RAG with Postgres and pgvector in production: from PoC to SLO
Embeddings, HNSW indexing, reranking, evaluation, context window, latency under load. Full stack with code and measurable SLOs.
Category
Methodologies that respect your time: lightweight processes for small teams.
Embeddings, HNSW indexing, reranking, evaluation, context window, latency under load. Full stack with code and measurable SLOs.
This guide shows how to build a production-ready agent with the Anthropic SDK in Python: the tool-use loop with the Messages API, streaming with backpressure via a bounded queue, prompt caching with cache_control, your own MCP server registered with the Claude Agent SDK, OTel GenAI traces, and a non-root Docker container ready for production.
Using an LLM to judge another LLM became widespread in 2024 and remains, in 2026, the only scalable way to evaluate qualitative quality in LLM systems. It is reliable when judge-human correlation exceeds 0.7 on 30 cases and gets recalibrated quarterly; below that threshold, do not trust the number.
Opus 4.7 launched as Anthropic's most capable model, with emphasis on long-horizon agentic work. After two months of intensive use, these are the practical changes versus Opus 4.6.
The first invoice for a production agent usually runs double or triple the estimate. This article walks through five real levers, in priority order, caching, routing, context control, batching, and telemetry, to cut cost without touching perceived quality.
After fourteen months testing AI-integrated DevOps tools across several teams, the stack that stays is small: Claude Code, Cursor, and Aider for code; PagerDuty AIOps, Datadog Bits AI, and Grafana Assistant for alert triage; and OpenTofu with OPA for infrastructure generation bounded by policy rules.
AI agents fail in production, and what matters is how you respond in the first twenty minutes. This runbook covers severity classification, isolating before investigating, purging contaminated memory, communicating without inventing facts, and turning every incident into a regression test before closing it as done.
LLM red teaming has gone from an esoteric activity to a mandatory practice. With the OWASP Agentic Top 10 and the CSA Agentic AI Red Teaming Guide converging on shared vocabulary, this is the operational playbook any team deploying agents needs to have.
Después de año y medio llenando tableros con agentes en producción, la pregunta que separa equipos que envían fiable de los que van a ciegas sigue siendo la misma: ¿cómo mides que el agente está funcionando?
The RICE framework is a prioritization methodology created by Intercom that produces a score by combining four factors: Reach, Impact, Confidence, and Effort. It divides the product of the first three by the estimated effort in person-months, so it can compare unrelated initiatives using one objective number.
Prompt engineering has moved from viral tricks to a discipline with reproducible patterns: few-shot, chain-of-thought, and structured output with function calling. Teams treating prompts like code (versioned, tested, and monitored) get consistently better results than those who improvise.
Two years after the final NIST standards, post-quantum migration is no longer hypothetical. What has actually been migrated, what remains stuck, where the real operational problems lie, and how the timelines look from April 2026.
After two years of pilots and a year of agents in production, governance has moved from an aspirational committee to an operational control. What audits ask for, what broke in 2025, and which guardrails absorb most incidents.
Durante 2025 cientos de equipos pusieron agentes IA en producción real. A principios de 2026, con datos suficientes, emergen lecciones consistentes sobre qué falla, qué funciona, cuánto cuesta y qué tareas no encajan. Repaso ordenado para equipos que empiezan ahora.
Tres años después de que platform engineering se convirtiera en palabra de moda, el polvo ha caído. Unas pocas empresas tienen plataformas internas que de verdad aceleran al desarrollo, muchas montaron un portal Backstage vacío y algunas volvieron a DevOps clásico. Análisis de qué distingue a las que ganaron.
La factura de IA en las empresas ha dejado de ser anecdótica. Entre tokens de modelos frontera, GPUs reservadas que nadie usa y pipelines RAG con cachés mal configuradas, muchos equipos pagan diez veces lo que deberían. Guía de FinOps específico para IA sin relatos promocionales.
Sixteen months after Anthropic first shipped computer use, with browser-use, OpenAI Operator and Gemini Computer Use all pushing in parallel, agents that drive the browser and desktop have moved from demo to real workflows. Time to review which patterns survive when you run them daily in production.
A selection of postmortems published between 2025 and 2026 by teams running AI systems in production reveals repeated patterns: guardrail failures, silent model drift, hidden vendor dependency, and a collection of near-misses worth distilling.
