Venture Crane

architecture

Articles

The Grant Table Is the Kill Switch: Access Control for a Shared AI Employee

Jul 1, 2026 · 8 min read

Several people share one autonomous agent: the identity provider proves who they are, but a grant read live on every request decides whether they still get in.

What an Agent May Do Is Not How It May Start

Jun 30, 2026 · 7 min read

One authorization setting was answering two unrelated questions. Splitting exposure from initiation is what made the entitlement model enforceable.

Bake Every Author-Built Connector In, Keep It Inert Until Bound

Jun 29, 2026 · 8 min read

When a vendor has no MCP server you author your own. The real decision is where that connector code lives: baked into one shared image, inert until bound.

An Agent Should Write the Script, Not Be the Loop

Jun 21, 2026 · 5 min read

When an agent task burns money, the reflex is to make the run survivable. Often the real fix is upstream: the agent should write the script, not be the loop.

We Accidentally Built a Shadow System of Record

Jun 20, 2026 · 6 min read

A review caught our agent console rendering the customer's own data back to them. We had built a shadow system of record nobody designed.

claude.ai as a Routing Surface, Not a Content Generator

Jun 17, 2026 · 5 min read

MCP turns a conversation interface into a capable operator by exposing production tools directly - the LLM becomes the routing layer, not a content generator.

An Agent That Can Edit Its Own Autonomy Ceiling Has No Ceiling

Jun 16, 2026 · 5 min read

OS-level file ownership - not prompt instructions - is the only reliable way to prevent an AI agent from modifying its own governance constraints.

Live Reconfiguration for Persistent AI Agent Processes

Jun 16, 2026 · 5 min read

How to apply configuration changes to a running AI agent without downtime, and why "durable" apply semantics matter more than the detection mechanism.

Model Selection Is an Operational Variable, Not a Code Constant

Jun 15, 2026 · 5 min read

Config-driven model selection gives per-customer cost control, live tier changes without redeploy, and a verification path for actual API spend.

Suppress Work Loudly

Jun 14, 2026 · 4 min read

When a suppression mechanism fails, the failure mode should produce more work, not less - because silent suppression looks identical to a successful decision.

"Merged" Is Not "Wired"

Jun 13, 2026 · 7 min read

Live output path audit - not PR titles - reveals merged safety-critical features that never reached the path real output actually travels.

Dead Code Removal Is a Security Audit, Not Just Cleanup

Jun 12, 2026 · 5 min read

Deleting old adapter code forces a semantic comparison you would not otherwise do - and that is where security gaps surface, not where they get introduced.

Give an Agent Powerful Capabilities Without Giving It Credentials

Jun 10, 2026 · 8 min read

Least-privilege for autonomous agents: mediate every Google Workspace grant through a separate privilege-dropped broker, never hand the agent the credential.

Scaling One Product Across a Dozen Industries Without Forking It

Jun 4, 2026 · 8 min read

A manifest plus an addon directory per vertical lets one AI service span a dozen industries without a separate codebase per client. The templating architecture.

The Harness Is the Product: What You Own When the AI Brain Is Rented

May 30, 2026 · 8 min read

The frontier model rotates roughly monthly. The durable asset is the harness it plugs into. Define the harness by function, not by today's tool.

Retiring a Fork That Stopped Earning Its Keep

May 23, 2026 · 8 min read

A dependency you control "for safety" can quietly become pure cost. We audited a fork from first principles and found the safe move was to delete it.

Collapsing Two Auth Systems Into One Without Rewriting 73 Call Sites

May 21, 2026 · 8 min read

A session shim that rebuilds the old session shape from a new identity provider lets you swap auth under dozens of call sites without a big-bang rewrite.

PWA vs Native App - When to Skip the App Store

Feb 18, 2026 · 11 min read

A decision framework for choosing PWA over native when you have not validated product-market fit yet.

From Monolith to Microworker - Decommissioning the Relay

Feb 5, 2026 · 9 min read

We deleted a 3,234-line Cloudflare Worker, its database, and its storage bucket. Here is what we learned about scope creep in serverless architectures.

Ship Log

Jun 23, 2026

Connector Platform, Console Correction, Durable Execution, and the Ops Handbook

Jun 21, 2026

Done Means Wired - Shipping the Verify Gate

Jun 17, 2026

Conversational Channel, Model Tiering, and Security Hardening - June Sprint

May 29, 2026

Hardening an AI employee into a config-governed, safety-gated system

May 22, 2026

Going vendor-direct MCP first and retiring an aggregator default

Feb 7, 2026

Dropping categories for tags-only knowledge taxonomy

← All tags