SUMM

Lizzie Siegle (Cloudflare) and Nick Nisi (WorkOS) introduce themselves and their focus on AI agents and developer experience.
Lizzie describes building AI agents and MCP servers to automate tasks like voting in the NBA finals and booking tennis courts.
Discussion on the need to control agent permissions to ensure agents only perform authorized actions.
Nick highlights that existing agent setups (like GitHub MCP) are developer-centric and not user-friendly for non-developers.
Emphasis on the need for more traditional, user-friendly authorization frameworks for agents, similar to those for user-facing products.

Lizzie explains that Cloudflare offers much more than security and CDN, including compute cloud workers, hosting AI models, vector databases, SQL databases, durable objects, and video streaming.
Durable objects are used in the agents framework to provide persistent memory, which is crucial for agent functionality.
Cloudflare workers have bindings that let agents interact with other Cloudflare products and third-party services.
Cloudflare now offers a free tier for durable objects, making persistent memory more accessible to startups and individual developers.

Nick demonstrates deploying a basic MCP server using Cloudflare and WorkOS with the command line and Cloudflare dashboard.
The server is integrated into an agent (Claude) and authenticates on behalf of the user via GitHub login.
The demo agent (MCP.shop) accesses tools and processes a shirt order by collecting size, company name, and mailing address.
Order information is stored in Cloudflare's key value (KV) storage, showcasing how agent actions can persist data.

The agent can retrieve and display user job information, including name, email, and favorite song, pulled from a JWT.
Agent recognizes user role and permissions, such as admin access.
Nick explains how durable objects facilitate fast, user-specific storage directly linked to agent workflows.
Demonstration of updating a "mode" in the user's contextual storage, affecting agent behavior (restricting or allowing shirt orders based on mode).
Illustrates how agent behavior can change dynamically based on stored user context and prompt input ("pretty please" enables an otherwise denied action).

Instructions for quickly deploying your own offless (no authorization) MCP server on Cloudflare, but users are cautioned about security.
Highlight of how MCP is just an API interface, aligning agent APIs with user-facing tool standards.
Vision for future development includes fine-grained authorization (per line, per tool, per network connection) and scalability to thousands of agent-driven tasks.
Importance of having a robust audit trail to track which agent acted, on whose behalf, and the outcome of actions.
Suggestion to consider users as "deputies" with tool access, emphasizing both responsible use and potential misuse.
Resources and code are available for viewers to try the demo or build and extend MCP servers (including the option to add custom tools like "pretty please").
Viewers are encouraged to try the demo at mcp.shop and explore the GitHub repo for further experimentation.

Agents, Access, and the Future of Machine Identity — Nick Nisi (WorkOS) + Lizzie Siegle (Cloudflare)