// chris johnsonField notes on cybersecurity, AI-assisted development, infrastructure, and the craft of shipping things that actually work.
Get a weekly email with what I learned, summaries of new posts, and direct links. No spam, unsubscribe anytime.
Part 6 of the home network dashboard build. The LOG LAKE panel ships a SIEM ingestion-health strip and a GUI firewall query builder that compiles to parameterized ClickHouse under the hood. One PR, two waves, 1193 backend tests at merge. Then deploy day on the live Mac mini produced five production-only bugs in a single afternoon: a readonly-pool 500, a timezone-mixed poll crash that had been firing every five minutes for hours, a 20-day-silent Pi-hole pipeline (two layers stacked), a Vector container reading a stale bind-mounted config, and a UDM doubled-hostname frame that silently broke action derivation for 159,909 rows. The meta-lesson is that the proposed fix for the last one was an invasive Vector source rewrite that the persona team vetoed in favor of an operator toggle and a four-line MV recreation.
Part 6 of the home network dashboard build. The SIEM cutover dropped the DNS search endpoint without replacing it, and the only reason I caught it was clicking into the live dashboard and seeing "Failed to load DNS query log." This post walks the session that put search back: the diagnosis, the brainstorming workflow that pinned down five contested design choices, the five-wave persona dispatch, the parallel reviews that caught a third-scan query and a PII gate divergence, the FastAPI int-Literal gotcha that ate an hour, and a live smoke at 41 results in under 100ms with the sparkline-sum-equals-aggregate-total invariant holding 454 = 454 on the first row.
Part 2 of a 2-part series on replacing the Mission Control Dashboard's SQLite-only event store with a Vector + ClickHouse log-lake. This post walks the 14 implementation phases, the cutover gate that caught 19 column-name drifts, the launchd watchdog bug that almost shipped a 7-second outage on every fsevent, and the persona-rule track record from 137 commits.
Part 5 of the home network dashboard build. Phase 1.1 ships the Network tab, five new surfaces, two new security signals, and 694 backend tests at merge. A 5-wave persona team caught a critical ship-blocker before merge, then in-session live verification on the deployed dashboard caught two more bugs of the exact same shape: wrong join field, silent zero, fixtures encoded the same wrong assumption. The marquee lesson is that persona-team review is necessary but not sufficient. The second line of defense is running the live system in-session, not waiting for a scheduled probe to find drift.
Part 4 of the home network dashboard build. V2 ships a Threat Intelligence tab with 6 in-house heuristics, two free public feeds (URLhaus + Hagezi), and an on-demand RDAP/IPinfo enrichment skill. 161 anomalies surfaced from 45,000 daily DNS queries on the dispatcher's first real-data run. Seven PRs, 603 backend tests, 163 Vitest, 20 Playwright at merge. The marquee story is not the feature, it is the post-merge audit: five bugs that all four CI jobs missed, all five caught only after the dashboard hit production. The gap between "tests pass" and "production works" has a shape and a price, and this post itemizes both.
Part 3 of the home network dashboard build. 11 deferred items closed in one session. Two PRs merged the same day. OpenAI Codex shipped Feature 1 phases 1.1-1.3 from a re-runnable plan doc, then hit its weekly $20 ChatGPT Plus rate limit. Claude Code picked up where Codex left off, fixed CI, closed a PII consistency gap on the new domain endpoint, and merged PR #5. The same Claude session then swept 11 more deferred items from the same plan doc into PR #6. 523 backend tests, 141 Vitest, 15 Playwright at the end. The through-line is the plan doc, not the agent that read it.
Part 2 of the home network dashboard build with Claude Code. One persona-team session ported a cyberpunk redesign onto Phase 1, surfaced 18 actionable findings across four reviewer dispatches, fixed every one in the same session, and produced fully phased plans for two future features (DNS click-throughs and a Threat Intelligence tab) on the way out. 519 backend tests, 135 Vitest, 15 Playwright, all green at merge. The through-line is the reviewer-only persona team, not the skin.
Part 1 of a multi-phase build: a single pane of glass for my UDM Pro, Pi-hole, and UniFi Protect home lab, written entirely with Claude Code. 12 parallel workstreams, four enrichment waves on top, 497 backend tests at 82.9 percent coverage, 132 frontend tests. One CRITICAL plus three HIGH security findings caught and fixed in review. The whole thing rests on the UniFi MCP, Pi-hole MCP, and persona-team patterns shipped in earlier posts; Phase 2 layers a cyberpunk skin on top of it.
14 GB free on a 180 GB Mac. Parallel storage scans, a 4-tier classification system, deep research into iMessage's 29 GB local cache, and a reusable /storage-cleanup command. Total reclaimed: 43 GB.
A pairing/admin-approval privilege escalation CVE hit OpenClaw. My security agent ran a threat hunt, my builder agent implemented a Security Panel on the Mission Control dashboard, and 15 files later the system can see itself. Here is the full story.
I wanted a living document for my family, something like a private Wikipedia where we could record accomplishments, life stories, and milestones. Here is the complete blueprint: gathering source material, multi-agent orchestration, a 5-phase pipeline, PII protection, and a one-prompt quick start.
Building a pixel-art retro dashboard to command 7 AI agents on an M4 Mac Mini: System Health, Agent Fleet, Team org chart with role card modals, Telegram monitoring, cron jobs, and more.
A deep dive into OpenClaw's three-tier memory system: hybrid search with nomic-embed-text embeddings, temporal decay, sqlite-vec vector storage, and the full configuration that makes agents remember across sessions.
After Part 1's fortress locked itself out, I rebuilt OpenClaw incrementally: one security control at a time, with 7 agents, 6 Telegram bots, and verification after every step.