diff --git a/app/en/get-started/agent-frameworks/tanstack-ai/page.mdx b/app/en/get-started/agent-frameworks/tanstack-ai/page.mdx
index d21776db2..21eac6386 100644
--- a/app/en/get-started/agent-frameworks/tanstack-ai/page.mdx
+++ b/app/en/get-started/agent-frameworks/tanstack-ai/page.mdx
@@ -697,7 +697,7 @@ On first use, you'll see an authorization button. Click it to connect your Gmail
1. **Add more tools**: Browse the [MCP server catalog](/resources/integrations) and add tools for GitHub, Notion, Linear, and more.
2. **Try different providers**: Swap `@tanstack/ai-openai` for `@tanstack/ai-anthropic` or `@tanstack/ai-gemini` to use different AI models.
-3. **Add user authentication**: In production, get `userId` from your auth system instead of environment variables. See [Security](/guides/security) for best practices.
+3. **Add user authentication**: In production, get `userId` from your auth system instead of environment variables. See [Secure your server](/guides/create-tools/secure-your-server) for best practices.
4. **Deploy your chatbot**: TanStack Start supports deployment to Vercel, Netlify, Cloudflare, and Node.js servers.
## Complete code
diff --git a/app/en/get-started/agent-frameworks/vercelai/page.mdx b/app/en/get-started/agent-frameworks/vercelai/page.mdx
index cfa684c39..8cf3e8a77 100644
--- a/app/en/get-started/agent-frameworks/vercelai/page.mdx
+++ b/app/en/get-started/agent-frameworks/vercelai/page.mdx
@@ -597,7 +597,7 @@ On first use, you'll see an authorization button. Click it to connect your Gmail
## Next steps
1. **Add more tools**: Browse the [MCP server catalog](/resources/integrations) and add tools for GitHub, Notion, Linear, and more.
-2. **Add user authentication**: In production, get `userId` from your auth system instead of environment variables. See [Security](/guides/security) for best practices.
+2. **Add user authentication**: In production, get `userId` from your auth system instead of environment variables. See [Secure your server](/guides/create-tools/secure-your-server) for best practices.
3. **Deploy to Vercel**: Push your chatbot to GitHub and [deploy to Vercel](https://vercel.com/docs/deployments/overview) with one click. Add your environment variables in the Vercel dashboard.
## Complete code
diff --git a/app/en/guides/_meta.tsx b/app/en/guides/_meta.tsx
index 8b51210b5..e16f9a05e 100644
--- a/app/en/guides/_meta.tsx
+++ b/app/en/guides/_meta.tsx
@@ -22,9 +22,6 @@ export const meta: MetaRecord = {
"deployment-hosting": {
title: "Deployment & hosting",
},
- security: {
- title: "Security & Compliance",
- },
};
export default meta;
diff --git a/app/en/guides/create-tools/_meta.tsx b/app/en/guides/create-tools/_meta.tsx
index a4fa9d6e2..596e9868d 100644
--- a/app/en/guides/create-tools/_meta.tsx
+++ b/app/en/guides/create-tools/_meta.tsx
@@ -16,6 +16,9 @@ export const meta: MetaRecord = {
title: "Handle errors",
href: "/guides/create-tools/error-handling",
},
+ "secure-your-server": {
+ title: "Secure your server",
+ },
"migrate-toolkits": {
title: "Migrate from toolkits to MCP servers",
},
diff --git a/app/en/guides/security/_meta.tsx b/app/en/guides/create-tools/secure-your-server/_meta.tsx
similarity index 59%
rename from app/en/guides/security/_meta.tsx
rename to app/en/guides/create-tools/secure-your-server/_meta.tsx
index 5589db761..dcf7271d9 100644
--- a/app/en/guides/security/_meta.tsx
+++ b/app/en/guides/create-tools/secure-your-server/_meta.tsx
@@ -11,14 +11,8 @@ const meta: MetaRecord = {
index: {
title: "Overview",
},
- "securing-arcade-mcp": {
- title: "Securing Arcade MCP",
- },
"secure-your-mcp-server": {
- title: "Secure your MCP server",
- },
- "security-research-program": {
- title: "Security research program",
+ title: "Add Resource Server auth",
},
};
diff --git a/app/en/guides/security/securing-arcade-mcp/page.mdx b/app/en/guides/create-tools/secure-your-server/page.mdx
similarity index 87%
rename from app/en/guides/security/securing-arcade-mcp/page.mdx
rename to app/en/guides/create-tools/secure-your-server/page.mdx
index 7cbdf1563..ab5362705 100644
--- a/app/en/guides/security/securing-arcade-mcp/page.mdx
+++ b/app/en/guides/create-tools/secure-your-server/page.mdx
@@ -21,8 +21,4 @@ This approach is ideal when:
Resource Server auth works alongside tool-level authorization. Resource Server auth secures access to the MCP server itself, while tool-level auth enables your tools to access third-party APIs on behalf of the authenticated user.