Dos años de experimentación con modelos generativos aplicados a descubrimiento de producto han dejado prácticas concretas útiles y otras tantas que se descartan. Un repaso honesto de qué ha funcionado, qué ha fracasado y cómo incorporar IA al ciclo de discovery sin corromper sus fundamentos.
A principios de 2026, varias plataformas de orquestación incluyen carbon-aware scheduling como opción por defecto o muy visible. Con meses de datos reales, toca evaluar si la promesa de reducir emisiones sin dañar rendimiento se cumple y en qué escenarios.
Los cuadros de mando con IA llevan un par de años prometiendo detección de anomalías mágica y causa raíz automática. La realidad es más modesta pero también más útil, si se sabe separar el ruido del valor real. Repaso honesto de qué funciona y qué no.
Large language models have spent two years promising effortless documentation for code, APIs and architecture. After watching dozens of projects try it, clear patterns emerge for where it works and where it just becomes more debt.
Guardrails frameworks promise to filter language-model inputs and outputs to block data leaks, harmful content, or hallucinations. After evaluating four of the most popular ones in production, I cover what they actually do, what latency and billing cost they add, and when they pay off over simpler controls.
Agents that chain calls to models, tools and memory are hard to debug without instrumentation designed for them. After a long year running agents in production, I cover what to measure first, which standards are consolidating, and which costly mistakes are avoided by getting the traces right from the start.
After three years of expansion and an overheated ecosystem around the term, platform engineering enters 2025 in a consolidation phase. The internal platforms that survive are the ones that understood their real function; those that mistook the label for the solution are dismantling their teams or cutting them drastically.
Probar sistemas que incluyen modelos de lenguaje rompe la primera regla del testing: la misma entrada da la misma salida. Analizo las estrategias que han funcionado tras un año largo integrando IA en productos reales, por qué los tests deterministas tradicionales no bastan y cómo plantear un cinturón de pruebas que capture regresiones sin bloquearse en la varianza.
Four years ago it was an academic curiosity. Today, scheduling workloads by grid carbon intensity is a built-in option in Kubernetes, in several cloud provider services, and in CI tooling. We look at what genuinely changed and what is still more promise than practice.
Los equipos de producto están tentados de sustituir entrevistas y tests reales por síntesis de IA. Dos años de experiencia ya permiten separar dónde la IA ayuda de verdad y dónde genera una falsa sensación de entender al usuario.
OpenSSH added hybrid post-quantum key exchange with ML-KEM in version 9.9 and made it the default algorithm in 10.0. The question is no longer whether to migrate SSH to post-quantum, but how to do it without breaking old clients: enable the hybrid mode, keep a classical fallback, and verify with ssh -v that the active algorithm is the right one.
Casi nueve meses después del lanzamiento de Computer Use, algunos equipos lo han llevado a producción para tareas reales. Dónde funciona, dónde todavía no conviene, y qué patrones están emergiendo para que un agente que maneja ratón y teclado no acabe siendo más problema que solución.
AI agents are starting to earn a real place in continuous integration pipelines: reviewing diffs, proposing fixes, generating missing tests. Six months of real-world use to separate the patterns that work from the ones that end up costing more time than they save.
Continuous profiling with eBPF samples every process's execution stack every few milliseconds without touching the code, then stores the history so you can compare last week's performance with today's. The cost measured in production runs between 1% and 3% of CPU, and it pays off most in databases, API gateways and high-concurrency services.
Han pasado siete años desde que Google publicó el Workbook, y buena parte del libro no ha envejecido. Repaso los patrones que de verdad aplicamos en equipos pequeños y los que resultaron ser cultura de campus.
In AI systems the real cost is not EC2 instances but input tokens in RAG and agents, chained tool calls, and frequent reindexing; those vectors, plus unattributed experimental spend, concentrate most of the monthly production bill.
Un sistema RAG sin evaluación continua se degrada en silencio. Los índices cambian, los modelos se actualizan, los usuarios preguntan cosas nuevas. Este es un repaso práctico de qué métricas vigilar y cómo montar el cuadro de mando que avisa antes del incidente.
Después de años acumulando SBOMs, el cuello de botella es filtrar qué CVEs afectan de verdad. VEX aparece como la pieza que convierte el ruido en señal, y en 2025 empieza a tener adopción real en pipelines de supply chain.
AI agents have moved from a lab curiosity to serious SDKs from three major providers. A reflection on moving from the flashy demo to an internal use case that shifts a real, measurable metric.
Semgrep has grown into one of the most pragmatic static analyzers in the ecosystem. A look at why it works where other SAST tools fail, and how to fit it into a pipeline without turning it into noise.
