Your MCP server works perfectly on localhost. Five green checkmarks. Clean logs. You're a genius!
Then you try to deploy it.
OAuth tokens leak into logs. Secrets are hardcoded because "it's just a prototype." The whole thing crashes under two concurrent users.
Welcome to production.
Every developer hits this wall. You can build an MCP server in an afternoon, but making it production-ready usually means rewriting half of it. New auth flows. Proper secret management. Multi-user context handling. Deployment infrastructure you don’t have to babysit.
None of it's the fun part. All of it is mandatory.
That's why we built the Secure MCP Framework — the open-source framework that makes any MCP server secure and production-ready without rewrites.
Why MCP Breaks in the Wild
MCP works great until it meets real users. Then everything that seemed fine locally becomes a problem:
Token refreshes that worked perfectly now, but fail silently in prod. Your "temporary" workaround of giving the agent admin access just failed your security review. You're three weeks past your demo deadline, debugging OAuth flows at 2 AM.
Secrets management that was "good enough" for testing is now a compliance nightmare. Your observability tool logged an API key. Your CISO found it. Your deployment's getting rolled back.
Multi-user context that you didn't think about becomes critical the moment a second person tries to use your tool. User A's Reddit token gets passed to User B's request. Now you need to explain why someone saw someone else's private messages.
We've built hundreds of MCP servers and thousands of tools at Arcade. This framework is the one we wish we'd had from the start—a way to skip the rebuild that always comes right before shipping.
The Fix
Here's what going from localhost to production usually looks like:
- Write custom OAuth handlers for each provider
- Build your own secrets manager
- Implement multi-user scope isolation
- Set up deployment infrastructure
- Add monitoring and logging
- Handle token refresh across services
- Get past your security review
- Deploy (and pray)
Here's what it looks like with the Secure MCP Framework:
arcade deployThis isn't another API wrapper or demo scaffold. It's the same framework we use internally to take MCP servers from prototype to production—with tool-level authorization, secrets that never touch the LLM, and deployment that actually scales baked in.
As I like to say: build an MCP server your CISO will actually let you use in prod.
How It Works
You can go from a local demo to a production-ready server in a single sitting.
uv pip install arcade-mcp
arcade new my_server
cd my_server
arcade deploy -e src/my_server/server.pyDefine a tool with proper auth scoping:
@app.tool(requires_auth=Reddit(scopes=["read"]))
def get_posts(context: Context, subreddit: Annotated[str, "Subreddit name"]) -> dict:
"""Get posts from a subreddit"""
token = context.get_auth_token_or_empty()
# Your implementation here
...What's actually happening under the hood:
The framework handles OAuth flows, manages token refresh, and injects credentials server-side through Context. The LLM never sees tokens. Neither does the client.
The framework also lets you pass richer context to your tools — things like authenticated user data, secrets, or project state — through the same interface. No manual wiring, no global variables, no hacks.
When you deploy to the Arcade engine, all of this works exactly as it does in production—no mock tokens, no local hacks, no "we'll fix it later" workarounds.
Built-in evals let you test and benchmark locally before pushing anything live. Bring your own credentials, validate your setup, catch issues before users do.
Here's what breaks without this: Your LLM sees the OAuth token in the prompt. It logs it. Now that token's in your observability tool. Your security team finds it during a routine audit. Your deployment gets killed. You spend a week explaining why you thought that was okay.
Why Developers Care
The Secure MCP Framework is local-first but cloud-ready. It works with Cursor, VS Code, Claude Desktop, and ChatGPT. The DX is clean, Pythonic, and fast—because it's the same system we use for every production tool at Arcade.
It's battle-tested at scale. We run thousands of tools through this framework. If there was a way to break it, we've already found and fixed it.
And it grows with you. Start with a localhost prototype. Deploy to staging. Scale to production. Zero rewrites required. The same code that runs on your laptop runs in prod—just more securely.
It's how we keep our own servers from collapsing the minute they leave localhost.
The Fast Path to Production
Other frameworks stop at "it runs".
The Secure MCP Framework grows with you—from prototype to production—with zero rewrites. Deploy, secure, scale, and continuously improve in one motion.
No cobbled-together auth. No "we'll handle secrets later." No surprise security reviews that kill your launch.
Just working code that ships.
Build Like We Build
We use this same framework for every Arcade tool and MCP server we ship.
It's how we build. Now it's yours.
→ Get Started: Secure MCP Framework Quickstart
→ Star it on GitHub
P.S. — If your MCP server makes it past your first security review without this framework, you're either very lucky or very dangerous. Probably both.
