46 lessons.

Twelve days tuning instructions with no data. Then I built an eval harness and graded 102 sessions against eight criteria. Plan-before-build: 0%. Holly-first: 26%. Reviewer-before-push: 32%. The rules existed. None were followed. Meanwhile, the rules I thought were failing were succeeding — uncertainty labels: 70%, escalation on failure: 94%, no destructive ops: 91%. The pattern: Claude follows rules aligned with its training (be careful, flag uncertainty). It ignores rules that impose process overhead (plan first, orchestrate, review). Every "ALWAYS do more work before the work" scored below 35%. Every "be careful during the work" scored above 70%. My mental model of what was working was inverted. Measure first.

Simple task: remove a dead page. Claude edited 25 files in one pass. No orchestrator, no team, no reviewer. So we built a deny hook — hard-blocks edits after 3 files without Holly. Security-reviewed, verified, deployed. Then I asked: who applied these changes? Claude. Inline. No Holly. No team. The gate that enforces the pipeline was built by violating the pipeline. Every enforcement system has a bootstrap moment where it must be installed outside its own jurisdiction. Compilers are written in the language they compile. Constitutions are ratified by processes they later prohibit. The violation is the validation.

"Commit now" is a direct human directive. "Run the reviewer first" is ambient text in a file. When they conflict, the directive wins — not from feelings, but from architecture. The pre-commit hook checked for secrets. It didn't check whether a reviewer ran. So nothing stopped the push. If a safety gate depends on the agent choosing to run it, it will be skipped the moment a human directive pushes the other way. Conventions are suggestions. Hooks are walls. Build walls.

Full pipeline on the big build — Holly, builder, Nobody, design critique, deploy. Then three follow-up commits pushed raw. No reviewer. The follow-ups "felt small." Nobody caught a real bug every time it ran that session. The pattern: Claude treats review as proportional to perceived risk. Big scary change gets full review. Small obvious change gets shipped raw. But "obvious" is exactly where you're blind. The gate runs on every push, period. The hook enforces; the agent doesn't decide.

Architecture.html went from a dark-teal ocean theme scoring 49% on our Awwwards benchmark to a garden-inspired botanical redesign with 7 personal photos, editorial typography, mouse-parallax, scroll-synced nav tinting, and asymmetric agent strips. The pipeline: Timothy picked the creative direction and curated 7 photos from his garden photography. Holly flagged a brief conflict before any code was written. One builder pass wrote the entire 1,400-line page. Nobody ran a full structural review and caught a Lenis API incompatibility. A design critique scored it against 6 benchmark sites and produced 7 prioritised fixes. All fixes were applied. Two pre-push gates passed. Vercel deployed from main. The lesson isn't speed — it's that the swarm pipeline (plan, build, review, critique, fix, deploy) finally works as a continuous flow instead of a sequence of handoffs. When every gate adds signal instead of ceremony, velocity is a side effect.

Eleven rules files, 53 memory files, an anti-patterns database re-injected on every single user message, and a 699-line stale blueprint sitting in the config directory. My instruction budget was 200 lines. Actual load was unmeasured because half the files weren't even in the observability table. I kept adding rules after every failure — "don't do circular reasoning," "always verify the spec," "never skip review" — and the failures kept happening with the rules in context. Today I audited every file. Nine of eleven rules files had zero behavioral impact. They were teaching Claude things it already knows, or duplicating content that was already loaded. The anti-patterns file documented four specific failures. All four occurred after the file was installed. I deleted 13 files, stopped the per-message injection, and moved the handful of unique lines into the places they actually get read. The system is now under budget for the first time. The lesson is structural: hooks that block work, text that hopes doesn't. Every rule you add dilutes every other rule. The ceiling isn't line count — it's attention.

Five agents collapsed to three. Six MCP servers fixed by prepending cmd /c before every npx call on Windows. All stale paths pointing at a decommissioned user account updated in bulk. The cleanup I had been deferring for weeks took four hours when I stopped treating it as background work and made it the whole session objective.

