Developer builds MCP control plane, asks if it's a real product
u/bhayya6698 built an internal MCP control plane that goes far beyond API-to-tool generation, handling auth, RBAC, retries, drift detection, and multi-step automations — and is now asking whether others face the same problems.
Score breakdown
The post surfaces a cluster of operational challenges — auth layering, RBAC, drift detection, and multi-step workflow management — that arise when MCP tooling moves beyond local experiments to production use with real users and APIs.
- 01u/bhayya6698 built an internal MCP control plane after finding that generating MCP tools from OpenAPI/cURL specs was the easy part.
- 02Key pain points include separating MCP client auth from downstream API auth, scoping tokens by user type and environment, and RBAC to block destructive actions.
- 03The system covers the full lifecycle: import, generate, configure, test, deploy, monitor, diagnose, retry, and detect API drift.
u/bhayya6698 describes starting with a straightforward need: give agents access to APIs that lacked native MCP support, spanning internal services, customer APIs, and third-party REST endpoints documented only via OpenAPI specs or cURL examples. Generating MCP tools from those specs quickly proved to be the least of the challenges. The real complexity emerged in the operational layer: deciding which endpoints should become tools, writing tool names and descriptions that agents reliably select, managing MCP client auth independently from downstream API auth, scoping tokens by client, environment, user type, and allowed tools, and preventing low-permission users from triggering write or destructive actions. Additional pain points included mapping runtime variables to required inputs, diagnosing failed tool calls without raw log spelunking, retrying failed calls safely with edited payloads, and detecting when upstream APIs or their documentation change.
The post closes with a community survey asking whether these problems are common enough to warrant a commercial product, and whether users prefer agent-orchestrated multi-step flows or managed automations.
The internal system that emerged covers a full lifecycle: importing APIs from OpenAPI, cURL, or docs; generating recommended MCP tools; configuring auth, secrets, variables, and response formatting; defining tokens, user types, permissions, and approval rules; testing before deployment; deploying an MCP endpoint; monitoring calls; diagnosing failures with root-cause and payload visibility; retrying safely; and detecting API drift. Beyond single-tool use cases, the author added an "Automations" layer for multi-step workflows — the example given is `collect_payment_and_update_crm`, which chains `create_payment_link`, polls payment status, and updates a CRM on completion. The post closes with a community survey asking whether these problems are common enough to warrant a commercial product, and whether users prefer agent-orchestrated multi-step flows or managed automations.
Key facts
- 01u/bhayya6698 built an internal MCP control plane after finding that generating MCP tools from OpenAPI/cURL specs was the easy part.
- 02Key pain points include separating MCP client auth from downstream API auth, scoping tokens by user type and environment, and RBAC to block destructive actions.
- 03The system covers the full lifecycle: import, generate, configure, test, deploy, monitor, diagnose, retry, and detect API drift.
- 04An 'Automations' concept handles multi-step workflows that a single MCP tool cannot cover.
- 05Example automation: collect_payment_and_update_crm chains payment link creation, payment status polling, and CRM update.
- 06The post asks the community whether these operational pain points are widespread enough to justify a standalone product.
Topics
Summary and scoring are generated automatically from the original article. We always link back to the publisher and never republish images or paywalled content. Last processed Jun 9, 2026 · 17:05 UTC. How this works →