DEV Community: Tony Lewis

The Part of My AI Stack That Isn't AI: Human Workers via MCP

Tony Lewis — Fri, 03 Apr 2026 15:14:41 +0000

Everyone talks about MCP as the protocol for connecting AI to APIs. Stripe, HubSpot, Postgres, Gmail — plug in a server, get tools, let the AI call them.

But here's what nobody's writing about: MCP works just as well for dispatching tasks to humans.

I've been running a system where my AI orchestrates microtask workers — real people — through the same MCP tool interface it uses to call any other API. The AI creates campaigns, assigns tasks, monitors submissions, validates results, rates workers, and stores outputs. All through standard MCP tool calls. No custom integration. No separate dashboard. The human workforce is just another tool in the AI's toolkit.

The setup

Microtask platforms (Microworkers, Amazon Mechanical Turk, Toloka) have REST APIs. You can create tasks, assign them to workers, pull results, and rate quality programmatically. Building one of these as an MCP tool bundle takes the same effort as building tools for any other SaaS API.

Once you do, your AI gets tools like:

Create campaign — define a task, set price per completion, specify how many workers you need
List submissions — pull all worker responses for a campaign
Rate submission — mark work as accepted or rejected, with feedback
Get account balance — monitor spend

From the AI's perspective, these are identical to any other MCP tools. It calls them the same way it calls a Stripe API or a database query. The difference is that on the other end, a human does the work.

Why this matters

There's a category of tasks that AI handles badly and humans handle trivially. Signing up for a website. Navigating a UI that has no API. Confirming whether a physical location exists. Reading a CAPTCHA. Verifying that a phone number connects to a real business.

The conventional approach is to either skip these tasks or build brittle browser automation. Both are wrong. The correct abstraction is: route each task to whoever does it best.

Sometimes that's GPT-4. Sometimes that's a Python script. Sometimes that's a person in Nairobi who can complete the task in 90 seconds for $0.30.

MCP doesn't care which. The tool returns a result. The AI consumes it and continues.

What I learned running 300+ human tasks through MCP

Speed surprised me

Workers claim tasks within minutes of posting, not hours. The microtask workforce is global and online around the clock. I post a batch of 50 tasks at 3am my time and have results by breakfast.

Price per task is absurdly low for the right work

Simple tasks (visit a website, find a specific piece of information, paste it back) run $0.20–$0.40 each. More complex tasks (create an account, navigate multi-step flows, take screenshots as proof) run $0.40–$0.60. At these prices, redundancy is cheap — assign three workers to the same task and cross-validate their answers.

Worker quality varies wildly, and that's fine

Some workers are meticulous. Some paste garbage. The key insight is that quality control is a data problem, not a people problem. Track worker IDs across tasks. Build a quality score. Workers who consistently deliver good results get routed more work. Workers who submit garbage get excluded.

After a few hundred tasks, I had a clear tier list:

Tier	Workers	Behavior
Hire	~50	Consistently accurate, follows instructions
Neutral	~200	Variable quality, acceptable for simple tasks
Exclude	4	Submitted fake data, duplicated others' work

The exclude list is tiny. Most people do honest work when the task is clear and the pay is fair.

Per-task instructions are everything

My first campaign used generic instructions. Results were noisy — 30% of workers completed the wrong variant of the task because they picked whichever looked easiest. When I switched to unique, specific instructions per task (each worker gets exactly one assignment with step-by-step directions), accuracy jumped dramatically.

The AI generates these per-task instructions. It knows what each task requires, formats the instructions with the right URLs and field names, and submits them as template variables in the campaign creation call. The human gets a clear, unambiguous task. The AI gets a structured result back.

Escape hatches prevent wasted money

Not every task is completable. Sometimes the website requires a credit card. Sometimes the information doesn't exist. Workers need a clean way to say "I can't do this" without getting penalized.

I added explicit escape hatch options to every task: "REQUIRES_CC" and "NOT_AVAILABLE." Workers who correctly identify impossible tasks get rated the same as workers who complete possible ones. This sounds small but it changed the economics — I stopped paying workers to waste time on dead ends, and I stopped rejecting honest workers for reporting real blockers.

The AI handles the whole lifecycle

Here's what a typical batch looks like from the AI's perspective:

Select tasks — query a database for items that need human work
Generate instructions — create per-task directions from templates
Create campaign — call the microtask platform's API via MCP, submit all tasks
Wait — sleep, check back periodically (also an MCP tool)
Pull results — list all submissions, parse structured answers
Validate — test each result against a known-good source (API call, database lookup, HTTP request)
Rate workers — accept valid submissions, reject garbage
Store results — persist validated data
Update state — mark items as complete in the database

Every step is an MCP tool call. The AI doesn't need a human operator to run this loop. It dispatches to humans, validates their work, manages quality, and continues autonomously.

