More

krzyk · 2026-03-15T13:21:58 1773580918

There is no standard for MCP authentication, because of that it is e.g. blocked in my enterprise. Basically they want to avoid non-technicals installing random MCPs and exposing internals to internet.

rcarmo · 2026-03-15T15:09:22 1773587362

That's not the point I wanted to make. Actually, there are "standards" if you want to consume MCP servers from enterprise apps.

krzyk · 2026-03-15T13:17:31 1773580651

Most CLIs use `--help`, any other are just plain hostile to the users.

`-h` is also popular, but there is also possible issue of that shorthand, hence `--help`.

mmis1000 · 2026-03-15T16:30:25 1773592225

some come with only very short description but most part are only discoverable by 'man'.

and windows mostly use \? and also \h,

java user single - for long argument because it don't have short one.

I doubt it is ever close to reusable.

And even allowed position of parameters (or even meaning of arguments in case of ffmpeg) are program dependent.

Some allow anywhere as long as it is started with a dash, some only allow before first input

krzyk · 2026-03-15T13:15:46 1773580546

If one doesn't sandbox agent run environment then there is a problem there already.

phpnode · 2026-03-15T13:41:56 1773582116

I think a big part of why this discussion is coming up again and again is that people assume the way they are using AI is universal, but there's a bunch of different ways to leverage it. If you have an agent which runs within a product it usually cannot touch the outside world at all by design, you do not need an explicit sandbox (i.e. a VM or container) at all because it lives in an isolated environment. As soon as you say "we use CLIs not MCP" well now you need a sandbox and everything else that goes along with it.

If you can tell ahead of time what external connectors you need and you're already sandboxing then by all means go with CLIs, if you can't then MCP is literally the only economical and ergonomic solution as it stands today.

CharlieDigital · 2026-03-15T15:27:51 1773588471

    > ...people assume the way they are using AI is universal

This is what led me back to MCP. Our team is using Claude CLI, Claude VSCX, Codex, OpenCode, GCHP, and we need to support GH Agents in GH Actions.

We wanted telemetry and observability to see how agents are using tool and docs.

There's no sane way to do this as an org without MCP unless we standardize and enforce a specific toolset/harness that we wrap with telemetry. And no one wants that.

krzyk · 2026-03-15T13:13:15 1773580395

I don't think so. There is no MCP standard for authentication, our infosec banned MCP because of that.

CharlieDigital · 2026-03-15T16:40:01 1773592801

It's right there in the docs and it's just OIDC + OAuth: https://modelcontextprotocol.io/specification/draft/basic/au...

krzyk · 2026-03-15T13:12:15 1773580335

MCP also doesn't work for coworkers that are technical. It works for their agents only.

CLI works for both agents and technical people. REST API works for both agents and technical people. MCP works only for agents (unless I can curl to it, there are some HTTP based ones)

krzyk · 2026-03-07T06:14:54 1772864094

What is there to loose in trying?

Basically, don't trust AI if it says "you program is secure", but if it returns results how you could break it, why not take a look?

This is the way I would encourage AI to be used, I prefer such approaches (e.g. general code reviews) than writing software by it.

SV_BubbleTime · 2026-03-09T02:24:01 1773023041

Because if you want the work done correctly, you WILL put the time you thought you were saving in. Either up front, or in review of its work, or later when you find out it didn’t do it correctly.

krzyk · 2026-03-05T14:09:24 1772719764

I feel better with `curl ... | sh` than with npm.

npm suggests projects written in js, which is not something I'm comfortable.

It is nice to see that this is not JS, but Rust.

varenc · 2026-03-05T21:57:20 1772747840

Agreed! The `curl ... | sh` is sketchy, but it's more obviously a security risk and easier to inspect. With install hooks, `npm install ...` also allows arbitrary code execution when you run it, but this is less obvious.

krzyk · 2026-03-05T13:54:59 1772718899

github? I just do some click here, click there, copy paste and gh cli is ready.

For google I need PhD to setup any kind of API access to my own data. And it frequently blocks you, because you can setup as a test product, add test accounts (but it can't be owner account (WTF?)) etc.

I gave up on using a google calendar cli project because of all that lack of normal UX.

UX for google APIs looks like it was designed by accountant.

gws auth setup looks promising, but it won't work yet for personal accounts.

AJRF · 2026-03-09T10:18:27 1773051507

> github

The developer platform?

krzyk · 2026-03-05T13:53:36 1772718816

Crazy.

And this project uses "google" in its org, so I would assume it is offical or at least lawyers are running toward the owner with lawsuits.

krzyk · 2026-03-05T13:51:34 1772718694

Is Google Workspace some separate thing from well, normal Google?

I mean I have personal gmail,drive, keep, etc. Will it work there?

abustamam · 2026-03-05T13:54:39 1772718879

It should, as long as you have access to Google cloud for Auth.

https://workspace.google.com/

Google Workspace is their corporate offering (think Microsoft suite competitor)

krzyk · 2026-03-05T14:02:52 1772719372

https://github.com/googleworkspace/cli/issues/119

Looks like it is not available for @gmail.com accounts, because of that bug.