{ "version": "https://jsonfeed.org/version/1.1", "title": "Pratik Dhanave", "home_page_url": "https://pratikdhanave.github.io/", "feed_url": "https://pratikdhanave.github.io/blog/feed.json", "items": [ { "id": "https://pratikdhanave.github.io/blog/posts/adk-to-maf-migration-why.html", "url": "https://pratikdhanave.github.io/blog/posts/adk-to-maf-migration-why.html", "title": "Why We Migrated from Google ADK to Microsoft MARA", "summary": "The philosophy, architectural clarity, and vendor lock-in concerns that drove the migration. Provider abstraction as the foundation for portable agents.", "date_published": "2026-06-01T00:00:00Z", "tags": [ "Architecture", "ADK", "MARA", "Multi-Agent AI" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/posts/adk-to-maf-executor-pattern.html", "url": "https://pratikdhanave.github.io/blog/posts/adk-to-maf-executor-pattern.html", "title": "The Executor Pattern: Agentic Control Flow", "summary": "How orchestration shifts from implicit callbacks (ADK) to explicit executor loops (MAF). Why this matters for observability, auditability, and control.", "date_published": "2026-06-02T00:00:00Z", "tags": [ "Orchestration", "Design Pattern", "Control Flow" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/posts/adk-to-maf-token-exchange.html", "url": "https://pratikdhanave.github.io/blog/posts/adk-to-maf-token-exchange.html", "title": "Token Exchange Patterns: Multi-Turn State", "summary": "Porting session state from ADK's opaque state dict to MAF's explicit AgentThread. Token budgeting, long-term memory, and conversation audit trails.", "date_published": "2026-06-03T00:00:00Z", "tags": [ "State Management", "Token Budgeting", "Memory" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/posts/adk-to-maf-tool-wrapping.html", "url": "https://pratikdhanave.github.io/blog/posts/adk-to-maf-tool-wrapping.html", "title": "Tool Wrapping: From Functions to Governed Tools", "summary": "Porting tools and adding governance layers (audit, approval, policy). DLP enforcement with OPA. Multi-step tool composition and error handling.", "date_published": "2026-06-04T00:00:00Z", "tags": [ "Tools", "Governance", "OPA", "Policy" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/posts/adk-to-maf-provider-config.html", "url": "https://pratikdhanave.github.io/blog/posts/adk-to-maf-provider-config.html", "title": "Provider Abstraction: Swappable LLMs", "summary": "Zero-config local (Ollama), cost-optimized (OpenAI), and production (Azure Foundry) provider setup. Hybrid multi-provider orchestration.", "date_published": "2026-06-05T00:00:00Z", "tags": [ "Provider Abstraction", "Config", "Ollama", "OpenAI", "Azure" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/posts/adk-to-maf-callbacks.html", "url": "https://pratikdhanave.github.io/blog/posts/adk-to-maf-callbacks.html", "title": "Callbacks and Middleware: Observability", "summary": "Porting callbacks to middleware. Composable decorators for audit logging, retry logic, token enforcement, and OpenTelemetry integration.", "date_published": "2026-06-06T00:00:00Z", "tags": [ "Middleware", "Observability", "OTel", "Error Handling" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/posts/adk-to-maf-deployment.html", "url": "https://pratikdhanave.github.io/blog/posts/adk-to-maf-deployment.html", "title": "Deployment & A2A: Production Architecture", "summary": "Cloud Run deployments, agent-to-agent communication, load balancing, graceful shutdown, and production observability integration.", "date_published": "2026-06-07T00:00:00Z", "tags": [ "Deployment", "Cloud Run", "A2A", "Production" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/posts/adk-to-maf-lessons.html", "url": "https://pratikdhanave.github.io/blog/posts/adk-to-maf-lessons.html", "title": "Lessons Learned: 18 Agents in 90 Days", "summary": "What worked, what was hard, and what we'd do differently. Real numbers: agent count, timeline, bugs found, provider swaps, governance policies built.", "date_published": "2026-06-08T00:00:00Z", "tags": [ "Case Study", "Lessons Learned", "Migration" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/05/29/otel-evaluation-multi-agent-workflows/", "url": "https://pratikdhanave.github.io/blog/2026/05/29/otel-evaluation-multi-agent-workflows/", "title": "OpenTelemetry & Evaluation on Multi-Agentic Workflows", "summary": "How distributed traces, structured metrics, and LLM-as-judge combine to make multi-agent systems observable and evaluable end-to-end \u2014 from span propagation to SLO-gated kill switches.", "date_published": "2026-05-29T00:00:00Z", "tags": [ "OpenTelemetry", "Evaluation", "Multi-Agent AI", "Observability", "Go" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2025/06/24/invariant-snyk-acquisition/", "url": "https://pratikdhanave.github.io/blog/2025/06/24/invariant-snyk-acquisition/", "title": "Snyk acquires Invariant Labs \u2014 what it means for agentic AI security infrastructure", "summary": "The security research canon for MCP and agentic systems joins Snyk's developer security platform. What the research contributed to the field and what happens to the open-source toolchain.", "date_published": "2025-06-24T00:00:00Z", "tags": [ "Agentic AI", "Security", "MCP", "Industry", "Open Source" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2025/05/26/github-mcp-private-repo-exploit/", "url": "https://pratikdhanave.github.io/blog/2025/05/26/github-mcp-private-repo-exploit/", "title": "GitHub MCP exploited \u2014 private repositories accessed via a public issue", "summary": "A crafted issue in any public GitHub repository can redirect an agent into extracting data from the user's private repos. The attack works against Claude 4 Opus. Model alignment is not the fix.", "date_published": "2025-05-26T00:00:00Z", "tags": [ "MCP", "GitHub", "Security", "Prompt Injection", "Data Exfiltration" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2025/04/29/agentdojo-wins-safebench-competition/", "url": "https://pratikdhanave.github.io/blog/2025/04/29/agentdojo-wins-safebench-competition/", "title": "AgentDojo wins the Center for AI Safety SafeBench competition", "summary": "The $50,000 first prize validates the core architectural bet: measuring agent security and utility simultaneously is the right framing for production AI deployment.", "date_published": "2025-04-29T00:00:00Z", "tags": [ "AI Safety", "Benchmarks", "AgentDojo", "Multi-Agent AI", "Competition" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2025/04/24/mcp-registry-security-scanning/", "url": "https://pratikdhanave.github.io/blog/2025/04/24/mcp-registry-security-scanning/", "title": "Registry-level MCP security \u2014 every Smithery server now scanned before it ships", "summary": "Invariant partners with Smithery to run MCP-Scan against every server in the registry. What supply-chain scanning at the registry level means for the MCP ecosystem.", "date_published": "2025-04-24T00:00:00Z", "tags": [ "MCP", "Security", "Smithery", "Supply Chain", "Open Source" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2025/04/17/contextual-guardrails-agentic-ai/", "url": "https://pratikdhanave.github.io/blog/2025/04/17/contextual-guardrails-agentic-ai/", "title": "Contextual guardrails for agentic AI \u2014 why per-message filters miss the point", "summary": "Invariant's Guardrails evaluates sequences of actions, not individual messages. Dataflow control, seven security capabilities, deterministic enforcement. The difference between 'this message looks bad' and 'this sequence of actions is a known attack.'", "date_published": "2025-04-17T00:00:00Z", "tags": [ "Guardrails", "Security", "MCP", "Dataflow", "Agentic AI" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2025/04/11/mcp-scan-security-scanner/", "url": "https://pratikdhanave.github.io/blog/2025/04/11/mcp-scan-security-scanner/", "title": "MCP-Scan \u2014 systematic security scanning for MCP configurations", "summary": "One command that inspects every tool description in your MCP configuration for poisoning, rug pulls, cross-origin escalations, and prompt injections. The static analysis layer that should run before any MCP server connects to a production agent.", "date_published": "2025-04-11T00:00:00Z", "tags": [ "MCP", "Security", "Open Source", "Static Analysis", "Tool Poisoning" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2025/04/07/whatsapp-mcp-data-exfiltration/", "url": "https://pratikdhanave.github.io/blog/2025/04/07/whatsapp-mcp-data-exfiltration/", "title": "WhatsApp MCP exploited \u2014 two attack vectors that require no special access", "summary": "How a malicious MCP server can exfiltrate your WhatsApp message history using the legitimate WhatsApp integration as the exfiltration channel \u2014 and how the second vector requires nothing but the ability to send you a message.", "date_published": "2025-04-07T00:00:00Z", "tags": [ "MCP", "Security", "WhatsApp", "Data Exfiltration", "Prompt Injection" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2025/04/01/mcp-tool-poisoning-attacks/", "url": "https://pratikdhanave.github.io/blog/2025/04/01/mcp-tool-poisoning-attacks/", "title": "MCP Tool Poisoning Attacks \u2014 the injection surface nobody was watching", "summary": "Hidden instructions in tool descriptions that are visible to the model but not to the user. Rug pulls that swap benign tools for malicious ones after approval. Why the MCP protocol's natural-language description field is a fundamental security boundary problem.", "date_published": "2025-04-01T00:00:00Z", "tags": [ "MCP", "Security", "Prompt Injection", "Tool Poisoning", "Agentic AI" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2025/03/06/invariant-gateway-agent-proxy/", "url": "https://pratikdhanave.github.io/blog/2025/03/06/invariant-gateway-agent-proxy/", "title": "Invariant Gateway \u2014 a transparent proxy for agent observability and security", "summary": "A single URL change captures every LLM call, tool invocation, and computer interaction into a navigable trace. The infrastructure piece that makes runtime security enforcement practical.", "date_published": "2025-03-06T00:00:00Z", "tags": [ "Observability", "Security", "Proxies", "Agents", "Open