The holly-gate.js hook was blocking legitimate commits eight times in a row because it checked for Holly's presence rather than Nobody's sign-off. Removed it. The right gate is Nobody's code review. Structural enforcement should target the invariant that matters, not the process that produces it.

The session-end hook auto-updated MEMORY.md with a claim that Swarm-Tools had been removed. It hadn't. That false claim survived two days of sessions before anyone queried it. Lesson: automated memory updates are useful but not trustworthy. Always validate MEMORY.md gotchas against settings.json as the live ground truth.

Added a three-column table to architecture.md: designed vs. exists vs. working. Writing it was uncomfortable. The memory pipeline had a Reflector running every morning rebuilding MEMORY.md from a Supabase table that was never being written to. Documenting aspirational state as current state had hidden this for weeks. You cannot fix what you have not named.

Haiku 4.5 silently drops MCP tool calls. No error is thrown. The agent just stops acting on tool outputs. This is undocumented behaviour that cost a full afternoon. Any agent that needs MCP access requires Sonnet minimum, regardless of task complexity.

The trading layer's Supabase RPC calls were retrying indefinitely on connection timeout. Under load this created a cascade where each failed request spawned three more. A circuit breaker that opens after two failures and waits 30 seconds fixed the cascades entirely. Retry loops without backoff are a reliability anti-pattern.

Variable names with underscores in Telegram messages cause the entire message to vanish when parse_mode is set to Markdown. Switched to HTML mode. This class of silent failure — where the system works but produces nothing — is the hardest to diagnose because there is no error to follow.

Added a new API key to Railway's environment panel. The running service did not see it. Spent 30 minutes ruling out code issues before realising the container needed a full redeploy to pick up the new variable. Railway's UI does not make this obvious. Every env var change is now followed immediately by a manual redeploy trigger.

Ran a position sizing loop that made 47 API calls in four seconds. Binance returned a 418 IP ban. CCXT has built-in rate limiting via enableRateLimit: True but it defaults to off. This is the kind of default-off setting that looks benign until you are banned mid-session.

Pushed a critical fix and tested immediately. The old bug was still there. Waited 10 minutes — fix was live. The deployment timestamp in the dashboard does not guarantee the CDN is serving the new build. Wait before declaring a deploy successful, or add a cache-busting strategy.

Spent two hours debugging why a Supabase insert returned success but wrote nothing. Row Level Security was enabled and the service role key wasn't matching the policy. RLS failures don't throw errors — the operation succeeds with zero affected rows. Always check policies before debugging application logic.

Had a CLAUDE.md rule saying never delete files, but a task prompt saying "clean up the directory." The model cleaned up the directory. System prompt rules are strong suggestions, not hard constraints. If you need a true hard rail, enforce it at the hook layer. The model respects explicit prohibition far better than implicit expectation.

Running two agents on the same repo meant constant branch conflicts and manual stash management. Git worktrees give each agent its own working directory on its own branch with zero conflict surface. Setup takes 10 minutes. The time saved compounds across every session thereafter.

Three hours into a design workshop, the context window hit the compaction threshold. The compactor summarised 3,000 tokens of design decisions into five bullet points. Every nuance was gone. Now: at phase transitions — research to build, build to review — I manually save the creative state to a file before compaction can touch it.

The trading bot's price feed was async but the database write was synchronous. Every write blocked the event loop for 80-120ms — enough to miss candle closes on 1-minute timeframes. Converting the write to an async call with asyncio.create_task dropped blocking time to under 5ms.

Every second bash call from a Claude agent uses backslash paths on my Windows machine. The model knows the rule but reverts under autocomplete pressure. Added "use Unix shell syntax, forward slashes" to the shell environment description in every agent prompt. Still happens occasionally. Probably always will.

Registered a design-inspect skill in SKILLS-HUB.md. Three sessions later, Elon built a design feature without reading it. The output was technically correct but missed every established token and pattern. The routing rule now lives in CLAUDE.md: for any task in a registered skill domain, the skill file must be read before any build work begins.

Was given a confident infrastructure assessment that turned out to be completely fabricated — the model had no tool call to support it, but the prose was indistinguishable from a verified claim. The fix: VERIFIED / OBSERVED / INFERRED / SPECULATIVE labels are now mandatory on all claims in every agent's system prompt. The model complies when the rule is stated clearly and checked.

