Arcade vs Merge Agent Handler: differences in tool execution reliability, observability, and security controls
AI Agent Trust & Governance

Arcade vs Merge Agent Handler: differences in tool execution reliability, observability, and security controls

8 min read

Most teams evaluating Arcade against Merge’s Agent Handler are wrestling with the same thing: “Which one actually gives me reliable tool execution, usable observability, and security controls my security team won’t block?” This FAQ breaks down the differences directly through those three lenses, with a bias toward what matters in production: can your agents safely take real actions across systems like Google Workspace, Slack, and Salesforce, with user-specific permissions and a clear audit trail?

Quick Answer: Arcade is an MCP runtime focused on production-grade tool execution, user-specific authorization, and end-to-end observability for multi-user agents. Merge Agent Handler is an orchestration layer over Merge’s unified APIs; it simplifies API access but doesn’t give you the same depth of runtime controls, auth model, or tool reliability patterns that Arcade is built around.

Frequently Asked Questions

How is Arcade different from Merge Agent Handler for production AI agents?

Short Answer: Arcade is the runtime between AI and action, built specifically for multi-user agents with user-specific permissions, tool reliability, and governance. Merge Agent Handler is a layer to let LLMs call Merge’s unified APIs, but it’s not a full MCP runtime or authorization system for user-scoped actions across your stack.

Expanded Explanation:
Merge Agent Handler is valuable if what you want is: “Let my agent talk to a normalized CRM/ATS/HRIS API via Merge.” It handles mapping across vendors and gives you a unified schema. But it largely assumes you’re still handling the hard runtime problems: who is this agent acting as, how do we scope permissions per user, how do we gate risky actions, and how do we observe and govern everything over time?

Arcade starts from the opposite direction: your agent is only useful when it can safely send a Gmail email, create a Google Calendar event, post to Slack, or update Salesforce for individual users—with their own permissions—not via a single shared service account. So Arcade provides an MCP runtime that handles user-auth, scoped OAuth, tool schemas, execution reliability patterns, and system-wide observability. Merge solves “unified data/API.” Arcade solves “secure, multi-user agent actions in real systems.”

Key Takeaways:

  • Merge Agent Handler is integration-centric; Arcade is agent-runtime-centric.
  • Arcade bakes in user-specific authorization, tool governance, and observability as first-class primitives, not afterthoughts.

What does the tool execution flow look like in Arcade versus Merge Agent Handler?

Short Answer: With Merge Agent Handler, the agent calls tools that wrap Merge’s unified APIs; you’re responsible for most runtime patterns. With Arcade, tools are MCP-native, executed via a dedicated runtime with built-in auth, retries, and isolation—so agents move from chat to action without you rebuilding the plumbing.

Expanded Explanation:
In Merge Agent Handler, the “tool” is essentially: “Call Merge’s unified API for CRM/ATS/etc.” Execution is an API wrapper pattern: the LLM calls a tool, the tool hits Merge’s API, and you glue everything together. Reliability patterns—idempotency, timeout handling, backoff, side-effect confirmation—are mostly your problem. For many prototypes, that’s fine. For multi-user production agents, it’s where things start breaking at 2 a.m.

Arcade flips this by providing agent-optimized MCP tools and a runtime designed for reliable execution. Tools like Google.SendEmail, Google.CreateEvent, Gmail.ListEmails, Slack.PostMessage, etc., are executed remotely via Arcade with real user auth, scoped permissions, and clear schemas tuned for LLM usage. The runtime enforces permission gates, handles auth renewals, and centralizes execution telemetry. You write less glue code and avoid the brittle “model calls random HTTP endpoints” pattern.

Steps:

  1. With Merge Agent Handler:

    • Configure Agent Handler to expose Merge’s unified API endpoints as tools.
    • The LLM invokes these tools; your backend hits Merge’s API.
    • You implement your own reliability and auth patterns around this.

  2. With Arcade’s MCP runtime:

    • Attach Arcade’s MCP tools (e.g., Gmail, Google Calendar, Slack) to your agent.
    • Use Arcade’s SDK (auth.start, wait_for_completion) to establish user-specific auth.
    • Let Arcade’s runtime execute tools with scoped OAuth and built-in reliability controls.

  3. Operationally:

    • Merge = you’re building a custom runtime around a unified API.
    • Arcade = you’re plugging into a purpose-built runtime that already understands agents, tools, and user identity.

How do Arcade and Merge Agent Handler differ on reliability for tool calls?

Short Answer: Merge Agent Handler makes it easier to call a unified API but leaves reliability patterns to you; Arcade’s entire MCP runtime is designed to make tool execution predictable, composable, and resilient at scale.

Expanded Explanation:
Reliability isn’t just “does the HTTP call return 200?” It’s: did the right action happen in the right system, for the right user, with the right side effects, and can we guarantee that behavior across thousands of agent runs?

Merge standardizes vendor APIs, which reduces a class of errors (vendor differences, inconsistent schemas), but it doesn’t give you an opinionated runtime for:

  • Structured tools with schemas tuned for LLMs.
  • Guardrails around side-effecting operations.
  • Retries, backoff, and status tracking per tool call.
  • Execution isolation per user and per agent.

