Model Context Protocol (MCP)
An open protocol that lets AI assistants call external tools, fetch resources, and read prompts in a standard way.
MCP, the Model Context Protocol, is an open standard that lets AI assistants and IDE agents call external tools, fetch resources, and read prompts in a standard way. Introduced by Anthropic in late 2024 and adopted by every major AI assistant (Claude Code, ChatGPT custom connectors, OpenAI Codex CLI, Cursor, Continue, Cline) through 2025–2026. MCP servers expose tool calls over stdio or streamable HTTP; clients call them the same way a browser speaks HTTP. Stacktree ships an MCP server (stacktree-mcp on npm) with seven tool calls for publishing HTML.
LLM artifacts (agent artifacts)
The self-contained outputs an AI agent produces as it works: specs, status reports, dashboards, diagrams, slide decks, and PR writeups, usually as a single HTML file.
LLM artifacts, also called agent artifacts, are the self-contained outputs an AI agent produces while it works: specifications, status reports, dashboards, data visualizations, diagrams, slide decks, and PR writeups. They are usually a single HTML file, because HTML is the one format that renders interactively in any browser without a build step. As long-horizon agent sessions become common, these artifacts are how a human surfaces and reviews what the agent did, which makes them the verification surface for agent work rather than a throwaway side effect. Stacktree exists to host them: the agent calls publish_html, the artifact gets a private link, and a human opens it to check the work.
Verification surface
The rendered output a human reviews to check what an autonomous agent actually did. As agents run longer, the artifact becomes the place trust is established.
A verification surface is the human-readable output a person reviews to confirm what an autonomous agent did. When an agent runs for minutes or hours without supervision, the chat transcript is too long to audit; the artifact it produces (a report, a dashboard, a diff) is what a human actually opens to decide whether to trust the result. As agent autonomy increases, structured visual output stops being a nice-to-have and becomes the control point. Private-by-default hosting matters here because that artifact often contains real data and should be shareable with a reviewer without being exposed to the public web.
Deploy vs publish
Deploying ships a project through a build pipeline to a hosting environment; publishing takes one finished file and returns a URL. Agent-emitted HTML wants publish, not deploy.
Deploy and publish are often used interchangeably, but they describe different operations. To deploy is to ship a project: you connect a repository, run a build command, and a platform (Netlify, Vercel, Cloudflare Pages) serves the output, usually with previews, rollbacks, and a project to maintain. To publish is to take one finished artifact and get a URL back, with no project model and no build step. When an AI agent like Claude Code writes a single HTML file (a report, a dashboard, a spec), deploying it is overkill: there is no project, the file is done, and you want a private link in one tool call. That is publishing. Stacktree is a publish primitive; Netlify, Vercel, and Cloudflare Pages are deploy platforms. The right verb depends on whether the unit of work is a maintained project or a finished file.
Publish primitive
A single API call that takes a finished artifact and gives it a URL — no project model, no build pipeline, no deploy ceremony.
A publish primitive is the smallest possible verb that turns "I have a file" into "I have a link." It deliberately omits project models, build pipelines, branch previews, and deploy ceremonies. Stacktree's publish_html tool call is one. Pastebin (in spirit) is one. The contrast is with project-shaped hosting (Vercel, GitHub Pages, Netlify) where the unit of work is "a thing your team maintains for a year" rather than "a thing an agent wrote five minutes ago."
Agent-loop hosting
A static-HTML hosting model where the URL is stable across revisions. The agent calls one tool to publish, then update_site every time it revises.
Agent-loop hosting is a publishing model designed for the way AI agents work: by revising the same artifact many times in a single session. The hosting service guarantees that the URL stays stable across revisions, so the link a human bookmarked at minute 1 still shows the latest version at minute 30. Stacktree exposes this as update_site, an MCP tool call that swaps the content under an existing slug atomically. Most other static hosts make every upload a new URL (Tiiny Host on free tiers, S3 pre-signed URLs) or force a rebuild that bumps cache (GitHub Pages, Vercel) — both break agent iteration patterns.
Replace-in-place URL
A URL whose content can be swapped atomically without the URL itself changing. The viewer's bookmark survives every revision.
A replace-in-place URL is one whose content can be swapped atomically without the URL changing. In Stacktree, this is the contract behind update_site: the R2 object is replaced, the edge cache is purged, and the URL serves the new content on the next request. The same primitive that makes a Notion page or Linear ticket useful as a bookmark — you save it once, the underlying state evolves — applied to static HTML output from AI agents.
