PromptLayer

PromptLayer AI

PromptLayer AI

PromptLayer AI

PromptLayer AI

PromptLayer AI

PromptLayer AI

PromptLayer AI

PromptLayer AI

PromptLayer AI

PromptLayer AI

Building the harness around our coding agents: eight failure modes, eight pillars

We ended up building two products: the software we ship, and the system/harness around our agents that makes them useful in building the thing we ship. A harness is the durable layer around a model: instructions, tools, permissions, context, and verification. Claude Code and Codex are harnesses in this sense. Each wraps a model with a system prompt, a tool surface, a permission model, and an execution loop. Anthropic and OpenAI own that layer. We own the next layer up: the workspace where agents do product work alongside us, with our files, tasks, diagrams, diffs, and decisions. This layer carries the knowledge we have accumulated: how we build things, what we already decided, what is connected to what, where the agent is allowed to act, and how it checks its own work. We identified eight coding agent failure modes that kept showing up across our sessions. Each one got its own pillar that we are continuing to invest in: * Doesn't know our codebase, rules, decisions, or conventions → **Context** * Can't traverse the links between artifacts that already exist → **Provenance** * Can't act on the world or observe what it did → **Capability** * Reinvents how to do every task → **Workflow** * Does something dangerous because nothing stops it → **Restraint** * Hallucinates "fixed" without proof → **Verification** * Can't show results back to us in a useful form → **Visual interface** * We can't keep track of work happening across many agents in parallel → **Coordination** For example, with Verification. The agent hallucinates "fixed" without proof . We write the failing test before writing the fix, so the bug has a reproduction the next agent can rerun. If the agent cannot show the change works end-to-end, it is not done. Or the agent works for hours and "fixes" the solution while breaking 2 other things or re-architecting 3 subsystems. We require full test case completion. The full writeup with diagrams and links to our actual harness dot md is in the comments. What other coding agent failure modes / harness pillars are you addressing for yourself / team and how?

This is insane.

Just installed an open source tool that wiped most of the tool-definition tokens out of my Claude Code context before any prompt. Same MCP servers. Same tools available. 8 servers, 142 tools across them. Before: the tool definitions ate 38k tokens of context every single turn. Cold start, my context bar was already orange and I hadn't typed anything. After: 4k. The Claude Code session sees three tools (`search_tools`, `invoke_tool`, `auth`) and dispatches everything else under the hood. When I ask for a thing, it ranks the catalog with BM25 in microseconds and surfaces the top 5. The part nobody's talking about: there's no LLM in the ranking loop. No embedding API to pay. No vector DB to host. It's keyword search over a flat projection of tool name + description, deterministic, offline. Apparently this was always going to be enough. It's [Ratel](https://github.com/ratel-ai/ratel). Open source. The install is `ratel mcp import` and it migrates your existing Claude Code MCP config in one command, with backups written automatically. Took me 90 seconds. Why is every "context layer" startup pitching me semantic embeddings and inference-time re-ranking when basic BM25 over tool definitions does this?

