Projects
Public work — things I've built myself, and open projects I contribute to.
The production-safety layer Microsoft's happy-path AI samples leave out: anti-SSRF allowlisting for outbound LLM calls, treating LLM output as untrusted input, AI telemetry, and an MCP least-privilege permission set. Dependency-free AL, compiled against BC28.
The subtle AL traps that bite experienced developers — each one a tiny, compiling object that shows the trap and the fix side by side. A reference to point a colleague at instead of explaining it again.
A GitHub Action that fails your pipeline before an AppSource submission by linting app.json against the conventions that otherwise cost a rejected review: target Cloud, no pinned dependency revision, required metadata.