HackerTrans
TopNewTrendsCommentsPastAskShowJobs

muhammad-shafat

no profile record

Submissions

Show HN: Stop returning raw JSON from MCP servers, build rich inline UIs

medium.com
11 points·by muhammad-shafat·الشهر الماضي·5 comments

Show HN: AI Agents Need Inspectable State. That's Why I Built LangMCP

medium.com
2 points·by muhammad-shafat·الشهر الماضي·2 comments

Show HN: The Agent Skills Standard – A modular approach to LLM context

medium.com
3 points·by muhammad-shafat·قبل 4 أشهر·0 comments

Show HN: The re-centralisation of AI Agents

medium.com
1 points·by muhammad-shafat·قبل 4 أشهر·0 comments

Show HN: Investigating why GPT-5 has made ChatGPT 'broken'

muhammadasmulkana.substack.com
1 points·by muhammad-shafat·قبل 8 أشهر·0 comments

comments

muhammad-shafat
·الشهر الماضي·discuss
I get where you’re coming from, but there are some security practices in place. The host client renders views inside a strictly sandboxed `<iframe>`. Any action the UI wants to take must pass an auditable message back to the host application, which triggers an explicit user-permission prompt.
muhammad-shafat
·الشهر الماضي·discuss
I stumbled onto this capability while using the Spotify MCP App inside Claude. a fully functional, interactive playlist an dmusic player widget spin up inline, instead of a standard markdown list of text links. It turns out this is built on the official MCP Apps spec extension that Anthropic and OpenAI standardized a few months back. It lets your server declare a ui:// URI, which the host grabs and mounts inside a sandboxed iframee. Core mcp blew up overnight, but this extension still feels pretty underground. It makes me wonder if we're heading toward a weird shift where AI agents become the primary browsers of the web, and front-end dev becomes about building micro-widgets for LLMs instead of humans.