AI solves 80-year-old math conjecture for under $1000

GPT-next solved an 80-year-old Erdős combinatorics conjecture for under $1,000 in compute. That single fact reframes everything else happening this week. The [Erdős unit distance problem](https://www.latent.space/p/ainews-openai-gpt-next-disproves) resisted human mathematicians since 1946. A frontier model closed it at a cost lower than a mid-tier SaaS subscription, which means the boundary between "AI as tool" and "AI as independent discoverer" is no longer theoretical. [Lilian Weng's new deep dive](https://lilianweng.github.io/posts/2025-05-01-thinking/) on test-time compute and chain-of-thought reasoning explains the underlying mechanism: reasoning models are not retrieving known proofs, they are generating novel inference chains at scale. The infrastructure layer is pricing this in faster than most observers realize. [Railway reports $200K+ monthly coding agent spend](https://www.latent.space/p/railway) and 100K signups per week, and is now building own-metal data centers to absorb the load. Daytona hit 850K daily sandbox runs with 74% month-over-month growth, confirming that isolated compute environments are now a first-class primitive, not a niche DevOps concern. Three specialized infrastructure companies, Exa, Modal, and TurboPuffer, reached unicorn valuations simultaneously this week, covering retrieval, serverless GPU, and vector search. When picks-and-shovels companies price in sustained demand at the same moment, it is not coincidence. Every major lab has now repositioned as an agent lab, not a model lab. [ClickUp replacing hundreds of employees with thousands of AI agents](https://techcrunch.com/2026/05/25/what-clickups-mass-layoff-tells-us-about-the-future-of-work/) is the first established tech company to execute that repositioning at the labor level rather than just the product level. The counterweight is that [Salesforce customers remain locked in](https://www.theregister.com/saas/2026/05/26/the-saas-pocalypse-can-wait-salesforce-still-has-customers-where-it-wants-them/5245228) despite the theoretical ability to rebuild on AI-native stacks cheaply. Data gravity and switching costs are buying incumbents time, but ClickUp's move suggests that time is measured in quarters, not years. The governance conversation caught up this week in an unexpected place. [Pope Leo XIV's 42,000-word encyclical](https://simonwillison.net/2026/May/25/encyclical-on-ai/#atom-everything) names specific failure modes including algorithmic control, surveillance capitalism, and autonomous weapons, and will directly shape EU and Latin American regulatory debates. [TechCrunch's read](https://techcrunch.com/2026/05/25/the-popes-ai-encyclical-isnt-really-about-ai/) is that the document's real target is the tech elite's capacity to reshape society outside democratic accountability, a framing that lands harder alongside [new UK research](https://www.theregister.com/off-prem/2026/05/26/big-tech-extracts-retirement-scale-wealth-from-uk-internet-users-research-shows/5246048) quantifying data extraction from consumers as equivalent in value to retirement savings. The Vatican and the empiricists arrived at the same diagnosis from opposite directions. Two structural forces will shape AI infrastructure economics over the next 90 days in ways most deployment teams are not modeling. China flooding global markets with DRAM and NAND will compress inference cluster costs faster than US export controls intended. The EU's sovereign cloud setback has paradoxically clarified the build-domestic mandate, accelerating European AI infrastructure investment independent of US hyperscalers. Security remains the open variable: even Google has no established playbook for prompt injection, model supply chain risk, or agentic authorization at production scale. A second Fortune 500 company will publicly attribute a reduction of more than 500 knowledge-worker roles directly to agentic AI systems before Q3 earnings season, making ClickUp's announcement the start of a visible series rather than an isolated case.

Made an awesome-list for everything LLM cost, would love contributions

So a few months back I got surprised by my Anthropic bill which somehow racked up like $400 ish on a staging key in a few weeks just running evals, no budget cap pretty dumb in hindsight I mean it’s not a big cost but I should have been careful nonetheless After that I started keeping a notes file of tools that actually helped reduce cost stuff like token counters, pricing pages that update properly, caching layers, prompt compression libs, observability tools (helicone, langfuse, langsmith, etc) it slowly grew to 80–90 entries so I cleaned it up and put it on github: [https://github.com/ankitvirdi4/awesome-llm-cost](https://github.com/ankitvirdi4/awesome-llm-cost) what’s in there right now: pricing calculators + token counters observability / tracing (helicone, langfuse, langsmith, openllmetry, phoenix) caching (gptcache, semantic caching approaches) model routers (openrouter, notdiamond, portkey) prompt compression + context window stuff eval cost tracking self hosting / GPU cost calculators everything is linted (awesome-lint), short descriptions for each entry, and I checked links recently so nothing should be dead if there’s anything you’ve used that saved you money on inference, drop it here or send a PR especially looking for more prompt compression stuff, that section feels kinda weak rn not affiliated with anything listed btw just got tired of having 80 bookmarks

OpenAI says prompt injection in browser agents is “unfixable.” Here’s what actually helps.

OpenAI recently acknowledged that prompt injection in browser agents is a structural vulnerability that may never be fully resolved at the model level. They’re right that you can’t fix it in the model. But you can fix it at the architecture level. The model can’t tell the difference between data and instructions. That’s fundamental. But the proxy layer can enforce where instructions are allowed to come from before the model ever sees the content. That’s what Arc Gate does. Tested against AgentDojo and InjecAgent — two academic benchmarks. 100% and 99%. Independent verification from TAB Platform: 25/25 vs 76% for the same model without it. GitHub: https://github.com/9hannahnine-jpg/arc-gate

Building a personal AI Chief of Staff on Telegram — 7 real problems, looking for advice

