Search
Posts
MCP Server Auth: The API Is the Real Boundary
Per-user tokens, a server-side write gate, and a separate access log — why an MCP server's client-side tool gate is UX, not a security boundary.
ReadWhen --cap-drop ALL Broke the Gate Socket
Hardening a container hid a permission bug: --cap-drop ALL stripped CAP_DAC_OVERRIDE, and a gate socket silently stopped governing every tool call.
ReadGreen CI Proves Nothing: Why Your Tests Gate Zero Calls
CI dogfood for AI-agent governance went green while gating zero tool calls. Here's why a passing test proving nothing is worse than a red one.
ReadHonor the Gate When the Verdict Is Inconvenient
A quality gate only matters if you honor its verdict. How pre-registration and honest-gate culture stopped two teams from faking green or rationalizing a STOP.
ReadMaking Agents Reliable on Real-Device Clouds
Reliability on a real-device cloud isn't in the API calls — it's in the partial-failure seams between MCP tool calls. Three task-specific agents, four advisory hooks, and a documented-limitations list make those seams legible so an agent routes instead of guessing.
ReadStop Crying Wolf: A 3-Strike Gate for Uptime Monitors
Fix uptime monitor alert fatigue with a 3-strike debounce gate and real per-probe diagnostics. Stops false positives, keeps real outages visible.
ReadHuman-in-the-Loop Is a Delivery Guarantee, Not a UI Feature
Human-in-the-loop agent delivery is exactly-once, fail-closed. Two repos shipped the same four-move discipline the same day — convergence, not coincidence.
ReadNine Days Silent: When the Blog's Own Pipeline Stopped Publishing Itself
A 9-day publishing blackout went unnoticed because monitoring reported success while producing nothing. Git worktrees + orphan branches + timeout logs = silent failure at scale.
ReadThe Wrong Product, Built Perfectly
A new site was scaffolded, deployed, and live with valid TLS in under an hour — then declared the wrong product. The decoupling made the reversal cheap.
ReadFrom one adopter to two: the discovery-affordance spec just got named
A 39.7k-star skills repo adopted my discovery-manifest pattern by name. What changed, why it matters, and the install_source_url work that comes next.
Read