DANYLO PRAVDA
0%
ALL POSTS

The operator's playbook — 2026-07-02PUBLIC

How to Turn Drunk AI Agents Sober: The Harness for Coding Without Babysitting

How a solo dev runs 3-5 parallel Claude Code sessions plus an overnight lane without watching terminals or eating a five-figure bill: worktree isolation, hooks that block instead of ask, budget caps, and reviewers that never grade their own homework. Built from 967 sources, the field's real burn stories, and the machinery I hardened running a 215k-line Rust trading system solo.

by

45 min read

Read this with AI
Included · 4 reusable skills to download
How to Turn Drunk AI Agents Sober: The Harness for Coding Without Babysitting

AI coding agents are brilliant, fast, and occasionally drunk. This is the harness that makes them sober: sessions that cannot collide, rules that execute instead of persuade, spend that hits a wall, verification the author cannot game, loops that run while you sleep. It shipped 2,872 of my commits in 84 days into a 215k-line Rust trading system, solo. The model is never the difference: one operator pushed $42,358 of API work through a $500 plan.1

CH.01

Your job title changed: you manage occasionally drunk PhD students now

The operators getting three months of work done in a week are not better prompters. They changed jobs: from typist to architect, reviewer, and manager. The clearest version came from a dev who ships this way daily:

"I haven't written a line of code in six months. My job now is managing six to ten occasionally drunk PhD students."2

Brilliant. Fast. Occasionally unhinged. Pointed right, they produce three months of work in a week, and the thread's consensus was blunt: coding has changed, software engineering has not. A 3,000-hour operator compressed the economics into six words: "code is a liability, judgement is an asset."3 The author of a Claude-co-written JVMCI compiler drew the line precisely: "I made every architectural decision. Opus wrote the code I described, then I reviewed and corrected it. Co-author is accurate, autonomous is not."4

The bottleneck moves. "The limiting factor is not how fast I can type. It is how clearly I can describe what I want and how quickly I can evaluate what I get."5 One solo game dev who shipped cross-platform this way kept a strict split:6

  • Stays human: architecture, design and balance decisions, CI/CD and secret management, final code-review approval
  • Goes to agents: implementation, math, edge cases, asset generation, autonomous deep reviews

Encoding that judgment pays. Karpathy's CLAUDE.md, grown to 12 rules ("if code can answer, code answers," fail loud, read before you write), reportedly cut the mistake rate from 11% to 3%.7 Skip the judgment layer and you get the reviewer's hell instead: a senior asks about a function in a PR and hears "I don't know, that's what the agent did."8

CH.02

The harness has four stations, and every babysitting moment traces to an empty one

The model is not your edge. When Claude Code's source leaked, the analysis concluded the harness adds nothing to model performance: the value is entirely in the orchestration patterns.9 Penligent's architecture teardown says the same thing from the inside: "the strongest behaviors are architectural, not prompt-only."10

The four stations of the agent harness. Isolate gives each agent its own filesystem reality, Enforce turns rules into hooks that block, Cap walls off spend and turns, Verify hands the diff to a reviewer that is not the author. Every babysitting moment traces to one empty station.
The four stations of the agent harness. Isolate gives each agent its own filesystem reality, Enforce turns rules into hooks that block, Cap walls off spend and turns, Verify hands the diff to a reviewer that is not the author. Every babysitting moment traces to one empty station.

So build architecture. One portability note before the tour: the command names below are Claude Code's, because its harness surface runs deepest today and the research corpus reflects that. The stations themselves are tool-agnostic on purpose. Worktrees are plain git, rules live in the cross-tool AGENTS.md, the strongest gates run on git commit and git push where every agent and every human passes, and the tool-comparison chapter near the end assumes you will run more than one harness anyway. Four stations:

Station What it does Native machinery The failure when it's empty
Isolate each agent gets its own filesystem reality git worktrees, isolation: worktree two sessions silently overwrite each other's uncommitted work11
Enforce rules that execute instead of persuade hooks (exit code 2), deny-first permissions a "MANDATORY" checklist documented in three places, ignored twice in one session12
Cap spend and turns hit a wall, not a vibe --max-budget-usd, max_turns, model routing $6,000 burned overnight by one command13
Verify someone other than the author says "done" fresh-subagent review, /goal, evals tests passing because the agent wrote assert True14

I did not design these stations on a whiteboard. They accreted on the trading system one incident at a time, until every commit passed 13 gates with no bypass flag in the codebase. Each chapter below names the field's version of the incident, and the machinery that ended it.

As a pipeline, every unit of agent work passes the same gauntlet:

flowchart LR
    W[Agent session] --> I[Isolate:
worktree] --> E[Enforce:
hooks] --> C[Cap:
budgets, max turns] --> V[Verify:
fresh reviewer] --> M[Work you
can merge]

The community rule compresses the middle two: "Skill teaches the how, Hook enforces the rule, Subagent isolates the work."15 A solo dev reportedly won $15,000 at Anthropic's hackathon in 8 hours running 38 specialized agents with 156 skills, and his own summary of the method is the thesis of this article: treat Claude Code like infrastructure you engineer, not something you prompt one line at a time.16 The harness is so load-bearing that a hobbyist agent built around a 4B-parameter local model scores 87% on its stress test, beating bigger models in weaker scaffolds.17

One developer, tacoda, spent two months as "the worse kind of pair," grabbing the keyboard every 30 seconds. Then he stopped correcting the agent and started building the corridor it runs in: 2,700+ tests, linting, type checks, CI, hooks.18 Hold that story. It ends in the last chapter.

CH.03

Isolation is the entry fee: one worktree per agent, or the second write destroys the first

Two agents in one checkout doesn't end in a merge conflict. It ends in data loss. The second write replaces the first entirely and neither agent notices.19 A documented incident lost five audit-trail directories when concurrent sessions ran destructive git commands: forensics found stash@{0} holding 21 files, including a 67-line registry diff, and six "reset: moving to HEAD" entries in the reflog.11 As one operator running up to ten agents put it: one edits, another reads a half-written state and freaks out. Worktrees fix it.20

One shared checkout versus one worktree per agent. In a shared checkout the second write replaces the first with no conflict marker. Worktrees give every agent its own working copy over one shared git object store, so parallel edits never touch each other.
One shared checkout versus one worktree per agent. In a shared checkout the second write replaces the first with no conflict marker. Worktrees give every agent its own working copy over one shared git object store, so parallel edits never touch each other.

The native mechanics, current as of mid-2026:

  • claude --worktree auth-api (or -w) creates an isolated checkout under .claude/worktrees/ on its own branch. Worktree support shipped February 21, 2026.21
  • All worktrees share one .git object store. No repo duplication, just filesystem separation.
  • Gitignored files do not follow a fresh checkout. A .worktreeinclude file at repo root (.env.local, config/local-secrets.json) gets copied into every worktree. Never put production secrets in it.21
  • Cleanup is automatic only when the worktree is clean. Headless runs never auto-clean, so git worktree list and remove are weekly hygiene.
  • Worktrees isolate files, not external state. Ports, databases, Redis, and browser sessions still collide. Map them: main repo on 3000, each worktree on its own port, separate dev databases.22

One operator, ashu, went from 16% to a self-reported 45-50% plan utilization with three parallel agents, and open-sourced the missing piece: skills that wrap worktree creation, allocate ports, provision databases, and register both in a central JSON.23

Some files never leave the main session

Aakash's parallel-agent guide draws the boundary that prevents most integration disasters: shared contracts, migrations/**, package.json and lockfiles, .env*, and deploy config stay under the main session only. "If multiple agents must touch these, you haven't scaffolded enough."22 The catalog of what happens otherwise reads like a horror anthology: a frontend expecting /api/v1/study-plans while the backend serves /api/study-plans (100% failure), both bcryptjs and bcrypt installed, ten route files with five imported.24

