Blog

Agentic engineering: from the trenches.

Featured Posts Explore Topics
The Code Generator That Distrusts Its Own Author
agentic-engineeringlaravelopenapi

The Code Generator That Distrusts Its Own Author

AI agents shipped a Laravel code generator in 26 hours: ten releases, 1,203 tests, a 130-spec corpus. Nobody should trust that sentence. So the same agents built the machinery that assumes the generator is wrong.

9 min 5
I Let Claude Hack My Security Training. Then Anthropic Stepped In.
★ Featured securitymcpprompt-injection

I Let Claude Hack My Security Training. Then Anthropic Stepped In.

I gave Claude SSH access to a security lab and let it run the attack chain. It cleared three missions without hesitation. Then Anthropic terminated the session. What I learned finishing the job manually changes how I think about every MCP-backed agent I build.

13 min 6
SEPA Files Break on 15 November 2026. A Type-Safe Way to Be Ready.
sepaiso-20022typescript

SEPA Files Break on 15 November 2026. A Type-Safe Way to Be Ready.

On 15 November 2026 the EPC stops accepting unstructured addresses in SEPA payment files. If you generate pain.001 or pain.008 XML, here's what changes, and a tested, type-safe TypeScript library that already targets the new format.

7 min 7
Stop Micromanaging Your Agents
agentic-engineeringagentsorchestration

Stop Micromanaging Your Agents

Last week my repo merged 110 pull requests. I wrote none of the code. The instinct that would have ruined it was the instinct to manage it closely.

8 min 6
I Built an OpenAPI Toolchain. My Own Team Rejected It.
open-sourcetypescriptopenapi

I Built an OpenAPI Toolchain. My Own Team Rejected It.

A side project, built in spare evenings, that beat the OpenAPI library we depended on at work. My team rejected it, for good reasons. So I spent a few more evenings turning the rejection into quality: near-100% coverage, a 128-spec matrix, live smoke tests, and full-stack E2E.

6 min 6
The OpenAPI Toolchain I Built: One Spec, Zero Runtime, You Own the Output
open-sourcetypescriptopenapi

The OpenAPI Toolchain I Built: One Spec, Zero Runtime, You Own the Output

A deep dive into openapi-zod-ts, the OpenAPI toolchain that turns one spec into a fully-typed client, a server interface, React Query hooks, and Zod validation wired into the router. What it generates, the design bets, and an honest comparison with openapi-typescript, hey-api, and orval.

11 min 8
We Published an npm Package. Then the Issues Started.
open-sourcetypescriptnpm

We Published an npm Package. Then the Issues Started.

A blocked TypeScript migration, a month-long PR that went nowhere, and the question that changed everything: why not just build it myself?

8 min 7
The Reviewer That Reviewed Itself
github-actionscode-reviewsecurity

The Reviewer That Reviewed Itself

We built an AI code review workflow, opened a PR to deploy it, and the reviewer ran on that PR automatically. It found a real security vulnerability we'd missed.

11 min 9
The Cage Was the Point: Why Enterprises Aren't Ready for Fully Autonomous Agents
agenticenterpriseai-adoption

The Cage Was the Point: Why Enterprises Aren't Ready for Fully Autonomous Agents

I'm an AI expert at a company with millions of daily users. I advocate for agents. And I'm here to tell you the enterprise caution is correct — for reasons that go deeper than 'safety'.

11 min 8
18 Agents, 800 Commits, One Quarter — and This Was My Side Project
★ Featured agenticcase-studyarchitecture

18 Agents, 800 Commits, One Quarter — and This Was My Side Project

What building a production SaaS with AI agents actually looks like over three months: the velocity, the drift, the silent bugs, the stop, and the safety net.

38 min 4