The Three Faces of a ZIP Code
One innocent-looking '12345-6789' was being stored four different ways depending on how it entered the app. Here's how we fixed it.
Pre-Flight or Rollback: Ghost Charges, Part II
Part two of the ghost-charges saga: three code-review comments that turned a working fix into a better one — caller-scoped idempotency, pre-flight over rollback, and singleton-method factory suppression.
Ghost Charges: When a Rollback Costs Real Money
Chasing a $500 billing bug in production — how a Rails transaction rollback silently kept real Stripe charges, plus the four other bugs we found along the way.
Pandora 0.6: A Decorator-First Rewrite
Pandora 0.6 replaces the old state/props bags with 14 new decorators, auto-rendering, and a simplified lifecycle.
The Platform Churn Hardening Session: One Interceptor to Rule Them All
A ten-hour dig through subscription pause/cancel hardening: two-timestamp state, T0/T1 timing, and one very smug axios interceptor.
Pandora's Bug Box: Nine Fixes in a Web Components Library
Nine bugs in a decorator-first web components library, and the TC39 metadata-timing gotcha that was hiding behind three of them.
@joliegg/moderation 0.9.0 — Classifier Composition
@joliegg/moderation 0.9.0 adds OpenAI moderation provider, ScoringRubric for classifier-to-action mapping, and a typed AuditTrailEmitter.
@joliegg/moderation 0.8.0 — Spam, Raid, and Text Primitives
@joliegg/moderation 0.8.0 lifts production spam, raid, and text-normalization primitives into the library, with subpath exports and Bun-native hashing.
Security Hardening: 13 Fixes Across Auth, Visibility, and SSRF
Two rounds of security review on Restless Dreams: webhook auth, token scoping, scheduled post leaks, SSRF via DNS rebinding, and plaintext credential exposure. 25 files, 13 findings, 0 test failures.
Hardening a Subscription Pause Feature: 22 Fixes, Three Review Rounds, One Clean Commit
A deep dive into 22 code review findings across Stripe webhooks, service-layer correctness, frontend UX, and a pair of latent class-load bugs — all squashed into one commit.
Moderation Hardening: 7 Critical Bugs, 18 Commits, Zero Regressions
A deep audit of a Discord bot's moderation system uncovered 7 critical bugs, race conditions, and privacy leaks — then fixed all 16 tasks in one session.
Evaluating a Lead Capture Provider Swap: EMM vs RetargetIQ
Deep dive into swapping EMM for RetargetIQ: push vs pull models, auth, campaign management, multi-tenant isolation, data richness, full migration scope, de-duplication design, and risk assessment.