Merge remote-tracking branch 'upstream/updates/screenshots-nov-2025-resolved' into updates/screenshots-nov-2025

Author: AbdulDavids

api-design/security.md

@@ -8,7 +8,7 @@ description: "Implement robust security measures in your API to protect sensitiv
 Creating an API is like opening a door to the outside world. Who is allowed
 through, what they can carry, and where they're allowed to go is incredibly
 important. In this guide we'll see how design choices made early on impact the
-security of an API once it's built. 
+security of an API once it's built.
 
 Many API security problems come down to coding errors or misconfigured
 infrastructure, but this guide focuses more on the foundational API design
@@ -48,10 +48,10 @@ decisions can make or break an API's defenses before it's even built.
 **Every API consumer should only have access to what they need and nothing more.**
 
 Imagine designing an API for an e-commerce platform. A customer should be
-able to view their order history, but not other customers' orders. 
+able to view their order history, but not other customers' orders.
 
 Similarly, a "staff" user might need access to refund functionality but shouldn't
-necessarily see sensitive payment details. 
+necessarily see sensitive payment details.
 
 **What Could Go Wrong**: Failure to verify this could lead
 to Insecure Direct Object References (IDOR), a common flaw where attackers can
@@ -67,7 +67,7 @@ Authorization: Bearer {access_token}
 ```
 
 The application should verify that the `orderId` belongs to the authenticated
-user, unless the user has a role like `admin`. 
+user, unless the user has a role like `admin`.
 
 Refund logic and payment details can be split onto their own endpoints:
 
@@ -83,7 +83,7 @@ Authorization: Bearer {admin_access_token}
 
 This allows staff handle refunds, but does not leak sensitive credit card
 information to as many people within the company, whilst still making it
-possible to escalate customer problems to a higher access user. 
+possible to escalate customer problems to a higher access user.
 
 Better yet, **the payments collection is not even on the API**, it's something only
 viewable in an admin backend system thats protected with a firewall and VPN.
@@ -94,17 +94,17 @@ viewable in an admin backend system thats protected with a firewall and VPN.
 "private".**
 
 Any incoming API traffic could be compromised in some way, even if it's
-considered to be a trusted source. 
+considered to be a trusted source.
 
 An API could suddenly become public: either intentionally when infrastructure
 teams move things around, or accidentally when somebody de-compiles an iOS
-application or sniffs traffic to find an API that people thought was hidden. 
+application or sniffs traffic to find an API that people thought was hidden.
 
 Even if an API is firewalled off from public traffic, another API or service
 could have been hacked giving them access to the protected API.
 
 It's best to treat everyone with suspicion, and validate all inputs as strictly
-as possible. 
+as possible.
 
 **What Could Go Wrong**: Malicious data could be introduced, or private
 information leaked, leading to any number of issues. People could delete invoice
@@ -113,13 +113,13 @@ wrong person. They could change passwords for users so they can log in as them
 to access information and processes not even available in the API.
 
 **Design Decision**: Set strict rules for which properties are editable, which
-can be returned, and set strict validation rules for these properties. 
+can be returned, and set strict validation rules for these properties.
 
 This can be described in OpenAPI early on utilizing `readOnly`, `writeOnly`,
 `required`, setting `additionalProperties: false`. [Learn more about
-additionalProperties](https://www.speakeasy.com/guides/openapi/additionalproperties).
+additionalProperties](https://www.speakeasy.com/docs/sdks/customize/data-model/additionalproperties).
 This means when the API is developed the OpenAPI can be used for integration
-testing to poke and prod to see if extra properties can sneak though. 
+testing to poke and prod to see if extra properties can sneak though.
 
 Comical examples of this was somebody hacking GitHub and Rails to update the
 `created_at` date to have the year 3012. This attack is known as Bender from the
@@ -153,7 +153,7 @@ Authorization: Bearer my-secret-key
 
 Using `Authorization` has the added benefit over generic custom headers like
 `X-API-Key` because it will alert HTTP caching tools to not reuse this response
-for other users by default. 
+for other users by default.
 
 This is not simply about authorization though, there are lots of other
 "sensitive" things which should not go into the URL. Email addresses, social
@@ -168,7 +168,7 @@ we're all looking for.
 ## Principle #4: Limit one-time URLs
 
 Logins and file uploads often involve allowing a user to pass in a URL, which
-will then be downloaded or redirected to. 
+will then be downloaded or redirected to.
 
