TOCTOU Race Conditions in Rate Limiting: A Security Deep Dive
How a subtle race condition in file-based rate limiting allowed unlimited API calls, and the atomic operations that fixed it.
Posts
Unified Naming Migration: Eradicating Technical Debt with Pre-commit Hooks
Learn how to systematically migrate legacy naming across a complex codebase and ensure they never return using automated enforcement.
Why Importing Zod Directly Crashes OpenCode Plugins
The subtle version mismatch that caused ‘undefined is not an object’ errors when defining tool schemas in OpenCode plugins.
Why Your Config Changes Aren't Working: Templates vs. Active Configs
A common developer pitfall: editing a template file in a repository instead of the actual active configuration file used by the application.
Always-On Skills: Making AI Agent Behaviors Persistent
How to configure skills to auto-load for specific AI agents, turning one-off invocations into persistent behaviors.
Building an Autonomous AI Companion: A Cost-Aware Architecture
A five-layer architecture for building AI assistants that are autonomous, cost-efficient, and secure
Building Your Own /today Command: A Teresa Torres Approach to Personal AI
How to build a personal AI pipeline that aggregates your calendar, emails, and newsletters into a daily briefing - inspired by product coach Teresa Torres who built her own /today command with Claude.
Defense in Depth: A Three-Zone VM Architecture for Autonomous AI Agents
How to isolate autonomous AI agents using lightweight VMs to prevent prompt injection and credential exfiltration
Ditch Your Lightbox Library: Native Dialog Does It Better
How to build a fully-featured image lightbox using native HTML dialog element - zero dependencies, 10 lines of JavaScript, better accessibility.
Git Submodules Don't Trigger CI: The Webhook Gotcha
Push to content repo. Wait for deploy. Nothing happens. Submodule changes don’t trigger parent repo webhooks - and your CI doesn’t know anything changed.