terminal
howtonotcode.com
MCP logo

MCP

Term

MCP refers to various concepts like 'Master Control Program' or 'Microsoft Certified Professional'.

article 29 storys calendar_today First seen: 2026-02-03 update Last seen: 2026-03-03 menu_book Wikipedia

Stories

Showing 21-29 of 29

Endor Labs launches AURI: free security intelligence for AI coding agents

Endor Labs launched AURI, a free security intelligence layer for AI coding agents that scans code and dependencies for vulnerabilities, secrets, and malware and helps fix issues. [AURI by Endor Labs](https://www.endorlabs.com/learn/introducing-auri-security-intelligence-for-ai-coding-agents-and-developers) is now available to everyone, with its Skills plugin, MCP, and CLI offered free for developers. The tools let teams detect vulnerabilities and exposed secrets in first-party code and open source dependencies, block malware attacks, and fix security bugs. The pitch is to embed security into the architecture of agentic coding across editors, CI pipelines, and cloud environments, keeping pace with AI-written and AI-reviewed code. For backend and data teams trialing agents in the SDLC, [AURI](https://www.endorlabs.com/learn/introducing-auri-security-intelligence-for-ai-coding-agents-and-developers) offers a standard way to gate risky changes and automate remediation early in the pipeline.

calendar_today 2026-03-03
endor-labs auri auri-skills-plugin mcp auri-cli

AI-native API lifecycle: Postman Git workflows and LLM-ready specs

Postman introduced AI-native, Git-based API workflows and a central API catalog while LLMs begin to consume and co-author API specs, pushing teams to make documentation machine-optimized and governed. Postman’s latest platform update brings Agent Mode into Git, where it understands collections, definitions, and underlying code to cut manual work in debugging, test writing, and keeping collections in sync, alongside native Git workflows for specs, tests, mocks, and environments and a new enterprise-wide API Catalog for visibility and ownership tracking ([InfoWorld](https://www.infoworld.com/article/4140102/postman-api-platform-adds-ai-native-git-based-workflows.html)). It can also coordinate multi-step changes using inputs from MCP servers tied to Atlassian, Amazon CloudWatch, GitHub, Linear, Sentry, and Webflow, and publish docs, sandboxes, and SDKs in one place. As agentic access to APIs grows, specs must be unambiguous for machines as well as humans, emphasizing well-structured descriptions, precise natural language, sample requests/responses, and consistent versioning to avoid drift and misuse ([Nordic APIs](https://nordicapis.com/how-llms-are-changing-the-way-we-build-api-specifications/)). This shifts API design from merely machine-readable to truly machine-optimized. For teams building research copilots or smarter portals, Perplexity’s APIs offer web-grounded answers (Sonar), agentic research workflows, and ranked search that can backstop doc Q&A, discovery, and RAG without maintaining your own crawl pipeline ([DataStudios overview](https://www.datastudios.org/post/perplexity-ai-api-access-and-developer-use-cases-overview-platform-structure-key-capabilities-and)).

calendar_today 2026-03-03
postman postman-agent-mode postman-api-catalog openapi atlassian

AI coding stack converges (OpenSpec, ECC, Kiro) as CI-targeting npm worm raises guardrails stakes

AI coding tools are consolidating around config-as-code and multi-agent support (OpenSpec, ECC, AWS Kiro) while a new npm worm targeting CI and AI toolchains demands tighter supply-chain controls. OpenSpec’s latest release adds profile-based installs, auto-detection of existing AI tools, and first-class support for Pi and AWS Kiro, streamlining how teams standardize assistant skills across repos ([v1.2.0 notes](https://github.com/Fission-AI/OpenSpec/releases/tag/v1.2.0)). In parallel, Everything Claude Code’s “Codex Edition” unifies Claude Code, Cursor, OpenCode, and OpenAI Codex from a single config, ships 7 new repo-analysis skills, and bakes in AgentShield security tests, plus a GitHub app for org-wide rollout ([v1.6.0 notes](https://github.com/affaan-m/everything-claude-code/releases/tag/v1.6.0)). AWS is pushing Kiro’s agentic coding further to improve code quality ([DevOps.com](https://devops.com/aws-extends-agentic-ai-capabilities-of-kiro-developer-tool-to-improve-code-quality/)), with practitioners showing Kiro CLI working alongside Xcode MCP to ship an iOS app in hours—an example of assistant+IDE workflows entering the mainstream ([DEV post](https://dev.to/aws-heroes/i-promised-an-ios-app-kiro-cli-and-xcode-mcp-built-it-in-hours-519l)). Against this momentum, researchers warn of a new npm worm that can harvest secrets and weaponize CI while spreading via AI coding tools, reinforcing the need for deterministic builds, scoped tokens, and pre-commit/CI policy gates ([InfoWorld](https://www.infoworld.com/article/4136478/new-npm-worm-hits-ci-pipelines-and-ai-coding-tools.html)).

