Posts 302 entriesPage 3 of 31

Posts

Development Journey

Verified Identity for AI Agents: Off, Warn, Enforce

Give AI agents an Ed25519 verified identity, then roll out an off/warn/enforce daemon gate that refuses to act on an unverified one — like an unsigned commit.

Read
Architecture

The Merge Is the Trust Boundary: Re-Derive as Untrusted

In a multi-writer knowledge store the merge is the trust boundary: re-derive the union as untrusted, re-govern from scratch, and anchor it with a signed DAG.

Read
Development Journey

Reject PII at the Source: A Disclosure Gate at Intake

The cheapest place to enforce a privacy rule is the front door — a fail-closed disclosure gate that rejects comp data and PII at candidate intake.

Read
AI Engineering

An Agent Allowlist Is a Comment Until a Gate Checks the Body

A Claude Code agent's tools list is a runtime gate, not a comment. A body-vs-allowlist consistency check in CI took 317 agents to A-grade in one sweep.

Read
Development Journey

BM25 Before Vectors: An Eval-Gated Retrieval ADR

Why ship BM25 search now and gate vectors behind an eval set? An ADR naming the trigger before a 333MB embedding model creeps into a local-first plugin.

Read
AI Engineering

A Second Brain You Can Audit Beats One You Must Trust

A second brain you can audit beats one you must trust. Local-first, daemon-free, no-egress by default, and an external anchor that detects a silent rewrite.

Read
Development Journey

Shipping Is Not Building: A Sunday of Merges

A quiet Sunday with no new code—just four PR merges that landed the intent-brain marketplace and cited search built across the prior week.

Read
DevOps

Your System-Map Is Fiction Until You Diff It Against Live Infra

A system-map that isn't verified against live infrastructure is fiction. The day you decommission a service is the day to reconcile the docs against the live Caddyfile.

Read
Architecture

MCP Server Auth: The API Is the Real Boundary

Per-user tokens, a server-side write gate, and a separate access log — why an MCP server's client-side tool gate is UX, not a security boundary.

Read
Technical Deep-Dive

When --cap-drop ALL Broke the Gate Socket

Hardening a container hid a permission bug: --cap-drop ALL stripped CAP_DAC_OVERRIDE, and a gate socket silently stopped governing every tool call.

Read