It was a Saturday afternoon. I pressed the power button on my PC and… nothing. Fans spun for a second, LEDs blinked, then dead. Then it tried again. One second, dead. One second, dead. An infinite boot loop with no display output, no beep codes, nothing. What followed was a week-long odyssey of diagnostics, wrong guesses, a new motherboard, a bricked BIOS, and — when every computer in my house was dead — an 11 PM coding session on my phone to patch an open-source tool that was never meant to run on Android. ...

It was 7pm on a Wednesday. I was staring at my terminal, watching OpenCode try to answer a question about a library it had never seen before. The LLM was doing its best. But it was hallucinating API endpoints that didn’t exist. And I thought: “Why can’t my AI just… search the web?” The Problem I use OpenCode, Claude Code and some times Crush as my daily coding companion. It’s powerful. But it has a blind spot: The native web fetch can’t access claudflare protected sites. ...

Recently, I watched a Veritasium video called “The Internet Was Weeks Away From Disaster and No One Knew.” It dives deep into the history of the XZ Utils backdoor—a highly sophisticated, multi-year social engineering campaign that almost compromised OpenSSH and the entire open-source ecosystem. A malicious actor spent years gaining trust, slowly pushing malicious commits into a deeply buried compression library that everything else depends on. ...

The last post was about architecture decisions. This one is about execution. I spent this cycle turning ideas into something runnable and testable. Not polished. Not “AI magic.” Just real foundations. What shipped since the last post 1) REST API vertical slice navi-agent now has a working API backbone with health, task, and agent routes, including sync flow. This gave me a full path from request → service → persistence → response, which is where real design flaws start to show up. ...