Arcade is built as the missing MCP runtime layer. The focus is on making tools agent-safe: descriptive schemas, strict input/output validation, execution tracing, and lifecycle management across tools and agents. When an agent calls Google.SendEmail, Arcade knows exactly which user it’s acting as, what scopes were granted, how to handle auth refresh, and how to log the full lifecycle of that call.

Comparison Snapshot:

  • Option A: Merge Agent Handler
    • Reliability centered on unified data and normalized APIs.
    • Tool execution patterns and safeguards are DIY in your app code.
  • Option B: Arcade MCP runtime
    • Reliability centered on tool execution for agents: schemas, retries, permission gates, and runtime isolation.
    • Designed specifically for multi-tool, multi-user agents running in production.
  • Best for:
    • Merge Agent Handler: teams whose primary problem is “normalize vendor CRM/ATS/etc. APIs” and who are okay building their own agent runtime.
    • Arcade: teams whose primary problem is “run production agents that reliably take actions across Gmail, Calendar, Slack, GitHub, Salesforce, etc., for many users.”

How do observability and governance compare between Arcade and Merge Agent Handler?

Short Answer: Merge gives you API-level logs and dashboards around unified data access; Arcade gives you agent- and tool-level observability, plus lifecycle governance across every tool, user, and deployment.

Expanded Explanation:
With Merge, you get visibility into API calls made through their unified endpoints: good for tracking integration usage, rate limits, and vendor-specific behavior. But in an agent world, you usually need more context:

  • Which agent initiated this tool call?
  • Which user did the agent act as?
  • What was the prompt/context that led to this action?
  • How often does this tool fail/retry per agent version?
  • Who approved/authorized this capability?

Arcade’s runtime is built around this kind of observability. It treats agent runs, tool calls, and auth flows as first-class entities that can be inspected, logged, and audited. That means:

  • Per-tool, per-agent telemetry.
  • Audit trails of who did what, when, and in which system.
  • Configuration and governance across tools—what’s enabled, where, and under what policies.
  • Visibility that security and platform teams can use to approve and monitor deployments.

Instead of scattering logs across your LLM provider, your HTTP client, your auth system, and your integration layer, Arcade centralizes the responsibility of “what did the agent do” into a single MCP runtime.

What You Need:

  • With Merge Agent Handler:
    • Your own logging and tracing layer mapping LLM prompts → tools → Merge API calls.
    • Your own governance model over which tools are exposed and when.
  • With Arcade:
    • An Arcade account and MCP runtime deployment (cloud, VPC, on-prem, or air-gapped).
    • Your agents wired up to Arcade tools, so all tool execution flows through a single observable runtime.

How do security and authorization models differ between Arcade and Merge Agent Handler?

Short Answer: Merge Agent Handler helps your agent access unified APIs, typically via server-side credentials; Arcade enforces user-specific permissions, scoped OAuth, and zero token exposure to LLMs, with RBAC, SSO/SAML, and audit logs for security teams.

Expanded Explanation:
Most agent stacks break in security reviews because they hinge on service accounts, long-lived refresh tokens, or opaque access patterns that don’t align with how enterprises think about identity and authorization. Merge solves vendor normalisation, not your internal authorization story.

Arcade is explicitly designed as “Secure Agent Authorization.” Agents act with user-specific permissions—not service accounts—and Arcade integrates with existing OAuth and identity provider flows. The runtime handles:

  • Scoped OAuth tokens per user and per tool.
  • Just-in-time auth prompts (auth.start, wait_for_completion).
  • Zero token exposure to LLMs: credentials never land in the model context.
  • Tenant isolation, RBAC, SSO/SAML, and audit logs, so security has a clean mental model for what agents can and can’t do.

That’s the difference between “the agent can hit an API” and “the agent can safely send email as the right user, with auditable authorization and revocation.”

Why It Matters:

  • Impact 1: You avoid the service-account trap where one compromised token equals “god mode” over customer data or production systems.
  • Impact 2: You can actually pass security review and scale to multi-team, multi-tenant deployments without rebuilding auth and permissioning for every new agent or tool.

Quick Recap

When you strip away the marketing, Merge Agent Handler and Arcade solve different layers of the stack. Merge Agent Handler is about giving your agent a clean way to talk to unified SaaS APIs; reliability, observability, and authorization are mostly your responsibility. Arcade is the missing MCP runtime layer between AI and action, designed so agents can reliably execute tools with user-specific permissions, full observability, and explicit governance across Gmail, Calendar, Slack, GitHub, Salesforce, and more. If your main risk is “our agents can’t safely take real actions in production,” Arcade is the piece you’re missing.

Next Step

Get Started

Back to AI Agent Trust & Governance

Keep Reading

More from AI Agent Trust & Governance

Best way to implement “act as user” OAuth for agents (Authorization Code + PKCE) without building token storage/rotation

Read more

Arcade Enterprise: who do I contact for SSO/SAML + audit logs + dedicated tenant, and what does the security review require?

Read more

Arcade setup: how do I configure an OAuth provider for Google Workspace so each user connects their own account?

Read more