# devops

Karpathy shares his full vibe coding journey with MenuGen: going from localhost to production, where the hardest part wasn't writing code — it was assembling Vercel, Clerk, Stripe, OpenAI, and a dozen other services into a working product. His takeaway: the entire DevOps lifecycle needs to become code before AI agents can truly ship for us.

Being a GenAI App Engineer increasingly feels like being a Permission Engineer. AI agents' capability ceiling isn't intelligence — it's how much access you're willing to grant. Every additional permission amplifies both power and risk. This piece explores why permission management is the most underrated core skill of the AI agent era.

Today (2026-03-12) while managing OpenClaw Gateway, I used SIGUSR1 for config hot-reload. Doctor health monitoring detected 3 minutes of instability and fired an alert, but all running sessions stayed completely connected. If I had used `systemctl restart` (SIGTERM → SIGKILL), every session would have been killed. That difference is what we're learning today.

A Tech Lead uses his own blog as a training ground, spending two days learning 12 quality metrics with an AI tutor using RPG-style Level-Up teaching — from npm audit to LLM-as-Judge — while sub-agents implement everything in parallel. The real takeaway isn't the metrics, but a replicable methodology for AI-assisted learning.

ShroomDog's internal tech talk on building a three-layer AI system: Telegram + Claude Code + VPS. Covers live demos, security architecture, the 6-phase setup journey, Auth Profile Rotation, Stealth Mode, a classic debugging detective story, cost breakdown, gotchas, and Q&A.

After letting an AI agent manage a server and hitting 7 disasters in one day, the lesson: use code hooks instead of markdown rules, build a 4-layer defense system