Articles
All articles.
Scanner Pro: evidence-grade tool verification
Free scan finds patterns. Pro scan runs bandit, semgrep, checkov, detect-secrets, pip-audit, and ruff. Why method_label: "tool_verified" matters for governance audit trails.
Build LogBuild log: shipping a governed AI coding assistant in one month
Lambda, Cognito, Stripe, DynamoDB, a VS Code extension, 473 tests. No EC2. Every decision, every gotcha.
PatternRepo as data structure
Google, Meta, Microsoft, Amazon, and Apple all solved the monorepo problem differently. AI assistants change which trade-offs matter.
FindingThe automatable middle
Coding is 25–35% of the lifecycle. AI automates that slice. The bottleneck moved upstream: to intent quality, not implementation speed.
FindingTokens in the desert
$1.15 trillion in AI infrastructure over three years. The business model is tokens on a metre. Whether your use case works is your problem.
FindingSpend like you mean it
Subscribe, burst, own. For every dollar on API tokens expect $2–7 more in hidden costs. A framework for knowing which bucket your AI spend sits in.
PatternGovernance that runs as code
Policy documents become enforceable checks inside the development loop. The difference between a rule that exists and a rule that runs.
PatternWhen agents plan their own work
AI agents that plan, execute, and verify. Where this works, where it breaks, and what the failure mode looks like when it goes wrong quietly.
PatternThe boring replacement is better
A 5-link dependency chain failed. Four Lambda functions and a DynamoDB table replaced it. Fewer moving parts, fewer failure modes.
PatternOne config file, one tenant stack
A separate Lambda, DynamoDB, and CloudFront stack per tenant from a single config file. The B2B2C pattern that does not require retrofitting.
PatternScripts at scale
60+ Python scripts across M365, AWS, SharePoint, SQL, Jira, Freshservice, Salesforce. What enterprise operational tooling looks like when it stops being one-off.
PatternAgentic code review
Five governance personas, one pull request. What it looks like when security, finance, privacy, compliance, and data all review the same code change.
PatternThe deliberation engine
Four AI personas deliberate on a problem before any code is written. The architecture behind structured AI disagreement.
PatternBuilding on a budget with humans in the loop
How garden leave, AWS free tier, and a 4-tier human-in-the-loop framework shaped three months of building.
PatternAgentic development contracts
Machine-readable, machine-enforceable bilateral contracts for AI agents. The same rigour as hiring a dev house, applied to your codegen.
PatternThe governance proxy
An MCP-compatible proxy that intercepts agent actions, evaluates them against policy, and blocks or permits in real time.
PatternShift left: security scanning at every stage
Shift-left security in practice: pre-commit to org-level scanning without an enterprise budget.
Case StudyB2B2C sector study: grants distribution platform
A full-stack B2B2C platform serving grants distribution at scale. Salesforce, Lambda, multi-tenant DynamoDB. One config file per tenant.
PatternAuditing a Salesforce org for divestiture
Five stages. Read-only. SOQL and the Tooling API. Numbered findings with evidence. A remediation register before the steering group asks for one.
PatternThe agentic stack: seven layers from zero to self-healing
Seven stackable layers that take you from an empty AWS account to a self-healing, governed agentic platform. Each layer is independently deployable.
FindingI can audit all your systems — latest to legacy
The RST scale was built to score GitHub repositories. It was never only about code. Any system with observable outputs can be scored and remediated.
PatternFire and forget: async task queues for AI coding sessions
A pattern for offloading slow AI tasks from an interactive coding session to a background worker queue, with results read back on completion.
PatternClosing the loop: from issue to pull request
Automating the journey from a discovered issue to a merged pull request — the AutoDev pipeline pattern for governed agentic delivery.
PatternBrood: worker queues for governance agents
Persona-based worker queues that give governance agents a concrete job to do — patterns for decoupled, observable agent work.
PatternSeeing the data you didn't know you had
How to build a data governance layer over a messy enterprise Microsoft 365 tenant — SharePoint crawl, classification, and visibility dashboard.
PatternPersonas before governance
From Springfield character names to Smithers the LLM observer to a full AI committee review system: the evolution of persona-based governance.
Build Log43 Repos in 70 Days
A data-backed view of how an AI-native platform converged from exploration to production in 70 days. Commit velocity, issue closure rate, cost per feature.
PatternThe contract model for AI development
A DevContract is a machine-readable Statement of Work for AI developers. Three phases, eight clause types, one enforceable governance loop.
ticketyboo makes AI-assisted software delivery legible, enforceable, and provable. Start free — no credit card, no install required.
Start governing your PRs free →