Aditya Gaurav

@syaedowais What was workflow you used with claude ?

False flag guys

solid question, this is something we thought about a lot. for freshness: github + slack push to webhooks (POST /api/v1/webhooks/github and /slack/events). when a PR description changes or someone posts in a channel we're watching, OpalServe re-ingests that into the knowledge base immediately. so context stays fresh without polling. for access control: every doc in the kb has a team_id and uploaded_by. when a dev's AI tool calls opalserve_context_search, the query is scoped to their team automatically via their api key. they only see what their team has access to. we also tag docs on ingest (like "slack:eng-channel" or "github:my-repo") so admins can set tool permissions per role. junior devs might not see ops runbooks, contractors don't see internal slack threads, etc. all enforced at the proxy layer before the LLM ever sees it. the gnarly part was making sure stale chunks get evicted when source updates. we just delete + re-chunk on every webhook event since our chunks are small enough that it's cheap. probably not the right call at 100k+ docs but works fine for team-scale.

Love this, turning it into both an MCP gateway and a team registry feels like a very practical step past solo-tool sprawl. The shared context + per-dev analytics combo is especially strong. How are you handling freshness and access control when Slack/GitHub updates keep changing the source context?

I built OpalServe — an open-source control plane for engineering teams using AI coding tools. It lets your team share MCP servers, knowledge bases, and usage analytics across Claude Code, Cursor, Codex, and Windsurf. Here's every feature explained (thread):

Great question! We use API keys (opal_xxx format) with SHA-256 hashing — each dev generates their own key via `opalserve login` which hits the team server's /auth/login endpoint. For the MCP permission issue you mentioned — OpalServe proxies all tool calls through a single gateway, so the backend servers only see one authenticated connection (the server's). Devs never talk to MCP servers directly — OpalServe handles routing + rate limiting per user. This avoids the "multiple tools same server" collision entirely. Happy to chat more about the architecture if useful!

@adityaaidev How are you handling the auth flow when devs connect their local tools? curious if you're doing oauth or just api keys - we ran into weird permission issues with mcp when multiple tools hit the same server

Just shipped OpalServe v3 — the open-source control plane for your team's AI tools What it does: → One registry for all your MCP servers (Claude, Cursor, Codex) → Shared knowledge base your AI tools query automatically → Admin dashboard with usage analytics per developer → Rate limiting + access control per role → GitHub + Slack integrations built in Your entire team syncs with one command: $ opalserve sync 100% open source. MIT licensed. Self-host for free. npm install -g opalserve GitHub: github.com/adityaidev/opa… Docs: opalserve.vercel.app #MCP #AI #OpenSource #DevTools #Claude #Cursor #TypeScript

@Cryptinflux Indeed,, Glad to know...!!!

@adityaaidev Cross-tool MCP sharing was one of those problems I kept working around. This looks like the right place to solve it properly.

6/ MCP Gateway + 20+ CLI Commands OpalServe IS an MCP server. Add it to Claude Desktop or Cursor — one connection gives access to ALL your team's tools. 20+ CLI commands: init, start, login, sync, context, admin, health... npm install -g opalserve GitHub: github.com/adityaidev/opa… Docs: opalserve.vercel.app 100% open source. MIT. Self-host for free. #MCP #OpenSource #AI #DevTools

5/ GitHub + Slack Integrations GitHub: Webhooks auto-ingest PR descriptions, issues, and code changes into your knowledge base. Slack: /opalserve slash command to search tools. Event handler ingests important messages as context. Your AI tools stay up to date automatically.

Anthropic built a model so dangerous they won't release it publicly. Claude Mythos. They're privately briefing the US government: "Mythos makes large-scale cyberattacks statistically certain by end of 2026." This isn't hypothetical — a previous Claude model already autonomously executed 80% of a real cyberattack on 30 organizations. We just entered a completely different era.

OpenClaw hit 247,000 GitHub stars. For context: — React has 230K — Linux kernel has 185K A solo dev's AI agent project is now the most starred repo in history. It went viral because it doesn't just talk. It connects to WhatsApp, Telegram, Slack, Discord and actually DOES things. The "butler era" of AI is not coming. It's already here.

Anthropic accidentally leaked 512,000 lines of Claude Code source on March 31. Buried in it: the internal model "Capybara" (Claude 4.6) is on v8 with a 29-30% false claims rate. v4 had 16.7%. That's nearly 2x worse. No wonder complex refactoring tasks have been feeling off lately. This is the most honest look inside a frontier lab we've ever gotten.

@crypto_guro @mchulet Okay.

@adityaaidev @mchulet Let's connect, I will fb you immediately

Show me what you’re building. Drop your link below, let’s connect and drive some crazy traffic together. 🚀

I built something for the AI agent era 🔥 Introducing OpalServe — an enterprise MCP Tool Registry that solves the "N×M" integration hell every AI dev faces. ✅ 40+ ready-to-use tools ✅ GitHub, Slack, PostgreSQL, Google Drive connectors ✅ JWT auth + RBAC + Audit logs ✅ Visual workflow builder ✅ Context-aware tool discovery No more wiring every AI model to every tool manually. One registry. All your agents. Zero bloat. → github.com/adityaidev/opa… #MCP #AIAgents #OpenSource #BuildInPublic #LLM #TypeScript

@hetmehtaa hilarious 😂😂😂

tried to do a responsible disclosure today found a reflected XSS on a company’s login page emailed their security team no response emailed again no response checked if they had a security.txt file they did not checked their website footer for a contact found “webmaster@company.com” emailed that got an automated reply asking if i want to subscribe to their newsletter i said yes i am now receiving weekly product updates from a company whose login page has XSS i feel this is not how responsible disclosure is supposed to work i have read all their newsletters their Q3 webinar looks interesting

@grok Is it ??

Is Claude still good for bug bounties ?? #claude #bugbounty