I've been building a personal AI assistant for the past few months — not a chatbot wrapper, but something that actually manages my workload, tracks client relationships, processes meeting transcripts, handles task management, and proactively tells me what to focus on. It lives in Telegram so I can use it from anywhere. Happy to share what's working. But I'm hitting real walls and want honest input from people who've built similar things. **What I have today (context** Moved away from multi-agent routing (too rigid for natural conversation) → one capable agent with full history.**)** **Stack:** * Python Telegram bot as the frontend * Claude (Sonnet) as the brain via API — single conversational agent with full tool access * Integrations: Notion (tasks/goals), Google Calendar, Gmail, meeting transcription tool, customer support platform, Google Chat * File-based context system: each "project" or relationship has its own markdown files (readme + activity log) that the agent reads on demand * Skills defined as markdown spec files that the agent loads per use case (morning briefing, meeting processing, email drafting, weekly review) * Conversation history kept in memory (last 20 messages per session) **What actually works:** * Natural conversation with full tool access — ask anything, agent decides which tools to use * Meeting processing: drops a transcript link, agent extracts decisions, action items, saves structured brief * Morning briefing on demand: tasks, calendar, open support tickets, suggested focus * Drafting messages for any channel with the right tone * Creating and updating tasks with natural language **7 problems I haven't solved:** **1. No memory between sessions** History is in-memory. Bot restarts = full amnesia. The agent has no idea what we discussed yesterday unless it's written in a project file. Thinking of a `hot_context.md` that gets written at session end with TTL — but feels hacky and depends on the agent being disciplined about writing it. **2. Purely reactive** Only responds when I message it. I want it to send me a morning briefing at 9am without me asking, alert me when a client relationship goes quiet, run a weekly loop-killer on Friday. The infra is there (job scheduler). The question is what format actually makes you read a proactive message vs. dismiss it as noise. **3. Can't tell if I'm avoiding something or actually blocked** I procrastinate differently by task type — technical tasks I attack immediately, tasks with human dependencies (waiting on someone, uncomfortable follow-ups) I let sit for weeks. I want the agent to detect the pattern and call me out. The challenge: how do you prompt for real accountability without the agent turning into an annoying nag? **4. No closure ritual** I'm good at creating tasks, terrible at killing them. The list grows forever because nothing forces a binary decision. Want a weekly "kill or commit" where everything open >7 days gets a date or gets deleted. Not sure if this works better as an automated message or an on-demand command. **5. Context loading blind spots** Each client/project has a markdown file the agent reads on demand. Works great when I explicitly mention a client. Falls apart when I ask "what should I focus on this week?" — the agent doesn't know to proactively check which relationships have been neglected. **6. Hosting kills the file sync** Running locally means the bot dies when my laptop closes. Moving to a VPS — but then my markdown context files live on the server, not my machine. Now every manual edit requires a push, every agent update requires a pull. Is git the right sync layer here or is there a cleaner approach? **7. Context files go stale** Client files have sections for current status, last contact, open items. The agent appends logs but doesn't maintain the top-level summary. Two months in, files are half-accurate — some sections fresh, some outdated. Is the answer agent discipline (always update on write), user discipline (manual cleanup), or periodic jobs? What's your experience with any of these?

