- - Hi, I'm Lizzy. I'm a developer advocate at CloudFlare. - And I'm Nick. I'm a developer experience engineer at WorkOS. - Yes, so at CloudFlare, I make a lot of AI demos, AI MCP servers, anyone here also making any of those? Agents? Nice, of course, should've guessed, 'cause conference.

So I've been having fun making agents and MCP servers that act on behalf of me. I built an agent to auto vote in the NBA finals for me, and then I got blocked, eventually. Anyways, I booked tennis courts in San Francisco, 'cause Lord knows that is hard enough to do already.

So I think that's a great agent use case. Agent that acts for me, automates some of the tedious parts of my life, things that I want to do. However, that does beg the question, how do you control what they're allowed to do? - Yeah, and we're moving so fast with all of this and having fun getting it to do things.

You know, GitHub MCP is one of my favorites, because I can just get it going and have it read reviews for me, read diffs for me, and just help me manage GitHub, which is really awesome, but it's very developer-centric, obviously, it's GitHub, but MCPs in general, like, you have to go and edit this JSON file and do that, and it's really tough to, like, I have to give it a pat, and, you know, that's an advanced use case for non-developers.

And so we really need a way to let these tools act on our behalf, but in a more traditional way that's easy for end users to be able to set that up. And so, yeah, that's what we do at WorkOS. We do, like, authorization and user management, and, like, the main point of this talk is to really help drive the idea that we need, like, the same kind of credentials and authorization that we do with user-facing projects.

We need the agents to do that as well as a start, and then we have a lot of places that we can go with this as we get more fine-grained. But really, the point is that OAuth really just isn't for humans anymore. It's for our agents acting on our behalf.

And you know what else agents need? Memory, persistent storage. Anyone here use Cloudflare? You think you know what Cloudflare does? No. I'm here to tell you that you do not. People are like, oh, you do security, CDN, DDoS protection, bot management. We do so much more. We have compute Cloudflare workers.

We can host your code on the edge. We host AI models you can run imprints on. Vectorize, we have a vector database, a SQL database. Durable objects, which is what we use in our agent's framework to maintain memory. Very important. And video streaming, image optimization, so much more. If you use Cloudflare workers, we have bindings.

Bindings let you interact from your web app, from your website, from your agent as well. Because our agents and MCB servers are kind of similar in that you can use bindings to interact with other Cloudflare products. And also just like, of course, you can use other companies' products as well.

And of course, now we have a free tier. Durable objects used to not be free. Now you can use it. And I know startups who use Cloudflare who do not pay us. And they make money. Yeah, I digress. But yeah, all of these pieces, they really help to-- they just bent naturally into building these agents.

Because they'll deliver the code to where you're at. And you can use the durable objects to store persistence on them. And you can also use things like authorization to make sure-- and there's a whole OAuth framework with Cloudflare's agents framework that lets you set up that authorization so that you can easily know who the worker is-- or the agent is acting on behalf of.

Yeah. So-- And this agenda will be made available at the end in the GitHub repo. It's a markdown file. So we did build an MCP server using Cloudflare and using WorkOS. And it's just a very basic one. You'll be able to check it out. And you can use it and run it today, which is really awesome.

And we're just going to deploy it real quick. So I'll just do npm run deploy, which will run Wrangler to deploy that. And as soon as it's out there, we'll be able to see it in my compute here. Oops, I was just there. That's the Cloudflare dashboard. And it's also very easily to run locally as well, with like npm run or Wrangler run, something similar.

So a few seconds ago, we've got it deployed. And going back to the terminal, it gave me a URL here. And so I can just copy my worker's URL. And I'm going to go over to my client, Claude. And I'm just going to hit this button and say Add Integration.

And it's going to pop up. I'll make this big. And I can go Add Integration. And I'll just say, I want to add mcp.shop. Ho, ho, ho, what could it be? Naming things is hard. I'm just tacking on it, slash mcp onto there. And now I've got mcp.shop. And I'm going to connect.

And so once I connect, this is pulling up and allowing me to tell the agent who to act on behalf of-- me, in this case. So I'm going to sign in with GitHub. It's going to do its thing. And then Claude is refreshed. And now it can act on behalf of me.

And can we see the tools? Yeah. So what should we ask? Let's order a shirt. Let's order a shirt. I love shirts. Yo, I hear I can get a shirt. Get a shirt from you. Live demos in an LLM. Wi-Fi don't fail us. So it's running. And it recognized that it has tools available now from mcp.shop.