The cost math

Over 300+ tasks across multiple campaigns:

Metric	Value
Total spend	~$90
Average cost per task	$0.30
Tasks completed successfully	~75%
Tasks returned via escape hatch	~20%
Garbage submissions	~5%
Unique workers used	~250
Workers excluded for quality	4

$90 for 300 tasks that would have taken me days to do manually, or would have required building and maintaining fragile browser automation that breaks every time a website updates its UI.

The MCP tool definitions are identical to any other integration — same auth, same structured inputs and outputs, same orchestration. The only difference is that the "compute" on the other end is a human brain instead of a server.

What tasks in your pipeline should probably be done by a human instead of an AI? I'd genuinely like to know — drop a comment with your use case.

One Company Found 1,600 AI Tools Running Without Approval. Stanford Says This Is Normal.

Tony Lewis — Fri, 03 Apr 2026 15:14:39 +0000

Your company probably has a shadow AI problem right now. You just don't know how big it is.

Stanford\'s Digital Economy Lab just published The Enterprise AI Playbook — 116 pages of research covering 51 successful AI deployments across 41 organizations. The team is led by Erik Brynjolfsson, one of the most-cited economists on technology. They interviewed executives and project leads who actually deployed AI at scale.

One finding hit differently from the rest.

1,600 tools. One company.

A semiconductor manufacturer ran a security audit and discovered employees were using 1,500 to 1,600 different AI tools across the organization. Not 15. Not 150. Over a thousand.

"When I did the security analysis, we found the company staff are using 1,500 or 1,600 different AI tools. So our objective was building working internal platforms before we go and say you cannot use non-approved tools."
— Executive, Semiconductor Manufacturer

And this wasn\'t a rogue engineering team. Leadership had told people to "use AI" — but provided no approved platform to use. Enthusiasm outpaced governance.

The numbers are worse than you think

The Stanford study cites industry data that\'s hard to ignore:

70-80% of employees who use AI at work rely on tools not approved by their employer
Only 22% use exclusively company-provided tools (IBM/Censuswide, 2025)
57% admit to entering sensitive company information into unauthorized AI platforms
AI-associated data breaches cost organizations an average of $4.88M per incident — the highest of any breach category (IBM Cost of Data Breach Report)

Shadow AI was explicitly mentioned in 15% of the case studies. The researchers found two distinct patterns:

Pattern A: Enthusiasm outpaces governance. The semiconductor company above. Leadership says "use AI," provides no sanctioned tooling, and people find their own.

Pattern B: Desperation beats bureaucracy. In healthcare, physicians adopted ambient transcription tools without formal approval because hospital procurement processes took too long. Doctors were burned out, the technology existed, and the formal process was measured in quarters while their pain was measured in hours.

"A lot of these doctors have been adopting these technologies without approval or a formal vendor selection process."
— Executive, Healthcare AI Company

Shadow AI is a symptom, not the disease

This is the insight that most security teams miss. The Stanford researchers are explicit:

Shadow AI is a symptom that policy moves slower than technology, and it needs to be expected but accounted for.

Blocking access doesn\'t work. People route around restrictions when the pain is acute enough. The organizations that solved this didn\'t solve it with stricter policies. They solved it by building internal platforms fast enough that shadow tools became unnecessary.

The report draws a sharp line:

When security investment makes sense: When it enables use cases that would otherwise be impossible — handling customer financial data, processing healthcare records, managing confidential M&A documents.
When security investment is wasteful: When formal processes are too slow and shadow AI fills the gap, creating exactly the security risks the process was designed to prevent.

That second point is worth sitting with. The security process designed to prevent data leaks causes data leaks by pushing people to unvetted tools.

This maps to what I see building developer tools

I build an MCP platform that connects AI assistants to real services — Stripe, HubSpot, Postgres, Shopify, and about 130 others. The pattern repeats constantly: a developer wants AI to access their company\'s CRM, IT hasn\'t approved anything, so they paste customer data into ChatGPT. The data lands in OpenAI\'s systems with no audit trail. The fix is providing a governed channel — proper auth, scoped permissions, audit logging — so they never need to copy-paste.

What actually works (from the 51 that succeeded)

Every successful deployment in the Stanford study used an iterative approach. 100%. No waterfall. Start small, learn, expand. Two-thirds had significant failed attempts before their current success.

