ACI.dev Platform
Author: aipotheosis-labs
Description: ACI.dev is an open-source tool-calling platform for connecting AI agents/agentic IDEs to 600+ integrations via unified, intent-aware function calling. It provides multi-tenant OAuth/auth, secrets management, granular natural-language permissions, dynamic tool discovery, and tool-use logging. It can expose tools either through SDK-style direct function calls or via a Unified Model Context Protocol (MCP) server.
Stars: 4.7k
Forks: 462
License: Apache License 2.0
Category: Open Source
Overview
Installation
FAQs
What are the limitations of self-hosting ACI.dev with only three seed integrations, and how do you add more integrations to a self-hosted instance?
Self-hosted instances receive only Brave Search, Hacker News, and Gmail for local testing, while the hosted platform provides access to the full six-hundred-plus catalog. The content does not document a method for adding additional integrations to self-hosted deployments. Teams requiring broader tool access must use the hosted platform or build custom integrations.
What is the current status of the Google OAuth blocking issue for Gmail and Google Calendar in ACI.dev, and are there any workarounds?
Gmail and Google Calendar OAuth is currently blocked by Google in ACI.dev with no documented workaround, tracked in issue #9 on the aci-mcp repository. If your workflow depends on Google Workspace tools, this remains an active blocker. Check the GitHub issue thread for community progress or consider alternative integrations until Google approves the OAuth application.
How does ACI.dev compare to Composio in terms of authentication management, pricing, and ease of setup for MCP workflows?
The content notes ACI.dev offers centralized OAuth, API keys, and shared credentials, while directing readers to verify Composio's authentication in vendor documentation. Neither pricing nor detailed setup complexity comparisons are provided. To evaluate authentication workflows, OAuth refresh handling, credential rotation, pricing tiers, and installation steps, consult each platform's current documentation, as both products evolve frequently.
Can ACI.dev's Unified MCP server handle concurrent tool executions across multiple integrations within a single agent session?
The content does not specify concurrency behavior. ACI.dev's architecture uses two meta-tools for search and execution, which suggests sequential intent-discovery-then-execute cycles, but whether the execution function supports parallel calls or enforces serial processing is undocumented. Teams needing concurrent execution across integrations should test with real workloads or review the aci-mcp repository for implementation details on async handling and rate-limit management.
How do I configure the context window size for optimal performance?
ACI.dev does not expose context window configuration settings. The platform uses intent-based tool discovery to reduce context bloat by exposing only two meta-functions instead of listing all tools upfront. Optimize performance by enabling allowed-apps-only mode, using precise intent descriptions in search calls, and evaluating whether runtime discovery reduces prompt overhead compared to loading full tool catalogs.
What are the risks of using sessions for authentication in MCP servers?
Session-based authentication in MCP servers risks authentication mismatches causing 401 errors or fallback to weaker methods, OAuth token manipulation enabling privilege escalation, session hijacking for lateral movement, lack of real-time Conditional Access controls allowing post-auth exploits, and credential exposure in hybrid integrations. Mitigation requires matching auth to hosting model, enforcing managed identities, implementing token validation, and monitoring anomalous OAuth patterns.