Field notes on running agents.
How we build, secure, and run a fleet of self-hosted AI agents.
Coding Agent Cost Monitoring: Control Spend Early
Coding agent cost monitoring helps platform teams control token, credit, and workflow spend by combining budgets, telemetry, attribution, and policy.
Securing Coding Agents in CI/CD: Practical Baseline
Securing coding agents in CI/CD starts with one rule: treat untrusted GitHub content as hostile, then limit secrets, tokens, network, and write access.
AI Code Review Agent: Evaluation Guide for PRs
An AI code review agent should be evaluated as a governed PR workflow, not a comment bot. Compare signal, cost, permissions, context, and human review impact.
Credential Proxy for AI Agents Without Secret Exposure
A credential proxy for AI agents lets agents call private repos, APIs, CLIs, and MCP tools without exposing raw secrets to runtimes, prompts, or logs.
Agent Harness for Coding Agents: Runtime Architecture
An agent harness for coding agents controls sandboxes, state, permissions, tool execution, review flow, lifecycle, and cleanup around safe AI coding work.
AI agent observability for safe coding agent rollouts
AI agent observability for coding agents: trace runs, commands, diffs, tests, costs, approvals, and risky side effects before code reaches production.
Long-running background AI agents need durable workers
Long-running background AI agents need durable workers, queues, checkpoints, approvals, sandboxing, cost caps, observability, PR review, and control.
Persistent AI Agent Workspace Architecture Guide
Design a persistent AI agent workspace with durable files, sandbox snapshots, memory boundaries, rollback, tenant isolation, and clear retention policy.
Self-hosted coding agent runtime: build, buy, operate
A self-hosted coding agent runtime gives policy control and data residency, but shifts sandboxing, secrets, audit, cleanup, and capacity to your team.
Production Workflows for AI Coding Agents That Scale
Production workflows for AI coding agents need isolated workspaces, reviewable diffs, CI controls, protected merge gates, and accountable human ownership.
MCP vs function calling: Practical architecture guide
MCP vs function calling explained for engineers choosing between direct tool calls, MCP servers, runtime discovery, auth boundaries, latency, and reuse.
MCP Security for AI Agents: Production Controls
MCP security for AI agents needs token audience checks, sandboxed tools, schema pinning, approval UX, egress limits, and clear incident-ready audit trails.
AI Agent Sandboxing: Secure Coding Agent Controls
AI agent sandboxing helps security leaders control source access, secrets, network egress, and coding agent execution risk before agents touch private code.