Tag: developer-tooling
All the articles with the tag "developer-tooling".
-
Dependency scanning should be a default, not a discipline
Vulnerability scanning fails like ergonomics: fine when you remember, forgotten the one time it matters. I created autoscan-kit to push the scan into places that fire on their own, so skipping it is harder than running it.
-
Skills are the new agents; an ode to skills, and the risks
Coding agents are becoming orchestrators of specialized skills. But the ecosystem is fragmented, unversioned, and largely unaudited.
-
Skills are just text files. So where's the lockfile?
Skill distribution is a mess: no manifest, no version pinning, no lockfile. A skill is a prompt injected into a privileged agent, so it's a supply-chain problem. The boring fix already exists.
-
I switched from beads to plaintext tasks that live in the diff, managed by a skill
I wrote opentasks-skill to teach my coding agents to manage tasks without external dependencies, with a git-tracked audit system.
-
My agent policy kit
I was maintaining the same operating rules in a different config for every coding agent I run. So I built one shared policy and skill set that installs across all of them.
-
How I set out to build a coding agent orchestrator and ended up writing a config auditor instead
Building (almost) in public, coding agents, security, and breaking from platform lock-in