✕ Clear all filters
59 articles
▶ Videos →

📰 Dev.to · Jeremy Longshore

59 articles · Updated every 3 hours · View all reads

All Articles 111,402Blog Posts 121,463Tech Tutorials 28,414Research Papers 22,452News 16,650 ⚡ AI Lessons
MCP Server Auth: The API Is the Real Boundary
Dev.to · Jeremy Longshore ⚡ AI Lesson 1w ago
MCP Server Auth: The API Is the Real Boundary
Per-user tokens, a server-side write gate, and a separate access log — why an MCP server's client-side tool gate is UX, not a security boundary.
When --cap-drop ALL Broke the Gate Socket
Dev.to · Jeremy Longshore ☁️ DevOps & Cloud ⚡ AI Lesson 1w ago
When --cap-drop ALL Broke the Gate Socket
Hardening a container hid a permission bug: --cap-drop ALL stripped CAP_DAC_OVERRIDE, and a gate socket silently stopped governing every tool call.
Honor the Gate When the Verdict Is Inconvenient
Dev.to · Jeremy Longshore ⚡ AI Lesson 3w ago
Honor the Gate When the Verdict Is Inconvenient
A quality gate only matters if you honor its verdict. How pre-registration and honest-gate culture stopped two teams from faking green or rationalizing a STOP.
Human-in-the-Loop Is a Delivery Guarantee, Not a UI Feature
Dev.to · Jeremy Longshore 🤖 AI Agents & Automation ⚡ AI Lesson 3w ago
Human-in-the-Loop Is a Delivery Guarantee, Not a UI Feature
Human-in-the-loop agent delivery is exactly-once, fail-closed. Two repos shipped the same four-move discipline the same day — convergence, not coincidence.
Vite Dev Server in Production: The 871-Byte Tell
Dev.to · Jeremy Longshore ☁️ DevOps & Cloud ⚡ AI Lesson 1mo ago
Vite Dev Server in Production: The 871-Byte Tell
scorecardecho.com shipped the Vite dev server to every visitor. Three signals catch it in a minute; a multi-stage Dockerfile fixes it for any SPA container.
The Unicode Layer Your Validator Can't See
Dev.to · Jeremy Longshore 1mo ago
The Unicode Layer Your Validator Can't See
Schema validation can't see invisible Unicode. A stdlib-only CI gate that catches tag-char injection, Trojan Source bidi overrides, and homoglyph attacks.
Self-Expiring Report-Only CI Gates: From Advisory to Enforced
Dev.to · Jeremy Longshore ☁️ DevOps & Cloud ⚡ AI Lesson 1mo ago
Self-Expiring Report-Only CI Gates: From Advisory to Enforced
How a meta-gate enforces deadline-driven CI hardening without freezing contributors — one logical concern per PR, permanent blocking by design.
Safety Model First: 16-Tool Ops MCP, One Day
Dev.to · Jeremy Longshore 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
Safety Model First: 16-Tool Ops MCP, One Day
Design a 7-point safety model before writing tools. How server-ops-mcp shipped 16 tools, 40 tests, and v0.1.0 in a single day.
A v1.0 Is a Gate, Not a Tag
Dev.to · Jeremy Longshore 1mo ago
A v1.0 Is a Gate, Not a Tag
Why release gates should accept GO with conditions, not binary GO/NO-GO. How ICO v1.0.0 shipped with documented gaps and a same-day v1.0.1.
Honest Perf Benchmarks for a Paid-API Compiler
Dev.to · Jeremy Longshore ⚡ AI Lesson 1mo ago
Honest Perf Benchmarks for a Paid-API Compiler
Four PRs, three releases, and a benchmark suite that won't lie to you: seeded-RNG corpora, double-gated Claude scenarios, and skipped-but-recorded records.
Deterministic First, LLM Second: An Advisory CI Pre-Screen
Dev.to · Jeremy Longshore 🧠 Large Language Models ⚡ AI Lesson 1mo ago
Deterministic First, LLM Second: An Advisory CI Pre-Screen
Wire an LLM into CI without veto power: the deterministic classifier is the product, the LLM is advisory polish, and the never-block contract retires the old sy
Transitive CVE Clearance: The Dual-Layer Pattern
Dev.to · Jeremy Longshore 1mo ago
Transitive CVE Clearance: The Dual-Layer Pattern
How v0.9.1 cleared 6 high-severity transitive CVEs in axios + fast-uri — and why the dep bump needed top-level overrides to actually stick.
Two False-Positive Fixes, Same Root Cause
Dev.to · Jeremy Longshore ☁️ DevOps & Cloud ⚡ AI Lesson 1mo ago
Two False-Positive Fixes, Same Root Cause
Two separate false-positive alerts, same root cause: monitoring conjoined liveness with conditional behavior. Separating health signals quiets noise under load.
Coherence as a Deliverable: How a Multi-Surface Engagement Stays Sane
Dev.to · Jeremy Longshore 1mo ago
Coherence as a Deliverable: How a Multi-Surface Engagement Stays Sane
Why scattered Plane issues, beads, docs, and partner portals silently diverge — and four structural patterns that catch drift before it compounds.
The Two Postgres Bugs the Tests Caught: A Real-DB Integration Test Case Study
Dev.to · Jeremy Longshore ⚡ AI Lesson 2mo ago
The Two Postgres Bugs the Tests Caught: A Real-DB Integration Test Case Study
A no-mocks testcontainers policy caught two production-fatal Postgres bugs in one test run — PG 15's schema USAGE removal and an asymmetric SELECT grant for a s
Manifest System + Mutation Testing: Two Ways to Find Out What Actually Works
Dev.to · Jeremy Longshore ⚡ AI Lesson 2mo ago
Manifest System + Mutation Testing: Two Ways to Find Out What Actually Works
Epic 31-B lands the publish side of the bot-manifest protocol in claude-code-slack-channel. Epic 31 closes with an audit. Mutation tests and a cyclomatic gate m
Four Releases in One Day: How the claude-code-slack-channel Security Sprint Actually Shipped
Dev.to · Jeremy Longshore 🔐 Cybersecurity ⚡ AI Lesson 2mo ago
Four Releases in One Day: How the claude-code-slack-channel Security Sprint Actually Shipped
Epic 29-A, 30-A, 30-B, 32-B land in a single calendar day across v0.5.0 → v0.5.1 → v0.6.0 → v0.7.0 — a supervisor, a hash-chained audit journal, and a policy en
Four Primitives, Three Reviews: How a Contributor PR Reshaped a Roadmap
Dev.to · Jeremy Longshore ⚡ AI Lesson 2mo ago
Four Primitives, Three Reviews: How a Contributor PR Reshaped a Roadmap
claude-code-slack-channel v0.4.0 shipped a contributor PR that forced a scoping conversation. Four roadmap primitives emerged. Three parallel reviews — architec
Braves Booth — Idle Recap, Dashboard Density, and AI Pitcher Narratives
Dev.to · Jeremy Longshore 🖌️ UI/UX Design ⚡ AI Lesson 2mo ago
Braves Booth — Idle Recap, Dashboard Density, and AI Pitcher Narratives
Refactoring the Braves broadcast dashboard idle view, eliminating sub-10px fonts, and replacing duplicated AI narrative logic with a structured buildPitcherFact
Software Supply Chain Security After Axios
Dev.to · Jeremy Longshore 🔐 Cybersecurity ⚡ AI Lesson 3mo ago
Software Supply Chain Security After Axios
The axios npm compromise validated every warning in a 38-page supply chain security survey. Three attack vectors, one incident, six steps to act on.