Writing & build logs.
Essays on software development, web builds, and AI tooling. Plus build notes from what I'm actually working on right now.
Ten AI-prose tells, one shell script, no more guessing
The em-dash density in my own published articles was running at four times the normal rate for edited prose. That was a measurable problem. So I made it measurable: codified ten AI-prose tells into STYLE-GUIDE.md and a pre-publish shell audit that catches them mechanically.
The backtick that could run anything: hardening AppleScript shell escaping
A Sprint 2.11 review flagged a shell command-substitution gap in a single Python helper. Backticks and dollar signs were passing through unescaped into a double-quoted `do script` string, meaning a crafted issue title could execute arbitrary code. The fix was four lines. Understanding why it mattered took longer.
Two assumptions the pipeline held until it shipped
B8b's first end-to-end Telegram ship-tap exposed two bugs that had been invisible in every prior test. Neither was logic. Both were assumptions the pipeline had been making silently since the day the code was written.
Two bots, one token, infinite 409s — why a bot registry is infrastructure
Retrofitting BBBrain's Telegram modules revealed that the tunnel bot and the brain server had been polling the same token for weeks, throwing 409 conflicts that neither log named clearly. The fix wasn't a config tweak. It was accepting that one-bot-per-purpose needs to be enforced at registration time, not discovered at incident time.
Why BBBrain's rewrite layer runs on a project-owned harness, not Archon
The Opus rewrite layer inside BBBrain's de-AI-ish stack runs through a project-owned osascript Terminal harness, not a general orchestration framework. That choice was deliberate and narrow. Here's what it cost and what it bought.
Audits find what's wrong, not what's missing
A page-by-page audit ran for three days catching deprecated ARIA roles, fabricated copy, and missing hover-pause behaviour. Then I opened the site on my phone and the nav menu wasn't there. Not wrong. Just not there. That's a class of bug audits can't catch, and the fix isn't to audit harder.
macOS won't let your cron read your work: three days inside TCC
A daily launchd job that reads from /Volumes/b/ looked trivial. Three days, four wrong approaches, and one AppleScript .app bundle later, I'd learned why granting Full Disk Access to a shell script is a UI fiction.
An MDX content pipeline grows three kinds of complexity
Naïve MDX setups (one file in, one HTML out) hit three walls as they scale. Routing complexity. Authoring complexity. Citation complexity. Each grows non-linearly with post count; each has a single high-leverage fix.
I built this with Claude Code. The bugs weren't where I expected.
Three days into a page-by-page audit of my own site, I realised the bugs Claude Code had left behind weren't logic errors. They were hypotheses it had inferred from context, presented as facts. The reflex I needed wasn't suspicion. It was verification.
Building this site with Claude Code
Log entry zero: what the site is, what Claude Code did well, where it lied, and where the actual build log lives.
Static Next.js on cPanel in 2025
GitHub Actions to FTP to cPanel. Simpler than it sounds, with a few real gotchas worth documenting.