So it's going to list the inventory. We'll go ahead and let it run. Yeah, there's an MCP shirt. You can get it for free. And you can pick your size. And then all it needs is just your company name and your mailing address. And so I'll say, give me-- I'll say, XL and 123 Main Street.

Bellevue, Nebraska. There's a Bellevue, Nebraska. And we'll do that. Oh, it needs my company name. That's so LinkedIn. Duh. Might be my company name is WorkOS Duh now. So we'll let that run. I'm not sure thinking about it. It's confirmed it. Done. And there's my order number. It's going to be sent to that address.

And I'm going to say, ooh, what is the order info? So I can see what-- is my name or my company name WorkOS Duh? I kind of hope it is. Human in the loop. Need to confirm. No, I got it. Ah. Right. That was totally me, not Claude. So yeah, I was able to order a shirt.

And you can as well. But that's just a piece of it. So when we ran this, it's going into-- close that. If we go into my Cloudflare platform here and go to storage, KV, I've got an orders here. This is key value storage. Yep. And there is the data from the order.

So now I've got that saved off. I can use that. And it was all through that interface. So we really just gave Claude the tools that it needed. And it was able to act on my behalf. And I can go back in and I can say, can you tell me what you know about me?

So we've got to get user info. And this is really just going to give me mostly the Jot information. What's on my JWT that Claude now knows about me. So it knows my name. It knows my email address. In my Jot, I have my favorite song in there, "Careless Whisperer." Now I will give you a rendition.

And so from there, it also knows that I have admin permissions. So I have SHA admin access because that's in my roles and permissions. The other cool thing that you can do with the CloudFuller piece of it, and because your MCP server is a durable object, you can also store data directly on that that's located on that.

You want to explain that? So durable objects, tough name. If you search Twitter, people tweet about how they're like, "This is a bad name. Change the name." But very fast storage. You can spin them up per user. They're close to the user as well for faster retrieval and storage.

So what I did is I just asked it to change the demo mode to band. And that ran a tool in the MCP server itself that is just going in, and on the context that's associated with this worker object, it's just changing the mode to band. And so now I've got that, and now I can say, "I want another shirt, please." And it's going to try and run it.

I'll just always allow that now. And it was able to check that, and it said, "Absolutely not. Go away." Wave. And so we can mix what it knows about me with what it has stored about me on the durable object, and that's unique for every user of it. And then I can do things like change it again.

So if I say, "Pretty please," it might have a "pretty please" tool available. If you want to build your own MCP servers on cloud players, it's going to let me. And I just ordered another shirt. If you want to build your own MCP servers on cloud player, you can click to deploy your own with no authorization, so it's authless.

authless. So probably don't do that, but it is very quick to do so. You click, "Click to deploy," it generates a GitHub repo for you, you get clone that, and then you edit your own tools. you get clone that, and they give you some tools to begin with, so it's very fast.

But again, that is authless. do, do, do, auth. And it's still quick to deploy as well with auth, just slightly less fast. Yeah. And the beauty of this is that we're bringing the pretty simple tools. This is just a no auth flow being added to an MCP, and MCP is effectively just an API.

So we're just getting it caught up with the tools that we already have for humans, but it's important to get this ready to go for these tools to act on our behalf as well. And where we can see this going in the future is much more fine-grained authorization, where it's maybe authorizing per-line changes, or per-tool changes, or even maybe authorizing the networks, the connections between things, and just doing...

As we see it growing to doing thousands of tasks on our behalf, this auth piece is going to be very important, and especially the audit trail as well. And we can get that with auth tools too, just to make sure that we can see why this interacted this way, on whose behalf was it on, and what was the end result?

Where did it fail? Where did it go wrong? Things like that. Think of your users not as users, but as deputies. They have access to tools, and they can use and also misuse them as well. Sometimes I think I trust people. Like I do a live demo, and I'm like, "Let's see user input." People sometimes do not nice inputs.

Yeah. Yeah. So get out there and deputize your own tools. We have this repo available. There is the code, a QR code, for this repo. Also the top QR code is to get... Get your own shirt. A shirt? Yeah. Or you can just go to mcp.shop, which you'll run the same workflow that I just ran.

It doesn't have the Pretty Please tool in it though, unfortunately. It'll just do it, even if you're mean to it. But you can order a shirt for the low, low price of $0. So go check it out and get an MCP t-shirt. And if you want to add your own Pretty Please tool, check out the code in the second QR code.

And we can't wait to see what MCP servers you build with auth. Thank you. Thank you. Thank you for listening. Thank you. Thank you. Thank you. We'll see you next time.