Building your first MCP integration
MCP is the standard the integration layer of the AI stack converged on faster than anyone expected. Worth knowing what it actually is before you wire one in.
Automation
The first thirty days of an AI inside my editor
Thirty days of letting an agent actually drive, write the code, run the tests, fix the failures, and then noticing the patterns in what changed. Not the productivity story. The discipline story.
Claude Code is here: what it means for IDEs
A coding agent shipped by the model maker, built around the terminal rather than the editor. Worth working through what's actually different about that shape, and what it implies for the IDE category.
Cloud waste at the IaC layer: catching it before merge
Most cloud-bill surprises were visible at PR time. The plan output knows the resource shape, the region, the size, and what the cloud charges for it, and you can read that out of the plan-json before anything ships. Here's the pattern, what it catches, and what it can't.
HashiCorp and IBM: what the acquisition changes for IaC users
IBM announced a $6.4B acquisition of HashiCorp on April 24. The honest read is that this confirms the BSL-era trajectory more than it changes it. Here's what's likely, what's uncertain, what stays the same for current Terraform users in the short term, and what to actually watch.
GKE clusters via Terraform: the variables that actually matter
Most GKE-via-Terraform modules expose every knob the API has, then bury the few that matter. Here's the split I've landed on after a year of customer demos, what to parameterize per environment, what to hardcode and forget, and the regional-vs-zonal trade-off nobody likes to talk about.
Provider version pinning: the audit nobody runs until something breaks
Provider version pinning is one of those Terraform topics nobody thinks about until the CI runner picks up a new minor release at 2 a.m. and a hundred plans go red. Here's the audit pattern I run for customers, the trap on both sides, and the constraint style I land on by default.
Lifecycle hooks for production Terraform: prevent_destroy and ignore_changes
Lifecycle hooks are the part of Terraform that looks trivial in the docs and saves you from a six-figure outage in practice. Here's how prevent_destroy and ignore_changes actually get used in production, what to put them on, what not to, and the operations cost of getting it right.
Plan output as data: what terraform plan -json actually enables
Most Terraform pipelines treat plan output as text, paste it in a PR, hope the reviewer reads it. The JSON form is structured data, and once you treat it that way, cost preview, policy gates, drift attribution, and change-risk scoring become engineering problems.
OIDC for Terraform CI/CD: kill the access keys
Long-lived AWS access keys in GitHub Actions secrets are the wrong default. OIDC federation gives every workflow a scoped, short-lived role assumption with no secret to leak. The trust-policy shape, the GitHub Actions wiring, and the gotchas that make it harder than the blog posts suggest.
Terraform state on AWS: S3 and DynamoDB, done right
The S3-plus-DynamoDB backend is the most common Terraform state setup in the world and the most commonly misconfigured. The versioning, encryption, lock-table, and cross-account patterns that hold up across customer engagements, and the failure modes that take teams a week to debug.
OpenTofu 1.6 GA: the migration that takes less than a day
OpenTofu 1.6 went GA on January 10. For most teams the migration is renaming a binary and updating a CI step. The interesting parts are what 1.6 actually shipped, how the BSL clause reads five months on, and why I moved quickly on it for the engagements I'm currently on.