-Learn more about adding front-door OAuth to your MCP server [here](/guides/security/secure-your-mcp-server).
-
-### Client ID Metadata Documents (Coming soon)
-
-Coming soon, you will be able to secure your MCP server using Client ID Metadata Documents (CIMD) for authorization. Learn more about how MCP integrates with OAuth [here](https://blog.modelcontextprotocol.io/posts/client_registration/).
+Learn more about adding front-door OAuth to your MCP server [here](/guides/create-tools/secure-your-server/secure-your-mcp-server).
diff --git a/app/en/guides/security/secure-your-mcp-server/page.mdx b/app/en/guides/create-tools/secure-your-server/secure-your-mcp-server/page.mdx
similarity index 100%
rename from app/en/guides/security/secure-your-mcp-server/page.mdx
rename to app/en/guides/create-tools/secure-your-server/secure-your-mcp-server/page.mdx
diff --git a/app/en/guides/security/page.mdx b/app/en/guides/security/page.mdx
deleted file mode 100644
index ca4cc8799..000000000
--- a/app/en/guides/security/page.mdx
+++ /dev/null
@@ -1,15 +0,0 @@
----
-title: "Security"
-description: "Learn about security best practices for MCP servers and Arcade tools, plus information about our security research program"
----
-
-import { SubpageList } from '../../../_components/subpage-list';
-import meta from './_meta';
-
-# Security
-
-Learn about security best practices for building and deploying secure MCP servers and Arcade tools. Use these resources when implementing production-ready tools that handle sensitive data or require robust security measures.
-
-Security is crucial when building tools that interact with external services, handle user data, or operate in production environments. Arcade provides comprehensive security guidance and actively maintains a security research program.
-
-
\ No newline at end of file
diff --git a/app/en/learn/server-level-vs-tool-level-auth/page.mdx b/app/en/learn/server-level-vs-tool-level-auth/page.mdx
index 0d65387ff..ebbbff919 100644
--- a/app/en/learn/server-level-vs-tool-level-auth/page.mdx
+++ b/app/en/learn/server-level-vs-tool-level-auth/page.mdx
@@ -17,7 +17,7 @@ Arcade MCP servers support two distinct layers of authorization that work togeth
## Quick Comparison
-| Aspect | [Resource Server Auth (Front-Door)](/guides/security/secure-your-mcp-server) | [Tool-Level Authorization](/guides/create-tools/tool-basics/create-tool-auth) |
+| Aspect | [Resource Server Auth (Front-Door)](/guides/create-tools/secure-your-server/secure-your-mcp-server) | [Tool-Level Authorization](/guides/create-tools/tool-basics/create-tool-auth) |
| --------------------- | ---------------------------------------------------------------------------- | ----------------------------------------------------------------------------- |
| **What it secures** | Access to your MCP server | Access to third-party APIs |
| **Who authenticates** | The user calling your server | The user's access to external services |
diff --git a/app/en/references/changelog/page.mdx b/app/en/references/changelog/page.mdx
index 4646fc726..9b02570c1 100644
--- a/app/en/references/changelog/page.mdx
+++ b/app/en/references/changelog/page.mdx
@@ -141,7 +141,7 @@ _Here's what's new at Arcade.dev!_
**Arcade MCP Servers**
-- `[feature - 🚀]` OAuth authentication for `arcade-mcp` servers. Learn more about it [here](/guides/security/secure-your-mcp-server!
