• Showcase
  • Pricing
  • Blog

I Asked Claude to Redesign My Homepage. It Did.

A futuristic city at sunset with flying cars — the agentic web, arriving

On July 12, 2026, we gave Claude access to StoryPress through our MCP server and asked it to redesign our homepage. It researched the market, read our component schema, screenshotted the live site, built a draft with an animated three.js hero, and wrote the post you are reading. Here is exactly what happened, including the part it got wrong, and the security architecture that made the whole experiment boring in the best possible way.

By StoryPress
Draft

The setup

StoryPress ships with an MCP server. MCP — the Model Context Protocol — is the open standard that lets AI agents operate software the way developers use APIs: structured tools, typed inputs, real results. Point Claude (or any MCP-capable agent) at your StoryPress site, grant it a session, and it can read your components, edit drafts, and screenshot the rendered result to check its own work.

We have been telling customers that this is where site management is heading. So on July 12, 2026, we ate the dog food in public. We opened a Claude session, connected it to storypress.app itself — the production marketing site for this company — and gave it a one-line brief: redesign the homepage.

Not "suggest some directions." Redesign it. Research, design, build, verify. The only rule: nothing goes live without a human clicking publish. That rule, it turns out, is the whole story. We will get there.

A note on what "access" meant, because scope is everything in these experiments: the agent held a session for this one site, with the ability to read schema and content, write drafts, and render screenshots. It could not touch billing, users, domains, or the publish button. Keep that scope in mind while reading the rest.

What it actually did

The full transcript is long. Here is the honest play-by-play, in the order it happened.

First, research. Before touching a single component, Claude fanned out a batch of web searches: competitor homepages, hero-section conventions, what a CMS landing page needs to say in 2026. It fetched sources, extracted claims, and cited them back to us. The same discipline applied to the blog posts it wrote later that day — every number linked to a source, every stat that would not verify dropped or softened.

Second, it read the theme. Through the MCP server it pulled our component schema — the field definitions for every block a StoryPress page can contain — plus the design tokens the theme exposes. It did not guess what our hero component looks like; it read the shape of the thing.

Third, it looked at the site. Literally. The MCP server includes a screenshot tool that renders the staging site in a real browser. Claude captured the current homepage, then captured annotated versions that overlay each component's name and position on the pixels, and worked from what it could see rather than what it assumed.

Fourth, it built. The centerpiece of the new draft is a three.js animated hero — a retro-futurist city at sunset, flying cars included — running inside a StoryPress freeform component. Freeform is our escape hatch for arbitrary HTML, CSS, and JavaScript, and it is deliberately caged; the cage is the subject of the section after next. Claude wrote the scene, matched the palette to our theme, and added a static fallback for visitors who prefer reduced motion.

Fifth, it wrote. Ten researched, linked blog posts drafted through the same connection — including, and we are aware of how this sounds, the one you are reading. An AI wrote the first-person account of an AI doing the work. Every word gets reviewed by a human before publish. That is the arrangement, and it does not get waived for meta-posts.

The part it got wrong

A walkthrough like this earns its keep with the failure, so here is ours.

Midway through the homepage build, Claude wrapped a section inside a container component that our schema does not allow at that level. The draft would not render. So it did what a decent junior developer does: took a screenshot, saw the breakage, went back to the schema, found the allowlist it had skimmed past, restructured the block, and re-verified with another screenshot. Total detour: minutes.

It is worth being precise about what happened there. The agent made a schema mistake. The platform refused to render the invalid structure. The agent's own verify loop caught it. And no visitor could ever have seen the broken state, because the entire exercise happened in a draft. That last part is not luck. It is the architecture.

Security posture: what the platform actually enforces

2026 has been a rough year for sloppy agent integrations, and we do not intend to add to the pile. In July 2025, JFrog disclosed CVE-2025-6514, a CVSS 9.6 remote-code-execution flaw in mcp-remote, a widely used MCP proxy (fixed in 0.1.16). In April 2026, researchers at OX Security documented a "by design" weakness in MCP's STDIO transport defaults that they tied to more than 7,000 publicly accessible servers (The Hacker News, April 20, 2026). And in May 2026, the NSA's Artificial Intelligence Security Center published a Cybersecurity Information Sheet on MCP security design considerations. When the NSA writes seventeen pages about your protocol, the honeymoon is over.

