Hacker Neue

Preferences
vessenes parent
This is great. As someone who has made a few MCP servers in the last few months, MAN this spec moves fast; well ahead of Anthropic's internal support for it, and well ahead of documentation for implementation. It's like the Javascript community suddenly got automatic code creation agents, and went to town..

That said, the original spec needed some rapid iteration. With https support finally in relatively good shape, I hope we'll be able to take a year to let the API dust settle. Spec updates every three months are really tough, especially when not versioned, thoroughly documented, or archived properly.

zackify
It has been moving fast.

One weird thing I found a few weeks ago, when I added my remote MCP to Claude's integration tab on the website, I was getting OAuth errors.

Turns out they are requiring a special "claudeai" scope. Once I added that to my server, I was able to use it remotely in claude desktop!

I couldn't find any docs or reasons online for them requesting this scope.

Also, I have been using remote mcps in claude code for weeks with the awesome mcp-remote proxy tool. It's nice to not need that any longer!

Then as I'm writing a book currently on MCP Servers with OAuth, Elicitations come out! I'm rushing to update this book and be the best source for every part of the latest spec, as I can already see lots of gaps in documentation on all these things.

Huge shout out to VS Code for being the best MCP Client, they have support for Elicitations in Insiders already and it works great from my testing.

rattray
For the curious and lazy, said book appears to be https://leanpub.com/creatingmcpserverswithoauth

For more curious and lazy people -- what are elicitations?

zackify
Just call them “web forms” for LLMs.

You can ask the client to fill in a dropdown or input.

Example they give is a restaurants table booking tool.

Imagine saying book a table at 5pm. But 5pm is taken.

You can “elicit” the user and have them select from a list of available times

vessenes OP
This is an extremely helpful bit of information about Oauth scope. THANK YOU
stingraycharles
Yeah, security really is an afterthought with most of these tools, but man the community is moving insanely fast — probably because most of these people are using these automation tools to develop their MCP servers in the first place.

It’s interesting to see other tools struggling to keep up. ChatGPT supposedly will get proper MCP client support “any day now”, but I don’t see codex supporting it any time soon.

Aider is very much struggling to adapt as well, as their whole workflow of editing and navigating files is easily replaced by MCP servers (probably better as well, as it provides much effective ways of reducing noise vs signal), so it’ll be interesting to see how tools adapt.

I’d love for Claude Code (or any tool for that matter) to fully embrace the agentic way of coding, e.g. have multiple agents specialize in different topics and some “main” agent directing them all. Those workflows seem to be working really well.

ljm
The real security issue is around the use of ‘YOLO mode’ where you just let the agent invoke tools in a completely unattended manner. It’s not much different than slapping sudo in front of every shell command or running as root.

People are going to continue doing that because these agentic tasks can take some time to run and checking in to approve a command so often becomes an annoyance.

I can’t see a way around that except to have some kind of sandboxing or a concept of untrusted or tainted input rather than treating all tokens as the same. Maybe a way of detecting if the response of a tool is within a threshold of acceptability within the definition of the MCP (which is easier with structured output), which is used to force a manual confirmation or straight up rejection if it’s deemed to be unusual or unsafe.

samcat116
> I can’t see a way around that except to have some kind of sandboxing or a concept of untrusted or tainted input rather than treating all tokens as the same. Maybe a way of detecting if the response of a tool is within a threshold of acceptability within the definition of the MCP (which is easier with structured output), which is used to force a manual confirmation or straight up rejection if it’s deemed to be unusual or unsafe.

I think we are starting to see these remote agent environments where each agent session gets its own sandbox environment to run things in. I bet thats where this is going.

alvis
It's indeed an issue. I love codex that it contains everything in a sandbox and I can review what has changed. It's proper and I've much better idea what's going on.

That said, I ditched codex for claude code... Sorry open ai. No MCP and no way to interact during execution is a huge drawback.

wunderwuzzi23
ChatGPT Codex has internet access since a few weeks ago. It's super configurable on where it can connect to.
anuramat
anthropic provides a custom devcontainer for sandboxing, but I have fallen in love with bubblewrap - it's a single command, and I get to keep all the infrastructure: e.g. it can do nix flakes without duplicating every derivation
Maxious
https://github.com/ruvnet/claude-code-flow adds some of the multiagent features ontop
stingraycharles
Yeah that’s what I’m experimenting with, but I think it’s overengineered, especially with the whole dogmatic SPARC approach. I’m personally a more minimalistic person, and I would prefer it to be natively integrated into the app and being able to define exactly the (system) prompts for each of the agents.
vessenes OP
The aider slowdown is a real bummer. I’d love to have Claude code UI with the model choice aider gets me, but I’m not willing to give up tool integration.
stingraycharles
There are a dozen of PRs that are not getting accepted, I’m using a custom Aider build and tested their MCP client support but it’s just not getting merged nor reviewed.
owebmaster
> The aider slowdown is a real bummer.

Quite ironic isn't it?

vessenes OP
I imagine he might be burned out. HUGE project, hundreds of issues. He started as a crazy productive solo dev (on this project at least). Now it's an important open source project.
CharlieDigital 

    > Javascript community suddenly got automatic code creation agents, and went to town.
I've been working on an MCP server[0] that let's LLMs safely and securely generate and execute JavaScript in a sandbox including using `fetch` to make API calls. It includes a built in secrets manager to prevent exposing secrets to the LLM.

I think this unlocks a lot of use cases that require code execution without compromising security. Biggest one is that you can now ask the LLM to make API calls securely because the JS is run in a C# interpreter with constraints for memory, time, and statement limits with hidden secrets (e.g. API keys).

The implementation is open source with sample client code in JS using Vercel AI SDK with a demo UI as well.

[0] https://github.com/CharlieDigital/runjs

jmsdnns
> Spec updates every three months are really tough, especially when not versioned, thoroughly documented, or archived properly.

Couldnt AI help with that..?

vessenes OP
Ironically the updates make it hard to get llm coding support for it. Very ironically.
rvnx
The crazy thing about things moving fast is that people bought Cursor for hundreds of millions when it is already outdated by Claude Code. Very foolish by the purchasers but very smart for the founders
diggan
I think this is why we're seeing founders selling so quickly with these startups. You could wait some weeks or months to sell higher, but seems chances are higher that whatever you've built is outdated by then so why risk it?
adhamsalama
Cursor was sold for hundreds of millions? Wasn't Windsurf sold for $3 billion? And Cursor is more popular.
adhamsalama
Cursor was sold for hundreds of millions? Wasn't Windsurf sold for $3 billion? And Cursor is more popular.

This item has no comments currently.