security The Supply Chain Risk Between CI Workflows Cordyceps is a useful reminder that some CI/CD risks do not live in one workflow file. They live in the trust boundary between workflows.
supply-chain-security Your AI Agent Installs Packages Now. Who Is Checking Them? AI coding agents install dependencies, add MCP servers, and obey rules files nobody reads. supply-chain-guard v5.4.1 scans all of it, and ships an MCP server so your agent can vet a package before it ever touches your machine.
ai Why Ambiguity Needs Its Own State Automation fails quietly when unclear inputs are forced into yes or no decisions. The safer pattern is to treat ambiguity as its own state.
ai AAHP Swarm: Why Review Comes First AAHP Swarm is a review-first layer for agent workflows. The goal is not more magic, but clearer roles, safer verification, and accountable handoff.
ai The Hard Part Was Continuity I started building a digital symbiont and learned that the real challenge was not intelligence. It was reliable continuity between sessions.
ai 90 Days Solo With AI Agents: A Field Report on What Holds Up Under Load Ninety days running a portfolio with AI agents as the primary execution layer. The patterns that held up, the patterns that broke, and the operating discipline the speed demands.
ai When the AI Does It Before You Ask: A Week With Autonomous Agents I spent a week running parallel AI agent workflows with self-healing, CLI routing, and automated tasks. Here is what actually happened.
security I scanned the leaked Claude Code source before building it I scanned a widely-shared copy of leaked Claude Code source before running it. The scanner returned a critical score. Here is what the findings actually mean, and why the repository distributing it deleted my comments.