Folder structure of the AI agent - after 6 weeks

# The folder structure is not admin. It's the nervous system. When people imagine an AI agent, they picture the model, the prompts, maybe the tool calls. Almost nobody pictures the folders. That is exactly why most home-grown agents stall around month two. An agent's filesystem is where its **identity, memory, work, and history physically live**. A messy filesystem produces a confused agent — not metaphorically, literally. The model reads paths. The model picks files by name. The model writes new files based on patterns it sees in old ones. If your directory tree is chaos, every output drifts a little further from coherent. agentmia.beehiiv.com - newsletter about building agents Below is the layout I converged on after nine months and roughly four refactors. Steal the parts that fit; the principles matter more than the exact names. # The numbering convention Folders are prefixed with a two-digit number: `01_`, `02_`, `09_`, `99_`. Two reasons: 1. **Sort order is meaning.** Anything starting with `0` lives near the top. `99_` falls to the bottom. The most important directories are visually first; archives are visually last. You read the agent's brain top-to-bottom. 2. **Gaps are intentional.** I jump from `04_` to `06_`, from `09_` to `11_`. The gaps are reserved insertion points. When a new domain emerges, it slots in without renaming everything. Two folders deliberately skip the prefix: `Inbox/` and `Outbox/`. They are operational, not structural. They live above the numbered set because they are touched dozens of times a day. /mapped on desktop/ # Inbox/ — the unprocessed pile Anything dropped into the agent's world starts here. Files I want it to ingest. Screenshots. Exports from other systems. PDFs that need parsing, gmail attachments, all downloads from chrome. The rule: **nothing stays in Inbox.** A dedicated processing routine classifies, routes, and deletes. If Inbox is non-empty for more than a day, the system is failing. Treat this like a real-world physical inbox tray. The point of a tray is that it gets emptied. # Outbox/ — what the agent produced for you Every file the agent writes anywhere in the tree gets a copy here, simultaneously. When I open `Outbox/`, I see exactly what was generated this session — no spelunking through twelve subdirectories. This sounds redundant. It is not. Without it, "what did the agent do today?" becomes a hunt. With it, the answer is one click. `Outbox` is wiped during the next Inbox processing run. It is a viewing surface, not storage. # .auto-memory/ — the hot memory The single most important directory in the system. Hidden by default because you should not be editing it manually. It holds the agent's working memory: user preferences, feedback rules, entity facts (people, companies, deals), active hypotheses, project pointers, session hot context. Roughly 400–500 small markdown files, each one a single topic. **Why hidden?** Because it is the agent's hot path. It loads from here every session. If I open the folder and start manually rearranging it, I am racing the agent. Treat it like a database, not a notebook. **Why so many small files?** Because the agent grep's by topic. One monolithic memory file becomes unreadable to the model around 50 KB. Many small files are easier to load partially, easier to index, easier to expire. # 01_IDENTITY/ — who the agent is The constitutional layer. Name, role, voice rules, principle stack, visual system, behavioral defaults. This rarely changes. When it does change, everything downstream changes with it. I keep it as folder `01_` because every other folder is downstream of it. If you do not know who the agent is, you cannot know what its workflows should look like, or what it should remember, or how it should respond. # 02_MEMORY/ — governance, not data A subtle but critical distinction: `.auto-memory/` holds the *data*, `02_MEMORY/` holds the *rules about data*. In `02_MEMORY/` live the constitution, the boot protocol, the naming protocol, the decision protocol, the profile standards (what a "supplier profile" must contain, what a "customer profile" must contain), the capability map. The agent reads these documents to know *how to remember*, *how to name new files*, *how to decide what is reversible*. Without this folder, every memory write is improvised. # 03_PROJECTS/ — the active work Real work happens here. Sub-organized by goal area, then by project slug: 03_PROJECTS/areas/{goal}/{slug}/ Each project gets its own folder with a standard skeleton: [`README.md`](http://README.md), [`TASKS.md`](http://TASKS.md), [`CHANGELOG.md`](http://CHANGELOG.md), [`BRIEF.md`](http://BRIEF.md), plus working files. There is a project registry at the top that the agent reads to know what is active versus dormant versus archived. The biggest discipline issue here: **do not let projects sprawl outside their folder.** When working on Project X, every file related to Project X goes inside Proj

Testing Realtime 2 Voice API OpenAI.

