HackerTrans
TopNewTrendsCommentsPastAskShowJobs

miguelspizza

no profile record

Submissions

Show HN: Forcing Claude Code to Write Maintainable TypeScript

github.com
4 points·by miguelspizza·há 3 meses·2 comments

Token Issuer Metadata: A Proposal for Config-as-Code SSO

docs.meetchar.ai
1 points·by miguelspizza·há 6 meses·0 comments

Show HN: Using WebMCP to make the CDP MCP server 90% more token efficient

github.com
4 points·by miguelspizza·há 7 meses·2 comments

comments

miguelspizza
·há 15 dias·discuss
I used this for a POC analytics dashboard for a client recently.

Very very good, nice work.

What are your plans for the library?
miguelspizza
·há 18 dias·discuss
What’s ironic about this is they technically already shipped a looser version. The entire cf api is exposed as an MCP server which supports OAuth and dynamic client registration.

Not sure why they don’t just support DCR or CIMD for this too
miguelspizza
·há 22 dias·discuss
Happy to see WebMCP adoption and a standards first framework.

The argument for react has always been dev velocity and ecosystem. But with AI the best web experiences will be as close to the “metal” as possible
miguelspizza
·mês passado·discuss
I have been working full time in the MCP (& WebMCP) space for about a year now. Half consulting half spec work.

The article is semi right. Local MCPs that are made by enthusiasts wrapping an api they don’t own? Yes that is dead and should never have been a thing in the first place.

But MCP in its current direction and form is really an OAuth Protocol over http. And it has something other that other agent identity protocols don’t: client adoption
miguelspizza
·há 2 meses·discuss
I’m not sure why this is getting so much hate. This is the future people, AI is a primitive of modern software, just be thankful chrome ships this locally
miguelspizza
·há 5 meses·discuss
I’ve spent the past few months working with and implementing OAuth.

This might the best collection of resources:

https://github.com/ryanspletzer/oidc-oauth-spec-graph
miguelspizza
·há 7 meses·discuss
We actually have this with the permissions API. The issue is everyone just opts for longer approval times and less intrusive UX with manifest level permissions.

I agree though, runtime permissions should be the default
miguelspizza
·há 7 meses·discuss
Hate to say it but this sounds like a skill issue. The reason Typescript monorepos are gaining popularity for building with AI is because of how powerful TS's inference system is. If you are writing lots of types you are doing it wrong.

You declare your schema with a good TS ORM then use something like TRPC to get type inference from your schemas in your route handlers and your front end.

You get an enforced single source of truth that keeps the AI on track with a very small amount of code compared to something like Java.

This really only applies to full stack SAAS apps though.
miguelspizza
·há 7 meses·discuss
Clojure is such an underrated language for vibe coding for this very reason.

Makes me wonder what a theoretical “best possible language for vibe coding” would look like
miguelspizza
·há 7 meses·discuss
Not sure where you heard this but general sentiment is the opposite.

There was recently a conference which was themed around the idea that typescript monorepos are the best way to build with AI
miguelspizza
·há 9 meses·discuss
The agent mode is really disappointing. I thought OpenAI would try to be more innovative with how the agent interacts with webpages, but it looks like it's the same DOM parsing and screenshot workflow the rest of the AI browser agents use. Giving the agent full access to the page is a recipe for disaster.

We have better tools for this now. This is a draft video I put together for the W3C demoing WebMCP. It blows their agent mode out of the water, and you can even use in-browser models for inference (see the end of the video)

https://screen.studio/share/hbGudbFm

I've been working on this full-time after putting out the MCP-B/WebMCP Hacker News post.

https://news.ycombinator.com/item?id=44515403
miguelspizza
·há 9 meses·discuss
WebMCP essentially turns your website into an MCP server. Which means it is kind of like building a UI for the LLM that lives alongside the human UI.

It's also a contract for how LLM's interact with a website, they can do no more than the tools allow them to do. When you are running javascript on the page, the entire website is an attack surface.

Let's take gmail, for example. There is no way to protect your webpage from an agent running a script that sends an email by triggering the send email button. But with WebMCP, you can explicitly disable the "send_email" tool when the agent interacts with gmail.
miguelspizza
·há 9 meses·discuss
It's more providing permission granularity on the action level rather than the sandbox level. Your script might not be able to make external api calls, but there is no way to gate the ability to take destructive action within the webpage.

With something like WebMCP you get elicitation and the ability to disable tools from the client.
miguelspizza
·há 9 meses·discuss
Hey glad to see Jason getting the credit he deserves! He was grokking WebMCP long before anyone else.

If anyone wants to test out WebMCP, you can go to: https://webmcp.sh/ (this is a WebMCP server)

With the MCP-B chrome extension (this is a WebMCP client): https://chromewebstore.google.com/detail/mcp-b-extension/dao...

and use it to call WebMCP tools
miguelspizza
·há 9 meses·discuss
> The other part is the cohesive interface for the agent itself to use these selectors

We are incubating this over at the WebMCP web standard proposal. You can see the current draft of explainer for the declarative API. https://github.com/webmachinelearning/webmcp/pull/26

Also, great work on the browser agent, this is the best of the DOM parsing/screenshot agents I've used. I was really impressed with the wordle example
miguelspizza
·há 10 meses·discuss
I wrote #2 as a result of a web automation tool I a working on. It's easier to show than tell.

This is a video of me "vibe-coding" a userscript that adds a darkmode toggle to hacker news: https://screen.studio/share/r0wb8jnQ

The actual purpose of the vibe-coding userscripts feature is to vibe code WebMCP servers that the extension can then use for browser automation tasks.

Everything is still very WIP, but I can give you beta access if you want to play around with it
miguelspizza
·há 10 meses·discuss
I left my job to work on my side project (MCP-B: https://news.ycombinator.com/item?id=44515403) full time. I set out with the goal of making the ability to vibecode a webMCP server for your website and inject it via userscript.

While building that, I basically wrote a modern version of Tampermonkey with its own marketplace built in. So you can vibe code any userscript and publish it to the marketplace all within the extension.

The automation stuff is still the core value-prop, but this is a fun bonus feature while I work on solidifying the automation features.

I'm writing a HN post for it. Excited to show everyone in a couple weeks here.
miguelspizza
·há 10 meses·discuss
Hey I wrote MCP-B and am about to do another launch here in a week or so. The product is a browser agent which does browser automation sudo-deterministically over WebMCP.

https://news.ycombinator.com/item?id=44515403

I’d love to give your beta access and get your thoughts if you are up to give it a run on the task you want automated.

Shoot me an email if you are interested

alex(at)mcp-b.ai
miguelspizza
·há 10 meses·discuss
Can we run it in the browser via WASM?
miguelspizza
·há 11 meses·discuss
The Primary client for WebMCP enabled websites is a chrome extension like Claude Chrome. So the human is still there in the loop looking at the screen. MCP also supports things like elicitation so the website could stop the model and request human input/attention