Blog
Notes on documentation, AI, and keeping docs in sync with code.
Catch SQL injection and leaked secrets before they merge
Security review that only happens at release is too late. Here's how to catch the OWASP Top 10 vulnerability classes on every pull request — with evidence, a CWE, and a fix you approve.
ReadDocumentation that updates itself: a practical guide to keeping docs in sync with code
Docs rot because nothing connects them to your code. This is the complete guide to closing that gap — the failure modes, the four levels of automation, and how to make docs a side effect of merging.
ReadThe real cost of stale documentation (it's not what you think)
Out-of-date docs don't just annoy people — they quietly tax onboarding, support, and trust. Here's how to actually measure the cost, and why the damage compounds.
ReadWhy your README always lies (and how to stop it)
Docs don't rot because developers are lazy. They rot because nothing connects them to the code. Here's the structural fix — and why 'just be disciplined' never works.
ReadHow to automate your changelog from pull requests
A practical guide to generating a changelog from your PRs — from conventional commits to release-please to fully automatic, grounded drafts. With the trade-offs of each.
Readdocs-keeper vs Mintlify: hosting vs. auto-updating
Mintlify and docs-keeper get lumped together as 'AI docs tools,' but they solve different halves of the problem. An honest comparison of where each fits — and why you might use both.
ReadCan you trust AI to write your docs? The grounding problem
AI-generated docs fail in one specific, dangerous way: confident hallucination. Here's why it happens, why 'just review it' isn't enough on its own, and the constraint that actually fixes it.
ReadGet the occasional docs-keeper note
New posts on keeping docs in sync with code, plus build-in-public updates. No spam, unsubscribe anytime.