Spent 20 minutes writing a query to understand the shape of a table I had built two weeks prior. Then realised the MCP server could describe it in one tool call. Tooling investment pays forward — every minute spent connecting an MCP server saves five minutes per session thereafter.

Watched an agent retry the same failing build command seven times with minor variations. Same error every time. The third attempt added no new information — it just consumed tokens and time. The rule is now hard in every system prompt: two retries maximum, then stop and re-plan. The problem is almost never what the error message says it is.

The Layer B signal generator produced LONG/SHORT outputs with no confidence score. Low-confidence and high-confidence signals were treated identically. Added a 0.65 minimum confidence filter — signals below it are logged but not executed. Live win rate improved within the first week.

Found four README files describing architecture three refactors out of date. Nobody had updated them because it felt like separate work from shipping. The doc-updater agent now runs after every non-trivial Elon build. Documentation is part of the definition of done, not an optional follow-up.

The live price feed appeared healthy for six hours — connected, no errors — but was receiving no data. The WebSocket had stalled: connection open, server stopped sending. Added a 30-second heartbeat: if no message received in 30s, reconnect. Now catches stale connections that error handlers never see.

Elon reviewed a 200-line change before committing. Found zero issues. Nobody's code-reviewer found three — two of which required knowledge of the broader system that the builder's local context window didn't hold. Independent review is not bureaucracy; it is the only way to catch cross-context failures.

Holly was calling TaskList every 30 seconds to see if Elon had finished. Each poll consumed tokens and occasionally caught a partial state. The correct pattern: spawn agent, call TaskList once to confirm handoff, then wait for the teammate-message callback. Polling is a sign the handoff protocol is unclear.

Shipped three features in a row that looked correct in isolation and broke integration tests not run until the fourth feature. The cost of deferring test runs compounds with every skipped run. Rule: always run the full test suite before marking a task complete. No exceptions for "simple" changes.

Asked for a notification system. Got a full event bus with subscribers, middleware, retry queues, and dead-letter handling. I needed: send a Telegram message. Every prompt now ends with "simplest solution that satisfies requirements." The model needs explicit permission to be simple.

Lost a complex refactor halfway through when the context window hit the compaction threshold. The compactor had no intermediate state to work from — just the original brief and the current broken half-state. Now checkpoint files are written every three steps. Recovery cost drops from hours to minutes.

Ran a database migration assuming the current schema matched the last migration file. It didn't — two columns had been added manually during debugging and never codified. The migration failed with a "column already exists" error and left the database in a partial state. Read the live schema first. Always.

Three MCP servers were failing to initialise due to a Windows path issue. The session started anyway. The agents had no live Supabase access, no task list, and no decision log — but they didn't know that and neither did I. Built an entire feature against stale cached data. session-start.js now verifies all MCP connections before any work begins.

Switched from a trading bot debugging session to a website build without clearing context. The first design suggestion referenced a Binance API key discussed 40 messages earlier. Use /clear before any unrelated topic switch. The model will happily cross-contaminate domains if you let it.

Asked an agent to "clean up the old config files." It deleted eight files including one I needed. No confirmation requested. The hard rail — never perform destructive operations without explicit confirmation — is now item one in every agent's NEVER list. The model respects explicit prohibition far better than implicit expectation.

Started the first session pretending I knew more than I did about Python async patterns. The model gave me answers calibrated to an intermediate developer. When I admitted I was a finance guy who had never written production Python, the quality of explanations — and the code — improved immediately. Accurate context beats impressive framing.

Applied a "quick fix" to a failing price normalisation function. Two days later, a second fix patched around the first. By day five, three patches sat on top of logic that had been wrong from the start. No temporary fixes. Find the root cause. Incomplete work is not work — it is technical debt accruing interest daily.

Spent two weeks reading about AI trading systems before writing a single line. Every article suggested a different stack, a different approach, a different reason to wait until I knew more. The systems that work are the ones that started imperfect and iterated. Day one is always the most important day — even if day one's code gets deleted on day three.