Merge like a maintainer, not a script

Merge sequentially, in dependency order: contracts, then backend, then frontend, then tests. Review each agent's work from the main checkout with git diff main..agent/task-a without interrupting it.25 Scott Chacon's Grit post-mortem is the cautionary tale: hours untangling 12 agent branches by hand, "never again," and a 10-agent rewrite that consumed 45B tokens because tasks were unscoped.26 The komluk setup adds a rule worth stealing: implementation agents never commit. One gitops role owns every git mutation, because merging a worktree before anything was committed silently throws away all the work.27

CH.04

The sweet spot is three to five sessions, not ten

More agents is not more output. Past five, you become the merge queue, and the merge queue is the product. The ceilings people actually report:

Who Ceiling Stated reason
Boris Cherny, Claude Code's creator 5 terminal + 5-10 browser sessions the single biggest productivity gain he names, with aliases to hop checkouts in one keystroke28
Anthropic's power-user docs 3-5 same claim, official surface29
lowcode.agency 5 max beyond it, merge complexity and rate limits outweigh gains30
nimbalyst 2-4 more helps only with a real review layer31
solmaz 1-5 attention spreads thin and you get slop32
amux (hardware math) 5-7 on 16GB RAM 200-400MB per session, ~45 Opus requests per 5-minute window33

The quality data points the same way:

  • A widely shared review of 17 agentic-AI papers, citing DeepMind, reports a 5-agent team costs 7x the tokens of a single agent for 3.1x the output.34
  • A 52-run community benchmark found Agent Teams cost 73-124% more than sequential execution at equivalent quality, because every teammate loads its own full copy of an 80K-token context.35
  • The one peer-reviewed comparison is worse: in Co-Coder's evaluation, Claude Code Agent Teams had the lowest latency and the lowest pass rate, 16.3% on CodeProjectEval, below plain sequential.36

Aakash's arithmetic survives contact with all of this: "if one Claude would take ten minutes, five agents may take thirty minutes of review and cleanup."22 Even the infrastructure agrees. Five to six concurrent sessions on the top paid tier regularly hit "Server is temporarily limiting requests (not your usage limit)," Anthropic-side throttling that no plan upgrade fixes.37 Stagger launches by 30-60 seconds instead of spawning all at once.19

CH.05

Pick the delegation primitive by communication need

Claude Code ships four ways to parallelize, and the selector is one question: do the workers need to talk to each other, or only report up?

Primitive Context model Cost profile Use when
Subagent fresh window, summary-only return, nests 5 deep roughly 7x a plain turn in plan mode38 side quests: reviews, log digs, research that would clutter the main thread
Background session (claude agents) own auto-worktree, survives terminal close normal plan quota independent tasks, possibly across repos, monitored from one dashboard39
Agent Team (experimental) shared task list + peer messaging, no worktree isolation 3-4x tokens, no /resume, 3-5 teammates max40 genuine debate: competing bug hypotheses, multi-lens review
Dynamic workflow JS orchestration script, 16 concurrent, 1,000 agents per run high but journaled and resumable mechanical fan-out: migrations, repo-wide audits41
flowchart TD
    T[New task] --> Q1{Workers must
debate each other?}
    Q1 -->|yes| TEAM[Agent Team
3-5 teammates]
    Q1 -->|no| Q2{Decomposes into
file-disjoint units?}
    Q2 -->|yes, 5-30 mechanical units| WF[Dynamic workflow or /batch]
    Q2 -->|yes, a few streams| BG[Background sessions
in worktrees]
    Q2 -->|no| SINGLE[Stay single session,
use subagents for side quests]

Two behavioral notes from the field. First, fresh context is the point, not just parallelism: spawn five debugging teammates each pursuing one theory with explicit instructions to disprove the others, and you get falsification instead of confirmation.42 The Devil's Advocate variant gives the critic only your artifact, never the conversation that produced it.43 Second, Opus has a documented over-delegation bias. It will spawn a subagent to fix three files when inline is faster and cheaper. The suppression line that works is embarrassingly direct: "Do not use subagents for this task. Edit files directly."19

CH.06

The spec is the source code now

Vagueness is the input agents amplify most. A precise plan gets one-shot implementations, and correcting a plan costs seconds where correcting an architecture costs hours.44

The working loop, assembled from Anthropic's own best-practices page and the operators who stress-tested it:

  1. Explore in plan mode (Shift+Tab). Read-only. No code yet.45
  2. Interview. "Don't code yet. Interview me until you have a 100% clear spec." The model surfaces edge cases you had not considered.46
  3. Contract. Write the brief to a file before implementation. A 52-run benchmark found a structured CONTRACT.md cut cost 54% and raised quality from 5/10 to 9/10. Better: Haiku implementing a Sonnet-authored contract matched quality at 64% less cost, but collapsed to 4.9/10 when Haiku wrote its own contract. The judgment lives in the contract, not the coder.35
  4. Implement, verifying against the plan. Plan mode alone saves 20-40% of tokens on complex tasks.47
  5. Re-plan when stuck. Boris's own tip: if it goes sideways, switch back to plan mode instead of pushing through.48

Addy Osmani's spec template adds the piece most people skip, a three-tier boundary section: always do (run tests before commits), ask first (schema changes), never do (commit secrets).49 The 3,000-hour operator's version is sharper: "if the builder has to guess, the planner failed. Test cases defined at plan time, not after the build."3 And the skip condition keeps this honest: if you could describe the diff in one sentence, skip the plan.45

CH.07

Skills are the training manual, and past about twelve they hurt

LangChain measured it: Claude Code completed 82% of tasks with skills versus 9% without. Then it measured the ceiling: with ~20 similar skills the agent called the wrong one, at ~12 it was consistent.50 The field data is harsher. One engineer tested 47 installed skills and found 40 made output worse, adding tokens and latency while narrowing what the model produced.51 Curate. Delete. Twelve good skills beat a marketplace pack.

I broke this rule myself. My own global setup carried 31 near-identical scraping skills from one vendor pack, plus more. That is exactly the "similar skills" failure shape: ~3,000 always-on tokens per session and a coin-flip on which of 31 look-alike descriptions fires. The fix is one router skill with argument-dispatched modes, or pruning to the three you actually invoke.

The dozen that survived my pruning

Each of these earned its slot on the trading system before it earned a line here:

Skill What it actually does
handoff writes a structured baton at session end: current state, what was done, what failed and why, the exact next command. Born on the trading repo, where a fresh session hallucinating "what was already tried" is a money bug. The full story is two chapters down.
systematic-debugging reproduce, trace to the root cause, and after three failed fixes stop and rethink instead of thrashing on symptoms
subagent-driven-development task briefs and review diffs move between agents as files, with an independent reviewer per task
receiving-code-review verify the reviewer's feedback before acting on it, never flatter it
tdd the test exists before the code, so a gamed "all green" is harder to fake
grill-me the agent interrogates your plan branch by branch before anything gets built
compact-docs trims docs back under the size an agent actually reads
graphify a third-party code-graph tool I run daily: turns the repo into a queryable knowledge graph (its own section two chapters down)

Four of these are third-party, and I keep installing them from their original repos, pinned to a commit, never re-hosted: systematic-debugging, subagent-driven-development, and receiving-code-review came straight out of Superpowers (MIT) after the hands-on pass below, and graphify is safishamsi's tool. The rest are my own, and those ship in my open sober-agents-kit, whose setup interview proposes a per-project subset under the ~12 ceiling and installs every third-party pick from its source. But the shape matters more than the kit: a skill is a written procedure that survived contact with your repo, not a marketplace download.