So "we let an AI edit our website" has to be followed, immediately, by "here is what it could not do." Four properties, all enforced by the platform rather than by promises:

  • Drafts and publishing are separate permissions. The agent's session could create and edit drafts. Publishing is a distinct capability, and a human holds it. The blast radius of a bad agent day is a bad draft.

  • Freeform scripts run in a sandboxed iframe. That three.js hero executes in a null-origin iframe under a strict Content-Security-Policy. It cannot read cookies, reach the parent page's DOM, or call arbitrary hosts.

  • Content is sanitized. Markup destined for the page passes through DOMPurify; scripts, iframes, and event-handler attributes are stripped before anything renders in the page itself.

  • A human approves what ships. Every artifact of this experiment sat in draft until a person reviewed it in the visual editor and published it deliberately.

None of this makes agent access risk-free — nothing does, and anyone who says otherwise is selling something. What it does is make the failure modes boring: a malformed draft instead of a compromised page, a rejected component instead of an injected script. Boring failure modes are the property to demand from any platform before you hand an AI the keys.

Why we bothered

Because the agentic web is arriving on its own schedule, not ours. Monthly downloads of the official MCP SDKs reached roughly 97 million by March 2026, up from about 2 million at the protocol's launch in November 2024, per figures tracked by Digital Applied citing Anthropic-reported numbers. For scale: by that tracking, React took about three years to reach a comparable monthly-download mark; MCP did it in sixteen months. Claude, ChatGPT, Copilot, Cursor, and VS Code all speak it now.

For a small business, this quietly redefines "managing a website." The old model was menus: learn the admin panel, find the setting, hope the plugin update does not break the theme. The new model is a sentence — "tighten the hero copy and swap the testimonial" — followed by reviewing a draft. The judgment stays with you. The clicking does not.

There is also a quieter benefit. A platform with no plugins to patch and no servers to babysit is exactly the kind of surface an agent can safely operate: fewer moving parts means fewer ways a well-meaning automation can wander into an unpatched corner. Zero maintenance was always the pitch for humans. It turns out to be the prerequisite for machines.

Our position on pricing this is the same as our position on pricing everything: we meter real resources — bandwidth, storage — with plainly labeled caps, and we refuse to invent artificial ones. Agent calls are not a meter. Languages are not a meter either, which we wrote up in why we don't count languages. And the same shift changing how sites get built is changing how they get found; that half of the story is in Google kept the answer.

The short version

  • On July 12, 2026, Claude — connected through the StoryPress MCP server — produced a complete homepage redesign draft and ten blog post drafts for storypress.app.

  • The new hero is a three.js animation running inside a sandboxed, null-origin iframe under a strict Content-Security-Policy.

  • The agent made one error: it nested a component the schema does not allow. The platform refused to render it; the agent caught the failure via screenshot and fixed the structure itself.

  • Draft editing and publishing are separate permissions in StoryPress. The agent held draft rights only; a human published.

  • All freeform markup is sanitized with DOMPurify before render.

  • Context for caution: CVE-2025-6514 (mcp-remote RCE, CVSS 9.6, July 2025, JFrog); OX Security's April 2026 report on MCP STDIO transport defaults; the NSA AI Security Center's MCP guidance (May 2026).

  • Adoption: roughly 97 million monthly MCP SDK downloads as of March 2026 (Digital Applied, citing Anthropic-reported figures).

  • StoryPress is $5/month billed $60/year; the MCP server is included and agent calls are not metered.

If you would rather have a website an agent can manage and a human still controls, get started — a draft-safe, human-published, five-dollar arrangement. And if not metering agent calls sounds suspiciously generous, the economics of counting things are in The meter is dying.

Aurora curtains in many colors — one sky, many languages
Why StoryPress Doesn't Count Your Languages

Our native CMS ships with language variants built into every story. Two languages or forty — the bill is the same. No per-locale fee, no variant cap, no “contact sales” door at language eleven. This is the reasoning behind that decision, and behind what we meter instead.

A swirling night sky over a small town — renewal season
Leaving Squarespace in 2026: What Your Renewal Actually Costs Now

The renewal email always arrives politely. Careful subject line, soft gradient header, and a number that is not the number you signed up with. If you own a Squarespace site in the US, July 2026 is the season you find out what your website costs now — prices went up on July 6, and renewal notices are how most owners heard.

  • Showcase
  • Pricing
  • Terms of Service
  • Privacy Policy
  • Cookie Policy

Get the latest updates

  • Loading...
© Kworq, IncLLMs.txt
by StoryPress, with
InstagramInstagram icon for social media