Writing

AI cannot help an enterprise that cannot describe itself, and governance failure surfaces faster than optimisation failure.

Compression did not simply shorten the notes. It sharpened them. Headers and bullets had been doing the thinking the prose was supposed to do.

Forty thousand stars are voting on something. The framework verdict was correct. Closing the file was premature — the value still lives in the dependency tree.

A clever optimisation that was a silent regression. The override flags survived out of habit. None of the reasons survived contact with the actual numbers.

One paper for two audiences reads like leverage. It is actually a trap. The director commissions; the board governs a portfolio. They cannot read the same document.

Five rounds of the same question produced diminishing returns by round three. Then I changed the question — same document, different reviewer.

Vercel was breached through a third-party AI tool's OAuth token. The lesson is not about Vercel's security — it is about how every AI tool you onboard extends your attack surface in ways your governance framework does not track.

If you can replace 'agent' with 'application' and the principle still reads fine, it was never about agents.

Nous Research shipped an open-source personal agent that does most of what my bespoke system does. Here is what they got right, what they traded away, and what I stole.

Self-improving AI agents sound like the dream. But auto-generated knowledge is cheap, and cheap knowledge plateaus. The agents that compound are the ones someone tends.

Most agentic AI governance frameworks treat logging and assurance as the same thing. They're not. One records what happened. The other judges whether it was correct.

What Browser Harness gets right isn't the absence of structure — it's structure that emerges from use.

LLMs check whether each item in a list sounds right individually. They don't check whether all items are the same kind of thing.

The value of running six frontier models isn't six perspectives — it's six chances to be wrong, which means you can set a much higher bar for what counts as right.

Garry Tan's gstack arrived at the same architectural decisions I did, independently. The convergence matters more than either implementation.

Most AI skill prompts say 'make it good.' The ones that actually work say 'here are the 22 things you'll reach for first — reject all of them.'

Risk teams know risk. The open problem is designing controls for systems that are non-deterministic, probabilistic, and attackable in natural language.

Six cell biology mechanisms that reveal what the networking 'control plane' metaphor misses about governing AI agents.

Every other agentic AI risk has an engineering answer. Prompt injection doesn't. That changes everything about how you design controls.

Four interactions between agentic properties create risks that manual governance cannot address. The category boundary is not AI versus traditional — it is systems that act versus systems that advise.

Shopify's pi-autoresearch got 300x test speedups. But the real insight isn't performance — it's that the pattern works on anything with a number.

A Chinese article argues CLI is becoming the AI plugin format. I've been living this for months with 442 tools. The article is right about CLI. It's wrong about what makes CLI work.

Seven PyPI releases of a CV generation tool in one afternoon taught me that template-guided synthesis lives and dies by what the template already contains.

A 208 MB log, 59,356 retries, and zero LLM calls. A debugging story about what happens when the symptom lies about the cause.

A simple rule for keeping AI agent skill systems coherent: if two skills fire on the same trigger, merge them. Different trigger, different skill. No exceptions.

I left an AI coding pipeline running overnight with 21 monitoring cycles. 5 features merged, 10 specs dispatched, 3 root causes found. Here's what worked, what broke, and the quality of the output.

When choosing CLI vs MCP, pick the one you can undo. CLI wraps into MCP cheaply. MCP does not unwrap.

ANTHROPIC_API_KEY vs ANTHROPIC_AUTH_TOKEN — how a single wrong environment variable made an AI coding pipeline silently fail for hours, and the debugging journey that found it.

Anthropic shipped a hosted agent platform. Its architecture looks familiar. Here's what a solo builder can learn from how they decoupled the brain from the hands.

Karpathy's LLM Wiki pattern is a good starting point. Here's what changes when you run it for real — enforcement over convention, decay over growth, and knowledge that fires without being asked.