The ones that moved fastest shared three accelerators:

Accelerator	Prevalence	What it means
Executive sponsorship	43%	Not just approval — active championing
Building on existing infrastructure	32%	Don\'t start from zero
End-user willingness	25%	People who wanted it to work

For security specifically, the report found that the upfront investment is real but front-loaded. Once the infrastructure exists — data scrubbing pipelines, cloud provider contracts, compliant archival systems — each new AI use case builds on that foundation instead of starting from scratch.

MIT\'s NANDA initiative reinforces this: 95% of generative AI pilot programs fail to produce measurable financial impact, and the failures come from poor workflow integration — not model quality. Every stalled pilot creates demand pressure that feeds shadow AI adoption.

The question for your team

If you ran a security audit of AI tools in your organization right now, what number would you find?

Not the tools IT approved. The tools people are actually using. The Chrome extensions. The API calls to Claude from personal accounts. The screenshots pasted into ChatGPT. The VS Code extensions that send code to who-knows-where.

The Stanford researchers\' conclusion applies here:

"The window for experimentation is closing. The question is no longer whether AI will deliver value. It is whether organizations can evolve fast enough to capture it."

Shadow AI is what happens when organizations can\'t evolve fast enough. The tools exist. The demand exists. The only question is whether access happens through governed channels or ungoverned ones.

Data and quotes from The Enterprise AI Playbook by Elisa Pereira, Alvin Wang Graylin, and Erik Brynjolfsson, Stanford Digital Economy Lab, April 2026. 51 case studies, 41 organizations, 7 countries.

Give Your AI Full Access to Your Obsidian Vault — 35 MCP Tools

Tony Lewis — Fri, 27 Mar 2026 19:48:35 +0000

Your Obsidian vault is your second brain. Years of notes, project plans, daily journals, meeting records, research — all connected with wikilinks and tags in a carefully organized folder of Markdown files.

But your AI can't see any of it. You copy-paste snippets into ChatGPT. You describe your note structure to Claude. You manually relay information between your knowledge base and your AI.

That ends now. MCPBundles provides an Obsidian MCP bundle — 35 tools that give your AI full read/write access to your vault through the Model Context Protocol. It's a standard MCP server — the tools show up natively in whatever AI you already use. Claude Desktop, ChatGPT, Cursor, Windsurf, the mcpbundles CLI, or any MCP-compatible client.

35 tools. Your AI becomes an Obsidian power user.

The Obsidian MCP bundle gives your AI the same access to your vault that you have — and then some. It reads notes and gets back structured data — parsed frontmatter, tags, file stats — not just raw text. It browses your folder hierarchy. It searches across every note in your vault with relevance scoring, regex patterns, frontmatter queries, and date ranges.

It writes. Not just "dump a whole file" writing. Your AI can create notes with full frontmatter, append entries to existing notes, and — this is the part that matters — surgically edit specific sections of a document without touching anything else.

It sees your images. It analyzes your graph structure. It finds orphaned notes and broken links. It lists every task across your entire vault.

Surgical edits change everything

Most integrations that touch files do the same thing: read the whole file, modify it in memory, overwrite the whole file. Fine for code. Terrible for a living document with dozens of sections, tasks, and metadata fields that you don't want an AI to accidentally mangle.

The Obsidian PATCH operation works differently. Your AI targets a specific heading, block reference, or frontmatter field and inserts, replaces, or appends content just there.

Say you've got a project plan with milestones, discussion notes, and action items. You tell your AI to add two items to the milestones section. It reads the document map (a lightweight call that returns all headings, block refs, and frontmatter fields), finds the right heading, and appends only to that section. Your discussion notes and action items stay exactly as they were.

The same precision works for frontmatter. Your AI can flip status: draft to status: shipped on a single field without rewriting the YAML block. It can add a new reviewer: Tony field that didn't exist before. It can target nested heading paths like "Launch Plan::Key Milestones" to reach the right section in a deeply structured document.

This is the difference between an AI that can edit text files and an AI that understands Obsidian's document structure.

Daily notes are the fast path

The most common Obsidian workflow is appending to today's daily note. A quick thought, a task, a meeting summary — you open today's note and add a line.

Your AI does the same thing in one call. No need to figure out today's date, construct the filename, check if the file exists. Just "append this to my daily note." It handles the rest, including creating the note if it doesn't exist yet.

