To me it has nothing to do with mdxjs.

Check it twice, what the submission implements is writing all the UI in markdown, not mixing markdown with React.

Perhaps I don't know mdxjs enough but that's my impression.

Markdown UI is loading a bunch of components and then displaying them where you want them by parsing some Markdown to figure out where they go.

MDX goes a step further by enabling you to actually write the component JSX in the Markdown as if it's React (rather than using ``` syntax). You can just display a component that was loaded from somewhere else. Basically, if you took the Markdown UI components as React components, you could use the runtime embed option from here: https://mdxjs.com/guides/embed/

the reason I made it is that mdxjs (afaik) only works with a build step and locks the user into React, and you are still technically running code sent by the LLM, rather than a more secure static JSON like object.

No and yes.

MDX parses JSX so it's compatible with any JSX runtime, not just react.

You're right that MDX executes arbitrary code because it supports the `import` and string interpolation of MDX and performs unsafe evals.

Because those evals aren't safe to use at runtime, I actually created a library that uses the MDX parser to support the static subset of JSX (which is very similar to HTML making it static and secure): https://www.npmjs.com/package/react-markdown-with-mdx