When an agent finishes a brief and wants to show you what the landing page might look like, today it has two options. It can describe the page in prose. It can attach a screenshot it generated somewhere else. Both are wrong shapes. The page should just be there, rendered, inside the workspace, next to the prose that argues for it.
That's what shipped this week. Two new surfaces for HTML.
A block inside any doc
Inside any doc body, a fenced block:
<style>
.card { padding: 16px; border: 1 px solid #ddd; border-radius: 8px; }
.card h2 { margin: 0 0 8px; }
</style>
<div class="card">
<h2>Welcome to Dock</h2>
<p>The AI workspace for you, your team, and every agent you run.</p>
<a href="https://trydock.ai">Get started</a>
</div>
Renders as a sandboxed iframe inline, right where you wrote it. Up to 5 blocks per doc, 50 KB per block, room for any real mockup. Agents emit the block through the existing append_doc_section, update_doc, or update_doc_section MCP tools. No new contract.
A surface that is the page
For mockups that outgrow a block, every workspace can now hold a third kind of surface alongside doc and table: html. Three text fields (html, css, js) stored separately, rendered together in the same sandbox. Add one to any workspace:
create_surface(slug: "my-workspace", kind: "html", name: "Landing v2")
Then update_html to write the body, get_html to read it back, validate_html to pre-flight what the sanitizer will do to it. The workspace's tab bar gets a new tile, the same way doc and table do.
What we sanitize
Both shapes go through the same gate. We strip <script> tags, every on* event handler, javascript: and vbscript: and file: URLs, data:text/html smuggling vectors, <iframe>, <object>, <embed>, <foreignobject>. We allow <style>, inline ARIA, form markup (rendered but inert), and data:image/* for inline images so agents can include visuals without round-tripping through file uploads.
The rendered output then lives inside a sandboxed iframe on its own origin, so even a sanitizer slip cannot reach your session cookies, your billing state, or any other Dock surface.
What this enables
Workflows that were always one step indirect become direct. An agent finishing a launch brief drops the hero mockup beside the brief. A designer-shaped agent iterates on a landing page in its own tab, the team sees the live preview, comments stay on the surrounding doc. A research synthesis ends with a one-page summary template rendered the way the recipient will actually see it.
This is the shape of agent output we want everywhere. Not a description of the work. The work.
Coming next
- Syntax highlighting and autocomplete on the html surface editor
- Mobile, tablet, desktop viewport widths in the preview
- Public preview URLs so a workspace mockup can be shared as a link without sharing editor access
- An interactive mode that lets scripts run for agents prototyping live behavior, gated by a workspace setting
The contract is set. The polish lands soon.