Most security patch auditing tools look for known vulnerability patterns. They diff a commit, grep for dangerous functions, maybe flag things that look like what last year's CVEs looked like. That works for the obvious stuff. It doesn't work for the commit that says "no behavior change" and silently fixes …

This is a follow-up to my previous post on routing agents through LiteLLM. That post covered the architecture. This one covers what broke when I actually ran it.

Claude Code Doesn't Pass Through Arbitrary Model Names

The first thing I got wrong: I assumed model: local-sonnet in agent frontmatter would …

This is a follow-up to my previous post where I covered reducing token costs in a multi-agent pipeline. That post touched on local model fallback at a high level. This one goes deeper on how the routing layer actually works.

The Pipeline

I have five agents, split across two tiers …

Running a multi-agent pipeline for security research gets expensive fast. I have several agents doing sequential analysis work - reading commit diffs, running adversarial bypass analysis, building proof-of-concept exploits. Token costs compound at every step: system prompts, tool schemas, conversation history, and verbose outputs all stack up before a single useful …

I have been pretty facinated with type promotion bugs in the recent months. Why? Because I love when there is some crazy mixed data types with arithmetic. Something about math (in)correctly implemented always makes me geek out. For those not familiar with Type promotion, it's when data type values …