/blog
Lessons
Long-form essays on production AI systems, LLM infrastructure, MCP connectors, security engineering, and the occasional CVE disclosure.
2026
CVE-2026-44429: Stored XSS on the MCP Registry Catalogue UI
5 min#security #cve #mcp #xss #disclosure
The official Model Context Protocol registry escaped HTML on the way out — but not quote characters. A publisher-controlled `websiteUrl` could break out of an `href` attribute and execute JavaScript on every catalogue visitor's session.
Developer Experience with Claude Code
10 min#ai #developer-tools #productivity #claude-code
How I integrated a terminal-native AI coding tool into my daily workflow — hooks, MCP servers, plan mode, and real-world lessons from months of daily use.
Building a Secure Content Hosting Service for AI-Generated Artefacts
5 min#architecture #security #mcp #node #typescript
How I built a dedicated hosting service that lets Claude publish rich HTML artefacts directly to production — covering subdomain isolation, dual authentication, MCP integration, and the security thinking behind it all.
301 vs 308 Redirects in Next.js
3 min#nextjs #seo #redirects
Next.js uses 308 Permanent Redirect by default. Learn why, how it differs from 301, and where the real SEO problems actually come from — redirect chains, not status codes.
Designing an AI-Native Content Publishing Pipeline
5 min#ai #mcp #architecture #automation
How we built a system that lets AI tools generate and publish structured content directly into production, turning publishing from a manual process into an infrastructure action.
Why Google Isn't Indexing Your Next.js Site (And How to Find Out in 3 Seconds)
7 min#nextjs #seo #vercel #open-source #web-development
You've spent weeks building your Next.js site. You've deployed to Vercel. Everything looks beautiful. There's just one problem — Google doesn't seem to know your site exists.
I Shipped a Fix. The PR Got Closed. And That's Exactly How Open Source Works Sometimes.
2 min#open-source #software-engineering #career
I fixed a real production bug in an open-source project, added tests, handled edge cases — and the PR still got closed. Not because the code was wrong, but because product decisions beat engineering.
Why Google Refuses to Index Your Next.js Site
4 min#nextjs #seo #vercel
You deploy your site, it loads fast, Lighthouse looks great — and yet Google refuses to index it. If you're building with Next.js on Vercel, this is far more common than you think.