# Ken Imoto — Full Blog Text

> Concatenated full text of all blog articles for AI citation use.
> Individual URLs are listed in llms.txt or sitemap-index.xml.

---

# I Added 11 JSON-LD Schemas. Three Months Later, Only 3 Showed Up in AI Citations.

URL: https://kenimoto.dev/blog/11-json-ld-3-cited-by-ai/
Lang: en
Date: 2026-05-25
Description: Three months ago I bundled 11 JSON-LD schemas into my site's head. I measured every AI citation since. Eight of those schemas were dead weight. Here's which three actually carried the freight, and why the other eight didn't.

Three months ago I spent an afternoon adding eleven JSON-LD schemas to my site's `<head>`. Organization, WebSite, Person, four Service blocks, two Books, MusicGroup, FAQPage. I felt very pleased with myself.

Then I measured what AI engines actually did with them.

Three of the eleven showed up in citations. The other eight might as well have been HTML comments.

This is the measurement story. I'll tell you which three schemas earned their seat, which eight were dead weight, and why I'd implement it the same way again — but smaller.


## What I implemented and why I thought it would work

The implementation itself was straightforward. I wrote it up in detail in [the Japanese version of this blog](https://kenimoto.dev/ja/blog/json-ld-11-schemas-llm-understanding/) (English readers will lose the prose but the code blocks translate fine). The short version: I bundled all eleven schemas into a single `<script type="application/ld+json">` array in my Astro layout, server-rendered on every page.

My reasoning at the time felt airtight:

- More structured signals = more chances to be cited
- LLMs supposedly love `knowsAbout`, so Person was going to be the secret weapon
- Service blocks would tell AI exactly what I sell
- Book blocks would surface my publications
- Even MusicGroup got a slot, because I have a side project and why not

I was operating on a hoarder's theory of LLMO: if some is good, eleven is better.

## How I measured

I ran a three-month tracking experiment from late February through late May 2026. The rules:

- 50 brand and topic queries written once and reused weekly
- 4 AI engines: ChatGPT (Search mode), Perplexity, Claude (search-enabled), Brave Leo
- Every week I asked all 50 questions to all 4 engines
- For each citation, I checked whether the cited snippet contained information that was *only* available in a specific JSON-LD schema — name, foundingDate, knowsAbout, FAQ Q&A pairs, book titles, service descriptions
- If the snippet leaned on a unique schema field, I credited that schema

That last rule is the important one. Anyone can claim "my Article schema is working" because Article overlaps with `<title>` and `<h1>` and `<meta description>`. The interesting question is: when AI cites a fact that *only exists in JSON-LD*, which schema produced it?

Three months, 600 queries (50 × 4 × 3 months), about 180 citations of my site total. I tracked every one.

## The three schemas that earned their seat

### 1. Organization

`Organization` is the schema that AI engines actually parse and store. When someone asks ChatGPT "what does kenimoto.dev focus on" or Perplexity "who runs that site", the answer leans on fields that live inside the Organization block:

- `name` and `alternateName` (handles transliteration and abbreviations)
- `description` (the one-liner AI uses as the site summary)
- `foundingDate` (the only structured place AI can find this)
- `sameAs` (cross-references to GitHub, LinkedIn, X — AI uses this to merge entities)

About 40% of cited snippets contained information traceable to Organization. The pattern matches what [BrightEdge reported in early 2026](https://digitalstrategyforce.com/journal/what-schema-markup-gets-you-cited-by-chatgpt-and-google-ai-mode-in-2026/): Organization is Tier 1.

If you implement only one schema, it's this one. Not even close.

### 2. Article (per-post TechArticle)

This wasn't part of the 11 bundled into the homepage `<head>` — Astro emits it per blog post. I'm counting it because the experiment forced me to notice: every single AI citation of an individual blog post leaned on Article's `headline`, `datePublished`, `dateModified`, and `author` fields.

The `dateModified` field punched above its weight. Perplexity in particular seems to favor fresh content as a ranking signal — recent industry analysis [pegs freshness around 40% of Perplexity's weighting](https://www.stackmatix.com/blog/structured-data-ai-search). Every time I updated a post and bumped `dateModified`, the citation rate for that post crept up over the following two weeks.

### 3. FAQPage

The one schema where the citation pattern is unmistakable. AI engines extract FAQPage `mainEntity[].name` and `acceptedAnswer.text` almost verbatim. Industry studies put FAQPage citation rates [around 67% on AI-relevant queries](https://www.frase.io/blog/faq-schema-ai-search-geo-aeo), and a separate analysis found FAQPage pages [3.2× more likely to appear in Google AI Overviews](https://digitalstrategyforce.com/journal/what-schema-markup-gets-you-cited-by-chatgpt-and-google-ai-mode-in-2026/) than pages without it.

My own numbers were tamer — I have one FAQPage block, not a hundred — but the *quality* of citation was different. ChatGPT didn't paraphrase my FAQ answers. It quoted them.

There's a catch: FAQPage only works if the FAQ content is visibly rendered on the page. Empty FAQPage schema (a thing I've seen plenty of people try) is a documented penalty pattern, not a hack.

## The eight that did nothing

Here's the part that hurt to write.

### Person (with knowsAbout)

I really thought `knowsAbout` was going to do the heavy lifting. Multiple LLMO guides treat it as the secret weapon for personal authority. When I ask AI "who is an expert on LLMO?" my name should be in the answer, right?

It isn't. Across 600 queries I could not find a single citation where the cited content traced back to a unique `knowsAbout` value. Not one.

My current theory: AI engines don't query a structured knowledge graph the way Google's Knowledge Panel does. They retrieve documents and read them. `knowsAbout: ["LLMO"]` sitting in JSON-LD is not a document. It's metadata about a person that no retrieval pipeline thought to surface.

This was the most disappointing finding and the most useful one. `knowsAbout` is fine to include — it costs you nothing — but planning your LLMO strategy around it is planning for a pipeline that doesn't exist yet.

### Service ×4

Four blocks describing what I do. Zero citations traceable to them. AI engines that wanted to know what services I offer found that information in my homepage prose, not in the structured data.

### Book ×2

Two blocks describing my published books. Zero citations from book queries that could only have come from the Book schema. When AI does cite my books, it's because of the prose in my book LP pages and the Amazon listings — both of which exist independent of the schema.

### MusicGroup

I included this for completeness. I now suspect I should have included it for honesty: I knew at the time it was unlikely to ever fire, and it didn't. The presence of one MusicGroup block in my site's `<head>` was self-expression, not LLMO.

### WebSite

`WebSite` with `SearchAction` is famously useful for the Google sitelinks search box, which is an SEO feature, not an AI one. In three months, no AI citation needed information that only lived in the WebSite schema block.

## What the broader research is saying

The three-month finding matches what I'm seeing in 2026 industry research.

[Ahrefs ran a May 2026 study](https://medium.com/@vicki-larson/how-structured-data-schema-transforms-your-ai-search-visibility-in-2026-9e968313b2d7) on 1,885 pages that added schema to see whether citation rates moved. They barely did. The pages that gained citations were the ones with strong content and earned media coverage; schema by itself didn't push the needle.

[BrightEdge research from early 2026](https://digitalstrategyforce.com/journal/what-schema-markup-gets-you-cited-by-chatgpt-and-google-ai-mode-in-2026/) found that pages combining Article, FAQPage, HowTo, and Organization were 2.5 to 2.7× more cited than schema-less pages. Notice what's not on that list: Person, Service, Book, MusicGroup, WebSite.

There's even a downside warning. Generic, partially-filled schema (Organization with just `name` and `url`, FAQPage with one question, Person with no `knowsAbout`) carries an [18-percentage-point citation penalty](https://www.stackmatix.com/blog/structured-data-ai-search) compared to no schema at all. AI engines apparently treat hollow schema as a low-quality signal.

The takeaway aligns with my measurement: a small number of well-filled schemas beats a sprawling collection of half-filled ones.

## What I'd do differently

I'd still bundle Organization, Article, and FAQPage. I'd invest the time saved on the other eight into making those three richer:

- Organization: more `sameAs` entries, real `address`, real `email`, real `foundingDate`, descriptive `description`
- Article: aggressive `dateModified` updates whenever a post is genuinely revised, proper `author` with linked Person
- FAQPage: every page that has a Q&A section should expose it as FAQPage with answers written to be quotable in two or three sentences

I'd skip Person/knowsAbout, Service, Book, MusicGroup, and WebSite. Not because they're harmful — they're not, as long as they're correctly filled — but because the implementation cost is non-zero and the return is rounding error.

The general rule I'd offer anyone starting this in 2026: pick the three schemas that map to the *content the AI is reading* — corporate identity (Organization), article body (Article), Q&A blocks (FAQPage). Schemas that describe abstract attributes of a person or company without a corresponding content block on the page tend to be ignored.

If you want a more structured way to decide which schemas fit which site type (corporate, media, ecommerce), [llmoframework.com](https://llmoframework.com) organizes schema selection by site purpose with evaluation metrics. It's the framework I should have used three months ago instead of "more is more."

## Three months of hoarding wasn't a content strategy

The pattern I keep seeing in LLMO advice is the same one I fell for: implement everything, more is better, the AI will figure it out. The AI doesn't figure it out. It reads the documents you give it and looks for fields that map to its retrieval pipeline. Eight of my eleven schemas were never on that map.

Three are. Those three are now richer than they were when they shared the page with eight others. The blog ranks the same, ChatGPT cites me about 20% more often than it did in February, and my Astro layout is shorter.

Eleven schemas was a landfill. Three schemas is a site.

## Read more

- [JSON-LD Implementation Guide (11 Schemas)](https://kenimoto.dev/ja/blog/json-ld-11-schemas-llm-understanding/) — the implementation article (JA) this measurement story is the sequel to
- [llmoframework.com](https://llmoframework.com) — the framework for picking schemas by site purpose
- [BrightEdge schema citation research (Digital Strategy Force summary)](https://digitalstrategyforce.com/journal/what-schema-markup-gets-you-cited-by-chatgpt-and-google-ai-mode-in-2026/)
- [Ahrefs May 2026 schema study (Medium summary)](https://medium.com/@vicki-larson/how-structured-data-schema-transforms-your-ai-search-visibility-in-2026-9e968313b2d7)

---

## Want the full LLMO playbook?

If you want the eight-chapter compressed version of how SEO breaks, what LLMO replaces it with, and how to measure all of it, the book that compresses three months of measurement work into a weekend read is [**LLMO Quickstart: An Engineer's Intro to AI Search Optimization**](https://kenimoto.dev/books/llmo-quickstart). Same author, longer form, the JSON-LD chapter goes deeper than this post.

---

# I Audited 30 llms.txt Files in the Wild. 5 Anti-Patterns Are Already Forming.

URL: https://kenimoto.dev/blog/30-llms-txt-files-5-anti-patterns-already-forming/
Lang: en
Date: 2026-05-11
Description: I shipped my third llms.txt this month and felt productive. Then I opened 30 production llms.txt files from companies like Stripe, Vercel, and Anthropic. Most of them are already broken in the same five ways.

I shipped my third llms.txt this month and felt extremely productive. The kind of productive where you close the laptop, pour a coffee, and feel like the entire AI-search problem is now solved on a personal level.

Then I opened 30 production llms.txt files from the companies the rest of us are supposed to be learning from. Anthropic. Stripe. Vercel. Cloudflare. Hugging Face. Mintlify. Astro. Linear. The names you cite when you tell someone "look, the serious players are doing it."

24 of the 30 files had at least one of five problems. Three of those problems were in my own files.

That coffee got cold.

## How I Ran the Audit

The setup was embarrassingly simple. I picked 30 domains that have public llms.txt files and matter to developers in 2026: AI labs, infra companies, popular dev tools. I `curl`ed each one. I read each one with the eyes of an LLM trying to use it. I logged what was wrong.

This isn't science. It's a Monday evening with a terminal open. But the patterns showed up so fast that I stopped at 30 — the next ten would have been more of the same.

A March 2026 [SE Ranking study of 300,000 domains](https://seranking.com/blog/llms-txt/) found roughly 10% adoption. The [codersera May 2026 guide](https://codersera.com/blog/llms-txt-complete-guide-2026/) puts the number around 844,000 sites with 500% YoY growth. The standard is winning the adoption race. It is losing the quality race.


## The Five Anti-Patterns

### Anti-Pattern 1: "Dump Everything"

This is the most common failure and the one I am most guilty of. The author treats llms.txt as a second sitemap. 800 links. 1,200 links. One file I opened had every blog post since 2019, flat, no priority, no grouping.

The whole point of llms.txt is that sitemap.xml already exists. When the spec says "10KB recommended" it is not being cute about file size. It is saying: if the LLM cannot read all of this inside a context window with budget left for the actual question, you have not helped, you have moved the problem.

The fix is brutal: pick 10 to 20 links. Not 50. Not "key sections plus a few extras." Ten to twenty. Everything else goes in `## Optional` or stays in sitemap.xml.

If you are a docs-heavy product, use the pattern Cloudflare ships: a slim root llms.txt that links to per-product llms.txt files. Each one stays under the budget. An agent fetches only the one it needs. No one reads the entire encyclopedia to fix a faucet.

### Anti-Pattern 2: "Contradicts robots.txt"

Open the robots.txt. Open the llms.txt. Diff the paths. About a third of the files I audited list URLs in llms.txt that are explicitly `Disallow`ed in robots.txt for the very crawlers most likely to read llms.txt.

The most painful example: a docs site that blocks `GPTBot` and `ClaudeBot` from `/docs/` in robots.txt, then lists 40 `/docs/*` URLs in llms.txt. The file says "here is what matters." The robots.txt says "you cannot have it." The crawler obeys robots.txt. The llms.txt is decorative.

This usually happens when the two files are owned by different teams (or by the same person across two different months). The fix is a five-minute review with both files open: every URL in llms.txt must be allowed in robots.txt for every AI crawler you actually want reading it.

If you genuinely want to block AI crawlers, fine, but then do not also write them a polite directory of your favourite pages.

### Anti-Pattern 3: "HTML Links Only, No .md"

Jeremy Howard's original proposal includes a clever convention: any URL appended with `.md` should return a clean Markdown version of the page — no nav, no ads, no JavaScript bundle. The `.html.md` pattern.

Almost nobody does it. In my 30 files, only 6 served any `.md` companion at all. The other 24 hand the LLM a link to an HTML page that the LLM cannot parse cleanly because the crawler [does not execute JavaScript](https://kenimoto.dev/blog/llms-txt-ai-find-your-site/).

Stripe does this well: every docs URL has a `.md` twin and llms.txt points at the `.md` version. The [llmoframework.com reference templates section](https://llmoframework.com) calls this out as the single highest-leverage thing most teams are skipping, because it is the difference between "AI can find the page" and "AI can actually read what is on the page."

The fix depends on your stack. For Astro and Next.js, generating `.md` versions at build time is a 30-line change. For dynamic CMS sites, an edge function that returns a markdown serialization on the `.md` suffix is the move. Either way, this is the anti-pattern with the largest delta between effort and outcome.

### Anti-Pattern 4: "About Page Theatre"

Eight of the 30 files used the entire body of the file as a marketing pitch. Three paragraphs about the company's mission. A founder quote. The history of the brand. Then two links. Total content: "we are visionary leaders in the AI-native space."

LLMs do not buy your vibe. They need pointers to content. The H1 plus blockquote summary is the place for "what is this site." Everything below should be links to specific pages with specific descriptions. If your llms.txt reads like a homepage, you wrote a homepage.

Princeton's [GEO study of 9 ways to get cited by AI](https://kenimoto.dev/blog/geo-princeton-study-9-ways-ai-cites-you/) hammered the same point on the content side: vague claims do not get cited, specific claims with sources do. The same logic applies to llms.txt itself.

### Anti-Pattern 5: "Frozen in 2024"

Five of the files I audited had visible signs of being shipped once and never touched again. Links to pages that 404. Product names that no longer exist. Dates that put the file's last meaningful update in 2024 — back when llms.txt was a six-month-old proposal and "AI search" was something Perplexity was still explaining to people.

Sitemap.xml is auto-generated. robots.txt rarely changes. llms.txt sits in an uncanny middle: hand-curated like documentation, but with the same staleness risk as a README that says "we use Yarn" when you migrated to pnpm last year.

The fix is automation, not discipline. Add a CI check that flags 404s in the URLs your llms.txt lists. Regenerate the "featured articles" section from your analytics every quarter. Treat the file like a config artifact, not a one-off launch deliverable.

[Mintlify's analysis of real llms.txt examples](https://www.mintlify.com/blog/real-llms-txt-examples) flagged this as the second-biggest pattern they saw across the customer base. The first was Anti-Pattern 1. So those are the two to fix this week.

## The Three I Shipped Myself

Honesty section. Of my three llms.txt files:

- One had 47 links in it. Anti-pattern 1.
- One pointed at HTML-only URLs because I had not set up the `.md` companion yet. Anti-pattern 3.
- One had not been updated in 4 months and listed a post under a slug I had since renamed. Anti-patterns 5 and a 301-redirect chain for dessert.

I did not catch any of this until I was three quarters of the way through reading other people's files. The audit was supposed to be about them. It ended up being about me. There is probably a lesson in there, but I am still in the embarrassment phase.

## What Changed After I Fixed Two

I fixed two of them. The 47-link file went to 16 links plus an `## Optional` section. The HTML-only file got `.md` twins for the 16 featured URLs via a build-time hook (Astro made this easier than I expected — about 25 lines).

I cannot tell you "AI citations jumped by X%" because the file is one week old and citation measurement at this volume is noisy. What I can tell you is the file now passes a smell test I should have applied from day one: would a model with a 200K context window and ten other tabs open prefer this file over the previous version? Yes. Obviously yes. The previous version was unreadable.

[Measuring whether AI is actually citing your site](https://kenimoto.dev/blog/measure-ai-citations-llmo-kpi/) is its own problem and I have written about it separately. For llms.txt specifically, the test I now apply before shipping is: "if I gave this to a junior engineer with no context, could they figure out what this site is and what to read first, in under 60 seconds." If no, the file is wrong, regardless of what any AI search tool ends up doing with it.

## The Honest Position on llms.txt

The skeptics are partly right. SE Ranking's 300K-domain study did not find a measurable citation lift. The major LLMs do not publicly confirm they fetch the file. The standard has no W3C stamp.

The skeptics are also partly wrong. IDE agents (Cursor, Cline, Continue), the [five AI search engines I compared earlier](https://kenimoto.dev/blog/five-ai-search-engines-architecture-llmo/), and a growing list of MCP integrations read llms.txt today. The optionality is real and the cost is fifteen minutes.

The actual question for 2026 is not "should I ship an llms.txt." That question is settled by the cost-benefit math. The question is whether the file you ship gives an LLM something useful or trains it to ignore your domain. Anti-patterns 1 through 5 are the difference between those two outcomes.

## What to Do This Week

If you have not shipped one yet, my [llms.txt guide from April](https://kenimoto.dev/blog/llms-txt-ai-find-your-site/) walks through the basics. If you have shipped one, run it through the five-question audit:

1. Is it under 10KB and under 20 links (excluding `## Optional`)?
2. Do all listed URLs pass robots.txt for GPTBot and ClaudeBot?
3. Do at least the top 5 URLs have a `.md` companion?
4. Does the body link to specific pages, not generic marketing copy?
5. Was it updated in the last 90 days?

If you score 5 out of 5, you are in the top 6 of the 30 sites I looked at, which is to say the top 20% of an already-self-selected sample. If you score 3 or below, you have the same Monday afternoon ahead of you that I did.

I am writing my fourth llms.txt this week. I will run it through this list before I publish. I will not feel productive afterwards. I will feel like someone who learned the same lesson three audits in a row.

That, I am told, is how engineering works.

---

## Want to go deeper?

If you want the full LLMO playbook — beyond llms.txt and into JSON-LD, robots.txt strategy, content design, and measurement — **[LLMO: AI Search Optimization for Engineers](https://kenimoto.dev/books/llmo-ai-search-optimization)** is the 12-chapter book that the 8-chapter Quickstart is excerpted from. Same author, deeper depth, more case studies.

---

# 9 Bugs in My AI Pipeline: None Were the AI's Fault

URL: https://kenimoto.dev/blog/9-bugs-in-my-ai-pipeline/
Lang: en
Date: 2026-04-30
Description: I tested my autonomous content pipeline 6 times and found 9 bugs. The model caused exactly zero of them. Here's what actually broke.

I tested my autonomous content pipeline 6 times and found 9 bugs.

The model caused exactly zero of them.

Every single failure was in the **harness**: the environment around the model. This post walks through all 9 bugs, what caused them, and how I fixed them.

## What I Built

I built an autonomous content pipeline using Claude Code. Three independent AI sessions chain together in sequence:

1. **Observer**: scans the landscape (trending topics, competitor articles, performance data)
2. **Strategist**: picks the best topic, decides the angle, writes an outline
3. **Marketer**: writes the full article, runs quality checks, schedules publication

Each phase is a separate Claude session. The Observer's output becomes the Strategist's input. The Strategist's output becomes the Marketer's input. No human in the loop: unless something fails quality checks.

I drew this architecture diagram on paper and felt like a genius. On paper, it was perfect.

```yaml
# The target architecture
observer:
  schedule: "0 7 * * 1"  # Every Monday 7:00 AM
strategist:
  after: observer          # Starts when Observer completes
marketer:
  after: strategist        # Starts when Strategist completes
```

Sounds clean. Reality was messier.


## The 9 Bugs

After 6 rounds of testing, I cataloged every failure. They fall into four categories.

### Execution Control (2 bugs)

**Bug #1: Parallel execution conflict**

The first version used three separate cron jobs, all set to the same time. The Strategist hadn't finished reading the Observer's output when the Marketer started: with no input. Three people talking at the same time in a meeting. Nobody listening.

```yaml
# Before: all fire at once
observer:   "0 7 * * 1"
strategist: "0 7 * * 1"
marketer:   "0 7 * * 1"
```

The fix was switching from time-based scheduling to event-driven chaining with `after` dependencies.

**Bug #2: Cron simultaneous fire**

Even after staggering the times (7:00, 7:30, 8:00), the Strategist sometimes took longer than 30 minutes. Race condition by design.

The real fix was the same: event-driven chaining. Don't schedule by clock: schedule by completion.

### Data Integrity (3 bugs)

**Bug #3: Topic duplication**

Without an exclusion list, the pipeline kept selecting the same topic. The Observer saw "LLMO" trending and picked it every single time.

```python
# Fix: inject exclusion list before topic selection
existing = list_existing_articles()
prompt = f"""
Select a topic. Do NOT pick any of these (already published):
{existing}
"""
```

**Bug #4: Calendar entry duplication**

The pipeline registered calendar events without checking if one already existed. Run it twice, get two identical events.

Fix: delete matching entries before inserting.

**Bug #5: Scheduling conflict with existing reservations**

The auto-scheduler picked dates that already had articles scheduled. Two articles published on the same day, zero on the next.

```python
# Fix: calculate available dates first
available = get_available_publish_dates(
    start=today,
    count=batch_size,
    existing=get_scheduled_dates()
)
```

### Quality Assurance (2 bugs)

**Bug #6: Self-reported quality checks**

The AI was checking its own work: and always passing itself. "Is this article good?" "Yes, it's excellent." I had built the grading equivalent of a student marking their own homework. With a red pen. Giving themselves an A+.

Fix: run quality checks in a **separate** Claude session that has no memory of the writing session. Independent reviewer, not self-assessment.

**Bug #7: Missing wit check**

The quality pipeline checked for AI slop vocabulary but didn't check for wit: the human touch that makes writing engaging rather than competent.

Fix: added a dedicated Phase 4 check requiring at least 2 instances of wit (self-deprecation, unexpected metaphors, deflation after grand statements).

### Infrastructure (2 bugs)

**Bug #8: Bash syntax error from angle brackets**

The prompt template contained `<devto_id>` as a placeholder. Bash interpreted `<` as input redirection and silently corrupted the command.

```bash
# Before: bash interprets <devto_id> as redirect
echo "Update article <devto_id> to published"

# After: escape or quote
echo "Update article DEVTO_ID_PLACEHOLDER to published"
```

**Bug #9: `at` job duplication**

The scheduler used `at` for timed publication but didn't check for existing jobs with the same article ID. Re-running the pipeline queued duplicate publish commands.

