Olivia
Online
Daniel Smith | Building ClawQL Agents
@DanielSmithDev
Building @ClawQL Agent/MCP as the API and document intelligence platform for enterprises!
PlatformEng/SRE/DevOps in a love-hate relationship with Kubernetes.
Los Angeles, CA
Joined May 2016
482 Following
813 Followers
2.8K Posts
mcp-grpc-transport is now on npm (v0.1.0).
Pluggable gRPC transport for MCP that supports:
- Full protobuf surface (ListTools, CallTool, streaming ops, pagination, cancellation)
- Bidirectional Mcp.Session stream (NDJSON compatibility)
- gRPC health checking + optional server reflection
- TLS/mTLS via env vars
- Interceptors and custom options
This is the transport many teams have been waiting for, especially those already running gRPC microservices.
If you’re building production MCP servers and already operate in a gRPC-heavy environment, this should feel like a natural fit. It also pairs excellently with unified MCP servers that embed optimized internal layers (like GraphQL proxies for token efficiency).
Installation & basic usage is straightforward (see code snippet in comments or npm page).
One-liner integration via maybeStartGrpcMcpServer({ createMcpServer }).
Perfect drop-in for teams tired of JSON serialization overhead or wanting native mesh routing.
Docs & examples on the npm page. Built as part of the ClawQL stack but completely generic.
Try it with ClawQL (now unified single-process) or your own MCP server. Feedback, issues, and contributions welcome.
Repo: https://t.co/yYHhb12Nih
npm: https://t.co/DaA3a62CZs
Feedback, bug reports, and PRs are very welcome. Let’s make MCP even more cloud-native and production-ready together.
#MCP #gRPC #AI #AgenticAI #TypeScript #Kubernetes #EnterpriseAI
vendoring is so back baby
I really believed a whole generation of developers, who only know open source from npm and pypi, miss how open source actually used to work.
When Debian or a Linux distribution ships a dependency they take responsibility of it. If there is a security issue and it’s not fixed by the developer upstream, they fix it for their users.
Debian and others basically vendor every thing they distribute. They honor the license and they maintain patches. Most of the stuff that you get from your Linux distribution is basically a (small) fork.
The same is true for Apple, Microsoft and others. The open source software they ship, they carry that responsibility.
That doesn’t mean that security fixes are not upstreamed, but Apple or Debian or anyone else won’t jump in Twitter to shame a developer into compliance with their ways. They are not dependent on the health of a packaging infrastructure. They own their software including all the things it depends on.
I want that thinking back. Because it fundamentally makes people feel more responsibility and it shares the burden of issues. It also does not put so much focus and attention on the one overworked developer who just happened to have too much of the world depend on their library. Remember: they carry a responsibility they never signed up to and they never got compensated for.
There is no silver bullet. You layer in the best defenses you can but focus needs to be on mitigation of the impact
Simulate beforehand. How quickly can you detect and recover from a compromise? What controls are in place to patch and rollout fixes and how quickly can you do so?
My best advice for AI agent security is to not trust anyone who claims they know how to solve AI agent security.
There are so many hard problems in this space, and anyone who claims otherwise doesn't know what they're doing.
@ZackKorman Mitigation > prevention
You don’t have perfect control over being compromised in most cases especially when up against highly resourced adversaries or those with nation state type capabilities
You do have control over the blast radius though and what that compromise looks like
Yes this is where everyone installs @ClawQL for the token savings
It uses code mode to abstract token bloat in context plus a graphql layer that trims the output tokens to exclusively what’s needed
This means lower token usage/cost & more importantly better performance too 🍻🫡
they should do it as per-diem and you get to keep what you don't use if they actually want to see people use ai effectively.
@zeeg That’s a skill issue. Serverless has its place. I’ve migrated to and from it and like any tool it’s up to you to use it right. If you don’t follow best practices then you’ll be confused why your tool isn’t making a job easier. But doesn’t mean everything is a nail to your hammer.
