Resolves TOO-388
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Low Risk**
> Primarily metadata/dependency additions with no changes to core tool
execution paths; risk is limited to potential packaging/import issues
from the new `arcade-mcp-server` dependency.
>
> **Overview**
> Adds `ToolMetadata` to tool decorators across the Bright Data,
ClickHouse, MongoDB, Postgres, LinkedIn, Zendesk, and Math toolkits,
specifying *behavior* (read-only/idempotency/destructive/open-world)
and, where applicable, *service domain* classification.
>
> Updates each toolkit package to depend on `arcade-mcp-server` (plus
local `uv` source wiring) and bumps toolkit versions accordingly; minor
`__all__` ordering tweaks in Math/Zendesk are included.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
3bde3a061194e1d1b6a4e8a2ebd608b17984db4f. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
@EricGustin you can use this cli command:
```
uv run arcade evals mcp_building_evals_results/eval_toolkit_iteration_dict.py \
-p openai:gpt-4o,gpt-4o-mini \
-p anthropic:claude-sonnet-4-20250514 \
-k openai:$OPENAI_API_KEY \
-k anthropic:$ANTHROPIC_API_KEY \
-d \
--num-runs 3 \
--seed random \
--multi-run-pass-rule majority \
--max-concurrent 6 \
-o mcp_building_evals_results/results
```
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Medium Risk**
> Touches core eval execution and all result formatters while adding new
CLI inputs and output schema (`run_stats`/`critic_stats` and capture
`runs`), so regressions could affect evaluation results and report
compatibility despite being additive and validated.
>
> **Overview**
> Adds **multi-run evaluation support** to `arcade evals` via new flags
`--num-runs`, `--seed`, and `--multi-run-pass-rule`, with upfront
validation and plumbing through the CLI runner into eval/capture suite
execution.
>
> Fixes provider selection UX/bug by making `--use-provider/-p`
**repeatable** (instead of a space-delimited string), updates
docs/examples accordingly, and extends capture mode to optionally record
**per-run tool calls** (`CapturedRun`) when `num_runs > 1`.
>
> Enhances all output formatters (HTML/Markdown/Text/JSON) to
**propagate and display** per-case `run_stats` and `critic_stats`,
including new HTML UI for run tabs/cards and comparative tables showing
mean ± stddev when multi-run data is present.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
2ee1654b7d1fbb9538373507355636164b16a066. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
Bumps [authlib](https://github.com/authlib/authlib) from 1.3.0 to 1.6.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/authlib/authlib/releases">authlib's
releases</a>.</em></p>
<blockquote>
<h2>v1.6.5</h2>
<h2>What's Changed</h2>
<ul>
<li>Add a <code>request</code> param to RFC7591
<code>generate_client_info</code> and
<code>generate_client_secret</code> methods by <a
href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a
href="https://redirect.github.com/authlib/authlib/pull/825">authlib/authlib#825</a></li>
<li>feat: support list params in prepare_grant_uri by <a
href="https://github.com/lisongmin"><code>@lisongmin</code></a> in <a
href="https://redirect.github.com/authlib/authlib/pull/827">authlib/authlib#827</a></li>
<li>chore(deps): bump SonarSource/sonarqube-scan-action from 5 to 6 in
/.github/workflows by <a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/authlib/authlib/pull/828">authlib/authlib#828</a></li>
<li>fix(jose): add max size for JWE zip=DEF decompression by <a
href="https://github.com/lepture"><code>@lepture</code></a> in <a
href="https://redirect.github.com/authlib/authlib/pull/830">authlib/authlib#830</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/lisongmin"><code>@lisongmin</code></a>
made their first contribution in <a
href="https://redirect.github.com/authlib/authlib/pull/827">authlib/authlib#827</a></li>
<li><a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot]
made their first contribution in <a
href="https://redirect.github.com/authlib/authlib/pull/828">authlib/authlib#828</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/authlib/authlib/compare/v1.6.4...v1.6.5">https://github.com/authlib/authlib/compare/v1.6.4...v1.6.5</a></p>
<h2>v1.6.4</h2>
<h2>What's Changed</h2>
<ul>
<li>fix(jose): prevent public/unprotected header overwriting protected
header by <a
href="https://github.com/lepture"><code>@lepture</code></a> in <a
href="https://redirect.github.com/authlib/authlib/pull/809">authlib/authlib#809</a></li>
<li>Fix <code>InsecureTransportError</code> raising by <a
href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a
href="https://redirect.github.com/authlib/authlib/pull/810">authlib/authlib#810</a></li>