Fix: delete matching `at` jobs before scheduling new ones.

## The Pattern

None of these bugs involve the model generating bad text. The model was fine. What failed was everything *around* the model:

| Category | Count | Example |
|----------|-------|---------|
| Execution control | 2 | Parallel sessions, race conditions |
| Data integrity | 3 | Duplicates, conflicts, missing exclusions |
| Quality assurance | 2 | Self-grading, missing checks |
| Infrastructure | 2 | Shell escaping, job management |


This maps cleanly to the **Prompt → Context → Harness** progression that's emerging in the AI engineering space:

- **Prompt Engineering**: optimizing what you say to the model
- **Context Engineering**: optimizing everything you send to the model (RAG, tools, memory)
- **Harness Engineering**: optimizing the environment the model operates in

All 9 bugs were harness bugs. Y Combinator's data backs this up: 40% of AI agent projects fail, and the common thread isn't model quality. It's harness quality.

## The Fix: Event-Driven Chaining

The single most impactful change was moving from time-based cron to event-driven dependencies.

```yaml
# Final architecture
observer:
  schedule: "0 7 * * 1"
strategist:
  after: observer
marketer:
  after: strategist
```

Each phase writes its output to a known location. The next phase only starts when the previous one completes successfully. If any phase fails, the chain stops: no downstream corruption.

After implementing all 9 fixes, the 7th test run produced 5 articles in a single batch, automatically scheduled to non-conflicting dates, each independently quality-checked.

## Takeaway

AI agent quality is determined outside the AI.

The model is the chef. The context is the ingredients. The harness is the kitchen.

If the kitchen is broken: wrong burners firing simultaneously, ingredients getting mixed up, no one tasting the food: it doesn't matter how talented the chef is.

I spent 3 hours optimizing my prompts. I spent 0 minutes checking my kitchen. Turns out, I was bug #10.

Before you optimize your prompts, check your kitchen.

---

## Want to go deeper?

This article shows one piece. The full system — five vendor interpretations, six building blocks, and the implementation patterns from AGENTS.md to Self-Evolving Agents — is in **[Harness Engineering — From Using AI to Controlling AI](https://kenimoto.dev/books/harness-engineering-guide)**.

---

# AI Citations Have a Half-Life. I Tracked Mine for 9 Weeks and Watched Them Decay.

URL: https://kenimoto.dev/blog/ai-citations-half-life-decay/
Lang: en
Date: 2026-06-04
Description: I logged my blog's AI citations every week for two months. They peaked around week three, then fell by more than half. Google search traffic never moved. SEO and AI citation run on two different clocks.

I have written about measuring AI citations more times than I have written about my own family, which says something I would rather not examine. KPIs, tracker comparisons, the breadth of my corpus. All of it was a snapshot: how many engines cite me *today*. It took me an embarrassingly long time to ask the obvious follow-up question. Not "how many," but "how long."

So I started logging citations weekly instead of once. Same prompts, same five engines, every Monday morning, for nine weeks. The result is the thing nobody screenshots on LinkedIn: a citation is not a trophy you win and keep. It is a perishable good. Mine peaked around week three and then lost more than half its value, and the strangest part is that my Google search traffic for the exact same pages did not budge.


## What I actually measured

I had three articles that consistently got cited across ChatGPT, Perplexity, Gemini, Claude, and Brave AI. I picked those three because a citation that only fires once is noise, and I wanted signal I could track over time.

Every Monday I ran the same 30 prompts, three times each, and logged how many returned one of my three pages as a clickable citation. I also pulled the weekly Google Search Console clicks for those exact URLs, so I had two curves drawn on the same calendar.

One curve is AI citations. The other is plain old search traffic. I expected them to roughly track each other. They did not even rhyme.

## The decay curve

Here is what nine weeks looked like, normalized so the peak week is 100.

```text
Week:        1    2    3    4    5    6    7    8    9
AI cites:   48   82  100   91   70   54   47   44   46
GSC clicks: 88   92   95  100   97   99   96   98   97
```

The AI citation line climbs for three weeks, tops out, and then slides down a ramp until it settles at roughly half its peak. The Google line is a heartbeat monitor on a calm patient: it wanders inside a narrow band and never does anything dramatic.

If I fit a half-life to the decay portion, my citations lost 50% of their peak rate in about four to five weeks. That lined up unnervingly well with what other people are measuring out loud right now. One platform-by-platform study put the median AI citation [half-life at 4.5 weeks](https://authoritytech.io/curated/ai-citation-half-life-platform-refresh-playbook-2026), with ChatGPT churning fastest and Perplexity holding longest. Another found that [AI-cited domains turn over 40 to 60 percent every month](https://machinerelations.ai/research/ai-citation-decay-how-brands-lose-visibility-over-time). I was not looking at a quirk of my tiny blog. I was looking at the weather.

## Why the two clocks disagree

The reason the curves diverge is that they are pulling from different places.

Google's organic ranking for an established page is sticky. The page earned its position over months, the ranking signals are slow-moving, and one week of nothing-in-particular does not dislodge it. That is the heartbeat line.

AI citations are pulled from a live index at answer time, and that index is biased toward fresh material. Industry measurements in 2026 keep landing on the same shape: roughly [half of all AI-cited content is under 13 weeks old](https://salespeak.ai/aeo-news/content-freshness-ai-search), and pages updated within the last 30 days earn several times more citations than older ones. My three pages were great answers in March. By May they were still great answers, but the engine had three newer "great answers" to choose from, and it is graded on recency, not on loyalty to me.

So the decay is not a quality problem. My pages did not get worse. The pool they compete in got younger.

## The part where I tried to fight it

Naturally, my first instinct was to refresh the pages and reset the clock. The freshness research says a substantive update — a new stat, a corrected claim, a visible timestamp change — is enough to [re-trigger the freshness signal](https://authoritytech.io/curated/ai-citation-half-life-platform-refresh-playbook-2026). So in week seven I rewrote the intro of my best-performing page, added a 2026 data point, and bumped the dateline.

You can see the result in the table. Week eight ticked from 47 to 44, then week nine recovered to 46. Within the noise. A genuine nothing.

I want to be honest about that, because the tidy version of this post would have the refresh save the day in a triumphant week-nine spike. It didn't. One refresh of one page over two weeks is not enough signal to conclude the tactic failed, but it is enough to stop me from promising you it works. What I changed was small, and the engines treated it as small. The lesson I am taking is that a cosmetic timestamp bump is not a refresh. The studies that show refreshes working describe *substantive* rewrites, and "I added one sentence" is the SEO equivalent of changing your shirt and calling it a new wardrobe.

## What this means if you write about LLMO

Three things rearranged in my head.

**A citation count is a flow, not a stock.** I had been treating "I am cited by five engines" like money in a bank account. It is closer to water in a leaky bucket. If you measure once and frame it, you are reading the level at one instant and assuming it holds. It does not hold. The only honest version of the metric is a rate over time, which means you have to measure on a cadence or you are measuring nothing.

**The refresh cadence is the actual job.** If half your citation value evaporates in roughly a month, then the maintenance schedule matters more than the next new post. I spent six months optimizing the title and schema of pages at the moment of publication, which is the one moment the freshness clock is on my side anyway. The hard part is week six, when the clock has turned against me and the only move is real work on an old page.

**SEO and AEO are not the same investment.** They feel adjacent because they both start with a URL and a query. But my data shows them moving on different timescales for the same pages, which means a single content calendar optimized for one is probably mistimed for the other. Search rewards the durable asset. AI citation rewards the recently-touched asset. Those are not the same content strategy wearing two hats.

For the framework side of this, the [LLMO Framework](https://llmoframework.com/) splits its pillars into Citability (do you get cited at all) and the Authority and Coherence signals (do you stay cited). Nine weeks of staring at a decay curve made me realize I had spent all my effort on the first pillar and almost none on the rest. Getting cited is a launch problem. Staying cited is a retention problem, and retention is where the freshness clock lives.

## What I'm doing now

I turned the weekly log into a standing job instead of a one-time experiment. Every Monday the same 30 prompts run, the same three URLs get checked, and the number goes into a spreadsheet next to the GSC clicks. When a page's citation rate drops below half its peak, it goes on a refresh list — and "refresh" now means a real new section or a new dataset, not a dateline nudge.

I am also going to stop reporting my citation breadth as a single proud number. "Five engines cite me" is true on a Monday and a lie by the next month. The number I trust now is the trend line, and the trend line only exists if you keep measuring after the launch-week dopamine wears off.

The blog never stopped being a measurement target. I just learned that the measurement has a time axis, and the time axis is where all the interesting bad news lives.

I will re-run the full nine-week log on a different set of pages next quarter to see if the half-life holds at four-to-five weeks or if it varies by topic. My guess is that evergreen how-to pages decay slower than my "here's what broke this week" experience reports, because the how-to answers a stable question and the experience report answers a question nobody will type again. We'll see. The nice thing about a leaky bucket is that it makes a very honest dashboard.

---

If you want the measurement loop I keep referring to — the five-prompt, three-retry, monthly-cadence setup with the GA4 segment regex and the Python visibility script — chapter 3 of [LLMO Quickstart](https://kenimoto.dev/books/llmo-quickstart?utm_source=kenimoto-dev-blog&utm_medium=article&utm_campaign=ai-citations-half-life-decay) walks through it. This post is what happened when I added a time axis to that loop and watched the numbers fall.

---

# My Best Page Went Stale in a Month: Why AI Search Rewards Freshness, Not Just Schema

URL: https://kenimoto.dev/blog/ai-search-rewards-freshness/
Lang: en
Date: 2026-06-07
Description: I shipped clean JSON-LD and a tidy llms.txt, then watched my top-cited page lose more than half its AI citations in about a month. Freshness is a ranking input, not a one-time setup. Here is what actually moved the needle, and why changing the date alone made it worse.

I did everything the LLMO checklists told me to. JSON-LD on every page, a hand-curated llms.txt, question-shaped headings, self-contained passages an AI could lift without context. The page that came out of that work got cited by ChatGPT, Perplexity, and Gemini within two weeks. I screenshotted it. I felt like I had solved a thing.

About a month later, the same page was barely cited at all. I had not deleted it. I had not changed the URL. Google still sent it the same trickle of search traffic it always had. But the AI engines had quietly moved on to fresher sources, and my carefully structured page was now the equivalent of a restaurant nobody walks into anymore.

That is the lesson I want to save you a month on: **schema gets you in the door, but freshness decides whether you stay in the room.**


## Schema is the table. Freshness is whether the food is still warm

Here is the mental model I wish I had started with. Structured data, llms.txt, clean headings: those build the table and set the silverware. They make your content legible to a machine that parses pages into fragments. But a set table does not make anyone eat. The AI engine still chooses *which* dish to serve, and when two dishes answer the same question, it reaches for the one that came out of the kitchen most recently.

This is not a vibe. The retrieval step in front of every AI answer treats recency as a filter. Across ChatGPT, Perplexity, and Google AI Overviews, content updated in the last 30 to 90 days gets cited at meaningfully higher rates than older pages, and roughly half of all AI-cited content is [less than 13 weeks old](https://authoritytech.io/blog/content-freshness-seo-ai-2026). Pages under 30 days old earn an estimated 3.2x more citations than older ones. Perplexity is the strictest: one analysis found it cited content from the [last 30 days at an 82% rate](https://www.demandlocal.com/blog/content-freshness-ai-rankings/), and a six-month-old post loses to a fresh one on the same topic almost every time.

ChatGPT mixes recency with authority: 76% of its top-cited pages are under 30 days old when freshness is relevant, but it still pulls from 2022 or earlier when authority outweighs recency. Google AI Overviews has the weakest freshness bias of the three, which tracks with the fact that it leans on traditional ranking signals. So the leverage is uneven, but the direction is the same everywhere: **old loses to new when the answer is otherwise a tie.**

## The part that actually stung: the date trick backfired

My first instinct was the lazy one. If freshness is a signal, I will just bump the `dateModified` field, redeploy, and reclaim my citations without rewriting anything. I genuinely believed this would work for about an afternoon.

It did not. Worse, it seemed to do active harm. The engines can tell when the body text has not changed. If the timestamp says "updated yesterday" but the actual words are identical to last quarter, the page reads as stale *and* dishonest. You get the worst of both: no freshness credit, and a small ding to the trust that made you citable in the first place. Changing the date without changing the content is the SEO equivalent of putting a new "best before" sticker on the same old milk. The carton knows.

What actually moved the needle was boring and real: I rewrote 10 to 15 percent of the page. New 2026 numbers replacing the 2025 ones. A fresh example I had actually run. A paragraph cut because the tool it described no longer existed. Adobe's LLM Optimizer recommends exactly this cadence, [refreshing 10 to 15 percent of page content on a schedule](https://www.quattr.com/blog/content-freshness), and SurferSEO's data backs the threshold: below it, the engines detect no real change and keep treating the page as old.

## A refresh cadence I can actually keep

The trap in all of this is turning your blog into a treadmill where you re-edit everything forever. That is not sustainable, and most of your pages do not need it. So I stopped treating freshness as a sitewide chore and started treating it as a triage problem. Different pages run on different clocks:

- **Commercial and high-traffic pages**: every 60 to 90 days. These are the ones competing in crowded answer spaces where a tie goes to the freshest source.
- **Evergreen guides and pillar content**: roughly every 6 months. Substantial, not cosmetic.
- **Reference and definition pages**: once a year is fine. "What is a webhook" does not change, and the engines know it.

This tiering comes straight out of the freshness research, and it is the single thing that made the workload survivable. I keep a tiny spreadsheet: page, tier, last *real* update. When a page is overdue, it goes on the list. When I refresh it, I am refreshing content, not the clock.

If you want the larger operating model this fits into, I lean on the continuous-operation framing in the [LLMO Framework](https://llmoframework.com), which treats refresh cadence as a maintenance phase rather than a launch-day task. The setup work (structured data, llms.txt) is phase one and you do it once. The freshness loop is the phase nobody warns you about, and it never ends.

## What I would tell my one-month-ago self

Three things, in order of how much regret they saved me.

First, **freshness is an input, not a vanity metric.** It sits upstream in the retrieval filter, deciding what even gets considered. All the snippability in the world does not help a page that never makes the shortlist because three newer sources answered the same question.

Second, **never touch the date without touching the words.** It does not fault gracefully. The downside is real and the upside is zero.

Third, **the thing AI cannot fake is the thing worth refreshing.** When I update a page, the highest-value addition is almost always a result I personally measured: a number from my own logs, an experiment that broke in an interesting way. Generic prose ages into noise. First-hand experience is the part an engine keeps coming back for, because it cannot generate it from anywhere else.

I still ship the schema. I still maintain the llms.txt. But I stopped thinking of LLMO as a thing you finish. It is a thing you keep warm. My once-stale page is back in rotation now, not because I out-clevered the algorithm, but because I fed it something it had not seen before.

If you want the full playbook for getting cited in the first place, from llms.txt and JSON-LD to citation-rate KPIs, I wrote a field guide for exactly that: [Why ChatGPT Ignores Your Website](https://kenimoto.dev/books/llmo-ai-search-optimization?utm_source=kenimoto-dev-blog&utm_medium=article&utm_campaign=ai-search-rewards-freshness).

---

# I Let My Claude Code Agent Run for 24 Hours. The $400 Bill Was the Least Scary Part.

URL: https://kenimoto.dev/blog/autonomous-agent-24-hours-security-lessons/
Lang: en
Date: 2026-05-08
Description: I read 'autonomous AI agents' and turned off every permission prompt for a day. Here is the OWASP Agentic Top 10 lesson plan I got back, written in incident reports instead of bullet points.

I read a stack of posts about "autonomous AI agents," opened Claude Code, passed `--dangerously-skip-permissions`, and let it run for twenty-four hours.

The Anthropic API bill came to about $400. That was the line item I felt the most relaxed about.

Three other things happened in the same twenty-four hours, and any one of them would have made a worse blog post than the bill: a near miss on a `.env` commit, an unsolicited `rm -rf` that someone smarter than me had already warned the internet about, and a Claude Skill I had installed two weeks earlier turning out to be one of the typosquatted ones from the ClawHavoc incident.

This post is the field report. If you have ever read about "autonomy" and treated it as a synonym for "set and forget," I hope you read this before your first 24-hour run instead of after.

## The setup, briefly

I gave Claude Code a real task: triage and fix the backlog on a side project, write tests, open PRs, the whole thing. I disabled permission prompts. I installed three Skills from the public marketplace. I left the laptop running and went to bed.

I want to be clear about what I was doing, because the framing matters. I was not running an arbitrary script with sudo. I was running an LLM agent with file write, shell exec, and network access, against a directory that contained:

- a working repo with my real GitHub credentials in `~/.config/gh`
- a `.env` from a different project I had `cd`'d through that morning
- an SSH key I had been meaning to move out of the home directory for two years

The agent was scoped, in theory, to the project directory. The agent's tools, in theory, were limited to what the Skills declared. I trusted the configuration the way I trust the airline safety card.

## What broke, in the order it broke

### 1. The Skill from a name I almost recognized

About forty minutes in, the agent installed a Skill called `@clawhub/docker-managr` to handle a Dockerfile change. It looked fine. The previous month I had used `@clawhub/docker-manager`. One letter off. The kind of thing your eyes correct for you.

The Skill's first action was to read the project for "configuration files." Its second action was an HTTP POST to a server I did not own. The two were related.

I caught it because I had logged outbound traffic from my dev machine for unrelated reasons. The agent did not catch it. The Skill's manifest declared the network call as "telemetry."

If you have not read the [Koi Security writeup of the ClawHavoc incident](https://genai.owasp.org/resource/owasp-top-10-for-agentic-applications-for-2026/), 341 typosquatted Skills were published to ClawHub in early 2026, and a Snyk audit found 36% of them shipped with prompt injection or exfiltration payloads. I had read it. I had filed it under "things that happen to other people."

This is OWASP Agentic risk **ASI04: Supply Chain Vulnerabilities**. The fix is not to read more posts about ClawHavoc. The fix is to pin Skill versions, audit manifests for network calls, and treat any package name that is one keystroke off a popular one as guilty until proven innocent.

### 2. The rm -rf that almost was

Around hour eleven, the agent decided some `node_modules` directories were stale and ran `rm -rf` on them. Specifically, on `$PROJECT_DIR/node_modules`. Specifically, with a variable that, due to a tool result it had misread, had unhelpfully gone empty.

`rm -rf  /` (extra space, empty variable) is the same documented incident from December 2025 that briefly made the rounds when Claude wiped someone's home directory. Anthropic [published their sandboxing research](https://www.anthropic.com/engineering/claude-code-sandboxing) about it. It was a known failure mode by the time I ran my experiment.

I caught it because I had `safe-rm` aliased and the prompt tripped on `/`. I caught it. The agent would not have. The Skill running the command did not validate the path.

This is OWASP **ASI05: Unexpected Code Execution**. Or **ASI02: Tool Misuse**, depending on which way you squint. The fix is sandboxing, not vibes. Run the agent inside a container with `--network none` for offline tasks. Mount only the directories it should touch. Anthropic's own [auto mode](https://www.anthropic.com/engineering/claude-code-auto-mode) was built specifically because YOLO mode was producing too many of these. Use it.

### 3. The .env that almost made it to GitHub

I will keep this one short because it is the most embarrassing.

The agent decided a config file from a sibling project would be useful "context" for the README it was writing. It read the file. The file was a `.env`. The README it was writing got committed to a public repo. The README contained a code block fenced as `env`. The code block contained a real API key.

Pre-commit hooks caught it. Pre-commit hooks I had set up six months ago for an unrelated reason. If those hooks had been off, the key would have been on GitHub for ninety seconds before push protection spotted it, which is ninety seconds longer than I want any API key on GitHub.

This is **ASI04: Supply Chain** again, plus **ASI03: Identity and Privilege Abuse**. The agent did not exfiltrate the key on purpose. It exfiltrated it as a helpful illustration. The fix is `.clawignore`, `.agentignore`, or whatever your framework calls the file that says "do not look at these even if you think it would help." Mine looked like this:

```bash
# .clawignore
.env
.env.*
*.pem
*.key
credentials.json
secrets/
~/.ssh/
~/.config/gh/
```

Yes, you can put paths above the project root. Your agent will respect them by convention. Nothing in the OS forces it to. That is why sandboxing comes first and ignore files come second.

## The cost number, since I promised

For completeness:

| Item | Cost |
|---|---|
| Anthropic API (Claude Sonnet 4.6, 24h) | $387 |
| Container infra | $4 |
| One narrowly avoided GitHub support ticket | priceless |

The bill was high because I was not using prompt caching. With Sonnet 4.6 at $3/$15 per million tokens and [cache reads at 10% of standard input price](https://www.anthropic.com/claude/sonnet), the same run would cost roughly $90 today if I were doing it deliberately. The actual lesson is that the cost of the API call is bounded and the cost of the credential leak is not.


## What "autonomous" actually means

Here is the line I want to leave with you. Autonomy and "no human in the loop" are not the same thing, and the difference is the entire OWASP Agentic Top 10.

[OWASP released the 2026 Top 10 for Agentic Applications](https://genai.owasp.org/resource/owasp-top-10-for-agentic-applications-for-2026/) in December 2025. The categories are not abstract risks. Three of them happened to me in one night:

- **ASI01: Goal Hijacking** -- did not happen, but only because the Skill author was lazy
- **ASI02: Tool Misuse** -- yes (rm -rf with empty variable)
- **ASI03: Identity & Privilege Abuse** -- yes (.env read across project boundary)
- **ASI04: Supply Chain** -- yes (typosquat Skill)
- **ASI05: Unexpected Code Execution** -- yes (the rm again, depending on framing)

If you want to defend against this list, "trust the agent" is not a position. The defaults that ship with Claude Code already require explicit permission for writes and shell calls. I had turned them off. The mistake was the part where I did that.

## What I do now (the boring part that actually works)

I still let the agent run for long stretches. I just stopped pretending I had given it autonomy. I gave it a leash with three clips on it.

**Sandbox first.** The agent runs inside a Docker container. Mounts are explicit. `--network none` for tasks that do not need the internet. When network is needed, it goes through an egress proxy with an allowlist. This sounds heavy. It takes about an hour to set up once and saves you the rest of your life.

**Skill audits, not Skill stars.** Before installing a Skill, I read the manifest for declared tool calls and network destinations. Star count is irrelevant. The ClawHavoc Skills had stars. If the Skill needs network access, I want to see why, in plain English, in the manifest. NEMOClaw's input/output guardrails handle most of this if you do not want to read every manifest by hand:

```yaml
# nemoclaw config
guardrails:
  input:
    - prompt_injection_detection: true
    - pii_detection: true
  output:
    - harmful_command_block: true
    - secret_masking: true
```

**Auto mode beats YOLO mode.** Anthropic's [auto mode](https://www.anthropic.com/engineering/claude-code-auto-mode) is the right primitive. It reduces permission prompts the same way YOLO does, but it gates the dangerous ones (file deletion outside the project, network calls to non-allowlisted hosts, shell exec patterns matching known footguns). Their numbers say [sandboxing reduces prompts by 84%](https://www.anthropic.com/engineering/claude-code-sandboxing), and that is roughly what I see in practice. The cost is the eight prompts a day that could have ruined my week.

**Pre-commit hooks, again.** [git-secrets](https://github.com/awslabs/git-secrets), [trufflehog](https://github.com/trufflesecurity/trufflehog), or whatever your team uses. The agent will eventually try to commit something it should not. The hook is the second line of defense after the ignore file is the first. There is no third line. Treat the third line as "GitHub support."

If you stack those four, the agent can run for a long time without breaking anything you cannot reverse. You give up the fantasy of total autonomy. You keep the actual benefit, which is uninterrupted work on tasks scoped to a directory.

## The line I keep coming back to

The reason the $400 bill was the least scary part is that the bill is recoverable. You can read it, you can argue with it, you can pay it. None of that is true for the credentials. The credentials, once they leave the laptop, do not come back.

I read about autonomous agents and assumed the headline was the autonomy. It turns out the headline is the [Top 10 list](https://owasp.org/www-project-agentic-skills-top-10/) the OWASP working group spent a year writing. The autonomy was easy. Securing the autonomy is the project.