 ```http
 POST /products/{productId}/images
@@ -221,7 +221,7 @@ business might not want to expose, or allow outright theft of an entire dataset.
 
 A startup tracking street art around the world (think Banksy, Bragga, and
 smaller artists) built an amazing unique database of user-generated photographs
-and locations of all sorts of graffiti, sculptures, installations, etc. 
+and locations of all sorts of graffiti, sculptures, installations, etc.
 
 This data was not available anywhere else on the Internet, but their website
 relied on two API endpoints:
@@ -240,10 +240,11 @@ number of how many active users versus inactive users, leaking a "churn rate"
 which could be embarrassing in the press of scare off investors.
 
 Using the same approach a client can hit `GET /artworks/1` and loop through with `id
-+ 1` to grab a hold of all that data, which helped that company populate their
-own database, making a new competitor quite easily, and with a slightly better
-app as they didn't have to spend time or money building the dataset in the first
-place. This put the original startup out of business.
+
+- 1` to grab a hold of all that data, which helped that company populate their
+  own database, making a new competitor quite easily, and with a slightly better
+  app as they didn't have to spend time or money building the dataset in the first
+  place. This put the original startup out of business.
 
 **Design Decision**: There are non-incremental or "hard to guess" system of
 identifiers instead. Standards like
@@ -282,7 +283,7 @@ thresholds for various user roles:
 - Paid users: 1,000 requests per hour
 
 Communicate these limits clearly in API documentation and return appropriate
-status codes like `429 Too Many Requests` when limits are exceeded. 
+status codes like `429 Too Many Requests` when limits are exceeded.
 
 Learn more about [rate limiting](/api-design/rate-limiting).
 
@@ -317,7 +318,7 @@ keeping up to date with new editions when they're released.
 ## Tooling
 
 Much of this advice and more can be applied to an OpenAPI automatically to help
-whole teams make good decisions early on in the API design process. 
+whole teams make good decisions early on in the API design process.
 
 - [Vacuum](https://quobix.com/vacuum/) via the built in [OWASP Ruleset](https://quobix.com/vacuum/rules/owasp/).
 - [Spectral](https://github.com/stoplightio/spectral) with the [Spectral OWASP Ruleset](https://github.com/stoplightio/spectral-owasp-ruleset).
@@ -330,10 +331,10 @@ many of the pitfalls outlined here and in the OWASP API Security Top 10 can be a
 
 Remember, every design decision is a trade-off. Security measures often add
 complexity or impact usability. The goal is to strike the right balance,
-keeping the needs of both API consumers and the business in mind. 
+keeping the needs of both API consumers and the business in mind.
 
 There's no need to go to massive massive and intrusive lengths to secure
 information that is fine out in the public, but it is important to establish
-good practices for limiting interactions for more sensitive data. 
+good practices for limiting interactions for more sensitive data.
 
 Maybe this means creating more than one API.

docs/gram/build-mcp/dynamic-toolsets.mdx

@@ -5,54 +5,73 @@ description: Enable very large MCP servers by making a toolset dynamic
 
 import { Callout } from "@/mdx/components";
 
-Dynamic toolsets enable very large MCP servers without overloading context windows. Instead of exposing all tools upfront like traditional MCP, dynamic toolsets provide "meta" tools that allow the LLM to discover only the tools it needs to complete specific tasks, optimizing token and context management.
+Dynamic toolsets enable very large MCP servers without overloading context windows. Instead of exposing all tools upfront like traditional MCP, dynamic toolsets provide "meta" tools that allow the LLM to discover only the tools it needs to complete specific tasks, delivering up to 160x token reduction while maintaining full functionality.
 
-Gram exposes two types of dynamic toolsets, both of which are experimental:
+Our refined Dynamic Toolsets approach combines the best of semantic search and progressive discovery into a unified system that exposes three core tools. For detailed technical insights and performance benchmarks, see our [blog post on how we reduced token usage by 100x](/blog/how-we-reduced-token-usage-by-100x-dynamic-toolsets-v2).
 
