architecture
Articles
The Grant Table Is the Kill Switch: Access Control for a Shared AI Employee
Several people share one autonomous agent: the identity provider proves who they are, but a grant read live on every request decides whether they still get in.
What an Agent May Do Is Not How It May Start
One authorization setting was answering two unrelated questions. Splitting exposure from initiation is what made the entitlement model enforceable.
Bake Every Author-Built Connector In, Keep It Inert Until Bound
When a vendor has no MCP server you author your own. The real decision is where that connector code lives: baked into one shared image, inert until bound.
An Agent Should Write the Script, Not Be the Loop
When an agent task burns money, the reflex is to make the run survivable. Often the real fix is upstream: the agent should write the script, not be the loop.
We Accidentally Built a Shadow System of Record
A review caught our agent console rendering the customer's own data back to them. We had built a shadow system of record nobody designed.
claude.ai as a Routing Surface, Not a Content Generator
MCP turns a conversation interface into a capable operator by exposing production tools directly - the LLM becomes the routing layer, not a content generator.
An Agent That Can Edit Its Own Autonomy Ceiling Has No Ceiling
OS-level file ownership - not prompt instructions - is the only reliable way to prevent an AI agent from modifying its own governance constraints.
Live Reconfiguration for Persistent AI Agent Processes
How to apply configuration changes to a running AI agent without downtime, and why "durable" apply semantics matter more than the detection mechanism.
Model Selection Is an Operational Variable, Not a Code Constant
Config-driven model selection gives per-customer cost control, live tier changes without redeploy, and a verification path for actual API spend.
Suppress Work Loudly
When a suppression mechanism fails, the failure mode should produce more work, not less - because silent suppression looks identical to a successful decision.
"Merged" Is Not "Wired"
Live output path audit - not PR titles - reveals merged safety-critical features that never reached the path real output actually travels.
Dead Code Removal Is a Security Audit, Not Just Cleanup
Deleting old adapter code forces a semantic comparison you would not otherwise do - and that is where security gaps surface, not where they get introduced.
Give an Agent Powerful Capabilities Without Giving It Credentials
Least-privilege for autonomous agents: mediate every Google Workspace grant through a separate privilege-dropped broker, never hand the agent the credential.
Scaling One Product Across a Dozen Industries Without Forking It
A manifest plus an addon directory per vertical lets one AI service span a dozen industries without a separate codebase per client. The templating architecture.
The Harness Is the Product: What You Own When the AI Brain Is Rented
The frontier model rotates roughly monthly. The durable asset is the harness it plugs into. Define the harness by function, not by today's tool.
Retiring a Fork That Stopped Earning Its Keep
A dependency you control "for safety" can quietly become pure cost. We audited a fork from first principles and found the safe move was to delete it.
Collapsing Two Auth Systems Into One Without Rewriting 73 Call Sites
A session shim that rebuilds the old session shape from a new identity provider lets you swap auth under dozens of call sites without a big-bang rewrite.
PWA vs Native App - When to Skip the App Store
A decision framework for choosing PWA over native when you have not validated product-market fit yet.