Writing
Government technology, AI workflows, and software. No filler.
Building for yourself is easy. You know what you want, you know what you meant, and you're very forgiving of your own bugs. Building for other people is a completely different sport.
CLAUDE.md loads into every Claude Code session — so every redundant rule, contradiction, and stale pin is paid for on every turn. Here is how to find the bloat and cut it.
The most valuable thing about building TurnTwo wasn't any specific feature. It was the compounding clarity that comes from a system that uses itself — and teaches you something with every iteration.
Someone in your agency has said the words "GCC-High." Do you know why? Do they? Here's the decision matrix that actually matters, and why most organizations that claim to need GCC-High don't.
A weekend SaaS is a real thing, not a Twitter brag. It just becomes a Monday-night project the following week. Here's the tech stack, the shortcuts that work, and the ones that bite you.
A transient blip from Polygon. A 500K-request quota on a 5-user site. A 9-hour-old production deploy. And, hiding under all of it, one architecture sin: I had let a cache become the load-bearing wall holding the whole site up. Here's the story, the five-layer apology that followed, and the follow-up two hours later when the bandwidth meter kept climbing and I realized "resilient" is not the same as "fixed."
Running AI tools costs real money. Rate limiting is how you keep that cost from becoming infinite. Here's the Upstash Redis implementation that keeps TurnTwo's tools running for everyone.
A skill pack used to be a collection of prompts. Now it can include a scaffold manifest that provisions a Vercel project and Supabase database automatically. Templates that build themselves.
Storing API keys and credentials in a database is necessary. Storing them in plaintext is the kind of decision that ends careers. Here's how TurnTwo encrypts secrets at rest with authenticated encryption.
You attach a 60-page PDF and ask Claude one question. Claude reads 60 pages. Charges you for 60 pages. Answers your question using 3 paragraphs. The other 57 pages were a tax you didn't have to pay.
You enabled prompt caching. The cache hit rate is 3%. You blame the cache. The cache is fine. The problem is that you put the user query before the system prompt, and now every call has a different prefix, and prefix is the only thing the cache cares about.
Every other transaction in your life shows you the price before you hit confirm. Uber. Amazon. The gas pump. The parking meter. AI is the one place where you hit "send" and find out what it cost next Tuesday on a dashboard you forgot the password to.
Every long Claude conversation is a tax on every future turn. The model re-reads the whole transcript on every reply, and you pay for the re-read. You don't need the whole transcript. You need three turns and a summary.
You hit a bug. You grep your log. You paste 40,000 lines into Claude and ask it to find the error. Claude reads 40,000 lines. Charges you for all of them. Returns the one line you could have grepped yourself.
Every utility itemizes — phone, electric, water. The AI bill is one number. There's a receipt underneath; you've just never read it. The first time you do, you find a line for cache hits that most developers don't know is even a feature.
You found a database of forty active grants. Each one has eligibility requirements. Each one requires a different proposal format. Each one has different reporting obligations. Two of them are real for you. The other 38 are research debt.
The Microsoft security baseline has hundreds of recommendations. You have a Tuesday afternoon. Not all of those toggles deserve your Tuesday afternoon equally.
The federal resume isn't a resume. It's a structured questionnaire pretending to be a resume. Two-page corporate format gets you screened out. Five-page USAJOBS format gets you read.
The self-assessment portal is open. You have a year of accomplishments and no way to remember what you did in March. Whatever you write today will be the document that decides your raise.
You want to build an app on Power Platform. Microsoft offers six different licensing schemes. The salesperson will recommend Premium. The salesperson is paid on Premium. The math, very often, says you don't need it.
Your agency needs Microsoft cloud. Microsoft sells four versions of it. Picking the wrong one costs roughly twice as much and locks you in for three years. Picking the right one requires answering eight questions you didn't know to ask.
You found a misconfigured IAM policy that lets a compromised EC2 instance reach the production database. You have eight minutes to brief a VP. The VP does not know what "lateral movement" means. You have to translate the risk without dumbing it down.
Janet does the quarterly close. Janet has been doing it for nine years. Nobody else has ever done it. Janet is taking three weeks off in November. You are going to find out what was in Janet's head in the worst possible way.
Your team is fighting about which model to use. Everybody has a favorite. Everybody's favorite is the one they used most recently. Nobody has actually run the same prompt through all three and looked at the outputs side by side.
Six months later, the team is fighting about a decision that already got made. Nobody can find the reasoning. Nobody can find the alternatives that were considered. Nobody can remember what the vote was, because there wasn't a vote.
The incident is resolved. The customers are back online. The Slack thread is 800 messages long. Somebody says "we should write this up." Nobody does. Six months later, the same incident happens.
Your company has Slack. Your company also has Microsoft Teams. Both have full enterprise licenses. Both are used daily by overlapping people. The line item for one of them is $14K a month and nobody has touched it in two years.
Your contracting officer sent the SOW back. Twice. It's now three weeks past your target award date and the deliverables section still says "to be determined in close coordination with the agency."
Someone tightened the prompt last week. It was a one-word change. It also broke the JSON output on 15% of requests, in a way that doesn't throw an error — the JSON is just subtly wrong. You will find out in three weeks when a customer reports it.
