Wow, that really means a lot coming from you! I’ve come across SimplePDF quite a few times while researching! Super impressed by what you’ve built. Thanks for the kind words, fellow PDF’er
> Further, one of the issues with remote servers is tenancy
Excellent write-up and understanding of the current state of MCP
I’ve been waiting for someone to point it out. This is in my opinion the biggest limitation of the current spec.
What is needed is a tool invocation context that is provided at tool invocation time.
Such tool invocation context allows passing information that would allow authorizing, authentication but also tracing the original “requester”: think of it as “tool invoked on behalf of user identity”
This of course implies an upstream authnz that feeds these details and more.
If you’re interested in this topic, my email is in my bio: I’m of the architect of our multi-tenant tool calling implementation that we’ve been running in production for the past year with enterprise customers where authnz and auditability are key requirements.
The way we've solved this in our MCP gateway (OSS) is that the user first needs to authenticate against our gateway, e.g. by creating a valid JWT with their identity provider, which will be validated using JWKS. Now when they use a tool, they must send their JWT, so the LLM always acts in their behalf. This supports multiple tenants out of the box. (https://wundergraph.com/mcp-gateway)
I mean, converting a tool-less LLM into a tool-using LLM is a few hundred lines of code, and then you can plug all your tools, with whichever context you want.
My point is about the need for a spec of this mechanism: without a spec, every company / org will roll out their own and result in 500 flavors of the same concept.
That’s where MCP shines: tool calling and tool discovery is already 1.5 years old (an eternity in ai land).
The MCP spec ensures that we can all focus on solving problems with tool calling rather than wasting time in cobbling together services that re not interoperable (because developed without a common spec / standard)
We're building an enterprise platform to develop, deploy, and run AI agents at scale — from local dev to production. Founded by ex-Hortonworks, Docker, and Cloudera folks, Sema4.ai is a well-funded startup with deep infra and OSS roots.
We're looking for a fullstack engineer to join our platform team. You'll help shape the core infrastructure that powers agent-based workflows for enterprises.
Technologies we use include:
- K8s, Helm, OTel
- Node.js, React
- AWS
- Snowflake SPCS
What we're looking for:
- Strong builder mindset — pragmatic, self-driven
- Comfortable in startup environments
- Clear communicator in distributed teams
- Bonus: experience with observability / infra / developer platforms
If you're interested, reach out to ben@sema4.ai with a short intro and (ideally) your GitHub or past projects.
I don’t want to sit in a taxi that’s remote controlled by someone who has low stakes (their body not in the way of harm). There will be a number of accidents attached to the self driving mechanism, so I can make an informed decision, but there won’t be such a number for the person taking over remotely.
Really? You're surprised that I don't want to get in a vehicle driven by Greg in Florida while he's scratching his nuts? ... Or Javinder in India while he's got a side eye on how his cricket bet is going?
Count me out. This is a laughable version of the promised vision.
You'd think that if they can't get a reliable self driving car given how much training data they must currently have, perhaps they need to try a different strategy.
Yes I learned that too a while ago. If you say anything slightly positive about Tesla, you'll be downvoted into oblivion. I can't wait for the day for this US/Western tribalism to cool down and we can have substantive discussions again.
Out of curiosity (and self interest [1]), what is your use case for digital signing and verification?
My understanding is that it’s more about trust (Docusign being the leader) than anything else: one can provide certificate signing and verification, but the trust in the owner of the certificate is the crux of the matter
We’re currently planning on integrating with many oauth-based apps where our end goal is to provide always valid access tokens to end customers (developers), abstracting away the complex refresh mechanism that we take care of.
Is it something we could do with Nando?
The simplified flow looks as follows:
1. Customer logins via oauth in a dedicated portal
2. We have a way to retrieve the access token at any time from Nando via an API
3. We handover that access token to our user for their own calls to the oauth-authenticated APIs
From another fellow « pdf’er »