<li>Add conventional-commits pre-commit hook by <a
href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a
href="https://redirect.github.com/authlib/authlib/pull/811">authlib/authlib#811</a></li>
<li>Fix response_mode=form_post with Starlette client by <a
href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a
href="https://redirect.github.com/authlib/authlib/pull/812">authlib/authlib#812</a></li>
<li>Specify README.md as project long description by <a
href="https://github.com/EpicWink"><code>@EpicWink</code></a> in <a
href="https://redirect.github.com/authlib/authlib/pull/817">authlib/authlib#817</a></li>
<li>Migrate tests to pytest paradigm by <a
href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a
href="https://redirect.github.com/authlib/authlib/pull/813">authlib/authlib#813</a></li>
<li>jose/jws: Reject unprotected ‘crit’ and enforce type; add tests by
<a href="https://github.com/AL-Cybision"><code>@AL-Cybision</code></a>
in <a
href="https://redirect.github.com/authlib/authlib/pull/823">authlib/authlib#823</a></li>
<li>Use explicit *.test urls in unit tests by <a
href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a
href="https://redirect.github.com/authlib/authlib/pull/824">authlib/authlib#824</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/EpicWink"><code>@EpicWink</code></a>
made their first contribution in <a
href="https://redirect.github.com/authlib/authlib/pull/817">authlib/authlib#817</a></li>
<li><a
href="https://github.com/AL-Cybision"><code>@AL-Cybision</code></a>
made their first contribution in <a
href="https://redirect.github.com/authlib/authlib/pull/823">authlib/authlib#823</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/authlib/authlib/compare/v1.6.3...v1.6.4">https://github.com/authlib/authlib/compare/v1.6.3...v1.6.4</a></p>
<h2>Version 1.6.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Add diff-cover check in GHA by <a
href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a
href="https://redirect.github.com/authlib/authlib/pull/803">authlib/authlib#803</a></li>
<li>Run GHA unit tests with uv by <a
href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a
href="https://redirect.github.com/authlib/authlib/pull/805">authlib/authlib#805</a></li>
<li>Move from pre-commit to prek by <a
href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a
href="https://redirect.github.com/authlib/authlib/pull/804">authlib/authlib#804</a></li>
<li>Sign OIDC id_token according to
<code>id_token_signed_response_alg</code> client metadata by <a
href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a
href="https://redirect.github.com/authlib/authlib/pull/802">authlib/authlib#802</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/authlib/authlib/compare/v1.6.2...v1.6.3">https://github.com/authlib/authlib/compare/v1.6.2...v1.6.3</a></p>
<h2>Version 1.6.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Allow insecure transport for 127.0.0.1 for debugging by <a
href="https://github.com/geigerzaehler"><code>@geigerzaehler</code></a>
in <a
href="https://redirect.github.com/authlib/authlib/pull/788">authlib/authlib#788</a></li>
<li>Raise a MissingCodeError when code parameter is missing by <a
href="https://github.com/lepture"><code>@lepture</code></a> in <a
href="https://redirect.github.com/authlib/authlib/pull/786">authlib/authlib#786</a></li>
<li>Temporarily restore OAuth2Request body parameter by <a
href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a
href="https://redirect.github.com/authlib/authlib/pull/791">authlib/authlib#791</a></li>
<li>Raise MissingCodeException when code parameter is missing by <a
href="https://github.com/lepture"><code>@lepture</code></a> in <a
href="https://redirect.github.com/authlib/authlib/pull/794">authlib/authlib#794</a></li>
<li>Fix id_token generation with EdDSA alg by <a
href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a
href="https://redirect.github.com/authlib/authlib/pull/800">authlib/authlib#800</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/authlib/authlib/compare/v1.6.1...v1.6.2">https://github.com/authlib/authlib/compare/v1.6.1...v1.6.2</a></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/authlib/authlib/blob/main/docs/changelog.rst">authlib's
changelog</a>.</em></p>
<blockquote>
<h2>Version 1.6.5</h2>
<p><strong>Released on Oct 2, 2025</strong></p>
<ul>
<li>RFC7591 <code>generate_client_info</code> and
<code>generate_client_secret</code> take a <code>request</code>
parameter.</li>
<li>Add size limitation when decode JWS/JWE to prevent DoS.</li>
<li>Add size limitation for <code>DEF</code> JWE zip algorithm.</li>
</ul>
<h2>Version 1.6.4</h2>
<p><strong>Released on Sep 17, 2025</strong></p>
<ul>
<li>Fix <code>InsecureTransportError</code> error raising.