The model said something it shouldn't have. The screenshot is in three Slack channels. Your CEO is going to ask, in approximately ninety minutes, "what kind of failure is this?" You'd better have an answer.
You wrote a prompt. You tested it with five examples. It worked beautifully. You shipped it. The next morning a customer support agent forwards you a Slack message that starts with "uh, is the AI supposed to do this?"
Six people on a call for an hour at $100K/year each. The math is $480. Cleared in fifteen minutes. Now you have lunch.
Your email has a point. The point is in paragraph four. Nobody read paragraph four. Nobody read paragraph two, actually. They scanned the first line, decided it wasn't urgent, and moved on. The military figured this out. It's called BLUF.
You wrote 40 pages. The executive read three. The decision happened in those three. Everything else was a footnote. The math is simple — the executive summary is the report.
You started your first day in federal IT. By 10 AM you had heard ATO, RMF, FedRAMP, SCAP, FISMA, GFE, FOIA, OCIO, GSA, NIST 800-53, OMB A-130, and ATB. By 10:15 you were nodding along like you understood. Eighteen months later, you actually do.
Getting an ATO takes eighteen months. Not because the work is eighteen months long — the work is maybe four. The other fourteen months are figuring out what the work is, in what order, and which assessor cares about which control.
OMB issued the memo. Your CIO forwarded it. You have a deadline. You also have a meeting in twenty minutes. The policy you ship will, statistically, be the only AI policy your agency has for the next two years.
The tool costs $40K a year. The savings are $180K a year. The CFO will still want a memo. The memo needs to speak CFO. CFO does not speak engineer.
Vendor contracts are full of phrases that sound like commitments and aren't. "Best efforts." "Commercially reasonable." "Industry-standard SLAs." These are the gaps where the next eighteen months of pain enter the building.
You wrote a long-form piece. It got 800 views. Inside that piece were a listicle, a tweetstorm, an FAQ, three quote cards, and a 90-second video script. None of them shipped. Most of the content you've published is the content you haven't repackaged yet.
Opus is brilliant. It's also 15× more expensive than Haiku. Most of what you do all day is Haiku-level work that you've been quietly paying Opus prices for, because nobody told you there was a menu.
Every morning you open a fresh chat and explain — again — that you're a senior engineer working on a Next.js SaaS who prefers terse replies. Claude nods politely. Claude has no idea who you are. Claude will never have any idea who you are. You pay for the introduction every single time.
TurnTwo provisions new SaaS projects. One of those projects is TurnTwo itself. This is either elegant recursive architecture or the setup for a very niche joke. Possibly both.
You drag a 4032×3024 photo into a prompt. The model immediately resizes it down to about 1.15 megapixels because that's the most it can actually read. You paid for the full file anyway. Here's the receipt — and the one click that fixes it.
You think a 1920×1080 screenshot is a 1920×1080 screenshot. To Claude it's 1,533 tokens. To GPT-4o it's 1,105. To Gemini it's 1,548. Same pixels. Three different bills. None of them told you the price before you sent it.
Politeness is a workplace virtue, a relationship asset, and — when you're billed per token — a tax. Here's what your polite prompts are actually costing, and why the leanest version sounds almost rude.
You find a good article. You want Claude to summarize it. You highlight, copy, paste — and unknowingly ship 12,000 tokens of footer links, modal dialogs, and the navigation bar repeating itself like an incantation.
You don't know what your last prompt cost. You don't know what your next one will. Most things you pay for tell you the price up front. Claude is the only utility I use that quietly waits until the end of the month.
PDFs, Excel files, Word docs, and PowerPoint decks aren't what they look like to Claude. Here's the receipt — and a free converter, running entirely in your browser, that fixes it in one drop.
Sharing a Supabase project between two production applications sounds like the opening of a horror story. With the right architecture, it's actually elegant. Here's how it works.
Next.js 16 made params, searchParams, cookies(), and headers() all async. It also moved the middleware file. All of this is fine. Totally fine. Let me tell you about the production incident.
Government technology moves at the speed of procurement. Which is to say: slowly, expensively, and with a lot of meetings about meetings. Here's an honest look at why, and what's actually working.
Building your own authentication is a rite of passage, a trap, and occasionally both at once. Here's why I outsourced it and what the upgrade to v7 Core 3 actually cost me.
Most database applications have a single password and good intentions. RLS is what happens when you stop trusting your own code and let the database enforce the rules.
Vercel's deploy status is great — if you're willing to open a browser, navigate to the dashboard, find your project, and squint at a status badge. There's a better way: make Vercel tell you.
You have five projects. They all share a Supabase service role key. The key gets rotated. You now have a spreadsheet problem. Here's the better way.
The military writes better emails than your entire organization. Here's the technique they use, and why it makes everyone around you uncomfortable in the best way.
You use SaaS every day. Most people just call it "the internet." Here's what's actually going on behind the login screen, without the buzzwords.
Everything your Clerk dev instance graciously handled for you — and what actually happens when production makes you deal with it yourself.
How a thorough research session saved weeks of development time — and a potential lawsuit — on a music game app that sounded simple until it wasn't.
A breakdown of the modern hosting stack I chose for this site — and why each piece beats what cPanel offered.