This turns your AI into a persistent journal. Every conversation can leave a trace in your vault. Meeting summaries go into the daily note. Research findings get filed in project notes. Action items land where they belong.

Your AI can see your images

When your AI reads an image from your vault, it doesn't get a file path or a base64 blob dumped into a text response. It gets the actual image as an MCP ImageContent block — the same way a screenshot tool returns visual content.

That means any AI model with vision — Claude, GPT-4o, Gemini — actually sees the image. Your AI can describe a diagram, read handwritten notes from a photo, interpret a screenshot, or analyze a chart. All from files already sitting in your vault.

PNG, JPEG, GIF, WebP, BMP, and SVG are all supported. The image flows through the same proxy tunnel as everything else — nothing gets stored on MCPBundles servers.

Graph analysis and vault maintenance

Obsidian's power comes from connections between notes. Wikilinks turn a folder of Markdown files into a knowledge graph. But maintaining that graph — finding orphans, fixing broken links, understanding relationships — is manual work.

Your AI traverses your link graph. Graph neighbors does a breadth-first search from any note, finding every connected note within a configurable depth. Direction matters: outgoing links, incoming backlinks, or both.

Orphan detection scans every note in your vault and identifies the ones with zero incoming wikilinks — notes that nothing else links to. These are the ones you forgot about, the stubs you never connected, the ideas that fell through the cracks.

Broken link detection scans every wikilink in every note and checks whether the target actually exists. That reference to [[Old Project Name]] you renamed three months ago? Found.

Task management across your entire vault

Obsidian is great for tasks — the checkbox syntax (- [ ] do the thing) works in any note. But there's no built-in way to see tasks across your entire vault. Your AI can.

The task listing tool scans every note, extracts every checkbox, and returns them with their source file and line number. Filter by status (open, completed, all), by folder, by tag, or by keyword. Ask your AI "what are my open tasks tagged with Q2?" and get an answer without installing any plugins.

How the proxy tunnel works

Obsidian runs on your desktop. AI services run in the cloud. The MCPBundles desktop proxy bridges them with an encrypted tunnel.

AI → MCPBundles → Proxy Tunnel → Your Desktop → Obsidian (localhost:27124)

Your vault data flows through the tunnel in real time. Nothing gets stored on MCPBundles servers. The proxy handles Obsidian's self-signed TLS certificate automatically.

Works with the AI you already use

MCPBundles is a remote MCP server. You connect it once and the Obsidian tools appear in your AI's tool list — alongside any other bundles you've enabled.

Claude Desktop, ChatGPT, Cursor, Windsurf — add the MCPBundles MCP server URL and the tools are there.

mcpbundles CLI — for terminal workflows, scripting, and automation. pip install mcpbundles and you're set.

Any MCP-compatible client — if it speaks MCP, it works. The tools are standard MCP tools with proper schemas, annotations, and content types.

Five minutes to set up

1. Install the Obsidian plugin

Install the Local REST API community plugin in Obsidian (by Adam Coddington). Enable it and copy the API key from the plugin settings.

2. Start the proxy

pip install mcpbundles
mcpbundles login
mcpbundles proxy start

3. Enable the bundle

Go to MCPBundles, enable the Obsidian bundle, and paste your API key. The 35 tools are now available to every AI client connected to your MCPBundles server.

What this looks like in practice

You're prepping for a team meeting. You tell your AI: "Create meeting notes for the Q2 planning sync with attendees Tony and Sarah, agenda: hiring, roadmap, budget." A fully structured note appears in your vault with frontmatter, sections, and wikilinks to related project notes.

After the meeting, you tell your AI to append the action items. It doesn't overwrite your agenda — it surgically appends to the action items section.

Later, you ask your AI to search your vault for everything related to "database migration." It finds four notes across different projects, reads them, and creates a consolidated summary note linking back to the originals.

You photographed a whiteboard and dropped the image into your vault. Your AI sees the photo, reads the sticky notes, and creates structured tasks in a new project note.

Your vault has grown to 500 notes. You ask your AI to run a health check. It finds 23 orphaned notes, 7 broken wikilinks, and 45 open tasks scattered across 12 files. It creates a maintenance summary with links to every issue.

None of this requires you to leave your AI chat.

Get started

pip install mcpbundles
mcpbundles login
mcpbundles proxy start

Enable the Obsidian bundle, add your API key, and start talking to your vault.

MCPBundles is a hosted platform for connecting AI agents to real third-party services via the Model Context Protocol. 60+ bundles, 1900+ tools — Stripe, HubSpot, Postgres, Gmail, Obsidian, and more. Get started free.