All
Articles 111,402Blog Posts 121,463Tech Tutorials 28,414Research Papers 22,452News 16,650
⚡ AI Lessons

Dev.to · Jeremy Longshore
☁️ DevOps & Cloud
⚡ AI Lesson
2d ago
Run the Readiness Audit Before You Flip DNS
An adversarial readiness audit found a payment-path bug that would have charged every customer, then returned HTTP 500 — before the irreversible DNS flip.

Dev.to · Jeremy Longshore
4d ago
Gate the Statement, Not the Tool Name
When one MCP tool carries every SQL verb, allowlisting tool names is theater. The safety boundary has to read the statement — here's how that gate was built.

Dev.to · Jeremy Longshore
📐 ML Fundamentals
⚡ AI Lesson
5d ago
Coverage Said 69%, Mutation Testing Said 25%
A repo at 69% line coverage scored 24.88% on mutation testing—and the rules engine that touches user email scored 0.00%. Coverage said fine; Stryker didn't.

Dev.to · Jeremy Longshore
☁️ DevOps & Cloud
⚡ AI Lesson
1w ago
Green CI Proves Nothing: Why Your Tests Gate Zero Calls
CI dogfood for AI-agent governance went green while gating zero tool calls. Here's why a passing test proving nothing is worse than a red one.

Dev.to · Jeremy Longshore
⚡ AI Lesson
1w ago
MCP Server Auth: The API Is the Real Boundary
Per-user tokens, a server-side write gate, and a separate access log — why an MCP server's client-side tool gate is UX, not a security boundary.

Dev.to · Jeremy Longshore
☁️ DevOps & Cloud
⚡ AI Lesson
1w ago
When --cap-drop ALL Broke the Gate Socket
Hardening a container hid a permission bug: --cap-drop ALL stripped CAP_DAC_OVERRIDE, and a gate socket silently stopped governing every tool call.

Dev.to · Jeremy Longshore
⚡ AI Lesson
3w ago
Honor the Gate When the Verdict Is Inconvenient
A quality gate only matters if you honor its verdict. How pre-registration and honest-gate culture stopped two teams from faking green or rationalizing a STOP.

Dev.to · Jeremy Longshore
🤖 AI Agents & Automation
⚡ AI Lesson
3w ago
Human-in-the-Loop Is a Delivery Guarantee, Not a UI Feature
Human-in-the-loop agent delivery is exactly-once, fail-closed. Two repos shipped the same four-move discipline the same day — convergence, not coincidence.

Dev.to · Jeremy Longshore
☁️ DevOps & Cloud
⚡ AI Lesson
1mo ago
Vite Dev Server in Production: The 871-Byte Tell
scorecardecho.com shipped the Vite dev server to every visitor. Three signals catch it in a minute; a multi-stage Dockerfile fixes it for any SPA container.

Dev.to · Jeremy Longshore
1mo ago
The Unicode Layer Your Validator Can't See
Schema validation can't see invisible Unicode. A stdlib-only CI gate that catches tag-char injection, Trojan Source bidi overrides, and homoglyph attacks.

Dev.to · Jeremy Longshore
☁️ DevOps & Cloud
⚡ AI Lesson
1mo ago
Self-Expiring Report-Only CI Gates: From Advisory to Enforced
How a meta-gate enforces deadline-driven CI hardening without freezing contributors — one logical concern per PR, permanent blocking by design.

Dev.to · Jeremy Longshore
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Safety Model First: 16-Tool Ops MCP, One Day
Design a 7-point safety model before writing tools. How server-ops-mcp shipped 16 tools, 40 tests, and v0.1.0 in a single day.

Dev.to · Jeremy Longshore
1mo ago
A v1.0 Is a Gate, Not a Tag
Why release gates should accept GO with conditions, not binary GO/NO-GO. How ICO v1.0.0 shipped with documented gaps and a same-day v1.0.1.

Dev.to · Jeremy Longshore
⚡ AI Lesson
1mo ago
Honest Perf Benchmarks for a Paid-API Compiler
Four PRs, three releases, and a benchmark suite that won't lie to you: seeded-RNG corpora, double-gated Claude scenarios, and skipped-but-recorded records.

Dev.to · Jeremy Longshore
🧠 Large Language Models
⚡ AI Lesson
1mo ago
Deterministic First, LLM Second: An Advisory CI Pre-Screen
Wire an LLM into CI without veto power: the deterministic classifier is the product, the LLM is advisory polish, and the never-block contract retires the old sy

Dev.to · Jeremy Longshore
1mo ago
Transitive CVE Clearance: The Dual-Layer Pattern
How v0.9.1 cleared 6 high-severity transitive CVEs in axios + fast-uri — and why the dep bump needed top-level overrides to actually stick.

Dev.to · Jeremy Longshore
☁️ DevOps & Cloud
⚡ AI Lesson
1mo ago
Two False-Positive Fixes, Same Root Cause
Two separate false-positive alerts, same root cause: monitoring conjoined liveness with conditional behavior. Separating health signals quiets noise under load.

Dev.to · Jeremy Longshore
1mo ago
Coherence as a Deliverable: How a Multi-Surface Engagement Stays Sane
Why scattered Plane issues, beads, docs, and partner portals silently diverge — and four structural patterns that catch drift before it compounds.

Dev.to · Jeremy Longshore
⚡ AI Lesson
2mo ago
The Two Postgres Bugs the Tests Caught: A Real-DB Integration Test Case Study
A no-mocks testcontainers policy caught two production-fatal Postgres bugs in one test run — PG 15's schema USAGE removal and an asymmetric SELECT grant for a s

Dev.to · Jeremy Longshore
⚡ AI Lesson
2mo ago
Manifest System + Mutation Testing: Two Ways to Find Out What Actually Works
Epic 31-B lands the publish side of the bot-manifest protocol in claude-code-slack-channel. Epic 31 closes with an audit. Mutation tests and a cyclomatic gate m

Dev.to · Jeremy Longshore
🔐 Cybersecurity
⚡ AI Lesson
2mo ago
Four Releases in One Day: How the claude-code-slack-channel Security Sprint Actually Shipped
Epic 29-A, 30-A, 30-B, 32-B land in a single calendar day across v0.5.0 → v0.5.1 → v0.6.0 → v0.7.0 — a supervisor, a hash-chained audit journal, and a policy en

Dev.to · Jeremy Longshore
⚡ AI Lesson
2mo ago
Four Primitives, Three Reviews: How a Contributor PR Reshaped a Roadmap
claude-code-slack-channel v0.4.0 shipped a contributor PR that forced a scoping conversation. Four roadmap primitives emerged. Three parallel reviews — architec

Dev.to · Jeremy Longshore
🖌️ UI/UX Design
⚡ AI Lesson
2mo ago
Braves Booth — Idle Recap, Dashboard Density, and AI Pitcher Narratives
Refactoring the Braves broadcast dashboard idle view, eliminating sub-10px fonts, and replacing duplicated AI narrative logic with a structured buildPitcherFact

Dev.to · Jeremy Longshore
🔐 Cybersecurity
⚡ AI Lesson
3mo ago
Software Supply Chain Security After Axios
The axios npm compromise validated every warning in a 38-page supply chain security survey. Three attack vectors, one incident, six steps to act on.
DeepCamp AI