Two years after Zero Trust stopped being a marketing word, it is worth looking at how it connects with the SIEM teams run day to day. A look at useful signals, avoidable noise, and the decisions that actually change security posture.
Con las primeras obligaciones del AI Act europeo ya en vigor, la gobernanza de la IA en empresa deja de ser teórica. Qué comités montar, qué políticas escribir y qué auditar, desde la experiencia de varias implantaciones.
Dependabot and Renovate chase the same goal with different philosophies. I compare both after years running them on my own and client projects, covering when one fits better and when the other suits a team's workflow more.
A year ago open weights were a gamble; today they are a real production option. I review what has worked, what has not, and how Llama, DeepSeek, Qwen, and Mistral are fitting into enterprise architectures that used to depend on closed APIs.
Two years into living with AI assistants in the editor, habits have settled. A reflection on what has changed in day-to-day coding, what has been learned, and what was still left to discover.
Three years after RLHF became popular, the model-alignment field is far richer. A review of RLHF, DPO, and newer methods such as KTO and ORPO, with criteria for choosing between them.
SLSA v1.0 splits software supply-chain security into three tracks (Build, Source, and Dependencies), of which only Build is stabilized, with three levels: L1, L2, and L3. If you build in GitHub Actions, reaching L2 with Sigstore-signed provenance takes a few hours and is the starting point I recommend to any team.
Measuring RAG quality rigorously takes more than skimming a handful of answers: it requires objective metrics (faithfulness, relevance, context precision, and coverage), a golden set of hundreds of curated questions, and regular human validation of the LLM judge to avoid misleading conclusions.
Software is not immaterial: every request and database query consumes electricity with a carbon footprint. The Green Software Foundation encodes eight practical principles to reduce that footprint without rewriting systems. The result is a more efficient service, a lower cloud bill, and readiness for ESG regulation.
LLM applications need three distinct observability planes: prompt and response traces for debugging hallucinations, per-token and per-feature cost tracking, and response quality evaluation. Mature tools like Langfuse, LangSmith, and Helicone cover all three planes with specific instrumentation.
CrewAI modela agentes como un equipo con roles y tareas. Cómo se compara con LangGraph y AutoGen, y cuándo merece la pena adoptar un patrón multi-agente.
Kubecost and OpenCost map real costs to namespaces, deployments, and labels in Kubernetes. OpenCost, the Apache 2.0 open-source core, covers essentials for free. Kubecost adds multi-cluster visibility and advanced cloud billing. For clusters spending over $5,000/month the ROI is clear: identified savings typically exceed software cost within the first month.
A badly configured Alertmanager turns every incident into noise: a single unrouted receiver ends with an ignored Slack channel within a week. This article covers, on Alertmanager 0.27 and Prometheus 2.54, how to design the routing tree, inhibition rules, silences and on-call rotations to curb alert fatigue without losing real incidents.
Chaos engineering is the practice of injecting real-world failures into production in a controlled way to verify that the system responds as expected. It requires prior hypotheses, a minimal blast radius, and mature observability. Open-source tools like Litmus and Chaos Mesh make adoption accessible without commercial spend; the ROI comes as avoided incidents and better-prepared teams.
Ansible and Pulumi solve different problems and are not competitors: Ansible manages configuration inside a server (packages, users, services); Pulumi defines, with real code in TypeScript, Python, Go or .NET, which cloud infrastructure exists (VPCs, instances, databases). Combining them, with Pulumi's dynamic inventory feeding Ansible, is the most productive pattern for automating a stack that includes servers in the cloud.
Evaluating a RAG system without metrics is pure guesswork. Ragas measures four core signals: faithfulness, answer relevancy, context precision and context recall, using an LLM as judge. TruLens, DeepEval and other frameworks cover similar ground. Wiring evaluation into CI from day one catches regressions in prompts, chunking or model choice before they reach production.
Carbon-aware computing runs flexible workloads when grid electricity emits less CO2, cutting emissions 10-30% without changing infrastructure. Grid carbon intensity varies up to 16x by hour and region; tools like Electricity Maps, WattTime and the Carbon Aware SDK make that scheduling possible with real grid data.
Sigstore has become the standard signing layer for OCI artefacts. GHCR is the best-integrated registry; Harbor 2.5+ and Quay offer native support; AWS ECR pushes its own KMS scheme. Verification earns its keep at three points: the cluster admission controller, the GitOps layer, and the CI/CD pipeline. The public Rekor has rate limits that force self-hosting past a certain build volume.
