Of course tool calling and MCP are not new. But the smart thing is that by defining the tools in the context of an authenticated request, one can easily enforce the security policy of the monolith.

In my case (we will maybe write a blog post one day), it's even neater as the agent is coded in Python so the php app talks with Python through local HTTP (we are thinking about building a central micro service) and the tool calls are encoded as JSON RPC, and yet it works.

I think the hardest for this kind of projects is to keep it active. Environments with a "global state" like this (everyone shares the same website) are ultimately limited to surges (seasonal events like Magnus vs The World or a single game of Twitch plays Pokemon) or to a recurring flow of new people.

Maybe having multiple "realms", so that there are not too many people in a single realm in case of virality, and the ability for people to spawn their own realms would be nice (think skribbl or Among Us) but then it would kind of be a Lovable and cost a lot to host the LLM. But since the html code is open source, local LLMs (like Gemini Nano embedded in Chrome) could theoretically do the editing. In that case, the web page should definitely be marked as even unsafer! I wonder how one could avoid the red flag of Chrome for pages that are deliberately made to host collaborative crap.

If deno has some perks during development, there must be a way to replace websocket with some other transport that works with webworkers for "production" builds.

But archive.org has the subscription popup...

https://web.archive.org/web/20250905062805/https://www.theve...