:issue:<code>795</code></li>
<li>Fix <code>response_mode=form_post</code> with Starlette client.
:issue:<code>793</code></li>
<li>Validate <code>crit</code> header value, reject unprotected header
in <code>crit</code> header.</li>
</ul>
<h2>Version 1.6.3</h2>
<p><strong>Released on Aug 26, 2025</strong></p>
<ul>
<li>OIDC <code>id_token</code> are signed according to
<code>id_token_signed_response_alg</code>
client metadata. :issue:<code>755</code></li>
</ul>
<h2>Version 1.6.2</h2>
<p><strong>Released on Aug 23, 2025</strong></p>
<ul>
<li>Temporarily restore <code>OAuth2Request</code> <code>body</code>
parameter. :issue:<code>781</code> :pr:<code>791</code></li>
<li>Allow <code>127.0.0.1</code> in insecure transport mode.
:pr:<code>788</code></li>
<li>Raise <code>MissingCodeException</code> when the <code>code</code>
parameter is missing. :issue:<code>793</code> :pr:<code>794</code></li>
<li>Fix <code>id_token</code> generation with <code>EdDSA</code> algs.
:issue:<code>799</code> :pr:<code>800</code></li>
</ul>
<h2>Version 1.6.1</h2>
<p><strong>Released on Jul 20, 2025</strong></p>
<ul>
<li>Filter key set with additional "alg" and "use"
parameters.</li>
<li>Restore and deprecate <code>OAuth2Request</code> <code>body</code>
parameter. :issue:<code>781</code></li>
</ul>
<h2>Version 1.6.0</h2>
<p><strong>Released on May 22, 2025</strong></p>
<ul>
<li>Fix issue when :rfc:<code>RFC9207 <9207></code> is enabled and
the authorization endpoint response is not a redirection.
:pr:<code>733</code></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9ec42561cd"><code>9ec4256</code></a>
chore: release 1.6.5</li>
<li><a
href="b62b5b2757"><code>b62b5b2</code></a>
Merge branch 'fix-GHSA-pq5p-34cr-23v9'</li>
<li><a
href="e0863d5129"><code>e0863d5</code></a>
Merge pull request <a
href="https://redirect.github.com/authlib/authlib/issues/830">#830</a>
from authlib/fix-GHSA-g7f3-828f-7h7m</li>
<li><a
href="867e3f87b0"><code>867e3f8</code></a>
fix(jose): add size limitation to prevent DoS</li>
<li><a
href="75ad6d4d62"><code>75ad6d4</code></a>
Merge pull request <a
href="https://redirect.github.com/authlib/authlib/issues/828">#828</a>
from authlib/dependabot/github_actions/dot-github/wor...</li>
<li><a
href="68b982352d"><code>68b9823</code></a>
chore(deps): bump SonarSource/sonarqube-scan-action</li>
<li><a
href="5bdfc4bfff"><code>5bdfc4b</code></a>
Merge pull request <a
href="https://redirect.github.com/authlib/authlib/issues/827">#827</a>
from lisongmin/support-list-params-in-prepare-grant-uri</li>
<li><a
href="30ea3c5f85"><code>30ea3c5</code></a>
feat: support list params in prepare_grant_uri</li>
<li><a
href="4b5b570339"><code>4b5b570</code></a>
fix(jose): add max size for JWE zip=DEF decompression</li>
<li><a
href="6e35a02ecf"><code>6e35a02</code></a>
Merge pull request <a
href="https://redirect.github.com/authlib/authlib/issues/825">#825</a>
from azmeuk/request-params</li>
<li>Additional commits viewable in <a
href="https://github.com/authlib/authlib/compare/v1.3.0...v1.6.5">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/ArcadeAI/arcade-mcp/network/alerts).
