Posts

Diagram showing how MCP tools widen Claude Code blast radius from local repository access to external systems unless boundaries, approval, logs, and rollback are added

Claude Code MCP tools need a blast radius, not a vibe check

MCP makes Claude Code more useful, but every server also widens the blast radius. Treat MCP tools as production access paths with allowlists, approval gates, call logs, and rollback notes.

Diagram showing the boundary where AI code generation moves from suggestion mode to action mode with files, commands, tools, and services

AI code generation gets risky when it becomes action

AI code generation is manageable when it suggests code. The risk changes when agents can edit files, run commands, call tools, and open pull requests.

A Claude Code review packet showing objective, permission boundary, tool trace, tests, cost, and rollback path before human approval

The Claude Code review packet I want before approving agent work

A Claude Code diff is not enough evidence for production review. Ask for the objective, permission boundary, tool trace, tests, failures, cost, and rollback path before approving agent work.

Cover of Claude Code: Building Production Agents That Actually Scale by Thomas De Vos

Claude Code book is live on Amazon Kindle

Claude Code: Building Production Agents That Actually Scale is now live on Amazon Kindle. Here is who it is for and why I wrote it.

Claude Code rollback envelope diagram showing scope, agent change, and rollback path

Claude Code Rollback Plans Belong in the Prompt

If a Claude Code agent can change production-shaped code, the prompt should say how to undo the work. Rollback is not paperwork after the diff. It is part of the task boundary.

Claude Code agent cost loop diagram showing vague tasks, broad tools, repeated exploration, and no stop rule

Claude Code Agent Cost Loops Start as Workflow Bugs

Claude Code cost problems usually start before the model call: vague tasks, wide-open tools, repeated repo exploration, and no stop rule. Treat spend as a workflow bug, not just a pricing problem.

Claude Code evaluation loop showing capture, reduce, test, and change steps for failed agent runs

Claude Code Evals Should Start With Bad Runs

Production Claude Code evals should not begin with abstract benchmarks. Start with the agent runs that scared you, reduce them into replayable cases, and use them to tune permissions, prompts, tools, and review gates.

Claude Code permissions blast-radius diagram showing agent workspace, repo files, CI deploy, secrets, and production data

Claude Code Permissions: The Production Mistake That Bites Later

Claude Code permission modes can look safer than they are. The real production risk lives in tool scope: paths, network access, secrets, deploy files, and what reviewers actually approve.

Agent flight recorder diagram showing prompt, files changed, commands, tests, approvals, and rollback notes between a coding agent and deployment gate

Claude Code Agents Need a Flight Recorder

If a Claude Code agent changes production code, the useful artifact is not the chat transcript. It is a flight recorder: intent, boundaries, commands, diffs, tests, approvals, and rollback notes.

Claude Code production agent loop: task intent, boundaries, tool execution, evaluation, observability, human review, and deployment

Claude Code Is Not the Product: The Production Loop Is

A Claude Code demo is easy to love. You describe a feature, the agent edits files, runs commands, fixes its own mistakes, and suddenly the repository has moved. The first time you see it work, it feels like software engineering has skipped a generation. But the demo is not the hard part. The hard part is making that same capability safe enough, repeatable enough, and observable enough that you would trust it inside a real engineering workflow. That is where the actual product begins. ...