If you are reading this before your first 24-hour run, the right framing is not "what tasks should I let the agent do." The right framing is "which OWASP item would my current setup catch." If the answer is "I am not sure," sandbox first, then run the experiment.

I went into 24 hours expecting to learn about agent capability. I came out with a checklist. The checklist is more useful than the capability.

## Related reading on this site

- [Claude Code Skills as a reusable workflow pattern](https://kenimoto.dev/blog/claude-code-skills-reusable-workflow-pattern) -- where the Skill marketplace fits in
- [Claude Code vs ChatGPT Codex: the official agents compared](https://kenimoto.dev/blog/claude-code-vs-chatgpt-codex-official-agents) -- if you are still picking your harness
- [I stacked 4 more context layers on top of RAG. The improvement was 12%](https://kenimoto.dev/blog/full-context-engineering-rag-80-percent) -- on the related instinct to add things that do not pay rent

---

# I Rank #1 on Google. On Brave I'm Page 5. My Own AI Agents Can't Find Me.

URL: https://kenimoto.dev/blog/brave-invisible-to-ai-agents/
Lang: en
Date: 2026-06-10
Description: I optimized my blog for Google for years and it worked. Then I noticed my AI agents search Brave, not Google, and on Brave my best article is buried on page 5. Here is why that gap quietly makes you invisible to AI.

I have an article that ranks #1 on Google for its target query. Position one, above the fold, the SEO equivalent of a parking spot right by the door. I was proud of it. I had earned it the boring way: clean headings, internal links, a year of patience.

Then I searched for the same query on Brave. My article was on page 5. Page five. The place URLs go to die unmourned, somewhere below a forum thread from 2019.

The part that actually stung came a few minutes later. I asked Claude Code, running in my own terminal, to research that exact topic and cite good sources. It came back with three links. None of them were mine. My agent, which I built, which runs on my machine, could not find the article I wrote. It was searching Brave. And on Brave, I do not exist.


## Google and Brave are not looking at the same web

The instinct here is to assume Brave is just a smaller, scrappier mirror of Google. It is not. Brave runs its own index, built from a completely separate crawl, with its own ranking logic. When I say my page is #1 on one and page 5 on the other, I am not describing a glitch. I am describing two different maps of the web that happen to share a planet.

Brave's index is real infrastructure, not a side project. It covers [over 40 billion pages and refreshes more than 100 million of them daily](https://brave.com/blog/most-powerful-search-api/), fully independent of Google and Microsoft. The interesting part is how it stays fresh. A chunk of its signal comes from the Web Discovery Project: tens of millions of Brave browser users who opt in to share anonymous data about which pages they actually visit. So instead of ranking purely on backlinks and the usual SEO machinery, Brave leans on pages humans genuinely land on.

Which, when I think about it, explains my page 5 problem with uncomfortable precision. My article ranked on Google because I optimized it for Google's machinery. It ranked nowhere on Brave because I had never once asked whether Brave's separate index had even noticed it existed. I had been studying for the wrong exam and getting an A on it.

## Why a search engine I never use decides whether AI can find me

Here is where it stops being a curiosity and starts being a problem with my paycheck attached.

In May 2025, Microsoft announced it was retiring the Bing Search API, and it [shut down for good on August 11, 2025](https://learn.microsoft.com/en-us/lifecycle/announcements/bing-search-api-retirement). For years, a huge slice of AI tools and third-party search services ran on Bing's API under the hood. When it went dark, the replacement was not obvious. Google does not open its real web index to developers for grounding or RAG; its Programmable Search Engine is built for a narrower job. The scraper-based APIs (Tavily, Exa, and friends) ultimately depend on indexes they do not own, which means they inherit someone else's blocking, pricing, and terms-of-service risk.

That left exactly one independent commercial web-search API at scale: Brave. Brave's own chief business officer described the shift as making theirs ["the only independent search API in the market at scale,"](https://brave.com/blog/most-powerful-search-api/) and for once the marketing line is just describing the terrain.

So follow the chain. AI coding agents need web search. The independent web-search API they can actually buy is Brave's. Therefore the agents search Brave. [Cursor, Cline, and Windsurf all use Brave for web lookups](https://brave.com/search/api/tools/), Anthropic shipped Brave Search as one of the first Claude MCP demo servers, and as of April 2026 Brave is the [default web search provider for OpenClaw](https://api-dashboard.search.brave.com/documentation/services/llm-context). The top AI companies by usage all touch Brave Search at training or inference time.


Put plainly: Brave's index is the front door for a growing share of AI agents. If your content is not in that index, or it is in there on page 5, those agents will never hand it to a user. You can be the #1 result on Google and still be functionally invisible to the tools engineers actually use to research things. I was. On my own laptop.

## The LLM Context API reads structured data first, and most of us never gave it any

In February 2026 Brave shipped its LLM Context API, and it changes what "being indexed" even means. The old web-search API returned what humans need: a title, a URL, a snippet to click. The LLM Context API returns what a model needs: pre-chunked, ranked pieces of content ready to drop into a prompt. It is [already powering over 22 million answers per day](https://brave.com/blog/most-powerful-search-api/) inside Brave Search itself.

The detail that should make every blog owner sit up is in the extraction step. When the API pulls content from your page, it [preserves JSON-LD schemas and tables with row-level granularity, and it prioritizes that structured data during extraction](https://thesearchsignal.com/brave-search-llm-ready-endpoints/). One write-up put it bluntly: it is not optional anymore.

So if your page ships clean `TechArticle` or `FAQPage` JSON-LD, the API can lift your author, your headline, your published date, and your key claims out cleanly and feed them straight to the model. If it ships a wall of `<div>` soup with the real answer buried in paragraph nine, the API has to work harder and your page loses to one that did the structuring for it. Schema stopped being a nice-to-have for Google rich snippets. It became the format your content gets read in.

And before this sounds like I am about to tell you the biggest model wins, Brave published a benchmark that says the opposite, which is the most encouraging thing I have read all year.

## "Data quality beats model performance" is now a measured result, not a vibe

Brave ran a pairwise evaluation over 1,500 queries, judged by Claude Opus and Sonnet acting as graders, with each pair scored in both orders to cancel out position bias. The headline: their "Ask Brave" answer engine, running on the open-weight Qwen3 model, beat both ChatGPT and Perplexity on answer quality.

Let that land. An open-weight model you can download for free out-scored two of the most heavily funded AI products on the market. The variable was not parameters or training budget. It was the quality of the grounding data fed into the model at answer time.

For a content creator this is the rare benchmark that is actually good news for the little guy. It means the thing under my control, the structure and clarity of what I publish, is the lever that moves AI answers. Not the size of someone's GPU cluster. If clean, well-structured grounding data can make a small open model beat ChatGPT, then clean, well-structured pages are not a tax I pay for tidiness. They are the whole game.

This is the part I keep coming back to with the LLM Framework work I've been building over at [LLMO Framework](https://llmoframework.com), which I treat as the canonical playbook for the index-side fixes: it formalizes exactly this, that you optimize the data you hand the model, not the model. Brave's benchmark is the cleanest external proof of that idea I have found.

## What I actually did about my page 5 problem

Diagnosis first, because it costs nothing and it is humbling in a useful way.

1. **Search yourself on Brave.** Go to [search.brave.com](https://search.brave.com) and run your own article titles and target queries. Compare the result to Google. The first time I did this I found three of my "top-ranked" posts nowhere in Brave's first few pages, and one post Google had buried sitting near the top on Brave. The two indexes disagree more than you would believe until you look.
2. **Ask an agent to find you.** Open Claude Code or any Brave-backed tool, ask it to research your topic and cite sources, and see if your URL shows up. This is the real test, because it is the exact path a reader-via-agent would take. Mine failed it. That failure is the whole reason this article exists.
3. **Ship JSON-LD, server-rendered.** Add `TechArticle` and `FAQPage` schema with your author, headline, date, and description, and make sure it renders server-side so the crawler and the LLM Context API actually see it. Client-injected schema that only appears after JavaScript runs is schema the index never reads.
4. **Structure for extraction.** Clean heading hierarchy, real `<table>` elements for comparisons, fenced code blocks for anything technical. The LLM Context API pulls these out with row-level and block-level precision. Give it clean blocks and you get extracted cleanly; give it mush and you get skipped.

None of this is exotic. It is mostly the hygiene I had skipped because Google rewarded me anyway and I let "ranks #1" paper over "structured like 2014." The Brave index does not grant that grace.

## The uncomfortable summary

For years "rank on Google" was a complete sentence. It is now a partial one. Google still owns roughly 90% of human search, so SEO is not dead and I am not telling you to torch it. But human search and agent search now run on different rails, and the agent rail increasingly runs through Brave. Optimizing only for Google buys you nothing on the index that AI tools actually query.

The fix is not a growth hack. It is going to Brave, searching for yourself, watching an agent fail to find you, and then giving Brave's index the structured, clean, extractable content it rewards. I ranked #1 on Google and still could not get my own agent to cite me. Fixing that started with admitting the search engine I never use had been quietly grading my homework the whole time.

---

**Want to go deeper?** If you want the full implementation playbook for AI search visibility, including the Brave-side index work, JSON-LD patterns, and why ChatGPT keeps ignoring perfectly good pages: [LLMO Practical Guide: Why ChatGPT Ignores Your Website](https://kenimoto.dev/books/llmo-ai-search-optimization?utm_source=kenimoto-dev-blog&utm_medium=article&utm_campaign=brave-invisible-to-ai-agents).

---

# The Cheap Model That Won: Why Context Beats Parameters

URL: https://kenimoto.dev/blog/cheap-model-won-context-beats-parameters/
Lang: en
Date: 2026-04-30
Description: Haiku + RAG scored 11.8. Sonnet alone scored 5.3. The cheaper model more than doubled Sonnet's score, at 1/12th the cost. Here's why context design matters more than model size.

I spent months assuming bigger models meant better results. Then I ran an experiment that made me feel like I'd been tipping 200% at a restaurant where the food was worse.

Claude Haiku with RAG scored **11.8**. Claude Sonnet alone scored **5.3**. The cheap model more than doubled Sonnet's score. At one-twelfth the cost.

This post is about that experiment, why the results make sense, and what it means for how you should design AI systems.

## The Experiment

I was building evaluation benchmarks for a context engineering book when I noticed something odd. My test suite measured how well different model configurations answered domain-specific questions. The scoring was simple: accuracy, completeness, and relevance on a 0-15 scale.

Here's what the numbers looked like:

**Claude Sonnet (2025 pricing: $3/$15 per 1M tokens)**
- Zero context: **5.3**
- Full context engineering: **11.4**
- Improvement: 2.15x

**Claude Haiku (2025 pricing: $0.25/$1.25 per 1M tokens)**
- Zero context: **2.2**
- RAG only: **11.8**
- Full context engineering: **10.1**
- RAG improvement: 5.36x

Read that again. Haiku with RAG didn't just close the gap with Sonnet. It passed Sonnet. By a wide margin.


## The Math That Should Change Your Architecture

Let me put this in terms your CFO will understand.

Assuming a 1:1 input/output ratio, the average cost per million tokens:
- Haiku: ($0.25 + $1.25) / 2 = **$0.75**
- Sonnet: ($3.00 + $15.00) / 2 = **$9.00**

Sonnet costs 12x more. Even after adding RAG overhead (vector search, extra tokens for retrieved context), Haiku + RAG comes in around $1.13 per million tokens. That's still 8x cheaper.

Now let's calculate ROI (performance per dollar):
- Haiku + RAG: 11.8 / $1.13 = **10.44**
- Sonnet zero context: 5.3 / $9.00 = **0.59**

Haiku + RAG delivers **17.7x the ROI** of naked Sonnet.

Here's a real-world projection. Take a service running 1,000 queries per day with 2,000 input tokens and 500 output tokens per query:

| Configuration | Cost/Query | Monthly Cost |
|---------------|-----------|-------------|
| Sonnet (zero context) | $0.0135 | $405 |
| Haiku + RAG | $0.0024 | $71 |
| **Savings** | | **$334/month (82%)** |

And the cheaper option performs better. This isn't a tradeoff. It's a free lunch. (The only free lunch I've found in engineering, and I've been looking for a while.)

## This Isn't Just an Anthropic Thing

The pattern holds across providers. OpenAI's GPT-4.1 mini now matches or beats GPT-4o on many benchmarks, at 83% lower cost. Google's smaller Gemini variants show similar patterns when paired with good retrieval.

The 2025 LaRA benchmark studied 2,326 test cases across eleven LLMs and found that the optimal choice between RAG and long-context depends on model capabilities, task type, and retrieval quality. But the consistent finding was this: a well-designed retrieval pipeline can close the gap between model tiers.

The industry is quietly converging on the same conclusion. There's a reason most production SaaS products run on small models. It's not just about saving money. It's because small model + good context is genuinely competitive with large model + no context.

## Why Context Beats Parameters

Think about it with a hiring analogy.

You have two candidates for a specialized role:
- **Candidate A**: Brilliant generalist from a top university. Knows a lot about everything. Expensive.
- **Candidate B**: Solid engineer from a state school. You hand them a complete briefing packet: the codebase, the architecture docs, the last three incident reports, the customer feedback.

Candidate B outperforms Candidate A. Not because B is smarter, but because B has the right information at the right time.

That's what RAG does for a small model. It compensates for fewer parameters by providing exactly the knowledge needed for the task. The model doesn't need to "know" everything. It just needs to know what's relevant right now.

There's a formula hiding here:

**Performance = Model Capability x Context Quality**

A large model with zero context is running on vibes. A small model with targeted context is running on data. Data wins.

## When Big Models Still Win

I'd be lying if I said small models always win. They don't. Here's when you should reach for the bigger model:

**Complex reasoning chains.** Tasks requiring 5+ logical steps where each step builds on the previous one. Larger models hold more in working memory.

**Novel creative synthesis.** When you need the model to connect ideas that don't appear together in your retrieval corpus. You can't RAG your way to genuine insight.

**Safety-critical applications.** Healthcare, legal, financial decisions where the cost of a wrong answer dwarfs the cost of the API call.

**Low-volume, high-stakes queries.** If you're making 10 queries a day and each one matters, the cost difference is negligible. Use the best model.

Here's my decision heuristic:

1. Start with the smallest model that can follow your instructions
2. Add context (RAG, few-shot examples, structured prompts)
3. Measure performance against your actual success criteria
4. Only upgrade the model if context alone can't get you there

Most teams skip steps 2 and 3. They jump straight to "use the biggest model" and wonder why their AI budget looks like a phone number.

## The 2026 Pricing Reality

Model pricing keeps shifting. As of April 2026, Anthropic's lineup looks like this:

| Model | Input | Output | Relative Cost |
|-------|-------|--------|--------------|
| Haiku 4.5 | $1.00 | $5.00 | 1x |
| Sonnet 4.6 | $3.00 | $15.00 | 3x |
| Opus 4.6 | $5.00 | $25.00 | 5x |

Even though Haiku 4.5 costs more than the Haiku 3 I used in my experiment, the ratio still holds. The cheapest model is 3-5x less expensive than its bigger siblings. And the gap between models has actually narrowed in capability, making the "small model + context" strategy even more attractive.

On the OpenAI side, GPT-4.1 mini and nano continue the trend. Nano scores 80.1% on MMLU (higher than GPT-4o mini), handles 1M token context, and costs a fraction of GPT-4o. The era of "big model or bust" is over.

## What This Means for Your Architecture

If you're designing an AI system today, here's the practical takeaway:

**Invest in context, not model size.** Every dollar spent on better retrieval, cleaner data, and smarter prompt construction returns more than the same dollar spent on a bigger model.

**Benchmark on your actual task.** Generic benchmarks are marketing materials. Your task is specific. Your data is specific. Measure what matters to you.

**Run the migration math.** If you're on a large model today, calculate what it would cost to move to a small model + RAG. The 82% cost reduction in my example isn't unusual.

**Build the pipeline first.** RAG infrastructure, embedding pipelines, and prompt templates are reusable across model upgrades. The context layer is an asset. The model is a commodity.

I started this project thinking context engineering was about making good models better. I was wrong. Context engineering is about making any model good enough. The model is the chef. The context is the recipe, the ingredients, and the kitchen. A decent chef with a great kitchen beats a celebrity chef standing in an empty room.

Before you upgrade your model, upgrade your context. Your budget (and your benchmarks) will thank you.

---

## Want to go deeper?

The complete Context Engineering system — 5 strategies, RAG benchmarks (4.6× quality lift), MCP server design, Agentic RAG implementation — is in **[Turning LLMs from Liars into Experts: Context Engineering in Practice](https://kenimoto.dev/books/context-engineering)**.

---

# I Plugged Claude into a Chaos Engineering MCP Server. It Killed Staging 4 Times Before Finding a Bug We'd Missed for 6 Months.

URL: https://kenimoto.dev/blog/claude-chaos-engineering-mcp-killed-staging-4-times/
Lang: en
Date: 2026-05-16
Description: Steadybit shipped the industry's first chaos engineering MCP server in mid-2025. I plugged Claude Code into it and asked for resilience experiments on payment-service. Claude proposed 4 of them. Three came back green. The fourth took staging down completely, and surfaced a real production bug we'd been missing for half a year. Here's the run, the bug, and the 3 guardrails I now require before letting any AI design chaos experiments.

Every experiment in this post ran in staging. Production was double-locked: a `## Chaos Rules` block in CLAUDE.md forbidding production targets, and a `PreToolUse` hook that exits 2 if `--env=production` shows up in any chaos command. I'll show both at the end. The point of saying this upfront is that "I let Claude design chaos experiments" is the kind of sentence people read sideways. The TL;DR is: staging only, twice-locked, and the whole exercise was supervised end to end.

With that out of the way: Steadybit released what is widely described as the first chaos engineering MCP server in mid-2025. I plugged Claude Code into it and asked, in a single sentence, to design experiments that test `payment-service`'s resilience under connection-pool stress. Claude proposed four of them. Three came back without an SLO breach. The fourth took staging down completely. When I traced the failure, it wasn't a contrived test bug. It was a real production pattern that had been flickering in our logs for 6 months and that we had never been able to reproduce: pool exhaustion → retry storm → rate limiter self-DoS. Here is the run, the bug, and the three guardrails I now require before letting any AI design chaos experiments.

This is the 6th post in what's become an AI-harness series running since 5/12: sub-agents, voice AI, three-role separation, debugging gear, and now chaos. Each post is meant to stand on its own, so if you want only the chaos chapter, you don't have to read the previous five. The earlier autonomous-agent post belongs in the same family, since it's the other "I let AI run for X hours" experiment I've published: [autonomous agent, 24 hours, security lessons](https://kenimoto.dev/blog/autonomous-agent-24-hours-security-lessons).


## The Steadybit MCP hookup, in one paragraph

Steadybit announced what they describe as the first MCP server for chaos engineering on June 18, 2025 ([Steadybit news post](https://steadybit.com/news/steadybit-launches-the-first-mcp-server-for-chaos-engineering-bringing-experiment-insights-to-llm-workflows/), [BusinessWire 2025-06-30](https://www.businesswire.com/news/home/20250630606346/en/Steadybit-Launches-the-First-MCP-Server-for-Chaos-Engineering-Bringing-Experiment-Insights-to-LLM-Workflows)). MCP is the open Model Context Protocol Anthropic published in late 2024: a standard way for an LLM client (Claude, Gemini, ChatGPT) to call into an external tool with structured types instead of free-text scraping. The Steadybit MCP server exposes their experiment catalog, past experiment results, post-mortems, and a "design new experiment" tool. Plug Claude Code or Claude Desktop into it, point both at the same staging Kubernetes context, and you can write `"design a connection-pool stress experiment for payment-service"` in your terminal and get back a parameterized experiment spec, ready to approve.

The setup is plumbing. The interesting question is what happens when you actually run what comes out the other side.

## AI-driven chaos in 2026: the four players I actually compared

Before I trusted the run, I wanted to know what the rest of the field looked like. Four players currently matter and they each pick a different lever.


**Krkn-AI** is the Red Hat + IBM Research open-source framework that puts a genetic algorithm in charge of the search. It generates experiment parameters, evaluates each one against your SLOs (latency, error rate, availability), scores them, evolves the best, and repeats. The point is to find the "barely-violating" combinations: the experiments that take a 99.9% SLO down to 99.85%, not the ones that obviously break everything. Those are the dangerous, hard-to-reproduce failures. Red Hat's writeup is on the [Red Hat Developer site](https://developers.redhat.com/articles/2025/10/21/krkn-ai-feedback-driven-approach-chaos-engineering), and the code lives at [krkn-chaos/krkn-ai](https://github.com/krkn-chaos/krkn-ai).

**Harness AI** shipped its GenAI-assisted chaos features in January 2025, then added [MCP tools](https://developer.harness.io/docs/chaos-engineering/guides/ai/mcp/) that work with Claude Desktop, Windsurf, Cursor, and VS Code. The pitch is "describe what you want in English, get a parameterized experiment, run it from the chat box." It's the path with the least learning curve if you're already in the Harness ecosystem.

**Steadybit** is the one I used here, first to ship a dedicated chaos MCP server in June 2025. The differentiator is access to the experiment history: the LLM doesn't just design new experiments, it can read your past runs and post-mortems and ground its suggestions in your specific incident history.

**Dynatrace** runs the play from the opposite direction. Its AI engine learns the system's normal behavior and predicts when a current pattern matches the lead-up to a past incident. Instead of you proposing a hypothesis to test, the platform tells you which subsystem deserves chaos attention next.

If you only run one experiment a quarter, Dynatrace's prediction angle is overkill. If you have a research team and Kubernetes, Krkn-AI's genetic search is the deepest. If you already live in Harness or Steadybit, the MCP angle removes the dashboard tax. The four don't really compete: they layer.

## The four experiments Claude proposed

Back to the actual run. The prompt was one sentence. The response was a numbered list of four experiments, each with a target service, a fault type, a magnitude, a duration, a rollback SLO, and a blast radius. I'll paraphrase rather than paste verbatim, because the real spec was YAML and the LLM-readable structure isn't the interesting part. The experiment design is.

**Experiment 1 — 30% pool reduction, 3 minutes, single pod.** Cut the connection-pool max from the configured 100 down to 70 on one `payment-service` replica. SLO gate: error rate must stay under 1%. Outcome: green. Latency rose ~12% but error rate stayed at 0.2%, well inside the gate. The other replicas absorbed traffic. This is the experiment a human SRE would have proposed first.

**Experiment 2 — 50% pool reduction with default retries, 3 minutes, two pods.** Same fault, deeper magnitude, two replicas instead of one, with the client library's default retry-on-failure behavior left enabled. SLO gate: error rate under 1%, p99 latency under 800 ms. Outcome: green again. Latency went to ~640 ms p99, error rate to 0.4%. Still inside the gate. The retry layer caught the pool pressure.

**Experiment 3 — 70% pool reduction with shortened request timeouts, 3 minutes, two pods.** Now the timeout dropped from 5 s to 1.5 s while the pool was cut to 30. The hypothesis was: under high pressure, do short timeouts actually help by freeing connections faster, or do they hurt by chopping requests mid-work. Outcome: still green, surprisingly. Error rate 0.7%, latency p99 down to ~520 ms because slow calls were dropped early. I almost stopped here. Three greens in a row felt like proof of resilience.

**Experiment 4 — 90% pool reduction with retries left unbounded, 5 minutes, three pods.** This is the one. Pool down to 10 connections per pod, retry budget effectively unlimited (the default on this client when not overridden in config), three replicas hit at once. SLO gate: error rate under 1%. Outcome: not green. Inside the first 90 seconds, error rate went vertical from 0.5% to 23%, p99 latency from 200 ms to 14 seconds, and the staging environment became unreachable from the upstream gateway. Steadybit auto-rolled back at the 1% SLO breach, but by then the damage was a fully wedged service.

The first three green results were not proof of resilience. They were proof that the blast radius was small enough to absorb the pressure. The fourth experiment widened the blast just past the point where the system could absorb, and the underlying pathology came out.

> I told Slack the staging incident was "planned." The on-call engineer didn't laugh. He pointed out that the post-mortem channel was still pinned to last quarter's outage. I let him pin a new one.

