[{"data":1,"prerenderedAt":5102},["ShallowReactive",2],{"navigation_fr":3,"posts_fr:/fr/blog/mcp-aouth":51,"posts_fr:/fr/blog/mcp-aouth:surround":2201},[4],{"title":5,"path":6,"stem":7,"children":8,"page":50},"Fr","/fr","fr",[9],{"title":10,"path":11,"stem":12,"children":13,"page":50},"Blog","/fr/blog","fr/blog",[14,18,22,26,30,34,38,42,46],{"title":15,"path":16,"stem":17},"Serveurs MCP comme Serveurs de Ressources OAuth : Une Approche Simplifiée","/fr/blog/mcp-aouth","fr/blog/1. mcp-aouth",{"title":19,"path":20,"stem":21},"Pratiques de Sécurité pour MCP Utilisant JSON-RPC","/fr/blog/mcp-security","fr/blog/1. mcp-security",{"title":23,"path":24,"stem":25},"Serveurs MCP : Connecter l'IA aux Données en Temps Réel","/fr/blog/mcp-create","fr/blog/2. mcp-create",{"title":27,"path":28,"stem":29},"Agents MCP Tiny On-Premises : S'affranchir des Dépendances Cloud","/fr/blog/mcp-tiny-agents-on-premises","fr/blog/5. mcp-tiny-agents-on-premises",{"title":31,"path":32,"stem":33},"De l'Idée à l'API en 2 Jours : Construction de Bankly avec les Flux de Travail Agentiques","/fr/blog/overvibing","fr/blog/6. overvibing",{"title":35,"path":36,"stem":37},"Chatbot IA, Serveur MCP construit avec le Protocole de Flux de Travail Agentique pour démo sur Checkatrade.com","/fr/blog/mcp-in-chat-demo","fr/blog/8. mcp-in-chat-demo",{"title":39,"path":40,"stem":41},"DDD et les Frameworks Full-Stack","/fr/blog/architecture","fr/blog/architecture",{"title":43,"path":44,"stem":45},"Qualité : Comment protéger les Frontends alimentés par l'IA ?","/fr/blog/qa-front","fr/blog/qa-front",{"title":47,"path":48,"stem":49},"Consultation et Stratégie IT","/fr/blog/strategy","fr/blog/strategy",false,{"id":52,"title":15,"authors":53,"badge":60,"body":64,"date":2193,"description":2194,"extension":2195,"image":2196,"meta":2198,"navigation":309,"path":16,"seo":2199,"stem":17,"__hash__":2200},"posts_fr/fr/blog/1. mcp-aouth.md",[54],{"name":55,"description":56,"to":57,"avatar":58},"Michael Wybraniec","Freelance, MCP Servers, Full-Stack Development, Architecture","https://www.linkedin.com/in/one-front/",{"src":59},"https://media.licdn.com/dms/image/v2/D4D03AQF3mn-R1ERoNg/profile-displayphoto-crop_800_800/B4DZeoMSehHMAI-/0/1750873484401?e=1756339200&v=beta&t=D2AWIO__-FP4J-iWELIG6djNIvq0WOe8x9uBYpKvFZA",{"label":61,"color":62,"variant":63},"Architecture, Security","primary","soft",{"type":65,"value":66,"toc":2175},"minimark",[67,90,117,138,190,205,258,269,420,435,549,564,603,1171,1186,1192,1266,1281,1292,1425,1440,1549,1564,1722,1900,1932,1938,1947,2008,2017,2032,2158,2171],[68,69,70,75,76,75,80,75,84],"p",{},[71,72,74],"a",{"href":73},"/blog","Retour aux articles"," | ",[71,77,79],{"href":78},"/blog/architecture","Architecture MCP",[71,81,83],{"href":82},"/blog/mcp-security","Sécurité MCP",[71,85,89],{"href":86,"rel":87},"https://datatracker.ietf.org/doc/html/rfc8693",[88],"nofollow","RFC 8693 Token Exchange",[91,92,95],"div",{"className":93},[94],"text-justify",[68,96,97,98,102,103,106,107,112,113,116],{},"L'architecture d'autorisation du Model Context Protocol (MCP) peut être considérablement simplifiée en traitant les serveurs MCP comme des ",[99,100,101],"strong",{},"serveurs de ressources OAuth"," plutôt que comme des serveurs d'autorisation. Cette approche révolutionnaire, proposée par ",[99,104,105],{},"dasiths"," dans la ",[71,108,111],{"href":109,"rel":110},"https://github.com/modelcontextprotocol/modelcontextprotocol/discussions/381",[88],"discussion GitHub",", permet aux développeurs de tirer parti des solutions d'identité existantes comme ",[99,114,115],{},"Okta, Auth0, Microsoft Entra ID"," tout en réduisant la complexité d'implémentation et en améliorant l'adoption en entreprise.",[91,118,123,130],{"className":119},[120,121,122],"flex","justify-between","items-center",[124,125,127],"h2",{"id":126},"le-problème-avec-lapproche-actuelle",[99,128,129],{},"Le Problème avec l'Approche Actuelle",[68,131,132],{},[71,133,135],{"href":134},"#top",[99,136,137],{},"⤴",[91,139,141,148],{"className":140},[94],[68,142,143,144,147],{},"L'implémentation actuelle du brouillon d'autorisation MCP traite chaque serveur MCP comme un ",[99,145,146],{},"serveur d'autorisation OAuth",". Cela signifie que chaque développeur de serveur MCP doit implémenter conformément aux spécifications :",[149,150,151,162,172,175],"ul",{},[152,153,154,161],"li",{},[99,155,156],{},[71,157,160],{"href":158,"rel":159},"https://datatracker.ietf.org/doc/html/rfc8414",[88],"RFC 8414"," - OAuth 2.0 Authorization Server Metadata",[152,163,164,171],{},[99,165,166],{},[71,167,170],{"href":168,"rel":169},"https://datatracker.ietf.org/doc/html/rfc7591",[88],"RFC 7591"," - OAuth 2.0 Dynamic Client Registration Protocol",[152,173,174],{},"Les endpoints d'autorisation et de tokens",[152,176,177,178,181,182,185,186,189],{},"La gestion des sessions utilisateurs\nCette approche crée une ",[99,179,180],{},"complexité inutile"," et constitue un obstacle majeur à l'adoption, comme l'a souligné ",[99,183,184],{},"gao-sun"," qui a testé cette implémentation avec ",[99,187,188],{},"Logto, Keycloak et Auth0",".",[91,191,193,199],{"className":192},[120,121,122],[124,194,196],{"id":195},"la-solution-serveur-de-ressources-oauth",[99,197,198],{},"La Solution : Serveur de Ressources OAuth",[68,200,201],{},[71,202,203],{"href":134},[99,204,137],{},[91,206,208,234],{"className":207},[94],[68,209,210,211,214,215,223,224,227,228,233],{},"En traitant le serveur MCP comme un ",[99,212,213],{},"serveur de ressources OAuth"," conformément au ",[99,216,217,222],{},[71,218,221],{"href":219,"rel":220},"https://datatracker.ietf.org/doc/html/rfc9728",[88],"RFC 9728"," - OAuth 2.0 Protected Resource Metadata",", nous déléguons l'authentification et l'autorisation à des fournisseurs d'identité existants. Cette approche transforme le serveur MCP en un service ",[99,225,226],{},"sans état"," en ce qui concerne les préoccupations d'authentification, utilisant le ",[99,229,230],{},[71,231,89],{"href":86,"rel":232},[88]," pour les scénarios de délégation.",[68,235,236,237,244,245,248,249,253,254,189],{},"Selon la ",[99,238,239],{},[71,240,243],{"href":241,"rel":242},"https://github.com/modelcontextprotocol/modelcontextprotocol/blob/63ccd1a416de4ffe7c24d8257f8f3c849e4ea0f8/docs/specification/draft/basic/authorization.mdx",[88],"spécification officielle MCP",", les serveurs MCP ",[99,246,247],{},"DOIVENT"," implémenter OAuth 2.0 Protected Resource Metadata pour indiquer l'emplacement des serveurs d'autorisation via l'en-tête ",[250,251,252],"code",{},"WWW-Authenticate"," lors du retour d'un ",[255,256,257],"em",{},"401 Unauthorized",[91,259,261,266],{"className":260},[94],[68,262,263],{},[99,264,265],{},"Diagramme 1 : Flux de découverte et d'autorisation MCP avec serveur de ressources OAuth",[68,267,268],{},"Ce diagramme illustre le processus complet de découverte des métadonnées et d'autorisation entre un client MCP, un serveur MCP agissant comme serveur de ressources OAuth, et un serveur d'autorisation externe. Le flux commence par une requête non autorisée et se termine par une communication MCP sécurisée avec un token d'accès valide.",[270,271,276],"pre",{"className":272,"code":273,"language":274,"meta":275,"style":275},"language-mermaid shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","sequenceDiagram\n participant C as Client MCP\n participant M as Serveur MCP (Serveur de Ressources)\n participant A as Serveur d'Autorisation\n\n C->>M: Requête MCP sans token\n M-->>C: HTTP 401 Unauthorized avec en-tête WWW-Authenticate\n Note over C: Extraire resource_metadata\u003Cbr />du WWW-Authenticate\n\n C->>M: GET /.well-known/oauth-protected-resource\n M-->>C: Métadonnées de ressource avec URL serveur d'autorisation\n Note over C: Valider métadonnées RS,\u003Cbr />construire URL métadonnées AS\n\n C->>A: GET /.well-known/oauth-authorization-server\n A-->>C: Métadonnées serveur d'autorisation\n\n Note over C,A: Flux d'autorisation OAuth 2.1 se déroule ici\n\n C->>A: Requête de token\n A-->>C: Token d'accès\n\n C->>M: Requête MCP avec token d'accès\n M-->>C: Réponse MCP\n Note over C,M: Communication MCP continue avec token valide\n","mermaid","",[250,277,278,286,292,298,304,311,317,323,329,334,340,346,352,357,363,369,374,380,385,391,397,402,408,414],{"__ignoreMap":275},[279,280,283],"span",{"class":281,"line":282},"line",1,[279,284,285],{},"sequenceDiagram\n",[279,287,289],{"class":281,"line":288},2,[279,290,291],{}," participant C as Client MCP\n",[279,293,295],{"class":281,"line":294},3,[279,296,297],{}," participant M as Serveur MCP (Serveur de Ressources)\n",[279,299,301],{"class":281,"line":300},4,[279,302,303],{}," participant A as Serveur d'Autorisation\n",[279,305,307],{"class":281,"line":306},5,[279,308,310],{"emptyLinePlaceholder":309},true,"\n",[279,312,314],{"class":281,"line":313},6,[279,315,316],{}," C->>M: Requête MCP sans token\n",[279,318,320],{"class":281,"line":319},7,[279,321,322],{}," M-->>C: HTTP 401 Unauthorized avec en-tête WWW-Authenticate\n",[279,324,326],{"class":281,"line":325},8,[279,327,328],{}," Note over C: Extraire resource_metadata\u003Cbr />du WWW-Authenticate\n",[279,330,332],{"class":281,"line":331},9,[279,333,310],{"emptyLinePlaceholder":309},[279,335,337],{"class":281,"line":336},10,[279,338,339],{}," C->>M: GET /.well-known/oauth-protected-resource\n",[279,341,343],{"class":281,"line":342},11,[279,344,345],{}," M-->>C: Métadonnées de ressource avec URL serveur d'autorisation\n",[279,347,349],{"class":281,"line":348},12,[279,350,351],{}," Note over C: Valider métadonnées RS,\u003Cbr />construire URL métadonnées AS\n",[279,353,355],{"class":281,"line":354},13,[279,356,310],{"emptyLinePlaceholder":309},[279,358,360],{"class":281,"line":359},14,[279,361,362],{}," C->>A: GET /.well-known/oauth-authorization-server\n",[279,364,366],{"class":281,"line":365},15,[279,367,368],{}," A-->>C: Métadonnées serveur d'autorisation\n",[279,370,372],{"class":281,"line":371},16,[279,373,310],{"emptyLinePlaceholder":309},[279,375,377],{"class":281,"line":376},17,[279,378,379],{}," Note over C,A: Flux d'autorisation OAuth 2.1 se déroule ici\n",[279,381,383],{"class":281,"line":382},18,[279,384,310],{"emptyLinePlaceholder":309},[279,386,388],{"class":281,"line":387},19,[279,389,390],{}," C->>A: Requête de token\n",[279,392,394],{"class":281,"line":393},20,[279,395,396],{}," A-->>C: Token d'accès\n",[279,398,400],{"class":281,"line":399},21,[279,401,310],{"emptyLinePlaceholder":309},[279,403,405],{"class":281,"line":404},22,[279,406,407],{}," C->>M: Requête MCP avec token d'accès\n",[279,409,411],{"class":281,"line":410},23,[279,412,413],{}," M-->>C: Réponse MCP\n",[279,415,417],{"class":281,"line":416},24,[279,418,419],{}," Note over C,M: Communication MCP continue avec token valide\n",[91,421,423,429],{"className":422},[120,121,122],[124,424,426],{"id":425},"avantages-de-cette-approche",[99,427,428],{},"Avantages de Cette Approche",[68,430,431],{},[71,432,433],{"href":134},[99,434,137],{},[91,436,444,492],{"className":437},[438,439,440,441,442,443],"grid","grid-cols-1","md:grid-cols-2","items-start","w-full","gap-x-8",[91,445,447,454,461,472,478,481],{"className":446},[94],[448,449,451],"h4",{"id":450},"adoption-entreprise",[99,452,453],{},"🏢 Adoption Entreprise",[68,455,456,457,460],{},"Cette approche augmente considérablement l'",[99,458,459],{},"adoptabilité de MCP dans les scénarios d'entreprise"," où des serveurs d'autorisation OAuth sont déjà déployés. Les organisations peuvent :",[149,462,463,466,469],{},[152,464,465],{},"Utiliser leurs solutions d'identité existantes",[152,467,468],{},"Appliquer leurs politiques de sécurité établies",[152,470,471],{},"Intégrer MCP dans leur architecture de sécurité actuelle",[448,473,475],{"id":474},"réduction-de-complexité",[99,476,477],{},"⚡ Réduction de Complexité",[68,479,480],{},"Les développeurs de serveurs MCP n'ont plus besoin de :",[149,482,483,486,489],{},[152,484,485],{},"Implémenter des flux d'autorisation complexes",[152,487,488],{},"Gérer les sessions et tokens liés",[152,490,491],{},"Maintenir des bases de données d'utilisateurs",[91,493,495,501,522,528,535],{"className":494},[94],[448,496,498],{"id":497},"sécurité-renforcée",[99,499,500],{},"🔒 Sécurité Renforcée",[149,502,503,509,515],{},[152,504,505,508],{},[99,506,507],{},"Réduction de la surface d'attaque"," en cas de vulnérabilité",[152,510,511,514],{},[99,512,513],{},"Architecture sans état"," pour les préoccupations d'auth",[152,516,517,518,521],{},"Possibilité d'utiliser des ",[99,519,520],{},"flux d'échange de tokens"," pour agir au nom de l'utilisateur",[448,523,525],{"id":524},"flexibilité-client",[99,526,527],{},"🔄 Flexibilité Client",[68,529,530,531,534],{},"Les clients MCP peuvent tirer parti de ",[99,532,533],{},"n'importe quel flux OAuth supporté"," pour récupérer un token :",[149,536,537,540,543,546],{},[152,538,539],{},"Client credentials",[152,541,542],{},"Authorization code",[152,544,545],{},"Device code",[152,547,548],{},"Token exchange",[91,550,552,558],{"className":551},[120,121,122],[124,553,555],{"id":554},"scénario-dexemple-échange-de-tokens",[99,556,557],{},"Scénario d'Exemple : Échange de Tokens",[68,559,560],{},[71,561,562],{"href":134},[99,563,137],{},[91,565,567,592],{"className":566},[94],[68,568,569,570,573,574,576,577,214,580,587,588,591],{},"Considérons une organisation avec une ",[99,571,572],{},"multitude d'APIs REST"," développées au fil des années, comme mentionné par ",[99,575,105],{}," dans sa proposition. Ces APIs sont protégées par l'authentification ",[99,578,579],{},"JWT bearer",[99,581,582],{},[71,583,586],{"href":584,"rel":585},"https://datatracker.ietf.org/doc/html/rfc6750",[88],"RFC 6750"," et disposent de serveurs d'autorisation OAuth existants (",[99,589,590],{},"Okta, Auth0, Microsoft Entra ID, Keycloak",").",[68,593,594,595,598,599,602],{},"Le ",[99,596,597],{},"chemin le plus simple pour adopter MCP"," serait de tirer parti de leur solution d'auth existante et de traiter le serveur MCP comme un simple service de niveau intermédiaire qui doit consommer leurs APIs existantes en utilisant le ",[99,600,601],{},"Token Exchange Flow"," du RFC 8693.",[270,604,608],{"className":605,"code":606,"language":607,"meta":275,"style":275},"language-typescript shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","// Exemple d'implémentation côté serveur MCP inspirée de MCP Auth par gao-sun\nclass MCPResourceServer {\n async handleRequest(request: MCPRequest, accessToken: string) {\n // 1. Valider le token avec le serveur d'autorisation (RFC 7662 Token Introspection)\n const validation = await this.validateToken(accessToken);\n \n if (!validation.valid) {\n throw new UnauthorizedError();\n }\n \n // 2. Échange de token pour accéder aux APIs internes (RFC 8693)\n const exchangedToken = await this.exchangeToken(\n accessToken, \n 'urn:ietf:params:oauth:token-type:access_token',\n 'https://api.internal.company.com'\n );\n \n // 3. Appel à l'API avec le token échangé\n return await this.callInternalAPI(exchangedToken);\n }\n \n // Métadonnées de ressource protégée (RFC 9728) - Endpoint /.well-known/oauth-protected-resource\n async getResourceMetadata() {\n return {\n \"authorization_servers\": [\"https://auth.company.com\"],\n \"scopes_supported\": [\"mcp:read\", \"mcp:write\", \"mcp:admin\"],\n \"bearer_methods_supported\": [\"header\"],\n \"resource_documentation\": \"https://docs.company.com/mcp-api\"\n };\n }\n \n // Gestion de l'en-tête WWW-Authenticate selon la spécification MCP\n async handleUnauthorized(response: Response) {\n response.status = 401;\n response.headers.set('WWW-Authenticate', \n 'Bearer realm=\"MCP Server\", resource_metadata=\"https://mcp.company.com/.well-known/oauth-protected-resource\"'\n );\n