Arcade.ai MCP Gateway
Overview
Arcade is a production-ready tool calling platform and MCP gateway that securely orchestrates AI agent access to external services and enterprise systems. It acts as an intermediary between LLM agents and backend systems, managing authentication, authorization, and audit trails while enabling agents to invoke tools across multiple systems without exposing credentials.
Core Architecture
Tool Calling Flow
The platform orchestrates interactions between three components:
- Agent App (tool runtime) invokes the LLM with prompt and tool definitions
- LLM processes the intent and returns selected tool with predicted parameters
- Arcade transparently proxies requests, intercepts function calls, executes tools with authorization checks, and returns results to the LLM
Arcade transparently proxies LLM requests by pointing them at Arcade’s URL instead of the provider’s, maintaining OpenAI API compatibility while adding security controls.
MCP Gateway Pattern
The gateway operates as a centralized hub between AI agents and MCP servers:
AI Agent → MCP Gateway → MCP Servers (multi-system orchestration)
(auth, authz, audit, policy enforcement)
The gateway manages:
- Request logging and validation
- Security policies and sensitive data masking
- Context state across multi-step workflows
- Tool-level permissions and role-based access control
- Complete audit trails for compliance
Key Features
Orchestration Capabilities
Multi-System Coordination: Single agents orchestrate across ERP, CRM, supplier portals, logistics systems, and hundreds of enterprise applications while maintaining consistent state.
Standardized Tool Invocation: Agents access uniform tool schemas regardless of underlying systems (SAP vs. Oracle vs. Dynamics 365), abstracting system-specific APIs.
Context-Aware Memory: Persists supplier metrics, contracts, negotiation history, and other stateful information across workflows for sophisticated multi-step interactions.
Multi-Agent Handoff: Specialized agents coordinate via LangGraph orchestration while Arcade maintains delegated permissions. Example: sourcing agent → compliance agent → risk agent with shared context.
Security & Authorization
- Session-Scoped Identities: Each agent interaction uses unique, temporary credentials tied to specific users
- Zero-Trust Architecture: Whitelisted endpoints only; no blanket system access
- Tool-Level Permissions: Granular scopes limiting agent actions to authorized operations
- RBAC Integration: Role-based access controls for both human users and AI agents
- Prompt Sanitization: Protection against prompt injection attacks
- Audit Trails: Complete logging of all agent activities for compliance and forensic analysis
- Policy Enforcement: Ensures all interactions conform to organizational security and operational policies
Pre-Built Integrations
Arcade provides battle-tested connectors for:
- Communication: Gmail, Slack, Twilio, Microsoft Teams
- Development: GitHub, GitLab
- Productivity: Salesforce, Jira
- Data: Spotify, Google Workspace, custom databases
- Hundreds of enterprise applications via connector catalog
Developer Experience
Agent Auth: AI agents act with secured OAuth-enabled or secret-protected access without manual token management.
Custom Tool SDK: Developers build tailored integrations extending Arcade’s functionality with arcade deploy for one-command cloud deployment.
Tool Evaluations: Automates benchmarking and testing of LLM-tool interactions.
Minimal Code: Less than five lines of code to create agent using OpenAI agents SDK.
Practical Use Cases
Risk & Compliance Agent
Continuously monitors supplier performance, logistics APIs, and external risk feeds (weather, geopolitical alerts). Identifies anomalies in real-time, flags SLA breaches, and suggests alternative suppliers or re-routing based on inventory and cost constraints. Auto-notifies teams via Slack/Teams.
Sales Intelligence Agent
Analyzes calls, emails, and CRM data, then takes secure actions within Salesforce—transforming smart assistants into revenue-driving systems.
GitHub Integration Example
Single agent fetches GitHub details (issues, PRs), creates new issues if needed, and sends SMS confirmations via Twilio—all through unified interface without scattered credentials.
Slack-Based Agent (Archer)
Slack-integrated AI agent accessing Google, GitHub, and other MCPs directly within Slack conversations.
Implementation Patterns
Center of Excellence Model
Successful scaling follows this approach:
- Start with single high-impact use case (RFQ automation, risk alerts)
- Maintain MCP server catalog and governance standards
- Provide reusable agent templates and tool definitions
- Monitor performance across deployments
- Continuously update security policies
Multi-Agent Architecture
- Each agent optimizes for specific objectives
- More reliable outcomes than monolithic systems
- Requires agent handoff protocols maintaining context
- Needs conflict resolution mechanisms for disagreements
- Enables human-in-the-loop controls for high-value decisions
Deployment Options
- Cloud-hosted (Arcade infrastructure)
- VPC deployment (enterprise networks)
- On-premises (data sovereignty requirements)
Advanced Capabilities
Blockchain & IoT Integration: Agents access verifiable supply chain data and real-time visibility into product movement, provenance, and custody changes.
Server & Tool Supply-Chain Controls: Well-defined request/approval processes for which servers and tools different agents can access.
Context Awareness: Routes agents to correct tools based on semantic intent rather than explicit configuration.
Data Sovereignty Alignment: Meets regional and regulatory boundaries without fragmenting infrastructure.
Comparison with Traditional Approaches
| Aspect | Traditional | Arcade |
|---|---|---|
| Credential Management | Scattered, exposed | Centralized, protected |
| Tool Definitions | System-specific APIs | Standardized schemas |
| Authorization | No agent controls | Session-scoped, RBAC |
| Audit Trail | Limited/manual | Complete, automatic |
| Multi-System Orchestration | Manual coordination | Native support |
| Deployment | Manual infrastructure | One command (arcade deploy) |
Limitations & Considerations
- Requires organizational governance for Center of Excellence operation
- Multi-agent coordination introduces complexity
- Integration with identity providers necessary for enterprise use
- Context management must be explicitly designed for multi-step workflows
Significance
Arcade democratizes secure tool orchestration for AI agents, moving beyond proof-of-concept chatbots to production agent systems that can take real actions across enterprise systems. The MCP gateway pattern represents a standardized approach to agent authorization, making it feasible for enterprises to deploy multi-agent systems at scale.
Resources
- Website: https://arcade.ai
- GitHub: https://github.com/ArcadeAI
- Documentation: https://docs.arcade.ai
- Deploy Command:
arcade deploy - Related: Model Context Protocol, Tool Calling, AI Agents, Multi-Agent Systems
Status: DRAFT
Last Updated: 2024-12-23
Review: Awaiting approval before publication