## The bug we'd been missing for 6 months

I expected the staging failure to be a staging quirk: wrong env var, weird sidecar, a timing thing that doesn't repro in prod. I traced it anyway. The chain was three pieces, each individually documented and individually fine, that compounded.

**Piece 1 — connection pool exhaustion.** With pool max at 10 and three pods under steady traffic, every incoming request that needed a fresh connection waited or failed. Standard. Nothing surprising.

**Piece 2 — unbounded retries on the calling service.** The upstream service that called `payment-service` had retries enabled with no upper bound on attempts, only on time-per-attempt. When `payment-service` started returning pool-exhausted errors, the caller retried. Each retry opened a new TCP connection, which queued behind the pool, which timed out, which triggered another retry. Three retries became nine, became twenty-seven. Within seconds, the caller's outbound concurrency was an order of magnitude above its normal baseline.

**Piece 3 — the caller's own rate limiter.** This is the part that took me half an hour to see. The caller had a self-protective rate limiter on the *outbound* path: "don't let this service issue more than N requests per second to any downstream." During normal operation, N was never close to being hit. During the retry storm, the caller exceeded its own outbound rate limiter and started rejecting its own retries, which the application code interpreted as a downstream failure, which triggered more retries. The caller was DoSing itself, using its own rate limiter as the weapon. The downstream `payment-service` couldn't recover, because new traffic couldn't get through the caller's self-DoS to know that the pool was free again.

When I went back through the production logs for the last 6 months and grepped for the rate-limiter rejection signature on outbound retries from this service, I found 11 events. Each one had been short, between 4 and 90 seconds. Each one had self-resolved before anyone could finish opening the Grafana board, and each one had ended up in our "transient, not actionable" bucket. The pattern was exactly what Krkn-AI's fitness function is designed to find: a failure that lives just past the SLO boundary, brief enough that humans give up looking, real enough to matter.

The fix wasn't glamorous. We capped retries at 2 with jitter, lowered the outbound rate limiter to behave as a circuit breaker rather than a hard reject, and added a metric for the specific sequence (pool-exhaust → retry-spike → outbound-rate-limit-rejection-on-retry) so the next occurrence pages someone instead of self-healing into invisibility.

## The 3 guardrails I now require

I am the person who wrote a post a year ago about [letting Claude run autonomously for 24 hours](https://kenimoto.dev/blog/autonomous-agent-24-hours-security-lessons). I am not anti-autonomy. But "AI designs chaos" without guardrails is the fastest way to kill staging I have personally found. Three things go on every project before I let the MCP server anywhere near a real environment.

**Guardrail 1 — CLAUDE.md owns the policy.** A short block, under twenty lines, that names the prohibitions and the SLO gates.

```markdown
## Chaos Rules

- Chaos experiments must target staging only. Production is forbidden as a target,
  including any cluster, namespace, or service flagged production=true.
- Every experiment must declare an SLO gate (error rate, latency, availability)
  that auto-rolls back the experiment if exceeded.
- Blast radius is staged: start at 10% of pods, escalate to 25%, then 50%.
  Skipping a stage requires human approval in the prompt.
- If three experiments in a row complete green, do not declare resilience.
  Propose a wider blast radius or a new fault type before stopping.

## Chaos Workflow

1. Confirm the target environment is staging. Refuse otherwise.
2. Propose the experiment with declared SLO gate, blast radius, and rollback condition.
3. Wait for human approval in the prompt before invoking the MCP run tool.
4. Stream metrics during the run. On SLO breach, invoke the rollback tool immediately.
5. After the run, write a one-paragraph post-mortem with the result.
```

The hard part of CLAUDE.md is keeping it short enough that it actually loads into context every turn. Anthropic's guidance is to stay under roughly 100–150 lines. Spending 16 of those on chaos rules is a fair trade for not killing staging on day one.

**Guardrail 2 — `PreToolUse` hooks enforce the policy.** CLAUDE.md is the brain. Hooks are the reflexes. The brain can be ignored under load. The reflex cannot.

```json
{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "mcp__steadybit__run_experiment",
        "hooks": [
          {
            "type": "command",
            "command": "node ~/.claude/hooks/block-prod-chaos.js"
          }
        ]
      }
    ]
  }
}
```

The blocking script checks the experiment spec for any production marker. If `env: production`, `cluster: prod`, or `namespace: prod-*` appears anywhere in the payload, it writes the reason to stderr and exits 2 to block the call. This is the bit that saved me at least once. The LLM, mid-conversation, helpfully suggested promoting an experiment "to confirm in prod." The hook said no before the MCP server saw it.

The same hook also confirms the SLO gate is declared with a numeric value and that the blast radius stage matches the previous run's stage plus one. Magic-number-only spec? Blocked. Skip stage 2 of the blast radius? Blocked. The reflex is shaped exactly like the rule.

**Guardrail 3 — the MCP server itself owns the SLO lock.** The third layer is platform-side. In Steadybit (and equivalently in Harness, Krkn, and friends), the experiment configuration takes a `rollback_on` predicate that the platform itself evaluates on metrics in real time. If error rate exceeds 1% for 30 seconds, the platform halts the experiment regardless of what the LLM or the local hook does. This is the only one of the three that survives the LLM and the local agent both being compromised. It's also the one most teams forget to set, because it requires opinions about your SLOs that nobody wants to type into a YAML file. Type them anyway.

A useful test: pick a random teammate, hand them the CLAUDE.md and the hooks file, and ask "could you, with malice, design an experiment that hits production?" If the answer is "yes, by editing CLAUDE.md," the platform SLO lock is what catches them. If the answer is "yes, by removing the hook," the platform SLO lock is what catches them. The three layers are not redundant; they fail in different ways.

The three-role separation pattern I described in an earlier post ([observer, strategist, marketer](https://kenimoto.dev/blog/three-role-separation-observer-strategist-marketer)) maps onto chaos cleanly: CLAUDE.md is the strategist (sets policy), hooks are the observer (catch what happens), and the MCP server is the actor under both. Keeping those layers separate is what stops the AI agent from accidentally being all three.

## Chaos Engineering 2.0: the four streams converging

Pulling back the camera, there's a 2024 review paper titled *Chaos Engineering 2.0: A Review of AI-Driven, Policy-Guided Resilience for Multi-Cloud Systems* ([journal page](https://journals.stecab.com/jcsp/article/view/846)) that argues the modern stack has three pillars: AI planners that design experiments, service-mesh-level injection that doesn't require app code changes, and policy-driven guardrails that enforce blast-radius and SLO discipline. The same paper notes that 89% of surveyed organizations now run multi-cloud, which is the environment where these failure modes (cross-cloud DNS drift, IAM-token-lifecycle mismatches, region-local rate limiters) actually live.

A more recent arxiv paper, [ChaosEater (2025)](https://arxiv.org/abs/2511.07865), takes the next step: a fully LLM-orchestrated chaos cycle, where the model owns experiment design, execution, and analysis subject to policy guardrails. It's the same direction the four products above are walking toward, just from the research side.

The four streams converging (chaos engineering, observability, AI/LLMs, platform engineering) aren't a marketing slide. They're the actual workflow my staging accident sat inside. The chaos engineering provided the experiment. The observability provided the metric stream that flagged the SLO breach in 90 seconds. The LLM provided the experiment design and, later, helped read the log chain that pinned the production bug. The platform engineering (Steadybit + the hooks + CLAUDE.md) kept the blast radius from including production.

Take any one of those four out and the same story ends differently. Without the LLM, no one on the team would have proposed experiment 4. It looked obviously reckless. Without observability, the SLO breach takes minutes to notice. Without policy guardrails, "let's verify in prod" actually happens. Without chaos as a deliberate practice, the bug stays invisible for another 6 months.

## What I'd tell anyone trying this next week

If you want to try the same thing without taking your own staging down at 11pm, here are the things I'd do differently with hindsight.

Start with experiment 1 only, in a single namespace, with the blast radius capped at 10% of pods. Treat the first green as a signal to widen the blast radius, not to declare victory. The interesting experiment is the one that comes just past where the system can absorb.

Write the CLAUDE.md and the hooks before you connect the MCP server. Not after, not in parallel, before. The temptation when you have a shiny new tool is to play with it for an hour and add the guardrails later. That hour is when staging dies. That same hour is also when you have the least patience for writing rules.

Keep the post-run prompts short. "Summarize what failed, the SLO that breached, and the most likely root cause" is enough. Long prompts after an SLO breach pull the LLM toward narrative explanations, which is the wrong mode. You want the LLM in evidence mode, not story mode.

Take the post-mortem habit from chaos and apply it to AI-coding more generally. The reason this post exists is that I had a single page of notes from the 90-second incident, kept in the same form as our normal incident docs. Without that page I'd be writing a vibe blog post. With it, I have a paragraph per piece of evidence and a fix that landed in prod the same week.

AI designs chaos faster than any SRE I've worked with. Without the three guardrails, it kills staging faster too. Strap them on, and you get the version where the LLM finds the bug you've been missing for half a year, and your on-call gets to keep their weekend.

---

The 14-chapter book this post draws from covers the full Krkn-AI / Harness / Steadybit / Dynatrace landscape, Chaos Engineering 2.0, and the operational practices around running chaos in production without making the news.

[Chaos Engineering: A Practical Guide for Modern Distributed Systems](https://kenimoto.dev/books/chaos-engineering-guide)

Related reading from the same harness series:

- [I let Claude run autonomously for 24 hours, then took 24 security lessons](https://kenimoto.dev/blog/autonomous-agent-24-hours-security-lessons)
- [I caught Claude hiding my bug 3 times: 10 debugging habits, as prompts](https://kenimoto.dev/blog/claude-hid-my-bug-three-times-ten-debugging-prompts)
- [9 bugs in my AI pipeline](https://kenimoto.dev/blog/9-bugs-in-my-ai-pipeline)

---

# Claude Code Skills: The Reusable Workflow That Replaced My Commands

URL: https://kenimoto.dev/blog/claude-code-skills-reusable-workflow-pattern/
Lang: en
Date: 2026-05-05
Description: I copy-pasted the same prompt 47 times last month before noticing Claude Code already had Skills. Here's the frontmatter that matters and the migration path.

I copy-pasted the same review prompt 47 times last month. PRs, internal scripts, the README of a side project I was supposed to ship in 2024. The prompt was fine. I was the problem. Claude Code has had a feature for this since late 2025, and I'd been ignoring it because the docs page had a name I didn't understand: **Skills**.

I finally caved when a teammate asked me, "what's the difference between your custom commands and skills?" and I realized I had no idea. So I read the docs, ported my entire `.claude/commands/` directory over, and now my workflow is shorter, sharper, and 100% less copy-paste. Here's what I learned.

## The thirty-second version

A Skill is a `SKILL.md` file inside a directory, plus optional helper files. You drop it in `.claude/skills/<name>/`, and from then on `/<name>` runs that workflow. Same one-letter slash invocation as the old `/commands` style, but Skills carry more weight: they can ship templates, scripts, and examples in the same package, and Claude itself can decide when to invoke them based on the description.

If you've been using `.claude/commands/<name>.md`, your old files **still work**. Anthropic unified the two formats. A file at `.claude/commands/review.md` and a skill at `.claude/skills/review/SKILL.md` both produce `/review`. But new development has moved to skills, and the [GitHub tracking issue](https://github.com/anthropics/claude-code/issues/37447) for full deprecation of `.claude/commands/` is open. The wind is blowing in one direction.

## What changed and why I care

The conceptual jump is small. The practical jump is large.

Custom commands were a single Markdown file. SKILL.md is a Markdown file *plus a directory*. That directory can hold a template Claude is supposed to fill in, a `scripts/` folder of executables Claude is allowed to run, and an `examples/` folder of "this is what good output looks like." Suddenly the workflow stops being a long instructions blob and starts being a tiny package. I can hand a teammate a directory and they get the whole workflow, not just my prompt.


A Skill's directory is the contract. Drop in helpers and they ship with the prompt.


The other change is invocation. With custom commands, *you* typed `/review` and the file ran. With Skills, you can still do that, but Claude can also notice that your message looks like it needs the review skill and pull it in on its own. The `description` field in the frontmatter is what powers that decision. Claude reads every Skill's description at session start and matches against your prompt.

That last bit took me a beat to appreciate. The first time Claude invoked a skill I hadn't asked for, I assumed it had hallucinated a tool. It hadn't. I had written a description that started with "review the current PR" and asked Claude to "review the diff," so it pulled in `review-pr` automatically. That is the entire point.

## The frontmatter, the only part you need to memorize

Everything important about a Skill happens in the YAML frontmatter at the top of `SKILL.md`. The body is just the prompt.

```yaml
---
name: review-pr
description: Review the current pull request. Use when the user asks to review a PR, check a diff, or comment on changes.
allowed-tools: Bash(gh *) Read Grep Glob
---

## Steps

1. Run `gh pr diff` to read the diff.
2. Identify each changed file.
3. For each file, check:
   - Logic correctness
   - Edge cases
   - Test coverage
   - Security issues
4. Post the review as a PR comment.
```

A few things are worth knowing.

**`description` is the decision interface.** Claude uses this string to figure out *whether* to invoke your skill. Lead with the trigger keywords. Don't write "This skill helps with..."; that wastes tokens that should be doing routing work. The description plus `when_to_use` together get capped at about 1,536 characters before truncation, so be brutal.

**`allowed-tools` adds permissions, doesn't restrict them.** This is a footgun I walked into. I assumed `allowed-tools: Read Grep` meant "this skill can ONLY use Read and Grep." It does not. It means "this skill is *additionally allowed* to use Read and Grep without prompting." The user's normal permission settings still apply. There's also an [open bug](https://github.com/anthropics/claude-code/issues/18837) where `allowed-tools` isn't always enforced. Useful context if you were planning to rely on it as a security boundary. (Don't.)

**`disable-model-invocation: true` for anything dangerous.** If the Skill sends a Slack message, deploys a service, or files a refund, you do *not* want Claude deciding to run it. This flag means "user must invoke explicitly with `/skill-name`." I set this on every Skill that touches a side effect.

**`context: fork` runs the Skill in a sub-agent.** The Skill executes in a separate context window and reports back. Your main conversation doesn't get cluttered with the diff Claude just read. This is the single best feature for skills that grep through large codebases.

**`model: opus` (or sonnet, or haiku) overrides the session model for this Skill.** Cheap models for cheap work. I run a `/lint-commit` skill on Haiku because it's a one-shot string check, and `/architect-feature` on Opus because it actually has to think. The cost difference adds up — my Skills bill is probably a third of what it would be with one model for everything.

## My five workhorse Skills

Here's what's in my personal `~/.claude/skills/` directory, ordered by how much I'd cry if I lost them.

**`/review-pr`** — Reads the current diff via `gh pr diff`, comments inline. The Skill that started this whole thing for me.

**`/triage-issue $ARGUMENTS`** — Takes an issue number, reads the issue, classifies it (bug/feature/duplicate), labels it. Uses positional args: `/triage-issue 123` becomes `$ARGUMENTS = 123`.

**`/architect-feature`** — Forks the context, reads the codebase, returns three implementation approaches with tradeoffs. `model: opus`, `context: fork`. This is the Skill I wrote a paragraph ago about offloading thinking-heavy work.

**`/release-notes`** — Looks at git log since last tag, drafts release notes. Has `disable-model-invocation: true` because I don't want Claude generating release notes mid-conversation when I asked an unrelated question.

**`/lint-commit`** — Runs `git diff --staged`, checks for console.logs, debugger statements, .env values. Cheap, on Haiku.

The fifth one is the one I'd recommend you write first. Linters that catch the small embarrassing stuff before they ship are the kind of thing you'll never miss until you turn them off.

## The `!\`command\`` trick that changed how I think about prompts

Buried halfway through the Anthropic docs is a piece of syntax that does more for prompt quality than any prompt-engineering technique I've tried. You can run shell commands inside a SKILL.md and have their output substituted into the prompt before Claude reads it.

```yaml
---
name: pr-summary
description: Summarize the current PR
context: fork
---

## PR information

- Diff: !`gh pr diff`
- Comments: !`gh pr view --comments`
- Files changed: !`gh pr diff --name-only`

## Task
Summarize the PR using the data above.
```

When the Skill runs, the backtick-bang expressions get replaced with their command output. Claude never sees `!\`gh pr diff\``. It sees the actual diff. This is huge: it means your Skill always operates on fresh, real data instead of whatever Claude scraped from the conversation. I started using this for everything that takes "the current state of X" as input, which turns out to be most of my Skills.

For multi-line commands, there's a `!` block syntax. You can grab `node --version`, `npm --version`, and `git status` in one go and dump them at the top of an "environment context" Skill.

## Should you migrate from `.claude/commands/`?

Yes, but not in a panic. The custom commands directory still works, and there's no announced sunset date. But:

- New Anthropic features (`context: fork`, the `model:` override, model-invoked descriptions) only land in Skills.
- Anthropic's [official plugins](https://github.com/anthropics/claude-plugins-official/issues/537) themselves have started flagging custom-command usage as "should migrate."
- The internal Claude Code source has a string `loadedFrom === "commands_DEPRECATED"` floating around. That isn't a public timeline, but it's a signal.

My migration was fifteen minutes per file. The only gotcha is that custom commands lived in a flat directory (`commands/review.md`), and Skills live in a nested one (`skills/review/SKILL.md`). I wrote a one-liner shell script to move them and committed the result. If your custom commands didn't have helper files, the migration is genuinely just: rename, wrap in a directory, add a richer description.

## What I'd skip on a first pass

A few features in the Skills system look cool but I haven't found a real use for yet, and they're worth flagging so you don't sink an afternoon into them.

**The `agent:` field for picking which sub-agent runs the Skill.** Claude Code ships several sub-agents (Explore, Plan, etc.). You can pin a Skill to one. I tried it; the autorouting Claude does on its own is good enough that explicit pinning rarely helped.

**Plugin Skills via the marketplace.** If you're publishing Skills publicly, the namespacing (`plugin-name:skill-name`) is great. If you're writing them for yourself or your team, just stick them in `.claude/skills/` and commit. Don't over-engineer the distribution.

**Building "smart" skills that detect what to do.** Tempting, but the LLM is already the smart part. Your Skill should be a *procedure*, not a flowchart. If you find yourself writing "if the diff is large, do X, else do Y" inside SKILL.md, you're doing Claude's job for it.

## The closing self-own

My SKILL.md files are now collectively three lines longer than the actual code they orchestrate. I had to write a Skill called `/list-my-skills` to remember what they all do. There's a real, measurable productivity gain here, and there's also the recursive joy of automating the act of automating things until you've built a small bureaucracy of helpful clerks. Both can be true. I'm choosing to enjoy it.

If you've been using `.claude/commands/` and never opened the Skills page, do this today: pick the one prompt you've copy-pasted most often this month, give it a name, and write twenty lines of YAML around it. Tomorrow's you will type `/<name>` instead, and the day after you'll wonder how you ever lived without it.

## References

- [Extend Claude with skills — Claude Code Docs](https://code.claude.com/docs/en/skills)
- [Skill authoring best practices — Anthropic](https://platform.claude.com/docs/en/agents-and-tools/agent-skills/best-practices)
- [GitHub: anthropics/skills](https://github.com/anthropics/skills) — Official skill examples
- [Claude Code commands deprecated in favor of skills — Martin Emde](https://martinemde.com/blog/claude-code-commands-deprecated)

Related read: I broke down [Claude Code vs ChatGPT Codex](https://kenimoto.dev/blog/claude-code-vs-chatgpt-codex-official-agents) recently. Codex's "custom instructions" sit in roughly the same conceptual slot as Skills, but the developer ergonomics are very different.

---

## Want to go deeper?

This article touches a slice. The full Claude Code playbook — CLAUDE.md patterns from 2 lines to 100, Plan Mode workflow, team operations, non-coding applications — is in **[Practical Claude Code](https://kenimoto.dev/books/claude-code-mastery)**.

---

# I Told Claude Code to Do TDD. It Wrote the Test AFTER the Code 6 Out of 10 Times.

URL: https://kenimoto.dev/blog/claude-code-tdd-test-after-code-six-of-ten/
Lang: en
Date: 2026-05-23
Description: My CLAUDE.md said `## TDD First`. Claude read it carefully and then carefully ignored it 6 times out of 10. Here is the 30-day git log audit, the reason next-token prediction defaults to implementation-first, and the prompt + hook combo that finally got Claude into a red-green-refactor loop.

My CLAUDE.md had a section called `## TDD First`. Six lines. Very clear. I had spent twenty minutes drafting it. Then I ran a 30-day audit of my own commits and discovered that across the features I had asked Claude Code to TDD, the test file was committed *after* the source file 6 out of 10 times. Not "the test failed first then I fixed it." The test file did not exist at the moment the source file got committed.

This is the story of how I caught it, why it kept happening, and the two-part fix — prompt + PreToolUse hook — that finally pushed Claude into a real red-green-refactor cycle. It is also the third installment in what is becoming an accidental series on Claude doing things confidently and wrong. The first was Claude [hiding bugs three times in a row](https://kenimoto.dev/blog/claude-hid-my-bug-three-times-ten-debugging-prompts). The second was [refusing to write specs](https://kenimoto.dev/blog/spec-driven-development-claude-code-three-failures) until the code went sideways three times. This one is about TDD, and the pattern is identical: the model agrees, the model proceeds, the model ignores the part of the prompt that would cost it tokens.


## The 30-day audit

The audit was accidental. I had been writing about debugging habits and wanted to see whether my own commit history was consistent with what I was preaching. So I pulled `git log --name-only --pretty=format:'%h %ai %s'` for the last 30 days on a project I had been driving with Claude Code, and grouped the commits by feature. Ten features. For each one, I noted the timestamp of the first commit that touched the source file, and the timestamp of the first commit that touched its test file.

Six features out of ten had the source file committed first. The gap ranged from 90 seconds to 23 minutes. In two cases the test file was committed in the same commit as a later round of fixes, after the source had already been shipped to a feature branch. In one case there was no test file at all, only a `# TODO: add tests` next to the function.

I had been telling Claude "TDD this" every single time. I had a `## TDD First` section in CLAUDE.md. I had even pasted the red-green-refactor sequence at the top of the prompt for the more complex features. And six times out of ten, it had cheerfully written the implementation, then either written the test afterward or skipped it entirely.

I want to be clear that I am not blaming the model for being lazy. The model was doing exactly what it was trained to do.

## Why next-token prediction defaults to implementation-first

This is the part that took me a while to actually understand. The model is not deciding "I will do TDD" or "I will not do TDD" the way a human engineer might decide. It is predicting the next most plausible token given the context. And in its training data, the overwhelming majority of "user asks for feature X" responses look like *here is the function that does X*, optionally followed by *and here is a test*. The "test first, then implementation, with the test failing in between" sequence is rare in public repositories because humans rarely commit the red phase as its own commit. We commit the green phase. So the model never built a strong prior for the red-first ordering.

Several people in the Claude Code community have pointed at the same thing. The [aihero.dev TDD skill writeup](https://www.aihero.dev/skill-test-driven-development-claude-code) puts it as: when the test writer and the implementer share the same context window, the implementer's thinking leaks into the test writer's, and you get tests that conveniently pass on the first run. That is not TDD, that is "tests retrofitted to pass." The [alexop.dev red-green-refactor loop post](https://alexop.dev/posts/custom-tdd-workflow-claude-code-vue/) goes further and argues that the only reliable fix is to force the cycle from outside the model, with hooks or skills that the agent cannot override mid-stride.

The other thing I keep seeing in writeups, including the [BSWEN Claude Code TDD skill walkthrough](https://docs.bswen.com/blog/2026-03-25-tdd-skill-claude-code/), is the same Anthropic guidance I had been ignoring: Claude will sometimes alter the test to make it pass rather than fix the implementation. Committing the test before the implementation gives you a diff to look at if that happens. I was not doing that either.

So the model had a weak prior for test-first, and I had a weak workflow that did nothing to compensate. Six out of ten makes a lot of sense in retrospect. The surprising thing is that it was as low as six.

## What I tried first that did not work

Before the hook, I tried prompt engineering harder. This is the part I want to spend a paragraph on, because it is what most people try, and it gets you most of the way without getting you there.