Source" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2025/01/24/browser-agent-safety-guardrails/", "url": "https://pratikdhanave.github.io/blog/2025/01/24/browser-agent-safety-guardrails/", "title": "Browser agents are less safe than their underlying models \u2014 the BrowserArt results", "summary": "67 out of 100 harmful behaviours completed by an undefended browser agent. Both guardrails combined: 0 out of 100. The gap between LLM safety and agent safety is real and measurable.", "date_published": "2025-01-24T00:00:00Z", "tags": [ "Security", "Browser Agents", "Guardrails", "Safety", "Benchmarks" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2024/12/23/debugging-agent-system-prompts/", "url": "https://pratikdhanave.github.io/blog/2024/12/23/debugging-agent-system-prompts/", "title": "The hardest part of agent debugging: finding the system prompt bug", "summary": "Invariant's Santa's challenge is a clean reproduction of a recurring production failure mode \u2014 an agent that has the right tools but consistently fails to complete tasks because of an ambiguity in its instructions.", "date_published": "2024-12-23T00:00:00Z", "tags": [ "Agents", "Debugging", "System Prompts", "Testing" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2024/12/17/agent-observability-trace-testing/", "url": "https://pratikdhanave.github.io/blog/2024/12/17/agent-observability-trace-testing/", "title": "Agent observability and trace-level testing \u2014 the infrastructure that makes debugging tractable", "summary": "Invariant released Explorer (trace visualisation) and a testing library (trace-level assertions). Together they enable the debugging workflow that should be standard for agent development.", "date_published": "2024-12-17T00:00:00Z", "tags": [ "Observability", "Testing", "Debugging", "Agents", "Open Source" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2024/12/11/agentdojo-measuring-agent-security/", "url": "https://pratikdhanave.github.io/blog/2024/12/11/agentdojo-measuring-agent-security/", "title": "AgentDojo \u2014 the first framework to measure agent utility and security simultaneously", "summary": "97 realistic tasks, 629 prompt-injection attacks, dynamic evaluation. Why benchmarks that test only utility miss the most important axis for production deployment.", "date_published": "2024-12-11T00:00:00Z", "tags": [ "Benchmarks", "Security", "Multi-Agent AI", "NeurIPS", "Evaluation" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2024/10/08/cracking-ai-agents-ctf-insights/", "url": "https://pratikdhanave.github.io/blog/2024/10/08/cracking-ai-agents-ctf-insights/", "title": "Cracking the code \u2014 attack patterns from 15,000 CTF submissions against an AI agent", "summary": "What 3,500 attackers found when they tried to extract a secret from an AI agent: link unfurling, serial position effects, and why cooperative framing beats override.", "date_published": "2024-10-08T00:00:00Z", "tags": [ "Security", "CTF", "Prompt Injection", "Adversarial AI", "Data Exfiltration" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2024/08/12/invariant-labs-eth-spinoff/", "url": "https://pratikdhanave.github.io/blog/2024/08/12/invariant-labs-eth-spinoff/", "title": "Invariant Labs \u2014 research-grounded agentic security from ETH Zurich", "summary": "Why the ETH spin-off designation matters for the field, and what it means when a security company's work originates in years of academic publication rather than in a product pitch.", "date_published": "2024-08-12T00:00:00Z", "tags": [ "AI Safety", "Research", "ETH Zurich", "Agentic AI" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2024/08/05/fooling-ai-agents-ctf/", "url": "https://pratikdhanave.github.io/blog/2024/08/05/fooling-ai-agents-ctf/", "title": "What I learned from Invariant's summer CTF \u2014 fooling an agent to extract a secret", "summary": "The adversarial challenge that proves prompt injection against agents is practical, not theoretical \u2014 and the defensive architecture it points toward.", "date_published": "2024-08-05T00:00:00Z", "tags": [ "Security", "CTF", "Prompt Injection", "Adversarial AI" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2024/07/25/mcp-agent-security-guarantees/", "url": "https://pratikdhanave.github.io/blog/2024/07/25/mcp-agent-security-guarantees/", "title": "Formal security guarantees for AI agents \u2014 why probabilistic isn't enough", "summary": "The link-preview exfiltration attack that works against two widely-deployed agentic systems, and the policy-language architecture that provides deterministic guarantees instead.", "date_published": "2024-07-25T00:00:00Z", "tags": [ "Security", "MCP", "Agents", "Policy" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2024/07/10/why-web-agents-fail/", "url": "https://pratikdhanave.github.io/blog/2024/07/10/why-web-agents-fail/", "title": "Why web agents fail \u2014 and what a trace reveals", "summary": "Five recurring failure modes found in hundreds of agent execution traces, and the targeted fixes that produced a 16-point benchmark gain without changing the underlying model.", "date_published": "2024-07-10T00:00:00Z", "tags": [ "Agents", "Debugging", "Benchmarks", "Go" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/01/24/twelve-months-of-genie-what-survived/", "url": "https://pratikdhanave.github.io/blog/2026/01/24/twelve-months-of-genie-what-survived/", "title": "Twelve months of Genie in production \u2014 what survived, what we rewrote, what we deleted", "summary": "An honest retrospective on the open-source Genie project after a year. The patterns that held up; the ones we rebuilt; the code we deleted because it solved problems we didn't actually have.", "date_published": "2026-01-24T00:00:00Z", "tags": [ "Genie", "Multi-Agent AI", "Retrospective", "Go" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/01/25/recruiter-test-what-your-repo-says/", "url": "https://pratikdhanave.github.io/blog/2026/01/25/recruiter-test-what-your-repo-says/", "title": "The recruiter test \u2014 what your repo says before the interview", "summary": "A recruiter spends 90 seconds on your GitHub before deciding to talk to you. What they're looking for; what makes them skip; what signals matter more than the README.", "date_published": "2026-01-25T00:00:00Z", "tags": [ "Career", "GitHub", "Open Source", "Opinion" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/01/26/twelve-months-of-writing-what-worked/", "url": "https://pratikdhanave.github.io/blog/2026/01/26/twelve-months-of-writing-what-worked/", "title": "Twelve months of writing in public \u2014 what worked, what didn't, what I'd cut", "summary": "Reflections on a year of consistent technical writing. The post categories that compounded; the ones that didn't; what I'd tell someone starting out.", "date_published": "2026-01-26T00:00:00Z", "tags": [ "Writing", "Career", "Opinion" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/01/27/errgroup-parallel-agent-dispatch/", "url": "https://pratikdhanave.github.io/blog/2026/01/27/errgroup-parallel-agent-dispatch/", "title": "errgroup patterns for parallel agent dispatch", "summary": "Fan out to N agents; first error cancels the rest; collect successful results. errgroup is the right tool for this; the patterns are concise but worth getting exactly right.", "date_published": "2026-01-27T00:00:00Z", "tags": [ "Go", "errgroup", "Concurrency" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/01/28/iter-seq-pull-iterator-go-123/", "url": "https://pratikdhanave.github.io/blog/2026/01/28/iter-seq-pull-iterator-go-123/", "title": "iter.Seq \u2014 the pull iterator pattern in Go 1.23+", "summary": "Range-over-function landed in Go 1.23. `iter.Seq` lets you write iterators that compose. The patterns that pay back; the ones that don't.", "date_published": "2026-01-28T00:00:00Z", "tags": [ "Go", "iter.Seq", "Go 1.23" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/01/29/twelve-go-idioms-i-changed-my-mind-about/", "url": "https://pratikdhanave.github.io/blog/2026/01/29/twelve-go-idioms-i-changed-my-mind-about/", "title": "Twelve Go idioms I changed my mind about", "summary": "Patterns I confidently recommended five years ago that I'd argue against today. The list of \"things you used to do in Go that don't pay back anymore.\"", "date_published": "2026-01-29T00:00:00Z", "tags": [ "Go", "Opinion", "Patterns" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/01/30/audit-logs-are-the-api-of-record/", "url": "https://pratikdhanave.github.io/blog/2026/01/30/audit-logs-are-the-api-of-record/", "title": "Audit logs are the API of record", "summary": "The audit log isn't a side effect of the system. It's the contract you owe to regulators, customers, and your future self. Treat it as a first-class API \u2014 schema, versioning, and SLOs included.", "date_published": "2026-01-30T00:00:00Z", "tags": [ "Audit", "Architecture", "Opinion" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/01/31/the-board-policy-is-a-yaml-file/", "url": "https://pratikdhanave.github.io/blog/2026/01/31/the-board-policy-is-a-yaml-file/", "title": "The board policy is not a slide \u2014 it's a YAML file", "summary": "The bank's board approves an AI policy. The policy exists as a slide deck nobody reads. The risk team's actual operational policy is what's in the code. Closing that gap is the FREE-AI Rec 14 win.", "date_published": "2026-01-31T00:00:00Z", "tags": [ "AI Governance", "Policy as Code", "FREE-AI", "Opinion" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/02/01/aigp-iapp-body-of-knowledge-reading-map/", "url": "https://pratikdhanave.github.io/blog/2026/02/01/aigp-iapp-body-of-knowledge-reading-map/", "title": "AIGP body of knowledge \u2014 a Go engineer's reading map", "summary": "IAPP's AI Governance Professional certification covers a body of knowledge worth knowing whether you certify or not. The mapping from BOK to working Go code for the engineer who wants to understand AI governance practically.", "date_published": "2026-02-01T00:00:00Z", "tags": [ "AIGP", "AI Governance", "IAPP", "Compliance" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/02/02/brownlow-cloud-kms-security-command-center/", "url": "https://pratikdhanave.github.io/blog/2026/02/02/brownlow-cloud-kms-security-command-center/", "title": "Brownlow \u2014 Cloud