@RhysSullivan @ProEvilz Oh I see what you mean. Yeah no they still need to be configured within the harnesses individually you’re right
@RhysSullivan @ProEvilz Kubernetes is one way with local DNS / loadbalancer
Install it into locally running cluster, expose it, then route to it with local dns or load balancer if you run multiple replicas
Then when computer restarts or the mcp has an issue etc the cluster and container heals itself🍻
If y’all want to see what an MCP done right looks like then check out @ClawQL
Built around codemode with graphql layer to trim token payloads. Saves cost and improves performance.
Search/Execute for any API
Cache short term info
Memory for long term info
Heavy defense-in-depth
Satya talking on stage about MCP is so validating when so many of you people said MCP was dead.
@kentcdodds MCP was never dead. Just needed time to fully wake up. We’ve made such huge progress on the MCP front in terms of token reduction, better auth, better isolation, and more. All we needed was people willing to put in the work to get it right and now MCP is stronger than ever before
@LowLevelTweets @kentcdodds It was mostly in context of them vs cli tools directly. Argument was MCP would bloat. So many bad engineers cried about it and gave up.
Then @Cloudflare came along with code mode and now Claude and others have dynamic tool loading and there are several ways to solve the issues.
@RhysSullivan Yep but why stop there? IMO the real unlock is drafting a synthetic dataset with examples of how the MCP should and should not be used then doing a QLoRA fine tune against the models to force them to perform tool calls more efficiently.
We should be shipping datasets + skills 🍻
@RhysSullivan @kr0der Connect Presidio by Microsoft or Privacy Filter by OpenAI for automatic privacy redaction. Lightweight enough to run on every call to ensure no leaking of sensitive info
I’ve mentioned this before: this is one of the oncoming trains for corp-security. We’ve long failed at least-privilege, but weren’t often punished for it.
Helen in HR (or Bob in accounts) didn’t know what to do with the extra perms they didn’t know they had.
Their agents will.
@wisplite @growing_daniel @lucas__crespo Yep and you still can. But for an increasingly large percentage of the developer population, the amount of typing and frequency of said typing is drastically falling off a cliff as AI becomes the primary generator of the bulk of content. So the need to never look away diminishes.
Honestly yes. The way AI first workflows have changed over the years, this is the ideal time for this type of feature. iPhone was made was to allow per-app customization and experiences not tied to a fixed keyboard. This brings that vision back again at the right time for it tbh.
The touchbar was too early and didn't deserve to die, it deserved an LLM.
Static shortcut buttons were the wrong bet.
Imagine buttons that rewrite themselves based on whatever you're doing, that's the keyboard that feels right for an AI-native Mac.
@growing_daniel @lucas__crespo My head is not stuck attached to a stick. I can look down and away from my monitor from time to time it’s okay really. You may be permanently attached to your monitor with your eyes but people can look away when they want to. Hope this helps. 🙏🏻
@growing_daniel @lucas__crespo What if I told you that little smooth plastic surface down by the keyboard was actually also a screen 🤯
@RhysSullivan Good ol Brock O’Bama
@ZackKorman I’m new to seeing this degree of carelessness. I’m used to people caring more about this stuff in the past. I’m sure you’ve got war stories for days though on the topic.
So let me ask what’s a realistic solution to this at scale? Do we need lobbies for new regulations in place?
Last Seen Users on Sotwe
大奶少妇
Seen from France
40.ESENYURT.40
Seen from Turkey
Grok
Seen from Netherlands
آلُـِـِِـِِِـِِـِـڛـ,ـفُـ,ـآحـًـًًـًًًـًًـًـح
Seen from Lebanon
Shuuuu 🤫
Seen from France
✨Sillier Boy✨
Seen from Spain
Yusuf aslan
Seen from Turkey
HAZAL KILINIC ONLY FANS
Seen from Turkey
MarinetteArtPainCheng
Seen from United Kingdom
Rodney Ruxin
Seen from Ecuador
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers