From 641ab26d924a9c6022671c1fd951c17cc216bf63 Mon Sep 17 00:00:00 2001 From: Shub <125150494+shubcodes@users.noreply.github.com> Date: Tue, 23 Jun 2026 14:44:37 -0700 Subject: [PATCH 01/15] docs(deployment): add Warp Tunnels guide MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add a Warp Tunnels page under Guides → Deployment & hosting covering how a self-hosted Arcade Engine connects external AI clients to private MCP servers: internal connectivity via ssrf_allowlist, multi-network deployments, and external access through a reverse proxy (cloudflared, ngrok, nginx). Includes three hand-crafted SVG architecture diagrams, gateway auth modes, required proxy headers, client compatibility, and known limitations. Wires the page into deployment-hosting/_meta.tsx and links it from the hosting overview. Co-Authored-By: Claude Opus 4.8 (1M context) --- app/en/guides/deployment-hosting/_meta.tsx | 3 + app/en/guides/deployment-hosting/page.mdx | 2 + .../deployment-hosting/warp-tunnels/page.mdx | 284 ++++++++++++++++++ public/images/warp-tunnels/scenario-1.svg | 119 ++++++++ public/images/warp-tunnels/scenario-2.svg | 115 +++++++ public/images/warp-tunnels/scenario-3.svg | 117 ++++++++ 6 files changed, 640 insertions(+) create mode 100644 app/en/guides/deployment-hosting/warp-tunnels/page.mdx create mode 100644 public/images/warp-tunnels/scenario-1.svg create mode 100644 public/images/warp-tunnels/scenario-2.svg create mode 100644 public/images/warp-tunnels/scenario-3.svg diff --git a/app/en/guides/deployment-hosting/_meta.tsx b/app/en/guides/deployment-hosting/_meta.tsx index 5ba61b455..5b0981f49 100644 --- a/app/en/guides/deployment-hosting/_meta.tsx +++ b/app/en/guides/deployment-hosting/_meta.tsx @@ -17,6 +17,9 @@ const meta: MetaRecord = { "on-prem": { title: "On-premises MCP servers", }, + "warp-tunnels": { + title: "Warp Tunnels", + }, "configure-engine": { title: "Configure Arcade's engine", }, diff --git a/app/en/guides/deployment-hosting/page.mdx b/app/en/guides/deployment-hosting/page.mdx index 014a9f491..5987f8158 100644 --- a/app/en/guides/deployment-hosting/page.mdx +++ b/app/en/guides/deployment-hosting/page.mdx @@ -49,6 +49,8 @@ Visit [https://api.arcade.dev](https://api.arcade.dev) for current pricing detai Fully on-premise deployments of the Arcade platform are available! Arcade can be deployed on Kubernetes via our Helm chart and Docker images as part of our enterprise offering. [Contact us to learn more](/resources/contact-us). +To connect a self-hosted Arcade Engine to MCP servers inside your private network, and to reach it from external AI clients without opening inbound ports, see [Warp Tunnels](/guides/deployment-hosting/warp-tunnels). + The requirements for deploying Arcade on-premise are: - Kubernetes cluster (1.30+) (We have tested this helm chart on AKS, GKE, and EKS). diff --git a/app/en/guides/deployment-hosting/warp-tunnels/page.mdx b/app/en/guides/deployment-hosting/warp-tunnels/page.mdx new file mode 100644 index 000000000..6a10ae690 --- /dev/null +++ b/app/en/guides/deployment-hosting/warp-tunnels/page.mdx @@ -0,0 +1,284 @@ +--- +title: "Warp Tunnels" +description: "Connect external AI clients to private MCP servers through a self-hosted Arcade Engine, with internal connectivity, multi-network deployments, and reverse-proxy access." +--- + +import Image from "next/image"; +import { Callout, Steps, Tabs } from "nextra/components"; + +# Warp Tunnels + +Warp Tunnels connect AI clients to the MCP servers you keep off the public internet, through a self-hosted Arcade Engine that runs inside your network. This page is for platform and infrastructure teams who self-host the Arcade Engine and need to reach internal tools, such as an on-premises SAP instance, GitHub Enterprise, or a private database, without exposing them or opening inbound firewall rules. It covers how the connection works, the three deployment scenarios you can build, and the proxy and client requirements for each. + + + + +Connect external AI clients to private MCP servers through a self-hosted Arcade Engine, while keeping your internal services off the public internet and your firewall closed to inbound traffic. + + + + + +- A [self-hosted Arcade Engine](/guides/deployment-hosting/on-prem) +- Access to your [engine.yaml configuration](/guides/deployment-hosting/configure-engine) +- The private hostnames or IP ranges of your internal MCP servers + + + + + +- How the Arcade Engine reaches internal MCP servers without inbound ports +- How to allowlist internal addresses and register MCP servers in `engine.yaml` +- How to deploy isolated Engines across multiple networks or regions +- How to expose the Engine to external AI clients through a reverse proxy + + + + +## How Warp Tunnels work + +A self-hosted Arcade Engine runs as an MCP server inside your private network, on port `9099` by default. AI clients connect to it the same way they connect to any MCP server. The Engine then calls your internal MCP servers on their behalf, handling authentication, credential management, access governance, and audit logging so your individual services don't have to. + +Two concepts shape every deployment: + +- **Gateways** are named paths on the Engine (`/mcp/{slug}`). Each gateway has its own auth mode, tool allow-list, and access rules, so an AI client connecting to `/mcp/finance` sees only finance tools. You create gateways in the [Arcade dashboard](/guides/mcp-gateways), not in `engine.yaml`. +- **The Arcade Coordinator** is the shared control plane for users, organizations, API keys, RBAC, and OAuth. The Engine makes outbound-only HTTPS calls to the Coordinator; the Coordinator never dials the Engine. Multiple Engine deployments can share one Coordinator. + +The rest of this page covers three scenarios you can compose: reaching internal MCP servers from a single Engine, isolating Engines across multiple networks, and exposing the Engine to external AI clients. + +## Gateway auth modes + +Each gateway uses one of three auth modes. The mode determines what the AI client sends and which clients can connect. + +| Dashboard name | Config value | What the client sends | Works with the Anthropic Messages API? | +| --- | --- | --- | --- | +| Arcade Auth | `arcade_oauth` | Bearer JWT issued by Arcade OAuth | Yes | +| User Source | `user_source` | Bearer JWT from your identity provider | Yes | +| Arcade Headers | `arcade_header` | Bearer token plus an `Arcade-User-ID` header | No. The Anthropic connector can't send custom headers | + +For Claude, through the Messages API or managed agents, use **Arcade Auth** or **User Source**. See [MCP Gateways](/guides/mcp-gateways) for how to choose a mode and [User Sources](/guides/user-sources) for connecting your own identity provider. + +## Connect to internal MCP servers + +Your internal MCP servers live at private hostnames or IP addresses. Configure the `ssrf_allowlist` in `engine.yaml` to tell the Engine which internal addresses it's permitted to call, then register each MCP server URI as a worker. + +The Engine calls these servers directly over your private network, by their internal addresses. No inbound ports, and no tunnel, are required. + +Scenario 1: a single Arcade Engine and its internal MCP servers share one private network. AI clients connect to scoped /mcp gateways, the ssrf_allowlist gates which internal addresses the Engine reaches, and the Engine makes outbound-only HTTPS calls to the shared Coordinator. + +Add the allowlist and workers to the `tools.directors` section of `engine.yaml`: + +```yaml filename="engine.yaml" +tools: + directors: + - id: default + ssrf_allowlist: + - "*.corp.internal" # any subdomain + - "10.10.0.0/16" # IP range + workers: + - id: bloomberg + enabled: true + http: + uri: "http://bloomberg.corp.internal:8000" + secret: "${env:BLOOMBERG_SECRET}" + - id: sap + enabled: true + http: + uri: "http://sap.corp.internal:8080" + secret: "${env:SAP_SECRET}" + - id: github-enterprise + enabled: true + http: + uri: "http://github.corp.internal" + secret: "${env:GITHUB_SECRET}" +``` + +For the rest of the `tools.directors` and worker options, see [Engine configuration](/guides/deployment-hosting/configure-engine#tools-configuration). + +### Allowlist entry types + +| Type | Example | Evaluated | Matches | +| --- | --- | --- | --- | +| Exact host | `https://host.corp:8080` | Before DNS | Scheme, host, and port exactly | +| Wildcard | `*.corp.internal` | Before DNS | Any matching subdomain | +| CIDR | `10.10.0.0/16` | After DNS resolution | IPs in the range | + +Keep these rules in mind when you write allowlist entries: + +- URIs must use `http://` or `https://`. The Engine rejects other schemes at startup. +- A