response.headers.set('MCP-Protocol-Version', '2024-11-05');\n return response;\n }\n}\n","typescript",[250,609,610,616,630,668,673,706,711,736,752,757,761,766,785,795,810,820,827,831,836,857,862,867,872,883,889,918,962,987,1007,1013,1018,1023,1029,1051,1070,1097,1107,1114,1150,1160,1165],{"__ignoreMap":275},[279,611,612],{"class":281,"line":282},[279,613,615],{"class":614},"sHwdD","// Exemple d'implémentation côté serveur MCP inspirée de MCP Auth par gao-sun\n",[279,617,618,622,626],{"class":281,"line":288},[279,619,621],{"class":620},"spNyl","class",[279,623,625],{"class":624},"sBMFI"," MCPResourceServer",[279,627,629],{"class":628},"sMK4o"," {\n",[279,631,632,635,639,642,646,649,652,655,658,660,663,666],{"class":281,"line":294},[279,633,634],{"class":620}," async",[279,636,638],{"class":637},"swJcz"," handleRequest",[279,640,641],{"class":628},"(",[279,643,645],{"class":644},"sHdIc","request",[279,647,648],{"class":628},":",[279,650,651],{"class":624}," MCPRequest",[279,653,654],{"class":628},",",[279,656,657],{"class":644}," accessToken",[279,659,648],{"class":628},[279,661,662],{"class":624}," string",[279,664,665],{"class":628},")",[279,667,629],{"class":628},[279,669,670],{"class":281,"line":300},[279,671,672],{"class":614}," // 1. Valider le token avec le serveur d'autorisation (RFC 7662 Token Introspection)\n",[279,674,675,678,682,685,689,692,696,698,701,703],{"class":281,"line":306},[279,676,677],{"class":620}," const",[279,679,681],{"class":680},"sTEyZ"," validation",[279,683,684],{"class":628}," =",[279,686,688],{"class":687},"s7zQu"," await",[279,690,691],{"class":628}," this.",[279,693,695],{"class":694},"s2Zo4","validateToken",[279,697,641],{"class":637},[279,699,700],{"class":680},"accessToken",[279,702,665],{"class":637},[279,704,705],{"class":628},";\n",[279,707,708],{"class":281,"line":313},[279,709,710],{"class":637}," \n",[279,712,713,716,719,722,725,727,730,733],{"class":281,"line":319},[279,714,715],{"class":687}," if",[279,717,718],{"class":637}," (",[279,720,721],{"class":628},"!",[279,723,724],{"class":680},"validation",[279,726,189],{"class":628},[279,728,729],{"class":680},"valid",[279,731,732],{"class":637},") ",[279,734,735],{"class":628},"{\n",[279,737,738,741,744,747,750],{"class":281,"line":325},[279,739,740],{"class":687}," throw",[279,742,743],{"class":628}," new",[279,745,746],{"class":694}," UnauthorizedError",[279,748,749],{"class":637},"()",[279,751,705],{"class":628},[279,753,754],{"class":281,"line":331},[279,755,756],{"class":628}," }\n",[279,758,759],{"class":281,"line":336},[279,760,710],{"class":637},[279,762,763],{"class":281,"line":342},[279,764,765],{"class":614}," // 2. Échange de token pour accéder aux APIs internes (RFC 8693)\n",[279,767,768,770,773,775,777,779,782],{"class":281,"line":348},[279,769,677],{"class":620},[279,771,772],{"class":680}," exchangedToken",[279,774,684],{"class":628},[279,776,688],{"class":687},[279,778,691],{"class":628},[279,780,781],{"class":694},"exchangeToken",[279,783,784],{"class":637},"(\n",[279,786,787,790,792],{"class":281,"line":354},[279,788,789],{"class":680}," accessToken",[279,791,654],{"class":628},[279,793,794],{"class":637}," \n",[279,796,797,800,804,807],{"class":281,"line":359},[279,798,799],{"class":628}," '",[279,801,803],{"class":802},"sfazB","urn:ietf:params:oauth:token-type:access_token",[279,805,806],{"class":628},"'",[279,808,809],{"class":628},",\n",[279,811,812,814,817],{"class":281,"line":365},[279,813,799],{"class":628},[279,815,816],{"class":802},"https://api.internal.company.com",[279,818,819],{"class":628},"'\n",[279,821,822,825],{"class":281,"line":371},[279,823,824],{"class":637}," )",[279,826,705],{"class":628},[279,828,829],{"class":281,"line":376},[279,830,710],{"class":637},[279,832,833],{"class":281,"line":382},[279,834,835],{"class":614}," // 3. Appel à l'API avec le token échangé\n",[279,837,838,841,843,845,848,850,853,855],{"class":281,"line":387},[279,839,840],{"class":687}," return",[279,842,688],{"class":687},[279,844,691],{"class":628},[279,846,847],{"class":694},"callInternalAPI",[279,849,641],{"class":637},[279,851,852],{"class":680},"exchangedToken",[279,854,665],{"class":637},[279,856,705],{"class":628},[279,858,859],{"class":281,"line":393},[279,860,861],{"class":628}," }\n",[279,863,864],{"class":281,"line":399},[279,865,866],{"class":680}," \n",[279,868,869],{"class":281,"line":404},[279,870,871],{"class":614}," // Métadonnées de ressource protégée (RFC 9728) - Endpoint /.well-known/oauth-protected-resource\n",[279,873,874,876,879,881],{"class":281,"line":410},[279,875,634],{"class":620},[279,877,878],{"class":637}," getResourceMetadata",[279,880,749],{"class":628},[279,882,629],{"class":628},[279,884,885,887],{"class":281,"line":416},[279,886,840],{"class":687},[279,888,629],{"class":628},[279,890,892,895,898,901,903,906,908,911,913,916],{"class":281,"line":891},25,[279,893,894],{"class":628}," \"",[279,896,897],{"class":637},"authorization_servers",[279,899,900],{"class":628},"\"",[279,902,648],{"class":628},[279,904,905],{"class":637}," [",[279,907,900],{"class":628},[279,909,910],{"class":802},"https://auth.company.com",[279,912,900],{"class":628},[279,914,915],{"class":637},"]",[279,917,809],{"class":628},[279,919,921,923,926,928,930,932,934,937,939,941,944,947,949,951,953,956,958,960],{"class":281,"line":920},26,[279,922,894],{"class":628},[279,924,925],{"class":637},"scopes_supported",[279,927,900],{"class":628},[279,929,648],{"class":628},[279,931,905],{"class":637},[279,933,900],{"class":628},[279,935,936],{"class":802},"mcp:read",[279,938,900],{"class":628},[279,940,654],{"class":628},[279,942,943],{"class":628}," \"",[279,945,946],{"class":802},"mcp:write",[279,948,900],{"class":628},[279,950,654],{"class":628},[279,952,943],{"class":628},[279,954,955],{"class":802},"mcp:admin",[279,957,900],{"class":628},[279,959,915],{"class":637},[279,961,809],{"class":628},[279,963,965,967,970,972,974,976,978,981,983,985],{"class":281,"line":964},27,[279,966,894],{"class":628},[279,968,969],{"class":637},"bearer_methods_supported",[279,971,900],{"class":628},[279,973,648],{"class":628},[279,975,905],{"class":637},[279,977,900],{"class":628},[279,979,980],{"class":802},"header",[279,982,900],{"class":628},[279,984,915],{"class":637},[279,986,809],{"class":628},[279,988,990,992,995,997,999,1001,1004],{"class":281,"line":989},28,[279,991,894],{"class":628},[279,993,994],{"class":637},"resource_documentation",[279,996,900],{"class":628},[279,998,648],{"class":628},[279,1000,943],{"class":628},[279,1002,1003],{"class":802},"https://docs.company.com/mcp-api",[279,1005,1006],{"class":628},"\"\n",[279,1008,1010],{"class":281,"line":1009},29,[279,1011,1012],{"class":628}," };\n",[279,1014,1016],{"class":281,"line":1015},30,[279,1017,861],{"class":628},[279,1019,1021],{"class":281,"line":1020},31,[279,1022,866],{"class":680},[279,1024,1026],{"class":281,"line":1025},32,[279,1027,1028],{"class":614}," // Gestion de l'en-tête WWW-Authenticate selon la spécification MCP\n",[279,1030,1032,1034,1037,1039,1042,1044,1047,1049],{"class":281,"line":1031},33,[279,1033,634],{"class":620},[279,1035,1036],{"class":637}," handleUnauthorized",[279,1038,641],{"class":628},[279,1040,1041],{"class":644},"response",[279,1043,648],{"class":628},[279,1045,1046],{"class":624}," Response",[279,1048,665],{"class":628},[279,1050,629],{"class":628},[279,1052,1054,1057,1059,1062,1064,1068],{"class":281,"line":1053},34,[279,1055,1056],{"class":680}," response",[279,1058,189],{"class":628},[279,1060,1061],{"class":680},"status",[279,1063,684],{"class":628},[279,1065,1067],{"class":1066},"sbssI"," 401",[279,1069,705],{"class":628},[279,1071,1073,1075,1077,1080,1082,1085,1087,1089,1091,1093,1095],{"class":281,"line":1072},35,[279,1074,1056],{"class":680},[279,1076,189],{"class":628},[279,1078,1079],{"class":680},"headers",[279,1081,189],{"class":628},[279,1083,1084],{"class":694},"set",[279,1086,641],{"class":637},[279,1088,806],{"class":628},[279,1090,252],{"class":802},[279,1092,806],{"class":628},[279,1094,654],{"class":628},[279,1096,794],{"class":637},[279,1098,1100,1102,1105],{"class":281,"line":1099},36,[279,1101,799],{"class":628},[279,1103,1104],{"class":802},"Bearer realm=\"MCP Server\", resource_metadata=\"https://mcp.company.com/.well-known/oauth-protected-resource\"",[279,1106,819],{"class":628},[279,1108,1110,1112],{"class":281,"line":1109},37,[279,1111,824],{"class":637},[279,1113,705],{"class":628},[279,1115,1117,1119,1121,1123,1125,1127,1129,1131,1134,1136,1138,1141,1144,1146,1148],{"class":281,"line":1116},38,[279,1118,1056],{"class":680},[279,1120,189],{"class":628},[279,1122,1079],{"class":680},[279,1124,189],{"class":628},[279,1126,1084],{"class":694},[279,1128,641],{"class":637},[279,1130,806],{"class":628},[279,1132,1133],{"class":802},"MCP-Protocol-Version",[279,1135,806],{"class":628},[279,1137,654],{"class":628},[279,1139,1140],{"class":628}," '",[279,1142,1143],{"class":802},"2024-11-05",[279,1145,806],{"class":628},[279,1147,665],{"class":637},[279,1149,705],{"class":628},[279,1151,1153,1155,1158],{"class":281,"line":1152},39,[279,1154,840],{"class":687},[279,1156,1157],{"class":680}," response",[279,1159,705],{"class":628},[279,1161,1163],{"class":281,"line":1162},40,[279,1164,861],{"class":628},[279,1166,1168],{"class":281,"line":1167},41,[279,1169,1170],{"class":628},"}\n",[91,1172,1174,1180],{"className":1173},[120,121,122],[124,1175,1177],{"id":1176},"types-de-grants-oauth-supportés",[99,1178,1179],{},"Types de Grants OAuth Supportés",[68,1181,1182],{},[71,1183,1184],{"href":134},[99,1185,137],{},[91,1187,1189],{"className":1188},[94],[68,1190,1191],{},"Selon le type de client et le cas d'usage, différents grants OAuth peuvent être utilisés avec cette approche :",[1193,1194,1195,1212],"table",{},[1196,1197,1198],"thead",{},[1199,1200,1201,1207],"tr",{},[1202,1203,1204],"th",{},[99,1205,1206],{},"Type de Grant",[1202,1208,1209],{},[99,1210,1211],{},"Type de Client / Cas d'Usage",[1213,1214,1215,1226,1236,1246,1256],"tbody",{},[1199,1216,1217,1223],{},[1218,1219,1220],"td",{},[99,1221,1222],{},"Authorization Code",[1218,1224,1225],{},"Applications web traditionnelles avec backend et applications natives (mobile/desktop) pour SSO via navigateur système",[1199,1227,1228,1233],{},[1218,1229,1230],{},[99,1231,1232],{},"Client Credentials",[1218,1234,1235],{},"Clients comme services web agissant en leur propre nom",[1199,1237,1238,1243],{},[1218,1239,1240],{},[99,1241,1242],{},"Device Code",[1218,1244,1245],{},"Appareils sans navigateur ou avec saisie contrainte (Smart TV, console média, imprimante, etc.)",[1199,1247,1248,1253],{},[1218,1249,1250],{},[99,1251,1252],{},"Token Exchange",[1218,1254,1255],{},"Applications et services obtenant un token d'accès dans des scénarios de délégation et d'impersonation",[1199,1257,1258,1263],{},[1218,1259,1260],{},[99,1261,1262],{},"JWT Bearer",[1218,1264,1265],{},"Client possédant un JWT d'un domaine de sécurité l'échangeant contre un token OAuth 2.0 dans un autre domaine",[91,1267,1269,1275],{"className":1268},[120,121,122],[124,1270,1272],{"id":1271},"flux-dautorisation-complet",[99,1273,1274],{},"Flux d'Autorisation Complet",[68,1276,1277],{},[71,1278,1279],{"href":134},[99,1280,137],{},[91,1282,1284,1289],{"className":1283},[94],[68,1285,1286],{},[99,1287,1288],{},"Diagramme 2 : Flux d'autorisation OAuth 2.1 complet avec interaction utilisateur",[68,1290,1291],{},"Ce diagramme détaille le processus d'autorisation OAuth 2.1 incluant l'interaction avec l'agent utilisateur (navigateur). Il montre comment un client MCP obtient l'autorisation de l'utilisateur via le navigateur, utilise PKCE pour la sécurité, et échange le code d'autorisation contre un token d'accès pour établir une communication sécurisée avec le serveur MCP.",[270,1293,1295],{"className":272,"code":1294,"language":274,"meta":275,"style":275},"sequenceDiagram\n participant B as Agent Utilisateur (Navigateur)\n participant C as Client MCP\n participant M as Serveur MCP (Serveur de Ressources)\n participant A as Serveur d'Autorisation\n\n C->>M: Requête MCP sans token\n M->>C: HTTP 401 Unauthorized avec en-tête WWW-Authenticate\n Note over C: Extraire l'URL resource_metadata du WWW-Authenticate\n\n C->>A: GET /.well-known/oauth-authorization-server\n A->>C: Réponse métadonnées serveur d'autorisation\n\n alt Enregistrement client dynamique\n C->>A: POST /register\n A->>C: Identifiants Client\n end\n\n Note over C: Générer paramètres PKCE\n C->>B: Ouvrir navigateur avec URL d'autorisation + code_challenge\n B->>A: Requête d'autorisation\n Note over A: L'utilisateur autorise\n A->>B: Redirection vers callback avec code d'autorisation\n B->>C: Callback code d'autorisation\n C->>A: Requête token + code_verifier\n A->>C: Token d'accès (+ token de rafraîchissement)\n C->>M: Requête MCP avec token d'accès\n M-->>C: Réponse MCP\n",[250,1296,1297,1301,1306,1310,1314,1318,1322,1326,1331,1336,1340,1344,1349,1353,1358,1363,1368,1373,1377,1382,1387,1392,1397,1402,1407,1412,1417,1421],{"__ignoreMap":275},[279,1298,1299],{"class":281,"line":282},[279,1300,285],{},[279,1302,1303],{"class":281,"line":288},[279,1304,1305],{}," participant B as Agent Utilisateur (Navigateur)\n",[279,1307,1308],{"class":281,"line":294},[279,1309,291],{},[279,1311,1312],{"class":281,"line":300},[279,1313,297],{},[279,1315,1316],{"class":281,"line":306},[279,1317,303],{},[279,1319,1320],{"class":281,"line":313},[279,1321,310],{"emptyLinePlaceholder":309},[279,1323,1324],{"class":281,"line":319},[279,1325,316],{},[279,1327,1328],{"class":281,"line":325},[279,1329,1330],{}," M->>C: HTTP 401 Unauthorized avec en-tête WWW-Authenticate\n",[279,1332,1333],{"class":281,"line":331},[279,1334,1335],{}," Note over C: Extraire l'URL resource_metadata du WWW-Authenticate\n",[279,1337,1338],{"class":281,"line":336},[279,1339,310],{"emptyLinePlaceholder":309},[279,1341,1342],{"class":281,"line":342},[279,1343,362],{},[279,1345,1346],{"class":281,"line":348},[279,1347,1348],{}," A->>C: Réponse métadonnées serveur d'autorisation\n",[279,1350,1351],{"class":281,"line":354},[279,1352,310],{"emptyLinePlaceholder":309},[279,1354,1355],{"class":281,"line":359},[279,1356,1357],{}," alt Enregistrement client dynamique\n",[279,1359,1360],{"class":281,"line":365},[279,1361,1362],{}," C->>A: POST /register\n",[279,1364,1365],{"class":281,"line":371},[279,1366,1367],{}," A->>C: Identifiants Client\n",[279,1369,1370],{"class":281,"line":376},[279,1371,1372],{}," end\n",[279,1374,1375],{"class":281,"line":382},[279,1376,310],{"emptyLinePlaceholder":309},[279,1378,1379],{"class":281,"line":387},[279,1380,1381],{}," Note over C: Générer paramètres PKCE\n",[279,1383,1384],{"class":281,"line":393},[279,1385,1386],{}," C->>B: Ouvrir navigateur avec URL d'autorisation + code_challenge\n",[279,1388,1389],{"class":281,"line":399},[279,1390,1391],{}," B->>A: Requête d'autorisation\n",[279,1393,1394],{"class":281,"line":404},[279,1395,1396],{}," Note over A: L'utilisateur autorise\n",[279,1398,1399],{"class":281,"line":410},[279,1400,1401],{}," A->>B: Redirection vers callback avec code d'autorisation\n",[279,1403,1404],{"class":281,"line":416},[279,1405,1406],{}," B->>C: Callback code d'autorisation\n",[279,1408,1409],{"class":281,"line":891},[279,1410,1411],{}," C->>A: Requête token + code_verifier\n",[279,1413,1414],{"class":281,"line":920},[279,1415,1416],{}," A->>C: Token d'accès (+ token de rafraîchissement)\n",[279,1418,1419],{"class":281,"line":964},[279,1420,407],{},[279,1422,1423],{"class":281,"line":989},[279,1424,413],{},[91,1426,1428,1434],{"className":1427},[120,121,122],[124,1429,1431],{"id":1430},"considérations-de-sécurité",[99,1432,1433],{},"Considérations de