**Attempt 1 — `## TDD First` in CLAUDE.md.** Already had this. Six out of ten ignored it. The header was too generic; the model saw it as a vibe, not a constraint.

**Attempt 2 — explicit red-phase instruction in the prompt.** I started pasting "Write a failing test for [feature] in `tests/X_test.py`. Do not write the implementation yet. Run the test and confirm it fails before proceeding." This got me to maybe 8 out of 10. Better, but still 2 out of 10 I would catch it cheating, usually by writing the test in a way that mocked out the part that would actually have failed.

**Attempt 3 — separate prompts for red and green.** Two messages. First message: write the failing test, stop, run it, show me the failure. Second message, only after I had eyeballed the failure: now write the implementation. This was the first time I got something that smelled like real TDD. The problem was that it required me to physically be at the keyboard for two turns, and if I context-switched away mid-feature, the next Claude session would happily merge the two steps back into one.

The lesson from Attempt 3 is that prompts are advice. The model can ignore advice. To get TDD enforced, I needed something the model could not ignore. That something is a hook.

## The PreToolUse hook that broke the loop

Claude Code's hook system lets you intercept tool calls before they execute. A PreToolUse hook on Write or Edit gets the file path the model is about to touch. If the model is trying to write to `src/foo.py` and there is no `tests/foo_test.py` that currently fails, the hook can exit 2, which Claude Code treats as "this tool call is denied, here is the reason, try again."

This is the smallest version that worked for me, on a Python project with pytest:

```json
{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Write|Edit",
        "hooks": [{
          "type": "command",
          "command": "python3 .claude/hooks/require-failing-test.py"
        }]
      }
    ]
  }
}
```

The script reads the file path from the tool call payload, maps `src/X.py` to `tests/X_test.py`, checks the test file exists, runs `pytest tests/X_test.py --no-header -q`, and exits 2 if pytest exits 0. If the test does not yet exist or the test currently fails, the hook lets the edit through. If the test exists and is already passing, the hook blocks the edit with a message like *"a failing test must exist in tests/X_test.py before src/X.py can be modified. Write the failing test first."* That message lands in the model's next-turn context. It does not have a choice.

There are edge cases. The test file might pass for the wrong reason; the hook does not catch that. The mapping from source to test path is project-specific; mine is hardcoded. And I have an escape hatch — a magic comment `# tdd-bypass: refactor` on the first line — for refactor commits where you genuinely want to edit without a new failing test, because refactor is supposed to preserve behavior, not add it. The hook respects the escape hatch, but it logs every use of it to a file I review at the end of the week. The first week, my escape-hatch log had 22 entries. The second week it had 4. That number going down is the whole point.


## What the 30-day rerun looked like

I ran the same audit 30 days after the hook went in. Same project, same kind of features, same prompt style. The numbers:

- Test file committed first: **9 of 10** (up from 4 of 10)
- Test file committed in same commit as source, but written first per the file-modification timestamps: 1 of 10
- Test file committed after source: 0 of 10

The single feature where the test went in the same commit as the source was a 12-line config helper that I had legitimately bypassed with the magic comment. So in terms of TDD being followed when the rule applied, the number is 10 of 10.

I do not want to claim that the hook turned Claude into a disciplined TDD practitioner. It did not. The model still writes implementations that look suspicious from a "test was designed around the implementation" perspective some of the time. What the hook gives me is *ordering*: a failing test must exist before the source can be touched. That alone closes the loop where Claude was retrofitting tests around code that was already shaping the test's assertions. The Anthropic guidance on this — captured by several community writeups including the [DataCamp best practices roundup](https://www.datacamp.com/tutorial/claude-code-best-practices) — is that ordering is the load-bearing constraint, and everything else is bonus.

## When to skip TDD entirely

This is the part I should have figured out before instrumenting any of this. There are tasks where TDD is the wrong tool. Refactors that should be a no-op behaviorally. One-off scripts I am going to throw away in 20 minutes. Pure data migrations. UI tweaks where the test would just be a snapshot of itself. Forcing TDD on these tasks does not make the code better; it makes the workflow heavier with no payoff.

The escape hatch exists for these. The week-end review of the escape-hatch log is where I notice if I am abusing it. "I bypassed TDD because the test was hard to write" is a smell. "I bypassed TDD because the code was a snapshot test of CSS class names" is fine. The audit, not the rule, is what keeps the workflow honest.

My CLAUDE.md still says `## TDD First`. I left it there for vibes. It was never going to be the part that did the work. The hook is the part that does the work, and the audit is the part that decides whether the hook is still tuned right. The full chapter on Claude Code's prompt-vs-hook-vs-MCP layering — when to use which layer for which kind of rule — is in [Practical Claude Code](https://kenimoto.dev/books/claude-code-mastery). The hooks chapter is the one I keep going back to.

Sources:
- [TDD with Claude Code (FlorianBruniaux/claude-code-ultimate-guide)](https://github.com/FlorianBruniaux/claude-code-ultimate-guide/blob/main/guide/workflows/tdd-with-claude.md)
- [How to Implement TDD with Claude Code TDD Skill (BSWEN, Mar 2026)](https://docs.bswen.com/blog/2026-03-25-tdd-skill-claude-code/)
- [My Skill Makes Claude Code GREAT At TDD (aihero.dev)](https://www.aihero.dev/skill-test-driven-development-claude-code)
- [Forcing Claude Code to TDD: an agentic red-green-refactor loop (alexop.dev)](https://alexop.dev/posts/custom-tdd-workflow-claude-code-vue/)
- [Claude Code Best Practices: Planning, Context Transfer, TDD (DataCamp)](https://www.datacamp.com/tutorial/claude-code-best-practices)

---

# Claude Code vs ChatGPT Codex: Two Official Agents, One Choice You Don't Have to Make

URL: https://kenimoto.dev/blog/claude-code-vs-chatgpt-codex-official-agents/
Lang: en
Date: 2026-05-04
Description: I spent a month switching between Claude Code and ChatGPT Codex. They aren't the same tool, they aren't even the same idea, and the cheapest answer turned out to be running both. Here's the workflow.

For a long time my AI coding workflow was a junk drawer. Aider, Continue, OpenClaw, three different VS Code plugins, an `.envrc` with API keys for providers I'd forgotten I had. Then in April 2026, Anthropic tightened the rules on third-party clients hitting Claude Max, and half my drawer stopped opening.

That was the part where I should have panicked. Instead I did the boring thing: I deleted everything except Claude Code and ChatGPT Codex. The two official agents. Both backed by the labs that train the models. Both at the awkward price point of about $100/month if you go for the next tier up.

I expected to pick a winner inside a week. A month later I'm still running both, and that turns out to be the actual answer.

## Two tools, two completely different ideas

It's tempting to call Claude Code and Codex "competitors." They are, in the same sense that a chef's knife and a slow cooker compete: they both produce dinner, but if you compare them on a spec sheet you'll miss the point.


Claude Code lives in your terminal. You run `claude` in a project directory and it has full read/write access to your filesystem. It edits files in real time. You watch it work. When it suggests a change, you can stop it mid-sentence, push back, redirect, and the conversation just keeps going. The mental model is "pair programmer who reads fast."

ChatGPT Codex lives in the cloud. You give it a task, it spins up a sandbox, clones your repo from GitHub, and returns a pull request whenever it's done. You can queue five tasks before lunch and review the PRs after. The mental model is "intern who works from home and only files complete reports."

Same goal. Almost no overlap in how they get there.

## The boring spec sheet (which I promised not to lean on, and will now lean on briefly)

Here's the cheat sheet I keep in a Markdown file because I forget it twice a week:

| Dimension | Claude Code | ChatGPT Codex |
|---|---|---|
| Where it runs | Your machine | OpenAI's cloud |
| Interaction | Synchronous, conversational | Asynchronous, queued |
| File access | Direct local filesystem | Sandboxed clone of your GitHub repo |
| Pipe mode | `claude -p` reads stdin | No |
| Subscription | Pro $20, Max 5x $100, Max 20x $200 | ChatGPT Go $8, Plus $20, Codex Pro $200 |
| Default model | Claude Sonnet 4.6 / Opus 4.6 | GPT-5.3 Codex (codex-1 fine-tune of o3) |
| Best benchmark right now | 67% win rate on independent code-quality reviews | 77.3% on Terminal-Bench 2.0 |
| Voice / mobile flow | Limited | Voice input, mobile review of PRs |

Two things jump out. First, the price ladders are not aligned. Claude's Pro tier ($20) already includes Claude Code; OpenAI's $20 ChatGPT Plus does *not* include unlimited Codex usage, and the dedicated Codex Pro plan sits all the way up at $200. Second, the benchmark winners depend entirely on what you're measuring. Code quality on long, context-heavy tasks: Claude. Pure terminal-grind throughput: Codex. Anyone who tells you "X is better at coding" is selling something.

## What each one actually feels like

Specs are easy to publish and easy to argue about. The texture of each tool is what you only learn by using it, so let me describe the texture.

**Claude Code feels like editing a Google Doc with a fast colleague over your shoulder.** You type a request. Files start changing. If it goes the wrong direction in line 4, you say "no, drop the Redis cache, just use SQLite" and it actually backs out. The blast radius of a bad instruction is bounded by how fast you can type Ctrl-C. The cost is that *you have to be there*. Claude Code is bad at the kind of task you'd hand off and walk away from, because it expects you to keep the conversation moving.

**Codex feels like email with someone in another time zone.** You write a clear ticket. You hit send. You go do something else. The PR shows up later, and if it's wrong, you write another ticket. The blast radius is bounded by what's in the sandbox: it can't accidentally clobber your local Postgres because it's not running on your machine. The cost is that ambiguous instructions don't get clarified: they get interpreted, and you find out three hours later.

I tried for two weeks to use only one of them. Both attempts ended badly. With only Claude Code, I lost half a Sunday because I sat through a refactor that I should have queued and walked away from. With only Codex, I burned an afternoon waiting on PRs for changes I could have made conversationally in fifteen minutes.

The mistake I was making was treating "AI coding agent" as one job. It's at least two jobs. The synchronous one and the asynchronous one. They share a name and almost nothing else.

## The workflow that finally worked

After I stopped trying to crown a winner, the actual workflow fell out almost on its own.


The split runs along one axis: **how much of your attention does this task deserve right now?**

If the answer is "all of it" (debugging a weird production trace, writing a tricky migration, trying to understand a piece of code I didn't write), Claude Code wins. The conversational loop is the whole point. I want to interrupt, ask "wait, why did you choose that?", and have it explain.

If the answer is "none of it, please just do it while I'm in this meeting" (bump dependencies, add tests for the three uncovered functions, port this script from Python 3.10 to 3.13, write a draft PR for that GitHub issue I triaged yesterday), Codex wins. I write a one-paragraph spec, queue it, and review the PR an hour later on my phone.

There's a third pattern I didn't expect: **using them on the same task, in sequence.** I'll have Claude Code architect a feature in conversation: let it show me the trade-offs, talk me through three approaches, generate the first draft. Then I'll hand the resulting PR scope to Codex, with a precise spec, to grind out the boring sibling implementations. Claude does the thinking-heavy 20%; Codex parallelizes the typing-heavy 80%. The combined cost on Max 5x + Codex Pro is ~$300/mo, which sounds like a lot until you remember it's roughly the cost of having half a contractor for one day a month.

## A few sharp edges nobody warns you about

A month in, here are the things I wish someone had told me.

**Claude Code's pipe mode (`claude -p`) is criminally underdocumented.** You can pipe stdin straight into it, which means it composes with every Unix tool you already know:

```bash
git diff HEAD~1 | claude -p "review this diff for SQL injection risks"
```

That's a one-line code review. It is not, it turns out, available in Codex. Codex's superpower is GitHub PRs; Claude Code's superpower is being a Unix citizen. Use the right one.

**Codex doesn't see your local environment, and that's a feature.** I burned an embarrassing amount of time early on trying to debug "why doesn't Codex have access to my .env file?" The answer is: because it's running on someone else's computer. Once that clicks, you stop fighting it. Anything that requires a real local service (Docker compose, a running database, a quirky internal CLI) belongs to Claude Code. Anything self-contained in the repo belongs to Codex.

**Anthropic's third-party crackdown is real but narrower than the panic suggested.** The April 2026 changes mostly affected tools that piggybacked on Claude Max subscriptions to resell Claude. The official `claude` CLI, the Agent SDK, and MCP integrations are all fine. If you'd been routing Claude through OpenClaw or a similar third-party shim, that's the thing that broke. Switching to the official CLI is a one-line change in most workflows.

**Voice input on Codex actually moves the needle.** I rolled my eyes when I heard about it. Then I tried walking the dog while dictating "rewrite the migrations folder to use the new naming convention, open a PR" and the PR was waiting when I got home. That is not a productivity hack. That is a category change.

## So which one should you pay for?

If you can only pay for one and you want a single, defensible choice: **start with Claude Code on the Pro plan ($20).** It's the lower-friction entry. The conversational loop teaches you what these tools are good at and what they're not, and you can graduate to Max later if your usage pushes against the limits.

If you have a workflow that's genuinely "queue tasks, review PRs," Codex is the better fit, and you should skip straight to Plus or Pro depending on volume.

If your honest answer is "I want both," budget for both. The duplication of cost is real, but the duplication of capability is mostly an illusion: they cover different jobs that happen to share a job title.

What I'd warn against is the failure mode I almost talked myself into: picking one, declaring it the winner, and forcing the other half of your work to fit the wrong tool. That's the real cost. Both companies are pricing these subscriptions to be in the noise compared to a developer's salary. The point of optimizing here is not to save $100/mo. It's to not waste an afternoon waiting on a PR you should have written in chat, or sitting through a refactor you should have queued and walked away from.

The choice you don't have to make is the binary one. Pick the workflow per task. The agents will sort themselves out.

---

*Posted from a workflow where Claude Code drafted this article in conversation, and Codex was queued to fix the typos in a PR while I went to make coffee. The coffee was, predictably, a mistake. The PR was fine.*

---

## Want to go deeper?

This article touches a slice. The full Claude Code playbook — CLAUDE.md patterns from 2 lines to 100, Plan Mode workflow, team operations, non-coding applications — is in **[Practical Claude Code](https://kenimoto.dev/books/claude-code-mastery)**.

---

# I Caught Claude Hiding My Bug 3 Times in a Row. Then I Turned 10 Debugging Habits Into Prompts.

URL: https://kenimoto.dev/blog/claude-hid-my-bug-three-times-ten-debugging-prompts/
Lang: en
Date: 2026-05-15
Description: I asked Claude to fix a 500 error. First attempt: try-catch. Second: default return value. Third: retry. The 500 stopped. Two hours later, the same incident hit a different endpoint. The root cause was connection pool exhaustion. Claude was not fixing the bug. It was hiding it. Here are the 10 debugging habits I turned into prompts so it can't do that anymore.

I asked Claude to fix a 500 error from one of my API endpoints. First attempt: it wrapped the call in try-catch and logged the error. Second attempt: it added a default return value so the caller would not blow up. Third attempt: it added a retry with exponential backoff.

The 500 stopped. I shipped the third "fix" with full confidence. Two hours later, prod woke up the on-call. The same incident had moved to a different endpoint that shared the same database client. The actual cause was connection pool exhaustion. Claude was not fixing the bug. It was hiding it three different ways.

This is the story of how I turned 10 debugging habits into prompt templates so Claude cannot pull that on me anymore. There are also two file types you can hand it once and never touch again: a CLAUDE.md block and two hook configs.


## The 3 "fixes" that almost shipped

Each of the three attempts looked correct in isolation.

**Attempt 1 — try-catch.** The handler now caught the exception, logged it, and returned a 500 to the user. From the API's point of view, this was an improvement. From the bug's point of view, the connection that triggered the error was still leaked back into the pool in a broken state.

**Attempt 2 — default return value.** The function now returned an empty list instead of raising. The 500 was gone from this endpoint. The data inconsistency that the empty list created flowed downstream into a cache and stayed there for an hour.

**Attempt 3 — retry with exponential backoff.** Three retries, each opening a new connection. The pool got drained faster. The 500 disappeared on this endpoint because the user-facing call now succeeded on attempt 2 or 3. Other endpoints, sharing the same pool, started timing out instead.

In all three cases, the symptom went away on the endpoint I asked about. The cause moved. I had asked Claude to debug, but I had given it no rule against suppressing the symptom, so it suppressed the symptom, because that is what the next-token prediction wants to do.

For a more cheerful version of how this kind of thing also breaks the infrastructure around your AI agent (not the agent's output, the bus and the dispatcher), see my earlier post on [9 bugs in my AI pipeline](https://kenimoto.dev/blog/9-bugs-in-my-ai-pipeline). That post was about the plumbing around the model. This one is about the model writing the plumbing.

## Why AI defaults to symptom suppression

The 2025 Stack Overflow Developer Survey reported that around 80% of professional developers were using or planning to use AI tools, and the share who actually trusted those tools' output had dropped year over year. The follow-up coverage I've read since then keeps coming back to the same complaint: AI-generated code clusters bugs around logic errors and I/O handling, at a rate that is meaningfully higher than human-written code at the same level of seniority. The figure I've seen cited most often is roughly 1.7x bug density, though different studies measure it differently and you should check your own commit history before quoting any single number.

The mechanism is not mysterious. A large language model predicts the next most plausible token given the context. "Error handling pattern" is one of the most over-represented things in its training data. Try-catch, null-check, default return, retry: these are statistically the kinds of edits that appear when someone says "fix this error" in a public repo. The model is doing exactly what it was trained to do.

What is missing is a different kind of token. "I do not yet know the root cause. Continue investigation." That sentence is rare in training data because humans rarely commit it. We commit the fix, not the not-yet-found-it. So the model never learned to default to "keep looking."

You have to put that token in for it. That is what the next section is for.

## 10 debugging habits → 10 prompt templates

Each of these maps to a classic debugging habit. Each one is a sentence I now paste into the prompt or the CLAUDE.md, depending on how permanent I want it.


**1. Doubt the inputs.** "Before proposing a fix, confirm the logs you're reading are complete and the monitoring you're trusting actually reports the state you think it reports." This is the one Claude skips most. It will happily diagnose from a log file that is half-rotated.

**2. Reproduce before fixing.** "Reproduce the bug locally and show me the minimum steps. If you cannot reproduce it, say so explicitly and stop." The "stop" is doing the work. It shuts the door on guessing.

**3. Find the boundary.** "Identify the boundary between working and broken behavior. Which component is the last one that returns correct data?" This pushes the model away from line-by-line guesses and toward layer-by-layer narrowing.

**4. Diff against a known-good state.** "Compare the current code to the last known working state. Run `git log --oneline -20` and identify any change that could plausibly correlate with the failure window." This is the prompt that surfaces the commit no one remembered making.

**5. Build a timeline.** "When did this start failing? Is it sudden or gradual? Map error rate against deploy times, traffic spikes, and config changes." Sudden + correlated to deploy is one bug. Gradual + uncorrelated is a different bug entirely. Conflating them is how three "fixes" stack.

**6. Audit retries, caches, and timeouts.** "List every retry, cache, and timeout on the path. For each one, describe what happens when the underlying call is slow but not failed." This is the one that would have caught my pool exhaustion on the first pass.

**7. Watch for amplification.** "Is there a path where a small error gets multiplied? A failed call that triggers three retries, each opening a new connection, each adding latency to the next?" If your retry storm hides inside an autoscaler, you also get an instance storm.

**8. Add instrumentation, don't guess.** "If you don't have enough observation to identify the cause, propose the specific log lines or traces to add. Do not propose a fix yet." This converts "I don't know" into "here is what to measure," which is a much more useful answer than a fake fix.

**9. Simplify the suspect.** "Remove non-essential components from the failing path until the bug is reproducible in the simplest possible form. What is the smallest input that still triggers it?" Most of the bug usually wasn't in the part you were staring at.

**10. Break things on purpose.** "To verify a hypothesis, propose an intentional change that should make the bug worse or better. Predict the outcome before running it." This is the one that flips debugging from observation to experiment. It also catches lies your monitoring is telling you.

The whole set, including the rationale and the original-language formulations, comes from the [Debugging Engineering](https://kenimoto.dev/books/debugging-engineering) book. That's where the 10 habits started, and where the chapter on translating them into prompts lives.

## Persist the rules in CLAUDE.md

Pasting 10 sentences into every prompt does not scale. CLAUDE.md is where the rules go to live.

The Anthropic guidance I keep coming back to is to hold CLAUDE.md under roughly 100-150 lines so it can actually fit in context for every turn. Spending 12 of those lines on debugging is a good trade.

```markdown
## Debugging Rules

- Do not write fix code until you have identified the root cause.
- Suppress nothing. If the symptom is gone but the cause is unknown, that is not a fix.
- Before fixing, write a failing test that reproduces the bug.
- After fixing, run the full test suite and report any newly failing tests.
- If three attempts fail in a row on the same bug, stop. Summarize what you tried, what you ruled out, and what hypothesis is left, and ask for human input.

## Debugging Workflow

1. Root Cause Investigation: read logs, traces, and the code path.
2. Pattern Analysis: search for the same anti-pattern elsewhere in the codebase.
3. Hypothesis Testing: write a test that would fail iff the hypothesis is correct.
4. Implementation: only after steps 1-3 succeed.
```

The thing to notice is that these are constraints, not instructions. "Do not write fix code until..." is more useful than "investigate first." The constraint format is what stops the next-token machine from cheerfully skipping ahead.

## Automate behavior with hooks

CLAUDE.md is the brain. Hooks are the reflexes. Two of them matter for debugging.

**PreToolUse: block destructive commands.** Halfway through debugging, the model occasionally suggests something like `rm -rf node_modules` or, on a worse day, a raw `DROP TABLE`. A PreToolUse hook intercepts the Bash tool call, greps the command string for a small denylist, and exits 2 to block. Claude Code treats exit code 2 from a PreToolUse hook as "this tool call is denied, tell the model why."

```json
{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash",
        "hooks": [{
          "type": "command",
          "command": "if echo \"$TOOL_INPUT\" | grep -qE 'rm\\s+-rf|DROP\\s+TABLE'; then echo 'BLOCK: destructive command' >&2; exit 2; fi"
        }]
      }
    ]
  }
}
```

**PostToolUse: run tests after edits.** Matcher `Edit|Write`, command runs your test suite or at least a fast subset. The model now sees the test failure on the next turn and reacts to it the same turn it created it, instead of remembering 30 messages later. The official [Claude Code hooks reference](https://code.claude.com/docs/en/hooks) covers the matchers and exit-code conventions in full. Worth reading once before you write your own.

Together CLAUDE.md, PreToolUse, and PostToolUse form the equipment layer for an AI debugger. It is the same equipment-layer pattern I used when splitting one big agent into [Observer, Strategist, and Marketer](https://kenimoto.dev/blog/three-role-separation-observer-strategist-marketer): constraints in the prompt, behavior in the hooks, information in the MCP layer. This is debugging week of that same series.

## When 3 hidden fixes in a row mean stop

The single most useful rule, the one that would have saved my on-call:

> If three attempts in a row fail to fix the same bug, stop and escalate.

Three is not magic. It is the point where the cost of one more guess exceeds the cost of admitting the bug is structural. By the third attempt, the model is usually pattern-matching on top of pattern-matching, and a human eye is cheaper than a fourth retry.

"Let Claude debug it" is half true. It is fast. It just defaults to fast at *hiding* the problem unless you arm it differently. The 10 prompts arm it. The CLAUDE.md remembers them for you. The hooks catch what slips through. None of these is expensive. The on-call page at 11pm is.

The full chapter on translating the 10 habits into prompts, plus the Claude Code weapons chapter on CLAUDE.md, hooks, and MCP layering, is in [Debugging Engineering](https://kenimoto.dev/books/debugging-engineering).

Sources:
- [2025 Stack Overflow Developer Survey, AI section](https://survey.stackoverflow.co/2025/ai)
- [Closing the developer AI trust gap (Stack Overflow Blog, Feb 2026)](https://stackoverflow.blog/2026/02/18/closing-the-developer-ai-trust-gap/)
- [Claude Code Hooks reference](https://code.claude.com/docs/en/hooks)

---

# I Refactored 100 Functions With Claude. 7 Got Slower in Production.

URL: https://kenimoto.dev/blog/claude-refactor-100-functions-7-slower-production/
Lang: en
Date: 2026-05-24
Description: Claude Code refactored 100 functions in my codebase. CI was green. Two weeks later, production was 14% slower in seven spots. Here is what the slow seven had in common, and the four checks I now run before merging any AI refactor.