wildcard such as `*.corp.internal` does not match the bare apex `corp.internal`. Add the apex separately if the Engine needs to reach it. +- CIDR entries match against the resolved IP. For split-horizon DNS, where a hostname resolves to different IPs inside and outside the network, use exact-host or wildcard entries instead. +- Malformed entries cause the Engine to fail at startup. + +### Configure the allowlist with Helm + +If you deploy the Engine with the Arcade Helm chart, set the allowlist with `--set`: + +```bash +helm upgrade arcade monorepo/deploy/charts/arcade/ \ + --set engine.ssrfAllowlist[0]="*.corp.internal" \ + --set engine.ssrfAllowlist[1]="10.10.0.0/16" +``` + +### Verify the connection + +Use the worker test endpoint in the Arcade dashboard. A successful test confirms the allowlist entry is correct and that the Engine has a network path to the MCP server. + +## Deploy across multiple networks + +For multiple business units or regions, deploy a separate Engine per network. Each Engine has its own `ssrf_allowlist` scoped to the servers in that network, and all Engines share one Coordinator for identity and access management. + +Scenario 2: Finance, Engineering, and EU each run their own Arcade Engine in their own private network with its own ssrf_allowlist. All three make outbound-only HTTPS calls to one shared Coordinator, and cross-network access is blocked because the other networks' addresses aren't in each allowlist. + +A typical topology assigns one Engine to each network: + +| Deployment | Network | `ssrf_allowlist` | MCP servers | +| --- | --- | --- | --- | +| `finance-nyc` | NYC datacenter | `10.10.0.0/16`, `*.finance.corp.internal` | Bloomberg, SAP, Workday | +| `engineering-use1` | AWS `us-east-1` | `10.20.0.0/16`, `*.eng.corp.internal` | GitHub Enterprise, Jira | +| `eu-euw1` | AWS `eu-west-1` | `10.30.0.0/16`, `*.eu.corp.internal` | EU APIs, GDPR-scoped data | + +This topology gives you: + +- **Network isolation** — each deployment can only reach the hosts and ranges in its own allowlist. The finance deployment can't dial `10.20.x.x` even if it receives a URI pointing there. +- **Data residency** — the EU deployment's tool traffic never leaves eu-west-1, and credentials in its vault stay in-region. +- **Credential isolation** — each deployment holds its own credential vault. A compromise of one deployment exposes no credentials from the others. +- **Shared identity** — all deployments make outbound HTTPS calls to the same Coordinator for auth and RBAC. The data planes are independent; the control plane is shared. + +## Expose the Engine to external AI clients + +When the Engine runs inside your private network, external AI clients, such as Claude, ChatGPT, Cursor, or your own agents, need to reach it from the internet without you opening inbound firewall rules. + +Run a reverse proxy inside your network. It makes one outbound connection, so no inbound ports are needed. External clients connect to the proxy's public hostname, and the proxy forwards traffic to the Engine internally. + +Scenario 3: external AI clients on the public internet reach the private Arcade Engine through a reverse proxy (cloudflared, ngrok, or nginx) running inside the network. The proxy makes one outbound connection, so no inbound ports are opened; everything behind it is identical to scenario 1. + +All AI clients see the same RFC 9728 OAuth interface regardless of which proxy you use. The security and governance layer is identical whether traffic arrives through cloudflared, ngrok, nginx, or a direct private-network path. + + + + +[Cloudflare Tunnel](https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/) runs `cloudflared` inside your network and exposes the Engine on a public hostname. + +```yaml filename="config.yaml" +tunnel: +credentials-file: /etc/cloudflared/credentials.json +ingress: + - hostname: arcade.yourdomain.com + service: http://arcade:9099 + - service: http_status:404 +``` + +```bash +cloudflared tunnel run +``` + +External clients connect to `https://arcade.yourdomain.com/mcp/{gateway-slug}`. + + + + +[ngrok](https://ngrok.com) forwards a public domain to the Engine's port with a single command: + +```bash +ngrok http 9099 --domain arcade.your-org.ngrok.app +``` + +External clients connect to `https://arcade.your-org.ngrok.app/mcp/{gateway-slug}`. + + + + +nginx works as a straightforward reverse proxy. MCP uses Server-Sent Events (SSE) for streaming, so you must disable buffering. + +```nginx filename="arcade.conf" +server { + listen 443 ssl; + server_name arcade.yourdomain.com; + + ssl_certificate /etc/ssl/certs/arcade.crt; + ssl_certificate_key /etc/ssl/private/arcade.key; + + location / { + proxy_pass http://arcade:9099; + + # Required for SSE / streaming + proxy_buffering off; + proxy_cache off; + proxy_read_timeout 3600s; + proxy_http_version 1.1; + proxy_set_header Connection ''; + + # Required headers + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Authorization $http_authorization; + proxy_set_header Mcp-Session-Id $http_mcp_session_id; + proxy_set_header MCP-Protocol-Version $http_mcp_protocol_version; + } +} +``` + +External clients connect to `https://arcade.yourdomain.com/mcp/{gateway-slug}`. + + + + +### Required proxy headers + +Whichever proxy you use, verify these headers pass through unchanged: + +| Header | Purpose | What breaks if stripped | +| --- | --- | --- | +| `Authorization` | OAuth bearer token | Auth fails; the Engine returns `401` | +| `Mcp-Session-Id` | Session continuity | Each request starts a new session | +| `MCP-Protocol-Version` | Protocol negotiation | Connection errors with strict clients | + +The path `/mcp/{slug}` must also pass through intact. The Engine routes by gateway slug from the path. + +## Client compatibility + +| Client | Proxy options | Auth mode | +| --- | --- | --- | +| Claude (Messages API or managed agents) | Any | Arcade Auth or User Source only | +| Cursor, Cline, Claude Desktop | Any | All modes | +| ChatGPT, OpenAI agents | Any | All modes | +| Custom agents | Any | All modes | + +## Known limitations + +| Item | Notes | +| --- | --- | +| Arcade Headers with the Anthropic Messages API | Not compatible. The connector supports only `authorization_token`, with no custom headers. Use Arcade Auth or User Source. | +| nginx SSE buffering | `proxy_buffering off` is required. Without it, nginx buffers SSE events and clients never receive streamed responses. | +| `Mcp-Session-Id` pass-through | Verify your proxy forwards this header. Stripping it silently breaks session continuity for streamable HTTP clients. | +| Wildcard apex mismatch | `*.corp.internal` does not match `corp.internal`. Register the apex separately if the Engine needs to reach it. | +| CIDR with split-horizon DNS | CIDR entries match against the resolved IP. If a hostname resolves to different IPs inside and outside the network, use exact-host or wildcard entries instead. | + +## Next steps + +- [Configure the Arcade Engine](/guides/deployment-hosting/configure-engine) for the full `engine.yaml` reference +- [Create an MCP Gateway](/guides/mcp-gateways) to scope tools and auth for each client +- [Set up a User Source](/guides/user-sources) to authenticate end users with your own identity provider +- [Connect your MCP client](/get-started/mcp-clients) to a gateway URL diff --git a/public/images/warp-tunnels/scenario-1.svg b/public/images/warp-tunnels/scenario-1.svg new file mode 100644 index 000000000..601d93275 --- /dev/null +++ b/public/images/warp-tunnels/scenario-1.svg @@ -0,0 +1,119 @@ + + + + + + + + + + + + + + AI Clients + Claude · Cursor · ChatGPT · Custom Agents + + + + + Private Network + + + + Arcade Engine · :9099 + + + + /mcp/engineering + auth: arcade_oauth + tools: GitHub · Jira + + + + /mcp/finance + auth: arcade_oauth + tools: Bloomberg · SAP + + + + + + + ssrf_allowlist + + + *.corp.internal + + + + 10.10.0.0/16 + + + + + Internal MCP Servers + + + Bloomberg MCP + bloomberg.corp.internal:8000 + + + + SAP MCP + sap.corp.internal:8080 + + + + GitHub Enterprise MCP + github.corp.internal + + + + Jira MCP + jira.corp.internal:8080 + + + + + + Coordinator · shared control plane + Identity · RBAC · OAuth · API keys + + + + + + + HTTPS + OAuth + HTTPS + OAuth + + + + + + + + + + + HTTP · private network + HTTP · private network + HTTP · private network + HTTP · private network + + + + outbound HTTPS only + diff --git a/public/images/warp-tunnels/scenario-2.svg b/public/images/warp-tunnels/scenario-2.svg new file mode 100644 index 000000000..77b4328ff --- /dev/null +++ b/public/images/warp-tunnels/scenario-2.svg @@ -0,0 +1,115 @@ + + + + + + + + + + + + + + AI Clients + Claude · Cursor · ChatGPT · Custom Agents + + + + + Finance · NYC datacenter + + + Arcade Engine :9099 + ssrf_allowlist: 10.10.0.0/16 + + + + Bloomberg · SAP · Workday MCP + 10.10.x.x + + + + + Engineering · AWS us-east-1 + + + Arcade Engine :9099 + ssrf_allowlist: 10.20.0.0/16 + + + + GitHub Enterprise · Jira MCP + 10.20.x.x + + + + + EU · AWS eu-west-1 · GDPR + + + Arcade Engine :9099 + ssrf_allowlist: 10.30.0.0/16 + + + + EU Services MCP + 10.30.x.x + + + + + + Coordinator · shared control plane + Identity · RBAC · OAuth · API keys + + + + + + + HTTPS + OAuth + + + + + + HTTP · private network + HTTP · private network + HTTP · private network + + + + + + outbound HTTPS only + outbound HTTPS only + outbound HTTPS only + + + + + + + + + BLOCKED + cross-network · not in allowlist + + + + BLOCKED + cross-network · not in allowlist + + diff --git a/public/images/warp-tunnels/scenario-3.svg b/public/images/warp-tunnels/scenario-3.svg new file mode 100644 index 000000000..1ff283e9b --- /dev/null +++ b/public/images/warp-tunnels/scenario-3.svg @@ -0,0 +1,117 @@ + + + + + + + + + + + + + + + External · public internet + + + + + AI Clients + Claude · Cursor · ChatGPT · Custom Agents + + + + + + Anthropic connector + Use arcade_oauth or user_source — + arcade_header unsupported (no custom headers) + + + + + + Private Network + + + + + Reverse Proxy + cloudflared · ngrok · nginx + + one outbound connection + no inbound ports opened + + + + + Arcade Engine · :9099 + + + /mcp/finance + tools: Bloomberg · SAP + + + + /mcp/engineering + tools: GitHub Enterprise + + + + Internal MCP Servers + + + Bloomberg MCP + bloomberg.corp.internal + + + + SAP MCP + sap.corp.internal + + + + GitHub Enterprise MCP + github.corp.internal + + + + + + Coordinator · shared control plane + Identity · RBAC · OAuth · API keys + + + + + + HTTPS · public endpoint + + + + HTTP · internal + + + + + + ssrf_allowlist + ssrf_allowlist + ssrf_allowlist + + + + outbound HTTPS only + From 482e103f79154007c3c739ed83d8517e6de8838d Mon Sep 17 00:00:00 2001 From: Shub <125150494+shubcodes@users.noreply.github.com> Date: Wed, 24 Jun 2026 11:16:39 -0700 Subject: [PATCH 02/15] Rebrand Warp Tunnels guide to Warp Pipes - Rename route /guides/deployment-hosting/warp-tunnels -> /warp-pipes - Update nav label and parent guide link to "Warp Pipes" - Lead with the managed Warp Pipes service, then BYO reverse proxy - Purge Engine/Coordinator/platform terminology in favor of "runtime" - Replace outdated diagrams with new self-contained SVGs (managed forwarding, internal MCP servers, multi-runtime, BYO reverse proxy); add the previously-missing warp-pipes.svg No redirect added per request: the old /warp-tunnels path is retired and no "warp-tunnels" reference remains in the repo. Co-Authored-By: Claude Opus 4.8 (1M context) --- app/en/guides/deployment-hosting/_meta.tsx | 4 +- app/en/guides/deployment-hosting/page.mdx | 2 +- .../deployment-hosting/warp-pipes/page.mdx | 309 ++++++++++++++++++ .../deployment-hosting/warp-tunnels/page.mdx | 284 ---------------- public/images/warp-pipes/scenario-1.svg | 58 ++++ public/images/warp-pipes/scenario-2.svg | 40 +++ public/images/warp-pipes/scenario-3.svg | 37 +++ public/images/warp-pipes/warp-pipes.svg | 52 +++ public/images/warp-tunnels/scenario-1.svg | 119 ------- public/images/warp-tunnels/scenario-2.svg | 115 ------- public/images/warp-tunnels/scenario-3.svg | 117 ------- 11 files changed, 499 insertions(+), 638 deletions(-) create mode 100644 app/en/guides/deployment-hosting/warp-pipes/page.mdx delete mode 100644 app/en/guides/deployment-hosting/warp-tunnels/page.mdx create mode 100644 public/images/warp-pipes/scenario-1.svg create mode 100644 public/images/warp-pipes/scenario-2.svg create mode 100644 public/images/warp-pipes/scenario-3.svg create mode 100644 public/images/warp-pipes/warp-pipes.svg delete mode 100644 public/images/warp-tunnels/scenario-1.svg delete mode 100644 public/images/warp-tunnels/scenario-2.svg delete mode 100644 public/images/warp-tunnels/scenario-3.svg diff --git a/app/en/guides/deployment-hosting/_meta.tsx b/app/en/guides/deployment-hosting/_meta.tsx index 5b0981f49..277532c85 100644 --- a/app/en/guides/deployment-hosting/_meta.tsx +++ b/app/en/guides/deployment-hosting/_meta.tsx @@ -17,8 +17,8 @@ const meta: MetaRecord = { "on-prem": { title: "On-premises MCP servers", }, - "warp-tunnels": { - title: "Warp Tunnels", + "warp-pipes": { + title: "Warp Pipes", }, "configure-engine": { title: "Configure Arcade's engine", diff --git a/app/en/guides/deployment-hosting/page.mdx b/app/en/guides/deployment-hosting/page.mdx index 5987f8158..b256f062a 100644 --- a/app/en/guides/deployment-hosting/page.mdx +++ b/app/en/guides/deployment-hosting/page.mdx @@ -49,7 +49,7 @@ Visit [https://api.arcade.dev](https://api.arcade.dev) for current pricing detai Fully on-premise deployments of the Arcade platform are available! Arcade can be deployed on Kubernetes via our Helm chart and Docker images as part of our enterprise offering. [Contact us to learn more](/resources/contact-us). -To connect a self-hosted Arcade Engine to MCP servers inside your private network, and to reach it from external AI clients without opening inbound ports, see [Warp Tunnels](/guides/deployment-hosting/warp-tunnels). +To connect a self-hosted Arcade runtime to MCP servers inside your private network, and to reach it from external AI clients without opening inbound ports, see [Warp Pipes](/guides/deployment-hosting/warp-pipes). The requirements for deploying Arcade on-premise are: diff --git a/app/en/guides/deployment-hosting/warp-pipes/page.mdx b/app/en/guides/deployment-hosting/warp-pipes/page.mdx new file mode 100644 index 000000000..f32666d3c --- /dev/null +++ b/app/en/guides/deployment-hosting/warp-pipes/page.mdx @@ -0,0 +1,309 @@ +--- +title: "Warp Pipes" +description: "Connect external AI clients to your private Arcade runtime. Warp Pipes is the managed connection; the runtime governs every call. Includes the bring-your-own reverse proxy path you can use today." +--- + +import Image from "next/image"; +import { Callout, Steps, Tabs } from "nextra/components"; + +# Warp Pipes + +Connecting AI agents to private tools is two problems. The first is **networking**: your internal MCP servers and services aren't reachable from the public internet, by design. The second is **governance**: a tunnel only moves bytes, so authentication, per-user credentials, access scoping, and audit are a separate problem that the tunnel products leave to you. + +The Arcade runtime already solves governance. **Warp Pipes** is a managed service that solves the networking — Arcade hands you a public MCP URL and forwards traffic to your private runtime, so you don't run the connection yourself. + + +**Warp Pipes is in early access.** [Request access](https://www.arcade.dev/contact) to have Arcade manage the connection from your AI clients to your runtime. You can also connect clients today with your own reverse proxy — see [Bring your own reverse proxy](#bring-your-own-reverse-proxy). + + + + + +Connect external AI clients to private MCP servers through a self-hosted Arcade runtime, while keeping your internal services off the public internet and your firewall closed to inbound traffic. + + + + + +- A [self-hosted Arcade runtime](/guides/deployment-hosting/on-prem) +- Access to your [engine.yaml configuration](/guides/deployment-hosting/configure-engine) +- The private hostnames or IP ranges of your internal MCP servers + + + + + +- How Warp Pipes manages the connection from AI clients to your runtime +- How the runtime reaches internal MCP servers without inbound ports +- How to allowlist internal addresses and register MCP servers in `engine.yaml` +- How to connect external clients today with your own reverse proxy + + + + +## How Warp Pipes works + +Your Arcade runtime runs as an MCP server inside your private network, on port `9099` by default, and it never faces the internet. You run the **Warp Pipes connector** alongside it; the connector makes one outbound connection to Arcade. Arcade gives you a public MCP URL and forwards every request down that connection to your runtime. + +What Warp Pipes adds, and only this: + +- A **public MCP URL** hosted by Arcade that any AI client connects to. +- **Managed forwarding** from that URL to your internal runtime. +- An **outbound connector** in your network that holds the connection open. Nothing inbound is exposed. + +Everything behind the connector is the runtime you already have. Warp Pipes does not re-implement authentication, credentials, governance, or audit. It connects clients to the runtime that already does them. + +Warp Pipes: external AI clients connect to a