Blog
Notes from building Stoicsoft. Tools, processes, and the occasional rant about software that wastes your time.
engineering· May 10, 2026· 12 min readSecure browser terminal sharing: what gotty does not give you
Default gotty publishes a writable shell at a public URL with no auth, no audit, no expiry. Five concerns — auth, scope, audit, lifecycle, exposure — and a 50-line wrapper that closes the gap without replacing the tool.
engineering· May 10, 2026· 10 min readTmux session discoverability: the onboarding wall the keybinding tutorials skip
New engineers don't trip over tmux keybindings — they trip over which session to attach to. A naming convention, an honest listing wrapper, and a read-only-first attach rule turn tmux from a maze into a collaboration substrate.
engineering· May 10, 2026· 9 min readThe unified SSH-plus-AI workflow gap that nobody has shipped yet
Engineers debugging production hold three windows open: SSH, an AI assistant, and a notes file. They are the slow human bridge between tools that should be one. Why the unified product doesn't exist yet, and what to build today.
engineering· May 10, 2026· 9 min readReceipts and invoices: the local prep pipeline that beats cloud OCR
OCR accuracy is set before the engine runs. Deskew, crop, normalize, grayscale — done locally, in batch — turns 60% accuracy into 99% and keeps client material off third-party storage.
- engineering· May 10, 2026· 9 min read
The four-line task boundary that stops AI agent overreach
A six-line scope contract at the top of every agent prompt cuts review time in half. Diffs stay inside the lane you asked for. What goes in those lines matters more than the model.
- engineering· May 10, 2026· 9 min read
Pre-delivery photo prep: the local batch pipeline cloud uploaders skip
Wedding and event photographers move 1,000+ files per delivery. The cloud route burns 90+ minutes and leaks GPS. A local batch pipeline does it in 8 minutes and never touches a server.
engineering· May 9, 2026· 9 min readSearch-scope is the first knob: stop your AI agent from grepping the whole repo
Token blowups in Claude Code, Cursor, and Codex are usually a tool-call-scope problem, not a model problem. Four tactics to make the agent's search return 4 files instead of 47.
engineering· May 7, 2026· 8 min readParallel agent worktrees need a context contract, not just isolation
Running coding agents in parallel worktrees fails at the merge boundary, not in the agents themselves. A short written contract — scope, interface, shared state, merge order — turns isolated work into coherent diffs.
engineering· May 6, 2026· 8 min readContext-Window Management Is a Workflow Problem, Not a Model Problem
Long AI coding sessions degrade because the workflow around the model fails to manage context as a finite, allocable resource. Treat the window as a budget you plan, chunk, hand off, and reset on schedule.
engineering· May 6, 2026· 7 min readHard Spend Caps Are the Missing Safety Rail for Long AI Agent Sessions
Usage dashboards explain the bill after the damage is done. Long-running AI agent workflows need hard stop budgets before they start.
engineering· May 6, 2026· 7 min readThe Planner-to-Executor Handoff Format That Keeps Multi-Agent Coding Work on Track
When planning and implementation blur together, quality drops. A compact handoff format keeps multi-agent coding work scoped, testable, and recoverable.
engineering· May 5, 2026· 7 min readWhy Your AI Coding Bill Tripled — and the Four Guardrails That Prevent It
Most AI cost spikes are detectable in advance — if you've configured the guardrails. Daily caps, session ceilings, visible meters, audit logs.
engineering· May 5, 2026· 7 min readPlanner/Executor Patterns for Composer 2 (and Any Agent-Style AI Coder)
Agent-style coding tools burn tokens fast. Scope, plan, cap, and verify — the four-step pattern that keeps quality high and cost contained.
engineering· May 5, 2026· 8 min readCompliance-First AI Development: A Checklist for Regulated Teams
If your code touches HIPAA, PCI, GDPR, or SOC 2 data, AI coding tools become a compliance question. A defensible one-page checklist.
engineering· May 5, 2026· 6 min readHow to CI-Validate Your CLAUDE.md Across Every Repo
CLAUDE.md drifts silently across repos. A 30-line bash CI check catches it before policy gets quietly deleted.
engineering· May 5, 2026· 6 min readThe Five-Field Template That Stops Billing Tickets From Escalating
Billing escalations don't escalate because of the original error — they escalate because of the response gap. A structured template that closes the gap.
engineering· May 5, 2026· 7 min readModel and Cost Controls Belong in Your AI IDE's Defaults, Not Buried in Settings
Sensible defaults for tier-by-task, session ceilings, and visible cost meters turn AI tools from runaway-spend risks into predictable line items.
engineering· May 5, 2026· 6 min readContext Reset Patterns for Long AI Coding Sessions
Long AI sessions drift. The fix isn't a bigger context window — it's three explicit reset patterns and a habit of curation.
engineering· May 5, 2026· 6 min readWhy Short Diagnostic Commands Beat Long AI Explanations
Five-second commands beat 200-word advisory blocks for the first turn of any debugging conversation. The principle and what it means for AI assistants.
engineering· May 5, 2026· 7 min readWhy Billing Transparency Is the Hidden Trust Lever in Every SaaS
Billing escalations don't escalate because of the original error — they escalate because of the response gap. Here's the structured fix.
engineering· May 4, 2026· 9 min readWhy Your Infrastructure Setup Order Matters (And How to Get It Right)
Identity → substrate → services → integrations. A four-stage mental model for setting up infra in the right order, every time.
engineering· May 4, 2026· 8 min readThe Underrated DevOps Practice: Preflight Scripts That Prevent Regressions
Most teams discover preflight checks the same way: an outage. Here's the pattern, why it's so cheap, and what to put in yours.