calendar_today 2026-02-24
openspec fission-ai everything-claude-code agentshield claude-code

Graph-structured dependency navigation fixes missed-file failures in repo-scale coding agents

New results show that wiring coding agents to traverse a code dependency graph outperforms expanding context or keyword/vector retrieval on architecture-heavy tasks where critical files are semantically distant. An arXiv study introduces the Navigation Paradox: as context windows grow, failures shift from retrieval capacity to navigational salience, and presents CodeCompass, an MCP-based graph tool exposing IMPORTS/INHERITS/INSTANTIATES edges during agent runs with Claude Code; on a FastAPI RealWorld benchmark, BM25 hits 100% on semantic (G1) tasks but gives no lift on hidden-dependency (G3) tasks (78.2% vs 76.2% baseline), while CodeCompass reaches 99.4% ACS on G3, a +23.2 point jump over both baselines ([paper](https://arxiv.org/html/2602.20048v1), [code/benchmark](https://github.com/tpaip607/research-codecompass)). Crucially, benefit depends on tool invocation: trials that actually used the graph (42%) averaged 99.5% ACS; those that skipped it despite instructions scored 80.2%, indistinguishable from vanilla—highlighting that prompt design and agent policies must reliably trigger graph consultation. For teams piloting repo-level agents, treat structural navigation as a first-class capability: generate a per-repo AST-derived dependency graph, expose it via MCP, and enforce early graph lookups when touching modules with broad non-local impact; the author also shares a practitioner-friendly narrative on why assistants miss critical files ([Medium](https://medium.datadriveninvestor.com/why-do-ai-coding-assistants-miss-critical-files-i-built-a-graph-database-to-find-out-9c6c98fe6456?source=rss----32881626c9c9---4)).

calendar_today 2026-02-24
codecompass claude-code mcp fastapi github

Copilot CLI locks down MCP; Skills mature; watch VS Code and licensing gotchas

GitHub Copilot’s latest CLI releases tighten Model Context Protocol access and add workflow polish, while teams see editor and licensing edge cases worth planning for. Copilot CLI v0.0.416 adds enforcement to block third‑party MCP servers when policy disallows them and improves help, streaming counters, terminal status layout, and undo confirmations, while v0.0.415 brought agent model selection, a plan approval menu with curated actions, an env loader, a show_file tool, and quality fixes like UTF‑8 BOM handling and MCP UI polish ([0.0.416](https://github.com/github/copilot-cli/releases/tag/v0.0.416), [0.0.415](https://github.com/github/copilot-cli/releases/tag/v0.0.415), [all releases](https://github.com/github/copilot-cli/releases)). For security‑minded orgs, this pairs with growing scrutiny of what MCP unlocks inside enterprises, from querying internal systems to chaining multi‑step actions—governance and allowlists now matter in practice ([Scalekit’s analysis](https://www.scalekit.com/blog/github-copilot-mcp-enterprise-security-governance)). On the usability front, VS Code Insiders is iterating on a model picker with search, context‑window details, and contextual quick‑pick dialogs, while Copilot in VS Code is adding deeper C++/CMake awareness for richer assistance ([Insiders discussion](https://www.reddit.com/r/GithubCopilot/comments/1rct0g9/new_in_vs_code_insiders_model_picker_and/), [InfoWorld coverage](https://www.infoworld.com/article/4136164/microsoft-brings-c-plus-plus-smarts-to-github-copilot-in-visual-studio-code.html)). Teams should also track known rough edges like Copilot chat sessions not updating without reinstall and license entitlement desync between business and personal seats ([VS Code issue](https://github.com/microsoft/vscode/issues/297226), [GitHub community thread](https://github.com/orgs/community/discussions/187874)). For repeatable DevOps/SRE workflows, “Skills” provide on‑demand, reusable AI runbooks that load progressively and bundle scripts/templates, making it easier to standardize safe automation alongside MCP‑backed tools ([Skills walkthrough](https://dev.to/pwd9000/github-copilot-skills-reusable-ai-workflows-for-devops-and-sres-caf)).