KMS + Security Command Center for vote integrity", "summary": "Vote integrity needed two things the platform team couldn't fake even by accident: signing keys we couldn't access, and continuous security monitoring we couldn't silence. KMS + SCC delivered both.", "date_published": "2026-02-02T00:00:00Z", "tags": [ "Cloud KMS", "Security Command Center", "GCP", "Voting" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/02/03/voice-ai-kinetic-multi-language-patterns/", "url": "https://pratikdhanave.github.io/blog/2026/02/03/voice-ai-kinetic-multi-language-patterns/", "title": "Voice AI for two-wheelers \u2014 multi-language patterns from the Kinetic India work", "summary": "A rider asks the bike a question in Marathi, Hindi, or English. The voice stack has to do ASR, intent classification, dispatch to a service tool, generate a response, TTS \u2014 all under 3 seconds. Notes from the proof-of-concept.", "date_published": "2026-02-03T00:00:00Z", "tags": [ "Voice AI", "ElevenLabs", "Multi-Language", "Bhashini" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/02/04/kyc-master-direction-vs-aadhaar-offline/", "url": "https://pratikdhanave.github.io/blog/2026/02/04/kyc-master-direction-vs-aadhaar-offline/", "title": "KYC under the RBI Master Direction vs Aadhaar offline KYC \u2014 the practical differences", "summary": "Two KYC pathways an Indian fintech has to support. The Master Direction (Video KYC, etc.) and Aadhaar Offline KYC. Different speeds, different evidence requirements, different audit shapes.", "date_published": "2026-02-04T00:00:00Z", "tags": [ "KYC", "RBI", "Aadhaar", "FinTech" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/02/05/upi-integration-spec-quirks/", "url": "https://pratikdhanave.github.io/blog/2026/02/05/upi-integration-spec-quirks/", "title": "UPI integration \u2014 the spec quirks no one mentions", "summary": "UPI is the most popular payment rail in India. The spec is precise. The implementation guides are not. Notes on the integration details that ate weeks the first time.", "date_published": "2026-02-05T00:00:00Z", "tags": [ "UPI", "NPCI", "Payments", "FinTech" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/02/06/workload-identity-federation-azure-gcp-migration/", "url": "https://pratikdhanave.github.io/blog/2026/02/06/workload-identity-federation-azure-gcp-migration/", "title": "Workload Identity Federation Azure \u2192 GCP for a real migration", "summary": "Moving a workload from Azure to GCP while it continues to authenticate against on-prem Azure AD (Entra ID). Federation lets the GCP workload assume a GCP service account based on its Azure identity.", "date_published": "2026-02-06T00:00:00Z", "tags": [ "Azure", "GCP", "Workload Identity Federation", "Migration" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/02/07/gke-for-stateful-ai-workloads/", "url": "https://pratikdhanave.github.io/blog/2026/02/07/gke-for-stateful-ai-workloads/", "title": "GKE for stateful AI workloads \u2014 the patterns that survived production", "summary": "Multi-agent stacks have state: vector indexes, chat histories, agent memory. GKE for AI workloads needs StatefulSets, PVCs, gateway controllers, and the patterns that work in 2026.", "date_published": "2026-02-07T00:00:00Z", "tags": [ "GKE", "Kubernetes", "Multi-Agent AI", "Production" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/02/08/data-residency-uae-saudi-bancnet/", "url": "https://pratikdhanave.github.io/blog/2026/02/08/data-residency-uae-saudi-bancnet/", "title": "Data residency in the Gulf \u2014 UAE ADGM/DIFC + Saudi SAMA at Bancnet", "summary": "An open-banking platform serving UAE and Saudi customers had to honour three overlapping regulators: ADGM (Abu Dhabi), DIFC (Dubai), and SAMA (Saudi central bank). Notes on the architecture that satisfied all three.", "date_published": "2026-02-08T00:00:00Z", "tags": [ "Data Residency", "UAE", "Saudi Arabia", "Open Banking" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/02/09/egress-costs-cloud-arbitrage/", "url": "https://pratikdhanave.github.io/blog/2026/02/09/egress-costs-cloud-arbitrage/", "title": "Egress costs \u2014 the gotcha that kills cloud-arbitrage plans", "summary": "Cross-cloud data movement is billed by the GB. The bill is invisible until it isn't. A multi-region or multi-cloud architecture that doesn't model egress costs in design will discover them in production.", "date_published": "2026-02-09T00:00:00Z", "tags": [ "Multi-Cloud", "Cost Optimisation", "Networking" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/02/10/aws-bedrock-vertex-ai-same-agent-stack/", "url": "https://pratikdhanave.github.io/blog/2026/02/10/aws-bedrock-vertex-ai-same-agent-stack/", "title": "Running AWS Bedrock and Vertex AI in the same agent stack", "summary": "An enterprise customer wants you on AWS; the next one wants you on GCP. The provider router pattern that keeps the agent code identical and swaps only the LLM endpoint.", "date_published": "2026-02-10T00:00:00Z", "tags": [ "AWS", "Bedrock", "Vertex AI", "Multi-Cloud", "Go" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/02/11/slog-migration-replace-five-libraries/", "url": "https://pratikdhanave.github.io/blog/2026/02/11/slog-migration-replace-five-libraries/", "title": "slog migration \u2014 replacing five logging libraries with stdlib", "summary": "Go 1.21 added structured logging to the stdlib (slog). For a codebase with three or four logging-library generations layered on top of each other, the migration is a productive afternoon.", "date_published": "2026-02-11T00:00:00Z", "tags": [ "Go", "slog", "Logging", "Stdlib" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/02/12/gomemlimit-soft-gc-pacing/", "url": "https://pratikdhanave.github.io/blog/2026/02/12/gomemlimit-soft-gc-pacing/", "title": "GOMEMLIMIT and the soft GC pacing change every Go service should set", "summary": "GOMEMLIMIT tells the Go runtime to keep memory below a soft cap by running GC harder when it's close. For containers with hard memory limits, this prevents OOM kills. The setting every Go service in K8s should have.", "date_published": "2026-02-12T00:00:00Z", "tags": [ "Go", "GOMEMLIMIT", "Memory", "Kubernetes" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/02/13/embed-fs-as-deployment-unit/", "url": "https://pratikdhanave.github.io/blog/2026/02/13/embed-fs-as-deployment-unit/", "title": "embed.FS as a deployment unit \u2014 config, prompts, UI assets", "summary": "Go's embed.FS bundles files into the binary at compile time. The pattern collapses what would be a multi-artefact deploy into one binary. Three places it pays back daily.", "date_published": "2026-02-13T00:00:00Z", "tags": [ "Go", "embed.FS", "Deployment" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/02/14/default-to-prototype-as-culture/", "url": "https://pratikdhanave.github.io/blog/2026/02/14/default-to-prototype-as-culture/", "title": "Default-to-Prototype as a culture, not just a flag", "summary": "An agent that doesn't declare a tier defaults to Prototype, not Production. The flag is the code; the culture is what enforces \"new code is not production until someone says so.\"", "date_published": "2026-02-14T00:00:00Z", "tags": [ "Culture", "Engineering", "Tier Promotion" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/02/15/boring-stack-choices-regulated-ai/", "url": "https://pratikdhanave.github.io/blog/2026/02/15/boring-stack-choices-regulated-ai/", "title": "The case for boring stack choices in regulated AI", "summary": "Postgres over the latest vector DB. Go stdlib over the framework du jour. Single binary over Kubernetes operator. The choices that bore reviewers and delight on-call engineers.", "date_published": "2026-02-15T00:00:00Z", "tags": [ "Architecture", "Opinion", "Go" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/02/16/latency-aware-agent-dispatch-slo/", "url": "https://pratikdhanave.github.io/blog/2026/02/16/latency-aware-agent-dispatch-slo/", "title": "Latency-aware agent dispatch \u2014 picking by SLO, not by capability", "summary": "Two agents can do the same job. One takes 200ms; the other takes 5 seconds. Pick by user-facing SLO, not by which agent is \"better.\" The dispatcher pattern.", "date_published": "2026-02-16T00:00:00Z", "tags": [ "Agents", "SLO", "Latency" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/02/17/cost-aware-agent-dispatch/", "url": "https://pratikdhanave.github.io/blog/2026/02/17/cost-aware-agent-dispatch/", "title": "Cost-aware agent dispatch \u2014 when the cheap agent is enough", "summary": "Not every query needs the production agent. A cost-aware dispatcher decides whether to route to the cheap-and-fast agent or the expensive-and-thorough one. Same UX, dramatically lower bill.", "date_published": "2026-02-17T00:00:00Z", "tags": [ "Agents", "Cost Optimisation", "LLM Ops" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/02/18/saga-rollback-half-succeeded/", "url": "https://pratikdhanave.github.io/blog/2026/02/18/saga-rollback-half-succeeded/", "title": "Saga rollback when half the steps succeeded \u2014 the unhappy path that matters most", "summary": "A saga is fine when every step succeeds. The interesting code is what runs when step 3 of 5 fails and you have to undo 1 and 2 in the right order. The patterns I use.", "date_published": "2026-02-18T00:00:00Z", "tags": [ "Saga", "Distributed Systems", "Workflow", "Go" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/02/19/12-google-cloud-agent-patterns-mapped/", "url": "https://pratikdhanave.github.io/blog/2026/02/19/12-google-cloud-agent-patterns-mapped/", "title": "Google Cloud's 12 agent design patterns \u2014 mapped to real agent implementations", "summary": "Google publishes a 12-pattern taxonomy for agent design. Most of them have direct corollaries in production code; one or two are best ignored. The mapping I've used.", "date_published": "2026-02-19T00:00:00Z", "tags": [ "Agents", "Architecture", "Google Cloud" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/02/20/a2a-protocol-go-client/", "url": "https://pratikdhanave.github.io/blog/2026/02/20/a2a-protocol-go-client/", "title": "Agent-to-Agent (A2A) protocol \u2014 the spec and the Go client", "summary": "Anthropic's A2A spec standardises how agents talk to