Engineering Blog

Technical insights into multi-agent orchestration, local protocols, and
developer-centric terminal workflows.

A legitimate MCP server with two trust levels is the exploit

A legitimate MCP server with two trust levels is the exploit

The dangerous MCP server isn't the malicious one — it's the convenient all-in-one that reads untrusted data and holds privileged access to a second system. Scope it, gate the writes, and you close the confused-deputy attack.

The best prompt you'll ever write is the one you delete.

The best prompt you'll ever write is the one you delete.

An agent that waits for you to remember to ask it is a toy. Wire a deterministic event to a headless run that reads your rules, and the routine context work fires on its own — with your conventions already baked in.

An Agent Gets Worse Long Before Its Context Window Fills Up

An Agent Gets Worse Long Before Its Context Window Fills Up

Stop fighting the context limit with a bigger window. Write an exhaustive plan to a file, then run a relay of fresh sessions that each tick off items — so a migration too big for any single context still ships coherently.