I write about Next.js + TypeScript + AI engineering, with a focus on making sites discoverable to LLMs and AI search. Long-form notes at mudassirkhan.me
The “accidental safety” framing is exactly right. Next.js API routes get user context almost for free — auth middleware just runs. Move the same logic into an MCP tool and every handler is a blank slate. We hit this with an agent workflow: three tools that looked fine in isolation shared a userId assumption that evaporated once the orchestrator called them in sequence without threading the session. Your schema contract is basically what the middleware was silently doing. How would you handle the approval boundary for bulk writes, optimistic reject or a separate confirmation tool?
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
The “accidental safety” framing is exactly right. Next.js API routes get user context almost for free — auth middleware just runs. Move the same logic into an MCP tool and every handler is a blank slate. We hit this with an agent workflow: three tools that looked fine in isolation shared a
userIdassumption that evaporated once the orchestrator called them in sequence without threading the session. Your schema contract is basically what the middleware was silently doing. How would you handle the approval boundary for bulk writes, optimistic reject or a separate confirmation tool?