behind the systems
The operating principles behind every AI system I ship.
Not a resume and not another project grid. This is the decision system: where AI can act, where humans approve, how context stays clean, and how production changes roll out without drama.
Human gates
Money, commitments, and trust always need approval.
Architecture first
Specs and invariants before agent-generated code.
Tool producer
Gogaa, CodeLens, Rasad, and WISC came from real workflow gaps.
Controlled rollout
Feature flags, 10% exposure, Sentry, then global release.
scroll
six principles
The rules I actually follow.
01 · default
Human-in-the-loop, always.
If an AI action touches money, commitments, or trust, a human approves it first. Full automation fails the first time the model misreads context.
real example
OpenEvent won't send an invoice until a human clicks approve. That single boundary is why 100+ clients stayed after the AI misfired.
02 · sequence
Architect first. Code second.
Every feature gets an architecture doc before a single line of code. The spec is checked into the repo, then the agent scaffolds from it.
real example
Thread summarization feature: 1 day of architecture doc, 2 hours of scaffolding, 0 rewrites. If the spec is right, the code falls out.
03 · trust-boundary
Strict at boundaries. Loose inside.
All validation happens at system edges (user input, external APIs, webhook payloads). Internally, I trust the types and the invariants.
real example
Stripe webhooks have dual-secret verification + replay protection at the boundary. Business logic downstream assumes the payload is clean.
04 · tools
Consumer AND producer of tooling.
When the tool I need doesn't exist, I build it. CodeLens, gogaa, a custom dev container — each started as a personal frustration that became infrastructure.
real example
No commercial AI reviewer caught the bugs I saw in real PRs. So I built 305 hand-crafted patterns across 9 stacks. Now every PR runs through it.
05 · focus
One task per session.
Context is sacred. I spawn a fresh agent session for each task, with scoped rules and a dedicated memory. Cross-contamination is the enemy.
real example
Reviewing an Openevent PR? That session only has OE's CLAUDE.md loaded. Drafting a gogaa feature? Different session, different memory.
06 · output
Deploy behind feature flags.
Shipped code is off by default. I turn it on for 10% first, watch Sentry for 24h, then roll globally. No big-bang releases.
real example
Every OpenEvent feature ships dark. A bad migration caught in staging means one hour of rollback, not a week of bug fires.
a typical day
07:00 to 18:00 · drag through the day.
Deep work over meetings. Architecture over reaction. Memory over rework.
a day in the life
07:00
input- ▸CodeLens reports on every repo I touched yesterday
- ▸Triage what matters. File issues for what doesn't
- ▸Coffee. Terminal. Zero unread before anything new
If the principles fit
let's build something.
This is how I work with every client and every repo. If that sounds like what you need, book a 15-minute intro call.