Unguessable URL
A URL whose path contains enough entropy that it cannot be discovered by enumeration. The link itself is the credential.
An unguessable URL is one whose path contains enough cryptographic entropy that it cannot be discovered by enumeration. The link itself functions as the credential — knowing the URL is sufficient to view the content; not knowing it is sufficient to be locked out. Stacktree mints unguessable slugs by default (around 128 bits of entropy). Stronger access controls (shared password, email-domain gate, end-to-end encryption) can be layered on top per link.
Private-by-default hosting
A hosting model where the URL is not publicly discoverable by default. Privacy is the floor, not a paid bolt-on.
Private-by-default hosting is a static-site hosting model where the URL is not publicly discoverable, search-indexable, or AI-trainable by default. Privacy is the baseline; opening a site to the public web is opt-in. Stacktree treats every published URL this way and additionally serves X-Robots-Tag: noai, noimageai on every response so even leaked URLs are excluded from AI training corpora. This contrasts with public-by-default hosts (GitHub Pages, Netlify, Pastebin) where privacy is a paid feature.
CSP defaults
A baseline Content-Security-Policy applied to every served page so that careless <script src> attributes cannot exfiltrate session data.
CSP defaults are a baseline Content-Security-Policy header applied to every served page by the host, without the publisher having to configure it. Agent-emitted HTML often embeds inline scripts; without a CSP default, a careless <script src> can exfiltrate cookies, local storage, or session data from the viewer. Stacktree applies a sensible CSP on every response so publishers and agents do not have to remember to. The header is customisable per site for cases that need it (e.g. iframing trusted analytics).
End-to-end encryption (E2E)
AES-GCM encryption performed in the browser before upload, with the key stored in the URL fragment. The server only ever sees ciphertext.
End-to-end encryption (E2E) on a publishing primitive means the browser encrypts the HTML with AES-GCM before sending, and the decryption key lives in the URL fragment — the portion after the # that browsers never send to servers. The server therefore stores only ciphertext. Anyone with the URL can decrypt; nobody without it can; and even Stacktree cannot read the artifact. Stacktree exposes this as e2e: true on upload. Useful for artifacts that embed real customer data or where you can't accept the host as a trust party.
llms.txt
A convention (llmstxt.org) for telling AI-assisted IDEs and MCP-aware clients where the high-signal pages on a site live.
llms.txt is an emerging convention from llmstxt.org for telling AI assistants and IDE agents where the high-signal pages on a site live. It lives at the site root, mirrors the role of robots.txt for human-driven crawlers, and lists important pages with one-line descriptions. Adoption among major AI training crawlers is low (per a 2025 SERanking study), but Cursor, Continue, Cline, and most MCP-aware clients do read it — which is precisely the audience Stacktree serves. Stacktree publishes both llms.txt and llms-full.txt (the deep variant with full prose).
Email-domain gate
An access control that restricts viewers to a specific email domain (e.g. @yourco.com). Viewers verify ownership via a magic link before the page renders.
An email-domain gate is a per-link access control that restricts viewers to people who can prove they own an email at a specified domain. Stacktree implements this by sending a magic-link verification email to the viewer's claimed address; only after they click through does the page render. The gate survives URL forwarding (the recipient still has to verify), which makes it stronger than a shared password for company-internal sharing.
MCP tool call
A function exposed by an MCP server that an AI assistant can call. Each tool has a JSON-Schema input, a name, and a structured output.
An MCP tool call is a function exposed by an MCP server that any MCP-compatible AI assistant can invoke. Each tool declares a name, a JSON-Schema input shape, and a structured output shape. The assistant calls them the same way browsers fetch URLs. Stacktree exposes seven: publish_html, update_site, set_expiry, set_password, set_email_gate, list_sites, delete_site.
AEO (Answer Engine Optimization)
The discipline of making content easier for AI systems (ChatGPT, Perplexity, Google AI Overviews, Claude) to interpret and cite when answering a user's question.
AEO — Answer Engine Optimization — is the discipline of making content discoverable, extractable, and citable by AI systems including Google AI Overviews, ChatGPT, Perplexity, Claude, and Copilot. Where traditional SEO aims to rank on page 1, AEO aims to be selected as the cited source in an AI-generated answer. The disciplines overlap heavily but AEO weights content structure, explicit definitions, named-expert quotes, and machine-readable metadata (schema.org, llms.txt) more heavily than backlinks.