https://loomcycle.dev/blog/ Engineering writeups from the loomcycle project. Benchmark findings, architecture decisions, lessons learned. en-us Copyright 2026 Dennis Gubsky. Apache-2.0 licensed software; blog posts are All Rights Reserved unless noted otherwise. Tue, 26 May 2026 22:30:00 GMT 1440 https://loomcycle.dev/blog/multi-replica-ha-the-seven-phases.html https://loomcycle.dev/blog/multi-replica-ha-the-seven-phases.html Tue, 26 May 2026 22:30:00 GMT denn@loomcycle.dev (Dennis Gubsky) Seven phases over four weeks took loomcycle from a single-process binary to a multi-replica cluster. Postgres LISTEN/NOTIFY backplane, cluster-wide per-user fairness, cross-replica cancel and pause/resume, advisory-lock singleton sweepers, DB-backed session locks and hooks. Two-replica docker-compose demo ships in the repo. Not v1.0 yet — load testing, functionality testing across the cluster matrix, and a hardening pass against cluster invariants are still ahead — but the biggest step toward it. https://loomcycle.dev/blog/loomcycle-meets-n8n.html https://loomcycle.dev/blog/loomcycle-meets-n8n.html Mon, 25 May 2026 22:30:00 GMT denn@loomcycle.dev (Dennis Gubsky) @loomcycle/n8n-nodes-loomcycle went from v1.0.0 to v1.2.0 in four days. Five cluster sub-nodes including a LangChain Chat Model wired to loomcycle's gateway, two trigger nodes, six example workflows. The Tools Agent integration saga: bindTools, RunnableBinding, _getType detection, and a defence-in-depth synthetic tool_call_id at every wire boundary that took three patches to chase down. https://loomcycle.dev/blog/openai-shaped-without-becoming-openai.html https://loomcycle.dev/blog/openai-shaped-without-becoming-openai.html Sun, 24 May 2026 22:30:00 GMT denn@loomcycle.dev (Dennis Gubsky) Loomcycle now serves three OpenAI-shaped endpoints: POST /v1/_llm/chat (loomcycle-native gateway, v0.11.0), POST /v1/chat/completions (Chat Completions shim, v0.11.3), and POST /v1/embeddings (Embeddings shim, v0.11.4). Every n8n Chat Model, LangChain consumer, RAG pipeline, and vector DB that defaults to OpenAI now works against your loomcycle by changing only the base URL and auth token. The interesting part isn't the wire format — it's what the shim deliberately omits, and what loomcycle adds that OpenAI doesn't. https://loomcycle.dev/blog/scrub-before-the-model-sees-it.html https://loomcycle.dev/blog/scrub-before-the-model-sees-it.html Sat, 23 May 2026 22:30:00 GMT denn@loomcycle.dev (Dennis Gubsky) A content-level prompt-injection defence built outside the model. WebFetch, WebSearch, and Brave Search results pass through a PostTool hook that scrubs sixteen injection patterns plus Cyrillic-homoglyph variants before reaching the agent's context. LIFO ordering with url-discovery, fail_mode: closed, and the JSON-nesting bypass that landed in production and got closed two hours later in review. https://loomcycle.dev/blog/agents-across-the-container-wall.html https://loomcycle.dev/blog/agents-across-the-container-wall.html Fri, 22 May 2026 22:30:00 GMT denn@loomcycle.dev (Dennis Gubsky) The historical loomcycle pattern read .claude/agents/*.md and .claude/skills/*/SKILL.md off a shared filesystem checkout. That breaks the moment the runtime and the app run in independent containers. We solved it with a substrate trio — AgentDef, SkillDef, MCPServerDef — each content-addressed by SHA-256 over a fixed field set, pushed at boot from the consumer's Docker image, resolved through one canonical lookup. With the cleanup-PR story of why the hash had to move from consumer-side to server-side. https://loomcycle.dev/blog/the-llm-shouldnt-see-your-name.html https://loomcycle.dev/blog/the-llm-shouldnt-see-your-name.html Tue, 