MCP Server Framework and Tool Development library for building custom capabilities into agents.
Find a file
dependabot[bot] da36cc793c
Bump authlib from 1.6.5 to 1.6.6 (#755)
Bumps [authlib](https://github.com/authlib/authlib) from 1.6.5 to 1.6.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/authlib/authlib/releases">authlib's
releases</a>.</em></p>
<blockquote>
<h2>v1.6.6</h2>
<h2>What's Changed</h2>
<ul>
<li>fix(ClientAuth): fix incorrect signature when Content-Type is
x-www-form-urlencoded by <a
href="https://github.com/shc261392"><code>@​shc261392</code></a> in <a
href="https://redirect.github.com/authlib/authlib/pull/778">authlib/authlib#778</a></li>
<li>Fix: Use <code>expires_in</code> when <code>expires_at</code> is
unparsable by <a
href="https://github.com/bendavis78"><code>@​bendavis78</code></a> in <a
href="https://redirect.github.com/authlib/authlib/pull/842">authlib/authlib#842</a></li>
<li><code>get_jwt_config</code> takes a <code>client</code> parameter.
by <a href="https://github.com/azmeuk"><code>@​azmeuk</code></a> in <a
href="https://redirect.github.com/authlib/authlib/pull/844">authlib/authlib#844</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/shc261392"><code>@​shc261392</code></a>
made their first contribution in <a
href="https://redirect.github.com/authlib/authlib/pull/778">authlib/authlib#778</a></li>
<li><a
href="https://github.com/bendavis78"><code>@​bendavis78</code></a> made
their first contribution in <a
href="https://redirect.github.com/authlib/authlib/pull/842">authlib/authlib#842</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/authlib/authlib/compare/v1.6.5...v1.6.6">https://github.com/authlib/authlib/compare/v1.6.5...v1.6.6</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/authlib/authlib/blob/main/docs/changelog.rst">authlib's
changelog</a>.</em></p>
<blockquote>
<h2>Version 1.6.6</h2>
<p><strong>Released on Dec 12, 2025</strong></p>
<ul>
<li><code>get_jwt_config</code> takes a <code>client</code> parameter,
:pr:<code>844</code>.</li>
<li>Fix incorrect signature when <code>Content-Type</code> is
x-www-form-urlencoded for OAuth 1.0 Client, :pr:<code>778</code>.</li>
<li>Use <code>expires_in</code> in <code>OAuth2Token</code> when
<code>expires_at</code> is unparsable, :pr:<code>842</code>.</li>
<li>Always track <code>state</code> in session for OAuth client
integrations.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="bb7a315bef"><code>bb7a315</code></a>
chore: release 1.6.6</li>
<li><a
href="0a423d4638"><code>0a423d4</code></a>
Merge pull request <a
href="https://redirect.github.com/authlib/authlib/issues/844">#844</a>
from azmeuk/806-get-jwt-config-client</li>
<li><a
href="2808378611"><code>2808378</code></a>
Merge commit from fork</li>
<li><a
href="714502a473"><code>714502a</code></a>
feat: get_jwt_config takes a client parameter</li>
<li><a
href="260d04edee"><code>260d04e</code></a>
Fix: Use <code>expires_in</code> when <code>expires_at</code> is
unparsable</li>
<li><a
href="eb37124bbb"><code>eb37124</code></a>
Merge pull request <a
href="https://redirect.github.com/authlib/authlib/issues/778">#778</a>
from shc261392/fix-httpx-oauth1-form-data-incorrect-s...</li>
<li><a
href="0ba9ec4fee"><code>0ba9ec4</code></a>
docs: fix guide on requests self signed certificate</li>
<li><a
href="a2e9943815"><code>a2e9943</code></a>
docs: indicate that <a
href="https://redirect.github.com/authlib/authlib/issues/743">#743</a>
needs a migration</li>
<li><a
href="06015d2065"><code>06015d2</code></a>
test: factorize the token fixture</li>
<li>See full diff in <a
href="https://github.com/authlib/authlib/compare/v1.6.5...v1.6.6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=authlib&package-manager=pip&previous-version=1.6.5&new-version=1.6.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/ArcadeAI/arcade-mcp/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-28 16:25:42 -08:00
.cursor/rules Cursor versioning rules (#715) 2025-12-09 11:31:15 -08:00
.github Replace fcntl with cross-platform portalocker (fix win/powershell errors) (#739) 2026-01-09 12:34:36 -08:00
.vscode Rename some 'toolkit' references to 'server' (#624) 2025-10-14 18:42:27 -07:00
contrib remove examples to be absorved as templates (#753) 2026-01-23 23:34:42 -03:00
examples Adding MCP Servers supports to Arcade Evals (#689) 2026-01-07 20:26:23 -03:00
libs Support Ed25519 Algorithm (#742) 2026-01-16 15:55:05 -08:00
schemas/preview Tool Metadata (#357) 2025-04-16 19:17:36 -08:00
tests/install Replace fcntl with cross-platform portalocker (fix win/powershell errors) (#739) 2026-01-09 12:34:36 -08:00
toolkits Bump authlib from 1.3.0 to 1.6.5 (#724) 2025-12-12 17:16:14 -08:00
.editorconfig Fix ruff (#64) 2024-09-25 09:47:30 -07:00
.gitignore Re-import arcade_core errors into arcade_mcp_server (#620) 2025-10-13 17:48:54 -07:00
.pre-commit-config.yaml MCP Local (#563) 2025-09-25 15:28:15 -07:00
.prettierignore Fix ruff (#64) 2024-09-25 09:47:30 -07:00
.prettierrc.toml Fix ruff (#64) 2024-09-25 09:47:30 -07:00
.ruff.toml MCP Local (#563) 2025-09-25 15:28:15 -07:00
CONTRIBUTING.md Rename some 'toolkit' references to 'server' (#624) 2025-10-14 18:42:27 -07:00
core Dependency conflict rich library (#729) 2025-12-14 10:46:03 -08:00
cspell.config.yaml Replace arcade.client with arcadepy (#119) 2024-10-23 15:29:02 -07:00
LICENSE Update README and LICENSE (#220) 2025-01-23 19:43:48 -08:00
Makefile Rename _meta requirements field to arcade_requirements (#616) 2025-10-14 19:01:05 -07:00
pyproject.toml Bump authlib from 1.6.5 to 1.6.6 (#755) 2026-01-28 16:25:42 -08:00
README.md Fix broken links (#738) 2026-01-05 13:27:16 -08:00
SECURITY.md Fix broken links (#738) 2026-01-05 13:27:16 -08:00
uv_setup.sh MCP Local (#563) 2025-09-25 15:28:15 -07:00

