Blog posts & technical deep-dives
After patching every vulnerability from our initial audit, we commissioned a re-audit expecting the all-clear. Two autonomous agents found 10 new issues we'd completely missed — including PII logged in 15 locations and an IPv6 parsing bug that silently broke rate limiting.
I built an ADK agent event visualizer and immediately caught my own agent wasting 1,514 tokens on LLM calls it never needed. Tracing revealed what the black box was hiding.
Three projects, three copy-pasted image pipelines, one inevitable extraction. Building imagen — a reusable Go library for multi-provider AI image generation with automatic GCS upload — taught me when to generalize, when to copy, and why the third time is the threshold.
Five independent teams converged on the same finding: coding agents become reliable only when you build the right scaffolding around them. Here's what a production-grade agent harness actually looks like — context architecture, tool constraints, verification loops, and the 7 components that separate agents that ship from agents that hallucinate.
Three hours, four failed download attempts, a 135-byte Xet pointer trap, a 16-connection aria2c rescue, and the final gut punch: Qwen3 doesn't support tools in Ollama. The story of how llama3.1:8b won by default.
After migrating from Node.js to Go, security vulnerabilities don't just disappear — they take new forms. Here's what we found in the new A2A agent and Vue frontend.
How Google ADK Go's built-in A2A handler falls short for UI-consumable responses — and the custom Sublauncher pattern we built to return structured A2UI JSON instead of raw text.
Migrating from in-memory session state to LangGraph with Firestore checkpoint — the architecture problems, build challenges, production wins, and why your agent needs persistent state
When Vitest failed with ERR_REQUIRE_ESM under Bun runtime, we chose Playwright for all testing — here's why
A systematic security audit revealed 4 critical auth bypass vulnerabilities — here's how we found and fixed them
How we traced and fixed Firebase Auth token audience mismatch errors in a Bun+React monorepo with A2A protocol
How we migrated from phase-based state management to React Router with deep linking in a Bun+Vite monorepo
Building a monorepo AI image generation app with LangChain, Gemini, and Stability AI — and the production bugs that taught me everything.