+- `[feature - 🚀]` OAuth authentication for `arcade-mcp` servers. Learn more about it [here](/guides/create-tools/secure-your-server/secure-your-mcp-server)
- `[maintenance - 🔧]` Ability to run multiple uvicorn workers
- `[maintenance - 🔧]` Include type annotations for `arcade_mcp_server`
diff --git a/app/en/resources/_meta.tsx b/app/en/resources/_meta.tsx
index 51d652ef8..4165cd5de 100644
--- a/app/en/resources/_meta.tsx
+++ b/app/en/resources/_meta.tsx
@@ -16,6 +16,9 @@ export const meta: MetaRecord = {
faq: {
title: "FAQ",
},
+ "security-research-program": {
+ title: "Security research program",
+ },
"contact-us": {
title: "Contact",
},
diff --git a/app/en/resources/contact-us/contact-cards.tsx b/app/en/resources/contact-us/contact-cards.tsx
index 0041a0a90..9e2e720a9 100644
--- a/app/en/resources/contact-us/contact-cards.tsx
+++ b/app/en/resources/contact-us/contact-cards.tsx
@@ -306,7 +306,7 @@ export function ContactCards() {
/>
diff --git a/app/en/guides/security/security-research-program/page.mdx b/app/en/resources/security-research-program/page.mdx
similarity index 100%
rename from app/en/guides/security/security-research-program/page.mdx
rename to app/en/resources/security-research-program/page.mdx
diff --git a/next.config.ts b/next.config.ts
index a8dbde6a3..d6c62bc6c 100644
--- a/next.config.ts
+++ b/next.config.ts
@@ -24,6 +24,28 @@ const nextConfig: NextConfig = withLlmsTxt({
withNextra({
async redirects() {
return [
+ // Dissolved guides/security section
+ {
+ source: "/:locale/guides/security/security-research-program",
+ destination: "/:locale/resources/security-research-program",
+ permanent: true,
+ },
+ {
+ source: "/:locale/guides/security/securing-arcade-mcp",
+ destination: "/:locale/guides/create-tools/secure-your-server",
+ permanent: true,
+ },
+ {
+ source: "/:locale/guides/security/secure-your-mcp-server",
+ destination:
+ "/:locale/guides/create-tools/secure-your-server/secure-your-mcp-server",
+ permanent: true,
+ },
+ {
+ source: "/:locale/guides/security",
+ destination: "/:locale/guides/create-tools/secure-your-server",
+ permanent: true,
+ },
// Auto-added redirects for deleted pages
{
source: "/:locale/references/mcp/python/transports",
@@ -397,7 +419,8 @@ const nextConfig: NextConfig = withLlmsTxt({
},
{
source: "/:locale/home/build-tools/secure-your-mcp-server",
- destination: "/:locale/guides/security/secure-your-mcp-server",
+ destination:
+ "/:locale/guides/create-tools/secure-your-server/secure-your-mcp-server",
permanent: true,
},
{
diff --git a/public/llms.txt b/public/llms.txt
index 3eecc1e6c..ce0d4ea35 100644
--- a/public/llms.txt
+++ b/public/llms.txt
@@ -1,4 +1,4 @@
-
+
# Arcade
@@ -65,7 +65,7 @@ Arcade delivers three core capabilities: Deploy agents even your security team w
- [Add metadata to your tools](https://docs.arcade.dev/en/guides/create-tools/tool-basics/add-tool-metadata): This documentation page guides users on how to enhance their MCP tools with structured metadata using `ToolMetadata`, enabling better understanding and interaction by MCP clients, policy engines, and tool-selection systems. Users will learn to classify their tools, describe their behavior, and
- [Add remote MCP servers](https://docs.arcade.dev/en/guides/mcp-gateways/add-remote-servers): This documentation page provides a step-by-step guide for users to register and connect a remote MCP server to their Arcade project, enabling the use of its tools within MCP Gateways and SDKs. Users will learn how to configure connection settings, manage tool visibility
- [Add user authorization to your MCP tools](https://docs.arcade.dev/en/guides/create-tools/tool-basics/create-tool-auth): This documentation page guides users on how to implement user authorization in their custom MCP tools using Arcade, OAuth, and various auth providers, specifically illustrating the process with a Reddit integration example. Users will learn to create tools that require OAuth for access, manage authorization
-- [Adding Resource Server Auth to Your MCP Server](https://docs.arcade.dev/en/guides/security/secure-your-mcp-server): This documentation page guides users on how to secure their HTTP MCP server using OAuth 2.1 Resource Server authentication, enabling tool-level authorization and the safe handling of secrets. It outlines the prerequisites, benefits, and configuration steps necessary for implementing this security feature
+- [Adding Resource Server Auth to Your MCP Server](https://docs.arcade.dev/en/guides/create-tools/secure-your-server/secure-your-mcp-server): This documentation page guides users on how to secure their HTTP MCP server using OAuth 2.1 Resource Server authentication, enabling tool-level authorization and secrets management. It outlines the prerequisites, benefits, and configuration steps necessary for implementing this security measure, ensuring that
- [Agentic development](https://docs.arcade.dev/en/get-started/setup/connect-arcade-docs): This documentation page provides guidance on utilizing agents in Integrated Development Environments (IDEs) to enhance development efficiency by accessing well-formatted markdown documentation directly from the Arcade site. It explains how AI agents can retrieve content without manual copying and introduces the LLM