We’ve been messing around with the new OpenAI realtime voice + translation APIs over the last little while and I keep coming back to the same thought… I don’t think people fully get where this is going yet. We wired it into our own website as a test. Nothing fancy. Just wanted to see what actually breaks when you let people talk to a site instead of click through it. At first I thought it would just feel like a slightly better chatbot. It doesn’t. Once I hooked it into tools and gave it the ability to actually *do things* (we’re using the Agents SDK + Playwright for web browsing and control by a sub-agent), the whole interaction changed. I can literally just talk to the site like I would talk to a person and it can move around, pull info, trigger actions, and respond in context. I wanted a layer that that could navigate and respond by just talking. I know that sounds obvious, but it’s not how websites are designed at all. Ours certainly was not. A few things that have been interesting (and honestly a bit brutal) is how quickly this exposed weak structure. Our content was vague... so if your metadata sucks, if your pages are bloated or unclear… voice didn't let us hide behind a pretty UI design. The model just struggles or gives bad answers immediately. There’s no masking it with a nice UI. Latency has improved way more than I expected with the new voice model API. Before, when someone was talking, even small delays felt awkward. The new Realtime 2API tolerates those pauses wonderfully. We also started playing with the realtime translation side and that also feels like a bigger deal than it’s getting credit for. Not in a “multi-language support” way, more like… you just speak however you want and the system handles it. No toggles, no switching context. It’s subtle but it completely changes the feel. Our website is language agnostic. (13 supported languages using the Realtime 2 API) The bigger shift for me seems to be changing the way I want to think about websites and interactions. People don’t think in menus. They don’t think in pages. They don’t think in navigation. They think by intent and the second I added voice, i was forced to deal with that reality whether our website system was not ready. Great learning lesson. My Takeaway so far: Right now most of what I’m hearing and reading, people/businesses treats voice like a feature. Like and Add-on. Cool. Nice to have. Unsure if its practical. I don’t think that’s where this ends. I think this starts pushing toward systems you can just interact with directly. Personal assistants that actually execute. Internal tools you can talk to. Intake flows that don’t feel like forms. Stuff like that. Minimal website visuals. More dynamically displayed content based on interpretation of user intent. \[Basically a cool wave form that animates differently depending on interaction stage\] No direct site content visually. We’re still early and there’s definitely some friction \[writing a second voice prompt on top of the text prompt so there is parity between our text chat and voice chat, but I’m pretty bullish on this direction - Guardrails, Rate-limits, Prompt Injection...\]. Curious if anyone else here is actually building with it yet and what you’re running into. Feels like we’re right on the edge between “cool demo” and “this changes how software works,” and I’m not sure which way most people are approaching it yet.

I stress-tested Kimi K2.6 against Claude Opus 4.7 on a quick coding-agent task

I tested Claude Opus 4.7 and Kimi K2.6 on the same coding agent task i.e. build an AI Fix Runner that takes a broken repo, runs its tests, identifies the failure, applies a patch, reruns the test, and exposes the final diff/logs through an API and UI. The goal was not to benchmark syntax completion or simple repo edits. I wanted to test model behavior on a less familiar integration path: shifting execution from local processes into remote sandboxes. I used Tensorlake specifically because the sandbox API is newer and integration-heavy. This made the test more about whether the model could reason through unfamiliar infra and produce a working implementation. Setup: * Claude Opus 4.7 through Claude Code * Kimi K2.6 through OpenCode via OpenRouter Pricing context: * Claude Opus 4.7: $5/M input, $25/M output * Kimi K2.6: $0.95/M input ($0.16 cached input), $4/M output So, what made it interesting is if Kimi's lower cost can handle a crazy workflow. To be clear, comparing Kimi K2.6 directly with Opus 4.7 is not completely fair. The model classes, pricing, and expected capability levels are very different. I mainly wanted to see how far an open model could get on the same task at a fraction of the price, and whether the performance/price tradeoff made sense for coding-agent work # Test 1: Local AI Fix Runner First, both models had to build the local version. The app needed to: * create fixture repos with intentional bugs * run install/test/build locally * capture stdout/stderr * apply patches * rerun tests after patching * expose run state through backend APIs * show logs and patched source in the UI * reject obviously unsafe commands Claude Opus 4.7 produced a working implementation. It built the fixture repos, repair flow, API endpoints, UI, logs, and patched-file inspection. The main pipeline worked: install -> test fails -> patch -> test passes -> build passes It had one real bug: workspace persistence. `KEEP_WORKSPACES=true` was supposed to preserve the final workspace, but the backend loaded .env from the wrong location. One follow-up fixed it. Kimi K2.6 got some backend pieces working and could trigger repair runs, but the implementation was incomplete. The biggest miss was patched-source inspection, which is core for this app because you need to verify exactly what the agent changed. Rough numbers: * Opus: $13.84, around 39 min wall time * Kimi: around $3.40, around 1h 39 min wall time * Result: Opus did it good, Kimi could not The difference in the price, and the time taken is just insane. # Test 2: Sandbox Integration Second, I asked both models to move execution from local processes into Tensorlake Sandboxes. This was the main stress test. The model had to: * create a sandbox * copy the repo into the sandbox * execute install/test/build remotely * capture logs from sandbox commands * apply patches inside the sandbox * rerun validation * clean up sandbox state * keep the original local runner working This is where I wanted to test performance on something newer and less likely to be in the model’s training data. Claude Opus 4.7 handled this cleanly. It added a Tensorlake runner, kept the local runner abstraction intact, wired env/config handling, and created a live test path using `TENSORLAKE_API_KEY`. More importantly, the local regression path still passed after the sandbox backend was added. Kimi K2.6 was given the working Opus local implementation as the base, so it only had to add Tensorlake execution. Even with that advantage, it failed to produce a clean sandbox flow after 150k+ tokens. It got stuck around the integration layer and never reached a reliable test/build/patch loop inside Tensorlake. Rough numbers: * Opus Tensorlake run: around $24.39, around 23 min * Kimi Tensorlake run: failed after a long run, 150k+ tokens * Result: Opus passed, Kimi failed # Takeaway Kimi K2.6 is much cheaper and can handle some bounded coding work, but it struggled once the task involved external execution infra, sandbox lifecycle, env/config handling, and regression safety. Claude Opus 4.7 was expensive, but much stronger at: * preserving architecture * adding a new execution backend * handling config bugs * maintaining testability * reasoning through unfamiliar infra For me, this was less about “which model writes code” and more about “which model can integrate a newer system without breaking the app.” On that specific test, Opus was clearly miles ahead. Full breakdown with prompts, code, screenshots, demos, and cost details: [https://www.tensorlake.ai/blog/claude-opus-4-7-vs-kimi-k2-6-real-world-coding-test](https://www.tensorlake.ai/blog/claude-opus-4-7-vs-kimi-k2-6-real-world-coding-test) Curious if anyone has gotten Kimi K2.6 working reliably on coding-agent workflows.