other agents (not just tools). The Go client is small; the conceptual shift is what matters.", "date_published": "2026-02-20T00:00:00Z", "tags": [ "A2A", "Agents", "Go", "Protocols" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/02/21/multilingual-rag-bhashini-cross-lingual/", "url": "https://pratikdhanave.github.io/blog/2026/02/21/multilingual-rag-bhashini-cross-lingual/", "title": "Multilingual RAG for India \u2014 Bhashini hooks and cross-lingual retrieval", "summary": "An Indian banking deployment needs to handle Hindi, Marathi, Tamil, Bengali, and English in the same retrieval pipeline. Bhashini (the government's language stack) plus cross-lingual embeddings make it tractable.", "date_published": "2026-02-21T00:00:00Z", "tags": [ "RAG", "Multilingual", "Bhashini", "Indic Languages" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/02/22/self-rag-crag-when-to-retrieve/", "url": "https://pratikdhanave.github.io/blog/2026/02/22/self-rag-crag-when-to-retrieve/", "title": "Self-RAG and CRAG \u2014 when to retrieve, when to skip, when to correct", "summary": "Naive RAG retrieves on every query. Self-RAG decides whether to retrieve. CRAG decides whether the retrieved content is good enough or needs corrective retrieval. Two papers; both worth implementing.", "date_published": "2026-02-22T00:00:00Z", "tags": [ "RAG", "Self-RAG", "CRAG", "Retrieval" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/02/23/hyde-hypothetical-document-embeddings/", "url": "https://pratikdhanave.github.io/blog/2026/02/23/hyde-hypothetical-document-embeddings/", "title": "HyDE \u2014 generate a hypothetical answer to improve retrieval", "summary": "Embedding a question and embedding an answer often produce different vectors. HyDE generates a hypothetical answer to the question, embeds *that*, and retrieves on it. Retrieval quality goes up disproportionately.", "date_published": "2026-02-23T00:00:00Z", "tags": [ "RAG", "HyDE", "Retrieval" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/02/24/bigquery-knowledge-graph-entity-resolution/", "url": "https://pratikdhanave.github.io/blog/2026/02/24/bigquery-knowledge-graph-entity-resolution/", "title": "BigQuery Knowledge Graph for entity resolution at scale", "summary": "BigQuery has had a built-in knowledge graph since 2024. For entity resolution across millions of rows \u2014 the \"is this John Smith the same as that John Smith\" problem \u2014 it's the cheapest tool I've found.", "date_published": "2026-02-24T00:00:00Z", "tags": [ "BigQuery", "Knowledge Graph", "Entity Resolution" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/02/25/graphrag-when-graph-beats-vector/", "url": "https://pratikdhanave.github.io/blog/2026/02/25/graphrag-when-graph-beats-vector/", "title": "GraphRAG \u2014 when a knowledge graph beats vector search", "summary": "Vector search treats every chunk as independent. GraphRAG models the relationships between entities, communities, and concepts. For corpus-spanning questions (\"what's the relationship between X and Y\"), graph wins.", "date_published": "2026-02-25T00:00:00Z", "tags": [ "GraphRAG", "RAG", "Knowledge Graph" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/02/26/session-anomaly-detection-haversine/", "url": "https://pratikdhanave.github.io/blog/2026/02/26/session-anomaly-detection-haversine/", "title": "Session anomaly detection \u2014 Haversine distance + credential-stuffing density", "summary": "Two signals do most of the work for detecting compromised sessions: impossible travel between consecutive logins, and credential-stuffing density across an IP range. The Go implementation.", "date_published": "2026-02-26T00:00:00Z", "tags": [ "Go", "Security", "Anomaly Detection", "Fraud" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/02/27/mtls-envoy-spire-svid/", "url": "https://pratikdhanave.github.io/blog/2026/02/27/mtls-envoy-spire-svid/", "title": "mTLS at the proxy \u2014 Envoy + SPIRE-issued SVIDs", "summary": "Pushing mTLS into a service mesh removes it from every individual service. Envoy + SPIRE is the canonical pattern; the implementation has fewer moving parts than the architecture diagrams suggest.", "date_published": "2026-02-27T00:00:00Z", "tags": [ "mTLS", "Envoy", "SPIRE", "Service Mesh" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/02/28/spiffe-spire-workload-identity-basics/", "url": "https://pratikdhanave.github.io/blog/2026/02/28/spiffe-spire-workload-identity-basics/", "title": "SPIFFE/SPIRE basics \u2014 workload identity at deploy time", "summary": "Services need identity too, not just users. SPIFFE issues SVIDs (verifiable identity documents) to workloads; SPIRE is the reference issuer. The shape and the first deploy.", "date_published": "2026-02-28T00:00:00Z", "tags": [ "SPIFFE", "SPIRE", "Workload Identity", "Zero-Trust" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/03/01/saml-verifier-go-xml-signing/", "url": "https://pratikdhanave.github.io/blog/2026/03/01/saml-verifier-go-xml-signing/", "title": "SAML 2.0 verifier in Go \u2014 XML signing without losing your mind", "summary": "Many banks have a SAML IdP they want you to federate against. The verify path is the boring-but-load-bearing piece. Notes on the stdlib-mostly Go implementation.", "date_published": "2026-03-01T00:00:00Z", "tags": [ "Go", "SAML", "Identity Federation", "Banking" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/03/02/rfc-8693-token-exchange-nurse-alice/", "url": "https://pratikdhanave.github.io/blog/2026/03/02/rfc-8693-token-exchange-nurse-alice/", "title": "RFC 8693 token exchange \u2014 the nurse Alice scenario", "summary": "Dual-identity tokens for the agent \u2192 MCP server \u2192 upstream API chain. Subject stays the user; Actor identifies the agent acting on the user's behalf. Walked through with a worked clinical example.", "date_published": "2026-03-02T00:00:00Z", "tags": [ "Go", "OAuth", "RFC 8693", "Agents", "Security" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/03/03/webauthn-passkeys-ed25519-go/", "url": "https://pratikdhanave.github.io/blog/2026/03/03/webauthn-passkeys-ed25519-go/", "title": "WebAuthn passkeys in Go with crypto/ed25519", "summary": "Passkeys are FIDO2; FIDO2 is the spec; Ed25519 is the signature algorithm. The full registration + assertion flow in 200 lines of stdlib Go.", "date_published": "2026-03-03T00:00:00Z", "tags": [ "Go", "WebAuthn", "Passkeys", "Security", "Stdlib" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/03/04/oauth-device-flow-voice-kiosks/", "url": "https://pratikdhanave.github.io/blog/2026/03/04/oauth-device-flow-voice-kiosks/", "title": "OAuth Device Flow (RFC 8628) \u2014 for voice assistants, kiosks, smart TVs", "summary": "The flow where the device has no browser. User authenticates on their phone; the device polls until they're done. Implementation patterns in Go from the Genie reference.", "date_published": "2026-03-04T00:00:00Z", "tags": [ "Go", "OAuth", "Device Flow", "Voice AI" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/03/05/oauth-21-pkce-for-spa/", "url": "https://pratikdhanave.github.io/blog/2026/03/05/oauth-21-pkce-for-spa/", "title": "OAuth 2.1 + PKCE for a single-page app", "summary": "PKCE is the load-bearing mitigation against authorization-code interception. The Go implementation is short; the parts every SPA gets wrong are documented here.", "date_published": "2026-03-05T00:00:00Z", "tags": [ "Go", "OAuth", "PKCE", "Security" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/03/06/hs256-vs-rs256-pick-wrong-and-explain-why/", "url": "https://pratikdhanave.github.io/blog/2026/03/06/hs256-vs-rs256-pick-wrong-and-explain-why/", "title": "HS256 vs RS256 \u2014 pick the wrong one and explain why", "summary": "Symmetric vs asymmetric JWT signing. The choice changes what fails when a key leaks, who can verify, and how rotation works.", "date_published": "2026-03-06T00:00:00Z", "tags": [ "Go", "JWT", "Security", "Cryptography" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/03/07/jwt-150-lines-of-go/", "url": "https://pratikdhanave.github.io/blog/2026/03/07/jwt-150-lines-of-go/", "title": "JWT in 150 lines of Go \u2014 the case against the library", "summary": "HS256 JWT issue + verify + audience check + expiry in pure stdlib. Why pulling a third-party JWT library is the wrong call for security-critical code.", "date_published": "2026-03-07T00:00:00Z", "tags": [ "Go", "JWT", "Security", "Stdlib" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/03/08/ardan-01-vectors/", "url": "https://pratikdhanave.github.io/blog/2026/03/08/ardan-01-vectors/", "title": "Ardan Ultimate AI #01 \u2014 Hand-crafted vectors and cosine similarity", "summary": "The foundation. Build vectors by hand for a few words, compute cosine similarity, see why \"cat\" and \"dog\" come out closer than \"cat\" and \"car.