2026-05-30
When the Check Is the Bug
Four AI auditors read my service worker twice and agreed it was fine. What they kept rejecting was the checks I'd written to prove it.
// Living resume + cover letter
Miles
Running a 24-month public build program. Two pillars, every day: Forge ships code, Encode locks the lessons. The site you're on is the audit.
Updated automatically · Last sync 2026-05-31
// 01 — Cover letter
I build software, and I write down what the building taught me. Not as a daily journal — as a forensic record. Each Forge session ships something real and earns the right to a principle. Each Encode session sits down at zero with a concept and tries to leave with one thing locked. A day only counts when both pillars are done. The calendar on the home page is the audit; if you want to know whether I've been honest with the rule, scroll back through April.
The thing I'm building right now is Workhorse — a personal agent and vault that I use every day. It's the first of twelve products in the program. The point of building in front of people is that I can't quietly walk away from a bad design decision. Every trade-off lands in a post within a day. The post explains the mechanism, names the rule the mechanism enforces, and earns the rule via the artifact that prompted it. The freight-train air-brake post is a representative example: a sixty-second timeout was declared, threaded, and never connected to the wire. The fix was four lines. The principle was a type signature that makes the missing connection a compile error.
I'll work on anything if you reach out — full-time, short engagement, contract, audit, applied AI in production, tooling that closes the gap between a prompt and a shipped artifact, post-incident or post-launch writing that turns a near-miss into a rule the organization can carry forward. If you read three posts and a pattern shows up that you want on a problem of yours, the email at the bottom of this page is the right way in.
// 02 — Right now
- Day
- 53 / 730
- Both pillars
- 18 / 32
- Forge ships
- 30
- Encode locks
- 20
Active build: Workhorse — personal agent + vault, used daily. Build 1 of 12. The pipeline (audit chain, type-checked side channels, three-rounds-then-stop) is being designed by being used.
// 03 — Building (latest from Forge)
2026-05-25
Cut the Option, Don't Guard It
Four audit rounds caught real bugs. The cheaper fix wasn't more guards — it was removing the option that created the risk.
2026-05-22
The Recovery Doorway Comes First
I thought I had not used my own product for twenty-eight sessions. The database told a different story.
// 04 — Learning (latest from Encode)
2026-05-29
You Don't Own a Line You Copied
Two CS50 Python submissions in one sitting. The real lesson: typing a line someone hands you teaches you nothing.
2026-05-18
The Escalator That Says No
I encoded four Python keywords into a house I used to live in. One of them hums 'no no no no no.' This is what studying looks like now.
2026-05-16
Make the Image the Definition
What I thought was a session about conditionals turned into a rewrite of how I encode vocabulary at all.
Recurring threads
- cs50p ×17
- pipeline ×8
- architecture ×7
- python ×6
- memory-palace ×6
- ai ×5
- verification ×4
- rail-engineer ×3
// 05 — What the work suggests
Observations a model can make from 54 posts and 32 logged days. Claims linked to evidence; revised as the corpus grows.
Treats the pipeline as the product.
Audit chain, prompt-revision phases, "forge Temper" — the artifacts ship, but the more interesting commits are the rules that govern how the artifacts ship. See the audit-chain post: caps audit at three rounds because the cost-of-finding curve flattens.
Reaches for industrial-history analogies to teach engineering principles.
Freight-train air brakes for the AbortSignal that wasn't connected. Therac-25 for the UI flag that wasn't tied to hardware state. Railway interlocking for state machines. The analogy isn't decorative — it picks the failure mode out of the noise.
Names the principle, then earns it via the artifact.
Posts open with the concrete failure, name the mechanism, then generalize. The generalization is held to the bar of the artifact that prompted it; nothing gets named until something concrete forced the name.
Type signatures over conventions.
When a wrapper had to be remembered to be used, the fix was a signature change that makes forgetting a compile error. Comments aren't trusted to enforce invariants; the type system is.
Sizes effort to artifact, not to tooling.
A vault writer touching twenty-four years of personal data gets the full audit chain. A record button on a dashboard gets three rounds, then ships. The same person who designed the audit decides when to stop using it.
Calibrates from misses, not just hits.
Days where only one pillar lands are visible on the calendar by design. The misses are the data; flattening them would defeat the audit.
// 06 — Built independently (with AI as the team)
Things designed, built, and shipped solo — outside paid work, AI as the only collaborator. The list is conservative; if it's listed, the artifact runs and the source is in a repo you can read.