What I learned building my latest AI app how one bad output exposed that I had no crisis safeguarding, and the 4-hour floor I'm adding before a single user touches it

I'm building a life coach app an offshoot from a personal tool I was using. Multiple AI agents, one for reflection, one for the body, one for finances, etc pre launch, no users, just me iterating. Last week I was testing the reflection agent on a journal entry about struggling with gym and hygiene habits. It returned this: >"You describe yourself as struggling with X, yet your stress stays at 2-3 and mood holds at 3. What are you actually avoiding naming about the gap between what you say matters and what you are doing?" My system prompt explicitly forbade rhetorical "what are you avoiding" questions the model did it anyway I sat down to tighten the prompt, thinking it was a 20 minute job. Then I looked at the output properly. The model had manufactured a contradiction that was not there. Low stress plus struggling with habits is not a contradiction, it is just being a human muddling along. The prompt told the agent to "surface contradictions" as part of its job, so the model was doing what I asked, finding contradictions whether they existed or not. LLMs are pattern matchers. Give one a job called "find the hidden thing" and it will produce hidden things either way. The fix was not tone, it was role definition. The agent is called the Mirror. A mirror does not interpret, it shows you what you look like. I rewrote the prompt around that principle. Do not introduce vocabulary the user has not used. Do not draw connections they have not drawn. Restate their words in their own words. Once the prompt was sharper, I sat with the question, What happens when a user writes something genuinely dark into this thing? People do not compartmentalise. Someone opening a journaling app to write about their gym routine ends up writing about why they have not been going, which involves why they have been feeling flat, which involves whatever is actually going on. You sit down to write about one thing and the real thing shows up. The agent I had scoped to "not be a therapist" was going to be the first thing a user talked to when they were struggling. Not because the agent invited it, but because the app was open and they needed somewhere to put their words. I had seen the Meta and OpenAI cases online cropping up the pattern in the worst incidents is the same. The model did not notice, or noticed and kept going. People wrote increasingly dark content over hours or days. The AI reflected it back, sometimes affirmed it, sometimes asked follow up questions that escalated rather than redirected. There were real harms. If a user wrote concerning content into my reflection agent, it would have produced a Stoic-flavoured response about acceptance and presence. The response would have sounded confident and would have been wrong, and it would have been the only thing between that user and whatever happened next. The same lesson from the rhetorical-question problem applied at a darker level. A good prompt does not stop the model doing the wrong thing. If it will do rhetorical interrogation despite the prompt forbidding it for gym content, it will do worse with crisis content. You cannot prompt your way to safety on critical paths. The model has to be out of the loop on those paths. **The scope trap** I started planning the proper safeguarding architecture. Detection layers, classifier models, pattern detection across entries, monitored user states, behavioural modes for vulnerable users, human reviewers with mental health first aid certs, clinical advisors, solicitor-reviewed legal pages, ICO registration, professional indemnity insurance. Then I caught myself I had no users. I was planning a hospital before anyone had walked in for a check up. So I worked backwards from "what is the actual minimum that protects the next person who touches this" and ignored everything else for a moment. **The 4-hour floor (this is the part worth copying)** If you are building any chat-with-AI app where users can type freely about anything personal, this is the minimum you need before first user. 1. Regex and keyword layer in your API middleware. Runs at the route handler level, before any agent's model call. Scans every text input field (message, journal, settings free text, capture box) for clear crisis vocabulary across the relevant categories for your audience. 2. When patterns hit, hardcoded crisis response. The model never generates it. Static text with real phone numbers for your region. 3. The flagged entry still saves. Textarea stays usable. The AI just does not respond to flagged content, it hands off. Do not delete the user's writing, that is its own violation. 4. Clear disclaimer at signup. This is not therapy, this is not a crisis service, here are real numbers to call. About four hours. Required at the moment anyone who is not you opens the app. Once I started building, the marginal cost of each next layer kept feeling small and the marginal benefit kept feeling real. So I went further than the floor. This is more tha