Sécurité",[68,1435,1436],{},[71,1437,1438],{"href":134},[99,1439,137],{},[91,1441,1443,1478],{"className":1442},[438,439,440,441,442,443],[91,1444,1446,1452],{"className":1445},[94],[448,1447,1449],{"id":1448},"bonnes-pratiques",[99,1450,1451],{},"🔐 Bonnes Pratiques",[149,1453,1454,1460,1466,1472],{},[152,1455,1456,1459],{},[99,1457,1458],{},"PKCE requis"," pour tous les clients et serveurs d'autorisation MCP",[152,1461,1462,1465],{},[99,1463,1464],{},"Stockage sécurisé des tokens"," suivant les meilleures pratiques OAuth 2.0",[152,1467,1468,1471],{},[99,1469,1470],{},"Validation des URI de redirection"," pour prévenir les vulnérabilités de redirection ouverte",[152,1473,1474,1477],{},[99,1475,1476],{},"HTTPS obligatoire"," pour tous les endpoints d'autorisation",[91,1479,1481,1487],{"className":1480},[94],[448,1482,1484],{"id":1483},"️-gestion-derreurs",[99,1485,1486],{},"⚠️ Gestion d'Erreurs",[1193,1488,1489,1508],{},[1196,1490,1491],{},[1199,1492,1493,1498,1503],{},[1202,1494,1495],{},[99,1496,1497],{},"Code de Statut",[1202,1499,1500],{},[99,1501,1502],{},"Description",[1202,1504,1505],{},[99,1506,1507],{},"Usage",[1213,1509,1510,1523,1536],{},[1199,1511,1512,1517,1520],{},[1218,1513,1514],{},[99,1515,1516],{},"401",[1218,1518,1519],{},"Non autorisé",[1218,1521,1522],{},"Autorisation requise ou token invalide",[1199,1524,1525,1530,1533],{},[1218,1526,1527],{},[99,1528,1529],{},"403",[1218,1531,1532],{},"Interdit",[1218,1534,1535],{},"Scopes invalides ou permissions insuffisantes",[1199,1537,1538,1543,1546],{},[1218,1539,1540],{},[99,1541,1542],{},"400",[1218,1544,1545],{},"Requête incorrecte",[1218,1547,1548],{},"Requête d'autorisation malformée",[91,1550,1552,1558],{"className":1551},[120,121,122],[124,1553,1555],{"id":1554},"impact-sur-lécosystème-mcp",[99,1556,1557],{},"Impact sur l'Écosystème MCP",[68,1559,1560],{},[71,1561,1562],{"href":134},[99,1563,137],{},[91,1565,1567,1573,1578,1587,1600,1607,1613,1650,1655,1682,1688],{"className":1566},[94],[68,1568,1569,1570,1572],{},"Cette approche révolutionnaire simplifie considérablement l'intégration des serveurs d'autorisation, permettant de se connecter directement aux fournisseurs comme ",[99,1571,590],{}," et autres sans avoir à développer un serveur d'autorisation from scratch.",[68,1574,1575],{},[99,1576,1577],{},"Moins de code boilerplate. Plus de développement. MCP devient plus adapté aux entreprises.",[68,1579,1580,1581,1583,1584],{},"Comme l'a annoncé ",[99,1582,105],{}," : ",[255,1585,1586],{},"\"Big thank you to everyone who spent their valuable time providing input, reviewing the PR and waiting patiently while this change was discussed over the past 4 weeks. It was a massive community effort.\"",[68,1588,1589,1590,1596,1597,189],{},"Cette nouvelle spécification est maintenant disponible dans le ",[99,1591,1592],{},[71,1593,1595],{"href":241,"rel":1594},[88],"draft officiel MCP - Section Authorization"," et incluse dans la spécification du ",[99,1598,1599],{},"18 juin 2025",[1601,1602,1604],"h3",{"id":1603},"exigences-de-la-spécification-mcp",[99,1605,1606],{},"Exigences de la Spécification MCP",[68,1608,1609,1610,1612],{},"Selon la spécification officielle, les serveurs MCP agissant comme serveurs de ressources ",[99,1611,247],{}," :",[1614,1615,1616,1625,1634,1642],"ol",{},[152,1617,1618,718,1621,665],{},[99,1619,1620],{},"Implémenter OAuth 2.0 Protected Resource Metadata",[71,1622,1624],{"href":219,"rel":1623},[88],"RFC9728",[152,1626,1627,253,1632],{},[99,1628,1629,1630],{},"Utiliser l'en-tête ",[250,1631,252],{},[255,1633,257],{},[152,1635,1636],{},[99,1637,1638,1639],{},"Supporter l'endpoint ",[250,1640,1641],{},"/.well-known/oauth-protected-resource",[152,1643,1644,1649],{},[99,1645,1646,1647],{},"Inclure le champ ",[250,1648,897],{}," avec au moins un serveur d'autorisation",[68,1651,1652,1653,1612],{},"Les clients MCP ",[99,1654,247],{},[1614,1656,1657,1665,1674],{},[152,1658,1659,1664],{},[99,1660,1661,1662],{},"Parser les en-têtes ",[250,1663,252],{}," et répondre aux réponses HTTP 401",[152,1666,1667,718,1670,665],{},[99,1668,1669],{},"Suivre le protocole OAuth 2.0 Authorization Server Metadata",[71,1671,1673],{"href":158,"rel":1672},[88],"RFC8414",[152,1675,1676,1681],{},[99,1677,1678,1679],{},"Inclure l'en-tête ",[250,1680,1133],{}," dans les requêtes",[1601,1683,1685],{"id":1684},"mises-à-jour-des-sdks-en-cours",[99,1686,1687],{},"Mises à jour des SDKs en cours :",[149,1689,1690,1700,1710],{},[152,1691,1692,1699],{},[99,1693,1694],{},[71,1695,1698],{"href":1696,"rel":1697},"https://github.com/modelcontextprotocol/python-sdk/pull/686",[88],"Python SDK"," - Support pour la nouvelle spécification d'autorisation",[152,1701,1702,1709],{},[99,1703,1704],{},[71,1705,1708],{"href":1706,"rel":1707},"https://github.com/modelcontextprotocol/csharp-sdk/pull/377",[88],"C# SDK"," - Intégration ASP.NET Core native AuthN/AuthZ",[152,1711,1712,1719,1720],{},[99,1713,1714],{},[71,1715,1718],{"href":1716,"rel":1717},"https://github.com/gao-sun/mcp-auth",[88],"MCP Auth"," - Implémentation de référence par ",[99,1721,184],{},[270,1723,1727],{"className":1724,"code":1725,"language":1726,"meta":275,"style":275},"language-json shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","// Exemple de métadonnées de ressource protégée (RFC 9728)\n{\n \"authorization_servers\": [\n \"https://auth.company.com\"\n ],\n \"resource_metadata\": {\n \"resource\": \"https://mcp.company.com\",\n \"authorization_servers\": [\"https://auth.company.com\"],\n \"scopes_supported\": [\"mcp:read\", \"mcp:write\", \"mcp:admin\"],\n \"bearer_methods_supported\": [\"header\"],\n \"resource_documentation\": \"https://docs.company.com/mcp-api\"\n }\n}\n","json",[250,1728,1729,1734,1738,1752,1761,1766,1779,1799,1820,1856,1876,1892,1896],{"__ignoreMap":275},[279,1730,1731],{"class":281,"line":282},[279,1732,1733],{"class":614},"// Exemple de métadonnées de ressource protégée (RFC 9728)\n",[279,1735,1736],{"class":281,"line":288},[279,1737,735],{"class":628},[279,1739,1740,1743,1745,1747,1749],{"class":281,"line":294},[279,1741,1742],{"class":628}," \"",[279,1744,897],{"class":620},[279,1746,900],{"class":628},[279,1748,648],{"class":628},[279,1750,1751],{"class":628}," [\n",[279,1753,1754,1757,1759],{"class":281,"line":300},[279,1755,1756],{"class":628}," \"",[279,1758,910],{"class":802},[279,1760,1006],{"class":628},[279,1762,1763],{"class":281,"line":306},[279,1764,1765],{"class":628}," ],\n",[279,1767,1768,1770,1773,1775,1777],{"class":281,"line":313},[279,1769,1742],{"class":628},[279,1771,1772],{"class":620},"resource_metadata",[279,1774,900],{"class":628},[279,1776,648],{"class":628},[279,1778,629],{"class":628},[279,1780,1781,1783,1786,1788,1790,1792,1795,1797],{"class":281,"line":319},[279,1782,1756],{"class":628},[279,1784,1785],{"class":624},"resource",[279,1787,900],{"class":628},[279,1789,648],{"class":628},[279,1791,943],{"class":628},[279,1793,1794],{"class":802},"https://mcp.company.com",[279,1796,900],{"class":628},[279,1798,809],{"class":628},[279,1800,1801,1803,1805,1807,1809,1811,1813,1815,1817],{"class":281,"line":325},[279,1802,1756],{"class":628},[279,1804,897],{"class":624},[279,1806,900],{"class":628},[279,1808,648],{"class":628},[279,1810,905],{"class":628},[279,1812,900],{"class":628},[279,1814,910],{"class":802},[279,1816,900],{"class":628},[279,1818,1819],{"class":628},"],\n",[279,1821,1822,1824,1826,1828,1830,1832,1834,1836,1838,1840,1842,1844,1846,1848,1850,1852,1854],{"class":281,"line":331},[279,1823,1756],{"class":628},[279,1825,925],{"class":624},[279,1827,900],{"class":628},[279,1829,648],{"class":628},[279,1831,905],{"class":628},[279,1833,900],{"class":628},[279,1835,936],{"class":802},[279,1837,900],{"class":628},[279,1839,654],{"class":628},[279,1841,943],{"class":628},[279,1843,946],{"class":802},[279,1845,900],{"class":628},[279,1847,654],{"class":628},[279,1849,943],{"class":628},[279,1851,955],{"class":802},[279,1853,900],{"class":628},[279,1855,1819],{"class":628},[279,1857,1858,1860,1862,1864,1866,1868,1870,1872,1874],{"class":281,"line":336},[279,1859,1756],{"class":628},[279,1861,969],{"class":624},[279,1863,900],{"class":628},[279,1865,648],{"class":628},[279,1867,905],{"class":628},[279,1869,900],{"class":628},[279,1871,980],{"class":802},[279,1873,900],{"class":628},[279,1875,1819],{"class":628},[279,1877,1878,1880,1882,1884,1886,1888,1890],{"class":281,"line":342},[279,1879,1756],{"class":628},[279,1881,994],{"class":624},[279,1883,900],{"class":628},[279,1885,648],{"class":628},[279,1887,943],{"class":628},[279,1889,1003],{"class":802},[279,1891,1006],{"class":628},[279,1893,1894],{"class":281,"line":348},[279,1895,861],{"class":628},[279,1897,1898],{"class":281,"line":354},[279,1899,1170],{"class":628},[270,1901,1905],{"className":1902,"code":1903,"language":1904,"meta":275,"style":275},"language-http shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","// En-tête WWW-Authenticate pour découverte (RFC 9728)\nHTTP/1.1 401 Unauthorized\nWWW-Authenticate: Bearer realm=\"MCP Server\",\n resource_metadata=\"https://mcp.company.com/.well-known/oauth-protected-resource\"\nMCP-Protocol-Version: 2024-11-05\n","http",[250,1906,1907,1912,1917,1922,1927],{"__ignoreMap":275},[279,1908,1909],{"class":281,"line":282},[279,1910,1911],{},"// En-tête WWW-Authenticate pour découverte (RFC 9728)\n",[279,1913,1914],{"class":281,"line":288},[279,1915,1916],{},"HTTP/1.1 401 Unauthorized\n",[279,1918,1919],{"class":281,"line":294},[279,1920,1921],{},"WWW-Authenticate: Bearer realm=\"MCP Server\",\n",[279,1923,1924],{"class":281,"line":300},[279,1925,1926],{}," resource_metadata=\"https://mcp.company.com/.well-known/oauth-protected-resource\"\n",[279,1928,1929],{"class":281,"line":306},[279,1930,1931],{},"MCP-Protocol-Version: 2024-11-05\n",[1601,1933,1935],{"id":1934},"flux-de-découverte-officiel-mcp",[99,1936,1937],{},"Flux de Découverte Officiel MCP",[68,1939,236,1940,1946],{},[99,1941,1942],{},[71,1943,1945],{"href":241,"rel":1944},[88],"spécification MCP 2.3.4",", le processus de découverte suit ce flux précis :",[1614,1948,1949,1955,1967,1976,1984,1989,1996,2002],{},[152,1950,1951,1954],{},[99,1952,1953],{},"Client MCP"," fait une requête sans token",[152,1956,1957,1960,1961,1964,1965],{},[99,1958,1959],{},"Serveur MCP"," répond avec ",[250,1962,1963],{},"HTTP 401"," et en-tête ",[250,1966,252],{},[152,1968,1969,1972,1973,1975],{},[99,1970,1971],{},"Client"," extrait l'URL ",[250,1974,1772],{}," de l'en-tête",[152,1977,1978,1980,1981,1983],{},[99,1979,1971],{}," récupère ",[250,1982,1641],{}," du serveur MCP",[152,1985,1986,1988],{},[99,1987,1971],{}," utilise ces métadonnées pour construire l'URL du serveur d'autorisation",[152,1990,1991,1980,1993],{},[99,1992,1971],{},[250,1994,1995],{},"/.well-known/oauth-authorization-server",[152,1997,1998,2001],{},[99,1999,2000],{},"Flux OAuth 2.1"," standard se déroule",[152,2003,2004,2007],{},[99,2005,2006],{},"Communication MCP"," reprend avec le token valide",[68,2009,2010,2011,2013,2014,2016],{},"Cette approche, validée par ",[99,2012,184],{}," avec des tests sur ",[99,2015,188],{},", est maintenant la méthode recommandée dans l'écosystème MCP.",[91,2018,2020,2026],{"className":2019},[120,121,122],[124,2021,2023],{"id":2022},"conclusion",[99,2024,2025],{},"Conclusion",[68,2027,2028],{},[71,2029,2030],{"href":134},[99,2031,137],{},[91,2033,2035,2047,2052,2079,2085,2123,2129,2136,2150],{"className":2034},[94],[68,2036,2037,2038,2040,2041,2043,2044,2046],{},"L'adoption de l'approche ",[99,2039,213],{}," pour les serveurs MCP marque un tournant décisif dans l'évolution de l'écosystème MCP vers une architecture plus mature et adaptée aux entreprises. Cette nouvelle spécification, fruit d'un effort communautaire de 4 semaines dirigé par ",[99,2042,105],{}," et validé par ",[99,2045,184],{},", transforme radicalement la façon dont nous concevons l'authentification et l'autorisation dans MCP.",[68,2048,2049],{},[99,2050,2051],{},"Pourquoi agir maintenant ?",[149,2053,2054,2061,2067,2073],{},[152,2055,2056,2057,2060],{},"✅ ",[99,2058,2059],{},"Spécification officialisée"," dans MCP 2.3.4 (18 juin 2025)",[152,2062,2056,2063,2066],{},[99,2064,2065],{},"SDKs en cours de mise à jour"," (Python, C#, JavaScript)",[152,2068,2056,2069,2072],{},[99,2070,2071],{},"Implémentations de référence disponibles"," (MCP Auth par gao-sun)",[152,2074,2056,2075,2078],{},[99,2076,2077],{},"Support confirmé"," pour Okta, Auth0, Microsoft Entra ID, Keycloak",[1601,2080,2082],{"id":2081},"prochaines-étapes-recommandées",[99,2083,2084],{},"🚀 Prochaines Étapes Recommandées",[1614,2086,2087,2098,2108,2114],{},[152,2088,2089,1583,2092,2095,2096],{},[99,2090,2091],{},"Explorez l'implémentation de référence",[71,2093,1718],{"href":1716,"rel":2094},[88]," par ",[99,2097,184],{},[152,2099,2100,1583,2103],{},[99,2101,2102],{},"Consultez la spécification officielle",[71,2104,2107],{"href":2105,"rel":2106},"https://github.com/modelcontextprotocol/modelcontextprotocol/blob/main/docs/specification/draft/basic/authorization.mdx",[88],"MCP Authorization Draft",[152,2109,2110,2113],{},[99,2111,2112],{},"Testez avec votre fournisseur d'identité"," existant (Okta, Auth0, etc.)",[152,2115,2116,1583,2119],{},[99,2117,2118],{},"Rejoignez la discussion communautaire",[71,2120,2122],{"href":109,"rel":2121},[88],"GitHub Discussions",[1601,2124,2126],{"id":2125},"besoin-daide-pour-implémenter-mcp-dans-votre-organisation",[99,2127,2128],{},"💡 Besoin d'Aide pour Implémenter MCP dans Votre Organisation ?",[68,2130,2131,2132,2135],{},"En tant qu'",[99,2133,2134],{},"architecte spécialisé en MCP et OAuth",", je peux vous accompagner dans :",[149,2137,2138,2141,2144,2147],{},[152,2139,2140],{},"Migration vers l'architecture serveur de ressources OAuth",[152,2142,2143],{},"Intégration avec vos systèmes d'identité existants",[152,2145,2146],{},"Formation de vos équipes sur les meilleures pratiques MCP",[152,2148,2149],{},"Audit de sécurité et architecture review",[68,2151,2152],{},[99,2153,2154],{},[71,2155,2157],{"href":2156},"/contact","Contactez-moi pour discuter de votre projet MCP →",[91,2159,2165],{"className":2160},[2161,2162,2163,2164],"text-md","text-center","mt-10","font-bold",[68,2166,2167],{},[71,2168,2169],{"href":134},[99,2170,137],{},[2172,2173,2174],"style",{},"html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html pre.shiki code .sHwdD, html code.shiki .sHwdD{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#546E7A;--shiki-default-font-style:italic;--shiki-dark:#676E95;--shiki-dark-font-style:italic}html pre.shiki code .spNyl, html code.shiki .spNyl{--shiki-light:#9C3EDA;--shiki-default:#C792EA;--shiki-dark:#C792EA}html pre.shiki code .sBMFI, html code.shiki .sBMFI{--shiki-light:#E2931D;--shiki-default:#FFCB6B;--shiki-dark:#FFCB6B}html pre.shiki code .sMK4o, html code.shiki .sMK4o{--shiki-light:#39ADB5;--shiki-default:#89DDFF;--shiki-dark:#89DDFF}html pre.shiki code .swJcz, html code.shiki .swJcz{--shiki-light:#E53935;--shiki-default:#F07178;--shiki-dark:#F07178}html pre.shiki code .sHdIc, html code.shiki .sHdIc{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#EEFFFF;--shiki-default-font-style:italic;--shiki-dark:#BABED8;--shiki-dark-font-style:italic}html pre.shiki code .sTEyZ, html code.shiki .sTEyZ{--shiki-light:#90A4AE;--shiki-default:#EEFFFF;--shiki-dark:#BABED8}html pre.shiki code .s7zQu, html code.shiki .s7zQu{--shiki-light:#39ADB5;--shiki-light-font-style:italic;--shiki-default:#89DDFF;--shiki-default-font-style:italic;--shiki-dark:#89DDFF;--shiki-dark-font-style:italic}html pre.shiki code .s2Zo4, html code.shiki .s2Zo4{--shiki-light:#6182B8;--shiki-default:#82AAFF;--shiki-dark:#82AAFF}html pre.shiki code .sfazB, html code.shiki .sfazB{--shiki-light:#91B859;--shiki-default:#C3E88D;--shiki-dark:#C3E88D}html pre.shiki code .sbssI, html code.shiki .sbssI{--shiki-light:#F76D47;--shiki-default:#F78C6C;--shiki-dark:#F78C6C}",{"title":275,"searchDepth":288,"depth":288,"links":2176},[2177,2178,2179,2180,2181,2182,2183,2184,2189],{"id":126,"depth":288,"text":129},{"id":195,"depth":288,"text":198},{"id":425,"depth":288,"text":428},{"id":554,"depth":288,"text":557},{"id":1176,"depth":288,"text":1179},{"id":1271,"depth":288,"text":1274},{"id":1430,"depth":288,"text":1433},{"id":1554,"depth":288,"text":1557,"children":2185},[2186,2187,2188],{"id":1603,"depth":294,"text":1606},{"id":1684,"depth":294,"text":1687},{"id":1934,"depth":294,"text":1937},{"id":2022,"depth":288,"text":2025,"children":2190},[2191,2192],{"id":2081,"depth":294,"text":2084},{"id":2125,"depth":294,"text":2128},"2025-06-27","Traiter le serveur MCP comme un serveur de ressources OAuth plutôt qu'un serveur d'autorisation permet une architecture plus simple, sans état et adaptée aux entreprises.","md",{"src":2197},"/blog/mcp/mcp-cover.png",{},{"title":15,"description":2194},"Fw37KPtU629WGmkjjPlU_Be2Pl4UELIht35YqKmB8iM",[2202,4137],{"id":2203,"title":27,"authors":2204,"badge":2209,"body":2212,"date":4131,"description":4132,"extension":2195,"image":4133,"meta":4134,"navigation":309,"path":28,"seo":4135,"stem":29,"__hash__":4136},"posts_fr/fr/blog/5. mcp-tiny-agents-on-premises.md",[2205],{"name":55,"description":2206,"to":57,"avatar":2207},"Freelance, Serveurs MCP, Développeur Full-Stack, Architecture",{"src":2208},"https://media.licdn.com/dms/image/v2/D4D03AQEGvIVcrTTS2g/profile-displayphoto-shrink_800_800/B4DZbtSf7LIEAc-/0/1747737772225?e=1753315200&v=beta&t=EOviZQkM396PoGctVjDCdlG8U3vN5UKWiIeNQ8IFUgQ",{"label":2210,"color":2211,"variant":63},"MCP, On-Premises","error",{"type":65,"value":2213,"toc":4114},[2214,2218,2221,2542,2548,2551,2564,2611,2624,3327,3957,4091,4111],[124,2215,2217],{"id":2216},"vue-densemble-de-larchitecture","Vue d'Ensemble de l'Architecture",[68,2219,2220],{},"La beauté des Agents MCP Tiny réside dans leur simplicité architecturale. Qu'ils soient déployés dans le cloud ou on-premises, les composants principaux restent les mêmes : un agent léger, un client MCP et des outils connectés. Voici comment l'architecture complète on-premises se compare aux alternatives cloud :",[270,2222,2224],{"className":272,"code":2223,"language":274,"meta":275,"style":275},"graph TB\n subgraph \"Infrastructure On-Premises\"\n subgraph \"Stack IA Local\"\n Agent[\"Agent Tiny\u003Cbr/>(~50 lignes)\"]\n LocalLLM[\"LLM Local\u003Cbr/>Ollama/LM Studio\u003Cbr/>Qwen2.5-32B\"]\n MCPClient[\"Client MCP\u003Cbr/>Gestionnaire d'Outils\"]\n end\n \n subgraph \"Serveurs MCP Locaux\"\n FileServer[\"Système de Fichiers\u003Cbr/>Serveur MCP\"]\n WebServer[\"Playwright\u003Cbr/>Serveur MCP\"]\n BusinessAPI[\"API Métier\u003Cbr/>Serveur MCP\"]\n DatabaseServer[\"Base de Données\u003Cbr/>Serveur MCP\"]\n end\n \n subgraph \"Couche Matérielle\"\n GPU[\"GPU/CPU\u003Cbr/>16-140GB VRAM\"]\n Storage[\"Stockage Modèles\u003Cbr/>GGUF/Safetensors\"]\n end\n end\n \n subgraph \"Alternative Cloud (Article HF)\"\n CloudAgent[\"Agent Tiny\u003Cbr/>(Même Code)\"]\n CloudAPI[\"Nebius/Cohere\u003Cbr/>Qwen2.5-72B\"]\n CloudMCP[\"Client MCP Cloud\"]\n end\n \n subgraph \"Architecture Hybride\"\n Router[\"Routeur Intelligent\u003Cbr/>Classification des Données\"]\n LocalPath[\"Données Sensibles → Local\"]\n CloudPath[\"Tâches Complexes → Cloud\"]\n end\n \n Agent -->|\"Requêtes d'Outils\"| MCPClient\n MCPClient -->|\"Appels de Fonctions\"| LocalLLM\n LocalLLM -->|\"Inférence\"| GPU\n GPU -->|\"Chargement Modèles\"| Storage\n \n MCPClient -->|\"Exécution d'Outils\"| FileServer\n MCPClient -->|\"Navigation Web\"| WebServer\n MCPClient -->|\"Logique Métier\"| BusinessAPI\n MCPClient -->|\"Requêtes de Données\"| DatabaseServer\n \n CloudAgent -->|\"Appels API\"| CloudMCP\n CloudMCP -->|\"Inférence\"| CloudAPI\n \n Router -->|\"Décision de Route\"| LocalPath\n Router -->|\"Décision de Route\"| CloudPath\n LocalPath -->|\"Exécuter en Local\"| Agent\n CloudPath -->|\"Exécuter dans le Cloud\"| CloudAgent\n \n Agent -.->|\"Boucle While\u003Cbr/>Jusqu'à Completion\"| Agent\n \n classDef localInfra stroke:#0277bd,stroke-width:2px\n classDef cloudInfra stroke:#f57c00,stroke-width:2px\n classDef hybridInfra stroke:#7b1fa2,stroke-width:2px\n classDef hardware stroke:#388e3c,stroke-width:2px\n \n class Agent,LocalLLM,MCPClient,FileServer,WebServer,BusinessAPI,DatabaseServer localInfra\n class CloudAgent,CloudAPI,CloudMCP cloudInfra\n class Router,LocalPath,CloudPath hybridInfra\n class GPU,Storage hardware\n",[250,2225,2226,2231,2236,2241,2246,2251,2256,2261,2266,2271,2276,2281,2286,2291,2295,2299,2304,2309,2314,2318,2322,2326,2331,2336,2341,2346,2350,2354,2359,2364,2369,2374,2378,2382,2387,2392,2397,2402,2406,2411,2416,2421,2427,2432,2438,2444,2449,2455,2461,2467,2473,2478,2484,2489,2495,2501,2507,2513,2518,2524,2530,2536],{"__ignoreMap":275},[279,2227,2228],{"class":281,"line":282},[279,2229,2230],{},"graph TB\n",[279,2232,2233],{"class":281,"line":288},[279,2234,2235],{}," subgraph \"Infrastructure On-Premises\"\n",[279,2237,2238],{"class":281,"line":294},[279,2239,2240],{}," subgraph \"Stack IA Local\"\n",[279,2242,2243],{"class":281,"line":300},[279,2244,2245],{}," Agent[\"Agent Tiny\u003Cbr/>(~50 lignes)\"]\n",[279,2247,2248],{"class":281,"line":306},[279,2249,2250],{}," LocalLLM[\"LLM Local\u003Cbr/>Ollama/LM Studio\u003Cbr/>Qwen2.5-32B\"]\n",[279,2252,2253],{"class":281,"line":313},[279,2254,2255],{}," MCPClient[\"Client MCP\u003Cbr/>Gestionnaire d'Outils\"]\n",[279,2257,2258],{"class":281,"line":319},[279,2259,2260],{}," end\n",[279,2262,2263],{"class":281,"line":325},[279,2264,2265],{}," \n",[279,2267,2268],{"class":281,"line":331},[279,2269,2270],{}," subgraph \"Serveurs MCP Locaux\"\n",[279,2272,2273],{"class":281,"line":336},[279,2274,2275],{}," FileServer[\"Système de Fichiers\u003Cbr/>Serveur MCP\"]\n",[279,2277,2278],{"class":281,"line":342},[279,2279,2280],{}," WebServer[\"Playwright\u003Cbr/>Serveur MCP\"]\n",[279,2282,2283],{"class":281,"line":348},[279,2284,2285],{}," BusinessAPI[\"API Métier\u003Cbr/>Serveur MCP\"]\n",[279,2287,2288],{"class":281,"line":354},[279,2289,2290],{}," DatabaseServer[\"Base de Données\u003Cbr/>Serveur MCP\"]\n",[279,2292,2293],{"class":281,"line":359},[279,2294,2260],{},[279,2296,2297],{"class":281,"line":365},[279,2298,2265],{},[279,2300,2301],{"class":281,"line":371},[279,2302,2303],{}," subgraph \"Couche Matérielle\"\n",[279,2305,2306],{"class":281,"line":376},[279,2307,2308],{}," GPU[\"GPU/CPU\u003Cbr/>16-140GB VRAM\"]\n",[279,2310,2311],{"class":281,"line":382},[279,2312,2313],{}," Storage[\"Stockage Modèles\u003Cbr/>GGUF/Safetensors\"]\n",[279,2315,2316],{"class":281,"line":387},[279,2317,2260],{},[279,2319,2320],{"class":281,"line":393},[279,2321,1372],{},[279,2323,2324],{"class":281,"line":399},[279,2325,710],{},[279,2327,2328],{"class":281,"line":404},[279,2329,2330],{}," subgraph \"Alternative Cloud (Article HF)\"\n",[279,2332,2333],{"class":281,"line":410},[279,2334,2335],{}," CloudAgent[\"Agent Tiny\u003Cbr/>(Même Code)\"]\n",[279,2337,2338],{"class":281,"line":416},[279,2339,2340],{}," CloudAPI[\"Nebius/Cohere\u003Cbr/>Qwen2.5-72B\"]\n",[279,2342,2343],{"class":281,"line":891},[279,2344,2345],{}," CloudMCP[\"Client MCP Cloud\"]\n",[279,2347,2348],{"class":281,"line":920},[279,2349,1372],{},[279,2351,2352],{"class":281,"line":964},[279,2353,710],{},[279,2355,2356],{"class":281,"line":989},[279,2357,2358],{}," subgraph \"Architecture Hybride\"\n",[279,2360,2361],{"class":281,"line":1009},[279,2362,2363],{}," Router[\"Routeur Intelligent\u003Cbr/>Classification des Données\"]\n",[279,2365,2366],{"class":281,"line":1015},[279,2367,2368],{}," LocalPath[\"Données Sensibles → Local\"]\n",[279,2370,2371],{"class":281,"line":1020},[279,2372,2373],{}," CloudPath[\"Tâches Complexes → Cloud\"]\n",[279,2375,2376],{"class":281,"line":1025},[279,2377,1372],{},[279,2379,2380],{"class":281,"line":1031},[279,2381,710],{},[279,2383,2384],{"class":281,"line":1053},[279,2385,2386],{}," Agent -->|\"Requêtes d'Outils\"| MCPClient\n",[279,2388,2389],{"class":281,"line":1072},[279,2390,2391],{}," MCPClient -->|\"Appels de Fonctions\"| LocalLLM\n",[279,2393,2394],{"class":281,"line":1099},[279,2395,2396],{}," LocalLLM -->|\"Inférence\"| GPU\n",[279,2398,2399],{"class":281,"line":1109},[279,2400,2401],{}," GPU -->|\"Chargement Modèles\"| Storage\n",[279,2403,2404],{"class":281,"line":1116},[279,2405,710],{},[279,2407,2408],{"class":281,"line":1152},[279,2409,2410],{}," MCPClient -->|\"Exécution d'Outils\"| FileServer\n",[279,2412,2413],{"class":281,"line":1162},[279,2414,2415],{}," MCPClient -->|\"Navigation Web\"| WebServer\n",[279,2417,2418],{"class":281,"line":1167},[279,2419,2420],{}," MCPClient -->|\"Logique Métier\"| BusinessAPI\n",[279,2422,2424],{"class":281,"line":2423},42,[279,2425,2426],{}," MCPClient -->|\"Requêtes de Données\"| DatabaseServer\n",[279,2428,2430],{"class":281,"line":2429},43,[279,2431,710],{},[279,2433,2435],{"class":281,"line":2434},44,[279,2436,2437],{}," CloudAgent -->|\"Appels API\"| CloudMCP\n",[279,2439,2441],{"class":281,"line":2440},45,[279,2442,2443],{}," CloudMCP -->|\"Inférence\"| CloudAPI\n",[279,2445,2447],{"class":281,"line":2446},46,[279,2448,710],{},[279,2450,2452],{"class":281,"line":2451},47,[279,2453,2454],{}," Router -->|\"Décision de Route\"| LocalPath\n",[279,2456,2458],{"class":281,"line":2457},48,[279,2459,2460],{}," Router -->|\"Décision de Route\"| CloudPath\n",[279,2462,2464],{"class":281,"line":2463},49,[279,2465,2466],{}," LocalPath -->|\"Exécuter en Local\"| Agent\n",[279,2468,2470],{"class":281,"line":2469},50,[279,2471,2472],{}," CloudPath -->|\"Exécuter dans le Cloud\"| CloudAgent\n",[279,2474,2476],{"class":281,"line":2475},51,[279,2477,710],{},[279,2479,2481],{"class":281,"line":2480},52,[279,2482,2483],{}," Agent -.->|\"Boucle While\u003Cbr/>Jusqu'à Completion\"| Agent\n",[279,2485,2487],{"class":281,"line":2486},53,[279,2488,710],{},[279,2490,2492],{"class":281,"line":2491},54,[279,2493,2494],{}," classDef localInfra stroke:#0277bd,stroke-width:2px\n",[279,2496,2498],{"class":281,"line":2497},55,[279,2499,2500],{}," classDef cloudInfra stroke:#f57c00,stroke-width:2px\n",[279,2502,2504],{"class":281,"line":2503},56,[279,2505,2506],{}," classDef hybridInfra stroke:#7b1fa2,stroke-width:2px\n",[279,2508,2510],{"class":281,"line":2509},57,[279,2511,2512],{}," classDef hardware stroke:#388e3c,stroke-width:2px\n",[279,2514,2516],{"class":281,"line":2515},58,[279,2517,710],{},[279,2519,2521],{"class":281,"line":2520},59,[279,2522,2523],{}," class Agent,LocalLLM,MCPClient,FileServer,WebServer,BusinessAPI,DatabaseServer localInfra\n",[279,2525,2527],{"class":281,"line":2526},60,[279,2528,2529],{}," class CloudAgent,CloudAPI,CloudMCP cloudInfra\n",[279,2531,2533],{"class":281,"line":2532},61,[279,2534,2535],{}," class Router,LocalPath,CloudPath hybridInfra\n",[279,2537,2539],{"class":281,"line":2538},62,[279,2540,2541],{}," class GPU,Storage hardware\n",[68,2543,2544,2547],{},[99,2545,2546],{},"Idée Clé"," : Le même code d'agent fonctionne sur tous les modèles de déploiement. La puissance des APIs standardisées signifie que votre investissement dans les outils MCP et la logique d'agent reste portable, que vous choisissiez la commodité du cloud, le contrôle on-premises ou une approche hybride stratégique.",[2549,2550],"hr",{},[91,2552,2554,2558],{"className":2553},[120,121,122],[124,2555,2557],{"id":2556},"le-piège-de-la-commodité-cloud","Le Piège de la Commodité Cloud",[68,2559,2560],{},[71,2561,2562],{"href":134},[99,2563,137],{},[91,2565,2567,2573,2576,2608],{"className":2566},[94],[68,2568,2569,2570],{},"L'implémentation de Hugging Face illustre l'élégance des architectures IA modernes. Avec seulement quelques lignes de TypeScript, vous pouvez créer un agent qui se connecte à plusieurs serveurs MCP (système de fichiers, navigation web via Playwright) et exploite des modèles puissants comme Qwen/Qwen2.5-72B-Instruct. L'idée fondamentale est profonde : ",[99,2571,2572],{},"\"Une fois que vous avez un Client MCP, un Agent n'est littéralement qu'une boucle while au-dessus.\"",[68,2574,2575],{},"Mais cette commodité s'accompagne de dépendances :",[149,2577,2578,2584,2590,2596,2602],{},[152,2579,2580,2583],{},[99,2581,2582],{},"Confidentialité des Données"," : Chaque requête, chaque appel d'outil, chaque contexte métier transite par des APIs externes",[152,2585,2586,2589],{},[99,2587,2588],{},"Imprévisibilité des Coûts"," : La tarification basée sur les tokens peut s'envoler avec des interactions d'agents complexes",[152,2591,2592,2595],{},[99,2593,2594],{},"Contraintes de Latence"," : Les allers-retours réseau ajoutent du délai à chaque étape d'inférence",[152,2597,2598,2601],{},[99,2599,2600],{},"Dépendance au Fournisseur"," : Changer de fournisseur nécessite des modifications de code et une revalidation",[152,2603,2604,2607],{},[99,2605,2606],{},"Problèmes de Conformité"," : Les industries réglementées peuvent interdire l'envoi de données vers des services externes",[68,2609,2610],{},"La question devient : Pouvons-nous maintenir la simplicité des Tiny Agents tout en obtenant un contrôle complet on-premises ?",[91,2612,2614,2618],{"className":2613},[120,121,122],[124,2615,2617],{"id":2616},"anatomie-dun-tiny-agent-local","Anatomie d'un Tiny Agent Local",[68,2619,2620],{},[71,2621,2622],{"href":134},[99,2623,137],{},[91,2625,2627,2630,2636,2639,2671,2674,2680,2683,2689,2692,2718,2721,2784,2787,2793,2796,3124,3137],{"className":2626},[94],[68,2628,2629],{},"La réponse est oui, mais avec des compromis importants. Analysons ce qui change lors du passage du cloud à l'on-premises :",[1601,2631,2633],{"id":2632},"sélection-du-modèle-et-moteur-dinférence",[99,2634,2635],{},"Sélection du Modèle et Moteur d'Inférence",[68,2637,2638],{},"Au lieu d'appeler des APIs externes, nous avons besoin d'inférence locale. Les options se sont considérablement améliorées :",[149,2640,2641,2647,2653,2659,2665],{},[152,2642,2643,2646],{},[99,2644,2645],{},"Ollama"," : Déploiement le plus simple, supporte Qwen2.5, Llama 3.1 et d'autres modèles instruits",[152,2648,2649,2652],{},[99,2650,2651],{},"llama.cpp"," : Exécution directe de modèles avec inférence optimisée",[152,2654,2655,2658],{},[99,2656,2657],{},"LM Studio"," : Interface conviviale avec compatibilité API",[152,2660,2661,2664],{},[99,2662,2663],{},"vLLM"," : Service de niveau production avec endpoints compatibles OpenAI",[152,2666,2667,2670],{},[99,2668,2669],{},"LocalAI"," : Compatibilité complète avec l'API OpenAI pour les modèles locaux",[68,2672,2673],{},"L'idée clé de l'article HF s'applique ici : les LLMs modernes ont un support natif des appels de fonctions. Des modèles comme Qwen2.5-32B-Instruct, Llama 3.1-70B-Instruct, et même des variantes plus petites peuvent gérer efficacement l'utilisation d'outils.",[1601,2675,2677],{"id":2676},"larchitecture-du-serveur-mcp-reste-inchangée",[99,2678,2679],{},"L'Architecture du Serveur MCP Reste Inchangée",[68,2681,2682],{},"C'est ici que brille le protocole MCP. Vos serveurs MCP existants—qu'ils exposent des systèmes de fichiers, des bases de données ou des APIs métier personnalisées—continuent de fonctionner sans modification. L'abstraction du protocole signifie que vos outils restent portables entre les déploiements cloud et on-premises.",[1601,2684,2686],{"id":2685},"implémentation-modifiée-de-lagent",[99,2687,2688],{},"Implémentation Modifiée de l'Agent",[68,2690,2691],{},"La logique centrale de l'agent change à peine. Au lieu de :",[270,2693,2695],{"className":605,"code":2694,"language":607,"meta":275,"style":275},"const client = new InferenceClient(apiKey);\n",[250,2696,2697],{"__ignoreMap":275},[279,2698,2699,2702,2705,2708,2710,2713,2716],{"class":281,"line":282},[279,2700,2701],{"class":620},"const",[279,2703,2704],{"class":680}," client ",[279,2706,2707],{"class":628},"=",[279,2709,743],{"class":628},[279,2711,2712],{"class":694}," InferenceClient",[279,2714,2715],{"class":680},"(apiKey)",[279,2717,705],{"class":628},[68,2719,2720],{},"Vous vous connectez à votre endpoint local :",[270,2722,2724],{"className":605,"code":2723,"language":607,"meta":275,"style":275},"const client = new InferenceClient({\n baseUrl: \"http://localhost:1234/v1\", // LM Studio\n apiKey: \"not-needed-for-local\"\n});\n",[250,2725,2726,2742,2761,2775],{"__ignoreMap":275},[279,2727,2728,2730,2732,2734,2736,2738,2740],{"class":281,"line":282},[279,2729,2701],{"class":620},[279,2731,2704],{"class":680},[279,2733,2707],{"class":628},[279,2735,743],{"class":628},[279,2737,2712],{"class":694},[279,2739,641],{"class":680},[279,2741,735],{"class":628},[279,2743,2744,2747,2749,2751,2754,2756,2758],{"class":281,"line":288},[279,2745,2746],{"class":637}," baseUrl",[279,2748,648],{"class":628},[279,2750,943],{"class":628},[279,2752,2753],{"class":802},"http://localhost:1234/v1",[279,2755,900],{"class":628},[279,2757,654],{"class":628},[279,2759,2760],{"class":614}," // LM Studio\n",[279,2762,2763,2766,2768,2770,2773],{"class":281,"line":294},[279,2764,2765],{"class":637}," apiKey",[279,2767,648],{"class":628},[279,2769,943],{"class":628},[279,2771,2772],{"class":802},"not-needed-for-local",[279,2774,1006],{"class":628},[279,2776,2777,2780,2782],{"class":281,"line":300},[279,2778,2779],{"class":628},"}",[279,2781,665],{"class":680},[279,2783,705],{"class":628},[68,2785,2786],{},"La boucle while, l'appel d'outils et l'intégration MCP restent identiques. C'est la puissance des APIs standardisées—l'agent ne se soucie pas d'où se produit l'inférence.",[1601,2788,2790],{"id":2789},"la-boucle-while-en-action",[99,2791,2792],{},"La Boucle While en Action",[68,2794,2795],{},"Rappelez-vous l'idée centrale de l'article HF : \"un Agent n'est littéralement qu'une boucle while.