\" Demystifies everything that comes after.", "date_published": "2026-03-08T00:00:00Z", "tags": [ "Ardan Labs", "Go", "Vectors", "Foundations" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/03/09/ardan-02-embeddings/", "url": "https://pratikdhanave.github.io/blog/2026/03/09/ardan-02-embeddings/", "title": "Ardan Ultimate AI #02 \u2014 LLM-generated embeddings", "summary": "Hand-crafting vectors stops scaling at about 10 dimensions. LLM-generated embeddings give you a 1024-dim vector that captures semantic meaning. The example shows how to generate them and what they're good for.", "date_published": "2026-03-09T00:00:00Z", "tags": [ "Ardan Labs", "Go", "Embeddings", "Foundations" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/03/10/ardan-03-context-injection/", "url": "https://pratikdhanave.github.io/blog/2026/03/10/ardan-03-context-injection/", "title": "Ardan Ultimate AI #03 \u2014 Context injection into a prompt", "summary": "Before RAG and tools, the original way to give an LLM extra information was to inject it into the prompt. The example shows the right way to format injected context and what the LLM does (and doesn't) pay attention to.", "date_published": "2026-03-10T00:00:00Z", "tags": [ "Ardan Labs", "Go", "Prompting", "LLM" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/03/11/ardan-04-chat-streaming/", "url": "https://pratikdhanave.github.io/blog/2026/03/11/ardan-04-chat-streaming/", "title": "Ardan Ultimate AI #04 \u2014 Streaming chat completions via SSE", "summary": "Token-by-token streaming over Server-Sent Events. The Go HTTP handler is short; the UX win is huge. The pattern every chat app needs.", "date_published": "2026-03-11T00:00:00Z", "tags": [ "Ardan Labs", "Go", "Streaming", "SSE", "LLM" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/03/12/ardan-05-rag-motivation/", "url": "https://pratikdhanave.github.io/blog/2026/03/12/ardan-05-rag-motivation/", "title": "Ardan Ultimate AI #05 \u2014 The same question with and without RAG", "summary": "Side-by-side comparison: ask the LLM a domain question with no context, then ask with retrieved context. The without-RAG answer is plausible nonsense. The with-RAG answer is correct. The example that motivates everything else in the course.", "date_published": "2026-03-12T00:00:00Z", "tags": [ "Ardan Labs", "Go", "RAG", "Foundations" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/03/13/ardan-06-vector-db/", "url": "https://pratikdhanave.github.io/blog/2026/03/13/ardan-06-vector-db/", "title": "Ardan Ultimate AI #06 \u2014 pgvector nearest-neighbour search", "summary": "pgvector adds vector similarity to Postgres. The example shows the schema, the indexes, the query, and what an ANN index buys you over a brute-force scan.", "date_published": "2026-03-13T00:00:00Z", "tags": [ "Ardan Labs", "Go", "pgvector", "PostgreSQL", "RAG" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/03/14/ardan-07-ingestion/", "url": "https://pratikdhanave.github.io/blog/2026/03/14/ardan-07-ingestion/", "title": "Ardan Ultimate AI #07 \u2014 Ingesting a Go notebook into pgvector", "summary": "The ingestion step that turns a corpus into a vector database. Chunk the source, embed each chunk, store with metadata. The pre-work without which RAG is impossible.", "date_published": "2026-03-14T00:00:00Z", "tags": [ "Ardan Labs", "Go", "RAG", "Ingestion", "pgvector" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/03/15/ardan-08-rag-pipeline/", "url": "https://pratikdhanave.github.io/blog/2026/03/15/ardan-08-rag-pipeline/", "title": "Ardan Ultimate AI #08 \u2014 End-to-end RAG pipeline over a Go notebook", "summary": "Ingest \u2192 embed \u2192 store \u2192 retrieve \u2192 answer. The full pipeline applied to Bill Kennedy's Go notebook. The result: a system that answers \"how do channels work?\" with quotes from the source material.", "date_published": "2026-03-15T00:00:00Z", "tags": [ "Ardan Labs", "Go", "RAG", "Pipeline" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/03/16/ardan-09-retrieval-debug/", "url": "https://pratikdhanave.github.io/blog/2026/03/16/ardan-09-retrieval-debug/", "title": "Ardan Ultimate AI #09 \u2014 Debugging retrieval in isolation (K and threshold)", "summary": "When RAG gives wrong answers, the problem is usually retrieval, not the LLM. The example isolates the retrieval step so you can see exactly what chunks come back for a given query, with what scores, and tune K and the similarity threshold accordingly.", "date_published": "2026-03-16T00:00:00Z", "tags": [ "Ardan Labs", "Go", "RAG", "Debugging" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/03/17/ardan-10-rag-end-to-end/", "url": "https://pratikdhanave.github.io/blog/2026/03/17/ardan-10-rag-end-to-end/", "title": "Ardan Ultimate AI #10 \u2014 Interactive RAG REPL end-to-end", "summary": "Tie all the RAG pieces together into one interactive REPL. Type a question, see the retrieval, see the answer, ask follow-ups. The shape of every \"chat with your docs\" demo.", "date_published": "2026-03-17T00:00:00Z", "tags": [ "Ardan Labs", "Go", "RAG", "REPL" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/03/18/ardan-11-rag-perf/", "url": "https://pratikdhanave.github.io/blog/2026/03/18/ardan-11-rag-perf/", "title": "Ardan Ultimate AI #11 \u2014 RAG performance: parallel and batched embeddings, response cache", "summary": "A simple RAG pipeline embeds documents one at a time. The performant version batches the embeddings, parallelises the chunks, and caches the responses. Throughput goes up 5-10\u00d7.", "date_published": "2026-03-18T00:00:00Z", "tags": [ "Ardan Labs", "Go", "RAG", "Performance" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/03/19/ardan-12-tool-calling/", "url": "https://pratikdhanave.github.io/blog/2026/03/19/ardan-12-tool-calling/", "title": "Ardan Ultimate AI #12 \u2014 Two-phase tool calling explained", "summary": "The tool-calling dance: the LLM emits a structured tool call \u2192 application runs the tool \u2192 application appends the result \u2192 the LLM uses it in the next turn. Two phases. Everything else is detail.", "date_published": "2026-03-19T00:00:00Z", "tags": [ "Ardan Labs", "Go", "Tool Calling", "LLM" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/03/20/ardan-13-agent-loop/", "url": "https://pratikdhanave.github.io/blog/2026/03/20/ardan-13-agent-loop/", "title": "Ardan Ultimate AI #13 \u2014 A minimal multi-tool agent loop", "summary": "The smallest possible multi-tool agent. The loop is 30 lines of Go and shows exactly what an \"agent\" is \u2014 there's no magic, just a structured back-and-forth between the LLM and a set of tools until the model says stop.", "date_published": "2026-03-20T00:00:00Z", "tags": [ "Ardan Labs", "Go", "Agents" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/03/21/ardan-14-streaming-agent/", "url": "https://pratikdhanave.github.io/blog/2026/03/21/ardan-14-streaming-agent/", "title": "Ardan Ultimate AI #14 \u2014 A streaming agent with a reasoning panel", "summary": "Stream the agent's reasoning and tool calls to the UI as they happen. The user sees \"thinking about X, calling tool Y, got result Z, now answering...\" \u2014 dramatically better UX than waiting for the final answer.", "date_published": "2026-03-21T00:00:00Z", "tags": [ "Ardan Labs", "Go", "Agents", "Streaming", "UX" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/03/22/ardan-15-sql-tool/", "url": "https://pratikdhanave.github.io/blog/2026/03/22/ardan-15-sql-tool/", "title": "Ardan Ultimate AI #15 \u2014 A read-only NL\u2192SQL tool", "summary": "Give an LLM a SQL tool, watch it write delete statements. The read-only version: parse the generated SQL, refuse anything that isn't SELECT, validate against an allow-listed schema, run with a strict timeout.", "date_published": "2026-03-22T00:00:00Z", "tags": [ "Ardan Labs", "Go", "SQL", "Agents", "Security" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/03/23/ardan-16-tool-hardening/", "url": "https://pratikdhanave.github.io/blog/2026/03/23/ardan-16-tool-hardening/", "title": "Ardan Ultimate AI #16 \u2014 Tool hardening: panic recovery and per-tool timeouts", "summary": "A panicking tool kills the agent loop. A slow tool blocks the loop forever. The example shows the boring-but-essential wrappers: recover, deadlines, structured errors.", "date_published": "2026-03-23T00:00:00Z", "tags": [ "Ardan Labs", "Go", "Agents", "Reliability" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/03/24/ardan-17-mcp/", "url": "https://pratikdhanave.github.io/blog/2026/03/24/ardan-17-mcp/", "title": "Ardan Ultimate AI #17 \u2014 Building an agent over an MCP server", "summary": "Model Context Protocol standardises tool calling across LLMs. The example builds both sides: an MCP server exposing tools, and an agent that calls them. Works the same against any MCP-compatible LLM.", "date_published": "2026-03-24T00:00:00Z", "tags": [ "Ardan Labs", "Go", "MCP", "Agents" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/03/25/ardan-18-prefix-cache/", "url": "https://pratikdhanave.github.io/blog/2026/03/25/ardan-18-prefix-cache/", "title": "Ardan Ultimate AI #18 \u2014 Incremental message caching (IMC) for chat", "summary": "A long chat reprocesses the entire history on every turn. Prefix caching lets the LLM serve the cached KV-cache prefix from the previous turn and only compute the new suffix. Massive latency win on long conversations.", "date_published": "2026-03-25T00:00:00Z", "tags": [ "Ardan Labs", "Go", "LLM Ops", "Performance" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/03/26/ardan-19-speculative-decoding/", "url": "https://pratikdhanave.github.io/blog/2026/03/26/ardan-19-speculative-decoding/", "title": "Ardan Ultimate AI #19 \u2014 Speculative decoding with a draft model", "summary": "Run a small draft model to predict several tokens at once; verify them in a single pass with the large model. Latency drops without quality dropping. The technique production LLM serving uses but most application engineers don't see.", "date_published": "2026-03-26T00:00:00Z", "tags": [ "Ardan Labs", "Go", "LLM Ops", "Performance" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/03/27/ardan-20-semantic-cache/", "url": "https://pratikdhanave.github.io/blog/2026/03/27/ardan-20-semantic-cache/", "title": "Ardan Ultimate AI #20 \u2014 Embedding-based semantic cache", "summary": "Exact-match caching misses paraphrases. \"What is the refund policy?\" and \"How do refunds work?