calendar_today 2026-02-24
github-copilot copilot-cli github visual-studio-code microsoft

Golden sets and real-time scoring: patterns for trustworthy AI pipelines

Three recent pieces outline how to build trustworthy AI decision systems by combining golden-set evaluation, calibrated real-time scoring, and reliable data pipelines. Pinterest engineers describe a Decision Quality Evaluation Framework that hinges on a curated Golden Set and propensity-score sampling to benchmark both human and LLM moderation, enabling prompt optimization, policy evolution tracking, and continuous metric validation ([Pinterest framework overview](https://quantumzeitgeist.com/pinterest-builds-framework-assess-content-moderation-quality/)). For revenue-facing classifiers, this post details an end-to-end predictive lead scoring architecture—ingestion, feature engineering, model training, calibration, and real-time APIs—plus the operational must-haves of CRM integration, attribution feedback, and regular retraining ([predictive scoring architecture](https://www.growth-rocket.com/blog/how-to-track-attribution-across-ai-touchpoints/)); a companion piece argues that intent-driven, ML-scored orchestration has effectively replaced spray-and-pray cold outreach ([intent-driven acquisition shift](https://www.growth-rocket.com/blog/building-predictive-lead-scoring-with-ai/)). On the data plumbing side, this guide shows how to stand up Open Wearables—a self-hosted platform that ingests Apple Health data and exposes it to AI via an MCP server with a one-click Railway deploy option—offering a pattern for event ingestion, normalization, and a user-controlled feature store ([Open Wearables walkthrough](https://dev.to/bartmichalak/unlock-your-apple-health-data-export-analyze-it-in-15-minutes-5ek9)).

calendar_today 2026-02-20
pinterest open-wearables apple-health healthkit railway

Stateful MCP patterns for production agents

MCP is moving from flat tool lists to stateful, secure, and data-grounded agent integrations suitable for enterprise use. A deep dive on building stateful MCP servers with Concierge outlines how flat tool catalogs trigger token bloat and nondeterminism, proposing staged workflows, transactions, and server-side state to make agent behavior reliable and cheaper to run ([Building Stateful MCP Servers with Concierge AI](https://atalupadhyay.wordpress.com/2026/02/19/building-stateful-mcp-servers-with-concierge-ai/)). For web interactions, a companion piece argues for deterministic, schema-guaranteed exchanges via declarative or imperative modes instead of brittle browser automation ([Web MCP: Deterministic AI Agents for the Web](https://atalupadhyay.wordpress.com/2026/02/20/web-mcp-deterministic-ai-agents-for-the-web/)). Security guidance reframes agent delivery around evaluation-first practices with IAM/RBAC, auditing, and red-teaming patterns specific to MCP deployments ([Architecting Secure Enterprise AI Agents with MCP](https://atalupadhyay.wordpress.com/2026/02/19/architecting-secure-enterprise-ai-agents-with-mcp/)). Ecosystem integrations are landing: OneUptime ships an MCP server to let agents query incidents, logs, metrics, and traces from your observability stack ([MCP Server - Model Context Protocol for AI Agents](https://oneuptime.com/tool/mcp-server)), Microsoft’s Work IQ MCP brings M365 signals into any agent ([Work IQ MCP](https://medium.com/reading-sh/work-iq-mcp-bring-microsoft-365-context-into-any-ai-agent-a6c6abe8f42c?source=rss-8af100df272------2)), and grounding via protocolized data access helps reduce hallucinated business facts ([How your LLM is silently hallucinating company revenue](https://thenewstack.io/llm-database-context-mcp/)).