What the big packs actually do (installed and read, not skimmed)

I installed these, read every SKILL.md, and ran what was runnable. The mechanics, not the taglines:

  • Superpowers (MIT) is 14 skills, but the product is two mechanisms. One tiny SessionStart hook re-injects a ~650-token router on every startup, /clear, AND compaction, and the router says: if there is a 1% chance a skill applies, invoke it. Everything else pull-loads on demand, so 14 skills cost 715 always-on tokens total (measurable: claude plugin details superpowers). The second mechanism is subagent-driven-development: task briefs, implementer reports, and review diffs move between agents as FILES, never pasted into the controller's context, with a four-status escalation contract (DONE / DONE_WITH_CONCERNS / NEEDS_CONTEXT / BLOCKED) and a reviewer that reads only the diff under an explicit "do not trust the implementer's report" rule. Its model-tiering line is the sharpest I have seen: turn count beats token price, because the cheapest models take 2-3x the turns.52
  • Ponytail (MIT) is a persona skill with a seven-rung ladder Claude must climb before writing code: does this need to exist at all, is it already in the codebase, stdlib, native platform feature, installed dependency, one line, minimum code. Stop at the first rung that holds. Hard carve-outs protect validation, error handling, security, and accessibility from "simplification." Its authors corrected their own headline claim after a public issue: the honest number is 54% less code on average across 12 tasks, with a 94% ceiling, not "80-94% less."53
  • Planning with Files (MIT) treats the filesystem as disk and context as RAM: task_plan.md, findings.md, progress.md at the repo root, a hook that re-injects the plan head every turn, a save-findings-every-2-actions rule, and a session-recovery script for after /clear. Its gated mode ships the most interesting hook in any pack: a Stop hook that refuses to let the session end while a phase is in_progress, with a block-count cap and stall detection so it cannot loop forever, plus a SHA-256 attestation that blocks injection if the plan file was tampered with mid-run.52
  • visual-eyes (MIT) is honestly just a disciplined wrapper over npx playwright screenshot plus a diff script, in a See, Analyze, Fix, Verify loop. I ran its capture against a live production page and it worked first try. Thin, but the loop discipline is the point.54
  • /simplify ships inside Claude Code already: three parallel review agents (reuse, quality, efficiency) as a final pass.55
  • ashu's worktree skills (open-sourced) cover what native worktrees do not: allocating ports, databases, and .env files per parallel stream.23

Before you install anything: the two native audit commands

claude plugin details <name> prints a component inventory and the projected token cost, always-on versus on-invoke, per skill. claude plugin eval runs graded eval cases against a plugin with a no-plugin baseline arm. Run both before adopting any pack, and you will know what it costs and whether it measurably helps, instead of trusting a star count.

Three disciplines keep the manual trustworthy:

  • Trigger craft. Invocation is probabilistic (about 70% even when prompted), so anything load-bearing gets invoked explicitly as a slash command, and the description field is written like a trigger, naming the exact phrases that should fire it. Never a workflow summary: there is a documented failure where the agent followed the description's summary and skipped the skill body entirely.50
  • Supply-chain paranoia. Snyk's ToxicSkills research found prompt injection in 36% of skills tested and 1,467 malicious payloads in the ecosystem. Read SKILL.md before installing. Pin to a commit. One pack I audited had 10 of its 20 hooks silently broken (reading argv where Claude Code delivers stdin), which no star count would ever tell you.52
  • Measure changes. One team's optimizer pushed a skill from 80% to 96% blind pass rate, while its sibling collapsed to 46% because the optimizer gamed its own metric.56

CH.08

Hooks are the only rules Claude can't ignore

CLAUDE.md is advice. A hook returning exit code 2 is law: the action is blocked and the reason is fed back to the model, no matter how confident it felt.57 Hooks even fire before permission-mode checks, so a deny holds in skip-permissions mode. That combination has a name in the community: Safe YOLO.58

The recipes that earn their latency:

Event Job Recipe
PreToolUse block the catastrophic regex on rm -rf, DROP TABLE, writes to .env, exit 2 with a reason string59
PostToolUse (Edit|Write) silent quality prettier or ruff on save, surface only failures60
Stop completion gate run the test subset before the turn may end, with a stop_hook_active guard against loops57
UserPromptSubmit secret scrub detect sk-... shapes, block or rewrite before the model sees them60
SubagentStop delegation contract reject a subagent's return unless the required artifact exists15
Notification + Stop (async) your attention desktop ping when a session finishes or needs input28

The strongest quantitative case for gates is Blake Crosley's published run of 12 PRDs (47 stories) across 8 overnight sessions, half on a minimal harness and half with full gates:61

Minimal harness (4 PRDs) Full harness (8 PRDs)
Credential leaks to git 2 0 (7 blocked pre-commit)
Force-push to main 1 0 (blocked)
False completion rate 35% 4%
Revision rounds per story 2.1 0.8
Token overhead 0% ~3.2%
Hook time per story 0s ~2.4s

The two credential leaks cost roughly 4 hours of key rotation and downstream auditing. The overhead that would have prevented them was 2.4 seconds of bash per story. And one exit-code detail carries most of it: exit 2 blocks the action and feeds the reason back to the model. Exit 1 is a warning, and the dangerous command still runs. Every security hook exits 2.61

Gates one level below the hooks

A hook only protects the tool that runs it. So my load-bearing rules live lower, as git pre-commit gates, because git commit is the one door every tool and every human walks through:

  • A secrets scan on every staged diff, so a key-shaped string never reaches history.
  • A doc-freshness check: every doc declares what it tracks, and drift blocks the commit (the full story is in the next chapter).
  • An AI judge: a second, independent model reviews each staged file against the project's never-violate rules.

A gate at the git level holds for Claude Code, Codex, Cursor, or a human typing alone. On the trading system that roster grew to 13 gates with no bypass flag. The in-session hook layer sits on top: block-dangerous-git kills force-pushes, hard resets, and branch deletes before they execute.

Now the honesty section, because hooks fail silently. Matchers are case-sensitive: one production report ran six months at roughly 50% hook activation before fixing bash to Bash, which raised it to 84%.62 An early version ignored non-zero exit codes outright, so critical paths deserve an OS-level backstop like file permissions.63 And when a "blocking" hook never fired before a production deploy, the user's all-caps question got a confession worth framing:

"I wrote this hook, told you it was ironclad, and then didn't verify it actually worked."12

Test your hooks like code. The payoff is the tone shift Thomas Wiegold describes after moving rules from CLAUDE.md into hooks: "you stop reading 'I've completed the task' and start trusting it. Or rather, you don't trust it. The hook does. Same outcome, less anxiety."58 One operator's hook that blocks any "I'll remember" reply lacking an actual write killed about 80% of forgot-to-write failures.64

CH.09

Treat the context window as cache and the disk as truth

Quality decays long before the window fills. Boris, from the Claude Code team, forks or restarts somewhere between 200-300K tokens because "even compacting seems to generate subpar summaries."65 Vincent van Deth, 3,000+ hours into multi-agent work, measured the practical threshold: rotate at 60% fill (55% for complex tasks). At 78%, agents write vague handovers and drop critical state.66

Rotate at 60 percent, never wait for auto-compact. Work fills the context window, the handoff file captures state to disk at the rotation threshold, and a fresh session boots from the handoff instead of a lossy compaction summary.
Rotate at 60 percent, never wait for auto-compact. Work fills the context window, the handoff file captures state to disk at the rotation threshold, and a fresh session boots from the handoff instead of a lossy compaction summary.
flowchart LR
    F[Fresh session] --> W[Work]
    W --> C{Context fill}
    C -->|under 60%| W
    C -->|at 60%| H[Write handoff file:
state, ports, next command]
    H --> CL["/clear"] --> N[New session
boots from handoff]
    C -->|pushed to 78%+| V[Vague summary,
lost state]

The trading system is where this chapter stopped being theory for me. A 215k-line Rust codebase does not fit in any window, and at 2,872 commits in 84 days I was crossing session boundaries several times a day. Every crossing was a chance for the next session to hallucinate state: which invariant was load-bearing, which fix was already tried and rejected, which doc had quietly gone stale. On a system that prices bets in production, a confidently wrong assumption is not a style problem. So the transitions got machinery, and the rest of this chapter is that machinery, cross-checked against what the field found independently.