\" Voici comment cela se déroule en pratique :",[270,2797,2799],{"className":272,"code":2798,"language":274,"meta":275,"style":275},"flowchart TD\n Start([\"Requête Utilisateur\u003Cbr/>Obtenir météo et sauvegarder\"])\n \n subgraph \"Boucle While du Tiny Agent (On-Premises)\"\n Initialize[\"Initialiser Agent\u003Cbr/>Charger LLM Local\u003Cbr/>Connecter Serveurs MCP\"]\n \n subgraph \"Boucle Principale\"\n ParseIntent[\"LLM Analyse Intention\u003Cbr/>Local Qwen2.5-32B\"]\n ToolDecision{\"Outils\u003Cbr/>Nécessaires?\"}\n \n subgraph \"Phase 1 d'Exécution\"\n CallTool[\"Appeler Outil MCP\u003Cbr/>get_weather(lat, lng)\"]\n ExecuteTool[\"Exécuter Outil\u003Cbr/>Récupérer Données Météo\"]\n ToolResult[\"Résultat\u003Cbr/>Température: 72°F\"]\n end\n \n FeedResult[\"Alimenter Résultat au LLM\u003Cbr/>Poursuivre Raisonnement\"]\n \n subgraph \"Phase 2 d'Exécution\"\n CallTool2[\"Appeler Autre Outil\u003Cbr/>write_file(weather.txt)\"]\n ExecuteTool2[\"Exécuter Écriture\u003Cbr/>Sauvegarder Données Météo\"]\n ToolResult2[\"Fichier Sauvegardé\u003Cbr/>Desktop/weather.txt\"]\n end\n \n Complete{\"Tâche Terminée?\"}\n Response[\"Générer Réponse\u003Cbr/>Météo sauvegardée avec succès\"]\n end\n end\n \n End([\"Tâche Accomplie\"])\n \n %% Connexions de flux\n Start --> Initialize\n Initialize --> ParseIntent\n ParseIntent --> ToolDecision\n \n ToolDecision -->|\"Oui - Besoin Météo\"| CallTool\n CallTool --> ExecuteTool\n ExecuteTool --> ToolResult\n ToolResult --> FeedResult\n \n FeedResult --> ToolDecision\n ToolDecision -->|\"Oui - Besoin Sauvegarde\"| CallTool2\n CallTool2 --> ExecuteTool2\n ExecuteTool2 --> ToolResult2\n ToolResult2 --> FeedResult\n \n ToolDecision -->|\"Plus d'Outils\"| Complete\n Complete -->|\"Oui\"| Response\n Complete -->|\"Non - Continuer\"| ParseIntent\n \n Response --> End\n \n %% Annotation idée clé\n LoopNote[\"Idée Centrale:\u003Cbr/>Agent = Boucle While\u003Cbr/>+ Client MCP\u003Cbr/>+ LLM Local\"]\n LoopNote -.-> ParseIntent\n \n %% Styles\n classDef agent stroke:#1976d2,stroke-width:2px\n classDef tool stroke:#388e3c,stroke-width:2px\n classDef decision stroke:#f57c00,stroke-width:2px\n classDef insight stroke:#c2185b,stroke-width:2px\n \n class Initialize,ParseIntent,FeedResult,Response agent\n class CallTool,ExecuteTool,ToolResult,CallTool2,ExecuteTool2,ToolResult2 tool\n class ToolDecision,Complete decision\n class LoopNote insight\n",[250,2800,2801,2806,2811,2815,2820,2825,2829,2834,2839,2844,2849,2854,2859,2864,2869,2874,2878,2883,2887,2892,2897,2902,2907,2911,2915,2920,2925,2929,2933,2937,2942,2946,2951,2956,2961,2966,2970,2975,2980,2985,2990,2994,2999,3004,3009,3014,3019,3023,3028,3033,3038,3042,3047,3051,3056,3061,3066,3070,3075,3080,3085,3090,3095,3100,3106,3112,3118],{"__ignoreMap":275},[279,2802,2803],{"class":281,"line":282},[279,2804,2805],{},"flowchart TD\n",[279,2807,2808],{"class":281,"line":288},[279,2809,2810],{}," Start([\"Requête Utilisateur\u003Cbr/>Obtenir météo et sauvegarder\"])\n",[279,2812,2813],{"class":281,"line":294},[279,2814,710],{},[279,2816,2817],{"class":281,"line":300},[279,2818,2819],{}," subgraph \"Boucle While du Tiny Agent (On-Premises)\"\n",[279,2821,2822],{"class":281,"line":306},[279,2823,2824],{}," Initialize[\"Initialiser Agent\u003Cbr/>Charger LLM Local\u003Cbr/>Connecter Serveurs MCP\"]\n",[279,2826,2827],{"class":281,"line":313},[279,2828,2265],{},[279,2830,2831],{"class":281,"line":319},[279,2832,2833],{}," subgraph \"Boucle Principale\"\n",[279,2835,2836],{"class":281,"line":325},[279,2837,2838],{}," ParseIntent[\"LLM Analyse Intention\u003Cbr/>Local Qwen2.5-32B\"]\n",[279,2840,2841],{"class":281,"line":331},[279,2842,2843],{}," ToolDecision{\"Outils\u003Cbr/>Nécessaires?\"}\n",[279,2845,2846],{"class":281,"line":336},[279,2847,2848],{}," \n",[279,2850,2851],{"class":281,"line":342},[279,2852,2853],{}," subgraph \"Phase 1 d'Exécution\"\n",[279,2855,2856],{"class":281,"line":348},[279,2857,2858],{}," CallTool[\"Appeler Outil MCP\u003Cbr/>get_weather(lat, lng)\"]\n",[279,2860,2861],{"class":281,"line":354},[279,2862,2863],{}," ExecuteTool[\"Exécuter Outil\u003Cbr/>Récupérer Données Météo\"]\n",[279,2865,2866],{"class":281,"line":359},[279,2867,2868],{}," ToolResult[\"Résultat\u003Cbr/>Température: 72°F\"]\n",[279,2870,2871],{"class":281,"line":365},[279,2872,2873],{}," end\n",[279,2875,2876],{"class":281,"line":371},[279,2877,2848],{},[279,2879,2880],{"class":281,"line":376},[279,2881,2882],{}," FeedResult[\"Alimenter Résultat au LLM\u003Cbr/>Poursuivre Raisonnement\"]\n",[279,2884,2885],{"class":281,"line":382},[279,2886,2848],{},[279,2888,2889],{"class":281,"line":387},[279,2890,2891],{}," subgraph \"Phase 2 d'Exécution\"\n",[279,2893,2894],{"class":281,"line":393},[279,2895,2896],{}," CallTool2[\"Appeler Autre Outil\u003Cbr/>write_file(weather.txt)\"]\n",[279,2898,2899],{"class":281,"line":399},[279,2900,2901],{}," ExecuteTool2[\"Exécuter Écriture\u003Cbr/>Sauvegarder Données Météo\"]\n",[279,2903,2904],{"class":281,"line":404},[279,2905,2906],{}," ToolResult2[\"Fichier Sauvegardé\u003Cbr/>Desktop/weather.txt\"]\n",[279,2908,2909],{"class":281,"line":410},[279,2910,2873],{},[279,2912,2913],{"class":281,"line":416},[279,2914,2848],{},[279,2916,2917],{"class":281,"line":891},[279,2918,2919],{}," Complete{\"Tâche Terminée?\"}\n",[279,2921,2922],{"class":281,"line":920},[279,2923,2924],{}," Response[\"Générer Réponse\u003Cbr/>Météo sauvegardée avec succès\"]\n",[279,2926,2927],{"class":281,"line":964},[279,2928,2260],{},[279,2930,2931],{"class":281,"line":989},[279,2932,1372],{},[279,2934,2935],{"class":281,"line":1009},[279,2936,710],{},[279,2938,2939],{"class":281,"line":1015},[279,2940,2941],{}," End([\"Tâche Accomplie\"])\n",[279,2943,2944],{"class":281,"line":1020},[279,2945,710],{},[279,2947,2948],{"class":281,"line":1025},[279,2949,2950],{}," %% Connexions de flux\n",[279,2952,2953],{"class":281,"line":1031},[279,2954,2955],{}," Start --> Initialize\n",[279,2957,2958],{"class":281,"line":1053},[279,2959,2960],{}," Initialize --> ParseIntent\n",[279,2962,2963],{"class":281,"line":1072},[279,2964,2965],{}," ParseIntent --> ToolDecision\n",[279,2967,2968],{"class":281,"line":1099},[279,2969,710],{},[279,2971,2972],{"class":281,"line":1109},[279,2973,2974],{}," ToolDecision -->|\"Oui - Besoin Météo\"| CallTool\n",[279,2976,2977],{"class":281,"line":1116},[279,2978,2979],{}," CallTool --> ExecuteTool\n",[279,2981,2982],{"class":281,"line":1152},[279,2983,2984],{}," ExecuteTool --> ToolResult\n",[279,2986,2987],{"class":281,"line":1162},[279,2988,2989],{}," ToolResult --> FeedResult\n",[279,2991,2992],{"class":281,"line":1167},[279,2993,710],{},[279,2995,2996],{"class":281,"line":2423},[279,2997,2998],{}," FeedResult --> ToolDecision\n",[279,3000,3001],{"class":281,"line":2429},[279,3002,3003],{}," ToolDecision -->|\"Oui - Besoin Sauvegarde\"| CallTool2\n",[279,3005,3006],{"class":281,"line":2434},[279,3007,3008],{}," CallTool2 --> ExecuteTool2\n",[279,3010,3011],{"class":281,"line":2440},[279,3012,3013],{}," ExecuteTool2 --> ToolResult2\n",[279,3015,3016],{"class":281,"line":2446},[279,3017,3018],{}," ToolResult2 --> FeedResult\n",[279,3020,3021],{"class":281,"line":2451},[279,3022,710],{},[279,3024,3025],{"class":281,"line":2457},[279,3026,3027],{}," ToolDecision -->|\"Plus d'Outils\"| Complete\n",[279,3029,3030],{"class":281,"line":2463},[279,3031,3032],{}," Complete -->|\"Oui\"| Response\n",[279,3034,3035],{"class":281,"line":2469},[279,3036,3037],{}," Complete -->|\"Non - Continuer\"| ParseIntent\n",[279,3039,3040],{"class":281,"line":2475},[279,3041,710],{},[279,3043,3044],{"class":281,"line":2480},[279,3045,3046],{}," Response --> End\n",[279,3048,3049],{"class":281,"line":2486},[279,3050,710],{},[279,3052,3053],{"class":281,"line":2491},[279,3054,3055],{}," %% Annotation idée clé\n",[279,3057,3058],{"class":281,"line":2497},[279,3059,3060],{}," LoopNote[\"Idée Centrale:\u003Cbr/>Agent = Boucle While\u003Cbr/>+ Client MCP\u003Cbr/>+ LLM Local\"]\n",[279,3062,3063],{"class":281,"line":2503},[279,3064,3065],{}," LoopNote -.-> ParseIntent\n",[279,3067,3068],{"class":281,"line":2509},[279,3069,710],{},[279,3071,3072],{"class":281,"line":2515},[279,3073,3074],{}," %% Styles\n",[279,3076,3077],{"class":281,"line":2520},[279,3078,3079],{}," classDef agent stroke:#1976d2,stroke-width:2px\n",[279,3081,3082],{"class":281,"line":2526},[279,3083,3084],{}," classDef tool stroke:#388e3c,stroke-width:2px\n",[279,3086,3087],{"class":281,"line":2532},[279,3088,3089],{}," classDef decision stroke:#f57c00,stroke-width:2px\n",[279,3091,3092],{"class":281,"line":2538},[279,3093,3094],{}," classDef insight stroke:#c2185b,stroke-width:2px\n",[279,3096,3098],{"class":281,"line":3097},63,[279,3099,710],{},[279,3101,3103],{"class":281,"line":3102},64,[279,3104,3105],{}," class Initialize,ParseIntent,FeedResult,Response agent\n",[279,3107,3109],{"class":281,"line":3108},65,[279,3110,3111],{}," class CallTool,ExecuteTool,ToolResult,CallTool2,ExecuteTool2,ToolResult2 tool\n",[279,3113,3115],{"class":281,"line":3114},66,[279,3116,3117],{}," class ToolDecision,Complete decision\n",[279,3119,3121],{"class":281,"line":3120},67,[279,3122,3123],{}," class LoopNote insight\n",[91,3125,3127,3131],{"className":3126},[120,121,122],[124,3128,3130],{"id":3129},"défis-dimplémentation","Défis d'Implémentation",[68,3132,3133],{},[71,3134,3135],{"href":134},[99,3136,137],{},[91,3138,3140,3143,3149,3152,3172,3178,3184,3187,3207,3213,3219,3222,3248,3253,3279,3285,3288,3314],{"className":3139},[94],[68,3141,3142],{},"Le passage à l'on-premises n'est pas sans défis. Voici les considérations clés :",[1601,3144,3146],{"id":3145},"exigences-matérielles",[99,3147,3148],{},"Exigences Matérielles",[68,3150,3151],{},"Contrairement aux fournisseurs cloud avec leurs clusters massifs de GPUs, vous êtes limité par le matériel local :",[149,3153,3154,3160,3166],{},[152,3155,3156,3159],{},[99,3157,3158],{},"Mémoire"," : Les modèles 70B nécessitent ~140GB VRAM pour une inférence confortable",[152,3161,3162,3165],{},[99,3163,3164],{},"Modèles Plus Petits"," : Les modèles 7B-13B peuvent fonctionner sur des GPUs grand public avec 16-24GB VRAM",[152,3167,3168,3171],{},[99,3169,3170],{},"Inférence CPU"," : Possible mais significativement plus lente, particulièrement pour l'utilisation complexe d'outils",[68,3173,3174,3177],{},[99,3175,3176],{},"Approche Pratique"," : Commencez avec des modèles quantifiés (format GGUF) qui peuvent fonctionner sur le matériel disponible. Un modèle 32B bien quantifié surpasse souvent un modèle 70B mal configuré.",[1601,3179,3181],{"id":3180},"compromis-de-performance",[99,3182,3183],{},"Compromis de Performance",[68,3185,3186],{},"L'inférence locale introduit une latence que les fournisseurs cloud ont optimisée :",[149,3188,3189,3195,3201],{},[152,3190,3191,3194],{},[99,3192,3193],{},"Latence du Premier Token"," : Les modèles locaux nécessitent un temps d'initialisation",[152,3196,3197,3200],{},[99,3198,3199],{},"Débit"," : Les configurations mono-GPU ne peuvent pas égaler l'inférence distribuée dans le cloud",[152,3202,3203,3206],{},[99,3204,3205],{},"Concurrence"," : Plusieurs sessions d'agents se disputent les mêmes ressources locales",[68,3208,3209,3212],{},[99,3210,3211],{},"Stratégie d'Atténuation"," : Gardez les modèles chargés en mémoire entre les requêtes, utilisez la mise en cache des modèles et envisagez d'exécuter plusieurs petits modèles plutôt qu'un grand.",[1601,3214,3216],{"id":3215},"critères-de-sélection-des-modèles",[99,3217,3218],{},"Critères de Sélection des Modèles",[68,3220,3221],{},"Tous les modèles ne sont pas égaux pour le déploiement on-premises :",[149,3223,3224,3230,3236,3242],{},[152,3225,3226,3229],{},[99,3227,3228],{},"Qualité des Appels de Fonction"," : Testez extensivement avec vos outils MCP spécifiques",[152,3231,3232,3235],{},[99,3233,3234],{},"Longueur de Contexte"," : Des contextes plus longs permettent des conversations d'agents plus sophistiquées",[152,3237,3238,3241],{},[99,3239,3240],{},"Tolérance à la Quantification"," : Certains modèles se dégradent significativement une fois quantifiés",[152,3243,3244,3247],{},[99,3245,3246],{},"Licences"," : Assurez-vous des droits d'utilisation commerciale pour les déploiements en entreprise",[68,3249,3250,1612],{},[99,3251,3252],{},"Modèles Recommandés pour l'On-Premises",[149,3254,3255,3261,3267,3273],{},[152,3256,3257,3260],{},[99,3258,3259],{},"Qwen2.5-32B-Instruct"," : Excellent pour les appels de fonction, exigences matérielles raisonnables",[152,3262,3263,3266],{},[99,3264,3265],{},"Llama 3.1-70B-Instruct"," : Si vous avez le matériel, performances exceptionnelles",[152,3268,3269,3272],{},[99,3270,3271],{},"Mistral-Small-3.1-24B"," : Optimisé spécifiquement pour les appels de fonction",[152,3274,3275,3278],{},[99,3276,3277],{},"Gemma 3 27B"," : Bon équilibre entre capacité et efficacité",[1601,3280,3282],{"id":3281},"complexité-dintégration",[99,3283,3284],{},"Complexité d'Intégration",[68,3286,3287],{},"Les fournisseurs cloud gèrent la compatibilité des APIs, mais les configurations locales nécessitent plus de configuration :",[149,3289,3290,3296,3302,3308],{},[152,3291,3292,3295],{},[99,3293,3294],{},"Passerelle API"," : Assurer des endpoints compatibles avec OpenAI",[152,3297,3298,3301],{},[99,3299,3300],{},"Équilibrage de Charge"," : Distribuer les requêtes entre plusieurs instances de modèles",[152,3303,3304,3307],{},[99,3305,3306],{},"Surveillance"," : Suivi des performances, utilisation des ressources et taux d'erreur",[152,3309,3310,3313],{},[99,3311,3312],{},"Mises à Jour"," : Gestion des mises à jour de modèles et contrôle de version",[91,3315,3317,3321],{"className":3316},[120,121,122],[124,3318,3320],{"id":3319},"cadre-de-décision-entreprise","Cadre