-## Progressive Search
+## How Dynamic Toolsets work
 
-Progressive Search uses a "progressive discovery" approach to surface tools. Tools are organized into groups that the LLM can inspect to gradually discover what tools are available to it. Details of tools are only exposed when needed, for example tool schemas (which represent a large portion of tool token use) are only surfaced when the LLM decides it actually wants to use a specific tool. The toolset is compressed into three tools that actually get exposed directly to the LLM:
+Dynamic toolsets follow the natural workflow an LLM needs: search → describe → execute. The system compresses large toolsets into three meta-tools:
 
-### `list_tools`
+### `search_tools`
 
-The LLM can discover available tools using prefix-based lookup (e.g., `list_tools(/hubspot/deals/*)`). This process is accelerated by providing the structure of available tools in the tool description, creating a hierarchy of available sources and tags. This allows the LLM full control over what tools it discovers and when.
+The LLM searches for relevant tools using natural language queries with embeddings-based semantic search. The tool description includes categorical overviews of available tools (e.g., "This toolset includes HubSpot CRM operations, deal management...") and supports filtering by tags like `source:hubspot` for precise discovery.
 
 ### `describe_tools`
 
-The LLM can look up detailed information about specific tools, including input schemas. While this could be combined with `list_tools`, the input schemas represent a significant portion of tokens, so keeping them separate optimizes token and context management at the cost of speed.
+The LLM requests detailed schemas and documentation only for tools it intends to use. This separation optimizes token usage since input schemas represent 60-80% of total tokens in static toolsets.
 
 ### `execute_tool`
 
-Execute the discovered and described tools as needed for the specific task.
+The LLM executes discovered and described tools with proper parameters.
 
-## Semantic Search
+## Performance benefits
 
-Semantic Search provides an embeddings-based approach to tool discovery. Embeddings are created in advance for all the tools in a toolset, then searched over to find relevant tools for a given task.
+Dynamic toolsets deliver significant advantages over static toolsets:
 
-### `find_tools`
+**Massive token reduction**: Input tokens are reduced by an average of 96% for simple tasks and 91% for complex tasks, with total token usage dropping by 96% and 90% respectively.
 
-The LLM can execute semantic search over embeddings created from all tools in the toolset, allowing for more intuitive tool discovery based on natural language descriptions of what it wants to accomplish. This is generally faster than Progressive Search especially for large toolsets, but has less complete coverage and may result in worse discovery. The LLM has no insight into what tools are available broadly and can only operate off of whatever the semantic search returns.
+**Consistent scaling**: Token usage remains relatively constant regardless of toolset size. A 400-tool dynamic toolset uses only ~8,000 tokens initially compared to 410,000+ for the same static toolset.
 
-### `execute_tool`
+**Context window compatibility**: Large toolsets that exceed Claude's 200k context window limit with static approaches work seamlessly with dynamic toolsets.
+
+**Perfect reliability**: Maintains 100% success rates across all toolset sizes and task complexities.
+
+### Sample performance data
+
+| Toolset Size | Mode | Simple Task Tokens | Tool Calls | Complex Task Tokens | Tool Calls |
+|-------------|------|-------------------|------------|-------------------|------------|
+| 100 tools | Static | 159,218 | 1 | 159,216 | 3 |
+| 100 tools | Dynamic | 8,401 | 3 | 18,095 | 7 |
+| 400 tools | Static | 410,738 | 1 | 410,661 | 3 |
+| 400 tools | Dynamic | 8,421 | 3 | 31,355 | 7.8 |
+
+## Trade-offs
 
-Execute the tools found through semantic search.
+While dynamic toolsets offer significant benefits, there are some considerations:
 
-## Benefits
+**Increased tool calls**: Dynamic toolsets require 2-3x more tool calls (typically 6-8 for complex tasks vs 3 for static), following the search → describe → execute pattern.
 