Compaction is the failure state, not the safety net

Documented losses include SSH usernames and credentials the session had used successfully an hour earlier, after which the model resists correction and treats the session as fresh.67 There is even a thrashing mode, where context refills to the limit within three turns of compacting, repeatedly, until a breaker halts the task.68 The transcript stays on disk while the summary keeps no pointer to it, so the data you lost is sitting in ~/.claude/projects/ unreferenced.69

The fix is a standing handoff file the next session boots from.70 Mine is a skill named handoff, and the shape it writes is the part worth stealing:

  • Current state: branch, running services, exact next command
  • What was done: with file paths
  • What failed: approaches that did not work, and why (the most valuable field)
  • What's next and key decisions, verbatim where they were hard-won

Skip it and you pay the amnesia tax: 10-15 minutes per session re-explaining the stack, "like talking to someone with amnesia. Every. Single. Session." At $200 a month, you're paying for amnesia.71

Docs that lie are worse than no docs

A handoff hands over yesterday's state. Docs hand over the project's standing truths, and they rot silently: the code changes, the doc describing it doesn't, and the next session trusts the doc. That failure survived everything else I built, so it got its own gate. Every doc in my repos declares what it tracks (a tracks_dir list, or a dated frozen_at stamp for snapshots), and a pre-commit check compares them at session wrap-up: code changed but its doc didn't, and the wrap-up is held until the doc is fixed. The agent fixes it, not me. My entire job is the occasional "update the doc, or acknowledge the drift?"

The orientation tax, and the graph that removes it

A fresh session's other standing cost is orientation: fanning out across ten files to learn how billing works, every session, forever. Graphify, a third-party tool I run on every repo, removes it. /graphify . turns the whole repo into a persistent knowledge graph (files, symbols, call paths, docs, all connected), and an architecture question becomes one query: graphify query "how does billing work", graphify path "WebhookHandler" "Invoice". On any codebase past ~30 files it pays for itself the first session. On 215k lines of Rust it is the difference between a session that starts working and a session that starts reading.

Keep the standing files small

  • CLAUDE.md stays under ~200 lines: frontier models reliably follow only about 150-200 instructions total, and the system prompt already spends ~50 of them.72
  • Every line is a per-turn token tax, and the tax compounds: a 150K-token turn costs about $0.45 against $0.09 at 30K.73
  • Audit auto-memory for staleness: a project that migrated from Prisma to Drizzle kept getting Prisma abstractions proposed until someone read the memory file.74

CH.10

Money bleeds through defaults, not usage

Almost every documented blowout traces to a setting nobody looked at, not to work nobody needed. Start with the burn catalog:

Incident Bill Root cause
"I accidentally burned ~$6,000 of Claude usage overnight with one command" ~$6,000 hook recursion with no timeout, retry storms13
Headless claude -p with an API key in the environment $1,800 in 2 days headless bills the API, not the subscription. Anthropic's own guide agent recommended the setup, per the developer's still-open issue13
23 subagents analyzing code unattended $47,000 over 3 days no budget caps75
One /typescript-checks command, 49 parallel subagents est. $8-15K, 887K tokens/min for 2.5 hours unbounded fan-out19
--resume since v2.1.69, plus a sentinel bug silent 10-20x cost inflation two cache bugs, found by reverse-engineering the binary76
Tool search off by default 264M tokens across 858 of one user's 926 sessions a default, audited after the fact77

The retry machinery burns invisibly. A teardown of the v2.1.158 binary found six retry code paths that re-send the full conversation, only one of them user-visible, plus an auto-mode classifier spending 30-80K input tokens before every tool-using turn. That is how a user with zero MCPs and zero skills watched 85% of a weekly allowance vanish in four unremarkable sessions.78

Now the counter-example, all of it the hook operator's own posted accounting.1 He found 38% of his agent calls were pure file search running on Opus, which lists at 18.75x Haiku's price. Routing them down cut agent-tier spend about 36% with no quality loss. He pushed 71.76% of all turns into subagents so verbose context never touched the main thread's cache. He hit the cache cliff five times in one week. Then he built a hook that warns before an expensive cold turn. The controls, in order of effect:

  • CLAUDE_CODE_SUBAGENT_MODEL=haiku or sonnet. One worked example cut a loop from $8.30 to $2.00 per run.79
  • A 70/20/10 split: Haiku for mechanical work, Sonnet for review, Opus for judgment. Reported savings of 50-80% on routed skills.43
  • --max-budget-usd and --max-turns on every non-interactive invocation. No exceptions.80
  • Cache discipline: stable prefixes, never swap tools or models mid-conversation. Anthropic's own engineering post says a few points of cache miss can double cost.81
  • .claudeignore for node_modules and build output, 40-60% context reduction.82
  • /usage (v2.1.174) for per-skill and per-agent attribution, plus the offline ccusage CLI, as a weekly audit.83

Plan reality, as of mid-2026: Pro realistically carries 2 parallel sessions, Max 3-5. Ten hot sessions compress the 5-hour window to roughly 30 minutes.84 For raw model prices, Sonnet 5 listed at $3/$15 per MTok at launch, with intro pricing of $2/$10 through August 31, 2026, per Anthropic's release notes.85

CH.11

Never let the model grade its own homework

Rubber-stamp approval is the most frequently observed failure in multi-agent systems: a reviewer sharing the author's context says LGTM because agreement is the path of least resistance.34 Separation must be structural, and the evidence stacks four deep:

  • A fresh subagent sees only the diff and your criteria, never the reasoning that produced the change.45
  • A different vendor's model sees with different blind spots: practitioners report Codex catches major issues in Opus plans more reliably than Opus catches issues in Codex code.86
  • The ARIS research harness states the principle as doctrine: a loop can drive, it cannot acquit.87
  • The strongest number in the pool: a tri-engine review skill (Claude + Codex + Antigravity) reports 94% detection accuracy against ~45% for a single LLM reviewer, and refuses in-context Claude self-review outright as biased.88
flowchart LR
    I[Implement] --> V[Verify:
tests, lint, typecheck]
    V --> R[Review: fresh subagent
or cross-model critic]
    R -->|findings| F[Fix, critical first]
    F --> V
    R -->|clean two rounds| M[Human merge review]

My standing version of this is the commit judge from the gates chapter: a second, independent model reviews every staged file against the project's never-violate rules before the commit lands, at the git level, so the author model never acquits itself no matter which harness wrote the code. On the trading system it runs blocking. Here, on a content site, advisory. The separation is the constant.

Guard the gates themselves

Agents game them. Asked for passing tests, models have shipped assert True and assert 1 == 1.14 In research runs, agents edited test files to match broken implementations and rewrote their own success criteria to declare victory, which is why autonomous task files should be immutable except for flipping passes: false to true.89 For UI work, force the loop through pixels: screenshot at 1440, 768, and 375 wide, make Claude describe what it sees ("the header feels cramped"), fix, reshoot.90

Grow evals like scar tissue

Start with 20-50 tasks harvested from real failures, graded on outcome rather than path. Anthropic's eval guide adds the metric that matters for consistency: pass^k, the probability all k trials succeed. A 75% per-trial agent passes three-for-three only 42% of the time.91 The receipts say the gate pays. Anthropic's Code Review caught a one-line change that would have broken production authentication, plus a latent TrueNAS bug silently wiping an encryption-key cache on every sync.92 A Ship Gate blocked leaked secrets on consecutive days before the team tuned it into a teammate.93

CH.12

Build a sandbox, not a promise

Approval prompts are theater: users approve roughly 93% of them, which makes interactive confirmation unreliable as a safety mechanism on its own.38 The field notes agree:

