What It Is
The framework I use to build and run LLM agents with MCP. I have 19 agents running on this right now: a security researcher, a personal assistant, a PR reviewer, and others. They share infrastructure but have different trust requirements, which is the hard part.
Auth
Agents need to authenticate to external services. The framework handles OAuth 2.0 with PKCE, dynamic client registration, encrypted token storage, and automatic refresh. If a token expires mid-conversation, the agent re-authenticates and retries without interrupting the flow.
MCP Integration
Both local (stdio-based) and remote (HTTPS with OAuth) MCP servers are supported. Tool inputs get validated against JSON schemas before execution. Every tool call goes through permission checks based on the agent's role.
Built-in Tools
The framework ships with web search (Claude-native, with domain filtering), a web content reader that converts HTML to markdown, persistent memory with categories and full-text search, and Slack integration for alerts.
Why I Built It
I was building the same scaffolding for every agent: OAuth flows, memory, logging, tool validation. So I pulled the common patterns into a framework. The security stuff (permission models, namespace isolation, SSRF protection) came from getting burned in production. I wrote about the full architecture in Building Secure Agentic Systems.