weeklyfoo #134

weeklyfoo #134 is here: your weekly digest of all webdev news you need to know! This time you’ll find 32 valuable links in 5 categories! Enjoy!

🚀 Read it!

• The Agent Stack Bet: Most production agents today feature fragile session logic, shared service accounts, and weak security models — four architectural bets for the next generation of agentic systems by Addy Osmani / ai, engineering / 8 min read

📰 Good to know

• Introducing Claude Design: Anthropic’s new product for creating designs, prototypes, and presentations using Claude Opus 4.7 — available in research preview for Pro, Max, Team, and Enterprise by Anthropic / ai, design / 7 min read
• Claude Opus 4.7 System Prompt Changes: Claude’s system prompt changes from Opus 4.6 to 4.7 — less pushy, more concise, new browser and Office agent tools, expanded safety guidelines by Simon Willison / ai / 7 min read
• Six Levels of Dark Mode: Eight progressive methods for dark mode implementation — from basic HTML meta tags and CSS properties to advanced media queries and JavaScript color scheme switching by Matthias Beitl / css, frontend / 10 min read
• Vercel April 2026 Security Incident: A compromised third-party AI tool gave attackers access to sensitive Vercel customer data — Guillermo noted the attack was significantly accelerated by AI by Vercel / security / 7 min read
• Building a UI Without Breakpoints: Using flex calc(infinity) and container queries to build responsive layouts that naturally adapt without explicit media query breakpoints by Frontend Masters / css, frontend / 14 min read
• The AI Engineering Stack Cloudflare Built Internally: 93% of Cloudflare’s R&D uses AI tools built on their own platform — MCP servers, access layer, and agent tooling pushed weekly merge requests from 5,600 to over 8,700 by Cloudflare / ai, engineering / 23 min read
• Managing Context in Long-Run Agentic Applications: Slack Engineering on maintaining alignment across complex long-running agent systems — techniques for balancing continuity and creativity in multi-agent teams by Slack Engineering / ai, engineering, agents / 17 min read
• OWASP NPM Security Best Practices: Continually updated checklist covering lifecycle script disabling, typosquatting, trusted publishing, and dependency confusion by OWASP / security, npm / 22 min read
• I Don’t Want Your PRs Anymore: An open source maintainer closes external PRs in favor of LLM-generated code — future contributions should focus on feedback, architecture, and bug reports by dpc.pw / ai, engineering, open-source / 5 min read
• Making Your Site Visible to LLMs: 6 Techniques That Work, 8 That Don’t: Practical guide to LLM discoverability — structured data, llms.txt, clean semantic HTML, and eight techniques that actually don’t help by Evil Martians / ai, seo, frontend / 20 min read
• AI-Generated UI Is Inaccessible by Default: AI tools produce React components that look correct but fail screen readers — div soup with no roles, keyboard support, or ARIA state because models optimize for visual fidelity while ignoring the accessibility tree by Frontend Masters / ai, accessibility, frontend / 21 min read
• Rspack 2.0: Rust-powered webpack-compatible bundler ships v2.0 with significantly faster builds, improved ESM output, and broad framework support across Next.js, Vue, Svelte, and Solid by Rspack / javascript, tools, performance / 18 min read
• Details That Make Interfaces Feel Better: Small UI polish details that compound into better-feeling interfaces — balanced text wrapping, concentric border radius, tabular numbers, interruptible CSS transitions, and more by Jakub / css, frontend / 10 min read

🧰 Tools

• MDV: Markdown superset with embedded charts, KPI cards, and data visualizations using declarative syntax — renders to self-contained HTML or PDF with a VS Code live preview extension by drasimwagan / markdown, tools, github
• Slop Cop: Browser-based writing editor that flags rhetorical and structural patterns common in generic LLM prose by awnist / ai, writing, tools
• Yuku: High-performance JavaScript/TypeScript compiler and toolchain written in Zig — 100% JS spec compliant by Yuku Toolchain / javascript, typescript, tools, github
• Claude Context: MCP plugin that gives AI coding agents deep codebase understanding — indexes millions of code lines with vector search and AST-based chunking to cut token usage by Zilliz / ai, tools, mcp, github
• Cloudflare cf CLI: Preview of Cloudflare’s new CLI tool for working with its various services — local dev and resource explorer features by Cloudflare / tools, cloudflare
• Laws of Software Engineering: Collection of 56 principles and patterns that shape software systems, teams, and decisions by Community / engineering, tools
• Is It Agent Ready?: Scan any website to check how well it’s structured for AI agent access — checks llms.txt, structured data, and agent-readable content by Is It Agent Ready / ai, tools, agents
• Argent: Agentic toolkit for AI assistants to autonomously control, profile, and debug iOS Simulators with native React Native support — operates locally without data collection by Software Mansion / ai, tools, ios, github
• Broccoli: Converts Linear tickets into GitHub Pull Requests using AI models like Claude and Codex — runs entirely in your own Google Cloud project for privacy with automated planning, implementation, and code reviews by BeSImple / ai, tools, github
• aube: New Node.js package manager from the creator of mise — drop-in replacement for npm with raw performance focus and security-conscious defaults by Jeff Dickey / node, tools
• Agent Vault: Open-source HTTP credential proxy that prevents AI agents from handling sensitive API keys directly — transparently injects credentials at the network layer to block exfiltration and prompt injection by Infisical / ai, security, tools, github
• Portless: Replace port numbers with named local URLs for local development — cleaner URLs for multi-service dev environments by Vercel Labs / tools, github
• TSRX: TypeScript language extension described as a spiritual successor to JSX — compiles to React, Preact, Solid, and Ripple with control flow, scoped styles, and a live playground by Dominic Gannaway / typescript, javascript, tools
• React Arborist 3.5: Tree view component for React with folders, drag and drop sorting, filtering, and keyboard navigation — the VS Code sidebar experience in one component by James Kerr / react, tools, github

🤪 Fun

• Liquid Glass WebGL Effects for HTML: WebGL-powered glass refraction and blur effects for any HTML element — reproduce iOS 26’s liquid glass aesthetic with an interactive playground by Yassine Bouanane / webgl, css, fun / 13 min read

📺 Videos

• Designing The Next Flow State: Amelia Wattenberger on the missing abstraction in AI coding — a living spec, a markdown document between you and the agents as the shared source of truth by UX Tools / ai, design, engineering
• The Future of MCP: MCP co-creator David Soria Parra on what agents look like in 2026 — connectivity as the key abstraction, skills and MCP as the integration stack, and why 2026 is the year agents go to production by David Soria Parra / ai, mcp, agents
• Agentic Design: Video essay for designers building agent harnesses — how stochastic, scholastic, and deterministic design represent fundamentally different bets on design labor and who owns the final artifact by UX Tools / ai, design