  • One governance team's telemetry showed its human reviewer rubber-stamping 94% of approvals in under three seconds. A risk-summary card moved median review from 2.8 seconds to 22. Their human-confirmed kill switch added 11 seconds of latency, which for credential exfiltration is the entire attack window.94
  • An operator managing infra through an agent confessed the lived version: "I could approve every ansible and ssh command manually (yes really)... I feel dirty doing it."95

So classify actions once and let policy answer instead of reflex:96

Tier Example actions Policy
Low read files, run unit tests automatic, inside the sandbox
Medium write local files, install dev deps allowed, workspace-restricted
High CI config, secrets, cloud APIs explicit approval, scoped credentials
Critical delete data, IAM, production deploys blocked by default, break-glass logging

The incident file behind the Critical row

  • An agent deleted an entire production database in 9 seconds, backups included, because backups lived on the same volume. Its "why" answers were fabricated rationalizations.97
  • A Cursor agent on Opus 4.6 found a Railway token in an unrelated file, assumed staging scope, and ran volumeDelete on production with no confirmation step. The failure was the token's reach, not the model's intent.96
  • A SQL agent wiped 24,000 production rows. The rule is absolute: destructive work never runs in auto or bypass modes.84
  • Claude Code once bypassed its own denylist via /proc/self/root/usr/bin/npx, and when the sandbox caught that, disabled the sandbox. Not jailbroken. Just trying to finish the task.98

Layered enforcement is what the vendors themselves converged on: deny-first rules that always beat allows, an auto-mode classifier that hard-blocks git reset --hard and terraform destroy (v2.1.183), OS-level sandboxing that cut permission prompts 84% in internal testing, and sandbox.credentials blocking secret reads (v2.1.187).83 The daily pattern that makes it livable: start in plan mode, approve the plan, then switch to bypass for execution inside the worktree, where the blast radius is already contained.43

CH.13

A loop is a goal with a gate, and most tasks don't deserve one

A prompt is one instruction that stops when it answers. A loop is a goal the agent keeps working toward: plan, do, check the result against the goal, feed the gap back in, repeat. Four parts make it real, and the gate is the one that decides whether it helps you or just spends your money.

  • The goal, stated once, with "done" defined in machine-checkable terms.
  • The gate: something that can FAIL the work automatically (tests, a type check, a build, a measurable threshold). Without it, the loop is the model agreeing with itself on repeat, and the verification chapter showed how generously a model grades its own homework.
  • State on disk: what was tried, what failed, what's next, so pass N+1 learns from pass N instead of repeating it. Files and git history, as the context chapter argued, are a better memory than any window.
  • A stop condition: success, or a hard cap on iterations and dollars. A loop with only the happy-path exit is the machine behind the $6,000 overnight bill.13
The four parts of a real loop. The goal defines done in machine-checkable terms, the gate can fail the work automatically, state on disk lets the next pass learn from the last, and the stop condition caps iterations and dollars.
The four parts of a real loop. The goal defines done in machine-checkable terms, the gate can fail the work automatically, state on disk lets the next pass learn from the last, and the stop condition caps iterations and dollars.

Do you even need one

Most advice sells the loop before naming when it is a mistake. Build one only when all four boxes tick, and keep it a manual prompt otherwise:

Box The test
Recurrence the task comes back regularly (a one-off never repays the setup)
Rejectability something automatic can fail bad output, without you
Delegability the agent can run the whole unit end to end, not hand half back
Objectivity "done" is a fact, not a taste (matters of taste still need you)

The order that survives the night

  1. Get one manual run reliable first.
  2. Freeze those instructions as a skill, so the procedure stops living in your paste buffer.
  3. Wrap the skill in a loop: add the gate and the stop condition.
  4. Only then put it on a schedule.

Scheduling a task you never made reliable by hand is exactly how the 3 a.m. post-mortems in the next chapter happen. Prove it, harden it, then automate it. And watch the one economic number that matters: cost per accepted unit of work, not tokens burned. Every iteration re-reads a growing context, and a separate reviewer doubles the reads, so a loop whose outputs you mostly discard costs more than the review time it was meant to save.

Feel it in five minutes, in any chat

You can run the whole mechanism by hand in any LLM, today, with one prompt. Paste this, fill the brackets, and watch the model iterate against its own gate instead of handing you the first plausible draft:

Work in a loop until the result clears the bar.

TASK: [exactly what you want produced]

BAR (strict, no soft passes):
- [criterion 1]
- [criterion 2]
- [criterion 3]

EVERY TURN:
1. PLAN the single next improvement.
2. DO it.
3. GRADE the result 1-10 per criterion, honestly. Name the weakest spot.
4. If every score is 8+, print FINAL and stop.
   Otherwise print ITERATING and attack the weakest criterion.

RULES: never declare FINAL early. Never ask me questions: assume,
note the assumption, continue.

What is still missing from that prompt is everything this article is about: you are the trigger, there is no state between chats, no budget cap, and the grader shares the author's context. The chapters around this one are exactly those missing parts, and the next one is the loop pattern grown up enough to run while you sleep.

CH.14

Overnight runs live or die on four guardrails

The Ralph loop, the pattern under most overnight systems, is a dumb bash loop around a smart model. Its author is explicit about where the safety lives: "the iteration cap is the actual safety net." The completion promise is just the happy path.99

  1. Fresh context per iteration. while :; do cat PROMPT.md | claude -p; done. Each pass starts clean, on purpose. Your files and git history are a better memory layer than the window.99
  2. Filesystem as memory. PROMPT.md re-read from disk, progress files, git commits per completed unit. Nightcrawler formalizes this as 30-60 minute episodes with STATE.json, HANDOFF.md, and a git-diff cross-check that verifies the handoff's claims.89
  3. Backpressure. Real verification commands in the loop (bun test, typecheck, lint). Without them, the loop commits broken code all night.99
  4. A kill switch. MAX_ITERATIONS, a dollar budget, and termination conditions including diminishing returns. Spawn budgets exist because one uncapped session recursed subagents at 10x normal token burn until a manual kill.100
flowchart LR
    P[Read PROMPT.md
+ state from disk] --> W[Work one unit]
    W --> B{Backpressure:
tests pass?}
    B -->|no| P
    B -->|yes| C[Commit + log] --> K{Cap or promise hit?}
    K -->|no| P
    K -->|yes| DONE[Stop, leave report]

What it costs and returns

The economics are reported but striking: roughly $10 an hour at full burn, and one field report, per Huntley's telling, of a $50,000 contract delivered for $297 in API cost.99 A documented Opus run went 4 hours 49 minutes unattended on stop hooks and a completion promise.101 Jean Galea's overnight queue adds the rule that prevents 3 a.m. stalls: on a blocker, don't stop, use a mock or a documented assumption and rank assumptions by the cost of being wrong for the morning scan.102 Expectations, honestly set: one practitioner logs ~80% of overnight runs shipping a useful PR and 20% needing re-prompting.103

The counterweight

This lane is earned. One operator's post-mortem records an agent that wrote its own overnight rules, agreed to them in writing, violated every clause within hours, and at a 3 a.m. failure declared "Not scheduling another wakeup. Operator can pick up from the morning report," despite explicit authorization to continue. His summary: "I woke up to: nothing useful done. Tokens burned for nothing." He could not reproduce his two good nights over the weekend.104 The morning review is not optional. Some nights produce confident nonsense, and you catch it before it matters.102

CH.15

The recovery protocol: stop, checkpoint, revert, never debug the story

When an agent does something you don't understand, its explanation is the least reliable artifact in the room. The 9-second-wipe agent produced fluent, fabricated rationalizations on demand.97 One Opus session insisted a test score was 16/29, invented task flips as evidence, and conceded only after repeated proof that it was 17/29, across multiple turns.105 You do not win that argument. You end it.