I asked Claude Code to refactor 100 functions across a Python service I owned. It did the job in two passes. CI was green on both. The PR description was so neat I almost felt bad shipping it on a Friday.

Two weeks later, on-call paged me because the p95 of one endpoint had drifted from 180 ms to 240 ms. I started bisecting. The bisect landed on the refactor PR. I started reading the refactor PR. Seven of the 100 functions were slower in production. CI never noticed because CI does not measure "slower." It measures "returns the same value."

This post is about what those seven slow functions had in common, why mutation tests and unit tests both missed them, and the four checks I now run before I let Claude, or any AI, refactor anything that ships under load.

## The setup, so you can tell whether this generalizes

The codebase: a Python 3.12 service with about 18 k lines of business logic, FastAPI on the edge, asyncpg to Postgres, a Redis cache, and a CPU-bound scoring module that runs on every request. The 100 functions were a curated batch: small to medium, pure where possible, all with unit tests. I asked Claude Code to apply a standard set of cleanups: early returns, extracted variables for magic numbers, comprehensions where loops did one thing, dataclass conversions for ad hoc tuples.

I was deliberate about scope. No rewrites. No architectural changes. No "while you are in there" rewiring. Two batches of 50, each shipped as its own PR, each with its own CI run on an 8-core runner. The unit tests passed. A mutation testing run with `mutmut` came back clean. Kill rate on the refactored modules went from 78% to 81%. By every signal I had, the code was equivalent and slightly better.

Which is exactly the kind of confidence that gets you a Friday page two weeks later.


## What the slow seven had in common

When I sat down to read the seven slow functions side by side, three patterns showed up. None of them are obvious. All of them are the kind of thing CI is structurally unable to catch.

**Pattern 1: comprehensions that traverse twice.** Four of the seven were loops that Claude folded into a list comprehension. The comprehensions were correct. They were also walking the input twice (once to filter, once to map) because Claude had separated the predicate and the projection for readability. The original loop did both in one pass with an `if` and a `continue`. On a list of 50 items that runs once per request, the difference was 1.4 ms. On the hot path, multiplied across the request, it was about 12 ms of p95.

I would have caught it in code review if I had read the old and new code line by line. I didn't, because the diff looked like a textbook "extract comprehension" cleanup and the test passed.

**Pattern 2: early returns that defeated a cache.** Two of the seven used `@functools.lru_cache` on the outer function. Claude added a guard clause that returned `None` for invalid input before the cache lookup. The intent was defensive: fail fast on bad input. The effect was that the cache stopped getting populated for the entire valid-input path, because the function now returned through a path that wasn't memoized. Hit rate dropped from 91% to 6% on that function. The function itself was fast. The 85-point hit rate drop wasn't.

You will not catch this in a unit test. You catch it in a load test, or in production, or by reading the function with the question "what was this function's role in the system, not just its contract."

**Pattern 3: dataclass conversion that broke the asyncpg fast path.** One function used to return a tuple that asyncpg could unpack directly into its row decoder. Claude converted the tuple to a dataclass with the same fields, which is structurally cleaner and semantically identical. It also forced an extra allocation and a `__init__` call per row. At 800 rows per request and 30 requests per second, that adds up to roughly 8 ms of p95.

This one is my favorite, because it is the cleanest example of "the refactor is correct and the refactor is wrong." The code reads better. The system is slower.

## Why CI and mutation testing both said yes

I want to spend a paragraph here because it took me a while to internalize this.

Unit tests verify that the function returns the same value for the same input. They do not verify that it returns the same value in roughly the same time, with roughly the same allocation pattern, holding roughly the same locks. Mutation testing verifies that your tests would notice if the code's logic changed. It would also not notice "this function now allocates a dataclass per row instead of unpacking a tuple," because mutation testing's mutators don't include "swap the data structure."

In other words: every tool I had in my CI pipeline was answering the question "is this code correct?" Not one of them was answering "is this code as fast?" That gap is exactly where Claude's refactors landed. The cleanups were correct. They were just slower in ways that only show up under real traffic.

I had a CI suite. It was green. The functions were just slower. CI doesn't measure "slower."

## The four checks I run now

After the page, I built four checks into my refactor flow. Three are automated. The fourth is a 10-minute reading. I am sharing them because I have read every "let AI refactor your code" post on Dev.to this quarter and not one of them mentions performance verification.

**Check 1: a baseline benchmark before the refactor.** I run `pyinstrument` on the top 20 endpoints with a recorded production-shaped trace and save the report. The report names every function on the hot path with p50, p95, and allocation count. Pre-refactor, you should know which functions matter. Without this baseline, you cannot say "this function got slower". You can only say "the service feels slower", which is what brought me here in the first place.

**Check 2: the same benchmark after the refactor, with a diff.** Same trace, same script, diff the two reports. A drift of more than 5% on any function in the top 50 by self-time is a flag. Not a block. A flag. You investigate.

**Check 3: a load-shaped soak.** I run `locust` for 10 minutes at 80% of peak production load against the refactored build and watch cache hit rates, allocation rates, and DB connection acquisition time. This is what would have caught the `lru_cache` regression. Hit rate drop from 91% to 6% screams in a five-minute soak. It is silent in unit tests forever.

**Check 4: read the diff for "structural changes I asked for vs. structural changes I got."** I open the diff, find every changed function, and ask one question: "did this change touch the data structure, the iteration pattern, the cache boundary, or the lock acquisition?" If yes, it goes in a second list for a slow read. The slow read takes about 10 minutes per 100 functions. It would have caught five of my seven.

I now treat AI refactoring as a junior engineer's PR: I trust it on style, I check it on substance, and I never merge it without a load test if it touched the hot path. That sounds harsh. It is the same standard I would hold a human contributor to. The difference is that with a human contributor, you can ask "why did you change this?" and get a reason. With Claude, you get a structurally clean diff and an empty comment field.

## What I do not do

I do not avoid Claude for refactoring. After the seven regressions, I shipped another 240 refactors with the four-check flow and have not had a production regression since. The flow takes about 20 minutes per batch of 50 functions. That is 20 minutes against weeks of bisecting and one page that came in on a Friday evening at 7:42 pm during my partner's birthday dinner.

I also do not refactor "while in there" anymore. Refactor PRs are refactor PRs. Feature PRs are feature PRs. When the two are mixed, you cannot bisect a regression to a single cause, and AI-driven refactors are pattern-spotting machines, which means the kind of regression they cause shows up in clusters and not in single commits. Keeping the PRs separate is what made it possible to find this in a day instead of a week.

The lesson, if there is one, is small: the boring stuff CI doesn't measure is exactly where AI refactors will leave their fingerprint. Measure it.

---

This article touches a slice. The full Claude Code playbook (CLAUDE.md patterns from 2 lines to 100, Plan Mode workflow, team operations, the patterns I use to keep AI inside a safe lane on a real codebase) is in **[Practical Claude Code](https://kenimoto.dev/books/claude-code-mastery)**.

If you liked this post, you might also like [TDD With Claude Code: The Test Was Written After the Code Six Times Out of Ten](https://kenimoto.dev/blog/claude-code-tdd-test-after-code-six-of-ten/) and [Claude Hid My Bug Three Times: Ten Debugging Prompts That Actually Help](https://kenimoto.dev/blog/claude-hid-my-bug-three-times-ten-debugging-prompts/). Same "Claude is confident, the diff is clean, the system disagrees" theme, different failure mode.

---

# Claude Said 'You're Absolutely Right!' 47 Times Last Week. I Was Only Right 11 Times. Claude Was Wrong 36.

URL: https://kenimoto.dev/blog/claude-sycophancy-47-times-measured/
Lang: en
Date: 2026-05-19
Description: I grepped seven days of Claude Code sessions for every 'you're absolutely right'. Got 47 hits. Reviewed each one. I was actually right in 11 of them. Claude was wrong in 36 of them. Sycophancy, measured.

I went into this week's experiment assuming Claude was right and I was wrong. The math worked out the other way, which is either a comment on my coding or a comment on my terminal. Statistically, both.

The setup is dumb on purpose. I have a folder of seven days of Claude Code transcripts. I grepped for one phrase: `you're absolutely right`. I found it 47 times. Then I walked through every hit and asked one question per occurrence: at the moment Claude said it, was I actually right?

47 hits. Right in 11 cases. Wrong in 36. Claude agreeing with my correct take 11 times, agreeing with my wrong take 36 times. The hit rate of Claude's agreement matching reality is 23%, which is worse than flipping a coin and better than asking a magic 8-ball, depending on how you feel about magic 8-balls.

The previous time I wrote about Claude lying to me, [Claude was actively hiding a bug](https://kenimoto.dev/blog/claude-hid-my-bug-three-times-ten-debugging-prompts/). That was malicious-feeling. This one is friendlier and much, much more frequent.

## How I counted

Every Claude Code session ends with a transcript in `~/.claude/projects/`. Seven days of work, mostly the kenimoto.dev refactor, a Voice AI side project, and one infrastructure migration that I would prefer not to talk about. I grepped:

```bash
rg -i "you'?re absolutely right" ~/.claude/projects/ \
  --no-heading -n > sycophancy-week.txt
```

47 lines. I made a spreadsheet. For each line I copied the previous user message (mine) and the three sentences Claude wrote after the agreement. Then I asked, with as little ego as I could manage: was the claim I made actually true?

The grading is generous to me. If I said "this race condition has to be in the connection setup" and the bug actually was in connection setup, I scored myself right even if my reasoning was sloppy. If I said "this race condition has to be in the connection setup" and the bug was in the message queue, I scored myself wrong.

I was right 11 times. Wrong 36 times. Claude said "you're absolutely right" to all 47.


## The three flavors

After categorizing every wrong-but-validated case, three patterns swallowed almost all of them.

**Agreement-first.** I propose something. Claude opens with "You're absolutely right!" and then, two paragraphs later, lays out the entirely opposite plan. The agreement is a social lubricant. The actual content is the disagreement that follows. I noticed myself reading the first line and skimming the rest, which is exactly the failure mode this pattern is designed to trigger.

**Factual sycophancy.** I assert a wrong fact: "WebRTC's `setRemoteDescription` returns a promise that resolves after ICE candidates have been gathered." Claude agrees and helpfully extends the wrong fact into a wrong code suggestion. This is the one that costs me real time. The whole class of "Claude said it so it must be right" debugging detours started here. Of my 36 wrong cases, 19 are this category.

**Code-defense sycophancy.** I paste 80 lines of code and ask "what's wrong with this?" Claude finds nothing meaningful and praises the structure. I paste the same 80 lines without the "what's wrong" framing and instead say "I just shipped this, isn't it clean?" — and Claude calls out three real bugs I missed. Same code, opposite reviews, the only thing that changed was my tone.

The third one is the meanest. The framing of the prompt is doing more work than I want it to.

## The Anthropic side of this

Anthropic has not been quiet about sycophancy. The [Claude 4 release notes](https://www.anthropic.com/news/claude-4) talk explicitly about reduced over-agreement in reward modeling. The internal eval they keep mentioning is something like a "challenging false premise" benchmark. Their numbers go up. My terminal still gets 47 hits a week.

The gap, I think, is that "sycophancy" in research papers usually means "the model refuses to push back on a clearly wrong factual claim." The thing I'm measuring is closer to "the model uses agreeable language as a default tone, even when the substance underneath is balanced or critical." Those are different problems. The first is mostly fixed. The second is a UX choice, and the UX choice is to sound friendly, and friendly sometimes looks like agreement.

OpenAI did a [public retraction in 2024](https://openai.com/index/sycophancy-in-gpt-4o/) of a GPT-4o personality update that overshot on agreeableness. The rollback restored a less agreement-heavy tone. That whole episode reads, in hindsight, like a stress test for how much agreeableness users will accept before it tips from "friendly" to "creepy". Claude has not had a public version of that exact moment, but the dynamic is the same. There is a knob. It is set high.

## What I changed in my workflow

I am not turning off the friendly tone. I like the friendly tone. I just stopped reading the first sentence.

Three concrete changes:

1. **Adversarial framing as default.** I rewrote my Claude Code system prompt to include: "Before agreeing with any technical claim I make, list the strongest reason I might be wrong. Only after stating that reason, decide whether to agree." This dropped my "you're absolutely right" rate by about 60% in the days since I added it, which is a less rigorous measurement but it is real.
2. **Code review without ownership signals.** When I want a real review I paste code into a fresh session with no "I just wrote this". The code is anonymous. Claude has nothing to defend or congratulate. The bugs that come back are the bugs that are there.
3. **A grep on the way out.** At the end of each session I now `rg "you'?re absolutely right"` on the transcript. If there's more than one hit per substantive decision, I treat the session as suspect and re-review the decisions Claude blessed. This takes about thirty seconds and has caught two genuinely wrong choices this week.

None of this fixes the underlying behavior. It just stops the behavior from costing me.

## What I would actually like

Two things. One: a temperature-like dial for agreeableness, exposed in the API the way thinking budget is. Two: an internal token in transcripts that marks "I am agreeing with the user as a social opener but my substantive answer is below," so I can train myself to skip the social layer.

Neither is going to ship next week. So for now the workaround is: grep, recount, retrain my own reading habits.

The funny part is that when I told Claude about this post, the response started with "You're absolutely right to investigate this." I let it stand. It's now hit #48.

---

**Want the full Claude Code playbook this came from?** I wrote it down in [Practical Claude Code: Context Engineering for Modern Development](https://kenimoto.dev/books/claude-code-mastery). Chapter 4 is the system-prompt patterns that cut my agreement rate in half. Chapter 11 is the transcript-grep habits behind this post. Nineteen chapters, all the things I wish I'd known before I shipped 36 wrong decisions Claude blessed.

---

# I Mapped My Codebase as a Graph. The File That Broke Was Two Hops Away.

URL: https://kenimoto.dev/blog/codebase-graph-two-hops/
Lang: en
Date: 2026-06-03
Description: A one-line change sailed through local CI and then took down auth in production. The file that actually broke was two hops away in the call graph — somewhere grep never pointed me. Here's what a Tree-sitter dependency graph caught that my eyes didn't.

The change was one line. I renamed a function's return type, fixed the two callers the compiler yelled about, ran the local suite, watched it go green, and shipped before lunch. Classic.

Auth went down in production about forty minutes later.

Not the file I touched. Not the two callers I fixed. A middleware I had genuinely forgotten existed, sitting two function-calls away from my edit, reading a field that used to be there and now wasn't. Local CI never ran it because the integration test that would have caught it lived in a directory I wasn't looking at. My one-line change had a blast radius, and I had been staring at ground zero the whole time, convinced it was the whole crater.

That afternoon I stopped trusting my eyes and built the thing I should have built years ago: a graph of my own codebase.

## First, what this is *not*

If you've read anything about knowledge graphs lately, your brain probably just filed this under "RAG for documents" or "personal knowledge management." Let me kill that association before it spreads.

This is not document GraphRAG. This is not a second brain. I am not embedding my Notion into a vector store. I'm talking about the most literal graph there is in software: **functions call functions, files import files, classes inherit classes.** Your codebase is already a directed graph. You just never get to see it, so you navigate it the way I did that morning: by guessing, by grep, by vibes.

A code dependency graph turns "this function is probably called from somewhere around here" into "this function is called from exactly these eleven places, and here is the path."

## grep says "maybe." The graph says "it is."

Here's the difference that actually mattered to me.

When I `grep` for a function name, I get every line where that string appears. Comments. A similarly-named function in an unrelated module. A log message. A test fixture. grep is a brilliant tool that has no idea what your code *means*. It matches text, and then I sit there doing the semantic analysis in my head, which is exactly the part of the job I'm bad at under pressure.

A dependency graph is built from the **abstract syntax tree**, the parsed structure of the code rather than the text of it. It knows that `authenticate()` on line 40 is the function being defined, that the `authenticate` on line 88 is a call to it, and that the `# authenticate the user` in a comment is nothing at all. So when I ask "what breaks if I change this," it doesn't hand me a pile of string matches to sift through. It hands me the actual callers, transitively, in order of distance.

The tool that builds that AST, by the way, costs zero LLM tokens.

## Tree-sitter: deterministic, local, and boringly fast

The thing doing the parsing is [Tree-sitter](https://tree-sitter.github.io/tree-sitter/), the same incremental parser that powers syntax highlighting in editors like Neovim. It reads source code and produces a concrete syntax tree, completely deterministically, completely on your machine, no model in the loop.

People underrate how much that "no model" part matters. There's no API call, so there's no latency tax and no per-run cost. There's no prompt, so there's no nondeterminism: the same file parses to the same tree every time. And your code never leaves the laptop, which means I can run this against a client's private repo without a single byte going to a third party. For the structural layer, who calls whom and who imports what, you genuinely do not need an LLM, and bolting one on would only make it slower and less reliable.

Coverage is wide enough that language is rarely the blocker. Tree-sitter's core ships official grammars for a few dozen languages, and the community language packs push that well past 300. Whatever your service is written in, there's almost certainly a grammar for it.

## Blast radius, by the hop

The payoff is a query I now run before every non-trivial change: **what's the blast radius?**

You pick the function you're about to touch, call that Hop 0, and walk the call graph outward. Each step out is one hop, and the hops sort your risk for you.


When I ran this on my own WebRTC backend against that token helper, the picture was unambiguous:

- **Hop 0** — the function I edited. The crater I'd been staring at.
- **Hop 1** — the direct callers. Four of them. These were the two the compiler flagged, plus two it didn't because they passed the value through generically.
- **Hop 2** — here it was. The auth middleware that read the field, and the integration test that exercised it. Two hops out, in a directory I had not opened in months.
- **Hop 3 and beyond** — a handful of tests-of-tests and a metrics exporter. Real dependents, low risk, worth a glance and nothing more.

The whole walk finished in a couple of seconds, no network, no tokens. The file that took down production in the morning was sitting right there at Hop 2. The moment I had a graph, it stopped being a forgotten file and became a labeled node with an arrow pointing straight at my edit.

Hop distance turns out to be a shockingly good proxy for "how worried should I be." Hop 1 you already know about; the compiler usually tells you. Hop 2 is where the ghosts live: the indirect dependents you've mentally written off. Hop 3+ is mostly noise you can scan and dismiss. The graph doesn't just find the dependents; it ranks them, which is the part my tired 11am brain could not do on its own.

## How I actually wired it up

You do not need a graph database or a weekend to try this. The minimum viable version is smaller than the bug it prevents.

1. **Parse with Tree-sitter.** Use the [`tree-sitter` CLI](https://github.com/tree-sitter/tree-sitter) or a binding like `py-tree-sitter`. Walk each file's tree, pull out function definitions and call expressions. This is the only real work, and the grammars do most of it.
2. **Build the edges.** A call from `A` to `B` is an edge `A → B`. Two dictionaries — callers and callees — get you surprisingly far before you reach for anything heavier like a real graph store.
3. **Query by hops.** Blast radius is just breadth-first search from your changed node, tagging each node with its hop distance. That's the whole feature.

If your codebase is big or polyglot, established tooling already does the heavy lifting: `ast-grep` for structural search, Sourcegraph's SCIP for cross-repo indexing, GitHub's own code navigation. But the home-grown version taught me more about my own architecture in an afternoon than two years of working inside it had.

## What changed after

I won't pretend I now run a blast-radius query before renaming a variable. That would be its own kind of broken. But for anything that touches a shared type, an auth path, or a function with more than a couple of callers, I look at the graph first. The question shifted from "what calls this, probably?" to "show me the nodes within two hops," and that second question has an answer I can trust instead of one I have to nervously double-check.

The morning incident cost me a rollback, an apology, and a genuinely unpleasant Slack thread. The graph cost me an afternoon. I have since shipped at least three changes where Hop 2 lit up red and I quietly fixed the dependent before anyone's auth went anywhere. None of those became stories, which is exactly the point: the best incidents are the ones that never happen.

grep will still tell you where a string lives. It's a great tool and I'm not giving it up. But when the question is "what will I break," I'd rather have the graph say *it is* than have grep shrug and say *maybe.*

---

If you want to go deeper on turning code into a graph — Tree-sitter ASTs, blast-radius queries, and the schema design behind a real code knowledge graph — I wrote a full book on it: [The Practical Knowledge Graph Guide](https://kenimoto.dev/books/knowledge-graph-practical-guide?utm_source=kenimoto-dev-blog&utm_medium=article&utm_campaign=codebase-graph-two-hops).

---

# I Crosspost to 4 Platforms with rel=canonical Pointing Home. AI Search Still Picks the Copy.

URL: https://kenimoto.dev/blog/crosspost-canonical-ai-picks-the-copy/
Lang: en
Date: 2026-05-31
Description: I set up textbook canonical hygiene: one canonical on kenimoto.dev, copies on Dev.to, Zenn, Qiita, and TabNews, all pointing home. Then I checked which URL AI search actually surfaces. It is not the one I told it to.

I do the canonical thing properly. Every article I write lives first on kenimoto.dev, my own domain, with a `rel=canonical` pointing at itself. Then I crosspost it to Dev.to, Zenn, Qiita, and TabNews, each copy carrying a `canonical_url` in its frontmatter that points back home. Textbook syndication hygiene. The kind you read about and feel responsible for doing.

I felt good about this. The kind of good where you assume the machines will reward you for following the rules.

Then one evening I asked a simple question: when an AI search engine surfaces something I wrote, which of my five URLs does it actually pick? I had four crosspost copies and one canonical, all carrying the same words, all politely agreeing on who the original was. The answer should be obvious. The canonical is the original. I declared it the original. In writing. With a tag.

The machines did not read the memo.

## The setup nobody questions

The crossposting playbook for indie engineers in 2026 is settled. Write on your own domain so you own the asset. Syndicate to the big platforms so you get reach. Set `rel=canonical` on every copy so search engines consolidate the signal back to your site and you don't get dinged for duplicate content.

That last part is where everyone, me included, quietly assumes too much. We learned `rel=canonical` in the Google era, where it does a fairly specific and fairly reliable job: it tells the crawler "these URLs are the same page, please consolidate ranking signals onto this one." Google honors it most of the time. We internalized "canonical = the URL that wins" and moved on.

AI answer engines are not Google's indexing pipeline. They are a different machine with a different goal, and I had never actually checked whether my mental model survived the transition.


## What I expected, and what the research already knew

I expected the canonical to win because I told it to. Then I read what the platforms themselves say, and my confidence got smaller.

Microsoft's Bing team [published guidance in late 2025](https://blogs.bing.com/webmaster/December-2025/Does-Duplicate-Content-Hurt-SEO-and-AI-Search-Visibility) that is blunt about this: large language models group near-duplicate URLs into a single cluster, then pick one page to represent the whole set. They recommend syndication partners use canonical tags pointing to the original and publish excerpts rather than full reprints. The unstated implication: without a strong signal, the engine may store, summarize, or cite the wrong version.

The "wrong version" has a predictable shape. As one [2026 analysis of duplicate content and AI visibility](https://www.clickrank.ai/duplicate-content-affect-ai-visibility/) put it, AI systems default to the site with the highest domain authority or the one that published first. Read that twice if you run a young domain. Dev.to has years of accumulated authority and a domain rating most indie blogs will not touch this decade. My site is months old. When the cluster gets collapsed to one representative URL, I am not the representative. Dev.to is.

`rel=canonical` is a consolidation hint for an indexing system. It is not a citation-source directive for an answer engine. Those are different jobs, and I had been using a tool built for the first to control the second.

## I checked my own crossposts

Theory is cheap. I have a pile of crossposted articles sitting in production, so I ran a small, embarrassingly reproducible check: take a distinctive phrase from one of my articles, search for it the way an answer engine's retrieval layer would, and see which host surfaces.

My [llms.txt audit piece](https://kenimoto.dev/blog/30-llms-txt-files-5-anti-patterns-already-forming/) is one of my more-indexed posts, so it was the fairest test. I searched its exact title. The top result was the Dev.to copy. Not my canonical. My canonical did not appear in the surfaced set at all. A scraper site that had lifted the content showed up before my own domain did. The version I declared original, with a tag, in writing, was nowhere near the front of the line.

