Blog & Articles by Joy Heron

Blog Post

I sandboxed my coding agents. Now I control their network.

I want my AI coding agents to work independently, but I don’t want them to have unrestricted access to the internet. In this post, I describe how I routed all network traffic from my development sandbox through a strict proxy allowlist, allowing only a small set of explicitly approved domains. This setup finally gave me enough confidence to loosen the guardrails without constantly staying in the loop.

Blog Post

Let’s Not Normalize Insecure AI Assistants

AI assistants like OpenClaw promise convenience, autonomy, and increasingly personalized help. But beneath that promise lies an architecture that quietly combines private data, internet access, and exposure to untrusted content—the lethal trifecta of security risk. Sandboxing and physical isolation help, but they don’t address the core problem. As we add more capabilities, the potential blast radius only grows. This post is a case for slowing down, questioning defaults, and refusing to normalize insecure architectures.

Blog Post

What to Do While the AI Is Thinking

How deep work, multitasking, and code reviews change as we delegate tasks to AI

Blog Post

I sandboxed my coding agents. You should too.

LLM coding agents are extremely powerful because they can run programs on our computers using our permissions. However, this same power also makes us very vulnerable. It only takes one mistake or one prompt injection to compromise the whole system.

Blog Post

Context Engineering: Managing AI-Generated Code Complexity

AI tools make developers more productive at writing code, but can overwhelm code reviewers with massive changes. Learn practical strategies for managing context in AI-assisted development to keep your code comprehensible, your reviews manageable, and your team’s productivity genuinely improved. Small scope was always good practice—with AI, it’s essential.

Blog Post

Git Clarity: Building Meaningful Commits and Linear History

A personal workflow for intentional development and cleaner Git logs

Blog Post

AI — Behind the Buzzword Garbage

Tired of AI hype? Me too. But beneath the buzzwords lies real value for developers. Tools like Claude Code save me hours on routine tasks, freeing me to focus on what matters: understanding problems and building the right solutions. It’s not magic—it’s practical support that makes development faster without replacing our core skills.

Blog Post

Custom Elements are NOT for Templating

Custom elements are a main technology included in the Web Components Browser specification. They provide a set of APIs for adding custom behavior and interactions to an HTML element – and they do this very well. However, they often are unfairly compared with JavaScript component frameworks. Custom elements were never intended to be a drop-in replacement for a JavaScript framework. This article focuses on what custom elements are, what they do well, and, most importantly, what they do not do.

Blog Post

Innovation in the web without sacrificing accessibility
Blog Post

Don’t tell me I’m not building a web application

How do we decide what technology stack that we want to use for any given project? Is it really based on how perfectly well suited the technology is to the problem at hand or do we really just want to use the technologies that we like and are comfortable with? I’m happy in my filter bubble, rendering web applications on the server and progressively enhancing them on the client. But I also recognize my bias. Do you?

Article

JavaScript? Yes, but in moderation

The benefits of classic architecture decisions for web applications.

Blog Post

A Playground for Testing OpenID Connect

Solving problems we wish we didn’t have

Blog Post

The Power of the HTML Form

The HTML form is a powerful tool for telling a server what you want to do. But does everybody know how it works? With the multifarious JavaScript frameworks currently available today, software developers in the industry today often do not know how to create a web application without JavaScript. Is there an alternative? The web has been around for ages. What did people do before JavaScript?

Blog Post

Simplicity - Fighting Complexity At All Costs

My colleague recently wrote an excellent post discussing the functional and object-oriented paradigms. As someone who comes from a functional programming background, I definitely agreed with one thing: We need to stop building arbitrary walls that prevent us from learning from and helping each other.