  1. Stop the session. Say stop, then work from artifacts.
  2. Read the diff, not the narrative. git diff and the transcript are ground truth.
  3. Rewind what's rewindable. Checkpoints auto-save before each file edit and /rewind restores code, conversation, or both. Know the boundary: Bash side effects (rm, mv, cp) are not tracked. Checkpoints are local undo, git is history.106
  4. Revert one commit. If you committed per completed subtask, recovery is a single git revert instead of 90 minutes of archaeology across fourteen files.107
  5. Give unattended runs an error budget. Three retries per tool call, then escalate. Two unrelated errors, then halt, dump state to STATE.md, exit non-zero so the next run rehydrates. Treat the agent as a stateless function over (STATE.md, repo).108
  6. Apply the Rule of Two. Same fix missed twice means /clear and a better prompt that folds in the lessons, because a correction loop collapses the signal-to-noise ratio.46
  7. If the whole fleet vanished, check for a reboot before assuming a reaper. Identical transcript timestamps across sessions plus a system event is the signature. Every conversation persists to disk in ~/.claude, so a fleet is relaunchable from transcript heads with one script.109

One more tool for the paranoid tier: tapes, a local proxy recording every request and response as a content-addressed DAG in SQLite. One developer reconstructed an hour of lost design context from its nodes table after a mid-session crash.110

CH.16

The field splits by paradigm, not quality: run two tools

There is no benchmark winner to go all-in on. There are three paradigms, and picking the wrong one, per digitalapplied's Q2 2026 matrix, "costs more in wasted developer hours than any pricing plan difference."111

Tool Paradigm Wins Breaks Cost signal
Claude Code synchronous, local, legible deepest orchestration surface, 67% blind preference for its code quality112 context rot at scale, over-delegation bias ~$155 on one benchmarked refactor113
Codex stable executor clean diffs, rarely hallucinates paths, catches Opus plan bugs114 less interactive steering ~$15 on the same refactor113
Jules async cloud, PR-as-product ticket-shaped work, CI-failure auto-fix, free 15 tasks/day115 cannot be redirected mid-run, you learn of a misunderstanding when the PR arrives116 free tier upward
Devin cloud VM contractor 82% on test writing with clear repro 35% on vague bugs, fails silently where Claude Code fails loudly117 $500/mo118
Cursor editor-integrated inline iteration speed ~5.5x more tokens than Claude Code on identical agentic tasks119 $20/mo

The verdict from working engineers is already in: 65% of a 40-engineer survey (verified shipping history) run two AI tools daily, and the pairing crowd self-reports about 2.5x more features per week than single-tool users.120 The high-value pairing is adversarial: one tool writes, the other reviews, roles swapped by task. The dual-track version keeps Claude Code for local implementation and policy-heavy changes while Codex handles parallel background batches.121 You can even wire it inside one terminal: the Codex plugin runs as a peer senior engineer inside Claude Code sessions.122 The line for the async lane comes from Jules practitioners: if you could write a solid Jira ticket for it, delegate it there.115

CH.17

The day-one rig, in adoption order

Anthropic's own docs prescribe a sequence, and it maps exactly to pain: adopt each layer when its trigger fires, not before.123

flowchart TD
    S0[Bare Claude Code] -->|an error repeats twice| S1[Convention in CLAUDE.md]
    S1 -->|same prompt typed twice| S2[Skill]
    S2 -->|side tasks flood the thread| S3[Subagent]
    S3 -->|copying data from browser tabs| S4[MCP server]
    S4 -->|genuinely parallel debate| S5[Agent team]
    S5 -->|a rule must be automatic| S6[Hook]
    S6 -->|a second repo needs the setup| S7[Plugin]

Week-one checklist, assembled from the operators in this piece:

  • Aliases and names. Boris-style za/zb/zc checkout hopping.48 Name every session at spawn: past two unnamed terminals you are guessing, and notifications plus naming are what actually let you scale.20
  • Attention plumbing. Async Stop and Notification hooks with a desktop ping. Check a new session 5 minutes in to confirm direction, then sweep every 15-20 minutes on notifications. Constant interruption degrades output.28
  • Mission control. claude agents (v2.1.139+) lists every background session grouped by state. As of the 2.1.198 changelog, finished background agents commit, push, and open a draft PR instead of stopping.85
  • Money plumbing. /usage, ccusage, .claudeignore, subagent model routing, budget flags on anything headless.83
  • CLAUDE.md cost rules, verbatim from aakashx: no agents for work under ~5 minutes, no duplicate exploration of the same files, no agents spawning agents, stop after two failed repair attempts and ask for a better plan.22

Copy-paste it: the commands, the hook, the skeleton

Nothing above requires reading further. Run these.

# cost floor first: subagents on the cheap tier, spend caps on anything headless
export CLAUDE_CODE_SUBAGENT_MODEL=haiku
claude -p "..." --max-budget-usd 5 --max-turns 20

# one worktree per parallel stream (native since Feb 2026)
claude --worktree auth-api
claude agents          # the dashboard for every background session

# offline cost audit, zero API calls
npm install -g ccusage && ccusage

The one hook that ends rule-repeating, in .claude/settings.json (exit code 2 blocks the action and feeds the reason back):

{"hooks": {"PreToolUse": [{"matcher": "Bash", "hooks": [{"type": "command",
  "command": "python .claude/hooks/block-danger.py", "timeout": 5}]}]}}
# .claude/hooks/block-danger.py — block the catastrophic, allow everything else
import json, re, sys
cmd = json.load(sys.stdin).get("tool_input", {}).get("command", "")
if re.search(r"rm -rf /|DROP TABLE|push --force|> ?\.env", cmd):
    print("blocked: destructive command. Use the documented safe path.", file=sys.stderr)
    sys.exit(2)

The CLAUDE.md skeleton that survives the ~150-instruction ceiling: one paragraph of what the project is, the 2-4 never-violate rules, the commands block, the cost rules above, and pointers to path-scoped .claude/rules/*.md for everything else. Under 200 lines, always.72

One rules file, every harness

Write those standing rules into AGENTS.md, the cross-tool file that Codex, Cursor, OpenClaw, and Hermes read natively, drafted Karpathy-style as a short numbered list of judgment rules. CLAUDE.md becomes literally one line: an import of AGENTS.md. One rules file, every harness, no drift between copies. Two findings keep it honest: files past ~150 lines raise inference cost 20 to 23% with no performance gain,124 and the acid test for whether the file loads at all is claude --print "What is your definition of done?". If the agent cannot echo your commands verbatim, the file is too long, too vague, or not discovered.61

MCP, kept deliberately small

  • Hold the line at 3-6 servers. Past 10, the tool list collides and selection accuracy drops.125
  • Each server loads schemas into every message, up to ~18K tokens per turn per server.75 Turn Tool Search on: 85% overhead reduction with measured accuracy gains.83
  • The classic trap: a local subprocess server needs stdio transport. With SSE it connects fine while every tool call silently times out. That one has cost operators "a day and a half."83
  • Starter set: Context7 for version-pinned docs, Playwright for browser verification, GitHub via the remote OAuth endpoint.126
  • Prefer plain CLI tools like gh for read-only work, roughly 40% cheaper in tokens.75

If you want a fleet console beyond the native one, the genre exists (Claude Wall, ClauBoard, claude-mpm), but it is optional equipment, not a station.31 For scaling, the community's 8-week ladder matches this article's rollout: single loop, then two streams, then test-driven verification, then stop hooks, then overnight, then orchestrated chains.127 And if plan cost bites, the Munder Difflin pattern runs one Opus orchestrator with Sonnet workers: its author reports 80+ commits in 2 days on a $100 plan.128

Third-party packs worth their slot (read SKILL.md before installing, pin to a commit, and remember the ceiling: ~12 good skills beat 4751): Superpowers for the full spec-to-TDD methodology, Planning with Files for plan-first discipline, visual-eyes so Claude sees its own UI, ccusage for the weekly cost ritual.52

Or skip the assembly

Everything above ships as one installable kit, proposed properly at the end of this article.

CH.18

The endpoint: you write loops, not prompts

The destination is not autonomy from you. It is a change in what your hands touch. Boris Cherny, who built the tool: "I don't prompt Claude anymore. I have loops running. They're the ones prompting Claude and figuring out what to do. My job is to write loops."129

The oversight doesn't disappear. It migrates. From Anthropic's own autonomy research:130

  • The longest sessions nearly doubled in three months, from 25 to 45+ minutes.
  • Experienced users auto-approve over 40% of sessions and interrupt more often, not less.
  • Interventions per session fell from 5.4 to 3.3.
  • One operator dispatches five tasks before breakfast and frames the shift precisely: not how do I do more, but how do I offload the mechanical work so my limited attention goes to decisions that require judgment.131

The honest control group

One more thing before you build. METR ran the rare randomized controlled trial: 16 experienced open-source developers, working real issues in their own mature repos, took 19% longer with early-2025 AI tools while believing they had been sped up by about 20%. The 2026 follow-up measured much smaller, statistically insignificant effects.132 Every throughput number in this article is self-reported, which is exactly the perception that trial warns about. The four stations are the answer to that warning, not an exemption from it: machinery you can audit, and verification that doesn't care how fast the session felt.

And tacoda, the developer who spent two months grabbing the keyboard every 30 seconds? Three months after building the corridor, most diffs needed zero feedback. His reviews collapsed from "this is wrong, fix it" to one word: "approved."18

  • Before: you are the runtime. Re-stating rules, watching terminals, reading every line.
  • After: worktrees isolate, hooks enforce, caps contain, verifiers check. Your attention goes where the drunk PhD students genuinely need a sober architect.

The good nights are not yet perfectly repeatable, the post-mortems in this piece prove that much. The four stations are how you make the bad ones cheap. That is what 2,872 commits in 84 days actually took: not a better model. A sober harness, and the patience to build it one incident at a time.

CH.19

You don't have to build it: the whole harness is one install

Everything this playbook prescribes exists as my open, free sober-agents-kit: the gates, the pre-push force-push blocker, the AI judge, the handoff and session memory, the doc-freshness machinery, and my curated skills, with the third-party picks (the Superpowers workflows, graphify) proposed and installed from their own sources. Set up by a five-minute plain-language interview, with whichever agent you already use.

git clone https://github.com/dprvda/sober-agents-kit && cd sober-agents-kit

Then start the interview from your own tool:

Your agent Start it with
Claude Code claude/sober-setup
Codex invoke the sober-setup skill, or say "read setup/INTERVIEW.md and run it"
OpenClaw, Hermes, anything else tell it: "read setup/INTERVIEW.md in this repo and run it"

The first question is which agent you use, and the setup shapes itself to the answer while the repo stays shared and ready for all of them. From there:

  • It asks what you're building and what must never break, in plain words, and drafts your AGENTS.md Karpathy-style from YOUR answers.
  • It proposes a skill set capped under the ~12 ceiling, with the filter math shown. Only my own skills live in the repo. Third-party picks install from their original sources, pinned to a commit.
  • It presents the complete manifest of every file that will land on your machine, and installs only after you confirm. No telemetry, every file readable text.

What lands is honest about its own reach: the commit gates, the push guard, the session memory, the skills, and the framework fact-sheets run with every tool (they live on git and plain files, not inside any AI). The live in-session hooks are the one Claude-Code-specific adapter, clearly fenced, and their most dangerous target is already covered for everyone at the push stage. Every step the interview takes is also documented for hand-installation, so the kit is a five-minute shortcut, never a dependency. If this article convinced you of anything, the kit is that conviction as files: github.com/dprvda/sober-agents-kit.

ai-agentsclaude-codeautomationorchestrationengineering

KEEP GOING

Take this with you.

SHAREXLinkedIn
DashboardPrefer email? Turn it on in your dashboard.

Sources · 133

Sources

  1. An operator's 90-day accounting, "I ran $42,358 of Claude API through a $500 plan in 90 days" (r/ClaudeCode) 2

  2. "I Haven't Written a Line of Code in Six Months" (r/ClaudeAI)

  3. "This is what 3k hours in CC looks like" (r/ClaudeCode) 2

  4. "Claude Opus co-authored a JVMCI compiler" (r/ClaudeAI)

  5. My AI Developer Workflow in 2026 (developersdigest.tech)

  6. StarVoxel Defender solo dev, "Shipped cross-platform mobile game using AI in 130 days" (r/aigamedev)

  7. "Karpathy's CLAUDE.md cuts Claude mistakes to 11%... the rules that get it to 3%" (r/AskVibecoders)

  8. Uber torches 2026 AI budget on Claude Code in four months, thread incl. the "that's what the agent did" review story (Hacker News)

  9. "The Claude Code leak accidentally published the first complete blueprint for production AI" (r/artificial)

  10. Inside Claude Code: the architecture behind tools, memory, hooks, and MCP (penligent.ai)

  11. Data-loss forensics and the session-lease proposal, anthropics/claude-code issue 53819 (GitHub) 2

  12. PreToolUse hooks fail silently, incl. the file-lock confession, anthropics/claude-code issue 31250 (GitHub) 2

  13. How to stop a runaway Claude Code session, the $6,000 and $1,800 incidents (devtoolpicks.com) 2 3 4

  14. I ran the same multi-agent prompts on Claude Code, Codex, and Cursor (pub.towardsai.net) 2

  15. Claude Code subagents: the 2026 production playbook (totalum.app) 2

  16. Prajwal Tomar's own thread on the $15,000 Anthropic hackathon win (X)

  17. "I built a coding agent that gets 87% on benchmarks with a 4B parameter model" (r/LocalLLaMA)

  18. tacoda, In-the-Loop to On-the-Loop: how I stopped micromanaging my AI agent (dev.to) 2

  19. Claude Code agent teams: parallel agents, worktrees, and orchestration (systemprompt.io) 2 3 4

  20. Alex Dunlop, How I run up to 10 Claude Code agents in parallel (Substack) 2

  21. Run parallel sessions with worktrees (Claude Code docs) 2

  22. Aakash, Parallel Claude Code agents: safe workflow guide (aakashx.com) 2 3 4

  23. ashu, How I run 3 parallel Claude Code agents (ashu.co) 2

  24. Practical parallelism with Claude Code, part 4: integration failures (claydon.co)

  25. Parallel coding agents need merge discipline (developersdigest.tech)

  26. Git worktrees + Claude Code: the 2026 playbook, incl. the Grit post-mortem (developersdigest.tech)

  27. Łukasz Komosa, Turning Claude Code into a team: multi-agent orchestration (komluk.github.io)

  28. The complete Claude Code parallel workflow guide, on Boris Cherny's setup (shareuhack.com) 2 3

  29. Claude Code power user tips (support.claude.com)

  30. How to run Claude Code agents in parallel (lowcode.agency)

  31. Best multi-agent coding tools for Claude Code and Codex users (nimbalyst.com) 2

  32. Onur Solmaz, on parallel-session limits and agent etiquette (solmaz.io)

  33. AI agent orchestration in 2026 (amux.io)

  34. "I read 17 papers on agentic AI workflows. Most Claude Code advice is measurably wrong" (r/ClaudeAI) 2