\" should both hit the same cached answer. Semantic cache embeds queries and matches by similarity.", "date_published": "2026-03-27T00:00:00Z", "tags": [ "Ardan Labs", "Go", "Caching", "Cost Optimisation" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/03/28/ardan-21-adaptive-retrieval/", "url": "https://pratikdhanave.github.io/blog/2026/03/28/ardan-21-adaptive-retrieval/", "title": "Ardan Ultimate AI #21 \u2014 Adaptive retrieval (decide whether to RAG at all)", "summary": "Not every question needs retrieval. A classifier gates RAG: chat or general knowledge questions skip it; factual or document-grounded questions trigger it. Saves latency and tokens on the simple half of queries.", "date_published": "2026-03-28T00:00:00Z", "tags": [ "Ardan Labs", "Go", "RAG", "Cost Optimisation" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/03/29/ardan-22-cascade/", "url": "https://pratikdhanave.github.io/blog/2026/03/29/ardan-22-cascade/", "title": "Ardan Ultimate AI #22 \u2014 Cascading model router (cheap first, expensive on miss)", "summary": "Most queries are simple. A cascading router tries a small/fast/cheap model first; if confidence is low or the task is hard, it escalates to a larger one. Costs collapse without hurting quality.", "date_published": "2026-03-29T00:00:00Z", "tags": [ "Ardan Labs", "Go", "LLM Ops", "Cost Optimisation" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/03/30/ardan-23-prompt-injection/", "url": "https://pratikdhanave.github.io/blog/2026/03/30/ardan-23-prompt-injection/", "title": "Ardan Ultimate AI #23 \u2014 Direct and indirect prompt injection, plus defenses", "summary": "The single biggest LLM security risk. The example walks through both forms (direct from user input, indirect via retrieved content) and the layered defenses: system prompt isolation, content classification, output validation, structured tool schemas.", "date_published": "2026-03-30T00:00:00Z", "tags": [ "Ardan Labs", "Go", "Security", "Prompt Injection" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/03/31/ardan-24-tool-security/", "url": "https://pratikdhanave.github.io/blog/2026/03/31/ardan-24-tool-security/", "title": "Ardan Ultimate AI #24 \u2014 A hardened shell tool with RBAC", "summary": "Giving an LLM a `run_command` tool is convenient and terrifying. The hardened version: allow-listed binaries, argument scrubbing, RBAC per user, audit per invocation.", "date_published": "2026-03-31T00:00:00Z", "tags": [ "Ardan Labs", "Go", "Security", "Agents" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/04/01/ardan-25-rag-poisoning/", "url": "https://pratikdhanave.github.io/blog/2026/04/01/ardan-25-rag-poisoning/", "title": "Ardan Ultimate AI #25 \u2014 Poisoned-document attacks on RAG and defenses", "summary": "A RAG pipeline that ingests user-supplied documents is a prompt-injection vector. An attacker uploads a document with hidden instructions; the LLM retrieves it and follows them. Defense: input filtering, content classification, output verification.", "date_published": "2026-04-01T00:00:00Z", "tags": [ "Ardan Labs", "Go", "Security", "RAG" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/04/02/ardan-26-output-sanitization/", "url": "https://pratikdhanave.github.io/blog/2026/04/02/ardan-26-output-sanitization/", "title": "Ardan Ultimate AI #26 \u2014 HTML sanitisation and exfiltration defenses", "summary": "An LLM that controls the output can embed malicious HTML, exfiltrate data via crafted links, or inject prompt-stealing payloads. Sanitisation is the defense; the example shows what to allow and what to strip.", "date_published": "2026-04-02T00:00:00Z", "tags": [ "Ardan Labs", "Go", "Security", "AI" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/04/03/ardan-27-chain-escalation/", "url": "https://pratikdhanave.github.io/blog/2026/04/03/ardan-27-chain-escalation/", "title": "Ardan Ultimate AI #27 \u2014 Tool-chain escalation budgets and audit", "summary": "An agent that can call tools to call tools can drift indefinitely. The escalation budget caps depth and cost; the audit trail records every step so you can replay what the agent did.", "date_published": "2026-04-03T00:00:00Z", "tags": [ "Ardan Labs", "Go", "Agents", "Security", "Audit" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/04/04/ardan-28-image-vision-rag/", "url": "https://pratikdhanave.github.io/blog/2026/04/04/ardan-28-image-vision-rag/", "title": "Ardan Ultimate AI #28 \u2014 Image search via a vision model + pgvector", "summary": "Generate a text description of an image with a vision LLM, embed the description, store in pgvector. Search becomes \"find images that match this query\" \u2014 works surprisingly well.", "date_published": "2026-04-04T00:00:00Z", "tags": [ "Ardan Labs", "Go", "RAG", "Vision", "pgvector" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/04/05/ardan-29-video-transcription-rag/", "url": "https://pratikdhanave.github.io/blog/2026/04/05/ardan-29-video-transcription-rag/", "title": "Ardan Ultimate AI #29 \u2014 Chat over transcribed video chunks", "summary": "Transcribe a video, chunk by timestamp, embed each chunk, RAG-style chat over the result. The shape that powers \"ask questions about this meeting recording.\"", "date_published": "2026-04-05T00:00:00Z", "tags": [ "Ardan Labs", "Go", "RAG", "Video", "Whisper" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/04/06/ardan-30-pdf-docling/", "url": "https://pratikdhanave.github.io/blog/2026/04/06/ardan-30-pdf-docling/", "title": "Ardan Ultimate AI #30 \u2014 PDF extraction with Docling + LLM", "summary": "PDFs are the format that breaks every RAG pipeline. Docling is the IBM-research extractor that handles layout, tables, and figures. The example wires Docling + LLM to make PDFs usable.", "date_published": "2026-04-06T00:00:00Z", "tags": [ "Ardan Labs", "Go", "RAG", "PDF", "Docling" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/04/07/ardan-31-coding-agent/", "url": "https://pratikdhanave.github.io/blog/2026/04/07/ardan-31-coding-agent/", "title": "Ardan Ultimate AI #31 \u2014 A coding agent with file tools", "summary": "Cursor / Claude Code in 600 lines of Go. The agent has read/write/search tools over a project directory and a loop that lets it iterate on its own work.", "date_published": "2026-04-07T00:00:00Z", "tags": [ "Ardan Labs", "Go", "Agents", "Coding Agents" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/04/08/ardan-32-chat-web-service-react-rag/", "url": "https://pratikdhanave.github.io/blog/2026/04/08/ardan-32-chat-web-service-react-rag/", "title": "Ardan Ultimate AI #32 \u2014 Embedded React chat over RAG (Go backend + bundled UI)", "summary": "A complete chat application: Go backend with RAG, React frontend, single binary. Showed me how to ship a full-stack AI demo without a separate frontend deployment.", "date_published": "2026-04-08T00:00:00Z", "tags": [ "Ardan Labs", "Go", "React", "RAG", "AI" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/04/09/ardan-33-jupyter-go-tutorial/", "url": "https://pratikdhanave.github.io/blog/2026/04/09/ardan-33-jupyter-go-tutorial/", "title": "Ardan Ultimate AI #33 \u2014 A Go-powered Jupyter notebook tutorial (GoMLX + GoNB)", "summary": "The course wrap-up: a Jupyter notebook driven by Go, using GoMLX for tensor ops and GoNB as the kernel. Showed me how to do exploratory Go AI work in the same shape data scientists already use.", "date_published": "2026-04-09T00:00:00Z", "tags": [ "Ardan Labs", "Go", "Jupyter", "GoMLX", "AI" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/04/25/gocloud-unified-cloud-api-design/", "url": "https://pratikdhanave.github.io/blog/2026/04/25/gocloud-unified-cloud-api-design/", "title": "Gocloud \u2014 designing a unified API library for AWS, GCP, and Azure", "summary": "What it actually takes to build a unified cloud API library \u2014 and why \"write once, run anywhere\" still doesn't quite work, even for the patterns where it almost does.", "date_published": "2026-04-25T00:00:00Z", "tags": [ "Go", "Multi-Cloud", "Open Source", "API Design" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/04/26/gsoc-mentor-2019-2026-lessons/", "url": "https://pratikdhanave.github.io/blog/2026/04/26/gsoc-mentor-2019-2026-lessons/", "title": "Google Summer of Code mentor 2019-2026 \u2014 what I learned guiding 10+ students through open-source projects", "summary": "Seven cycles. Ten-plus students. Most shipped, a few didn't, all of them taught me something about engineering culture. Notes on what works for mentors and what works for students.", "date_published": "2026-04-26T00:00:00Z", "tags": [ "GSoC", "Open Source", "Mentorship" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/04/27/google-cloud-next-2022-monolith-microservices-talk/", "url": "https://pratikdhanave.github.io/blog/2026/04/27/google-cloud-next-2022-monolith-microservices-talk/", "title": "Speaking at Google Cloud Next 2022 \u2014 the monolith-to-microservices talk", "summary": "30 minutes on stage. The talk title looked tactical; the talk underneath was about why most microservices migrations fail and how to set up the one that doesn't.", "date_published": "2026-04-27T00:00:00Z", "tags": [ "Speaking", "Microservices", "Google Cloud Next", "Architecture" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/04/28/brownlow-zero-trust-voting-cloud-run/", "url": "https://pratikdhanave.github.io/blog/2026/04/28/brownlow-zero-trust-voting-cloud-run/", "title": "Brownlow \u2014 zero-trust voting on Cloud Run during live AFL broadcasts", "summary": "100K+ votes, 10K+ concurrent users during a live AFL Brownlow Medal broadcast. The architecture: Go on Cloud Run, GraphQL + gRPC behind a CDN, vote integrity through Cloud KMS + Security Command Center. Notes on what makes a live-broadcast load shape unusual.", "date_published": "2026-04-28T00:00:00Z", "tags": [ "Cloud Run", "Go", "GraphQL", "gRPC", "KMS", "Live Events" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/04/29/p2p-lender-kyc-aml-credit-bureau-maker-checker/", "url": "https://pratikdhanave.github.io/blog/2026/04/29/p2p-lender-kyc-aml-credit-bureau-maker-checker/", "title": "P2P lending \u2014 KYC/AML, three credit bureaus, and the maker-checker RBAC governance that kept fraud rates low", "summary": "Borrower onboarding is the most fraud-prone moment in a P2P platform. The shape that worked: deterministic KYC, parallel bureau pulls with fallback, real-time fraud signals, and a maker-checker approval for every disbursement.", "date_published": "2026-04-29T00:00:00Z", "tags": [ "KYC", "AML", "Lending", "Fraud", "RBAC", "FinTech" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/04/30/p2p-lender-double-entry-ledger-invariants/", "url": "https://pratikdhanave.github.io/blog/2026/04/30/p2p-lender-double-entry-ledger-invariants/", "title": "Double-entry ledger invariants \u2014 building a P2P lending platform that never loses money", "summary": "5K+ loans per month. Three credit bureaus. Multiple payment gateways. The thing that has to be right is the ledger. Notes on what invariants the database enforces vs what the application enforces.", "date_published": "2026-04-30T00:00:00Z", "tags": [ "Go", "PostgreSQL", "FinTech", "Lending", "Accounting" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/05/01/globe-error-code-orchestration/", "url": "https://pratikdhanave.github.io/blog/2026/05/01/globe-error-code-orchestration/", "title": "Error-code orchestration \u2014 replacing a giant switch statement with a typed enum across