de Décision Entreprise",[68,3322,3323],{},[71,3324,3325],{"href":134},[99,3326,137],{},[91,3328,3330,3333,3339,3342,3615,3621,3626,3637,3642,3653,3659,3665,3668,3694,3697,3717,3723,3726,3750,3763],{"className":3329},[94],[68,3331,3332],{},"La décision entre les agents MCP cloud et on-premises n'est pas purement technique—elle est stratégique. Comprendre les compromis est essentiel pour prendre des décisions architecturales éclairées.",[1601,3334,3336],{"id":3335},"comparaison-cloud-vs-on-premises",[99,3337,3338],{},"Comparaison Cloud vs On-Premises",[68,3340,3341],{},"Voici une comparaison complète pour guider votre choix :",[270,3343,3345],{"className":272,"code":3344,"language":274,"meta":275,"style":275},"graph TD\n subgraph Cloud [\"Agents MCP Cloud\"]\n CloudAdvantages[\"Avantages\u003Cbr/>• Modèles puissants (70B+)\u003Cbr/>• Calcul illimité\u003Cbr/>• Pas d'investissement matériel\u003Cbr/>• Mise à l'échelle instantanée\u003Cbr/>• Infrastructure gérée\"]\n \n CloudRisks[\"Préoccupations de Sécurité\u003Cbr/>• Données hors site\u003Cbr/>• Dépendance fournisseur\u003Cbr/>• Coûts imprévisibles\u003Cbr/>• Défis de conformité\u003Cbr/>• Dépendances API\"]\n \n CloudCosts[\"Modèle de Coûts\u003Cbr/>• Paiement par token\u003Cbr/>• 2 000-10 000€/mois\u003Cbr/>• Mise à l'échelle variable\u003Cbr/>• Pas d'investissement initial\"]\n end\n \n subgraph OnPrem [\"Agents MCP On-Premises\"]\n OnPremAdvantages[\"Bénéfices Sécurité\u003Cbr/>• Souveraineté totale des données\u003Cbr/>• Contrôle total des audits\u003Cbr/>• Conforme aux réglementations\u003Cbr/>• Sans dépendance fournisseur\u003Cbr/>• Fonctionnement hors ligne\"]\n \n OnPremChallenges[\"Défis d'Implémentation\u003Cbr/>• Investissement matériel requis\u003Cbr/>• Limites de performance modèles\u003Cbr/>• Complexité opérationnelle\u003Cbr/>• Contraintes d'échelle\u003Cbr/>• Mises à jour manuelles\"]\n \n OnPremCosts[\"Structure de Coûts\u003Cbr/>• 10 000-50 000€ initial\u003Cbr/>• Rentabilité 6-18 mois\u003Cbr/>• Coûts opérationnels fixes\u003Cbr/>• Mise à l'échelle prévisible\"]\n end\n \n subgraph Decision [\"Facteurs de Décision\"]\n DataSensitivity[\"Sensibilité des Données\u003Cbr/>Haute sensibilité → On-Premises\u003Cbr/>Faible sensibilité → Cloud\"]\n \n Compliance[\"Exigences de Conformité\u003Cbr/>Réglementation stricte → On-Premises\u003Cbr/>Conformité standard → Cloud\"]\n \n TechnicalCapacity[\"Ressources Techniques\u003Cbr/>Équipe IA/ML forte → On-Premises\u003Cbr/>Ressources limitées → Cloud\"]\n \n CostModel[\"Préférences de Coûts\u003Cbr/>Coûts prévisibles → On-Premises\u003Cbr/>Coûts variables → Cloud\"]\n end\n \n subgraph Hybrid [\"Architecture Hybride\"]\n HybridBenefits[\"Combinaison Stratégique\u003Cbr/>• Router données sensibles en local\u003Cbr/>• Utiliser cloud pour tâches complexes\u003Cbr/>• Optimiser coûts dynamiquement\u003Cbr/>• Distribuer risque opérationnel\"]\n end\n \n %% Flux de décision\n DataSensitivity --> OnPremAdvantages\n DataSensitivity --> CloudAdvantages\n \n Compliance --> OnPremAdvantages\n Compliance --> CloudAdvantages\n \n TechnicalCapacity --> OnPremChallenges\n TechnicalCapacity --> CloudRisks\n \n CostModel --> OnPremCosts\n CostModel --> CloudCosts\n \n %% Connexions hybrides\n OnPremAdvantages -.-> HybridBenefits\n CloudAdvantages -.-> HybridBenefits\n \n %% Styles\n classDef cloudStyle stroke:#1976d2,stroke-width:2px\n classDef onpremStyle stroke:#388e3c,stroke-width:2px\n classDef decisionStyle stroke:#f57c00,stroke-width:2px\n classDef hybridStyle stroke:#7b1fa2,stroke-width:2px\n \n class Cloud,CloudAdvantages,CloudRisks,CloudCosts cloudStyle\n class OnPrem,OnPremAdvantages,OnPremChallenges,OnPremCosts onpremStyle\n class Decision,DataSensitivity,Compliance,TechnicalCapacity,CostModel decisionStyle\n class Hybrid,HybridBenefits hybridStyle\n",[250,3346,3347,3352,3357,3362,3366,3371,3375,3380,3384,3388,3393,3398,3402,3407,3411,3416,3420,3424,3429,3434,3438,3443,3447,3452,3456,3461,3465,3469,3474,3479,3483,3487,3492,3497,3502,3506,3511,3516,3520,3525,3530,3534,3539,3544,3548,3553,3558,3563,3567,3571,3576,3581,3586,3591,3595,3600,3605,3610],{"__ignoreMap":275},[279,3348,3349],{"class":281,"line":282},[279,3350,3351],{},"graph TD\n",[279,3353,3354],{"class":281,"line":288},[279,3355,3356],{}," subgraph Cloud [\"Agents MCP Cloud\"]\n",[279,3358,3359],{"class":281,"line":294},[279,3360,3361],{}," CloudAdvantages[\"Avantages\u003Cbr/>• Modèles puissants (70B+)\u003Cbr/>• Calcul illimité\u003Cbr/>• Pas d'investissement matériel\u003Cbr/>• Mise à l'échelle instantanée\u003Cbr/>• Infrastructure gérée\"]\n",[279,3363,3364],{"class":281,"line":300},[279,3365,2265],{},[279,3367,3368],{"class":281,"line":306},[279,3369,3370],{}," CloudRisks[\"Préoccupations de Sécurité\u003Cbr/>• Données hors site\u003Cbr/>• Dépendance fournisseur\u003Cbr/>• Coûts imprévisibles\u003Cbr/>• Défis de conformité\u003Cbr/>• Dépendances API\"]\n",[279,3372,3373],{"class":281,"line":313},[279,3374,2265],{},[279,3376,3377],{"class":281,"line":319},[279,3378,3379],{}," CloudCosts[\"Modèle de Coûts\u003Cbr/>• Paiement par token\u003Cbr/>• 2 000-10 000€/mois\u003Cbr/>• Mise à l'échelle variable\u003Cbr/>• Pas d'investissement initial\"]\n",[279,3381,3382],{"class":281,"line":325},[279,3383,1372],{},[279,3385,3386],{"class":281,"line":331},[279,3387,710],{},[279,3389,3390],{"class":281,"line":336},[279,3391,3392],{}," subgraph OnPrem [\"Agents MCP On-Premises\"]\n",[279,3394,3395],{"class":281,"line":342},[279,3396,3397],{}," OnPremAdvantages[\"Bénéfices Sécurité\u003Cbr/>• Souveraineté totale des données\u003Cbr/>• Contrôle total des audits\u003Cbr/>• Conforme aux réglementations\u003Cbr/>• Sans dépendance fournisseur\u003Cbr/>• Fonctionnement hors ligne\"]\n",[279,3399,3400],{"class":281,"line":348},[279,3401,2265],{},[279,3403,3404],{"class":281,"line":354},[279,3405,3406],{}," OnPremChallenges[\"Défis d'Implémentation\u003Cbr/>• Investissement matériel requis\u003Cbr/>• Limites de performance modèles\u003Cbr/>• Complexité opérationnelle\u003Cbr/>• Contraintes d'échelle\u003Cbr/>• Mises à jour manuelles\"]\n",[279,3408,3409],{"class":281,"line":359},[279,3410,2265],{},[279,3412,3413],{"class":281,"line":365},[279,3414,3415],{}," OnPremCosts[\"Structure de Coûts\u003Cbr/>• 10 000-50 000€ initial\u003Cbr/>• Rentabilité 6-18 mois\u003Cbr/>• Coûts opérationnels fixes\u003Cbr/>• Mise à l'échelle prévisible\"]\n",[279,3417,3418],{"class":281,"line":371},[279,3419,1372],{},[279,3421,3422],{"class":281,"line":376},[279,3423,710],{},[279,3425,3426],{"class":281,"line":382},[279,3427,3428],{}," subgraph Decision [\"Facteurs de Décision\"]\n",[279,3430,3431],{"class":281,"line":387},[279,3432,3433],{}," DataSensitivity[\"Sensibilité des Données\u003Cbr/>Haute sensibilité → On-Premises\u003Cbr/>Faible sensibilité → Cloud\"]\n",[279,3435,3436],{"class":281,"line":393},[279,3437,2265],{},[279,3439,3440],{"class":281,"line":399},[279,3441,3442],{}," Compliance[\"Exigences de Conformité\u003Cbr/>Réglementation stricte → On-Premises\u003Cbr/>Conformité standard → Cloud\"]\n",[279,3444,3445],{"class":281,"line":404},[279,3446,2265],{},[279,3448,3449],{"class":281,"line":410},[279,3450,3451],{}," TechnicalCapacity[\"Ressources Techniques\u003Cbr/>Équipe IA/ML forte → On-Premises\u003Cbr/>Ressources limitées → Cloud\"]\n",[279,3453,3454],{"class":281,"line":416},[279,3455,2265],{},[279,3457,3458],{"class":281,"line":891},[279,3459,3460],{}," CostModel[\"Préférences de Coûts\u003Cbr/>Coûts prévisibles → On-Premises\u003Cbr/>Coûts variables → Cloud\"]\n",[279,3462,3463],{"class":281,"line":920},[279,3464,1372],{},[279,3466,3467],{"class":281,"line":964},[279,3468,710],{},[279,3470,3471],{"class":281,"line":989},[279,3472,3473],{}," subgraph Hybrid [\"Architecture Hybride\"]\n",[279,3475,3476],{"class":281,"line":1009},[279,3477,3478],{}," HybridBenefits[\"Combinaison Stratégique\u003Cbr/>• Router données sensibles en local\u003Cbr/>• Utiliser cloud pour tâches complexes\u003Cbr/>• Optimiser coûts dynamiquement\u003Cbr/>• Distribuer risque opérationnel\"]\n",[279,3480,3481],{"class":281,"line":1015},[279,3482,1372],{},[279,3484,3485],{"class":281,"line":1020},[279,3486,710],{},[279,3488,3489],{"class":281,"line":1025},[279,3490,3491],{}," %% Flux de décision\n",[279,3493,3494],{"class":281,"line":1031},[279,3495,3496],{}," DataSensitivity --> OnPremAdvantages\n",[279,3498,3499],{"class":281,"line":1053},[279,3500,3501],{}," DataSensitivity --> CloudAdvantages\n",[279,3503,3504],{"class":281,"line":1072},[279,3505,710],{},[279,3507,3508],{"class":281,"line":1099},[279,3509,3510],{}," Compliance --> OnPremAdvantages\n",[279,3512,3513],{"class":281,"line":1109},[279,3514,3515],{}," Compliance --> CloudAdvantages\n",[279,3517,3518],{"class":281,"line":1116},[279,3519,710],{},[279,3521,3522],{"class":281,"line":1152},[279,3523,3524],{}," TechnicalCapacity --> OnPremChallenges\n",[279,3526,3527],{"class":281,"line":1162},[279,3528,3529],{}," TechnicalCapacity --> CloudRisks\n",[279,3531,3532],{"class":281,"line":1167},[279,3533,710],{},[279,3535,3536],{"class":281,"line":2423},[279,3537,3538],{}," CostModel --> OnPremCosts\n",[279,3540,3541],{"class":281,"line":2429},[279,3542,3543],{}," CostModel --> CloudCosts\n",[279,3545,3546],{"class":281,"line":2434},[279,3547,710],{},[279,3549,3550],{"class":281,"line":2440},[279,3551,3552],{}," %% Connexions hybrides\n",[279,3554,3555],{"class":281,"line":2446},[279,3556,3557],{}," OnPremAdvantages -.-> HybridBenefits\n",[279,3559,3560],{"class":281,"line":2451},[279,3561,3562],{}," CloudAdvantages -.-> HybridBenefits\n",[279,3564,3565],{"class":281,"line":2457},[279,3566,710],{},[279,3568,3569],{"class":281,"line":2463},[279,3570,3074],{},[279,3572,3573],{"class":281,"line":2469},[279,3574,3575],{}," classDef cloudStyle stroke:#1976d2,stroke-width:2px\n",[279,3577,3578],{"class":281,"line":2475},[279,3579,3580],{}," classDef onpremStyle stroke:#388e3c,stroke-width:2px\n",[279,3582,3583],{"class":281,"line":2480},[279,3584,3585],{}," classDef decisionStyle stroke:#f57c00,stroke-width:2px\n",[279,3587,3588],{"class":281,"line":2486},[279,3589,3590],{}," classDef hybridStyle stroke:#7b1fa2,stroke-width:2px\n",[279,3592,3593],{"class":281,"line":2491},[279,3594,710],{},[279,3596,3597],{"class":281,"line":2497},[279,3598,3599],{}," class Cloud,CloudAdvantages,CloudRisks,CloudCosts cloudStyle\n",[279,3601,3602],{"class":281,"line":2503},[279,3603,3604],{}," class OnPrem,OnPremAdvantages,OnPremChallenges,OnPremCosts onpremStyle\n",[279,3606,3607],{"class":281,"line":2509},[279,3608,3609],{}," class Decision,DataSensitivity,Compliance,TechnicalCapacity,CostModel decisionStyle\n",[279,3611,3612],{"class":281,"line":2515},[279,3613,3614],{}," class Hybrid,HybridBenefits hybridStyle\n",[1601,3616,3618],{"id":3617},"analyse-des-coûts",[99,3619,3620],{},"Analyse des Coûts",[68,3622,3623,1612],{},[99,3624,3625],{},"Coûts Cloud (Estimés)",[149,3627,3628,3631,3634],{},[152,3629,3630],{},"Interactions complexes d'agents : 50-200 tokens par appel d'outil",[152,3632,3633],{},"Usage entreprise : 10,000+ interactions d'agents quotidiennes",[152,3635,3636],{},"Coûts mensuels : $2,000-$10,000+ selon le modèle et l'usage",[68,3638,3639,1612],{},[99,3640,3641],{},"Coûts On-Premises",[149,3643,3644,3647,3650],{},[152,3645,3646],{},"Matériel : $10,000-$50,000 d'investissement initial",[152,3648,3649],{},"Maintenance : Frais opérationnels continus",[152,3651,3652],{},"Point d'équilibre : Généralement 6-18 mois selon l'usage",[68,3654,3655,3658],{},[99,3656,3657],{},"Approche Hybride"," : Utilisez l'on-premises pour les données sensibles, le cloud pour les pics de charge ou les tâches spécialisées.",[1601,3660,3662],{"id":3661},"sécurité-et-conformité",[99,3663,3664],{},"Sécurité et Conformité",[68,3666,3667],{},"L'on-premises offre des avantages significatifs :",[149,3669,3670,3676,3682,3688],{},[152,3671,3672,3675],{},[99,3673,3674],{},"Souveraineté des Données"," : Tout le traitement se fait dans votre infrastructure",[152,3677,3678,3681],{},[99,3679,3680],{},"Pistes d'Audit"," : Visibilité complète sur les actions des agents et les flux de données",[152,3683,3684,3687],{},[99,3685,3686],{},"Conformité"," : Plus facile de respecter GDPR, HIPAA, SOC2",[152,3689,3690,3693],{},[99,3691,3692],{},"Sécurité Personnalisée"," : Intégration avec l'infrastructure de sécurité existante",[68,3695,3696],{},"Mais introduit aussi des responsabilités :",[149,3698,3699,3705,3711],{},[152,3700,3701,3704],{},[99,3702,3703],{},"Sécurité des Modèles"," : S'assurer que les modèles ne sont pas compromis ou biaisés",[152,3706,3707,3710],{},[99,3708,3709],{},"Sécurité de l'Infrastructure"," : Protéger l'infrastructure IA elle-même",[152,3712,3713,3716],{},[99,3714,3715],{},"Contrôle d'Accès"," : Gérer qui peut déployer et modifier les agents",[1601,3718,3720],{"id":3719},"maturité-opérationnelle",[99,3721,3722],{},"Maturité Opérationnelle",[68,3724,3725],{},"L'exécution d'IA on-premises nécessite des capacités organisationnelles :",[149,3727,3728,3734,3739,3745],{},[152,3729,3730,3733],{},[99,3731,3732],{},"DevOps pour l'IA"," : Pipelines CI/CD pour le déploiement des modèles",[152,3735,3736,3738],{},[99,3737,3306],{}," : Compréhension des métriques spécifiques à l'IA et des modes de défaillance",[152,3740,3741,3744],{},[99,3742,3743],{},"Mise à l'Échelle"," : Gestion des ressources à mesure que l'utilisation des agents croît",[152,3746,3747,3749],{},[99,3748,3312],{}," : Maintenir les modèles et l'infrastructure à jour",[91,3751,3753,3757],{"className":3752},[120,121,122],[124,3754,3756],{"id":3755},"stratégie-darchitecture-hybride","Stratégie d'Architecture Hybride",[68,3758,3759],{},[71,3760,3761],{"href":134},[99,3762,137],{},[91,3764,3766,3769,3775,3906,3912,3944],{"className":3765},[94],[68,3767,3768],{},"L'approche la plus pragmatique combine souvent les déploiements cloud et on-premises. Une architecture hybride permet aux organisations d'optimiser à la fois pour la sécurité et la capacité tout en maintenant la flexibilité opérationnelle.",[1601,3770,3772],{"id":3771},"implémentation-du-routage-intelligent",[99,3773,3774],{},"Implémentation du Routage Intelligent",[270,3776,3778],{"className":605,"code":3777,"language":607,"meta":275,"style":275},"const agent = new Agent({\n // Local pour les opérations sensibles\n localProvider: \"http://localhost:1234/v1\",\n localModel: \"qwen2.5-32b-instruct\",\n \n // Cloud pour les tâches complexes\n cloudProvider: \"nebius\",\n cloudModel: \"Qwen/Qwen2.5-72B-Instruct\",\n \n // Routage basé sur la sensibilité des tâches\n routingStrategy: \"data-classification\"\n});\n",[250,3779,3780,3798,3803,3818,3834,3838,3843,3859,3875,3879,3884,3898],{"__ignoreMap":275},[279,3781,3782,3784,3787,3789,3791,3794,3796],{"class":281,"line":282},[279,3783,2701],{"class":620},[279,3785,3786],{"class":680}," agent ",[279,3788,2707],{"class":628},[279,3790,743],{"class":628},[279,3792,3793],{"class":694}," Agent",[279,3795,641],{"class":680},[279,3797,735],{"class":628},[279,3799,3800],{"class":281,"line":288},[279,3801,3802],{"class":614}," // Local pour les opérations sensibles\n",[279,3804,3805,3808,3810,3812,3814,3816],{"class":281,"line":294},[279,3806,3807],{"class":637}," localProvider",[279,3809,648],{"class":628},[279,3811,943],{"class":628},[279,3813,2753],{"class":802},[279,3815,900],{"class":628},[279,3817,809],{"class":628},[279,3819,3820,3823,3825,3827,3830,3832],{"class":281,"line":300},[279,3821,3822],{"class":637}," localModel",[279,3824,648],{"class":628},[279,3826,943],{"class":628},[279,3828,3829],{"class":802},"qwen2.5-32b-instruct",[279,3831,900],{"class":628},[279,3833,809],{"class":628},[279,3835,3836],{"class":281,"line":306},[279,3837,866],{"class":680},[279,3839,3840],{"class":281,"line":313},[279,3841,3842],{"class":614}," // Cloud