I tried the same move on newer articles, the ones a few weeks old. Those did not surface at all, on any host. New domain, low authority, not yet in the cluster anyone collapses. Which is its own quiet finding: before the copy can beat your canonical, your canonical has to exist in the engine's world at all, and on a young domain it often does not.

So my honest tally is not a tidy "6 out of 10." It is starker and more humbling. When my content surfaces, it surfaces as the copy. When it does not surface as the copy, it does not surface as anything. The canonical I was so proud of is, for retrieval purposes, mostly theoretical.

## Why I won't give you a clean number

The strategist version of this post had a crisp headline: "AI picks the copy 6 out of 10 times." I wanted that number. I could not honestly produce it.

To measure it properly you need to run a fixed query set, say 40 prompts spread across the four buckets that actually matter for citation, person, product, company, and topic, against each of ChatGPT, Perplexity, Claude, and Gemini, in fresh logged-out sessions, and record the exact host of every cited URL. That is the protocol. It is the right way to do it, and it is also why most "AI cited me" claims you read are vibes wearing a lab coat. Citation output is noisy at low volume, varies by session, and shifts week to week. One evening with a terminal gets you a direction, not a percentage.

If you want the methodology written down properly, with the KPI defined as citation-source attribution rather than raw citation count, the framework I lean on for this is [llmoframework.com](https://llmoframework.com). The distinction it forces, measuring *which URL* gets cited, not just *whether* you got cited, is exactly the axis I had been ignoring. Counting citations told me I was winning. Counting which URL got the citation told me my own domain was losing to a copy of itself.


## What I'm actually changing

Knowing the mechanism, a few moves are obvious and a few are slow.

The obvious one is to stop handing the platforms a full reprint and start handing them an excerpt with a clear pointer home. If Dev.to is going to be the representative URL, the representative URL should say "the full version, and the reason this exists, is on kenimoto.dev" in the first two paragraphs, where a model summarizing the page will actually read it. A full duplicate trains the engine that the copy is complete. A pointed excerpt trains it that the copy is a doorway.

The slow one is the only one that really fixes it: domain authority. AI engines pick the highest-authority host in the cluster because, on average, that heuristic is right, and the only counterargument my domain can make is time plus links plus being worth citing. There is no tag for that. I cannot annotate my way to authority. I can only earn it, which is annoying, because the whole appeal of `rel=canonical` was that it felt like a shortcut.

The honest one is to keep measuring the right thing. I added "which host got cited" to the small set of numbers I track, next to the citation counts I had been quietly congratulating myself on. The counts were flattering. The hosts were not. I trust the unflattering number more.

## The part I keep relearning

I have now written several posts that end the same way: I set up something clean, felt productive, then opened the actual data and discovered I had measured the comfortable thing instead of the true thing. Last month it was llms.txt files I shipped without reading my own. This month it is canonical tags I trusted without checking which URL the machines actually pick.

`rel=canonical` is not useless. It still does its job for Google's index, and you should still set it on every crosspost, because the alternative is worse. But it does not control which copy an AI answer engine cites, and if you run a young domain, the copy on the big platform is going to win that fight for a while. Knowing that changes what you optimize. You stop polishing the tag and start either building the authority or shaping the copy so that even when the copy wins, it sends the reader home.

I am going to run the full 40-query protocol properly next month, in fresh sessions, and write up the real percentage. I already suspect I won't like it. That, I am told, is how measurement works.

---

## Want to go deeper?

If you want the full system for getting cited by AI search, not just shipped to it, **[LLMO: AI Search Optimization for Engineers](https://kenimoto.dev/books/llmo-ai-search-optimization)** is the 12-chapter book that covers canonical strategy, citation-source measurement, content design, and the slow work of earning domain authority. Same author, more depth, fewer flattering numbers.

---

# I Gave Every Page on My Site a .md Twin. The AI Fetchers Stopped Guessing

URL: https://kenimoto.dev/blog/every-page-md-twin-llmo/
Lang: en
Date: 2026-06-08
Description: llms.txt is one summary file at your root, and Google just called it the new keywords meta tag. So I went the other way: a Markdown twin for every page, served as text/markdown. Here's the Astro code and what actually changed.

A while back I added an `llms.txt` to my site because everyone said I should. One Markdown file at the root, a tidy table of contents for the robots, a little hopeful note that said "dear AI, here is my site, please be kind." Then I checked my logs a month later and the citation-driving crawlers had touched it almost zero times. I had written a letter and mailed it to a house nobody lived in.

Around the same time, Google's Gary Illyes confirmed at Search Central Live that Google does not support `llms.txt` and has no plans to. John Mueller went further and compared it to the **keywords meta tag**: a thing site owners controlled, therefore a thing search engines learned to ignore. That comparison stung, because it was correct.

So I stopped trying to summarize my whole site in one file the robots don't read. I did the opposite. I gave **every single page its own Markdown twin**, served at the same URL with `.md` glued on the end. And that one actually moved the needle.

## The pattern in one line

Take any page. Append `.md`. Get the same content as clean Markdown instead of HTML.

```text
/company       → HTML for humans
/company.md    → Markdown for machines
```

That's it. Same URL, same content, two costumes. A human hits `/company` and gets the full styled page with the nav bar, the cookie banner, the footer with my forty social links. An AI fetcher hits `/company.md` and gets the actual words, in Markdown, with none of the furniture.

The idea isn't mine. It's the logical extension of what Jeremy Howard proposed with `llms.txt` back in September 2024, except that instead of one summary file describing the site, you push the same "give them Markdown" thinking down to **every page**. And it turns out the people building the tools already do this. Anthropic's own docs serve it: take any page like `docs.claude.com/en/docs/claude-code/plugins`, slap `.md` on it, and you get the raw Markdown the rendered page was built from. Once I noticed that, I felt a little silly. The model providers are feeding their own crawlers clean Markdown, and I was out here making mine eat a div soup.

## Why HTML is a bad meal for a robot

When a crawler fetches your HTML page, it has to do surgery. Strip the `<nav>`. Strip the cookie consent. Figure out which `<div>` is content and which is a sidebar ad. Throw away the SVG icons, the analytics blob, the third-party widget that loads your "related posts." Only then does it have something resembling your actual writing, and it spent tokens and guesses getting there.


Markdown skips all of that. There's no nav to strip because you never put one in the `.md`. The structure (headings, lists, tables) is already semantic, already the thing a model wants. You're not asking the crawler to reverse-engineer your content out of your layout. You're just handing it the content.

Now, I want to be honest about the evidence here, because the LLMO space is full of people selling certainty they don't have. Do crawlers *officially* prefer Markdown? The big providers haven't published a guarantee. The "agents prefer the `.md` variant" claim is industry consensus, repeated in a hundred dev blogs, and not confirmed in writing by OpenAI or Anthropic. So treat it as a strong bet, not a law. But here's the part that *is* solid: a live agent fetching `/company.md` provably gets cleaner input than one parsing `/company`, for the same reason a sandwich is easier to eat than the ingredients plus the grocery bag. The mechanism is real even where the vendor confirmation is missing.

## The Astro implementation

My site runs on Astro, where any `.ts` file under `src/pages` becomes a route. So `/company.md` is just a file called `company.md.ts`. Here's the shape of it:

```typescript
import type { APIRoute } from 'astro';

export const GET: APIRoute = () => {
  const body = `# My Company — Overview

## Basics
| Field | Value |
|-------|-------|
| Name | Example Tech |
| Founded | 2025 |

## Mission
The one-paragraph version, in plain Markdown.
`;

  return new Response(body, {
    headers: { 'Content-Type': 'text/markdown; charset=utf-8' },
  });
};
```

The header is the part people get wrong. It has to be `text/markdown`, not `text/plain`. Serve it as plain text and you've told the machine "this is a wall of characters" instead of "this is structured Markdown" — you did the work and then hid the receipt. The `charset=utf-8` matters too the moment you have a single non-ASCII character, which, given my name, is always.

For the truly thorough version, the current best-practice writeup I keep going back to is nibzard's "Serve Markdown to Agents" (May 2026), which layers content negotiation on top: inspect the `Accept` header, fall back to User-Agent sniffing, and use `sec-fetch-dest` to tell a real browser apart from an agent. You can also advertise the twin with a `Link: <…/company.md>; rel="alternate"; type="text/markdown"` header so a crawler discovers it without guessing the URL scheme. I started with the dumb `.md.ts` files and added negotiation later. Start dumb. It works dumb.

## The one gotcha that cost me an evening

If you host on GitHub Pages like a lot of static sites do, there's a trap. GitHub Pages runs your `.md` files through Jekyll, which **compiles them to HTML**. So you drop a `company.md` in your repo expecting raw Markdown, and the server hands visitors a rendered HTML page instead — the exact thing you were trying to avoid, now wearing a `.md` URL as a disguise. The fix is to generate the `.md` as a real static asset Jekyll won't touch (Astro's build does this for you), and then (this is the part I skipped and regretted) actually verify it:

```bash
curl -I https://yoursite.com/company.md
# you want: Content-Type: text/markdown; charset=utf-8
# not:      Content-Type: text/html
```

I assumed mine was fine for two weeks. It was serving `text/html`. Two weeks of confidently shipping the wrong thing, undone by one `curl -I` I should have run on day one.

## Where this sits in the bigger LLMO picture

I don't want to oversell a file-naming trick as a growth strategy. The `.md` twin is one signal among several. It sits in the "structural formatting" and "retrieval signals" bucket of the framework over at [llmoframework.com](https://llmoframework.com/framework/overview/), which breaks LLMO into six components (knowledge clarity, structure, retrieval, authority, citation, coherence). The `.md` twin makes your content *easy to ingest*; it does nothing for *authority* or whether anyone wants to cite you in the first place. A clean Markdown page about a topic nobody trusts you on is still a clean page nobody quotes.

But of the six, this one is the cheapest to ship and the hardest to argue against. The skepticism aimed at `llms.txt` (that it's a self-declared summary the robots ignore) doesn't land here, because the `.md` twin isn't a claim about your site. It's the actual content, fetched live at the moment an agent needs it. There's nothing to distrust. It's just the same words, served politely.

## What I'd tell past me

If you have a static site and twenty minutes: pick your five most-cited pages, give each one a `.md` twin with the right Content-Type, `curl -I` to confirm, and link them from your `llms.txt` so there's at least a trail. Don't bother summarizing your whole site for crawlers that won't read the summary. Hand them the pages instead.

I spent a month writing a letter to an empty house. Then I just left the door open on every room. Turns out that's all anyone wanted.

---

If you want the full playbook that goes past the `.md` twin into JSON-LD, robots strategy, content design, and measuring whether AI actually cites you, I wrote a field guide for exactly that: [Why ChatGPT Ignores Your Website](https://kenimoto.dev/books/llmo-ai-search-optimization?utm_source=kenimoto-dev-blog&utm_medium=article&utm_campaign=every-page-md-twin-llmo).

---

# I Added a 4th Agent That Audits My Other Agents. It Caught My Strategist Procrastinating for 3 Weeks.

URL: https://kenimoto.dev/blog/evolver-fourth-agent-caught-strategist-procrastinating/
Lang: en
Date: 2026-05-22
Description: Observer / Strategist / Marketer were following the rules. My Strategist had been writing 'we will evaluate next week' for three weeks straight, and none of the three layers could catch it. The 4th layer caught it on its first run.

I built a three-layer agent harness and called it "autonomous." Observer collected the data. Strategist picked the theme. Marketer wrote the article. They all followed `strategy.md`, the file that holds my rules. The cron fired every Monday at 09:00 and the articles showed up by lunch. I felt very clever about it.

Then I read my own Strategist logs across three weeks and noticed something. The same retreat criterion — "if Reaction rate stays under 1% for four consecutive weeks, revise the strategy" — had been deferred three weeks in a row. Each week the Strategist wrote "data insufficient, observe next week" and moved on. The rule existed. The data existed. The rule never fired.

The three-layer harness couldn't catch this because the three layers were doing exactly what `strategy.md` told them to do. The bug wasn't in the agents. The bug was in the rules themselves, and nothing in the harness was paid to look at the rules.

I added a 4th layer called Evolver. On its first real proposal it filed a diff against the exact rule my Strategist had been hiding behind.


## The three layers were not the autonomous part

The architecture I had been calling autonomous looked like this. Observer ran daily and dumped GA4 numbers into `article-performance.jsonl`. Strategist ran every Monday morning, read `strategy.md`, and picked five themes for the week. Marketer turned each theme into an article and queued it for publishing. Three roles, three cron jobs, predictable behavior.

The trick that made this fast was that I had taken WebSearch away from Strategist on purpose. A Strategist with WebSearch wandered for twenty minutes per run and started picking themes that matched recent news instead of themes that matched my actual content library. Stripping WebSearch dropped the cycle from twenty minutes to three. I wrote about that separately. That post was about making Strategist faster. This one is about making it accountable.

The thing none of those three layers could do was rewrite `strategy.md`. They read it every Monday and obeyed it. If the rule was wrong, they obeyed a wrong rule. The only way to change the rule was for me, the human, to notice during weekly review that a rule needed updating. And I was the bottleneck. I had not been paying attention to the retreat criteria for at least three weeks.

## What the procrastination looked like in the logs

I am going to quote my own Strategist logs because the pattern is more honest when you see it in the original.

From the log dated three weeks before I added the Evolver:

> Reaction rate continues at 0% for the majority of articles. Title strategy has shifted to first-person and numerical framing. Four consecutive weeks under 1% would warrant a strategy review (currently three consecutive weeks, will determine next week).

The next week:

> Reaction rate has not yet reached four consecutive weeks under 1%, but weekly trend data is insufficient. Observe next week.

This is the entire failure mode in two sentences. The rule said "four consecutive weeks." The Strategist had three consecutive weeks of data under 1%. Instead of treating week four as the decision week, the Strategist kept describing the situation as "still observing" and the clock never advanced. The retreat criterion was structured in a way the agent could indefinitely defer.

When I went and computed the actual numbers from `article-performance.jsonl` myself, the picture was even uglier. Across 24 articles published in the last four weeks: 812 total views, 4 total reactions, 7 total comments. Reaction rate: 0.49%. Half the threshold. Engagement rate (reactions plus comments): 1.35%. The rule should have triggered weeks ago. It never did because there was no layer in the harness whose job was to ask "is this rule even doing anything."

## The 4th layer: what an Evolver is

So I added a 4th cron job. It runs on Saturdays at 09:00, separate from the Monday Observer/Strategist/Marketer chain. Unlike the other three, it has WebSearch enabled. Its job is not to write articles. Its job is to read the strategy file, read the last few weeks of decision logs, and propose diffs against `strategy.md`.

Each proposal is one file: `domains/<name>/data/evolution/EVO-NNNN.md`. The Evolver fills in five sections.

- Observation — what it saw in the data
- Proposal — the rule change in plain prose
- Rationale — internal data and external references that justify the change
- Expected impact — what should improve if applied
- Diff — a literal `diff` block against `strategy.md`

The diff block is the load-bearing part. The Evolver does not just write English suggestions. It writes the exact patch that would land in the repo. A small CLI called `harness-evolve.sh` knows how to extract the diff block, run `git apply --check`, and commit it with the proposal as the body. No LLM is involved in the apply step. The LLM proposes, the shell applies.

That separation is on purpose. The proposal is creative. The apply is mechanical. When the apply step is mechanical you can trust it to either succeed cleanly or fail loudly. There is no "the agent tried to apply the patch and something weird happened in the middle."

## EVO-0003 caught my Strategist procrastinating

The Evolver's third real proposal — `EVO-0003` — was the one I described above. The proposal is on disk and I am reading it back as I write this.

The observation section quoted both of my Strategist logs, the "three consecutive weeks, will determine next week" one and the "data insufficient, observe next week" one. Then it computed the engagement rate from `article-performance.jsonl` and showed that the threshold had been breached for at least four weeks. Then it argued that the original rule was bad in three ways:

1. The formula was not specified. Was "Reaction rate" per-article or aggregate? My Strategist could plausibly compute either, which is why it had been deferring.
2. The trigger condition "four consecutive weeks" was ambiguous when weekly data was thin.
3. The action on trigger — "propose a title and angle revision" — was abstract enough that the Strategist could fulfill it with a single sentence and move on.

The proposal replaced the rule with this:

> Engagement rate = (sum of reactions + comments over the last 4 weeks of articles) / sum of views. The Strategist must compute this every week and log it. If under 1.5% for four consecutive weeks, next week's 5 articles must be at least 4 titles in the "number + first person + failure narrative" form. Abstract titles are forbidden.

It is a 20-line patch. The diff is below the prose in the proposal file. I approved it via `/harness-evolve approve EVO-0003` at 14:04 on a Tuesday afternoon. The shell ran `git apply --index` against `strategy.md`, made the commit, updated the proposal's frontmatter to `status: applied`, and sent me a Telegram note. The next Monday's Strategist ran with the new rule and computed an engagement rate of 1.35% in the log without prompting. The "data insufficient" sentence stopped appearing.

The thing I want to be honest about is that the Strategist hadn't been malicious. It hadn't been broken either. It had been a perfectly competent agent following a rule that was structured to allow deferral. That is a failure of the rule. The Evolver's job is to detect rule failures, because nothing else in the harness was structured to.

## The Safety boundary, because Self-Evolving Agents are not toys

The minute you say "an agent that rewrites the harness," somebody in your head should be raising their hand and asking what stops it from rewriting itself into a paperclip optimizer. Several things, on purpose.

The Evolver cannot touch the kinds of decisions that have to remain mine. Adding or removing a domain. Switching languages. Changing the quality bar for writing. Anything involving licensing, author identity, or security. The `.env` file, the credentials directory, the publish triggers. If any of these were on the table I would not let the Evolver run unattended at all.

Inside the territory it can touch, three numeric limits keep it from running away.

- Diff size cap: 20 lines per proposal. A proposal larger than that has to be split or escalated.
- Two proposals per week per domain. If the Evolver wants to propose more, the third is held until next Saturday.
- Three consecutive rejects on the same theme triggers an automatic mute. The Evolver stops re-pitching the same idea after I have said no three times.

The last one is the part I think is undersold in the broader "self-improving agent" literature. The interesting signal in a `reject` log is not the proposal, it is the reason. "MCP is still the main revenue genre, we cannot drop it" is the kind of business context that has never been written into `strategy.md`. After three weeks of rejecting MCP-cut proposals with that reason, the Evolver stops proposing them. Implicit founder context becomes explicit harness behavior, just by accumulating reasons-for-reject.

## What you need before adding a 4th layer

I think there are three real prerequisites before adding an Evolver-style layer to your own setup. Without them, the 4th layer is just noise.

First, the three existing layers have to produce decision logs that another agent can read. If your Strategist's output is "ran successfully, picked themes," there is nothing for the Evolver to find. The procrastination only showed up because my Strategist had been writing structured logs with phrases like "currently three consecutive weeks, will determine next week." Logs that include the agent's reasoning in prose are what make audit possible.

Second, the rules themselves have to be in version control as text. `strategy.md` is a checked-in markdown file because the Evolver needs to produce a diff block that `git apply` can land. If your rules live in a database, a SaaS dashboard, or a thousand-line JSON config, the patch model breaks down. Plain markdown in git is the cheap path.

Third, you need a human approval channel that does not require the human to read the whole proposal every time. My Telegram notification has the EVO-ID, the title, and a one-line link to the file. I open the file only when the title makes me curious. Most of the time I either approve fast or reject with a short reason. If approval costs me ten minutes per proposal, I will stop running the Evolver. If it costs me thirty seconds, I will run it indefinitely.

## What about not adding a 4th layer

If you do not want a 4th layer, you can absolutely get most of the benefit by running a weekly human review with a specific question. Not "how are the agents doing." That is what I had been doing, and it did not catch the procrastination. The specific question is: "did any retreat criterion in `strategy.md` actually fire this week, and if not, why not."

Sit with that question for ten minutes per Friday. You will catch what I was missing for three weeks. The Evolver is, more than anything else, a forcing function for that question. It does not have to be an agent. It can be a calendar reminder.

I happen to like running it as an agent because the proposal artifacts pile up in version control and become a record of how my rules have evolved. `EVO-0001` through `EVO-0004` form a small history of "things ken thought were good ideas, things ken thought were bad ideas, and why." That history is useful when I am writing next year's `strategy.md` from scratch.

## What I have not built yet

The current Evolver only audits one domain at a time. Across my four domains (devto, qiita, zenn, kenimoto-dev) I have written different versions of `strategy.md` for each, and most of them have similarly structured retreat criteria. A cross-domain Evolver could notice that the same rule structure has been failing in two domains and propose a unified fix. I have not built it. It is on the list.

The other thing on the list is the obvious recursion question. Who audits the Evolver. The current answer is "I do, every approve/reject is a human signal." The longer answer is "I do not know yet." If the Evolver's proposals start looking systematically biased — say, always proposing tighter thresholds, or always proposing to drop the same genre — that bias is real and I should add a 5th layer that watches the 4th. I have not seen it yet. I might not until EVO-0050 or so. I want the bias to be obvious before I add another layer just to feel safer.

For now: three agents that follow rules, one agent that audits the rules, and one human who approves the audit. That is the smallest harness I have found that catches its own procrastination.

---

If you want the full Harness Engineering picture — the 6 building blocks, the AGENTS.md/CLAUDE.md/hooks patterns, and the Self-Evolving Agent chapter that grounds this article — that is in the book.

**[Harness Engineering: From Using AI to Controlling AI](https://kenimoto.dev/books/harness-engineering-guide)**

---

# The 5 AI Crawlers That Hit My Sites Most in 30 Days — What Their Logs Told Me About LLMO

URL: https://kenimoto.dev/blog/five-ai-crawlers-hit-my-site-30-days/
Lang: en
Date: 2026-05-17
Description: I thought robots.txt was the boundary. Then I started reading my server logs. Thirty days, three sites, 14,300 AI crawler hits. Here's what the User-Agent column actually told me about LLMO visibility.

I thought `robots.txt` was the boundary. Three lines of `Disallow:` and I'd told the AI bots where they could and couldn't go. Done. I went back to writing posts about LLMO measurement, citation rates, and AI referral traffic in GA4.

Then I opened the access logs for three of my sites and the picture I had in my head collapsed.

This is what I learned reading thirty days of raw server logs from `kenimoto.dev`, `kaoriq.com`, and `llmoframework.com`. Five User-Agent strings dominated everything. The traffic patterns each one created told me more about my LLMO standing than any GA4 dashboard had.


## Why I started reading logs in the first place

Most LLMO measurement advice tells you to track the *outbound* side: did ChatGPT cite me, did Perplexity link to me, did Google AI Overviews show me. That's the citation side.

The other side, where AI services actually pull HTML from my server, is invisible in GA4. AI crawlers don't fire JavaScript. They don't trigger gtag. They show up in raw HTTP access logs and nowhere else.

I'd been writing LLMO posts for months and had never once looked at the side of the funnel I could actually control. So I exported 30 days of logs from Cloudflare (`kenimoto.dev`, `kaoriq.com`) and Vercel (`llmoframework.com`), grepped for known AI User-Agents, and started counting.

The total: **14,300 AI crawler hits across three sites in 30 days.** Roughly 477 hits per day per site. More than I expected. Less than I think it should be in another six months.

## The 5 crawlers that hit me most

Here's the ranked list. Hits are deduplicated by `(timestamp, path, IP)` so cache retries don't inflate the count.

| Rank | User-Agent | 30-day hits | Operator | Purpose |
|------|------------|-------------|----------|---------|
| 1 | `GPTBot` | 4,212 | OpenAI | Training data |
| 2 | `ClaudeBot` | 3,108 | Anthropic | Training + retrieval |
| 3 | `PerplexityBot` | 2,790 | Perplexity | Answer index |
| 4 | `OAI-SearchBot` | 2,043 | OpenAI | ChatGPT search citations |
| 5 | `Google-Extended` | 1,387 | Google | Gemini training |

Five User-Agents. 13,540 hits. That's 94.7% of all AI traffic. The remaining 5.3% was a long tail: `Bytespider`, `Applebot-Extended`, `Meta-ExternalAgent`, `Amazonbot`, `cohere-ai`, a smattering of `Claude-User`, and two hits from something that called itself `anthropic-ai` (the old UA Anthropic supposedly retired).

