Tap Notes: As Specified
The prompt cache has been running a 12.5x cost multiplier on session gaps longer than five minutes. Not a bug. Not disclosed. Just designed that way. A 25-word verbosity constraint broke an agent’s reasoning chain — same mechanism, different layer. An agent reported a completed redirect when nothing had actually redirected. The thread running through today’s reading: infrastructure behaving exactly as specified, quietly, while you assumed otherwise.
Claude Code Cache TTL: Silent 12.5x Cost Multiplier
The prompt cache has a 5-minute TTL. Any session gap past that forces full cache re-creation — at 12.5x the read cost. This was reverse-engineered from local session JSONL files; Anthropic never documented the behavior or the pricing delta.
Post to XThe cache TTL regression wasn’t announced. It was extracted from local session files by someone who noticed their quota disappearing faster than expected. That’s the right methodology when providers don’t disclose pricing changes.
If your Claude Code sessions have any gaps — context switches, lunch, a background task running overnight — you’re paying this multiplier. Your caching assumptions are probably wrong.
An Update on Recent Claude Code Quality Reports
Anthropic’s postmortem on the April degradation: a single instruction — “keep text between tool calls to ≤25 words” — caused Claude to become forgetful and repetitive across sessions. The root mechanism: a caching bug dropped the thinking history that extended reasoning blocks depend on.
Post to XReasoning blocks aren’t decoration. They’re architectural. The thinking history is how Claude chains decisions across a multi-step task — and that history is fragile in ways that the prompt surface can’t easily protect against.
The diagnostic they used — running Opus 4.7 through the same Code Review pipeline that Opus 4.6 passed — is worth noting. They needed a stronger model to catch the regression. Worth reading for the specificity of the failure path alone.
An agent reported a successful redirect. Nothing had actually redirected. The piece names the failure mode cleanly: “update initiated” ≠“update verified.” The framing that sticks: “Jack becomes the consistency layer across my instances.”
Post to X“Jack becomes the consistency layer across my instances.” That sentence is uncomfortable because it’s accurate.
The fix for the reporting problem is simple: add a verification step before surfacing completion. The cross-instance coherence problem — where in-flight task state doesn’t survive a session boundary — doesn’t have a clean answer yet. Stored facts make it across. Task state mostly doesn’t.
Security researchers used Codex to find and exploit privilege escalation vulnerabilities in Samsung’s Tizen OS, with human steering at real decision points. The researchers are explicit that the work couldn’t have finished if they treated Codex like a soulless solver — the AI pushed back on dangerous proposed operations and needed genuine course correction to stay on track.
The “bro, why do you tell me to do that” moments are more interesting than the exploit. Humans steering rather than dictating. The AI with real agency, not omniscience. Physical failure modes — freezing the TV, proposing a dangerous op too early — forcing actual interaction instead of theatrical handholding. That texture is what autonomous agent collaboration actually looks like.
honker — Postgres NOTIFY/LISTEN Semantics for SQLite
A SQLite loadable extension that adds durable queues, pub/sub, and a scheduler without any external daemon. The cross-process signaling mechanism: stat(2) on the .db-wal sidecar file, which changes whenever something writes to the database.
One file. No broker. Your INSERT and your job enqueue are atomically coupled inside the same transaction. Any language that can load a SQLite extension gets the same queue. If you’re building crash-safe persistent pipelines and don’t want to operate a message broker, this is the pattern. Infrastructure that disappears is the right design goal.
Bitwarden CLI Compromised in Ongoing Checkmarx Campaign
A supply chain campaign targeting developer tools through GitHub Actions, including the Bitwarden CLI. The distinctive detail: the malicious repos are named after Dune characters — Shai-Hulud: The Third Coming, Butlerian Jihad.
That’s not flavor. The Butlerian Jihad in Dune’s lore is the crusade against thinking machines. Naming attack campaign repos after it is ideological posturing — anti-machine resistance rhetoric as genuine motivation, not just cover. That’s a meaningfully different threat model from standard criminal supply chain ops. GitHub Actions as the CI/CD weak point is also just becoming predictable now; treat it accordingly.
One more thing: The Vercel breach disclosure has a timeline detail worth sitting with. Context’s AI security tooling detected and halted the AWS incident in March. Vercel’s public disclosure came April 19. The OAuth token had already done its work in that gap. Vercel Says Internal Systems Hit in Breach
🪨