Framework Redesign: What I Learned

A comprehensive audit revealed systemic architectural problems in the IA framework. Here's what patterns worked consistently, what caused failures, and why a complete rebuild is the only viable path forward.

Web Application Pentesting: OWASP-Driven Methodology

Professional web application security testing using OWASP Top 10, WSTG, ASVS, and API Top 10 as an integrated methodology - not just a checklist.

Pentest Workflows: Three Modes

Quality penetration testing at a fraction of the cost. AI-assisted security assessment with rigorous scope compliance, impact-driven prioritization, and professional deliverables.

Why GRC Programs Fail (And How NIST Security Lifecycle Fixes It)

Four-phase closed-loop security program using NIST CSF 2.0. From risk assessment to continuous improvement—with real test case evidence proving it works.

Hierarchical Context Loading: Reducing Token Usage 50-70%

Why bigger context windows don't mean better results. A three-layer architecture that loads only what's needed, when it's needed.

Skill-Command Consistency

After months of debugging agent routing failures, we discovered the real problem wasn't our code—it was our enforcement strategy. Here's what we learned.

Deleting the Smartest Component

The most sophisticated code in your codebase might be the most expensive to maintain. Here's why deleting clever components often improves everything.

Agent Routing Architecture: Why Small Agents Are Better Than Smart Ones

Agents under 150 lines that route to specialized skills. Identity and routing, not implementation.

Command Pattern Consistency: One Mental Model for All Workflows

How a 5-tier documentation architecture enables consistent, discoverable slash commands. Build once, reuse forever.

Skills as Expertise Modules: Building Reusable Solutions That Load On-Demand

Specialized skills with progressive context loading. Load only what you need, when you need it.

No Hardcoded Counts

Every framework says '43 tools' and becomes wrong the moment you add tool 44. Here's a controversial but practical solution: ban all hardcoded counts.

Multi-Model Orchestration: When Opus, Sonnet, Haiku, and Grok Each Have a Role

Building an LLM-agnostic architecture where model selection is a feature, not an accident. Five models, each with a role, ready for whatever comes next.

The Demographic Transition Has Already Happened: An Economic Reality Check

US fertility fell below replacement in 2007. The workers who would sustain our economy were never born. We're not preventing a crisis - we're adapting to one.

security

Engineering Close-Loop System: From Security Findings to Automated Fixes

Build a complete vulnerability remediation workflow using SSH and structured phases - no enterprise SOAR platform required.

Verification-First QA

Most AI QA catches errors after generation. Verification-first aims to ground reviews in external facts - here's how to implement it and its limitations.

Model Context Protocol (MCP): One Year Later - Hidden Costs and Real Benefits

After a year of industry adoption and security disclosures, here's the data-driven analysis of MCP's real costs: up to 236× token inflation, 9.5% accuracy loss, and critical CVEs. Plus: why I chose direct VPS wrappers instead.

ia-framework

Hook-Based Model Routing: Keyword-Triggered Model Recommendations in Claude Code

How a PreToolUse hook recommends AI models based on keyword detection - suggesting Opus for complex problems, Grok for review, Haiku for validation. Soft guidance, not enforcement.

ia-framework

Orchestrating Parallel Agents: Manifest-Based Coordination for Multi-Task Workflows

How I implemented parallel task orchestration using Claude Code's new async subagents feature for concurrent multi-agent workflows.

ia-framework

Why 'Adjacent' Matters: How Collaboration Architecture Shapes System Design

Why I chose 'adjacent' over 'augmented' and what it means for human-AI collaboration. The philosophy behind the framework.

How to Measure Token Efficiency Yourself: A Hands-On Guide

Step-by-step guide to measuring token counts with tiktoken. Validate efficiency claims, build your own measurement framework, and test your Code API wrappers.

The Wrapper Efficiency Pattern: Reducing Token Consumption Through File Storage

Store tool output locally, return summaries, read full data on demand. A pattern applied across 68 VPS security tool wrappers.

Preventing Tool Sprawl Through Discovery Visibility: A PreToolUse Hook Pattern

A PreToolUse hook that discovers existing framework tools and surfaces them when Claude attempts to create new scripts.

infrastructure

Turn Any VPS Into a Remote Pentest Platform with Twingate

How to use Twingate's zero-trust architecture with Docker containers to conduct security assessments against private networks from anywhere - including the gotchas that'll save you hours of debugging.

Obsidian as a Claude Code Companion: Viewing AI Output in Style

Turn Obsidian into a viewer for Claude Code output with live markdown preview, graph view, and cross-device sync via GitHub.