~/blog

Blog

Articles and thoughts on web development, architecture, and technology.

all AI architecture craft MCP security Skills tooling

May 25, 2026·7 min·Field Guide #4

Working with an agent, properly

The complete workflow from first thought to merged commit: spec, context, enforcement, session hygiene, trust limits, and review. Everything that makes agents reliable.

read →

May 24, 2026

The ceiling is made of concrete

Every rate limit, signup pause, and pricing shift of the last six months has one root cause. Not greed. Not unsustainable burn rates. Physics.

5mAI

May 23, 2026

They didn't push a new version. They moved yours.

On 22 May 2026 someone rewrote every git tag in four Laravel-Lang packages. Around 700 historical versions now resolve to malicious commits. Pinning a version is not the same as pinning a commit, and the difference just cost the PHP ecosystem its weekend.

6msecurity

May 23, 2026

Code churn is the lava you can still measure

AI-assisted teams ship more PRs than ever, but 40% of those lines are rewritten within two weeks. The lava layer is what hardens. Churn is what never gets the chance.

7mAI

May 22, 2026

What's new in Claude Code: notes from the London talk

A walkthrough of what Anthropic shipped in Claude Code recently, organised the way they presented it: developer experience and autonomy, with notes on which defaults are actually worth flipping on.

7mtooling

May 21, 2026

Caveman vs context-mode: small mouth, or smaller room?

One Claude Code plugin has 63k stars and asks you to talk like a caveman. The other has 15k stars and sandboxes your tool output. The internet picked the funny one. Whether you should depends on which token leak you are actually trying to fix.

6mAI

May 21, 2026

Stop asking your agent nicely

Your CLAUDE.md is a suggestion. Hooks are a wall. ADRs and custom lint rules are the missing layer between them, the difference between hoping your agent obeys and making it impossible to disobey.

6mAI

May 20, 2026

Benchmarks said frontier. Developers said "dumb."

Gemini 3.5 Flash topped MCP Atlas, Toolathlon and CharXiv on day one. By the next morning a developer on Google's own forum had documented the model looping for 776 steps. The gap between the benchmark and the work is not a bug.

6mAI

May 19, 2026

Your 10x developer is gated by a 0.1x pipeline

AI made code cheap. Nobody upgraded the pipeline that turns code into shipped value. Now the bottleneck is eating your senior engineers alive.

5marchitecture

May 18, 2026

One in four: the security debt nobody's counting

AI-generated code ships faster than ever. It also contains confirmed OWASP vulnerabilities at an alarming rate. The industry is celebrating velocity while quietly building the largest security debt in software history.

4mAI

// overview

Articles: 32
Read time: 147m
Words: 26,300