Prebuilt ToolsContact Us

Arcade MCP Server Framework

  • To see example servers built with Arcade MCP Server Framework (this repo), check out our examples

  • To learn more about the Arcade MCP Server Framework (this repo), check out our Arcade MCP documentation

  • To learn more about other offerings from Arcade.dev, check out our documentation.

Pst. hey, you, give us a star if you like it!

GitHub stars

Quick Start: Create a New Server

The fastest way to get started is with the arcade new CLI command, which creates a complete MCP server project:

# Install the CLI
uv tool install arcade-mcp

# Create a new server project
arcade new my_server

# Navigate to the project
cd my_server/src/my_server

This generates a project with:

  • server.py - Main server file with MCPApp and example tools

  • pyproject.toml - Dependencies and project configuration

  • .env.example - Example .env file containing a secret required by one of the generated tools in server.py

The generated server.py includes proper command-line argument handling and three example tools:

#!/usr/bin/env python3
"""simple_server MCP server"""

import sys
from typing import Annotated

import httpx
from arcade_mcp_server import Context, MCPApp
from arcade_mcp_server.auth import Reddit

app = MCPApp(name="simple_server", version="1.0.0", log_level="DEBUG")


@app.tool
def greet(name: Annotated[str, "The name of the person to greet"]) -> str:
    """Greet a person by name."""
    return f"Hello, {name}!"


# To use this tool locally, you need to either set the secret in the .env file or as an environment variable
@app.tool(requires_secrets=["MY_SECRET_KEY"])
def whisper_secret(context: Context) -> Annotated[str, "The last 4 characters of the secret"]:
    """Reveal the last 4 characters of a secret"""
    # Secrets are injected into the context at runtime.
    # LLMs and MCP clients cannot see or access your secrets
    # You can define secrets in a .env file.
    try:
        secret = context.get_secret("MY_SECRET_KEY")
    except Exception as e:
        return str(e)

    return "The last 4 characters of the secret are: " + secret[-4:]

# To use this tool locally, you need to install the Arcade CLI (uv tool install arcade-mcp)
# and then run 'arcade login' to authenticate.
@app.tool(requires_auth=Reddit(scopes=["read"]))
async def get_posts_in_subreddit(
    context: Context, subreddit: Annotated[str, "The name of the subreddit"]
) -> dict:
    """Get posts from a specific subreddit"""
    # Normalize the subreddit name
    subreddit = subreddit.lower().replace("r/", "").replace(" ", "")

    # Prepare the httpx request
    # OAuth token is injected into the context at runtime.
    # LLMs and MCP clients cannot see or access your OAuth tokens.
    oauth_token = context.get_auth_token_or_empty()
    headers = {
        "Authorization": f"Bearer {oauth_token}",
        "User-Agent": "{{ toolkit_name }}-mcp-server",
    }
    params = {"limit": 5}
    url = f"https://oauth.reddit.com/r/{subreddit}/hot"

    # Make the request
    async with httpx.AsyncClient() as client:
        response = await client.get(url, headers=headers, params=params)
        response.raise_for_status()

        # Return the response
        return response.json()

# Run with specific transport
if __name__ == "__main__":
    # Get transport from command line argument, default to "stdio"
    # - "stdio" (default): Standard I/O for Claude Desktop, CLI tools, etc.
    #   Supports tools that require_auth or require_secrets out-of-the-box
    # - "http": HTTPS streaming for Cursor, VS Code, etc.
    #   Does not support tools that require_auth or require_secrets unless the server is deployed
    #   using 'arcade deploy' or added in the Arcade Developer Dashboard with 'Arcade' server type
    transport = sys.argv[1] if len(sys.argv) > 1 else "stdio"

    # Run the server
    app.run(transport=transport, host="127.0.0.1", port=8000)

This approach gives you:

  • Complete Project Setup - Everything you need in one command

  • Best Practices - Proper dependency management with pyproject.toml

  • Example Code - Learn from working examples of common patterns

  • Production Ready - Structured for growth and deployment

Running Your Server

Run your server directly with Python:

# Run with stdio transport (default)
uv run server.py

# Run with http transport via command line argument
uv run server.py http

# Or use python directly
python server.py http
python server.py stdio

Your server will start and listen for connections. With HTTP transport, you can access the API docs at http://127.0.0.1:8000/docs.

Configure MCP Clients

Once your server is running, connect it to your favorite AI assistant:

arcade configure claude # Configure Claude Desktop to connect to your stdio server in your current directory
arcade configure cursor --transport http --port 8080 # Configure Cursor to connect to your local HTTP server on port 8080
arcade configure vscode --entrypoint my_server.py # Configure VSCode to connect to your stdio server that will run when my_server.py is executed directly

Installing this Repo from Source

git clone https://github.com/ArcadeAI/arcade-mcp.git && cd arcade-mcp && make install

Support and Community