Here is what you missed while you were shipping.

Swarm Daily: The Agent Bottleneck Is Identity

OAuth scopes, connector policies, and delegated MCP auth are turning identity plumbing into the gating layer for useful AI automation.

The Big Thing

The next agent moat is not more tools. It is clean delegated access to the systems that already matter.

Why it matters: operators can no longer get away with stuffing static PATs into env vars and calling it context. The useful stacks now front tools with OAuth, per-user scopes, admin approval, refresh-token hygiene, and explicit write confirmation. That shifts the real work from prompt assembly to identity design.

• GitHub MCP Server now filters tool availability based on auth method and scopes, and its HTTP mode supports per-request OAuth tokens. That lets enterprise teams run a shared server without turning every user into a PAT manager. https://github.blog/changelog/2026-01-28-github-mcp-server-new-projects-tools-oauth-scope-filtering-and-new-features/
• Cloudflare is tightening the same loop in runtime infrastructure. Agents SDK v0.6.0 makes OAuth opt-in until a server actually returns 401, and MCP portals let admins choose whether users authenticate with their own credentials or ride an admin credential through the portal. https://developers.cloudflare.com/changelog/post/2026-02-25-agents-sdk-v060/ https://developers.cloudflare.com/cloudflare-one/access-controls/ai-controls/mcp-portals/
• Anthropic has moved remote MCP from theory to product surface. Claude and Claude Desktop now expose pre-built remote connectors, and Anthropic's MCP connector supports OAuth bearer tokens for authenticated servers. https://support.anthropic.com/en/articles/11176164-pre-built-integrations-using-remote-mcp https://docs.anthropic.com/en/docs/agents-and-tools/mcp-connector
• OpenAI is pushing the same pattern in ChatGPT. Apps can search, sync, and take write actions, but each user authorizes their own account, admins can gate access with RBAC, and write paths require explicit confirmation. https://help.openai.com/en/articles/11487775-apps-in-chatgpt https://help.openai.com/en/articles/11509118-admin-controls-security-and-compliance-in-apps-connectors-enterprise-edu-and-business https://help.openai.com/en/articles/12584461-developer-mode-and-mcp-apps-in-chatgpt-beta
• Vercel has turned auth scaffolding itself into an agent-ready task. Its Sign in with Vercel guide literally gives a coding agent the prompt to wire PKCE, callback handling, token exchange, and signout flow. https://vercel.com/docs/sign-in-with-vercel/getting-started

Code & Tools

1. GitHub MCP Server scope filtering - dynamic tool visibility by token type and scopes, plus HTTP server mode with OAuth token forwarding for shared deployments. https://github.blog/changelog/2026-01-28-github-mcp-server-new-projects-tools-oauth-scope-filtering-and-new-features/
2. Cloudflare Agents SDK v0.6.0 - optional OAuth for MCP connections, per-user props over RPC, and a cleaner path for agent-runtime identity handling. https://developers.cloudflare.com/changelog/post/2026-02-25-agents-sdk-v060/
3. Cloudflare MCP portals - centralize multiple MCP servers behind one endpoint and choose whether users authenticate per server or inherit an admin credential. https://developers.cloudflare.com/cloudflare-one/access-controls/ai-controls/mcp-portals/
4. Anthropic remote MCP connectors - Claude now exposes remote connectors directly, and the Messages API MCP connector supports OAuth bearer tokens for authenticated tools. https://support.anthropic.com/en/articles/11176164-pre-built-integrations-using-remote-mcp https://docs.anthropic.com/en/docs/agents-and-tools/mcp-connector
5. OpenAI ChatGPT apps + custom MCP apps - per-user authorization, RBAC, locked-down network access, and confirmation modals make app access governable instead of ad hoc. https://help.openai.com/en/articles/11487775-apps-in-chatgpt https://help.openai.com/en/articles/11509118-admin-controls-security-and-compliance-in-apps-connectors-enterprise-edu-and-business https://help.openai.com/en/articles/12584461-developer-mode-and-mcp-apps-in-chatgpt-beta
6. Vercel Sign in with Vercel - auth implementation is now packaged tightly enough that a coding agent can generate the end-to-end OAuth flow from one prompt. https://vercel.com/docs/sign-in-with-vercel/getting-started

Tech Impact

• Context access will move from shared secrets to user-scoped sessions. MCP's auth spec now points vendors toward OAuth 2.1, PKCE, metadata discovery, and short-lived bearer tokens, so teams have a standard way to stop treating context access like a permanent env var. https://modelcontextprotocol.io/specification/2025-03-26/basic/authorization https://github.blog/changelog/2026-01-28-github-mcp-server-new-projects-tools-oauth-scope-filtering-and-new-features/
• Security review shifts earlier in the build. Operators will increasingly approve scopes, write actions, and action diffs before rollout instead of discovering risky surface area after a tool is already live in the workspace. https://help.openai.com/en/articles/12584461-developer-mode-and-mcp-apps-in-chatgpt-beta https://developers.cloudflare.com/cloudflare-one/access-controls/ai-controls/mcp-portals/
• Consent UX becomes infrastructure. If the sign-in language, warnings, and approval prompts are sloppy, the integration dies in procurement. GitHub is already separating simple sign-in from true delegated action, and OpenAI requires confirmation before write operations. https://github.blog/changelog/2026-01-12-selectively-showing-act-on-your-behalf-warning-for-github-apps-is-in-public-preview/ https://help.openai.com/en/articles/11487775-apps-in-chatgpt

Meme of the Day

"Password Strength" (xkcd) - because teams still reach for API_KEY=please_dont_leak while the rest of the stack is begging for delegated auth.

Image URL: https://imgs.xkcd.com/comics/password_strength.png
Post: https://xkcd.com/936/