Posts

Diagram showing Claude Code permissions as a control loop: scope first, run narrow, leave evidence, and adjust access

Claude Code review is too late if permissions are wrong

Human review matters, but it cannot fix every bad Claude Code boundary after the run. Production teams need scoped permissions, MCP limits, hard stops, and evidence before widening access.

Diagram showing that Claude Code output needs a run record before it is reviewable

Claude Code output is not evidence

Claude Code patches can look ready before they are reviewable. Production teams need a run record with task boundaries, commands, checks, risks, and rollback notes.

Diagram showing a Claude Code permission budget across scope, tools, spend, and approval

Claude Code permissions should have a budget

Claude Code gets safer when permissions are treated like a budget: scoped files, allowed tools, spend limits, stop rules, review packets, and rollback notes before wider autonomy.

Diagram showing the operating gap between an AI POC and production AI

From AI POC to production: the part teams keep skipping

The AI POC is not the hard part anymore. The hard part is turning a promising demo into a service with ownership, evals, traces, cost controls, and a rollback path.

Diagram showing metric-only LLM observability versus a replayable production AI trace

LLM observability is not a dashboard. It is a replayable trail.

A latency chart will not explain why an AI answer was wrong. Production LLM systems need traces, sources, tool calls, prompt versions, eval results, and human decisions.

AI agents in financial services need controls before autonomy

Financial-services AI agents can be useful, but autonomy without permissions, audit trails, segregation, evals, and rollback is just operational risk with a nicer interface.

Diagram showing green tests as one signal beside a Claude Code review packet with scope, command log, tool log, rollback note, and human approval

Claude Code green tests are not a review packet

A Claude Code run can make tests pass and still leave a reviewer with no usable evidence. Treat green tests as one signal, then require scope, command logs, tool use, assumptions, and rollback notes before merging agent work.

Diagram showing a Claude Code run stopping after repeated failures and producing a review packet instead of looping blindly

Claude Code needs a stop rule before more autonomy

Claude Code gets risky when a failed run keeps retrying without a stop rule. Use failure budgets, review packets, evals, and rollback notes before giving agents more autonomy.

Diagram showing a Claude Code team adoption runbook with task contract, scoped permissions, review packet, evals, and rollback

Claude Code team adoption needs a seatbelt runbook

Claude Code gets risky when teams roll it out through enthusiasm instead of a runbook. Start with task contracts, scoped permissions, review packets, evals, and rollback before widening autonomy.

Diagram showing how MCP tools widen Claude Code blast radius from local repository access to external systems unless boundaries, approval, logs, and rollback are added

Claude Code MCP tools need a blast radius, not a vibe check

MCP makes Claude Code more useful, but every server also widens the blast radius. Treat MCP tools as production access paths with allowlists, approval gates, call logs, and rollback notes.