I write about Next.js + TypeScript + AI engineering, with a focus on making sites discoverable to LLMs and AI search. Long-form notes at mudassirkhan.me
the 'AI requests are expensive' section is the part teams discover too late. gateway level rate limiting helps, but the real footgun with MCP agents is per user token isolation. if 20 users share the same gateway auth context, one runaway agent burns the whole quota.
we hit this building a Next.js MCP server — per user OAuth had to live one layer closer to the model, not just at the gateway edge. rate limiting the wrong identity unit is almost as bad as no rate limiting.
are any of these gateways starting to support per user OAuth flows natively for MCP, or is that still custom middleware?
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
the 'AI requests are expensive' section is the part teams discover too late. gateway level rate limiting helps, but the real footgun with MCP agents is per user token isolation. if 20 users share the same gateway auth context, one runaway agent burns the whole quota.
we hit this building a Next.js MCP server — per user OAuth had to live one layer closer to the model, not just at the gateway edge. rate limiting the wrong identity unit is almost as bad as no rate limiting.
are any of these gateways starting to support per user OAuth flows natively for MCP, or is that still custom middleware?