I’m curious if anyone has considered (or is) putting a proxy/gateway in front of every MCP used by their company to “guardrail” data that goes in and out eg checks for sensitive PII, prompt infection, etc?
Readit Newsepec254 commented on The 5 Knights of the MCP Apocalypse foojay.io/today/the-5-kni... · Posted by u/saikatsg
epec254 commented on How we automated federal retirements ndstudio.gov/posts/automa... · Posted by u/caseysoftware
The key part IMO is buried in the article - there happened to be an existing, perfectly accurate database containing all the required info about each employee - the same info that previously had to be manually found for each retirement.
Without this, this effort would not have been possible.
> Fortunately, we stumbled on a critical clue. While poring over old documentation, we discovered that OPM actually had data warehouses that stored historic information about every federal employee. Apparently, these warehouses were created as part of a modernization effort in 2007, and HR and payroll offices all across government have supposedly been regularly reporting into it.
> For some reason however, this was not well known at OPM, and those that knew about it didn’t know what data it held, nor considered how it could be used to simplify retirement processing. Not many had seen the data, and administrators were initially resistant to sharing access.
> From a software perspective, this was the holy grail: a single source of truth that held all the information that the manual redundant steps were meant to review. Because the information was regularly reported by HR and payroll, by the time an employee retired, OPM should already have everything needed to process the retirement, without anyone re-entering or re-verifying information.
epec254 commented on A2UI: A Protocol for Agent-Driven Interfaces a2ui.org/... · Posted by u/makeramen
Right this makes sense, I wonder if it would then be a good idea to abstract html to JSON, making it impossible to include css and js into it
Curious to learn more what you are thinking?
One challenge is you do likely want JS to process/capture the data - for example, taking the data from a form and turning it into json to send back to the agent
epec254 commented on A2UI: A Protocol for Agent-Driven Interfaces a2ui.org/... · Posted by u/makeramen
I see how useful a universal UI language working across platforms is, but when I look at some examples from this protocol, I have the feeling it will eventually converge to what we already have, html. Instead of making all platforms support this new universal markup language, why not make them support html, which some already do, and which llms are already trained on.
Some examples from the documentation: { "id": "settings-tabs", "component": { "Tabs": { "tabItems": [ {"title": {"literalString": "General"}, "child": "general-settings"}, {"title": {"literalString": "Privacy"}, "child": "privacy-settings"}, {"title": {"literalString": "Advanced"}, "child": "advanced-settings"} ] } } }
{ "id": "email-input", "component": { "TextField": { "label": {"literalString": "Email Address"}, "text": {"path": "/user/email"}, "textFieldType": "shortText" } } }
A key challenge with HTML is client side trust. How do I enable an agent platform (say Gemini, Claude, OpenAI) to render UI from an untrusted 3p agent that’s integrated with the platform? This is a common scenario in the enterprise version of these apps - eg I want to use the agent from (insert saas vendor) alongside my company’s home grown agents and data.
Most HTML is actually HTML+CSS+JS - IMO, accepting this is a code injection attack waiting to happen. By abstracting to JSON, a client can safely render UI without this concern.
epec254 commented on A2UI: A Protocol for Agent-Driven Interfaces a2ui.org/... · Posted by u/makeramen
AGUI sounds similar:
https://github.com/ag-ui-protocol/ag-ui
Same team! AGUI uses a2UI as the protocol under the hood.
epec254 commented on A2UI: A Protocol for Agent-Driven Interfaces a2ui.org/... · Posted by u/makeramen
epec254 commented on A2UI: A Protocol for Agent-Driven Interfaces a2ui.org/... · Posted by u/makeramen
This sounds like a way to have the LLM client render dynamic UI. Is this for use during the chat session or yet another way to build actual applications?
Google PM here. Right now, it’s designed for rendering UI widgets inline with a chat conversation - it’s an extension to a2a that lets you stream JSON defining UI components in addition to chat messages.
I LOVE this, exactly what I’ve been looking for.
Here’s the issue - all my meetings have confidential, sensitive info. I can’t use a version you host (or well, I could, but you won’t be willing to do the 6 month security review I need).
Can you give me a version I can host (or run locally) and I give you some $ one time or per year?