</details>
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Skip GHA secret-backed toolkit tests for dependabot, add Dockerized
Postgres test setup and default to postgres user, and bump authlib to
1.6.5.
>
> - **CI**:
> - Update `Test stand-alone toolkits (with secrets)` condition to also
exclude `github.actor == 'dependabot[bot]'`.
> - Execute optional `tests/test_setup.sh` before pytest when present.
> - **Postgres toolkit tests**:
> - Default `POSTGRES_DATABASE_CONNECTION_STRING` user changed to
`postgres` in `toolkits/postgres/tests/test_postgres.py`.
> - Add `toolkits/postgres/tests/test_setup.sh` to spin up a Docker
`postgres` and wait until ready.
> - **Dependencies**:
> - Upgrade `authlib` to `1.6.5` in `pyproject.toml`.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
f3600e7536a409ecd8e645f473d747b9ba363765. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: evan <evan@arcade.dev>
Servers added to the `starter-tools` repo in the [PR
#20](https://github.com/ArcadeAI/starter-tools/pull/20).
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Deletes `toolkits/asana_api/arcade_asana_api/moar/openapi.json` (the
large Asana OpenAPI spec) from the repo.
>
> - **Toolkits**:
> - **Asana API**:
> - Remove `toolkits/asana_api/arcade_asana_api/moar/openapi.json`
(entire OpenAPI spec JSON).
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
61530b254aaca17c2652a4ed2085981481dcf468. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
Servers migrated to the starter-tools repo in [PR
#18](https://github.com/ArcadeAI/starter-tools/pull/18).
These servers had tools generated with `dict` args and were revised.
The rest of the Starter servers in this repo will be migrated in a
subsequent PR.
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Removes the Airtable API toolkit and adds a new Datadog API starter
toolkit with generated tools and supporting configs.
>
> - **Removed**:
> - `toolkits/airtable_api/**` including all wrapper tools JSONs and the
Python package/configs.
> - **Added**:
> - `toolkits/datadog_api/**` with generated
`arcade_datadog_api/tools/__init__.py`, Makefile, LICENSE, pre-commit
and Ruff configs for the Datadog API starter toolkit.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
50354f0a19384bedd1ca2aa88cccc7f9cd4df6ae. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
Updating BrightData
- Updating project.toml
- Fix linting issues (related to the repo configs)s
- Rename package from brightdata -> arcade-brightdata ( also will be
used by PyPI)
- Added to toolkits.txt so it can be deployed
Extra:
- Arcade new templates did not have the extra line at the end, so it has
been added.
---------
Co-authored-by: Francisco Liberal <francisco@arcade.dev>
# Add Bright Data Web Scraping and Data Extraction Toolkit
## Overview
This PR introduces a comprehensive Bright Data toolkit that provides web
scraping, search, and structured data extraction capabilities through
the Bright Data API.
## Features Added
### Core Tools
1. **`scrape_as_markdown`** - Scrapes any webpage and returns clean
Markdown content
2. **`get_screenshot`** - Captures screenshots of webpages and saves
them locally
3. **`search_engine`** - Advanced search functionality across Google,
Bing, and Yandex with customizable parameters
4. **`web_data_feed`** - Extracts structured data from major platforms
(LinkedIn, Amazon, Instagram, Facebook, X, YouTube, Zillow, Booking.com,
etc.)