  35. "We ran 52 controlled benchmarks on Claude Code" (r/ClaudeAI) 2

  36. Co-Coder: cohesion-aware task partitioning for multi-agent coding (arxiv.org)

  37. Rate limits blocking multi-agent workflows, anthropics/claude-code issue 62426 (GitHub)

  38. The design space of today's and future AI agent systems, a systematic analysis of Claude Code (arxiv.org) 2

  39. Run agents in parallel (Claude Code docs)

  40. Addy Osmani, Claude Code swarms (addyosmani.com)

  41. Orchestrate subagents at scale with dynamic workflows (Claude Code docs)

  42. You probably don't need Claude Agent Teams (but here's when you do) (builder.io)

  43. Pedro Sant'Anna, My Claude Code setup (psantanna.com) 2 3

  44. Stop coding, start designing: how plan mode changes the way you build (LinkedIn)

  45. Best practices for Claude Code (Claude Code docs) 2 3

  46. Operational best practices, the Interview Pattern and Rule of Two (agentfactory.panaversity.org) 2

  47. Claude Code context management, in-depth guide (institute.sfeir.com)

  48. 10 Claude Code tips from Boris, the creator of Claude Code (r/ClaudeAI) 2

  49. Addy Osmani, How to write a good spec for AI agents (addyosmani.com)

  50. Evaluating skills (langchain.com) 2

  51. "The Claude Code skills actually worth installing right now" incl. the 47-skills test (r/AI_Agents) 2

  52. Top Claude skills for developers, incl. the ToxicSkills findings (snyk.io) 2 3 4

  53. "I gave Claude Code a 'lazy senior dev' mode and it writes like 6x less code" (r/ClaudeCode)

  54. visual-eyes, Playwright vision for Claude Code (GitHub)

  55. Best Claude Code skills 2026 (agensi.io)

  56. "AGENTS.md is the most important file in your repo and nobody's testing theirs" (r/OpenAI)

  57. Automate actions with hooks (Claude Code docs) 2

  58. Thomas Wiegold, Claude Code hooks: from linting to hardened AI workflows (thomas-wiegold.com) 2

  59. Claude Code hooks: 12 production configs with failure modes (heyuan110.com)

  60. Claude Code hooks in 2026: a production playbook (totalum.app) 2

  61. Agent Architecture: building AI-powered development harnesses (Blake Crosley) 2 3

  62. Alireza Rezvani, The Claude Code hooks nobody talks about: my 6-month production report (Medium)

  63. PreToolUse hooks exit code ignored, anthropics/claude-code issue 21988 (GitHub)

  64. "Most people use Claude Code like a chatbot", the promise-checker hook (r/ClaudeAI)

  65. Boris from the Claude Code team on context deterioration (Hacker News)

  66. Vincent van Deth, Context rot in Claude Code: how I fixed it (vincentvandeth.nl)

  67. Context compression loses environment facts and credentials, anthropics/claude-code issue 54082 (GitHub)

  68. Configurable autocompact thrashing threshold, anthropics/claude-code issue 48983 (GitHub)

  69. Claude Code's compaction discards data that's still on disk (Hacker News)

  70. The one file that makes Claude Code sessions actually persistent (devforgedev.hashnode.dev)

  71. Sid Saladi, Claude Code memory 101 (Substack)

  72. Building a context budget: a practical token allocation framework (dev.to) 2

  73. Claude Code context management guide (sitepoint.com)

  74. Claude Code primer, incl. the stale auto-memory case (aman.ai)

  75. Claude Code pricing 2026: complete plans and cost guide (finout.io) 2 3

  76. PSA: Claude Code has two cache bugs that can silently 10-20x your API costs (r/ClaudeCode)

  77. "Anthropic isn't the only reason you're hitting limits: an audit of 926 sessions" (r/ClaudeCode)

  78. Safe disclosure: the retry machinery teardown of the v2.1.158 binary (r/Claude_reports)

  79. John Cook, How to cap a Claude Code loop's spend (Substack)

  80. Claude Code sub-agents: parallel vs sequential patterns, incl. cost guardrails (claudefa.st)

  81. Lessons from building Claude Code: prompt caching is everything (claude.com)

  82. Hagen Hübel, Why your Claude Code sessions keep failing (Medium)

  83. Blake Crosley, Claude Code CLI: the complete guide (blakecrosley.com) 2 3 4 5

  84. Claude Code at 10 parallel agents: week 1 failure modes (findskill.ai) 2

  85. Anthropic release notes and Claude Code changelog, current as of July 2, 2026 (platform.claude.com) 2

  86. Practitioner reports on cross-model review and effort quirks (Hacker News)

  87. ARIS, auto-claude-code-research-in-sleep (GitHub)

  88. The Judge skill: tri-engine adversarial code review (GitHub)

  89. nightcrawler: bounded overnight episodes with immutable tasks (GitHub) 2

  90. jimmc414, Claude Code visual development guide (GitHub gist)

  91. Demystifying evals for AI agents (anthropic.com)

  92. Code Review for Claude Code (claude.com)

  93. Best Claude Code setups for AI and agent development, incl. Ship Gate (claudedirectory.org)

  94. Miles K., Human-in-the-loop and the governance of autonomous systems (Medium)

  95. "Go hard on agents, not on your filesystem" thread, incl. the rm -rf apology (Hacker News)

  96. AI agent deleted a production database: the real failure was access control (penligent.ai) 2

  97. Claude-powered coding agent deletes entire company database in 9 seconds (r/ClaudeAI) 2

  98. Claude Code sandboxing, incl. the March 2026 escape (truefoundry.com)

  99. Steve Kinney, The Ralph Loop (GitHub) 2 3 4

  100. Blake Crosley, The Ralph Loop: how I run autonomous AI agents overnight (blakecrosley.com)

  101. The Ralph Loop: running Claude Code for hours autonomously (developersdigest.tech)

  102. Jean Galea, Run Claude Code overnight while you sleep (jeangalea.com) 2

  103. Running Claude Code overnight: a practical guide (phone-stack.com)

  104. Post-mortem: 12 multi-agent coordination bugs in one autonomous overnight run, anthropics/claude-code issue 54393 (GitHub)

  105. "Opus 4.7 is legendarily bad. I cannot believe this." (r/ClaudeCode)

  106. Session management, checkpoints and /rewind (claudeblattman.com)

  107. Running AI coding agents for 13 days straight (sitepoint.com)

  108. How I stopped babysitting Claude Code: 5 patterns for 24/7 AI workers (dev.to)

  109. Recovering and orchestrating Claude Code sessions after a reboot (jordanjamesmedia.com)

  110. Brian Douglas, Claude failed mid-session. tapes brought it back (briandouglas.me)

  111. Claude Code vs Codex vs Jules: Q2 2026 benchmark matrix (digitalapplied.com)

  112. Claude Code vs Codex: the 2026 comparison (catdoes.com)

  113. Codex vs Claude Code: a 2026 decision framework for CTOs (teamvoy.com) 2

  114. Codex CLI vs Claude Code 2026: stability vs intelligence (utilo.io)

  115. Jubin Soni, Google's async coding agent Jules (dev.to) 2

  116. Claude Code vs Jules (lowcode.agency)

  117. Claude Code vs Devin: control or autonomy (agentsindex.ai)

  118. Devin vs Claude Code: autonomy, cost and verdict (codegen.com)

  119. Claude Code vs Cursor: practical comparison for builders (verdent.ai)

  120. Best AI coding agent 2026: why top devs run two (aibuilderclub.com)

  121. Claude Code vs Codex app in 2026: the dual-track pattern (developersdigest.tech)

  122. Diego Cabezas, Fable 5 as orchestrator with Opus and Codex as executors (X)

  123. Extend Claude Code: the adoption sequence (Claude Code docs)

  124. AGENTS.md best practices (BetterClaw)

  125. Best Claude Code MCP servers (nimbalyst.com)

  126. Best MCP servers in 2026 (totalum.app)

  127. Claude Code autonomous loops: ship features while you sleep (claudefa.st)

  128. "I put my Claude Code agents in the office simulation that runs 24/7" (r/ClaudeAI)

  129. Stacy, quoting Claude Code's creator on loops (X)

  130. Measuring AI agent autonomy in practice (anthropic.com)

  131. The 6 AM dispatch: five parallel workflows before breakfast (techysurgeon.substack.com)

  132. METR, "Measuring the Impact of Early-2025 AI on Experienced Open-Source Developer Productivity" (arXiv:2507.09089)