claude-code
10 posts
There is no free()
Claude Code's extended thinking is not a use-after-free. The real exposure is indirect prompt injection into a tool-holding agent - OWASP LLM01, ATLAS T0051.
Nothing crashed, nothing shipped
An agent committed at 03:17; production absorbed it at 03:20. Eleven silent hours later: why every commit is a deployment, and how to watch them land.
Our repair agent patched the wrong file four times
A Claude Code repair agent patched the wrong file four times in 31 hours. Why agents anchor on tracebacks, and the prompt rewrite that fixed it.
31 seconds per 100 lines
38,412 lines of Claude-generated code, 11 incidents, one 11-day silent failure: why generation speed without verification slows your platform down.
Refusal bypass isn't the scary part
What broke when I ran a self-modifying pen test agent through Foundry's harness: $47 burned in 3 hours, a strategy ossification loop, and the registry fix.
Claude Code deleted our deploy pipeline
Why semantic code understanding for Claude Code agents needs an entity index on top of git, not an LSP. Receipts from 90 days of production edits.
Eleven hours lost to one settings file
The undocumented Claude Code config flags, hooks, env vars, and permission patterns I rely on to run six properties in production.
Opened the dashboard at 23:47
Microsoft cancelled Claude Code subscriptions. Here's the production audit one indie operator ran on $847/mo of Anthropic spend.
your logs are lying to you
Five production failure modes in Claude Code platforms, the exact code that causes each, and the five-step debugging loop that isolates them.
Claude Code's System Prompt Is a Production AI Agent Blueprint
Claude Code's system prompt is a working engineering spec for production AI agents. Six concrete patterns for context isolation, tool selection, parallelism, error recovery, memory, and blast radius management.