pour les tâches complexes\n",[279,3844,3845,3848,3850,3852,3855,3857],{"class":281,"line":319},[279,3846,3847],{"class":637}," cloudProvider",[279,3849,648],{"class":628},[279,3851,943],{"class":628},[279,3853,3854],{"class":802},"nebius",[279,3856,900],{"class":628},[279,3858,809],{"class":628},[279,3860,3861,3864,3866,3868,3871,3873],{"class":281,"line":325},[279,3862,3863],{"class":637}," cloudModel",[279,3865,648],{"class":628},[279,3867,943],{"class":628},[279,3869,3870],{"class":802},"Qwen/Qwen2.5-72B-Instruct",[279,3872,900],{"class":628},[279,3874,809],{"class":628},[279,3876,3877],{"class":281,"line":331},[279,3878,866],{"class":680},[279,3880,3881],{"class":281,"line":336},[279,3882,3883],{"class":614}," // Routage basé sur la sensibilité des tâches\n",[279,3885,3886,3889,3891,3893,3896],{"class":281,"line":342},[279,3887,3888],{"class":637}," routingStrategy",[279,3890,648],{"class":628},[279,3892,943],{"class":628},[279,3894,3895],{"class":802},"data-classification",[279,3897,1006],{"class":628},[279,3899,3900,3902,3904],{"class":281,"line":348},[279,3901,2779],{"class":628},[279,3903,665],{"class":680},[279,3905,705],{"class":628},[1601,3907,3909],{"id":3908},"avantages-hybrides",[99,3910,3911],{},"Avantages Hybrides",[149,3913,3914,3920,3926,3932,3938],{},[152,3915,3916,3919],{},[99,3917,3918],{},"Classification des Données"," : Route automatiquement les données sensibles vers le traitement local",[152,3921,3922,3925],{},[99,3923,3924],{},"Optimisation des Performances"," : Utilise les ressources cloud pour les tâches intensives en calcul",[152,3927,3928,3931],{},[99,3929,3930],{},"Gestion des Coûts"," : Équilibre les coûts fixes on-premises avec l'usage variable du cloud",[152,3933,3934,3937],{},[99,3935,3936],{},"Distribution des Risques"," : Évite les points uniques de défaillance dans chaque modèle de déploiement",[152,3939,3940,3943],{},[99,3941,3942],{},"Migration Progressive"," : Commence en local et étend l'usage cloud à mesure que la confiance augmente",[91,3945,3947,3951],{"className":3946},[120,121,122],[124,3948,3950],{"id":3949},"conclusion-et-prochaines-étapes","Conclusion et Prochaines Étapes",[68,3952,3953],{},[71,3954,3955],{"href":134},[99,3956,137],{},[91,3958,3960,3963,3969,4001,4007,4012,4026,4031,4045,4051,4088],{"className":3959},[94],[68,3961,3962],{},"L'exploration des Agents MCP Tiny On-Premises révèle une vérité convaincante : l'élégance du concept d'\"agent en 50 lignes\" de Hugging Face n'est pas diminuée par le déploiement local—elle est améliorée par les avantages de contrôle et de sécurité que fournit l'infrastructure on-premises.",[1601,3964,3966],{"id":3965},"points-clés",[99,3967,3968],{},"Points Clés",[1614,3970,3971,3977,3983,3989,3995],{},[152,3972,3973,3976],{},[99,3974,3975],{},"Faisabilité Technique"," : L'architecture de l'agent reste identique—seul l'endpoint d'inférence change",[152,3978,3979,3982],{},[99,3980,3981],{},"Puissance du Protocole MCP"," : Vos investissements en outils sont entièrement portables entre cloud et on-premises",[152,3984,3985,3988],{},[99,3986,3987],{},"Avantages Stratégiques"," : Les déploiements on-premises offrent souveraineté des données, avantages de conformité et prévisibilité des coûts",[152,3990,3991,3994],{},[99,3992,3993],{},"Réalité d'Implémentation"," : Les contraintes matérielles nécessitent une sélection soigneuse des modèles, mais des solutions capables existent",[152,3996,3997,4000],{},[99,3998,3999],{},"Optimisation Hybride"," : L'approche la plus pratique combine les deux modèles de déploiement selon la sensibilité des données",[1601,4002,4004],{"id":4003},"cadre-de-décision",[99,4005,4006],{},"Cadre de Décision",[68,4008,4009,1612],{},[99,4010,4011],{},"Choisissez l'On-Premises Quand",[149,4013,4014,4017,4020,4023],{},[152,4015,4016],{},"La sensibilité des données est élevée (finance, santé, juridique)",[152,4018,4019],{},"Les exigences de conformité sont strictes (GDPR, HIPAA, SOC2)",[152,4021,4022],{},"Les coûts prévisibles sont préférés aux prix variables",[152,4024,4025],{},"Une équipe technique solide est disponible pour l'implémentation",[68,4027,4028,1612],{},[99,4029,4030],{},"Choisissez le Cloud Quand",[149,4032,4033,4036,4039,4042],{},[152,4034,4035],{},"La mise à l'échelle rapide est essentielle",[152,4037,4038],{},"Les dernières capacités des modèles sont requises",[152,4040,4041],{},"Les ressources techniques sont limitées",[152,4043,4044],{},"Les charges de travail variables rendent l'économie cloud favorable",[1601,4046,4048],{"id":4047},"chemin-dimplémentation-recommandé",[99,4049,4050],{},"Chemin d'Implémentation Recommandé",[1614,4052,4053,4059,4065,4071,4076,4082],{},[152,4054,4055,4058],{},[99,4056,4057],{},"Phase d'Évaluation"," : Évaluez votre sensibilité aux données, besoins de conformité et capacités techniques",[152,4060,4061,4064],{},[99,4062,4063],{},"Déploiement Pilote"," : Commencez avec une petite configuration on-premises utilisant des modèles quantifiés (Qwen2.5-32B)",[152,4066,4067,4070],{},[99,4068,4069],{},"Évaluation des Performances"," : Comparez les performances locales vs. cloud pour vos cas d'usage spécifiques",[152,4072,4073,4075],{},[99,4074,3620],{}," : Calculez les points d'équilibre et le coût total de possession",[152,4077,4078,4081],{},[99,4079,4080],{},"Architecture Hybride"," : Concevez un routage intelligent basé sur la classification des données et la complexité des tâches",[152,4083,4084,4087],{},[99,4085,4086],{},"Mise à l'Échelle Progressive"," : Étendez les modèles réussis tout en maintenant les limites de sécurité",[68,4089,4090],{},"L'avenir de l'IA d'entreprise ne consiste pas à choisir entre la commodité du cloud et le contrôle on-premises—il s'agit d'architecturer des systèmes qui combinent intelligemment les deux approches. Les Agents MCP Tiny rendent cette vision pratique, fournissant la simplicité et la portabilité nécessaires pour des déploiements d'IA durables sur toute infrastructure.",[91,4092,4095,4101],{"className":4093},[2161,4094,2163,2164],"text-end",[68,4096,4097],{},[71,4098,4099],{"href":134},[99,4100,137],{},[91,4102,4104],{"className":4103},[4094],[68,4105,4106],{},[71,4107,4108],{"href":2156},[99,4109,4110],{},"Prêt à explorer les agents IA on-premises ?",[2172,4112,4113],{},"html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html pre.shiki code .spNyl, html code.shiki .spNyl{--shiki-light:#9C3EDA;--shiki-default:#C792EA;--shiki-dark:#C792EA}html pre.shiki code .sTEyZ, html code.shiki .sTEyZ{--shiki-light:#90A4AE;--shiki-default:#EEFFFF;--shiki-dark:#BABED8}html pre.shiki code .sMK4o, html code.shiki .sMK4o{--shiki-light:#39ADB5;--shiki-default:#89DDFF;--shiki-dark:#89DDFF}html pre.shiki code .s2Zo4, html code.shiki .s2Zo4{--shiki-light:#6182B8;--shiki-default:#82AAFF;--shiki-dark:#82AAFF}html pre.shiki code .swJcz, html code.shiki .swJcz{--shiki-light:#E53935;--shiki-default:#F07178;--shiki-dark:#F07178}html pre.shiki code .sfazB, html code.shiki .sfazB{--shiki-light:#91B859;--shiki-default:#C3E88D;--shiki-dark:#C3E88D}html pre.shiki code .sHwdD, html code.shiki .sHwdD{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#546E7A;--shiki-default-font-style:italic;--shiki-dark:#676E95;--shiki-dark-font-style:italic}",{"title":275,"searchDepth":288,"depth":288,"links":4115},[4116,4117,4118],{"id":2216,"depth":288,"text":2217},{"id":2556,"depth":288,"text":2557},{"id":2616,"depth":288,"text":2617,"children":4119},[4120,4121,4122,4123,4124,4125,4126,4127,4128,4129,4130],{"id":2632,"depth":294,"text":2635},{"id":2676,"depth":294,"text":2679},{"id":2685,"depth":294,"text":2688},{"id":2789,"depth":294,"text":2792},{"id":3335,"depth":294,"text":3338},{"id":3617,"depth":294,"text":3620},{"id":3661,"depth":294,"text":3664},{"id":3719,"depth":294,"text":3722},{"id":3965,"depth":294,"text":3968},{"id":4003,"depth":294,"text":4006},{"id":4047,"depth":294,"text":4050},"2025-06-28","Explorer comment exécuter des agents basés sur MCP entièrement on-premises en utilisant des LLMs locaux, en examinant les compromis entre la commodité du cloud et le contrôle local pour les déploiements d'IA en entreprise.",{"src":2197},{},{"title":27,"description":4132},"epMsG1Ni4vE1sze094ppzqcTx_LgZOojqXuq61W9IDg",{"id":4138,"title":19,"authors":4139,"badge":4143,"body":4145,"date":5096,"description":5097,"extension":2195,"image":5098,"meta":5099,"navigation":309,"path":20,"seo":5100,"stem":21,"__hash__":5101},"posts_fr/fr/blog/1. mcp-security.md",[4140],{"name":55,"description":4141,"to":57,"avatar":4142},"Freelance, Serveurs MCP, Développement Full-Stack, Architecture",{"src":2208},{"label":4144,"color":62,"variant":63},"Sécurité",{"type":65,"value":4146,"toc":5083},[4147,4153,4174,4189,4195,4199,4256,4260,4317,4321,4360,4375,4577,4592,4695,4710,4753,4798,4813,4857,4872,5038,5053,5071,5080],[68,4148,4149],{},[71,4150,4152],{"href":4151},"/blog/","Retour au Blog",[91,4154,4156],{"className":4155},[94],[68,4157,4158,4159,4162,4163,4166,4167,4170,4171,189],{},"Le Protocole de Contexte de Modèle (MCP) est un framework pour la communication structurée entre clients et serveurs utilisant JSON-RPC 2.0. Il permet l'échange de messages à granularité fine dans des systèmes distribués ou modulaires, y compris ceux impliquant des modèles d'IA, des agents modulaires ou l'orchestration de services. Lors de l'utilisation de protocoles légers comme JSON-RPC 2.0 pour la communication MCP, les développeurs font face à plusieurs défis de sécurité. Cet article décrit les ",[99,4160,4161],{},"problèmes critiques",", les ",[99,4164,4165],{},"meilleures solutions"," et les ",[99,4168,4169],{},"outils pratiques pour développeurs"," pour assurer des ",[99,4172,4173],{},"systèmes MCP robustes et sécurisés",[91,4175,4177,4183],{"className":4176},[120,121,122],[124,4178,4180],{"id":4179},"guide-visuel-de-larchitecture-de-sécurité-mcp",[99,4181,4182],{},"Guide Visuel de l'Architecture de Sécurité MCP",[68,4184,4185],{},[71,4186,4187],{"href":134},[99,4188,137],{},[91,4190,4192],{"className":4191},[94],[68,4193,4194],{},"Ce guide fournit un aperçu visuel et pratique de la sécurisation des systèmes MCP, incluant la signature de messages, la gestion de sessions et les modèles d'architecture du monde réel. Il s'adresse aux développeurs et architectes construisant des systèmes modulaires, basés sur des agents ou distribués d'IA.",[1601,4196,4198],{"id":4197},"flux-de-signature-et-vérification-de-messages","Flux de Signature et Vérification de Messages",[270,4200,4202],{"className":272,"code":4201,"language":274,"meta":275,"style":275},"sequenceDiagram\n participant Client\n participant Serveur\n\n Client->>Client: Sérialiser méthode + paramètres\n Client->>Client: Signer payload avec clé privée\n Client->>Serveur: Envoyer JSON-RPC + signature + clé publique\n\n Serveur->>Serveur: Canonicaliser méthode + paramètres\n Serveur->>Serveur: Vérifier signature avec clé publique\n Serveur-->>Client: Traiter ou rejeter\n",[250,4203,4204,4208,4213,4218,4222,4227,4232,4237,4241,4246,4251],{"__ignoreMap":275},[279,4205,4206],{"class":281,"line":282},[279,4207,285],{},[279,4209,4210],{"class":281,"line":288},[279,4211,4212],{}," participant Client\n",[279,4214,4215],{"class":281,"line":294},[279,4216,4217],{}," participant Serveur\n",[279,4219,4220],{"class":281,"line":300},[279,4221,310],{"emptyLinePlaceholder":309},[279,4223,4224],{"class":281,"line":306},[279,4225,4226],{}," Client->>Client: Sérialiser méthode + paramètres\n",[279,4228,4229],{"class":281,"line":313},[279,4230,4231],{}," Client->>Client: Signer payload avec clé privée\n",[279,4233,4234],{"class":281,"line":319},[279,4235,4236],{}," Client->>Serveur: Envoyer JSON-RPC + signature + clé publique\n",[279,4238,4239],{"class":281,"line":325},[279,4240,310],{"emptyLinePlaceholder":309},[279,4242,4243],{"class":281,"line":331},[279,4244,4245],{}," Serveur->>Serveur: Canonicaliser méthode + paramètres\n",[279,4247,4248],{"class":281,"line":336},[279,4249,4250],{}," Serveur->>Serveur: Vérifier signature avec clé publique\n",[279,4252,4253],{"class":281,"line":342},[279,4254,4255],{}," Serveur-->>Client: Traiter ou rejeter\n",[1601,4257,4259],{"id":4258},"initialisation-sécurisée-de-session","Initialisation Sécurisée de Session",[270,4261,4263],{"className":272,"code":4262,"language":274,"meta":275,"style":275},"sequenceDiagram\n participant Coordinateur\n participant Agent A\n participant Agent B\n\n Agent A->>Coordinateur: Demander démarrage de session\n Coordinateur->>Agent A: Envoyer UUID de session + token\n Agent A->>Agent B: Partager contexte avec token\n Agent B->>Coordinateur: Vérifier session + rejoindre\n\n Note over Coordinateur: Le coordinateur suit les rôles, tours et état\n",[250,4264,4265,4269,4274,4279,4284,4288,4293,4298,4303,4308,4312],{"__ignoreMap":275},[279,4266,4267],{"class":281,"line":282},[279,4268,285],{},[279,4270,4271],{"class":281,"line":288},[279,4272,4273],{}," participant Coordinateur\n",[279,4275,4276],{"class":281,"line":294},[279,4277,4278],{}," participant Agent A\n",[279,4280,4281],{"class":281,"line":300},[279,4282,4283],{}," participant Agent B\n",[279,4285,4286],{"class":281,"line":306},[279,4287,310],{"emptyLinePlaceholder":309},[279,4289,4290],{"class":281,"line":313},[279,4291,4292],{}," Agent A->>Coordinateur: Demander démarrage de session\n",[279,4294,4295],{"class":281,"line":319},[279,4296,4297],{}," Coordinateur->>Agent A: Envoyer UUID de session + token\n",[279,4299,4300],{"class":281,"line":325},[279,4301,4302],{}," Agent A->>Agent B: Partager contexte avec token\n",[279,4304,4305],{"class":281,"line":331},[279,4306,4307],{}," Agent B->>Coordinateur: Vérifier session + rejoindre\n",[279,4309,4310],{"class":281,"line":336},[279,4311,310],{"emptyLinePlaceholder":309},[279,4313,4314],{"class":281,"line":342},[279,4315,4316],{}," Note over Coordinateur: Le coordinateur suit les rôles, tours et état\n",[1601,4318,4320],{"id":4319},"routage-de-contexte-mcp","Routage de Contexte MCP",[270,4322,4324],{"className":272,"code":4323,"language":274,"meta":275,"style":275},"graph TD\n A[Client] -->|JSON-RPC| B[Coordinateur]\n B -->|Routage de Session| C1[Agent A]\n B -->|Routage de Session| C2[Agent B]\n C1 -->|Message de Contexte| C2\n C2 -->|Réponse| C1\n B -->|Observabilité| D[Stockage de Logs Signés]\n",[250,4325,4326,4330,4335,4340,4345,4350,4355],{"__ignoreMap":275},[279,4327,4328],{"class":281,"line":282},[279,4329,3351],{},[279,4331,4332],{"class":281,"line":288},[279,4333,4334],{}," A[Client] -->|JSON-RPC| B[Coordinateur]\n",[279,4336,4337],{"class":281,"line":294},[279,4338,4339],{}," B -->|Routage de Session| C1[Agent A]\n",[279,4341,4342],{"class":281,"line":300},[279,4343,4344],{}," B -->|Routage de Session| C2[Agent B]\n",[279,4346,4347],{"class":281,"line":306},[279,4348,4349],{}," C1 -->|Message de Contexte| C2\n",[279,4351,4352],{"class":281,"line":313},[279,4353,4354],{}," C2 -->|Réponse| C1\n",[279,4356,4357],{"class":281,"line":319},[279,4358,4359],{}," B -->|Observabilité| D[Stockage de Logs Signés]\n",[91,4361,4363,4369],{"className":4362},[120,121,122],[124,4364,4366],{"id":4365},"problèmes-critiques-de-sécurité-dans-mcp-basé-sur-json-rpc",[99,4367,4368],{},"Problèmes Critiques de Sécurité dans MCP Basé sur JSON-RPC",[68,4370,4371],{},[71,4372,4373],{"href":134},[99,4374,137],{},[1193,4376,4377,4393],{},[1196,4378,4379],{},[1199,4380,4381,4384,4387,4390],{},[1202,4382,4383],{},"Zone",[1202,4385,4386],{},"Problème Critique",[1202,4388,4389],{},"Pourquoi C'est Important dans MCP",[1202,4391,4392],{},"Solution",[1213,4394,4395,4409,4423,4437,4451,4465,4479,4493,4507,4521,4535,4549,4563],{},[1199,4396,4397,4400,4403,4406],{},[1218,4398,4399],{},"🗭 