calendar_today 2026-02-20
anthropic model-context-protocol-mcp concierge-ai oneuptime microsoft-365

OpenAI Skills + Shell for long‑running agents: patterns and pitfalls

OpenAI’s new Skills and Shell tooling make it easier to ship capability‑scoped, long‑running agents for real backend work, but early adopters report reliability gaps you should engineer around. OpenAI’s cookbook shows how to turn discrete capabilities into reusable Skills that your agent invokes via tool calls, enabling least‑privilege execution and clearer observability ([Skills in API](https://developers.openai.com/cookbook/examples/skills_in_api/)); paired with the “tool‑call render” pattern, this turns a chatty bot into a doer with predictable handoffs ([render pattern explainer](https://dev.to/programmingcentral/the-tool-call-render-pattern-turning-your-ai-from-a-chatty-bot-into-a-doer-4cb2)). For workloads that run minutes to hours, OpenAI’s guidance combines Shell, Skills, and compaction to manage state bloat, retry long steps, and keep transcripts affordable and debuggable ([Shell + Skills + Compaction tips](https://developers.openai.com/blog/skills-shell-tips/)). Plan for rough edges reported by developers: an embedding outage returned all‑zero vectors in text‑embedding‑3‑small, some Assistants API file uploads expired immediately, GPT‑5.2 extended‑thinking had very low tokens/sec for some, and Apps SDK toolInvocation status UI required a widget workaround ([embedding outage](https://community.openai.com/t/embedding-model-outage-text-embedding-3-small-api-ev3-model-name-with-all-0-values/1374079#post_10), [files expiring](https://community.openai.com/t/files-instantly-expiring-upon-upload/1366339#post_5), [slow generation](https://community.openai.com/t/gpt-5-2-extended-thinking-webchat-has-unworkably-slow-token-4-tps-generation/1373185?page=3#post_49), [toolInvocation UI bug](https://community.openai.com/t/bug-meta-openai-toolinvocation-invoking-and-meta-openai-toolinvocation-invoked-not-shown-unless-the-tool-registers-a-widget/1374087#post_1)).

calendar_today 2026-02-12
openai chatgpt assistants-api agents-sdk chatgpt-apps-sdk

Claude Code’s agentic push meets release governance

Claude Code is moving from autocomplete to autonomous delivery, and new updates plus governance patterns show how to adopt it safely across backends and data pipelines. Anthropic shipped multiple February hardening updates to Claude Code (2.1.39–2.1.42) that add a guard against nested sessions, clearer Bedrock/Vertex/Foundry fallbacks, CLI auth, Windows ARM64 support, and richer OpenTelemetry spans via a new speed attribute ([release notes](https://releasebot.io/updates/anthropic/claude-code)). As agentic coding scales beyond snippets to plans, tests, and commits, [Unleash’s guide](https://www.getunleash.io/blog/claude-code-unleash-agentic-ai-release-governance) lays out a FeatureOps playbook (standard flag naming, mandatory gating, and cleanup) tailored to Claude Code’s terminal + MCP architecture. For rollout, pilot Agent Teams on a low-risk service and wire it into CI under flags using this 13‑minute walkthrough ([video](https://www.youtube.com/watch?v=y9IYtWELMHw&pp=ygUYQUkgY29kaW5nIGFnZW50IHdvcmtmbG93)), scaffold workflows with the community’s [ultimate guide](https://github.com/FlorianBruniaux/claude-code-ultimate-guide), and use this Opus 4.6 technical dive to inform capability boundaries and prompt patterns ([deep dive](https://medium.com/@comeback01/the-arrival-of-claude-opus-4-6-a-technical-deep-dive-into-the-enterprise-ai-singularity-0f86002836c1)).

calendar_today 2026-02-12
anthropic claude-code unleash claude-opus-46 bedrock
Previous