public MCP URL hosted by Arcade. Arcade forwards traffic down an outbound connection held open by the Warp Pipes connector inside the private network, to the Arcade runtime, which governs the call and reaches internal MCP servers. No inbound ports are opened. + +## How the runtime works + +Two concepts shape every deployment, with or without Warp Pipes: + +- **Gateways** are named paths on the runtime (`/mcp/{slug}`). Each gateway has its own auth mode, tool allow-list, and access rules, so an AI client connecting to `/mcp/finance` sees only finance tools. You create gateways in the [Arcade dashboard](/guides/mcp-gateways), not in `engine.yaml`. +- **Identity and access** — users, organizations, API keys, RBAC, and OAuth — is managed in Arcade. The runtime makes outbound-only calls to it; it never dials the runtime. Multiple runtimes can share one Arcade account. + +## Gateway auth modes + +Each gateway uses one of three auth modes. The mode determines what the AI client sends and which clients can connect. + +| Dashboard name | Config value | What the client sends | Works with the Anthropic Messages API? | +| --- | --- | --- | --- | +| Arcade Auth | `arcade_oauth` | Bearer JWT issued by Arcade OAuth | Yes | +| User Source | `user_source` | Bearer JWT from your identity provider | Yes | +| Arcade Headers | `arcade_header` | Bearer token plus an `Arcade-User-ID` header | No. The Anthropic connector can't send custom headers | + +For Claude, through the Messages API or managed agents, use **Arcade Auth** or **User Source**. See [MCP Gateways](/guides/mcp-gateways) for how to choose a mode and [User Sources](/guides/user-sources) for connecting your own identity provider. + +## Connect to internal MCP servers + +Your internal MCP servers live at private hostnames or IP addresses. Configure the `ssrf_allowlist` in `engine.yaml` to tell the runtime which internal addresses it's permitted to call, then register each MCP server URI as a worker. + +The runtime calls these servers directly over your private network, by their internal addresses. No inbound ports, and no tunnel, are required. + +A single Arcade runtime and its internal MCP servers share one private network. AI clients connect to scoped /mcp gateways, the ssrf_allowlist gates which internal addresses the runtime reaches, and the runtime makes outbound-only calls to Arcade for identity and access. + +Add the allowlist and workers to the `tools.directors` section of `engine.yaml`: + +```yaml filename="engine.yaml" +tools: + directors: + - id: default + ssrf_allowlist: + - "*.corp.internal" # any subdomain + - "10.10.0.0/16" # IP range + workers: + - id: bloomberg + enabled: true + http: + uri: "http://bloomberg.corp.internal:8000" + secret: "${env:BLOOMBERG_SECRET}" + - id: sap + enabled: true + http: + uri: "http://sap.corp.internal:8080" + secret: "${env:SAP_SECRET}" + - id: github-enterprise + enabled: true + http: + uri: "http://github.corp.internal" + secret: "${env:GITHUB_SECRET}" +``` + +For the rest of the `tools.directors` and worker options, see [runtime configuration](/guides/deployment-hosting/configure-engine#tools-configuration). + +### Allowlist entry types + +| Type | Example | Evaluated | Matches | +| --- | --- | --- | --- | +| Exact host | `https://host.corp:8080` | Before DNS | Scheme, host, and port exactly | +| Wildcard | `*.corp.internal` | Before DNS | Any matching subdomain | +| CIDR | `10.10.0.0/16` | After DNS resolution | IPs in the range | + +Keep these rules in mind when you write allowlist entries: + +- URIs must use `http://` or `https://`. The runtime rejects other schemes at startup. +- A wildcard such as `*.corp.internal` does not match the bare apex `corp.internal`. Add the apex separately if the runtime needs to reach it. +- CIDR entries match against the resolved IP. For split-horizon DNS, where a hostname resolves to different IPs inside and outside the network, use exact-host or wildcard entries instead. +- Malformed entries cause the runtime to fail at startup. + +### Configure the allowlist with Helm + +If you deploy the runtime with the Arcade Helm chart, set the allowlist with `--set`: + +```bash +helm upgrade arcade monorepo/deploy/charts/arcade/ \ + --set engine.ssrfAllowlist[0]="*.corp.internal" \ + --set engine.ssrfAllowlist[1]="10.10.0.0/16" +``` + +### Verify the connection + +Use the worker test endpoint in the Arcade dashboard. A successful test confirms the allowlist entry is correct and that the runtime has a network path to the MCP server. + +## Deploy across multiple networks + +For multiple business units or regions, deploy a separate runtime per network. Each runtime has its own `ssrf_allowlist` scoped to the servers in that network, and all runtimes share one Arcade account for identity and access. + +Finance, Engineering, and EU each run their own Arcade runtime in their own private network with its own ssrf_allowlist. All three make outbound-only calls to one Arcade account, and cross-network access is blocked because the other networks' addresses aren't in each allowlist. + +A typical topology assigns one runtime to each network: + +| Deployment | Network | `ssrf_allowlist` | MCP servers | +| --- | --- | --- | --- | +| `finance-nyc` | NYC datacenter | `10.10.0.0/16`, `*.finance.corp.internal` | Bloomberg, SAP, Workday | +| `engineering-use1` | AWS `us-east-1` | `10.20.0.0/16`, `*.eng.corp.internal` | GitHub Enterprise, Jira | +| `eu-euw1` | AWS `eu-west-1` | `10.30.0.0/16`, `*.eu.corp.internal` | EU APIs, GDPR-scoped data | + +This topology gives you: + +- **Network isolation** — each runtime can only reach the hosts and ranges in its own allowlist. The finance runtime can't dial `10.20.x.x` even if it receives a URI pointing there. +- **Data residency** — the EU runtime's tool traffic never leaves eu-west-1, and credentials in its vault stay in-region. +- **Credential isolation** — each runtime holds its own credential vault. A compromise of one runtime exposes no credentials from the others. +- **Shared identity** — all runtimes make outbound calls to the same Arcade account for auth and RBAC. The data planes are independent; identity and access are shared. + +Connect each runtime out with its own Warp Pipes URL, or front each with your own reverse proxy. + +## Bring your own reverse proxy + +Warp Pipes manages the connection for you. If you'd rather run the networking hop yourself — or you already operate a reverse proxy or API gateway you trust — Arcade has always worked behind one. + +Run a reverse proxy inside your network. It makes one outbound connection, so no inbound ports are needed. External clients connect to the proxy's public hostname, and the proxy forwards traffic to the runtime internally. + +External AI clients on the public internet reach the private Arcade runtime through a reverse proxy (cloudflared, ngrok, or nginx) running inside the network. The proxy makes one outbound connection, so no inbound ports are opened; everything behind it is the same governed runtime. + +All AI clients see the same RFC 9728 OAuth interface regardless of which proxy you use. The runtime, the governance, and the security model are identical whether the connection is managed by Warp Pipes or by your own cloudflared, ngrok, or nginx. + + + + +[Cloudflare Tunnel](https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/) runs `cloudflared` inside your network and exposes the runtime on a public hostname. + +```yaml filename="config.yaml" +tunnel: +credentials-file: /etc/cloudflared/credentials.json +ingress: + - hostname: arcade.yourdomain.com + service: http://arcade:9099 + - service: http_status:404 +``` + +```bash +cloudflared tunnel run +``` + +External clients connect to `https://arcade.yourdomain.com/mcp/{gateway-slug}`. + + + + +[ngrok](https://ngrok.com) forwards a public domain to the runtime's port with a single command: + +```bash +ngrok http 9099 --domain arcade.your-org.ngrok.app +``` + +External clients connect to `https://arcade.your-org.ngrok.app/mcp/{gateway-slug}`. + + + + +nginx works as a straightforward reverse proxy. MCP uses streaming, so you must disable buffering. + +```nginx filename="arcade.conf" +server { + listen 443 ssl; + server_name arcade.yourdomain.com; + + ssl_certificate /etc/ssl/certs/arcade.crt; + ssl_certificate_key /etc/ssl/private/arcade.key; + + location / { + proxy_pass http://arcade:9099; + + # Required for streaming + proxy_buffering off; + proxy_cache off; + proxy_read_timeout 3600s; + proxy_http_version 1.1; + proxy_set_header Connection ''; + + # Required headers + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Authorization $http_authorization; + proxy_set_header Mcp-Session-Id $http_mcp_session_id; + proxy_set_header MCP-Protocol-Version $http_mcp_protocol_version; + } +} +``` + +External clients connect to `https://arcade.yourdomain.com/mcp/{gateway-slug}`. + + + + +### Required proxy headers + +Whichever proxy you use, verify these headers pass through unchanged: + +| Header | Purpose | What breaks if stripped | +| --- | --- | --- | +| `Authorization` | OAuth bearer token | Auth fails; the runtime returns `401` | +| `Mcp-Session-Id` | Session continuity | Each request starts a new session | +| `MCP-Protocol-Version` | Protocol negotiation | Connection errors with strict clients | + +The path `/mcp/{slug}` must also pass through intact. The runtime routes by gateway slug from the path. + +## Client compatibility + +| Client | Connectivity | Auth mode | +| --- | --- | --- | +| Claude (Messages API or managed agents) | Warp Pipes or any proxy | Arcade Auth or User Source only | +| Cursor, Cline, Claude Desktop | Warp Pipes or any proxy | All modes | +| ChatGPT, OpenAI agents | Warp Pipes or any proxy | All modes | +| Custom agents | Warp Pipes or any proxy | All modes | + +## Known limitations + +| Item | Notes | +| --- | --- | +| Arcade Headers with the Anthropic Messages API | Not compatible. The connector supports only `authorization_token`, with no custom headers. Use Arcade Auth or User Source. | +| nginx buffering (bring-your-own proxy) | `proxy_buffering off` is required. Without it, nginx buffers streamed responses and clients never receive them. | +| `Mcp-Session-Id` pass-through (bring-your-own proxy) | Verify your proxy forwards this header. Stripping it silently breaks session continuity for streamable HTTP clients. | +| Wildcard apex mismatch | `*.corp.internal` does not match `corp.internal`. Register the apex separately if the runtime needs to reach it. | +| CIDR with split-horizon DNS | CIDR entries match against the resolved IP. If a hostname resolves to different IPs inside and outside the network, use exact-host or wildcard entries instead. | + +## Next steps + +- [Configure the Arcade runtime](/guides/deployment-hosting/configure-engine) for the full `engine.yaml` reference +- [Create an MCP Gateway](/guides/mcp-gateways) to scope tools and auth for each client +- [Set up a User Source](/guides/user-sources) to authenticate end users with your own identity provider +- [Connect your MCP client](/get-started/mcp-clients) to a gateway URL diff --git a/app/en/guides/deployment-hosting/warp-tunnels/page.mdx b/app/en/guides/deployment-hosting/warp-tunnels/page.mdx deleted file mode 100644 index 6a10ae690..000000000 --- a/app/en/guides/deployment-hosting/warp-tunnels/page.mdx +++ /dev/null @@ -1,284 +0,0 @@ ---- -title: "Warp Tunnels" -description: "Connect external AI clients to private MCP servers through a self-hosted Arcade Engine, with internal connectivity, multi-network deployments, and reverse-proxy access." ---- - -import Image from "next/image"; -import { Callout, Steps, Tabs } from "nextra/components"; - -# Warp Tunnels - -Warp Tunnels connect AI clients to the MCP servers you keep off the public internet, through a self-hosted Arcade Engine that runs inside your network. This page is for platform and infrastructure teams who self-host the Arcade Engine and need to reach internal tools, such as an on-premises SAP instance, GitHub Enterprise, or a private database, without exposing them or opening inbound firewall rules. It covers how the connection works, the three deployment scenarios you can build, and the proxy and client requirements for each. - - - - -Connect external AI clients to private MCP servers through a self-hosted Arcade Engine, while keeping your internal services off the public internet and your firewall closed to inbound traffic. - - - - - -- A [self-hosted Arcade Engine](/guides/deployment-hosting/on-prem) -- Access to your [engine.yaml configuration](/guides/deployment-hosting/configure-engine) -- The private hostnames or IP ranges of your internal MCP servers - - - - - -- How the Arcade Engine reaches internal MCP servers without inbound ports -- How to allowlist internal addresses and register MCP servers in `engine.yaml` -- How to deploy isolated Engines across multiple networks or regions -- How to expose the Engine to external AI clients through a reverse proxy - - - - -## How Warp Tunnels work - -A self-hosted Arcade Engine runs as an MCP server inside your private network, on port `9099` by default. AI clients connect to it the same way they connect to any MCP server. The Engine then calls your internal MCP servers on their behalf, handling authentication, credential management, access governance, and audit logging so your individual services don't have to. - -Two concepts shape every deployment: - -- **Gateways** are named paths on the Engine (`/mcp/{slug}`). Each gateway has its own auth mode, tool allow-list, and access rules, so an AI client connecting to `/mcp/finance` sees only finance tools. You create gateways in the [Arcade dashboard](/guides/mcp-gateways), not in `engine.yaml`. -- **The Arcade Coordinator** is the shared control plane for users, organizations, API keys, RBAC, and OAuth. The Engine makes outbound-only HTTPS calls to the Coordinator; the Coordinator never dials the Engine. Multiple Engine deployments can share one Coordinator. - -The rest of this page covers three scenarios you can compose: reaching internal MCP servers from a single Engine, isolating Engines across multiple networks, and exposing the Engine to external AI clients. - -## Gateway auth modes - -Each gateway uses one of three auth modes. The mode determines what the AI client sends and which clients can connect. - -| Dashboard name | Config value | What the client sends | Works with the Anthropic Messages API? | -| --- | --- | --- | --- | -| Arcade Auth | `arcade_oauth` | Bearer JWT issued by Arcade OAuth | Yes | -| User Source | `user_source` | Bearer JWT from your identity provider | Yes | -| Arcade Headers | `arcade_header` | Bearer token plus an `Arcade-User-ID` header | No. The Anthropic connector can't send custom headers | - -For Claude, through the Messages API or managed agents, use **Arcade Auth** or **User Source**. See [MCP Gateways](/guides/mcp-gateways) for how to choose a mode and [User Sources](/guides/user-sources) for connecting your own identity provider. - -## Connect to internal MCP servers - -Your internal MCP servers live at private hostnames or IP addresses. Configure the `ssrf_allowlist` in `engine.yaml` to tell the Engine which internal addresses it's permitted to call, then register each MCP server URI as a worker. - -The Engine calls these servers directly over your private network, by their internal addresses. No inbound ports, and no tunnel, are required. - -Scenario 1: a single Arcade Engine and its internal MCP servers share one private network. AI clients connect to scoped /mcp gateways, the ssrf_allowlist gates which internal addresses the Engine reaches, and the Engine makes outbound-only HTTPS calls to the shared Coordinator. - -Add the allowlist and workers to the `tools.directors` section of `engine.yaml`: - -```yaml filename="engine.yaml" -tools: - directors: - - id: default - ssrf_allowlist: - - "*.corp.internal" # any subdomain - - "10.10.0.0/16" # IP range - workers: - - id: bloomberg - enabled: true - http: - uri: "http://bloomberg.corp.internal:8000" - secret: "${env:BLOOMBERG_SECRET}" - - id: sap - enabled: true - http: - uri: "http://sap.corp.internal:8080" - secret: "${env:SAP_SECRET}" - - id: github-enterprise - enabled: true - http: - uri: "http://github.corp.internal" - secret: "${env:GITHUB_SECRET}" -``` - -For the rest of the `tools.directors` and worker options, see [Engine configuration](/guides/deployment-hosting/configure-engine#tools-configuration). - -### Allowlist entry types - -| Type | Example | Evaluated | Matches | -| --- | --- | --- | --- | -| Exact host | `https://host.corp:8080` | Before DNS | Scheme, host, and port exactly | -| Wildcard | `*.corp.internal` | Before DNS | Any matching subdomain | -| CIDR | `10.10.0.0/16` | After DNS resolution | IPs in the range | - -Keep these rules in mind when you write allowlist entries: - -- URIs must use `http://` or `https://`. The Engine rejects other schemes at startup. -- A wildcard such as `*.corp.internal` does not match the bare apex `corp.internal`. Add the apex separately if the Engine needs to reach it. -- CIDR entries match against the resolved IP. For split-horizon DNS, where a hostname resolves to different IPs inside and outside the network, use exact-host or wildcard entries instead. -- Malformed entries cause the Engine to fail at startup. - -### Configure the allowlist