Short-lived OIDC for CI: kill every long-lived GitHub Actions token
AWS OIDC, GCP WIF, Azure federated credentials
May 3, 20268 min read13
Command Palette
Search for a command to run...
Latest articles
The 50ms lie: when edge AI actually matters (and when you're paying Cloudflare for marketing)
Putting Llama-70B at the edge to save 50ms on a 5-second inference is like airlifting lettuce to shave 2 minutes off a 4-hour dinner. Know which latency you're actually optimizing
Apr 20, 20269 min read24
Stop building agents like prompts. Build them like state machines.
Durable execution (Temporal, Restate, Inngest), idempotency keys for tool calls, and human-in-the-loop as an interrupt primitive.
Apr 19, 202611 min read135
How I Built ForgeKit: An Open-Source Engineering Acceleration Platform That Scaffolds Production-Ready Projects in Under 60 Seconds
Every engineer has lost a Monday morning to wiring up the same Dockerfile, the same GitHub Actions workflow and the same ESLint config they wrote three projects ago. ForgeKit eliminates that entirely. One command. Production-ready project.
Mar 24, 202610 min read48
Building a Deployment Health Validator
5 Subtle Bugs That Break Production (and how to find them)
Mar 10, 202619 min read25
Platform Engineering at the Edge
Designing IDPs for Satellites, Factories and Hospitals
Mar 3, 202616 min read53
Governing the Ungovernable: Building an EU AI Act Article 9 Compliance Framework for Agentic AI That Actually Works in Production
Static compliance frameworks were built for fixed pipelines. Agentic AI has runtime-determined risk profiles, non-deterministic tool chains, and emergent blast radii. Here is the six-layer architecture, full implementation code, and CI/CD gate that closes the gap before the August 2026 enforcement deadline.
Feb 28, 202615 min read125
The 3AM Problem: Why On-Call Burnout Is a System Design Failure, Not a People Problem
62% of engineers say on-call rotations have damaged their mental health. 34% quit within 18 months. 80% of alerts are noisy, duplicated, or resolve before the engineer can act. This is not a resilience problem. This is a system design problem and every single root cause has a technical fix.
Feb 25, 202626 min read46
The $4.45M Mistake: How a Missing SBOM Requirement Let the XZ Utils Backdoor Slip Past Millions of Servers
A 3-year patient infiltration. One 500ms anomaly. Zero automated defenses. Here's the full architecture of what happened, what should have stopped it, and how to build a self-healing supply chain security system into your IDP, today.
Feb 22, 202622 min read33