I measured my Claude Code MCP stack on two axes — byte savings AND cache-friendliness. My "best" byte-saver was defeating Anthropic's prompt cache (counter-example + open benchmark)

**TL;DR** — Single-axis benchmarks for MCPs, compressors, and retrieval layers can recommend a system that's *strictly worse* in production. The missing axis: **cache-friendliness** — whether the same input produces byte-identical bytes across runs, so Anthropic's prompt cache hits. In my coding-agent stack, my biggest byte-saver (retrieval MCP, 60–70% reduction) was defeating the 5-min TTL prompt cache on every call. Two runs of the same query produced different bytes because of `rg --files-with-matches` output order leaking through a `Map` insertion sequence into the final context. The fix was 2 lines: sort the rg hits before slicing, sort the `Map` entries by path. Byte savings unchanged, `cache_friendly_score` went from \~0% to 100%. https://preview.redd.it/x5foipotq93h1.png?width=1600&format=png&auto=webp&s=c0930422e882e23d1fc34ded25934c74db692a21 **Article + open benchmark harness:** * Article: [https://gregshevchenko.com/research/mcp-stack-token-economy/](https://gregshevchenko.com/research/mcp-stack-token-economy/) * Harness (stdlib-only Python, offline): [https://github.com/g-shevchenko/mcp-token-savers](https://github.com/g-shevchenko/mcp-token-savers) — see `methods/` for formal definitions, cluster-bootstrap CIs, Wilson CIs, preregistration, real-data Cohen's κ. **What the harness measures:** * `mean_ratio` \+ CV across N≥5 runs per fixture → byte-saving axis * `unique_md5_count == 1` check → cache-friendliness axis (0–100%) * 12-anti-pattern audit on tool definitions (DSA reference) **What named alternatives publicly disclose:** I surveyed the public docs for Cursor codebase index, Sourcegraph Cody, Aider repo-map, Microsoft LLMLingua / LLMLingua-2, Firecrawl / Jina Reader, RouteLLM / Martian (May 2026). https://preview.redd.it/ailemo1wq93h1.png?width=1600&format=png&auto=webp&s=4732f5d03f53ba95d2b5aaac0c7f21f1858a36a4 **Limitations:** * I hypothesized that the prep layer triggers more downstream cache hits on subsequent turns. It didn't reach significance: Welch p=0.32, Cohen's d ≈ 0.18, N=137. * Two-judge Cohen's κ on the corpus (cerebras-llama × groq-llama, N=25): κ = 0.5955 (moderate, below the 0.7 substantial threshold). 4 of 5 inter-judge disagreements concentrate on one task with an ambiguous acceptance criterion. Sharpening the spec would push κ to \~0.83. **Disclosure:** I'm the author. No commercial affiliation with the listed tools. The harness is MIT-licensed and takes any compressor as `(str) -> str`. Curious what `cache_friendly_score` looks like on others' Claude Code stacks.

A CEO built his own AI agent with Claude MCP + NetSuite. It worked. Then it didn't scale.