SLOs and error budgets only work when the budget drives real decisions. A feature freeze that triggers on exhaustion, deploy velocity that adjusts to consumption. With two or three well-chosen SLIs, a clear freeze policy, and simple tools like Prometheus with Sloth, a team can sustainably balance velocity and reliability in production.
Choosing an open LLM for enterprise in 2024 is no longer just Llama 2: Mistral, Mixtral, Qwen, Yi, DeepSeek, and Phi-2 all compete with different licences and sizes. The criteria that actually decide are commercial licence, available hardware, language support, and your own evaluation on real use cases, not just the trendy benchmark.
Blameless post-mortems are easy to proclaim but hard to execute well. Without genuine blame-free culture, a factual timeline, honest contributor analysis, and action items with a clear owner and deadline, the exercise degenerates into empty ritual that does nothing to prevent the same incidents from recurring.
An Internal Developer Platform (IDP) centralises service discovery, provisioning and observability in a single portal, so developers stop depending on stale wikis and Slack channels. Backstage, Port and Cortex dominate the market: Backstage is open source with a dedicated team, Port is fast low-code SaaS, and Cortex focuses on scorecards for measurable technical discipline based on team size.
The SaaS market is consolidating after years of fragmentation: private equity acquisitions, licence changes, and double-digit price hikes have shifted negotiating power toward vendors. A practical framework to audit your exposure, build credible migration pressure, and design exit strategies that work when you actually need them.
Signing images and artifacts with Sigstore has stopped being a rare experiment: projects like Kubernetes already use it. The keyless model in cosign, Fulcio, and Rekor removes private-key management, but it only protects you if deployment verifies who signed, not just whether a signature exists.
Flux CD and ArgoCD are the two CNCF-graduated GitOps tools for deploying to Kubernetes with Git as the source of truth. ArgoCD offers a centralised visual UI that manages several clusters from one instance, while Flux is a set of Kubernetes-native controllers with built-in image automation. Neither choice is wrong: it depends on your team and use case.
ArgoCD has established GitOps as the standard deployment practice for Kubernetes: the Git repository is the single source of truth for the desired state, and the agent continuously reconciles the cluster. This guide covers the four formal GitOps principles, sync policies, common production mistakes, and a comparison with Flux.
Platform engineering formalizes the internal product development teams need. An Internal Developer Platform (IDP) centralises deployment, observability and self-service behind a unified interface so product teams deliver value without becoming infrastructure experts. Investment pays off from around 30 to 50 developers.
SLSA v1.0, published in April 2023, defines four maturity levels for securing the software supply chain, from basic provenance to isolated builds. Level 3 requires every build to run in an ephemeral, stateless environment, eliminating attacks like build contamination and insider threat, and is achievable with GitHub Actions and OIDC signing via Sigstore.
FinOps turns cloud cost into an engineering discipline rather than a finance problem. The Inform-Optimize-Operate framework delivers per-team visibility, continuous waste reduction, and cost SLOs. Rigorous tagging and open-source tools like Kubecost or Infracost let teams regain control of the bill without slowing delivery.
Google's SRE book (2016) is canonical reading, but it is written for thousands of engineers and in-house datacenters: applying it literally on a small team creates friction. Five principles do travel (SLOs, error budgets, blameless postmortems, toil management, humane on-call); what does not scale is Google's infrastructure and dedicated roles.
With 30 or more microservices, end-to-end tests become slow, fragile and impractical. Pact implements consumer-driven contract testing: the consumer defines what it expects, the provider verifies it in its own CI pipeline, with no shared environment needed. The result is integration proof in seconds, not minutes.
To write Prometheus alerts that won't get ignored, alert on customer-observable symptoms (latency, error rate, saturation) instead of internal causes like CPU or memory, define SLOs with multi-window burn rate to scale severity, add a watchdog alert that confirms the system is still alive, and review the signal-to-noise ratio every quarter.
The MoSCoW method organises project requirements into 4 categories: Must have (essential), Should have (important), Could have (desirable), and Won't have (out of scope). Its purpose is to force an explicit priority conversation before committing team resources and time.
The Kano model classifies product features into three types: basics (what customers take for granted), performance (where more investment yields more satisfaction), and emotional delighters (unexpected extras that build loyalty). Knowing which category each feature belongs to sharpens every roadmap decision.