### Supporting Infrastructure
- **`BrightDataClient`**
- Error handling
- URL encoding utilities and request optimization
## Technical Details
### Search Engine Capabilities
- Multi-engine support (Google, Bing, Yandex)
- Advanced parameters: language, country, search type (images, shopping,
news)
- Device targeting (mobile, iOS, Android, iPad)
- Pagination and result count control
- Location-based searches
### Structured Data Sources
Supports 13+ data sources including:
- **E-commerce**: Amazon products and reviews
- **Professional**: LinkedIn profiles and companies, ZoomInfo
- **Social Media**: Instagram, Facebook, X (Twitter) content
- **Real Estate**: Zillow property listings
- **Travel**: Booking.com hotel listings
- **Video**: YouTube videos and metadata
## Testing & Validation
- [x] Deployed and tested on personal account
- [x] Tested via ngrok as well
- [x] Verified all tool functions work as expected
- [x] Validated against multiple data sources and search engines
- [x] Confirmed error handling and edge cases
## Security & Best Practices
- Requires proper API key and zone configuration via secrets
## Dependencies
- `requests` - HTTP client
- `arcade_tdk` - Arcade toolkit framework
- Standard library modules: `json`, `time`, `typing`, `urllib.parse`
## Notes
- All tools require `BRIGHTDATA_API_KEY` secret
- Search and scraping tools also require `BRIGHTDATA_ZONE` secret
- Follows Arcade AI toolkit patterns and conventions
- Comprehensive docstrings with examples provided
This toolkit significantly expands Arcade AI's web data capabilities,
enabling users to scrape, search, and extract structured data from
across the web through a single, unified interface.
---------
Authored-by: meirk-brd
No Oauth, uses Oauth1 and needs a Token and a Api key as secrets.
---------
Co-authored-by: Francisco Liberal <francisco@arcade.dev>
Co-authored-by: Renato Byrro <rmbyrro@gmail.com>
# Release Candidate 2
## This PR:
- [x] No more confusing 307 redirect logs when using `/mcp` instead of
`/mcp/` (requested by @shubcodes)
- [x] Fix bug in `arcade configure` for Python < 3.12 (reported by
@evantahler
- [x] Fix bug where tools with unsatisfied secret requirements could
still be executed (reported by @evantahler, @shubcodes)
- [x] Auth providers can now be imported via `from
arcade_mcp_server.auth import Reddit` (requested by @shubcodes)
- [x] Add complete E2E oauth flow for tool calls with informational
errors about how to log into arcade and where to go to authorize
(requested by @evantahler, @shubcodes)
- [x] Add OAuth tool in `arcade new`'s generated server (requested by
@shubcodes)
- [x] Standardize on defaulting to running servers on port 8000
- [x] Improve credentials.yaml reading logic
- [x] CLI user friendliness (requested by @Spartee)
- [x] Remove `arcade serve` CLI command
- [x] Fix race condition in `arcade logout`
- [x] Update docs for desired developer onboarding flow
## Next PRs:
- Get `arcade deploy` working for MCP servers. (Command is hidden for
now)
- Rename all occurrences of `toolkit` to `server`/`tools` and rename all
occurrences of `worker` to `server`
Versions:
* arcade-mcp\==1.0.0rc1
* arcade-mcp-server\==1.0.0rc1
* arcade-core\==2.5.0rc1
* arcade-tdk\==2.6.0rc1
* arcade-serve\==2.2.0rc1
### Summary
Adds first-class MCP support across Arcade, introduces a new MCP server
and CLI, unifies the project under the arcade-mcp name, overhauls
templates/scaffolding, and improves developer tooling, secrets
management, and examples.
### Highlights
- **MCP Server & Core**
- New MCP server with stdio and HTTP/SSE transports, session management,
resumability, and lifecycle handling.
- FastAPI-like `MCPApp` for building servers with lazy init; integrated
worker+MCP HTTP app option.
- Middleware system (logging and error handling), robust exception
hierarchy, and Pydantic-based settings.
- Async-safe managers for tools, resources, and prompts backed by
registries and locks.