Coordination",[1218,4401,4402],{},"Pas de routage natif multi-parties",[1218,4404,4405],{},"MCP implique souvent l'orchestration de plusieurs services ou agents",[1218,4407,4408],{},"Implémenter un service coordinateur pour gérer le routage, les rôles et les relais de messages",[1199,4410,4411,4414,4417,4420],{},[1218,4412,4413],{},"🔐 Identité",[1218,4415,4416],{},"Pas de couche d'identité/auth/session",[1218,4418,4419],{},"Vous devez authentifier et vérifier l'origine du message",[1218,4421,4422],{},"Utiliser DIDs, mTLS ou couches d'identité basées sur signature avec tokens de session",[1199,4424,4425,4428,4431,4434],{},[1218,4426,4427],{},"⚠️ Erreurs",[1218,4429,4430],{},"Mauvaise observabilité et sémantique d'erreurs",[1218,4432,4433],{},"Difficile de tracer les échecs dans les flux de modèles contextuels",[1218,4435,4436],{},"Ajouter logs signés, codes d'erreur structurés et tableaux de bord de trace",[1199,4438,4439,4442,4445,4448],{},[1218,4440,4441],{},"📦 Types de Données",[1218,4443,4444],{},"Pas de support pour données binaires/complexes",[1218,4446,4447],{},"Les paramètres et réponses du modèle peuvent ne pas s'adapter facilement au JSON",[1218,4449,4450],{},"Utiliser encodage base64, CBOR ou attacher payloads structurés en dehors des champs JSON-RPC centraux",[1199,4452,4453,4456,4459,4462],{},[1218,4454,4455],{},"🧪 Tests",[1218,4457,4458],{},"Pas de simulation ou d'outils étape par étape",[1218,4460,4461],{},"Besoin de replay de protocole et de débogage",[1218,4463,4464],{},"Construire des harnais de test déterministes avec replay de protocole et mocking d'agents",[1199,4466,4467,4470,4473,4476],{},[1218,4468,4469],{},"🧱 Persistance",[1218,4471,4472],{},"Pas de session/mémoire entre appels",[1218,4474,4475],{},"La continuité du contexte entre appels de modèle nécessite état et rôles suivis",[1218,4477,4478],{},"Utiliser Redis ou stockage de session en mémoire pour persister l'état de rôle, tour et message",[1199,4480,4481,4484,4487,4490],{},[1218,4482,4483],{},"💨 Agents Malveillants",[1218,4485,4486],{},"N'importe quel acteur peut injecter logique ou contexte nuisible",[1218,4488,4489],{},"Les agents malveillants peuvent faire dérailler ou empoisonner l'exécution du modèle",[1218,4491,4492],{},"Utiliser sandboxing (ex. VM2/WASM), validation de comportement et listes autorisées pour flux de contexte",[1199,4494,4495,4498,4501,4504],{},[1218,4496,4497],{},"🦮 Dérive de Session",[1218,4499,4500],{},"Les agents peuvent désynchroniser données de contexte/tour",[1218,4502,4503],{},"Conduit à conditions de course, hallucinations ou écrasement de contexte",[1218,4505,4506],{},"Utiliser snapshots de session signés, compteurs de tour et outils de replay du coordinateur",[1199,4508,4509,4512,4515,4518],{},[1218,4510,4511],{},"🔄 Attaques de Replay",[1218,4513,4514],{},"Réutilisation de messages valides entre contextes",[1218,4516,4517],{},"Non détecté, peut manipuler le comportement ou la sortie de l'agent",[1218,4519,4520],{},"Tokens horodatés, validation de nonce ou chaînes de hash pour assurer la fraîcheur",[1199,4522,4523,4526,4529,4532],{},[1218,4524,4525],{},"🛨️ Atténuation d'Agents Malveillants",[1218,4527,4528],{},"Agents compromis agissant dans une session valide",[1218,4530,4531],{},"Menace l'intégrité du système",[1218,4533,4534],{},"Appliquer règles de comportement, utiliser sandboxes sécurisés et valider modèles d'entrée/sortie",[1199,4536,4537,4540,4543,4546],{},[1218,4538,4539],{},"🌐 Identité Décentralisée (DIDs)",[1218,4541,4542],{},"Manque de résolution d'identité globale fiable",[1218,4544,4545],{},"Nécessaire pour délégation de confiance sécurisée entre agents",[1218,4547,4548],{},"Adopter DIDs W3C et résoudre clés via Documents DID ou registres de clés",[1199,4550,4551,4554,4557,4560],{},[1218,4552,4553],{},"📡 Gestion Sécurisée de Sessions",[1218,4555,4556],{},"Les sessions peuvent être piratées, perdues ou incohérentes",[1218,4558,4559],{},"Critique pour état du modèle, contexte et protection replay",[1218,4561,4562],{},"Suivre sessions via coordinateur, assigner IDs uniques, utiliser clés par session",[1199,4564,4565,4568,4571,4574],{},[1218,4566,4567],{},"🔄 Protection Replay et Course",[1218,4569,4570],{},"Requêtes dupliquées ou réordonnées peuvent causer erreurs",[1218,4572,4573],{},"Les agents peuvent mal se comporter ou retraiter anciennes données",[1218,4575,4576],{},"Utiliser nonces, timestamps et compteurs de tour dans chaque message",[91,4578,4580,4586],{"className":4579},[120,121,122],[124,4581,4583],{"id":4582},"tableau-de-vue-densemble-des-capacités",[99,4584,4585],{},"Tableau de Vue d'Ensemble des Capacités",[68,4587,4588],{},[71,4589,4590],{"href":134},[99,4591,137],{},[1193,4593,4594,4616],{},[1196,4595,4596],{},[1199,4597,4598,4601,4604,4607,4610,4613],{},[1202,4599,4600],{},"Capacité",[1202,4602,4603],{},"Contrôlé Par",[1202,4605,4606],{},"Direction",[1202,4608,4609],{},"Effets Secondaires",[1202,4611,4612],{},"Approbation Nécessaire",[1202,4614,4615],{},"Cas d'Usage Typiques",[1213,4617,4618,4638,4657,4676],{},[1199,4619,4620,4623,4626,4629,4632,4635],{},[1218,4621,4622],{},"Outils",[1218,4624,4625],{},"Modèle (LLM)",[1218,4627,4628],{},"Client → Serveur",[1218,4630,4631],{},"Oui (potentiellement)",[1218,4633,4634],{},"Oui",[1218,4636,4637],{},"Actions, appels API, manipulation de données",[1199,4639,4640,4643,4646,4648,4651,4654],{},[1218,4641,4642],{},"Ressources",[1218,4644,4645],{},"Application",[1218,4647,4628],{},[1218,4649,4650],{},"Non (lecture seule)",[1218,4652,4653],{},"Généralement non",[1218,4655,4656],{},"Récupération de données, collecte de contexte",[1199,4658,4659,4662,4665,4668,4671,4673],{},[1218,4660,4661],{},"Prompts",[1218,4663,4664],{},"Utilisateur",[1218,4666,4667],{},"Serveur → Client",[1218,4669,4670],{},"Non",[1218,4672,4670],{},[1218,4674,4675],{},"Flux guidés, modèles spécialisés",[1199,4677,4678,4681,4684,4687,4690,4692],{},[1218,4679,4680],{},"Échantillonnage",[1218,4682,4683],{},"Serveur",[1218,4685,4686],{},"Serveur → Client → Serveur",[1218,4688,4689],{},"Indirectement",[1218,4691,4634],{},[1218,4693,4694],{},"Tâches multi-étapes, comportements agentiques",[91,4696,4698,4704],{"className":4697},[120,121,122],[124,4699,4701],{"id":4700},"architecture-de-référence-du-monde-réel",[99,4702,4703],{},"Architecture de Référence du Monde Réel",[68,4705,4706],{},[71,4707,4708],{"href":134},[99,4709,137],{},[149,4711,4712,4718,4724,4730,4736,4742,4747],{},[152,4713,4714,4717],{},[99,4715,4716],{},"Frontend",": Nuxt 3 (avec Nuxt Content & Tailwind)",[152,4719,4720,4723],{},[99,4721,4722],{},"Backend",": Node.js / Fastify / Express",[152,4725,4726,4729],{},[99,4727,4728],{},"Coordinateur MCP",": Routage personnalisé + logique de contexte (sans état + conscient de session)",[152,4731,4732,4735],{},[99,4733,4734],{},"Agents",": Microservices indépendants ou modules basés sur WASM",[152,4737,4738,4741],{},[99,4739,4740],{},"Transport",": JSON-RPC 2.0 sur HTTPS (ou mTLS)",[152,4743,4744,4746],{},[99,4745,4144],{},": Validation de signature, DIDs et clés de chiffrement par session",[152,4748,4749,4752],{},[99,4750,4751],{},"Logs",": Logs signés en ajout seul + tableau de bord d'observabilité (Grafana / OpenTelemetry)",[270,4754,4756],{"className":272,"code":4755,"language":274,"meta":275,"style":275},"graph LR\n FE[Client Nuxt3] -->|JSON-RPC| COORD[Coordinateur MCP]\n COORD --> A1[Agent A]\n COORD --> A2[Agent B]\n COORD --> REDIS[(Stockage de Session)]\n COORD --> LOG[Logs Signés]\n A1 --> RES1[(API Externe)]\n A2 --> RES2[(LLM ou Outil)]\n",[250,4757,4758,4763,4768,4773,4778,4783,4788,4793],{"__ignoreMap":275},[279,4759,4760],{"class":281,"line":282},[279,4761,4762],{},"graph LR\n",[279,4764,4765],{"class":281,"line":288},[279,4766,4767],{}," FE[Client Nuxt3] -->|JSON-RPC| COORD[Coordinateur MCP]\n",[279,4769,4770],{"class":281,"line":294},[279,4771,4772],{}," COORD --> A1[Agent A]\n",[279,4774,4775],{"class":281,"line":300},[279,4776,4777],{}," COORD --> A2[Agent B]\n",[279,4779,4780],{"class":281,"line":306},[279,4781,4782],{}," COORD --> REDIS[(Stockage de Session)]\n",[279,4784,4785],{"class":281,"line":313},[279,4786,4787],{}," COORD --> LOG[Logs Signés]\n",[279,4789,4790],{"class":281,"line":319},[279,4791,4792],{}," A1 --> RES1[(API Externe)]\n",[279,4794,4795],{"class":281,"line":325},[279,4796,4797],{}," A2 --> RES2[(LLM ou Outil)]\n",[91,4799,4801,4807],{"className":4800},[120,121,122],[124,4802,4804],{"id":4803},"outils-et-solutions-pour-développeurs",[99,4805,4806],{},"Outils et Solutions pour Développeurs",[68,4808,4809],{},[71,4810,4811],{"href":134},[99,4812,137],{},[149,4814,4815,4821,4827,4833,4839,4845,4851],{},[152,4816,2056,4817,4820],{},[99,4818,4819],{},"Messages JSON-RPC Signés",": Créer JSON canonique, signer en utilisant EdDSA/ECDSA, envoyer avec clé publique ou DID.",[152,4822,2056,4823,4826],{},[99,4824,4825],{},"Snapshots de Session",": Stocker snapshots JSON par tour avec signatures.",[152,4828,2056,4829,4832],{},[99,4830,4831],{},"Détection de Replay",": Utiliser nonce + timestamps + chaînage de hash.",[152,4834,2056,4835,4838],{},[99,4836,4837],{},"Harnais de Test",": Construire outils de replay MCP avec agents simulés.",[152,4840,2056,4841,4844],{},[99,4842,4843],{},"Observabilité",": Utiliser OpenTelemetry ou agrégateurs de logs avec événements structurés.",[152,4846,2056,4847,4850],{},[99,4848,4849],{},"Validation de Signature",": Les bibliothèques client + agent doivent appliquer validation avant traitement.",[152,4852,2056,4853,4856],{},[99,4854,4855],{},"Service Résolveur DID",": Résoudre clés publiques liées aux DIDs d'agent.",[91,4858,4860,4866],{"className":4859},[120,121,122],[124,4861,4863],{"id":4862},"comment-signer-les-payloads-json-rpc",[99,4864,4865],{},"Comment Signer les Payloads JSON-RPC",[68,4867,4868],{},[71,4869,4870],{"href":134},[99,4871,137],{},[270,4873,4877],{"className":4874,"code":4875,"language":4876,"meta":275,"style":275},"language-ts shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","import { sign, verify } from 'crypto';\nconst method = 'agent.perform';\nconst params = { input: 'Exécuter test' };\nconst payload = JSON.stringify({ method, params });\nconst signature = sign('sha256', Buffer.from(payload), privateKey);\n\n// Envoyer: { method, params, signature, pubKey }\n","ts",[250,4878,4879,4910,4928,4954,4989,5029,5033],{"__ignoreMap":275},[279,4880,4881,4884,4887,4890,4892,4895,4898,4901,4903,4906,4908],{"class":281,"line":282},[279,4882,4883],{"class":687},"import",[279,4885,4886],{"class":628}," {",[279,4888,4889],{"class":680}," sign",[279,4891,654],{"class":628},[279,4893,4894],{"class":680}," verify",[279,4896,4897],{"class":628}," }",[279,4899,4900],{"class":687}," from",[279,4902,1140],{"class":628},[279,4904,4905],{"class":802},"crypto",[279,4907,806],{"class":628},[279,4909,705],{"class":628},[279,4911,4912,4914,4917,4919,4921,4924,4926],{"class":281,"line":288},[279,4913,2701],{"class":620},[279,4915,4916],{"class":680}," method ",[279,4918,2707],{"class":628},[279,4920,1140],{"class":628},[279,4922,4923],{"class":802},"agent.perform",[279,4925,806],{"class":628},[279,4927,705],{"class":628},[279,4929,4930,4932,4935,4937,4939,4942,4944,4946,4949,4951],{"class":281,"line":294},[279,4931,2701],{"class":620},[279,4933,4934],{"class":680}," params ",[279,4936,2707],{"class":628},[279,4938,4886],{"class":628},[279,4940,4941],{"class":637}," input",[279,4943,648],{"class":628},[279,4945,1140],{"class":628},[279,4947,4948],{"class":802},"Exécuter test",[279,4950,806],{"class":628},[279,4952,4953],{"class":628}," };\n",[279,4955,4956,4958,4961,4963,4966,4968,4971,4973,4976,4979,4981,4983,4985,4987],{"class":281,"line":300},[279,4957,2701],{"class":620},[279,4959,4960],{"class":680}," payload ",[279,4962,2707],{"class":628},[279,4964,4965],{"class":680}," JSON",[279,4967,189],{"class":628},[279,4969,4970],{"class":694},"stringify",[279,4972,641],{"class":680},[279,4974,4975],{"class":628},"{",[279,4977,4978],{"class":680}," method",[279,4980,654],{"class":628},[279,4982,4934],{"class":680},[279,4984,2779],{"class":628},[279,4986,665],{"class":680},[279,4988,705],{"class":628},[279,4990,4991,4993,4996,4998,5000,5002,5004,5007,5009,5011,5014,5016,5019,5022,5024,5027],{"class":281,"line":306},[279,4992,2701],{"class":620},[279,4994,4995],{"class":680}," signature ",[279,4997,2707],{"class":628},[279,4999,4889],{"class":694},[279,5001,641],{"class":680},[279,5003,806],{"class":628},[279,5005,5006],{"class":802},"sha256",[279,5008,806],{"class":628},[279,5010,654],{"class":628},[279,5012,5013],{"class":680}," Buffer",[279,5015,189],{"class":628},[279,5017,5018],{"class":694},"from",[279,5020,5021],{"class":680},"(payload)",[279,5023,654],{"class":628},[279,5025,5026],{"class":680}," privateKey)",[279,5028,705],{"class":628},[279,5030,5031],{"class":281,"line":313},[279,5032,310],{"emptyLinePlaceholder":309},[279,5034,5035],{"class":281,"line":319},[279,5036,5037],{"class":614},"// Envoyer: { method, params, signature, pubKey }\n",[91,5039,5041,5047],{"className":5040},[120,121,122],[124,5042,5044],{"id":5043},"résumé",[99,5045,5046],{},"Résumé",[68,5048,5049],{},[71,5050,5051],{"href":134},[99,5052,137],{},[68,5054,5055,5056,5059,5060,5059,5063,5066,5067,5070],{},"Un système MCP sécurisé construit avec JSON-RPC nécessite des couches de protection : identité, intégrité des messages, sécurité du contexte et règles de protocole claires. Combiner ",[99,5057,5058],{},"DIDs",", ",[99,5061,5062],{},"signatures",[99,5064,5065],{},"contrôle de session"," et ",[99,5068,5069],{},"défenses contre agents malveillants"," assure que votre système modulaire reste sûr, observable et extensible.",[91,5072,5074],{"className":5073},[2161,2162,2163,2164],[68,5075,5076],{},[71,5077,5078],{"href":134},[99,5079,137],{},[2172,5081,5082],{},"html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html pre.shiki code .s7zQu, html code.shiki .s7zQu{--shiki-light:#39ADB5;--shiki-light-font-style:italic;--shiki-default:#89DDFF;--shiki-default-font-style:italic;--shiki-dark:#89DDFF;--shiki-dark-font-style:italic}html pre.shiki code .sMK4o, html code.shiki .sMK4o{--shiki-light:#39ADB5;--shiki-default:#89DDFF;--shiki-dark:#89DDFF}html pre.shiki code .sTEyZ, html code.shiki .sTEyZ{--shiki-light:#90A4AE;--shiki-default:#EEFFFF;--shiki-dark:#BABED8}html pre.shiki code .sfazB, html code.shiki .sfazB{--shiki-light:#91B859;--shiki-default:#C3E88D;--shiki-dark:#C3E88D}html pre.shiki code .spNyl, html code.shiki .spNyl{--shiki-light:#9C3EDA;--shiki-default:#C792EA;--shiki-dark:#C792EA}html pre.shiki code .swJcz, html code.shiki .swJcz{--shiki-light:#E53935;--shiki-default:#F07178;--shiki-dark:#F07178}html pre.shiki code .s2Zo4, html code.shiki .s2Zo4{--shiki-light:#6182B8;--shiki-default:#82AAFF;--shiki-dark:#82AAFF}html pre.shiki code .sHwdD, html code.shiki .sHwdD{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#546E7A;--shiki-default-font-style:italic;--shiki-dark:#676E95;--shiki-dark-font-style:italic}",{"title":275,"searchDepth":288,"depth":288,"links":5084},[5085,5090,5091,5092,5093,5094,5095],{"id":4179,"depth":288,"text":4182,"children":5086},[5087,5088,5089],{"id":4197,"depth":294,"text":4198},{"id":4258,"depth":294,"text":4259},{"id":4319,"depth":294,"text":4320},{"id":4365,"depth":288,"text":4368},{"id":4582,"depth":288,"text":4585},{"id":4700,"depth":288,"text":4703},{"id":4803,"depth":288,"text":4806},{"id":4862,"depth":288,"text":4865},{"id":5043,"depth":288,"text":5046},"2025-06-26","Problèmes critiques de sécurité, meilleures solutions et outils pratiques pour des systèmes MCP robustes et sécurisés utilisant JSON-RPC.",{"src":2197},{},{"title":19,"description":5097},"v8QZCrRACbPHafMNqzDSLJTS3GEhRu0WnjMdQjJugMo",1779118049642]