Putting AI agents into production. The engineering is real, the employer internals stay out of it. Every article lives on dev.to, and is cross-posted to Medium and Hashnode.
An AI agent holding real API keys read data it shouldn't. Why the prompt is not an access boundary, and the mock-key design that moved enforcement below the model and never lets the agent hold the real keys.
AI made me faster and the work better, and somewhere in there it stopped feeling like mine. The honest trade: what you gain in speed and scope, and what quietly goes with it.
A wrapper let the agent write a deck in five lines, and made every deck look the same. Why I deleted it and put the agent back on the raw libraries, plus a design brief and a self-review loop. Third in a series on agents that take real actions.
Splitting the planner from the executor, deciding what counts as a destructive step, and the honest limit of letting a human approve the plan. Second in a series on agents that take real actions.
A real cross-session identity bug, and the alias plus OS-boundary fix that made the agent safe to run with no confirmation step at all. First in a series on agents that take real actions.