matters&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Helps build reliable payment and billing workflows&lt;/li&gt;
&lt;li&gt;Uses up-to-date Stripe APIs and patterns&lt;/li&gt;
&lt;li&gt;Supports subscriptions, checkout, and webhooks&lt;/li&gt;
&lt;li&gt;Reduces errors in payment handling&lt;/li&gt;
&lt;li&gt;Works for both one-time and recurring payments&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Who it is useful for:&lt;/strong&gt; Useful for developers building products that involve payments, subscriptions, or billing. This includes SaaS platforms, e-commerce systems, and any workflow that needs to handle transactions or customer billing.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;How to install and use it&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;npx skills add stripe/ai--skill stripe-best-practices
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  Conclusion
&lt;/h2&gt;

&lt;p&gt;Once you start using skills like these, Antigravity stops feeling like just another tool and starts feeling like a system that can actually get things done end to end. Each skill handles a specific part of the workflow, but together they cover everything from data and infrastructure to communication, content, and payments.&lt;/p&gt;

&lt;p&gt;You do not need all of them at once. The real value comes from picking the ones that match your workflow and slowly building around them. Over time, you end up with flows that are cleaner, more reliable, and require less manual effort.&lt;/p&gt;

&lt;p&gt;If you are already using Antigravity, trying out even a couple of these skills can change how you approach building. It is less about wiring things together and more about letting the system handle the heavy lifting.&lt;/p&gt;

</description>
      <category>ai</category>
      <category>productivity</category>
      <category>programming</category>
      <category>performance</category>
    </item>
  </channel>
</rss>