partner adapters", "summary": "Status-code-based dispatch made every worker grow a longer and longer switch. Normalising every partner-specific error into an enumerated set let the orchestration logic stop changing as new partners landed.", "date_published": "2026-05-01T00:00:00Z", "tags": [ "Go", "Distributed Systems", "Architecture" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/05/02/globe-idempotency-three-layers/", "url": "https://pratikdhanave.github.io/blog/2026/05/02/globe-idempotency-three-layers/", "title": "Idempotency at three layers \u2014 the pattern that kept the Globe transaction engine honest", "summary": "A single layer of idempotency will eventually fail. Three independent layers gives you a margin. Here is the pattern that worked across ingest, worker, and emit boundaries.", "date_published": "2026-05-02T00:00:00Z", "tags": [ "Idempotency", "Distributed Systems", "Payments", "Go" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/05/03/globe-30k-tps-kubernetes-transaction-platform/", "url": "https://pratikdhanave.github.io/blog/2026/05/03/globe-30k-tps-kubernetes-transaction-platform/", "title": "Globe \u2014 running a 30K+ TPS transaction platform on Kubernetes", "summary": "The transaction engine had to absorb 30K+ TPS across partner integrations, never lose a transaction, and survive partial failures. The architecture: Go, Kafka, Pub/Sub, Redis, K8s, with idempotency at every layer.", "date_published": "2026-05-03T00:00:00Z", "tags": [ "Kubernetes", "Kafka", "Go", "Redis", "Payments", "PCI" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/05/04/picnic-test-coverage-prometheus/", "url": "https://pratikdhanave.github.io/blog/2026/05/04/picnic-test-coverage-prometheus/", "title": "Picnic \u2014 80%+ test coverage and Prometheus observability turned days-to-detect into minutes-to-detect", "summary": "Test coverage and observability are the boring infrastructure that makes the interesting changes safe. Notes on how the Picnic team built both, and the on-call experience they enabled.", "date_published": "2026-05-04T00:00:00Z", "tags": [ "Testing", "Prometheus", "Observability", "Go", "SRE" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/05/05/picnic-protobuf-consolidation-47pct-latency/", "url": "https://pratikdhanave.github.io/blog/2026/05/05/picnic-protobuf-consolidation-47pct-latency/", "title": "Picnic \u2014 cutting API latency 47% by consolidating microservices behind protobuf contracts", "summary": "The Picnic social platform served 1M+ users across a graph of Go microservices behind a GraphQL gateway. The latency win came from a counter-intuitive move: fewer services, tighter contracts.", "date_published": "2026-05-05T00:00:00Z", "tags": [ "Go", "gRPC", "GraphQL", "Microservices", "Performance" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/05/06/azure-service-operator-multi-vendor-collaboration/", "url": "https://pratikdhanave.github.io/blog/2026/05/06/azure-service-operator-multi-vendor-collaboration/", "title": "azure-service-operator \u2014 collaborating with Ericsson, AT&T, and Microsoft on a Kubernetes-native Azure controller", "summary": "The azure-service-operator project lets you declare Azure resources as Kubernetes objects. Notes from the multi-vendor collaboration shape: how decisions got made, what slowed us down, what shipped despite it.", "date_published": "2026-05-06T00:00:00Z", "tags": [ "Azure", "Kubernetes", "Open Source", "Operators" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/05/07/airshipit-opentelemetry-30pct-ops-reduction/", "url": "https://pratikdhanave.github.io/blog/2026/05/07/airshipit-opentelemetry-30pct-ops-reduction/", "title": "airshipit + OpenTelemetry \u2014 30% reduction in manual ops in a multi-vendor OSS project", "summary": "Notes from integrating OpenTelemetry into airshipit, an open-source bare-metal Kubernetes lifecycle project with contributions from Ericsson, AT&T, Microsoft, and others. The hard part wasn't OTel; it was making distributed traces useful across foreign code.", "date_published": "2026-05-07T00:00:00Z", "tags": [ "OpenTelemetry", "Kubernetes", "Open Source", "Observability" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/05/08/soc2-controls-as-terraform-modules/", "url": "https://pratikdhanave.github.io/blog/2026/05/08/soc2-controls-as-terraform-modules/", "title": "SOC 2 controls as Terraform modules \u2014 turning the audit from a project into a daily build", "summary": "If you encode each SOC 2 control as a Terraform module, the audit becomes a check against module usage rather than a per-resource review. Notes from Bloom and adjacent projects.", "date_published": "2026-05-08T00:00:00Z", "tags": [ "SOC 2", "Terraform", "Compliance", "DevOps" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/05/09/bloom-terraform-regulated-bank-cloud/", "url": "https://pratikdhanave.github.io/blog/2026/05/09/bloom-terraform-regulated-bank-cloud/", "title": "Bloom \u2014 Terraform for regulated bank cloud provisioning, SOC 2 and ISO 27001 from day one", "summary": "Notes from contributing to Bloom \u2014 SC Ventures / Standard Chartered's policy-driven secure cloud provisioning platform. Push-to-deploy self-service for bank engineering teams, with the audit controls baked in.", "date_published": "2026-05-09T00:00:00Z", "tags": [ "Terraform", "Banking", "SOC 2", "ISO 27001", "AWS", "Azure" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/05/10/cdc-minimal-downtime-spanner-migration/", "url": "https://pratikdhanave.github.io/blog/2026/05/10/cdc-minimal-downtime-spanner-migration/", "title": "CDC for minimal-downtime Spanner migration \u2014 Datastream + Pub/Sub + Dataflow", "summary": "A bulk migration takes hours; the application can't be offline that long. CDC keeps the source and destination in sync while the bulk runs, and a quick cutover swaps traffic. The handoff between bulk and CDC is where most migrations go wrong.", "date_published": "2026-05-10T00:00:00Z", "tags": [ "Spanner", "Datastream", "Pub/Sub", "Dataflow", "Migration" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/05/11/spanner-interleaving-when-to-use/", "url": "https://pratikdhanave.github.io/blog/2026/05/11/spanner-interleaving-when-to-use/", "title": "Spanner interleaved tables \u2014 when and when not", "summary": "Interleaving a child table into its parent co-locates the rows for fast joins. It also tightens coupling in ways that bite you on the next schema migration. A practitioner's decision matrix.", "date_published": "2026-05-11T00:00:00Z", "tags": [ "Spanner", "Database Design", "Schema" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/05/12/spanner-pk-design-write-hotspots/", "url": "https://pratikdhanave.github.io/blog/2026/05/12/spanner-pk-design-write-hotspots/", "title": "Primary-key design for Cloud Spanner \u2014 preventing write hotspots, 40-60% performance gains", "summary": "Spanner partitions by primary-key range. A monotonically-increasing PK like a timestamp or UUID-v1 funnels all writes to one server. The fix changes everything from your sequence strategy to your tenant model.", "date_published": "2026-05-12T00:00:00Z", "tags": [ "Spanner", "Database Design", "Performance", "Go" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/05/13/spanner-migration-tool-contributor-reading-map/", "url": "https://pratikdhanave.github.io/blog/2026/05/13/spanner-migration-tool-contributor-reading-map/", "title": "The Spanner Migration Tool \u2014 a contributor's reading map", "summary": "Notes from contributing to Google's open-source Spanner Migration Tool (HarbourBridge). Where to start reading the codebase, where the load-bearing logic lives, and the parts that look simple but aren't.", "date_published": "2026-05-13T00:00:00Z", "tags": [ "Spanner", "Open Source", "Go", "Database Migration" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/05/14/bigquery-storage-tiering-physical-logical-bytes/", "url": "https://pratikdhanave.github.io/blog/2026/05/14/bigquery-storage-tiering-physical-logical-bytes/", "title": "BigQuery storage tiering \u2014 physical bytes, logical bytes, and the savings hiding in your old partitions", "summary": "Storage was the second-biggest line item on the Tata BigQuery bill. Long-term storage, physical-vs-logical billing, and column-level retention together took a 6-figure monthly line down to a 5-figure one.", "date_published": "2026-05-14T00:00:00Z", "tags": [ "BigQuery", "FinOps", "Storage", "GCP" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/05/15/bigquery-slot-reservation-transition/", "url": "https://pratikdhanave.github.io/blog/2026/05/15/bigquery-slot-reservation-transition/", "title": "BigQuery slot reservation transitions \u2014 when to commit, when to stay on-demand", "summary": "Capacity-based slot reservation is the biggest single FinOps lever for predictable batch workloads, but the transition is harder than the math. Notes from sizing reservations across enterprise GCP customers.", "date_published": "2026-05-15T00:00:00Z", "tags": [ "BigQuery", "FinOps", "GCP", "Reservations" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/05/16/optimus-bigquery-anti-pattern-detector/", "url": "https://pratikdhanave.github.io/blog/2026/05/16/optimus-bigquery-anti-pattern-detector/", "title": "Optimus \u2014 a Gemini-powered BigQuery anti-pattern detector that paid for itself in a week", "summary": "We built a small Go + Python service that parses a project's INFORMATION_SCHEMA, asks Gemini to classify each top-spending query against a catalog of anti-patterns, and recommends a rewrite. It is not a magic box; it is a pipeline that cuts the human review time per query from 20 minutes to 90 seconds.", "date_published": "2026-05-16T00:00:00Z", "tags": [ "BigQuery", "Gemini", "FinOps", "Go", "Python" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/05/17/57-percent-bigquery-cost-reduction-tata/", "url": "https://pratikdhanave.github.io/blog/2026/05/17/57-percent-bigquery-cost-reduction-tata/", "title": "The 57% number \u2014 how we cut the Tata Group BigQuery bill in half", "summary": "\u20b9100 Cr / ~$12M in proven savings across a year-plus engagement. The four levers that did the heavy lifting, the lever I expected to win that didn't, and the post-engagement playbook that became a Searce managed service.", "date_published": "2026-05-17T00:00:00Z", "tags": [ "BigQuery", "FinOps", "GCP", "Tata Group", "Cost Optimisation" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/05/18/merge-pattern-cost-ten-times-more/", "url": "https://pratikdhanave.github.io/blog/2026/05/18/merge-pattern-cost-ten-times-more/", "title": "The MERGE pattern that cost ten times more than INSERT-then-UPDATE \u2014 a \u20b9100 Cr lesson", "summary": "What looked like an idiomatic BigQuery MERGE was scanning the full target table on every batch. The fix was syntactic, not architectural \u2014 and it was the single biggest contributor to a 57% data-warehouse cost reduction across the Tata Group engagement.", "date_published": "2026-05-18T00:00:00Z", "tags": [ "BigQuery", "FinOps", "SQL", "Cost Optimisation" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/05/26/right-to-explanation/", "url": "https://pratikdhanave.github.io/blog/2026/05/26/right-to-explanation/", "title": "The Right-to-Explanation Handler: GDPR Article 22 as a Go HTTP Endpoint", "summary": "How a 200-line Go handler turns an audit log and an eval store into a regulator-friendly answer to \"why did the AI decide that?