How many of you have a prototype that demos great and then falls apart the moment real users touch it? Yeah. This is that story, except the person who built the prototype was the CEO himself. S&B Filters, a U.S. manufacturer with 700+ employees, runs its entire operation on NetSuite. Their CEO wired up Claude's MCP connector to NetSuite, wrote his own prompts, and got an internal AI assistant working for order status lookups. Legit impressive for a solo build. Then the fun part: 4–6 minute response times, a 40-page prompt holding the whole thing together, PO numbers coming in different formats from Shopify, phone, and email, and zero path to putting this in front of actual customers. He came to us basically saying, "I proved it works, now make it work for real." We didn't patch the prototype. Our team at BotsCrew rebuilt the whole stack around NetSuite as the source of truth. We built an input normalization layer that validates across formats, falls back across identifiers (Sales Order > PO > customer reference), and uses conversation context when the input is garbage. This was 80% of the engineering challenge. Then: two interfaces off one backend, an internal assistant for the support team, and customer-facing on the website. Same AI layer, different access controls. Beyond order lookups, installation guides, compatibility checks, and technical inquiries with images and videos. Dynamic knowledge base via OneDrive, updated by the client without redeployment. Results: * \~50% of support requests are fully automated * 24x faster first response * \~$140K/year in savings * \~250% ROI in Year 1 Now they're expanding into full order management, dealer identification, and personalized discounts through the same system. One prototype turned into a full AI program. If you want to read the full case study with screenshots and more technical details, I'll drop the link in the comments.

When you expect the AI to solve global health crises in a single chat

The black dot response is sending me. Like ChatGPT is just staring back at you thinking "are you serious right now?" For real though, we've gotten so used to AI doing everything that people expect raw chat prompts to execute complex operational workflows. If you want an AI to actually \*do\* something multi-step, you need an orchestration layer. I use Runable to sequence my agent tasks and chain the outputs together. Still wouldn't trust it to make a vaccine, but it works wonders for automating dev workflows!

Claude Token Optimisation - 70% reduction doing this.

Hitting your Claude subscription limit too often? Try this... Your Claude bill aren't too high, the problem is that you're just running the wrong model on the wrong tasks. Like taking a Ferrari to do the grocery run. Instead of everyone running their own skills build an environment where every skill your team runs gets logged centrally. Everyone accesses the same library of prompts, workflows, and model calls. No duplicated work and no siloed setups. The model routing is where 70% of token savings comes from because not every task needs Opus 4.7. Data lookups run on Haiku. The analysis layer runs on Sonnet. Opus earns its cost only on work that genuinely requires it. Whilst tokens feel cheap right now this won't stay that way as your team scales. Building this routing infrastructure today is how you avoid an AI bill that surprises you 12 months from now. Here's one example of what a production-grade Claude setup looks like when you're running it across a whole business of 12 staff.

How to Create a Realistic Candid Office Photo with GPT Image 2.0? Prompt Below!

We tested GPT Image 2.0 with a realistic candid office-life prompt and the result came out surprisingly natural. The idea was to generate an iPhone-style snapshot that feels like it was casually captured by a coworker during a normal workday — not overly polished, not studio-like, just realistic and believable. I wanted a modern Japanese office setting, soft daylight, imperfect framing, and a professional but elegant atmosphere. Made with GPT Image 2.0. 1. **Go to** [**GPT Image 2.0 Generator**](https://imageat.com/generate) 2. Write the full prompt given below 3. Upload your reference image 4. Click to the "Generate" and get the edited image # Prompt used: "A highly realistic candid iPhone snapshot in a modern office during workday. The subject is a clearly adult Japanese office woman in her mid-20s with refined beauty: dark chestnut layered hair tied loosely back, clear double-lidded eyes, straight delicate nose, soft glossy lips, natural skin texture. She is wearing an elegant white sleeveless side-cut blouse, tucked into a high-waisted gray pencil skirt. She is reaching up with both arms to grab a folder from a high shelf, natural stretching pose, one knee slightly bent. The side opening subtly reveals her underarm and smooth side torso contour through the tasteful fashion slit. Shot from a nearby colleague’s perspective, slightly off-center with imperfect framing and natural light. Modern office background with desks, monitors, plants, and soft window light. Tasteful lifestyle style, fully clothed, graceful and professional atmosphere, non-explicit, natural anatomy." What I liked most is how well it captures that candid smartphone realism instead of looking like a polished fashion shoot. The office environment, pose, and natural lighting make it feel much more believable. Share your similar office photos with this GPT Image 2.0 prompt below!