A prompt injection in a GitHub issue compromised 4,000 developer machines via a coding agent with elevated permissions. Software engineers must take coding agent input and tools seriously — an LLM processing unsanitized user input shouldn't have write access.

alexleighton.com/posts/2026-0...

Reading Daniel Phiri's Filesystems article has me rethinking my OCaml Knowledge Bases CLI — maybe structured markdown files and repository-scoped Skills are the move. Less context teaching agents a CLI, more context for actual work.

alexleighton.com/posts/2026-0...

Listening To: SOULPUNCHER by Astrale. Digital, synth-y pop.

alexleighton.com/posts/2026-0...

I tried the Github MCP once, watched as granting privileges ballooned the context usage, and never went back. CLI tools and regular code suffice. I think MCP slowly fades and most companies who built MCP servers deprecate them.

alexleighton.com/posts/2026-0...

Listening To: Don't Slow Down by Grafix. Solid drum and bass album.

alexleighton.com/posts/2026-0...

Knowledge Bases (OCaml): a marathon coding session. Update/resolve/archive commands, SQLite-JSONL sync, a dead-code analyzer (Python + OCaml LSP), and started dogfooding kbs for its own development. Nearing the end of the experiment.

alexleighton.com/posts/2026-0...

Woke up Saturday to the US attacking Iran. Again. Every Republican president since before I was born has wrecked the economy and started a war in the Middle East. Here we go again.

alexleighton.com/posts/2026-0...

Knowledge Bases (OCaml): code generation picks up speed. Added list and show commands, fixed "flaky" integration tests (dune silently succeeds on reruns), and refactored Kb_service with a facade pattern.

alexleighton.com/posts/2026-0...

Listening To: Belong by Jay Som. Nice, classic indie rock, also featuring Hayley Williams on Past Lives.

alexleighton.com/posts/2026-0...

Antirez built a Z80 emulator hands-off with a coding agent. His approach lines up with StrongDM and OpenAI's research, though I think hands-fully-off is extreme, agents still benefit from engineering experience delivered at the right time.

alexleighton.com/posts/2026-0...

Listening To: Packaging by Packaging. "Psychedelic textures, krautrock chug, electronic grandeur, tuneful accessibility, and just a little bit of bristling self-awareness."

alexleighton.com/posts/2026-0...

Knowledge Bases (OCaml): worked with the agent to draft a product requirements document from the existing codebase and roadmap.

alexleighton.com/posts/2026-0...

It's funny how willing they are to nest expressions many layers deep; I've been fighting this as well: github.com/alexleighton...

It fits a bit of what you're looking for — the data is simply JSON, so you're free to adjust chart configuration or swap charts. I had a coding agent glue the two together.

This is probably lower level than what you're looking for, but for alexleighton.com/posts/2025-1... , I brought in Apache Echarts. The data is stored as JSON files, and I have a template function which embeds the data into the page as a script which calls Echarts.

Sea Lions, Shorelines Photos from my trip to San Francisco.

A few photos from my trip to San Francisco.

alexleighton.com/posts/2026-0...

Knowledge Bases (OCaml): added a Todo repository and wired up `bs add todo ...`. More guidance docs and experimenting with automatic code reviews.

alexleighton.com/posts/2026-0...

Code naming trick from TigerBeetle: use index/count for array terms and offset/size for byte terms. A small convention that saves you in low level languages when you can’t (or can’t afford to) encode the distinction in types.

alexleighton.com/posts/2026-0...

Unpacking Note type into Todo for Knowledge Bases, wrote up some prompts for implementation planning and code review, and tried TDD to keep agents on task when writing OCaml code.

alexleighton.com/posts/2026-0...

Listening To: PRATA by MAQUINA.

Surprisingly catchy, found myself hooked by the bass and the beat. From the Bandcamp description: "minimal krautrock repetition, pounding industrial techno".

alexleighton.com/posts/2026-0...

For Knowledge Bases development, my local OCaml issue tracker, I’m going to go more hands-off in order to experiment with agentic engineering. I'm following the suggestions from the teams at StrongDM and OpenAI.

alexleighton.com/posts/2026-0...

Detritus What the tide brought in.

Detritus

alexleighton.com/posts/2026-0...

OpenAI posted a coding-agent writeup: “Humans steer. Agents execute.” Some more interesting findings along this path towards a new software development process.

alexleighton.com/posts/2026-0...

Skeletons Structures for life.

Skeletons.

alexleighton.com/posts/2026-0...

Listening To: Lunar by Liquicity. Smooth, celestial drum and bass.

alexleighton.com/posts/2026-0...

"Often the model isn’t flaky at understanding the task. It’s flaky at expressing itself. You’re blaming the pilot for the landing gear."

This quote and the blog post's finding, line up with a mental model of LLMs that I've found useful.

alexleighton.com/posts/2026-0...

Listening To: Not Here Not Gone by Blackwater Holylight. Hard rocking, shoegaze-y music. Feel the sound.

alexleighton.com/posts/2026-0...

New term “Software Factories” from StrongDM: If coding agents can write faster than we can read, treat the app as a black box and test observable outcomes end-to-end. Useful for some applications, unlikely to be for all.

alexleighton.com/posts/2026-0...

Static site changelog: Series Pages. Like tags, series of posts now have a dedicated page listing all constituent posts.

alexleighton.com/posts/2026-0...

Listening To: SONIC TRASH by ROMES.

Nice and edgy rock, touches of industrial.

alexleighton.com/posts/2026-0...