\" \u2014 without leaking a single byte of PHI.", "date_published": "2026-05-26T00:00:00Z", "tags": [ "GDPR", "Privacy Engineering", "AI Governance", "Go" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/04/24/mapping-genie-to-gcp-pcse-blueprint/", "url": "https://pratikdhanave.github.io/blog/2026/04/24/mapping-genie-to-gcp-pcse-blueprint/", "title": "Mapping a multi-agent platform to the GCP PCSE blueprint", "summary": "Every Professional Cloud Security Engineer exam bullet, mapped to a file path in an RBI FREE-AI aligned Go platform. Where the implementation matches, where the analog substitutes, and where the honest gaps are.", "date_published": "2026-04-24T00:00:00Z", "tags": [ "Security", "GCP", "PCSE", "Multi-Agent AI", "Go" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/05/26/time-bound-elevation-pam-analog/", "url": "https://pratikdhanave.github.io/blog/2026/05/26/time-bound-elevation-pam-analog/", "title": "Time-bound privileged access \u2014 building the PCSE \u00a71.4 PAM analog in Go", "summary": "Request \u2192 N-eyes approve \u2192 window-of-time \u2192 automatic expiry, with every transition written to a hash-chained audit log. The package that closes Gap #1 from the PCSE map.", "date_published": "2026-05-26T00:00:00Z", "tags": [ "Security", "Go", "Audit", "PAM", "RBAC" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/04/23/defence-in-depth-for-agentic-ai/", "url": "https://pratikdhanave.github.io/blog/2026/04/23/defence-in-depth-for-agentic-ai/", "title": "Defence in depth for agentic AI \u2014 the eleven-layer envelope", "summary": "The mental model that says no two adjacent layers share a single point of failure for the same class of attack. From TLS to OTel, the eleven layers a customer request crosses before an answer comes back.", "date_published": "2026-04-23T00:00:00Z", "tags": [ "Security", "Architecture", "Multi-Agent AI", "FREE-AI" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/04/20/agentic-security-in-production/", "url": "https://pratikdhanave.github.io/blog/2026/04/20/agentic-security-in-production/", "title": "Agentic security in production \u2014 the operations playbook", "summary": "Twelve months of running multi-agent AI in a regulated context. SLIs that matter, the incident runbook, drift detection, continuous adversarial testing, secret rotation, compliance posture as code.", "date_published": "2026-04-20T00:00:00Z", "tags": [ "Security", "Operations", "SRE", "Multi-Agent AI" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/04/22/consolidated-security-deep-dive/", "url": "https://pratikdhanave.github.io/blog/2026/04/22/consolidated-security-deep-dive/", "title": "Consolidated security deep-dive \u2014 RBAC, RLS, token exchange, encryption, audit", "summary": "The long-form security narrative for a multi-agent financial assistant \u2014 authentication, authorisation, tenant isolation, dual-identity audit, envelope encryption, hash-chained logs, governance, red team, BCP.", "date_published": "2026-04-22T00:00:00Z", "tags": [ "Security", "Architecture", "FREE-AI" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/04/21/ai-governance-from-credential-to-codebase/", "url": "https://pratikdhanave.github.io/blog/2026/04/21/ai-governance-from-credential-to-codebase/", "title": "AI governance \u2014 from credential to codebase", "summary": "Board policy as a YAML file the risk team owns. Annexure VI as a database query. Every governance recommendation rendered as a file path in a Go repository.", "date_published": "2026-04-21T00:00:00Z", "tags": [ "Governance", "FREE-AI", "Compliance", "Multi-Agent AI" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/04/17/why-go-for-agentic-ai/", "url": "https://pratikdhanave.github.io/blog/2026/04/17/why-go-for-agentic-ai/", "title": "Why Go for production agentic AI", "summary": "Stdlib over libraries, single binary over framework, fail-closed defaults over forgiveness. The boring-on-purpose case for choosing Go to ship a multi-agent system into a regulated environment.", "date_published": "2026-04-17T00:00:00Z", "tags": [ "Go", "Multi-Agent AI", "Architecture" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/04/12/deterministic-kyc-llm-just-talks/", "url": "https://pratikdhanave.github.io/blog/2026/04/12/deterministic-kyc-llm-just-talks/", "title": "Deterministic KYC, the LLM just talks", "summary": "PAN check-digit validation, Aadhaar offline KYC, DigiLocker, PEP/sanctions \u2014 all in Go code, not in a prompt. The LLM's job is to translate the verdict into something a human can read.", "date_published": "2026-04-12T00:00:00Z", "tags": [ "KYC", "RBI", "Multi-Agent AI", "FinTech" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/04/13/policy-as-code-without-shipping-code/", "url": "https://pratikdhanave.github.io/blog/2026/04/13/policy-as-code-without-shipping-code/", "title": "Policy as code, without the risk team having to ship code", "summary": "A tiny CEL-style DSL plus a board-approved YAML file. The risk team adds a governance rule by editing a config file; engineering ships the rule by restarting the service.", "date_published": "2026-04-13T00:00:00Z", "tags": [ "Governance", "Policy", "FREE-AI", "DSL" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/04/19/annexure-vi-as-a-query/", "url": "https://pratikdhanave.github.io/blog/2026/04/19/annexure-vi-as-a-query/", "title": "Annexure VI as a query", "summary": "The RBI FREE-AI incident reporting form, expressed as a Go struct and a Postgres table. Every entry is an auto-generated artefact from the runtime \u2014 not a form an operator fills in retrospectively.", "date_published": "2026-04-19T00:00:00Z", "tags": [ "FREE-AI", "Compliance", "Incident Response" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/04/14/npci-rail-routing-with-hitl/", "url": "https://pratikdhanave.github.io/blog/2026/04/14/npci-rail-routing-with-hitl/", "title": "NPCI rail routing with human-in-the-loop", "summary": "UPI, IMPS, NEFT, RTGS \u2014 which rail to use depends on amount, urgency, window, success-rate history. A deterministic chooser with a HITL gate above \u20b92 lakh.", "date_published": "2026-04-14T00:00:00Z", "tags": [ "Payments", "NPCI", "FinTech", "HITL" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/04/15/sovereign-ai-is-a-policy/", "url": "https://pratikdhanave.github.io/blog/2026/04/15/sovereign-ai-is-a-policy/", "title": "Sovereign AI is a policy, not a slide", "summary": "Classification \u2192 provider allowlist. A pii-classified message can only reach a provider whose region is in the allowlist for pii. Sovereignty as a runtime gate, not a checkbox.", "date_published": "2026-04-15T00:00:00Z", "tags": [ "Data Residency", "Governance", "FREE-AI" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/04/16/bcp-for-ai-forced-failure-drills/", "url": "https://pratikdhanave.github.io/blog/2026/04/16/bcp-for-ai-forced-failure-drills/", "title": "BCP for AI \u2014 forced-failure drills", "summary": "Fallback agents plus a CI step that replaces the primary agent with one that always errors. If the fallback doesn't produce a usable answer, the PR can't merge.", "date_published": "2026-04-16T00:00:00Z", "tags": [ "BCP", "Resilience", "Multi-Agent AI", "Testing" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/04/18/rbi-free-ai-implementation-notes/", "url": "https://pratikdhanave.github.io/blog/2026/04/18/rbi-free-ai-implementation-notes/", "title": "RBI FREE-AI implementation notes \u2014 26 recommendations to file paths", "summary": "Every one of the 26 RBI FREE-AI recommendations, mapped to a specific file in a working multi-agent platform. What's \u2705 done, what's \ud83d\udfe1 partial, what's \u26aa honest gap.", "date_published": "2026-04-18T00:00:00Z", "tags": [ "RBI", "FREE-AI", "Compliance", "FinTech" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/04/11/production-agentic-on-kubernetes/", "url": "https://pratikdhanave.github.io/blog/2026/04/11/production-agentic-on-kubernetes/", "title": "Production agentic AI on Kubernetes \u2014 Ch 9 patterns vs reality", "summary": "Field notes from running multi-agent AI on K8s. The patterns the book recommends, the ones that survived contact with production, and the ones that broke in interesting ways.", "date_published": "2026-04-11T00:00:00Z", "tags": [ "Kubernetes", "Multi-Agent AI", "Operations" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] }, { "id": "https://pratikdhanave.github.io/blog/2026/04/10/agentic-architecture-on-mara/", "url": "https://pratikdhanave.github.io/blog/2026/04/10/agentic-architecture-on-mara/", "title": "Agentic architecture on MARA \u2014 the seven load-bearing pieces", "summary": "Microsoft's Multi-Agent Reference Architecture in Go. Protocol, registry, bus, governance, orchestration, observability, evaluation \u2014 and how the seven hold each other up.", "date_published": "2026-04-10T00:00:00Z", "tags": [ "Architecture", "MARA", "Go", "Multi-Agent AI" ], "authors": [ { "name": "Pratik Dhanave", "url": "https://pratikdhanave.github.io/" } ] } ] }