with Helm - -If you deploy the Engine with the Arcade Helm chart, set the allowlist with `--set`: - -```bash -helm upgrade arcade monorepo/deploy/charts/arcade/ \ - --set engine.ssrfAllowlist[0]="*.corp.internal" \ - --set engine.ssrfAllowlist[1]="10.10.0.0/16" -``` - -### Verify the connection - -Use the worker test endpoint in the Arcade dashboard. A successful test confirms the allowlist entry is correct and that the Engine has a network path to the MCP server. - -## Deploy across multiple networks - -For multiple business units or regions, deploy a separate Engine per network. Each Engine has its own `ssrf_allowlist` scoped to the servers in that network, and all Engines share one Coordinator for identity and access management. - -Scenario 2: Finance, Engineering, and EU each run their own Arcade Engine in their own private network with its own ssrf_allowlist. All three make outbound-only HTTPS calls to one shared Coordinator, and cross-network access is blocked because the other networks' addresses aren't in each allowlist. - -A typical topology assigns one Engine to each network: - -| Deployment | Network | `ssrf_allowlist` | MCP servers | -| --- | --- | --- | --- | -| `finance-nyc` | NYC datacenter | `10.10.0.0/16`, `*.finance.corp.internal` | Bloomberg, SAP, Workday | -| `engineering-use1` | AWS `us-east-1` | `10.20.0.0/16`, `*.eng.corp.internal` | GitHub Enterprise, Jira | -| `eu-euw1` | AWS `eu-west-1` | `10.30.0.0/16`, `*.eu.corp.internal` | EU APIs, GDPR-scoped data | - -This topology gives you: - -- **Network isolation** — each deployment can only reach the hosts and ranges in its own allowlist. The finance deployment can't dial `10.20.x.x` even if it receives a URI pointing there. -- **Data residency** — the EU deployment's tool traffic never leaves eu-west-1, and credentials in its vault stay in-region. -- **Credential isolation** — each deployment holds its own credential vault. A compromise of one deployment exposes no credentials from the others. -- **Shared identity** — all deployments make outbound HTTPS calls to the same Coordinator for auth and RBAC. The data planes are independent; the control plane is shared. - -## Expose the Engine to external AI clients - -When the Engine runs inside your private network, external AI clients, such as Claude, ChatGPT, Cursor, or your own agents, need to reach it from the internet without you opening inbound firewall rules. - -Run a reverse proxy inside your network. It makes one outbound connection, so no inbound ports are needed. External clients connect to the proxy's public hostname, and the proxy forwards traffic to the Engine internally. - -Scenario 3: external AI clients on the public internet reach the private Arcade Engine through a reverse proxy (cloudflared, ngrok, or nginx) running inside the network. The proxy makes one outbound connection, so no inbound ports are opened; everything behind it is identical to scenario 1. - -All AI clients see the same RFC 9728 OAuth interface regardless of which proxy you use. The security and governance layer is identical whether traffic arrives through cloudflared, ngrok, nginx, or a direct private-network path. - - - - -[Cloudflare Tunnel](https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/) runs `cloudflared` inside your network and exposes the Engine on a public hostname. - -```yaml filename="config.yaml" -tunnel: -credentials-file: /etc/cloudflared/credentials.json -ingress: - - hostname: arcade.yourdomain.com - service: http://arcade:9099 - - service: http_status:404 -``` - -```bash -cloudflared tunnel run -``` - -External clients connect to `https://arcade.yourdomain.com/mcp/{gateway-slug}`. - - - - -[ngrok](https://ngrok.com) forwards a public domain to the Engine's port with a single command: - -```bash -ngrok http 9099 --domain arcade.your-org.ngrok.app -``` - -External clients connect to `https://arcade.your-org.ngrok.app/mcp/{gateway-slug}`. - - - - -nginx works as a straightforward reverse proxy. MCP uses Server-Sent Events (SSE) for streaming, so you must disable buffering. - -```nginx filename="arcade.conf" -server { - listen 443 ssl; - server_name arcade.yourdomain.com; - - ssl_certificate /etc/ssl/certs/arcade.crt; - ssl_certificate_key /etc/ssl/private/arcade.key; - - location / { - proxy_pass http://arcade:9099; - - # Required for SSE / streaming - proxy_buffering off; - proxy_cache off; - proxy_read_timeout 3600s; - proxy_http_version 1.1; - proxy_set_header Connection ''; - - # Required headers - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Authorization $http_authorization; - proxy_set_header Mcp-Session-Id $http_mcp_session_id; - proxy_set_header MCP-Protocol-Version $http_mcp_protocol_version; - } -} -``` - -External clients connect to `https://arcade.yourdomain.com/mcp/{gateway-slug}`. - - - - -### Required proxy headers - -Whichever proxy you use, verify these headers pass through unchanged: - -| Header | Purpose | What breaks if stripped | -| --- | --- | --- | -| `Authorization` | OAuth bearer token | Auth fails; the Engine returns `401` | -| `Mcp-Session-Id` | Session continuity | Each request starts a new session | -| `MCP-Protocol-Version` | Protocol negotiation | Connection errors with strict clients | - -The path `/mcp/{slug}` must also pass through intact. The Engine routes by gateway slug from the path. - -## Client compatibility - -| Client | Proxy options | Auth mode | -| --- | --- | --- | -| Claude (Messages API or managed agents) | Any | Arcade Auth or User Source only | -| Cursor, Cline, Claude Desktop | Any | All modes | -| ChatGPT, OpenAI agents | Any | All modes | -| Custom agents | Any | All modes | - -## Known limitations - -| Item | Notes | -| --- | --- | -| Arcade Headers with the Anthropic Messages API | Not compatible. The connector supports only `authorization_token`, with no custom headers. Use Arcade Auth or User Source. | -| nginx SSE buffering | `proxy_buffering off` is required. Without it, nginx buffers SSE events and clients never receive streamed responses. | -| `Mcp-Session-Id` pass-through | Verify your proxy forwards this header. Stripping it silently breaks session continuity for streamable HTTP clients. | -| Wildcard apex mismatch | `*.corp.internal` does not match `corp.internal`. Register the apex separately if the Engine needs to reach it. | -| CIDR with split-horizon DNS | CIDR entries match against the resolved IP. If a hostname resolves to different IPs inside and outside the network, use exact-host or wildcard entries instead. | - -## Next steps - -- [Configure the Arcade Engine](/guides/deployment-hosting/configure-engine) for the full `engine.yaml` reference -- [Create an MCP Gateway](/guides/mcp-gateways) to scope tools and auth for each client -- [Set up a User Source](/guides/user-sources) to authenticate end users with your own identity provider -- [Connect your MCP client](/get-started/mcp-clients) to a gateway URL diff --git a/public/images/warp-pipes/scenario-1.svg b/public/images/warp-pipes/scenario-1.svg new file mode 100644 index 000000000..416b4ab7e --- /dev/null +++ b/public/images/warp-pipes/scenario-1.svg @@ -0,0 +1,58 @@ + + + + + + + AI clients + Claude · Cursor · ChatGPT · agents + + + HTTPS + OAuth + + + YOUR PRIVATE NETWORK + + ARCADE RUNTIME · :9099 + + /mcp/finance + arcade_oauth · Bloomberg · SAP + + /mcp/engineering + arcade_oauth · GitHub · Jira + + ssrf_allowlist · *.corp.internal + + + + INTERNAL MCP SERVERS + + Bloomberg MCP + bloomberg.corp.internal:8000 + + SAP MCP + sap.corp.internal:8080 + + GitHub Enterprise MCP + github.corp.internal + + Jira MCP + jira.corp.internal:8080 + + + + HTTP · private network + + + Arcade + identity · access · OAuth + + outbound only + diff --git a/public/images/warp-pipes/scenario-2.svg b/public/images/warp-pipes/scenario-2.svg new file mode 100644 index 000000000..01a431d56 --- /dev/null +++ b/public/images/warp-pipes/scenario-2.svg @@ -0,0 +1,40 @@ + + + + + Every AI client · one managed surface + clients never learn where anything runs + + + + + + a managed Warp Pipes connection per runtime + + AMERICAS · DATACENTER + AWS · US-EAST + EU · DATA RESIDENCY + + Arcade runtimemarkets & finance tools + + Arcade runtimeengineering tools + + Arcade runtimeEU services · GDPR data + + + + + Bloomberg · SAP · Workday + GitHub Enterprise · Jira + EU services · regulated data + + + one identity & access layer in Arcade — shared identity · independent, isolated data planes + diff --git a/public/images/warp-pipes/scenario-3.svg b/public/images/warp-pipes/scenario-3.svg new file mode 100644 index 000000000..cccc95fd9 --- /dev/null +++ b/public/images/warp-pipes/scenario-3.svg @@ -0,0 +1,37 @@ + + + + + + EXTERNAL · INTERNET + + Any AI client + Claude · ChatGPT · agents + + + YOUR reverse proxy + or API gateway + cloudflared · ngrok · nginx · F5 + + + + YOUR PRIVATE NETWORK + + + you run this hop + + Arcade runtime · governs every call + auth · per-user credentials · scoping · audit + /mcp/{slug} · :9099 + + + + Internal + MCP servers + diff --git a/public/images/warp-pipes/warp-pipes.svg b/public/images/warp-pipes/warp-pipes.svg new file mode 100644 index 000000000..594460c48 --- /dev/null +++ b/public/images/warp-pipes/warp-pipes.svg @@ -0,0 +1,52 @@ + + + + + + EXTERNAL · INTERNET + + Any AI client + Claude · ChatGPT + Cursor · agents + + HTTPS + + ⚡ WARP PIPES · MANAGED BY ARCADE + + + Public MCP URL + acme.warp.arcade.app + Arcade forwards traffic + down the open connection + + + + YOUR PRIVATE NETWORK + ⚡ forwarded over the + outbound connection + + + + ⚡ Warp Pipes + connector · dials OUT + no inbound ports + + + Arcade runtime · governs every call + auth · per-user credentials · scoping · audit + internal MCP URL · :9099 + + + + Internal + MCP servers + + diff --git a/public/images/warp-tunnels/scenario-1.svg b/public/images/warp-tunnels/scenario-1.svg deleted file mode 100644 index 601d93275..000000000 --- a/public/images/warp-tunnels/scenario-1.svg +++ /dev/null @@ -1,119 +0,0 @@ - - - - - - - - - - - - - - AI Clients - Claude · Cursor · ChatGPT · Custom Agents - - - - - Private Network - - - - Arcade Engine · :9099 - - - - /mcp/engineering - auth: arcade_oauth - tools: GitHub · Jira - - - - /mcp/finance - auth: arcade_oauth - tools: Bloomberg · SAP - - - - - - - ssrf_allowlist - - - *.corp.internal - - - - 10.10.0.0/16 - - - - - Internal MCP Servers - - - Bloomberg MCP - bloomberg.corp.internal:8000 - - - - SAP MCP - sap.corp.internal:8080 - - - - GitHub Enterprise MCP - github.corp.internal - - - - Jira MCP - jira.corp.internal:8080 - - - - - - Coordinator · shared control plane - Identity · RBAC · OAuth · API keys - - - - - - - HTTPS + OAuth - HTTPS + OAuth - - - - - - - - - - - HTTP · private network - HTTP · private network - HTTP · private network - HTTP · private network - - - - outbound HTTPS only - diff --git a/public/images/warp-tunnels/scenario-2.svg b/public/images/warp-tunnels/scenario-2.svg deleted file mode 100644 index 77b4328ff..000000000 --- a/public/images/warp-tunnels/scenario-2.svg +++ /dev/null @@ -1,115 +0,0 @@ - - - - - - - - - - - - - - AI Clients - Claude · Cursor · ChatGPT · Custom Agents - - - - - Finance · NYC datacenter - - - Arcade Engine :9099 - ssrf_allowlist: 10.10.0.0/16 - - - - Bloomberg · SAP · Workday MCP - 10.10.x.x - - - - - Engineering · AWS us-east-1 - - - Arcade Engine :9099 - ssrf_allowlist: 10.20.0.0/16 - - - - GitHub Enterprise · Jira MCP - 10.20.x.x - - - - - EU · AWS eu-west-1 · GDPR - - - Arcade Engine :9099 - ssrf_allowlist: 10.30.0.0/16 - - - - EU Services MCP - 10.30.x.x - - - - - - Coordinator · shared control plane - Identity · RBAC · OAuth · API keys - - - - - - - HTTPS + OAuth - - - - - - HTTP · private network - HTTP · private network - HTTP · private network - - - - - - outbound HTTPS only - outbound HTTPS only - outbound HTTPS only - - - - - - - - - BLOCKED - cross-network · not in allowlist - - - - BLOCKED - cross-network · not in allowlist - - diff --git a/public/images/warp-tunnels/scenario-3.svg b/public/images/warp-tunnels/scenario-3.svg deleted file mode 100644 index 1ff283e9b..000000000 --- a/public/images/warp-tunnels/scenario-3.svg +++ /dev/null @@ -1,117 +0,0 @@ - - - - - - - - - - - - - - - External · public internet - - - - - AI Clients - Claude · Cursor · ChatGPT · Custom Agents - - - - - - Anthropic connector - Use arcade_oauth or user_source — - arcade_header unsupported (no custom headers) - - - - - - Private Network - - - - - Reverse Proxy - cloudflared · ngrok · nginx - - one outbound connection - no inbound ports opened - - - - - Arcade Engine · :9099 - - - /mcp/finance - tools: Bloomberg · SAP - - - - /mcp/engineering - tools: GitHub Enterprise - - - - Internal MCP Servers - - - Bloomberg MCP - bloomberg.corp.internal - - - - SAP MCP - sap.corp.internal - - - - GitHub Enterprise MCP - github.corp.internal - - - - - - Coordinator · shared control plane - Identity · RBAC · OAuth · API keys - - - - - - HTTPS · public endpoint - - - - HTTP · internal - - - - - - ssrf_allowlist - ssrf_allowlist - ssrf_allowlist - - - - outbound HTTPS only - From 2604c6d2ec29ca0d169cbd2a26e2d4a76427ef42 Mon Sep 17 00:00:00 2001 From: vfanelle Date: Thu, 25 Jun 2026 12:18:23 -0700 Subject: [PATCH 03/15] Add Early Access section to Guides sidebar --- app/en/guides/_meta.tsx | 3 +++ 1 file changed, 3 insertions(+) diff --git a/app/en/guides/_meta.tsx b/app/en/guides/_meta.tsx index f8c63bb8c..2f0b0278c 100644 --- a/app/en/guides/_meta.tsx +++ b/app/en/guides/_meta.tsx @@ -25,6 +25,9 @@ export const meta: MetaRecord = { "deployment-hosting": { title: "Deployment & hosting", }, + "early-access": { + title: "Early Access", + }, }; export default meta; From e6a07f547b94a742ec2d2b95daf8cdb6ba2a80a6 Mon Sep 17 00:00:00 2001 From: vfanelle Date: Thu, 25 Jun 2026 12:19:07 -0700 Subject: [PATCH 04/15] Add Early Access _meta.tsx with Warp Pipes and Registry Early Access links --- app/en/guides/early-access/_meta.tsx | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 app/en/guides/early-access/_meta.tsx diff --git a/app/en/guides/early-access/_meta.tsx b/app/en/guides/early-access/_meta.tsx new file mode 100644 index 000000000..bcf8b3815 --- /dev/null +++ b/app/en/guides/early-access/_meta.tsx @@ -0,0 +1,14 @@ +import type { MetaRecord } from "nextra"; + +const meta: MetaRecord = { + "warp-pipes": { + title: "Warp Pipes", + href: "/en/guides/deployment-hosting/warp-pipes", + }, + "registry-early-access": { + title: "Registry Early Access", + href: "/en/resources/registry-early-access", + }, +}; + +export default meta; From bce8c4212057c238d2d2535fb833468975aeccb4 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Thu, 25 Jun 2026 19:20:07 +0000 Subject: [PATCH 05/15] =?UTF-8?q?=F0=9F=A4=96=20Regenerate=20LLMs.txt?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- public/llms.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/public/llms.txt b/public/llms.txt index 1346f271c..75fb6e795 100644 --- a/public/llms.txt +++ b/public/llms.txt @@ -1,4 +1,4 @@ - + # Arcade @@ -162,6 +162,7 @@ Arcade delivers three core capabilities: Deploy agents even your security team w - [Use Arcade tools with AG2](https://docs.arcade.dev/en/get-started/agent-frameworks/ag2/use-arcade-tools): Documentation page - [Use Arcade tools with CrewAI](https://docs.arcade.dev/en/get-started/agent-frameworks/crewai/use-arcade-tools): This documentation page provides a comprehensive guide for integrating Arcade tools into CrewAI applications, enabling users to build task-oriented multi-agent systems that assist with platforms like Gmail and Slack. It outlines the prerequisites, learning outcomes, and step-by-step instructions for setting up - [User Sources](https://docs.arcade.dev/en/guides/user-sources): Documentation page +- [Warp Pipes](https://docs.arcade.dev/en/guides/deployment-hosting/warp-pipes): Documentation page - [What are tools?](https://docs.arcade.dev/en/guides/tool-calling): This documentation page provides an overview of tool calling in language models, explaining how users can leverage tools to enhance the capabilities of AI models for tasks such as data retrieval and scheduling. It outlines the process of integrating tools with language models using the Arcade SDK, - [Why evaluate tools?](https://docs.arcade.dev/en/guides/create-tools/evaluate-tools/why-evaluate): This documentation page explains the importance of evaluating tools used by AI models to ensure accurate tool selection and parameter accuracy in production environments. It outlines the evaluation process, scoring components, and potential issues that can arise without proper assessments. Users can learn how to create - [Windows environment setup](https://docs.arcade.dev/en/get-started/setup/windows-environment): This documentation page provides step-by-step instructions for setting up the Arcade CLI on Windows, emphasizing the use of the `uv` package manager while offering fallback options with `pip`. It includes prerequisites, installation methods, validation steps, and troubleshooting tips to ensure From 5d971e6943f4e6212a18f7943de7103149eb6244 Mon Sep 17 00:00:00 2001 From: vfanelle Date: Thu, 25 Jun 2026 17:41:23 -0700 Subject: [PATCH 06/15] Merge main into docs/warp-tunnels: resolve llms.txt conflict --- public/llms.