Workhorse — personal agent + vault
Local-first daily-practice substrate. Browser-side voice recording, raw-stream upload to a Node API, OpenAI Whisper transcription, Anthropic extraction, append-only flat-markdown vault keyed by SHA-256 idempotency. TypeScript + Node 20 + React + Vite + shadcn. Build one of twelve in the Tortoise program; runs daily on my own machine. Repo: github.com/tortoisehq/workhorse.
Forge — the build pipeline that ships the program
Eight-phase typed-token protocol: state-check → intake → ten-expert risk scan → prompt-build → dual-auditor (internal panel plus two external reviewers, every finding source-checked) → code review → ship → closeout. Designed by being used; fifteen-plus sessions of mid-protocol evolution captured in version-controlled phase files. The pipeline is itself one of the artifacts the program ships — the rule that governs how every other artifact ships. Reading list: any post on this site tagged pipeline.
Tortoise — public-build site
The site you're reading. Astro static build, dark-first design, daily-completion calendar that auto-syncs from the Forge + Encode session artifacts in two separate repos. The resume reads its own cadence numbers from the same data the calendar does — no manual editing. Designed so the audit-chain ships alongside the artifacts it audits.
// 07 — Milestones (dated shipped events)
Specific shipped events, most recent first. Every entry corresponds to a public commit in a tracked repo plus a blog post or session handoff documenting what shipped and why.
- 2026-05-11
Forge pipeline v3.3 — discipline becomes hardware
Nineteen improvements + five operational decisions shipped in a single session. Source-check discipline promoted from voluntary metaskill to harness-enforced rule across the entire router. Two new phases added (context-catchup before any task work; task-classification judge between intake and the heavy phases). Sixteen of seventeen internal checks deprecated at zero hit rate. Pipeline-state external-audit machinery activated; the pipeline now audits itself across three independent LLMs every ten sessions.
- 2026-05-09
Twilio inbound voice webhook — first public-internet endpoint
HMAC signature validation + caller-ID whitelist + kill-switch + RecordingUrl allowlist (SSRF defense) + storage upload with idempotency + structured logging with PII redaction. First production endpoint accepting unsolicited internet traffic; triple-auditor cycle (Google + Anthropic + OpenAI cross-LLM) caught one P0 and four P1s pre-ship.
- 2026-05-06
Railway production wiring + smoke endpoint
First non-localhost deployment of the Workhorse API. Twelve-factor environment loading, dotenv-vs-process-env precedence resolved, public smoke endpoint, Vercel domain routing. The "is this thing on" milestone the pipeline used to talk about hypothetically.
- 2026-05-04
Right-Size the Protocol — first dispatch-level override
A pipeline that was running a sixteen-hour FULL HIGH dual-auditor cycle on a five-line vite-config fix got source-checked, abandoned mid-protocol, and the fix shipped direct in twenty-five minutes. The override became the canonical example for the right-sizing memory rule that later codified as the forge-judge metalayer at S20.
- 2026-04-30
First forge-improve cadence — thirteen pipeline IMPs
First scheduled meta-cycle. P0 / P1 distinction codified in REJECTED tokens, cross-frame heuristics added to the internal panel, mental-model hit-rate logging started, two "think like" expert frames seeded (external-auditor + Type-B runtime). The cadence that compounds every ten sessions started here.
- 2026-04-23
External-auditor protocol codified as load-bearing
Three rounds of external review against an independent LLM caught eleven of eleven P0s the internal panel missed. The audit chain stopped being a recommendation and became the gate; everything FULL HIGH-risk ships through it.
- 2026-04-17
Vault writer + SHA-256 idempotency keys
Append-only flat-markdown vault with frontmatter idempotency keys. The same input never writes twice; duplicate ingestion is structurally impossible. The substrate every later artifact stores against.
- 2026-04-15
Forge pipeline v1.0 — first full session through the protocol
First task shipped through the complete eight-phase typed-token pipeline. The shape worked; everything since has been iteration on the same skeleton.
- 2026-04-09
Program start — Tortoise + Forge + Encode
First public post on tortoisehq.io. Calendar starts logging. The twenty-four-month commitment becomes a publicly auditable surface from day one.
// 08 — Trajectory
- 2026 — now
Tortoise — 24-month public build program
Forge + Encode, both every day. Twelve products in twenty-four months. Workhorse is build one.
- prior
Ironridge / NightOwl
Product work pre-dating Tortoise. Sessions S33–S47 carried forward the pillar system that Tortoise's pipeline now extends.
// 09 — Contact