19 May 2026 22:30:00 GMT denn@loomcycle.dev (Dennis Gubsky) Anthropic's no-training tier is a contractual promise about retention; it is not a reduction of what gets sent. We rebuilt the JobEmber data path so identifying PII never reaches the LLM at all — placeholders for names, emails, phones, and addresses; server-side comparison for location preferences via a narrow MCP tool — and dropped Read and HTTP from every agent that didn't strictly need them. https://loomcycle.dev/blog/zero-tool-zero-secret-agent.html https://loomcycle.dev/blog/zero-tool-zero-secret-agent.html Mon, 18 May 2026 22:30:00 GMT denn@loomcycle.dev (Dennis Gubsky) The job-posting-parser agent runs against attacker-controllable third-party HTML body text. We built it as the reference for the strictest profile we know how to ship: zero tools, zero secrets, tag-wrapped inputs, Zod-strict output. Each invariant covers a different failure mode; none is sufficient alone. Companion piece to the PII redaction post, frames a future deep-dive on content-level prompt-injection defence. https://loomcycle.dev/blog/who-decides-which-urls-an-agent-can-visit.html https://loomcycle.dev/blog/who-decides-which-urls-an-agent-can-visit.html Sun, 17 May 2026 22:30:00 GMT denn@loomcycle.dev (Dennis Gubsky) A Sunday-afternoon production-deploy test caught a structural gap in loomcycle's URL allowlist: pre-enumerated allowlists don't fit dynamic discovery, and the runtime doesn't have the context to fix that. We extended Pre-hooks with per-call host widening (v0.8.17), moving the decision out of loomcycle into the operator service that has the context to make it. https://loomcycle.dev/blog/the-final-bench-scoreboard.html https://loomcycle.dev/blog/the-final-bench-scoreboard.html Fri, 15 May 2026 10:00:00 GMT denn@loomcycle.dev (Dennis Gubsky) Sweep #6 with v3 cases + multi-judge consensus across three provider families. Every model hit CAPABLE; the real signal is cost-per-pass and overall-pass count. ollama/deepseek-v4-pro topped both quality (0.91 semantic) and price ($0.0022/pass) — beating opus at 1/75 the cost. https://loomcycle.dev/blog/how-we-selected-agent-and-tool-capable-models-with-own-benchmark.html https://loomcycle.dev/blog/how-we-selected-agent-and-tool-capable-models-with-own-benchmark.html Thu, 14 May 2026 22:30:00 GMT denn@loomcycle.dev (Dennis Gubsky) We benchmarked five providers and all current flagship models for agentic tool-calling. Four sweeps in, we found a bug in our own bench harness that invalidated most of our conclusions. Here's what we learned, what the corrected findings actually say, and what's going into v2 of the bench. https://loomcycle.dev/blog/our-mcp-server-authenticated-everyone-as-me.html https://loomcycle.dev/blog/our-mcp-server-authenticated-everyone-as-me.html Tue, 12 May 2026 22:30:00 GMT denn@loomcycle.dev (Dennis Gubsky) We added MCP to fix one auth leak (typed schemas, bearer tokens out of the model's view) and quietly created another: a shared developer bearer that authorized every user's agent calls as the developer. Documents linked to the wrong user. The bug took a stretch of days and a persistent second user to find. Here's the story and the per-run bearer mechanism (v0.8.14) that fixed it. https://loomcycle.dev/blog/the-80-dollars-i-burned-on-claude-code.html https://loomcycle.dev/blog/the-80-dollars-i-burned-on-claude-code.html Thu, 07 May 2026 22:30:00 GMT denn@loomcycle.dev (Dennis Gubsky) 100 parallel claude code --print instances. MacBook Pro M1 fan at maximum. ANTHROPIC_API_KEY inherited via execve. Opus 4.7 on a dumb classification task. The bill: $80. Anthropic's robot denied reimbursement. The architectural lesson became loomcycle.