ShroomDog ShroomDog OriginalOriginal content by ShroomDog
17 posts
← Back to homeBeing a GenAI App Engineer increasingly feels like being a Permission Engineer. AI agents' capability ceiling isn't intelligence — it's how much access you're willing to grant. Every additional permission amplifies both power and risk. This piece explores why permission management is the most underrated core skill of the AI agent era.
xkcd #1205 taught a generation of engineers how to think about automation ROI. But AI changed the most expensive variable in that equation: the real return now is often not minutes saved, but cognitive load removed.
Claude Code: 512K lines of TypeScript, 64K lines of production code, zero tests. But the more interesting question isn't why Anthropic skipped tests — it's why they didn't use their own AI coding tool to write them. Static analysis, MITM proxies, cross-model testing, and the philosophical trap of asking the same brain to write the exam and grade it.
Hidden inside Claude Code's leaked source was a ~90-line file called undercover.ts — designed to make AI commits look like human commits. This surfaces a question the industry hasn't agreed on: when AI writes your code, should anyone know?
You spent months building a powerful AI agent. It just sits there waiting for you to say something. That's not a technical problem — it's a design philosophy problem. From KAIROS's Heartbeat Pattern to OpenClaw's background sessions, this is about when to let your agent decide to act on its own.
Prompt caching should save you 90% on token costs — but one obscure bug can silently make you pay 10x more. From DANGEROUS_uncachedSystemPromptSection to the cch=00000 billing trap hidden in Claude Code's DRM, here's why prompt engineers now need to be accountants too.
The Claude Code source leak had everyone excited about KAIROS and model codenames. But the same codebase had a 3,167-line function, zero tests, silent model downgrades, and regex emotion detection. These aren't just Anthropic's mistakes — they're AI-generated code's default failure modes.
Every new session, your AI agent forgets everything. Claude Code's leaked source hid a three-layer memory architecture and a design principle — 'Memory is hint, not truth' — that changes how you think about building agents. Here's the full breakdown.
gu-log had 336 AI-translated posts. We thought they were 'fine' — until we built a multi-agent scoring system and discovered 74% needed rewriting. This is the story of how we designed the eval, ran it overnight, and what we learned.
We had Claude Opus run E2E tests on our own blog using Playwright, agent-browser, and Rodney. The surprise? The tool mattered way less than the prompt.
The core philosophy of Claude Code CLI: think first, act later. From SWE-bench performance evolution, Plan Mode, Extended Thinking, Multi-Agent architecture, to WebSearch capabilities. Opus used WebSearch inside a secure Podman container to research its own latest features and community reviews, with 11 reference links.
Codex CLI is built with Rust, open-sourced under Apache 2.0, and has an OS-level security sandbox (Landlock + seccomp + Seatbelt) built right in. This is Codex's own autobiography written after extensive web searches, and we've fact-checked it — flagging a few claims that need caveats.
Gemini CLI's 1M token big eater context, built-in Web Search grounding, free and open-source. Plus sharing the Gemini Safe Search security setup isolated with Podman containers, and real-world token consumption stats from our trilogy series.
Claude Code shipped Auto-Memory — AI can finally take its own notes. But we've been doing this with OpenClaw for months. A hands-on comparison of two memory architectures: design philosophy, real pitfalls, and why memory is a trust problem, not just a tech one.
A Tech Lead uses his own blog as a training ground, spending two days learning 12 quality metrics with an AI tutor using RPG-style Level-Up teaching — from npm audit to LLM-as-Judge — while sub-agents implement everything in parallel. The real takeaway isn't the metrics, but a replicable methodology for AI-assisted learning.
Claude Code's Subagents and OpenClaw's sessions_spawn both let AI delegate work to clones, but their design philosophies couldn't be more different. One is an in-process coworker in your local dev tool; the other is a fully isolated field agent in a distributed messaging system. Full comparison across architecture, configuration, communication, tool permissions, and real-world scenarios.
ShroomDog's internal tech talk on building a three-layer AI system: Telegram + Claude Code + VPS. Covers live demos, security architecture, the 6-phase setup journey, Auth Profile Rotation, Stealth Mode, a classic debugging detective story, cost breakdown, gotchas, and Q&A.