Members-Only
Recent Talks & Demos are for members only
You must be an AI Tinkerers active member to view these talks and demos.
Smithery Connect: Fine-Grained Tokens
See a live demo of Smithery Connect, simplifying AI agent tool connections. Learn to set up secure, scoped tokens for safe tool access across browsers, mobile, and agents.
A live demo of Smithery Connect — a managed service that handles the messy parts of connecting AI agents to tools (OAuth flows, credential storage, token refresh) so you don’t have to.
I’ll show how to set up a connection to an MCP server in seconds without configuring redirect URIs or client secrets, then do a deep dive into token scoping: creating short-lived, fine-grained tokens that let you safely expose tool access to browsers, mobile apps, and AI agents.
We’ll explore the idea of Biscuit tokens and attenuation — tokens can only be narrowed, never widened — so you can hand a scoped token to untrusted code and know it can’t escalate its own permissions.
Marketplace for Model Context Protocol servers facilitating LLM tool orchestration.
- Smithery ConnectSmithery Connect simplifies AI agent development: it provides a managed service for integrating Model Context Protocol (MCP) servers, handling all authentication and connection lifecycle.Smithery Connect is the managed service for AI agent developers: it streamlines Model Context Protocol (MCP) server integration. We eliminate complex setup with zero OAuth configuration and automatic token refresh (credentials stay valid). The platform provides immediate access to a large ecosystem of MCP servers (3,703+ apps): agents can dynamically select and integrate tools like Gmail, Notion, or GitHub. This service manages the full connection lifecycle, offering secure, encrypted storage for API keys and tokens, so developers focus strictly on agent logic.
- OAuthOAuth (Authorization) is the open standard for delegated access: it issues time-limited access tokens to third-party clients, allowing them to use a Resource Owner's data on a Resource Server (API) without ever seeing the user's credentials.OAuth 2.0 is the current Authorization Framework, a critical protocol for securing modern APIs. It strictly separates the Resource Owner (user) from the Client (application) and the Resource Server (API). The core function is authorization delegation: a user grants an application permission to access specific data (scopes) on their behalf. This process yields an Access Token, a credential string with a defined lifetime (e.g., 3600 seconds) that the Client uses to make protected resource requests. This token-based approach prevents the Client from handling the user's primary credentials (username/password), significantly enhancing security and control.
- BiscuitBiscuit is a capabilities-based, decentralized authorization token leveraging public key cryptography and Datalog for policy enforcement.Biscuit is a modern cryptographic token designed for distributed authorization in microservices architectures. Unlike traditional tokens, it allows for decentralized validation (any node verifies with a public key) and offline delegation (attenuation), meaning a token holder can create a new, restricted token without contacting the issuer. The core authorization logic is defined using Datalog, a logic programming language, which is embedded directly in the token. This design eliminates the need for a central authorization server query on every request, significantly reducing network traffic and latency while providing granular, flexible rights management via verifiable attenuation blocks.
- MCPMCP is the open-source standard for securely connecting AI agents (like LLMs) to external tools, data, and enterprise workflows.The Model Context Protocol (MCP) functions as a standardized integration layer: think of it as a USB-C port for AI applications. Developed and open-sourced by Anthropic, this protocol allows large language models (LLMs) to access real-time context and execute actions via external tools like GitHub, Jira, or proprietary databases . It uses a simple JSON-RPC interface to define tools, schemas, and endpoints, which enables AI agents to perform complex, state-changing tasks—such as creating a GitHub issue or running a test script—rather than just generating text . MCP is essential for building agentic AI systems that can autonomously pursue goals and operate within defined safety and permission boundaries .
- BiscuitsA high-performance, lightweight library for secure cookie management in modern web applications.Biscuits provides a streamlined API for handling HTTP cookies with a focus on security and minimal overhead. Developed to solve common state management hurdles, it enforces best practices like SameSite attributes and secure flags by default. The library weighs in at under 2KB (gzipped), making it an ideal choice for performance-critical frontends that require robust client-side data persistence without the bloat of legacy frameworks.
Related projects
Smithery Playground: Build and Test Your MCP
Singapore
Learn how to quickly construct and validate your MCP using the Smithery Playground, covering setup, configuration, testing procedures,…
CodeDB: Building a Code Intelligence Server That Cuts Agent Token Usage
Singapore
See how CodeDB indexes codebases to provide structured answers, drastically reducing agent token usage and latency for efficient…
Agents for the layman
Singapore
Learn how to build effective Microsoft Office agents using `office-js` bindings and custom dev tools for faster iteration…
Edge-First AI: Per-Student Agents on Cloudflare
Singapore
Learn how to build an AI tutoring platform with per-student stateful agents using Cloudflare Durable Objects and local…
Agents require executive function
Toronto
Explore an open-source YAML specification for agent orchestration, drawing on cognitive science to build an artificial neocortex and…
From Chatbots to Sandboxes: Why AI Needs an Execution Layer
Singapore
Learn how to move beyond AI demos to build systems that reliably execute real-world tasks, addressing limitations in…