- Developer-facing, transport-agnostic runtime context interfaces (logs,
tools, prompts, resources, sampling, UI, notifications).
- Conversion from Arcade ToolDefinition to MCP tool schema; OpenAI JSON
tool schema converter.
- Parser supports `@app.tool`/`@app.tool(...)` decorators.
- **CLI**
- New `mcp` command to run MCP servers with stdio or HTTP/SSE.
- New `secret` command to set/list/unset tool secrets (supports .env
input, preserves original casing for lookups).
- `new` command refactored; option to create a full toolkit package with
scaffolding.
- `chat` command removed.
- `serve.py` imports updated to `arcade_serve.fastapi.telemetry`;
version retrieval now uses `arcade-mcp`.
- `show.py` refactor to use new local catalog utilities.
- `display_tool_details` improved: adds “Default” column and handles
nested properties.
- **Configuration & Discovery**
- New `configure.py` to set up Claude Desktop, Cursor, and VS Code to
connect to local or Arcade Cloud MCP servers.
- Discovery utilities to find/install toolkits, build `ToolCatalog`s,
analyze files for tools, load kits from directories (pyproject parsing),
and build minimal toolkits.
- Better handling of provider API key resolution and evaluation suite
loading.
- **Templates & Scaffolding**
- Reorganized template structure (minimal vs full); moved
`.pre-commit-config.yaml`, `.ruff.toml`, license, Makefile, README,
tests, and tools layout to correct paths.
- Minimal template adds `.env.example` for runtime secret injection.
- Template pyproject updated for MCP servers; includes sample server
with greeting and secret-reveal tools.
- Authorization flow in templates simplified.
- **Repo-wide Renaming & Examples**
- Migrates references from `arcade-ai` to `arcade-mcp` across READMEs,
scripts, and package metadata.
- Examples updated (LangChain/LangGraph/AI SDK/TypeScript) and package
name changed to `arcade-mcp-sdk`.
- **Evals & Core Utilities**
- Evals now use OpenAI tooling format (`OpenAIToolList`, `to_openai`);
`tool_eval` takes `provider_api_key`.
- Core utilities: fixed `does_function_return_value` by dedenting before
parse; version bump to `2.5.0rc1` and dependency cleanup.
- **Tooling & CI**
- `setup-uv-env` action splits toolkit vs contrib dependency
installation.
- Pre-commit: excludes `libs/arcade-mcp-server/mkdocs.yml` and
`libs/tests/` from YAML and Ruff hooks; Ruff per-file ignores (e.g.,
C901 in `libs/**/*.py`, TRY400 in server docs paths).
- Makefile updates for uv env setup, quality checks, tests, builds, and
new `shell` target.
- Added Makefile to MCP server library to streamline dev workflow.
- **Cleanup**
- Removed `claude.json` config.
- Simplified stdio entrypoint; removed unused imports (`arcade_gmail`,
`arcade_search`).
### Breaking Changes
- **CLI**: `chat` command removed; use `mcp`, `secret`, and updated
`new`.
- **Naming**: All users should update references from `arcade-ai` to
`arcade-mcp`.
- **Templates**: File paths moved; downstream scripts referencing old
template locations may need updates.
### Getting Started
- Run an MCP server:
- `arcade mcp --stdio --toolkits your_toolkit`
- `arcade mcp --http --toolkits your_toolkit`
- Manage secrets:
- `arcade secret set your_toolkit KEY=value`
- `arcade secret list your_toolkit`
- `arcade secret unset your_toolkit KEY`
- Configure clients:
- `arcade configure` to set up Claude Desktop, Cursor, and VS Code for
local/Arcade Cloud MCP.
---------
Co-authored-by: Sam Partee <sam@arcade-ai.com>
Co-authored-by: Shub <125150494+shubcodes@users.noreply.github.com>
# [PROD-215](https://app.clickup.com/t/9014390315/PROD-215) 🎫
## Changes
- Removed some try catch blocks from Zendesk tools so the default Httpx
error adaptor can deal with them.
Co-authored-by: Francisco Liberal <francisco@arcade.dev>