- [Arcade Cloud infrastructure](https://docs.arcade.dev/en/guides/deployment-hosting/arcade-cloud): This documentation page provides an overview of the infrastructure supporting Arcade Cloud, detailing aspects such as data storage, protection, and sovereignty options. Users can learn about the management of their data, including retention policies and consent models for training data, as well as the
- [Arcade Gateway Assistant](https://docs.arcade.dev/en/guides/mcp-gateways/create-via-ai): The Arcade Gateway Assistant documentation guides users in creating and managing MCP gateways through a chat interface using natural language commands. It outlines the prerequisites for setup, including creating an Arcade account and connecting to compatible chat clients, and provides step-by-step instructions for authentication and
@@ -131,9 +131,8 @@ Arcade delivers three core capabilities: Deploy agents even your security team w
- [Run evaluations](https://docs.arcade.dev/en/guides/create-tools/evaluate-tools/run-evaluations): This documentation page provides guidance on using the `arcade evals` command to run evaluation suites across multiple providers and models, allowing users to execute, compare, and analyze evaluation results in various output formats. It covers features such as multi-provider support,
- [Running an Server](https://docs.arcade.dev/en/guides/contextual-access/examples): This documentation page provides users with guidance on running open-source example webhook servers to implement Contextual Access. It includes detailed instructions for setting up both a full-featured advanced server and minimal focused examples, allowing users to quickly start using or customizing these servers for
- [Secure and Brand the Auth Flow in Production](https://docs.arcade.dev/en/guides/user-facing-agents/secure-auth-production): This documentation page guides users on how to secure and customize authentication flows in production using Arcade.dev. It outlines the use of the default Arcade user verifier for development and the implementation of a custom user verifier for production applications, ensuring user safety and a tailored user
-- [Securing Arcade MCP Deployments](https://docs.arcade.dev/en/guides/security/securing-arcade-mcp): This documentation page provides guidance on securing Arcade MCP deployments, outlining two primary methods: deploying the MCP server to the Arcade platform for built-in security features and implementing OAuth 2.1 Resource Server authentication for self-hosted setups. Users will learn how to
-- [Security](https://docs.arcade.dev/en/guides/security): This documentation page provides essential security best practices for developing and deploying MCP servers and Arcade tools, emphasizing the importance of safeguarding sensitive data and ensuring robust security measures in production environments. It also outlines resources and guidance for implementing secure tools and highlights the ongoing security research
-- [Security Research Program](https://docs.arcade.dev/en/guides/security/security-research-program): The Security Research Program documentation page outlines how users can report security vulnerabilities within Arcade's tools and services, emphasizing the importance of community involvement in enhancing security. It details the scope of issues covered, the reporting process, and guidelines for responsible disclosure. Additionally,
+- [Securing Arcade MCP Deployments](https://docs.arcade.dev/en/guides/create-tools/secure-your-server): This documentation page provides guidance on securing Arcade MCP deployments by outlining two primary methods: deploying the MCP server through the Arcade platform for built-in security features and implementing OAuth 2.1 Resource Server authentication for self-hosted setups. Users will learn how to
+- [Security Research Program](https://docs.arcade.dev/en/resources/security-research-program): The Security Research Program documentation page outlines how users can report security vulnerabilities in Arcade's tools and services, emphasizing the importance of community involvement in enhancing security. It details the types of vulnerabilities sought, the reporting process, and guidelines for responsible disclosure. Additionally,
- [Server-Level vs Tool-Level Authorization](https://docs.arcade.dev/en/learn/server-level-vs-tool-level-auth): This documentation page explains the differences between server-level authorization (Resource Server auth) and tool-level authorization in Arcade MCP servers, highlighting their respective roles in securing access to the server and external APIs. It provides guidance on when to implement each type of authorization and
- [Setup Arcade with Google ADK (Python)](https://docs.arcade.dev/en/get-started/agent-frameworks/google-adk/setup-python): This documentation page provides a comprehensive guide for users to set up and integrate Arcade tools with the Google ADK framework using Python. It outlines the necessary prerequisites, teaches users how to build a Google ADK agent that utilizes Arcade tools, and explains how to
- [Setup Arcade with Google ADK (TypeScript)](https://docs.arcade.dev/en/get-started/agent-frameworks/google-adk/setup-typescript): This documentation page guides users through the process of setting up an AI agent using Arcade tools with the Google ADK in TypeScript. It covers prerequisites, integration steps, and key concepts such as tool conversion and session management, enabling users to build agents that