Cheezy World

Delivering software with discipline and joy

The Security Review Plugin: My latest addition to the Stride plugin library

Yesterday I typed the following into Claude Code:

/stride-security-review:security-review --full

Forty-two agent dispatches and roughly twelve minutes later, I had a 72-finding security review of Stride. The breakdown was sobering: 0 critical, 12 high, 15 medium, 38 low, 7 info. Some of those findings I knew about from having ran a different security review tool. That previous tool found 17 items. The rest were new to me.

Then I spent the rest of the day fixing them - or more accurately watching Claude fix them.

Posted by Cheezy World on Tuesday, May 12, 2026

Prose-Only Enforcement Is Unreliable. Mechanical Gating Works.

As many of you know, I’ve built a tool called Stride. It is a human / AI collaboration tool that offers a robust workflow with many features to drive collaboration and predictability. It takes the form of a hosted kanban-like app that manages the detailed tasks and agent plugins for all of the major AI agents. Even though it has several thousand users now, I have struggled with forcing the agents to always follow the workflow defined in the plugins. The plugins define a lifecycle that is decomposed into seven skills — one orchestrator (stride-workflow) and six sub-skills that handle individual phases (stride-claiming-tasks, stride-completing-tasks, and so on). The sub-skills exist because each phase has a non-trivial API contract that the agent has to get exactly right. The plugins also contain four subagents and a hook designed to execute developer defined commands at specific times during the lifecycle of the work.

Posted by Cheezy World on Friday, May 1, 2026

Context Matters

At the AI Coffee Chat this past Wednesday we were having a great conversation about how to minimize the overall context that your Agent uses and what happens as the context gets full. I will not go into the details here of what the Agent context is and why it is important to not fill it up with unnecessary things. In the Chat session, I made the statement that a great way to minimize context usage is to understand the core thing you are asking your Agent to do and try to move everything else out to SubAgents, Hooks, or Skills.

Posted by Cheezy World on Friday, April 24, 2026

Stride Plugin Updates: From "Go Fast" to "Go Right"

During a recent session on a friends computer where an AI agent implemented 17 Stride tasks back-to-back,I discovered something uncomfortable: the agent skipped nearly every mandatory workflow step. The task-explorer was used once, then never again. The task-reviewer was never invoked. The hook-diagnostician was never called when hooks failed. The stride-subagent-workflow skill — labeled MANDATORY — was ignored entirely. This was shocking to me as I have not see this on my own computer. I realized that I had enough contained in my configuration to force the agent to do what I wanted but not everybody had that config.

Posted by Cheezy World on Tuesday, April 14, 2026

Stride Goes Multi-Platform: Copilot, Gemini, and Zero-Prompt Hook Execution

Prior to today, Stride had excellent support for Claude Code via six Skills and four SubAgents. All other agents were only provided with Skills without the enforcement and additional capabilities added by the SubAgents.

Today I shipped three updates that fundamentally change how AI agents interact with Stride. Two new platform extensions bring Stride’s full workflow and support to GitHub Copilot and Google Gemini CLI. And a new Claude Code hooks integration eliminates the most persistent friction point that still existed in the Claude Code agent workflow: permission prompts.

Posted by Cheezy World on Tuesday, March 24, 2026

FEATURED TAGS
agile ai continuous delivery elixir fly.io liveview phoenix pipeline software development tdd
ABOUT ME
avatar

Software Developer, Continuous Delivery and AI Coach

QUICK LINKS
LAST POSTS