-Both dynamic toolset approaches share the same core benefit: they avoid dumping all tools into context upfront. Instead, they expose the LLM to only the tools actually needed for a given task, making it possible to work with very large toolsets while maintaining efficient context usage.
+**Potential latency**: Additional tool calls may introduce slight latency, though this is often offset by reduced token processing time.
 
-This approach is particularly valuable when working with extensive APIs or large collections of tools where loading everything at once would exceed context limits or create unnecessary complexity.
+**Complexity**: The multi-step discovery process adds complexity compared to direct tool access, though this is handled automatically by the LLM.
 
 ## Enabling dynamic toolsets
 
-Head to the `MCP` tab to switch your toolset to one of the above dynamic modes.
+Head to the **MCP** tab in your Gram dashboard and switch your toolset from "Static" to "Dynamic" mode.
 
 <Callout title="Note" type="info">
-This setting only applies to MCP, and will not affect how your toolset is used in the playground.
+This setting only applies to MCP and will not affect how your toolset is used in the playground, where static tool exposure remains useful for testing and development.
 </Callout>
 
-![enabling dynamic toolsets](/assets/docs/gram/img/dashboard/tool-selection-mode.png)
+Dynamic toolsets are particularly valuable for:
+- APIs with 100+ operations
+- Enterprise systems with comprehensive toolsets
+- Applications where context window limits are a concern
+- Production environments requiring predictable costs
 
 ## Additional reading
 
+- [How we reduced token usage by 100x with Dynamic Toolsets](/blog/how-we-reduced-token-usage-by-100x-dynamic-toolsets-v2)
 - [Code Execution with MCP](https://www.anthropic.com/engineering/code-execution-with-mcp)
+- [Previous Dynamic Toolsets implementation](/blog/100x-token-reduction-dynamic-toolsets)

docs/gram/clients/using-claude-code-with-gram-mcp-servers.mdx

@@ -55,9 +55,19 @@ gram install claude-code --toolset taskmaster
 This command automatically:
 - Fetches your toolset configuration from Gram
 - Derives the MCP URL and authentication settings
-- Creates the correct configuration (by default in user-level `~/.claude/settings.local.json`)
+- Creates the correct configuration (by default in user-level `~/.claude.json`)
 
-**Configuration Scopes:**
+#### Setting up environment variables
+
+If your toolset requires authentication, you'll need to set up environment variables. The `gram install` command will display the required variable names and provide the export command you need to run to set the variable value.
+
+For the Taskmaster toolset, you'll need to set the `MCP_TASK_MASTER_API_KEY` environment variable to your Taskmaster API key. You can do this by running the following command:
+
+```bash
+export MCP_TASK_MASTER_API_KEY='your-api-key-value'
+```
+
+#### Configuration Scopes
 
 You can control where the MCP server configuration is installed using the `--scope` flag:
 
@@ -211,4 +221,3 @@ If Claude Code isn't calling the tools:
 You now have Claude Code connected to a Gram-hosted MCP server with task management capabilities.
 
 Ready to build your own MCP server? [Try Gram today](/product/gram) and see how easy it is to turn any API into agent-ready tools.
-

docs/gram/concepts/environments.mdx

@@ -25,10 +25,3 @@ On the environment page, add environment variables by clicking **New Variable**.
 Attach an environment to a toolset by clicking the **Fill for toolset** button, then selecting the specific toolset you want to configure. This allows you to pre-fill all required environment variables for that toolset, ensuring it's ready to use across the Playground, SDKs, and MCP clients.
 
 ![Attaching an environment to a toolset](/assets/docs/gram/img/concepts/environments/attaching-an-environment-to-a-toolset.png)
-
-<div className="flex justify-center">
-  <video controls muted={true}>
-    <source src="/assets/docs/gram/videos/environments.mp4" type="video/mp4" />
-    Your browser does not support the video tag.
-  </video>
-</div>

docs/gram/concepts/tool-variations.md renamed to docs/gram/concepts/tool-variations.mdx

@@ -32,4 +32,4 @@ Similarly, to edit a tool's description, click the 3 dots and select **Edit desc
     src="/assets/docs/gram/videos/tool-variations/editing-tool-description.mp4"
     type="video/mp4"
   />
-</video>
+</video>