Dev Notes
Dev Notes: May 11, 2026
Addy Osmani put a name on something I've been watching at work: comprehension debt. The growing gap between how much code exists in your system and how much of it any human actually understands. Tests pass. Velocity metrics look fine. Nobody can explain why a design decision got made six months ago or which behaviors are load-bearing.
Here's the part that's been bothering me. The same week I read his piece, Mozilla shipped a write-up on using a Claude harness to find 271 security bugs in Firefox. A 15-year-old bug in the legend element. A 20-year-old XSLT bug. Edge cases that fuzzers had missed for two decades. The agent didn't just find them, it built reproducible testcases and dismissed its own false positives along the way.
So which one is it? Is AI the thing creating comprehension debt, or the thing closing it?
Both, and the answer depends on where you point the harness. AI generating code with no verification loop accumulates debt fast. The same model pointed at the verification problem, with a real pipeline behind it, finds bugs humans never would.
The teams I'd bet on are building structural comprehension on both sides. Specs that say what a change is supposed to do before it's written. Harnesses that interrogate what shipped after. Engineers who can still look at a diff and know what's load-bearing.
Comprehension is the job. AI just moved where the work lives.
This Week on Slightly Caffeinated
E58: Usage Limits, Session Skills, and Iris Updates
TJ and I cover Anthropic's new usage limits (peak hours gone, daily caps expanded), the three session-flow skills I've been building at work (/session-brief, /handoff, /wakeup), and TJ tagging Iris to ship the threads branch with a Cmd+K command bar, Haiku-generated cross-thread briefs, and Telegram proactive messaging. Plus: Iris is now co-designing its own roadmap.
Out now wherever you get your podcasts.
What I'm Learning
I've been picky about new dev tooling for a while. AI made me pickier.
The workflow: someone posts about a new package or plugin, it looks promising, so before installing anything I drop the repo into Claude and ask it to audit the dependencies, the maintenance signals, and any security implications. Most weeks the answer is "not yet."
The dependency tree is the part I missed when I was eyeballing repos myself. A package with one direct dependency can pull in twenty transitive ones, half of them stale or unmaintained. Claude reads the lock file, follows the chain, and flags the actual surface area. Takes about two minutes and saves me the cleanup bill later.
It hasn't made me adopt more tools. It's made me adopt fewer, with a lot more confidence in the ones that land.
Links Worth Your Time
Comprehension Debt: The Hidden Cost of AI-Generated Code - Addy Osmani names the thing every team is going to hit eventually. The part that stuck with me: AI flips the review economy, where a junior dev can now generate code faster than a senior dev can audit it. Tests and specs help. They don't fix it.
Behind the Scenes: Hardening Firefox with Claude - Mozilla's writeup on the harness they built. 271 fixes in Firefox 150, including bugs that survived years of fuzzing. The takeaway worth stealing: build the pipeline first, then drop in better models as they ship.
If You Thought the Speed of Writing Code Was Your Problem - Andrew Murphy on the Theory of Constraints applied to engineering teams. Most teams find one hour of typing and nine days of waiting. AI speeds up the part that wasn't slow.
Code Review Is Not About Catching Bugs - David Poll's piece reframes review as the judgment layer, not the bug-catching layer. The right question is "does this reflect the right decisions," not "does this work."
Dev Tool of the Week
Claude Code session-brief pattern
Most engineers let Claude Code's context fill up until auto-compact takes over, then wonder why the next reply feels off. There's a middle path: a session-brief skill that scrapes the active task, the recent files, what you ruled out, and the next concrete step into your clipboard, then prompts you to /clear and paste it back in.
I've been running this at work for two weeks. The context window stays under 30% on multi-hour sessions. The next session starts loaded with the relevant state, not the cruft.
Easy to build your own. The trick is keeping the brief tight: active task plus last decisions plus next step. Not a session summary.
That's it for this week. Hit reply if you're seeing comprehension debt at your team, or if you've built a session pattern that's working. Curious what people are doing.
– Chris