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/public/llms.txt b/public/llms.txt index 75fb6e795..e91ad004d 100644 --- a/public/llms.txt +++ b/public/llms.txt @@ -1,4 +1,4 @@ - + # Arcade @@ -25,6 +25,7 @@ Arcade delivers three core capabilities: Deploy agents even your security team w - [Auth Providers](https://docs.arcade.dev/en/references/auth-providers): This documentation page provides a comprehensive registry of authentication providers available within the Arcade ecosystem, enabling users to securely connect Arcade tools to various data sources. It outlines the benefits of using Arcade's built-in auth providers versus configuring custom ones, including branding and rate limit - [Calendly](https://docs.arcade.dev/en/references/auth-providers/calendly): This documentation page provides guidance on configuring the Calendly authentication provider for use with Arcade, allowing users to integrate Calendly APIs into their applications using OAuth 2.0. It outlines the steps for creating a Calendly developer account, registering an OAuth application - [Changelog](https://docs.arcade.dev/en/references/changelog): The Changelog documentation page provides users with a comprehensive overview of the latest updates, features, bug fixes, and improvements made to Arcade.dev, organized by date. It helps users stay informed about new functionalities and changes that enhance their development experience and platform usability +- [Cisco Duo](https://docs.arcade.dev/en/references/auth-providers/cisco-duo): Documentation page - [ClickUp](https://docs.arcade.dev/en/references/auth-providers/clickup): This documentation page provides guidance on configuring and using the ClickUp authentication provider within the Arcade platform, enabling users to call the ClickUp API on behalf of their users. It outlines the steps for creating a ClickUp app, setting up OAuth credentials, and - [Context](https://docs.arcade.dev/en/references/mcp/python/context): This documentation page provides a comprehensive reference for the `Context` class used in MCP tools, detailing its role as the primary interface for interacting with the server, client, and runtime environment. Users will learn how to utilize the automatically managed `Context` instances - [Discord](https://docs.arcade.dev/en/references/auth-providers/discord): This documentation page provides guidance on how to configure and use a custom Discord authentication provider within the Arcade platform, as Arcade does not offer a default option. Users will learn how to create a Discord application, set up OAuth 2.0 credentials, and From 87d68698c72a4f5fc1499f37428af51dccec2340 Mon Sep 17 00:00:00 2001 From: vfanelle Date: Thu, 25 Jun 2026 17:42:20 -0700 Subject: [PATCH 07/15] Fix llms.txt header to match main for clean merge --- public/llms.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/public/llms.txt b/public/llms.txt index e91ad004d..33abf060b 100644 --- a/public/llms.txt +++ b/public/llms.txt @@ -1,4 +1,4 @@ - + # Arcade From 5bf995d3e2bf59ea0140ba44a96061824bb8f3db Mon Sep 17 00:00:00 2001 From: vfanelle Date: Thu, 25 Jun 2026 17:43:39 -0700 Subject: [PATCH 08/15] Remove Early Access from Guides sidebar --- app/en/guides/_meta.tsx | 3 --- 1 file changed, 3 deletions(-) diff --git a/app/en/guides/_meta.tsx b/app/en/guides/_meta.tsx index 2f0b0278c..f8c63bb8c 100644 --- a/app/en/guides/_meta.tsx +++ b/app/en/guides/_meta.tsx @@ -25,9 +25,6 @@ export const meta: MetaRecord = { "deployment-hosting": { title: "Deployment & hosting", }, - "early-access": { - title: "Early Access", - }, }; export default meta; From 3845fb98a023656a4f053428ce1ec075da073763 Mon Sep 17 00:00:00 2001 From: vfanelle Date: Thu, 25 Jun 2026 17:43:56 -0700 Subject: [PATCH 09/15] Add Early Access section to Resources sidebar --- app/en/resources/_meta.tsx | 3 +++ 1 file changed, 3 insertions(+) diff --git a/app/en/resources/_meta.tsx b/app/en/resources/_meta.tsx index 4165cd5de..221119e63 100644 --- a/app/en/resources/_meta.tsx +++ b/app/en/resources/_meta.tsx @@ -22,6 +22,9 @@ export const meta: MetaRecord = { "contact-us": { title: "Contact", }, + "early-access": { + title: "Early Access", + }, }; export default meta; From d77ecc61ab58b247416ac03a789f5fecc3563867 Mon Sep 17 00:00:00 2001 From: vfanelle Date: Thu, 25 Jun 2026 17:43:57 -0700 Subject: [PATCH 10/15] Add resources/early-access/_meta.tsx with Warp Pipes and Arcade Registry links --- app/en/resources/early-access/_meta.tsx | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 app/en/resources/early-access/_meta.tsx diff --git a/app/en/resources/early-access/_meta.tsx b/app/en/resources/early-access/_meta.tsx new file mode 100644 index 000000000..d1c6be400 --- /dev/null +++ b/app/en/resources/early-access/_meta.tsx @@ -0,0 +1,14 @@ +import type { MetaRecord } from "nextra"; + +const meta: MetaRecord = { + "warp-pipes": { + title: "Warp Pipes", + href: "/en/guides/deployment-hosting/warp-pipes", + }, + "registry": { + title: "Arcade Registry", + href: "/en/resources/registry-early-access", + }, +}; + +export default meta; From e021c55e251d3d7cd4a437aca19ed8e280e5b5a1 Mon Sep 17 00:00:00 2001 From: vfanelle Date: Thu, 25 Jun 2026 17:43:58 -0700 Subject: [PATCH 11/15] =?UTF-8?q?Remove=20guides/early-access=20=E2=80=94?= =?UTF-8?q?=20moved=20to=20resources/early-access?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/en/guides/early-access/_meta.tsx | 14 -------------- 1 file changed, 14 deletions(-) delete mode 100644 app/en/guides/early-access/_meta.tsx diff --git a/app/en/guides/early-access/_meta.tsx b/app/en/guides/early-access/_meta.tsx deleted file mode 100644 index bcf8b3815..000000000 --- a/app/en/guides/early-access/_meta.tsx +++ /dev/null @@ -1,14 +0,0 @@ -import type { MetaRecord } from "nextra"; - -const meta: MetaRecord = { - "warp-pipes": { - title: "Warp Pipes", - href: "/en/guides/deployment-hosting/warp-pipes", - }, - "registry-early-access": { - title: "Registry Early Access", - href: "/en/resources/registry-early-access", - }, -}; - -export default meta; From 50ec32bb8568dab760d0b144bf4b6f8d451ffe0a Mon Sep 17 00:00:00 2001 From: vfanelle Date: Thu, 25 Jun 2026 18:04:33 -0700 Subject: [PATCH 12/15] Hide registry-early-access from Resources sidebar (now under Early Access) --- app/en/resources/_meta.tsx | 3 +++ 1 file changed, 3 insertions(+) diff --git a/app/en/resources/_meta.tsx b/app/en/resources/_meta.tsx index 221119e63..0708cde75 100644 --- a/app/en/resources/_meta.tsx +++ b/app/en/resources/_meta.tsx @@ -22,6 +22,9 @@ export const meta: MetaRecord = { "contact-us": { title: "Contact", }, + "registry-early-access": { + display: "hidden", + }, "early-access": { title: "Early Access", }, From 692b5c430d009e7d21b4f3a6e5f53d9a25f1a936 Mon Sep 17 00:00:00 2001 From: vfanelle Date: Thu, 25 Jun 2026 18:12:35 -0700 Subject: [PATCH 13/15] Hide warp-pipes from Deployment & hosting sidebar (now under Early Access) --- app/en/guides/deployment-hosting/_meta.tsx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/en/guides/deployment-hosting/_meta.tsx b/app/en/guides/deployment-hosting/_meta.tsx index 277532c85..b0c819478 100644 --- a/app/en/guides/deployment-hosting/_meta.tsx +++ b/app/en/guides/deployment-hosting/_meta.tsx @@ -18,7 +18,7 @@ const meta: MetaRecord = { title: "On-premises MCP servers", }, "warp-pipes": { - title: "Warp Pipes", + display: "hidden", }, "configure-engine": { title: "Configure Arcade's engine", From 29b6184bf33aee8a7eec13e48c45bcf0d29e8e7f Mon Sep 17 00:00:00 2001 From: vfanelle Date: Thu, 25 Jun 2026 18:14:32 -0700 Subject: [PATCH 14/15] Hide warp-pipes from Deployment & hosting sidebar --- app/en/guides/deployment-hosting/_meta.tsx | 1 + 1 file changed, 1 insertion(+) diff --git a/app/en/guides/deployment-hosting/_meta.tsx b/app/en/guides/deployment-hosting/_meta.tsx index b0c819478..d6ae3945f 100644 --- a/app/en/guides/deployment-hosting/_meta.tsx +++ b/app/en/guides/deployment-hosting/_meta.tsx @@ -18,6 +18,7 @@ const meta: MetaRecord = { title: "On-premises MCP servers", }, "warp-pipes": { + title: "Warp Pipes", display: "hidden", }, "configure-engine": { From dbc6743c5e532387f796da5f0420263f0263eb7d Mon Sep 17 00:00:00 2001 From: vfanelle Date: Thu, 25 Jun 2026 18:30:43 -0700 Subject: [PATCH 15/15] Fix formatting in early-access _meta.tsx --- app/en/resources/early-access/_meta.tsx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/en/resources/early-access/_meta.tsx b/app/en/resources/early-access/_meta.tsx index d1c6be400..910620b82 100644 --- a/app/en/resources/early-access/_meta.tsx +++ b/app/en/resources/early-access/_meta.tsx @@ -5,7 +5,7 @@ const meta: MetaRecord = { title: "Warp Pipes", href: "/en/guides/deployment-hosting/warp-pipes", }, - "registry": { + registry: { title: "Arcade Registry", href: "/en/resources/registry-early-access", },