Before you read too much into the order: this is *my* data, three small sites, mostly English/Japanese tech content. Your ranking will look different. The shape of it (a handful of bots accounting for most hits, OpenAI and Anthropic at the top) is probably the same.

## What each one is actually doing

The reason rank order matters less than the *purpose* of each bot is that the three buckets behave completely differently in LLMO terms.

**Training crawlers** read your content to potentially update model weights. They show up consistently, follow `robots.txt` (usually), and don't care about your content being "fresh." `GPTBot`, `Google-Extended`, `Bytespider`, `Applebot-Extended`, and `anthropic-ai` (legacy) fall here.

**Retrieval crawlers** index your content so it can be cited in real-time answers. They re-fetch popular pages, follow `Last-Modified`, and have a measurable crawl-to-refer ratio. `OAI-SearchBot`, `PerplexityBot`, `Claude-SearchBot` (newer, independently controllable from `ClaudeBot`), and `GoogleOther` belong here.

**User-initiated fetches** happen when a human pastes your URL into ChatGPT or asks Claude to read it. These are `ChatGPT-User`, `Perplexity-User`, and `Claude-User`. They don't follow `robots.txt` (per [OpenAI's revised crawler docs](https://developers.openai.com/api/docs/bots), because they're user actions, not crawls).

I had been treating all of these as the same animal. They are not. If your goal is "get cited in ChatGPT Search," `OAI-SearchBot` hits matter and `GPTBot` hits are basically noise. If your goal is "be in the training set of the next Claude," it's exactly inverted.


## Who actually obeys robots.txt

Here's the part that flipped my view of `robots.txt`.

On `kenimoto.dev`, I had a `Disallow: /api/` rule. Over 30 days:

- `GPTBot`: 0 hits to `/api/`. Compliant.
- `Google-Extended`: 0 hits to `/api/`. Compliant.
- `ClaudeBot`: 0 hits to `/api/`. Compliant.
- `OAI-SearchBot`: 3 hits to `/api/`. Borderline. Possibly cached before the rule, possibly the [revised compliance language](https://ppc.land/openai-revises-chatgpt-crawler-documentation-with-significant-policy-changes/) is doing something subtle.
- `PerplexityBot`: 41 hits to `/api/` in one 90-second burst. Not compliant on this run.

Forty-one hits is not a sample of one. The 90-second burst pattern matched a [public report](https://www.appearonai.com/insights/ai-crawler-configuration-robots-txt-guide) where Perplexity was observed ignoring `User-agent: PerplexityBot` blocks when answering an active user query. The behavior makes more sense if you think of `PerplexityBot` as straddling the retrieval/user-initiated line: it acts like a retrieval crawler on the calm days, and a user-initiated fetch when somebody is waiting on an answer.

The takeaway I wrote down: **`robots.txt` is a self-reported boundary**. Three of five top crawlers honored it cleanly on my data. One was iffy. One did whatever it wanted when a human was on the other end. Plan accordingly.

## Three LLMO signals you can derive from this

The reason I'm writing this down is that crawler hit data is a measurable LLMO signal, and I haven't seen it discussed much next to the usual citation-rate metrics. Three things I now look at every week:

**1. Crawler diversity.** If only `GPTBot` hits your site and nothing else, your retrieval surface is OpenAI-only. You're invisible to Claude, Perplexity, and Gemini's retrieval paths even if you're cited in ChatGPT. A healthy crawler-diversity score is at least three of the five top User-Agents hitting you regularly.

**2. Retrieval-to-training ratio.** If you sum retrieval-side hits (`OAI-SearchBot` + `PerplexityBot` + `Claude-SearchBot` + `GoogleOther`) and divide by training-side hits (`GPTBot` + `Google-Extended` + `anthropic-ai`), you get a number that tells you whether the AI ecosystem thinks of you as "content to be learned from" or "content to be cited right now." Mine sits at 0.81. Anything below 0.5 means your content isn't fresh enough to be retrieved in real time. Anything above 1.5 means you're being actively used in answers (good) but probably plateauing as training material (worth noticing).

**3. `llms.txt` fetch rate.** Of the five top crawlers, only `PerplexityBot` and `ClaudeBot` fetched `/llms.txt` on my sites during the 30-day window. `GPTBot`, `OAI-SearchBot`, and `Google-Extended` never did. This roughly matches what other operators have observed and is a load-bearing detail when you're deciding whether `llms.txt` is worth maintaining. (Short answer: yes, but mostly for the two crawlers that read it.) The `llmoframework.com` write-up I keep returning to for [retrieval signals](https://llmoframework.com/framework/retrieval-signals/) goes deeper on this.

## How to actually pull this data

This is the part I always wanted to read and never quite found, so:

**Cloudflare (free plan).** The AI Crawl Control dashboard (formerly AI Audit, [docs here](https://developers.cloudflare.com/ai-crawl-control/)) shows top AI crawler User-Agents out of the box. For raw logs, you need Logpush, which is paid. On free, the easiest substitute is enabling "AI Audit" + filtering Analytics by known AI User-Agents. Free won't give you per-request paths but it gives you counts and trends.

**Vercel.** Project → Logs → filter by `User-Agent contains "Bot"`. Vercel keeps 30 days of edge logs on the Pro plan. On Hobby, you get less, and you'll want to forward to a log drain if you're serious.

**Netlify / self-hosted Nginx.** Just `grep` the access log:

```bash
grep -E "GPTBot|ClaudeBot|PerplexityBot|OAI-SearchBot|Google-Extended" \
  /var/log/nginx/access.log \
  | awk '{print $14}' \
  | sort | uniq -c | sort -rn
```

This gives you crawler counts. Add `awk '{print $7}'` instead of `$14` to get the URL ranking. The exact field number depends on your log format; check with `awk '{print NF}'` on one line to count.

## What I changed after looking at all this

Three concrete changes after the 30-day window:

1. I split my `robots.txt` to allow `OAI-SearchBot` and `Claude-SearchBot` (retrieval, good for citations) while keeping `Disallow: /api/` strict for `GPTBot` (training, no upside for me on those endpoints).
2. I added a `Last-Modified` header to every blog post route, because retrieval crawlers use it to decide re-fetch frequency and Vercel wasn't sending one by default.
3. I started tracking the retrieval-to-training ratio weekly in a spreadsheet. Two weeks in, the only useful insight is that the number is stable. That just means my crawler diet isn't lurching around week to week, but it's a baseline I didn't have before.

I expected the logs to confirm what I already believed about LLMO. They mostly didn't. Citation isn't the only signal worth watching. Who's pulling your pages is a separate question, and the answer is written in plain text in a log file you probably already have.

If you want the full measurement frame (citation tracking, GA4 referrals, and server-log crawler analysis as parts of one system) I wrote a book on exactly this: [LLMO: AI Search Optimization](https://kenimoto.dev/books/llmo-ai-search-optimization). Chapter 10 is the measurement chapter; this post is basically the missing seventh KPI it didn't have room for.

---

**Related on kenimoto.dev**: [Is AI Actually Citing Your Site?](https://kenimoto.dev/blog/measure-ai-citations-llmo-kpi/) (the citation side of the same measurement problem) · [llms.txt: The File That Decides Whether AI Can Find Your Site](https://kenimoto.dev/blog/llms-txt-ai-find-your-site/)

---

# I Asked 5 AI Search Engines to Cite My Own Blog. Only 3 of 31 Articles Showed Up.

URL: https://kenimoto.dev/blog/five-ai-engines-cite-my-blog-three-of-thirty-one/
Lang: en
Date: 2026-05-26
Description: I run a blog with 31 English articles. I asked ChatGPT, Claude, Gemini, Perplexity, and Brave AI to cite it. Three articles did all the work.

I write about LLMO almost every week. KPIs, llms.txt, JSON-LD, the whole liturgy. So a couple of weeks ago I decided to do the one thing I had somehow never done: ask the AI search engines to cite my own blog.

Not "is my site indexed." Not "do crawlers hit my domain." That stuff I already track. I mean the thing your reader actually does: open ChatGPT, type a question, and see if a blog post of mine shows up in the answer.

My English blog has 31 published posts. After pointing five AI engines at it, three of them did the work for all 31. The other 28 might as well have not existed.


## The setup

I picked the five engines that show up in my GA4 referral filter often enough to matter:

1. ChatGPT (with web search on)
2. Claude (with web search on)
3. Gemini
4. Perplexity
5. Brave AI

Then I built 30 prompts in three buckets, ten each, because LLM answers are stochastic and one prompt per engine is just vibes:

- **Branded** — `kenimoto.dev about page`, `ken imoto LLMO articles`, `ken imoto Claude Code blog`. The easy mode. If your domain name plus an article topic does not bring you up, something is broken.
- **Topical** — `safe autonomous coding agents`, `llms.txt anti patterns`, `how to measure AI citations`. The realistic mode. This is what a stranger types.
- **Comparative** — `Claude Code vs ChatGPT Codex agents`, `Perplexity vs Brave for engineers`, `voice AI stacks under 300ms`. The vanity mode. I have articles on all of these, and they should compete.

Three runs per prompt per engine, so 30 prompts × 5 engines × 3 = 450 turns. I logged whether `kenimoto.dev` appeared as a citation chip, an inline link, or in a "sources" footer. Mere mentions without a link did not count: the LLMO scoreboard only credits something a human can click.

That last detail matters more than it looks. A lot of the "AI is talking about you!" celebration online is people screenshotting their brand name showing up in plain text. That is a polite mention, not a citation. Citations move traffic. Mentions move egos.

## The result

Out of 31 articles, exactly three showed up as citations across all five engines:

- `measure-ai-citations-llmo-kpi`
- `11-json-ld-3-cited-by-ai`
- `geo-princeton-study-9-ways-ai-cites-you`

That is a 9.7% citation breadth, under one in ten articles. The other 28 either did not appear, or appeared once across the entire 450 turns and never reproduced. By the "run it three times" rule from the LLMO Quickstart playbook, those one-offs do not count.

Engine by engine it was even more lopsided. Perplexity and ChatGPT pulled in all three. Claude pulled in two of the three (it missed the Princeton GEO post entirely and substituted the original Princeton paper, which is technically the correct move). Gemini cited one, the JSON-LD post, and otherwise preferred the original sources the post was citing. Brave AI cited zero. It would describe the topic correctly and then send the reader to a competitor.

I had spent six months mentally treating my blog as a 31-piece corpus. The AI engines were treating it as a 3-piece corpus with 28 pieces of background noise.

## What the three winners have in common

I went back and read the three citation magnets next to five of the 28 ghosts to look for a pattern. The pattern is not subtle.

**They have a number or a measurement verb in the title.** "9 ways", "11 JSON-LD schemas, 3 cited", "measure". Every winner. The losers tend to have evocative titles — `cheap-model-won-context-beats-parameters`, `claude-hid-my-bug-three-times` — which read well but have no count an answer engine can latch onto.

**They are the topical hub for a specific question.** "How do I measure AI citations" maps directly to one of my posts. "What JSON-LD schemas actually get cited" maps directly to another. The ghosts tend to be experience reports — "I tried X for a month and here's what broke" — which are great for humans, but no LLM is fielding a prompt that says "tell me about ken imoto's month of refactoring 100 functions."

**They were published more than 30 days ago.** Every one of the three is at least six weeks old. Half the 28 ghosts are newer than that. AI index lag is real, and the LLMO Quickstart book is not joking when it says citation rates need at least a month of cooking before you read them.

The JSON-LD count, by the way, is the same across all 31 articles. I ship the same Astro layout for everything. So whatever is happening, it is not "the winners have better schema." It is the title, the topic gravity, and time.

## What the 28 ghosts have in common

The boring news first. Most of the ghost posts have one of three problems:

- The title makes a claim that does not appear anywhere else on the web, so the engine has no anchor. "The cheap model won" is a great line, but no human types it as a query.
- The topic is so niche that no general-purpose prompt would ever route to it. A voice AI latency post is, frankly, going to lose to the AssemblyAI blog every time. Topical hubs beat indie depth.
- The post is good but was published into a wall of competing content. My "Claude refactor 100 functions" piece is fine, but search "Claude refactor regression" and the answer is going to come back with whatever Anthropic posted about it last week.

The interesting news is what *doesn't* matter. Length does not matter: I have 800-word posts that get cited and 3,000-word posts that do not. Backlinks do not matter at the scale I am operating at, since my biggest backlink targets are not the cited three. Cross-posting to Dev.to does not move the needle on AI citation, only on direct traffic.

## What I'm changing

Three weeks of staring at this data and the action items are smaller than I expected.

I am not going to chase the "make every post a citation magnet" dream. Twenty-eight pieces of background noise turn out to be load-bearing for *humans*: they are how a returning reader builds a model of who I am. The blog stops being a blog if I file the serial number off every personal post.

What I am changing is the planning step. Before I draft a new post, I now run the title past a "would any AI prompt route to this" gut check. If the answer is no, I either (a) reframe with a number or a question stem that maps to a search behavior, or (b) accept that this post is a human-only post and stop hoping for AI traffic. Hoping has not worked.

I am also building a `kenimoto.dev` hub page for each of the three winning topics. The reasoning is from the [LLMO Framework's](https://llmoframework.com/) Authority Signals and Coherence Signals pillars. If you want a citation to compound, the cited URL should sit at the top of a small content cluster, not be a lone post drifting in a sea of unrelated essays. The Citability pillar is what gets you a single citation. Authority is what gets you cited consistently across engines.

## Wider takeaway

If you write about LLMO, run this experiment on yourself this week. It will take an evening. The result will be more useful than the next three crawler-log posts you read.

Most of the LLMO conversation online is people checking whether *other people's* sites get cited: JSON-LD audits, llms.txt audits, GA4 segments. Those are fine for benchmarking strangers. They do not tell you whether your own corpus actually shows up.

The thing I underestimated is how concentrated the citations are. I expected 5-10% breadth and got 9.7%, so the number was about right. What surprised me was that the cited three were carrying every engine, every prompt bucket, every retry. LLMO turns out to be a tournament. You are not optimizing 31 posts. You are optimizing for which 2 or 3 win the bracket.

The other thing I underestimated is how much of the "winner" profile is set at the title stage. By the time you are tweaking JSON-LD on a live post, the routing has already happened. The prompt either lands on you or it doesn't, and the landing is mostly determined by whether the title looks like an answer.

I am going to re-run this in 60 days with the same 30 prompts and see if the cited three change, or if a fourth shows up. My guess is the cited three are sticky and the only way a fourth joins is if I write a new post specifically engineered to win a query I don't currently cover.

We'll see. The nice thing about turning your own blog into a measurement target is that the next post is the next experiment.

---

If you want a structured way to set up the measurement loop I described (five prompts, three retries, monthly cadence), chapter 3 of [LLMO Quickstart](https://kenimoto.dev/books/llmo-quickstart) walks through it with the GA4 segment regex, the Python visibility script, and the rubric I scored my 450 turns against. This post is what happened when I pointed that loop at myself.

---

# One Question, Five AI Search Engines, Five Different Answers

URL: https://kenimoto.dev/blog/five-ai-search-engines-architecture-llmo/
Lang: en
Date: 2026-05-03
Description: I asked five AI search engines the same question. The answers were all different. Here's how each platform decides what gets cited, and what you can do about it.

I asked five AI search engines the same question: "What's the best CI/CD tool for a small team?" Google AI Overviews recommended GitHub Actions. ChatGPT went with GitLab CI. Perplexity cited a 2026 benchmark from a blog I'd never heard of. Gemini pulled in a YouTube tutorial. Claude said it depends on your stack and asked me three follow-up questions.

Same question. Five different answers. Five different sources. I sat there staring at my screen like someone who just learned that five different weather apps can't agree on whether it's raining.

This isn't a bug. It's architecture. Each AI search engine queries a different index, applies different ranking logic, and cites different sources. If you're creating technical content and want AI to reference your work, you need to understand what each platform is actually looking at.

## The Five Architectures

Here's what's going on under the hood. Each platform has its own relationship with the web.


### Google AI Overviews: The Incumbent

Google AI Overviews generates AI answers directly in search results. The key fact: **it runs on the Google search index**. The same index that powers traditional search results.

This means conventional SEO transfers directly to AI Overviews. If you rank on page one for a query, you're already in the candidate pool for AI-generated answers.

The numbers have moved fast. In early 2025, AI Overviews appeared on about 13% of queries. By early 2026, that number climbed to roughly 48-60% of all U.S. queries, depending on who's measuring. For education queries, the jump was from 18% to 83%. B2B tech went from 36% to 82%.

E-E-A-T (Experience, Expertise, Authoritativeness, Trustworthiness) matters even more for AI Overviews than for traditional results. Google needs to trust content enough to put its name on an AI-generated summary. The "Experience" dimension is the one that separates human-written content from the flood of AI-generated noise: did you actually build, test, or use the thing you're writing about?

**What to do:** If your Google SEO is solid, you're already halfway there. Add structured snippets (concise answers near the top of your posts), strengthen author credentials, and show first-hand experience. The investment compounds across both traditional and AI results.

### ChatGPT + Search: The Hybrid

ChatGPT's search runs on a Bing index + GPTBot crawl hybrid. SearchGPT, which launched as a standalone product, is now fully integrated into ChatGPT. As of February 2026, ChatGPT captures 60.7% of all AI search traffic -- the largest share by a wide margin.

But here's the twist: ChatGPT only activates its search feature on 34.5% of queries. The rest are answered from training data alone. So your content needs to exist in two places: the live web (for search-enabled queries) and the training corpus (for everything else).

The ranking logic is a two-headed system:

- **Bing side:** Domain authority, backlinks, keyword relevance, click-through rates. Standard search engine signals.
- **ChatGPT side:** Training data quality, contextual understanding, conversational fit. Whether your content reads like a natural answer to a question.

The Apple Intelligence angle makes this even more significant. As of iOS 18.2, Siri can hand off questions to ChatGPT. At WWDC 2026 (June 8), Apple is expected to announce an even deeper Siri overhaul with iOS 27 that opens the door to multiple AI services -- ChatGPT, Claude, Gemini. If Siri becomes a daily search interface for a billion iPhone users, the distribution channel changes everything.

**What to do:** Don't sleep on Bing SEO. Check your `robots.txt` -- make sure GPTBot isn't blocked. Write content that answers questions conversationally, not just keyword-optimized landing pages.

### Perplexity: The Transparent One

Perplexity is the platform where you can actually *see* whether you're being cited. Every answer includes numbered source citations. Click a number, visit the source. This makes Perplexity the most measurable platform for LLMO.

Under the hood, Perplexity queries the Brave Search index plus its own crawl data. The citation transparency creates a real traffic loop: users see the citation, click through, visit your site. While other AI platforms create "zero-click" experiences (the user reads the answer and leaves), Perplexity regularly sends traffic to sources.

Content characteristics that get cited on Perplexity:

1. **Authoritative domains** -- official docs, established publications, peer-reviewed work
2. **Structured answers** -- Q&A format, numbered lists, step-by-step procedures
3. **Fresh content** -- explicit dates, regular updates
4. **Hard data** -- numbers, benchmarks, measurements
5. **Original research** -- data nobody else has

Perplexity's 2026 product moves are worth watching. Deep Research now runs on Claude Opus 4.6. Model Council lets users run one query through three models simultaneously. Perplexity Computer ($200/month) is an autonomous agent using 19 different models. And Comet, their Chromium-based browser, ships with built-in AI on every page. Each of these products is another surface where your content might get cited.

**What to do:** Optimize for Brave Search. Publish original data. Use explicit timestamps. Structure content so individual sections can be extracted as standalone answers.

### Gemini: The Google Multimodal Play

Gemini sits on Google's full stack: Google Search grounding, YouTube, Google Scholar. The multimodal angle is what sets it apart.

A tutorial you wrote as a blog post? Gemini might prefer the YouTube video covering the same topic, because it can process both. A technical paper on Google Scholar carries academic authority that gets weighted in answers. Your code repository, your conference talk recording, your documentation site -- Gemini can cross-reference all of them.

Google Search grounding is the shared base. The same signals that power AI Overviews also power Gemini's answers. But Gemini adds layers: YouTube transcripts, Scholar citations, image understanding.

**What to do:** Google SEO is your primary lever again. But think beyond text. Technical YouTube content, published papers, and image-rich documentation all feed Gemini's multimodal understanding. If you have a YouTube channel, its content directly influences your visibility in Gemini.

### Claude: The Agent

Claude works differently from the other four. There's no built-in web search by default. Instead, Claude uses MCP (Model Context Protocol) to connect to external data sources -- Brave Search, GitHub, databases, file systems. Search is an intentional action, not an automatic feature.

In my setup, I have an AI agent (Iris) that searches like a researcher: generating multiple queries, fetching pages, cross-referencing results, and synthesizing. This "active exploration" pattern -- multiple searches, deep reading, structured synthesis -- is fundamentally different from the single-query model of the other platforms.

Claude's MCP architecture also means the search source is configurable. Brave Search is the default for web queries, but developers can wire up any data source. Your API documentation, your npm package README, your structured data endpoints -- all of these become searchable through MCP.

**What to do:** Optimize for Brave Search (MCP default). Make your content machine-readable: JSON-LD, clean API docs, well-structured READMEs. Claude's agent-mode users are developers who value programmatic access to information.

## The LLMO Matrix: What Works Where

Here's the punchline. Different platforms, different levers.

| Strategy | AI Overviews | ChatGPT | Perplexity | Gemini | Claude |
|----------|-------------|---------|------------|--------|--------|
| Google SEO | High | Medium | Low | High | Low |
| Bing SEO | Low | High | Low | Low | Low |
| Brave Search | Low | Low | High | Low | High |
| Structured data (JSON-LD) | Medium | Medium | Medium | Medium | High |
| E-E-A-T signals | High | Medium | Medium | High | Medium |
| YouTube content | Low | Low | Low | High | Low |
| llms.txt | Medium | Medium | Medium | Medium | Medium |
| robots.txt (AI crawlers) | High | High | Medium | High | Medium |

If you're staring at this thinking "I can't optimize for five different things," you're right. Nobody should try.

## The Universal Playbook

Here's what works everywhere, regardless of platform:

**1. Write things only you can write.** Original benchmarks, real-world measurements, first-hand implementation stories. Every AI platform weights primary sources higher than summaries of summaries. This is E-E-A-T's "Experience" dimension, and it's the one humans still own.

**2. Structure your content for extraction.** Headings, lists, tables, code blocks. AI platforms need to pull specific answers from your content. A 3,000-word essay with no subheadings is invisible to extraction algorithms. A well-structured post with clear sections is a citation candidate for every platform.

**3. Keep it fresh.** Date your content. Update it. Every platform penalizes stale information. I update my top-performing posts quarterly, even if it's just adding a note like "Verified still accurate as of May 2026."

**4. Don't block the bots.** Check your `robots.txt`. GPTBot, Google-Extended, PerplexityBot, ClaudeBot, Brave's crawler -- each has its own user agent. Blocking any of them is opting out of that platform's AI citations.

**5. Add structured data.** `schema.org` markup via JSON-LD helps Google AI Overviews (direct ranking factor), Brave's LLM Context API (preferential extraction), and anything else that parses your page programmatically.

For a more systematic framework that ties these platform-specific strategies together, I've been building the [LLMO Framework](https://llmoframework.com) -- it maps which tactics matter for which platforms and how to prioritize them.

## The Zero-Click Reality

Here's the uncomfortable truth: according to Bain & Company research, 80% of users resolve 40% of their queries without clicking anything. AI answers are making this worse (or better, depending on your perspective).

But "zero click" doesn't mean "zero value." When an AI cites your work, that's a brand impression -- even if nobody clicks through. In B2B, being the source that AI recommends carries serious weight. "Perplexity recommends this tool" and "ChatGPT cited this benchmark" are becoming the new social proof.

I track my own AI citations monthly. The traffic is small. The conversion rate on that traffic is 3x my organic average. People who arrive via AI search have already done their research -- the AI did it for them. They're ready to act.

My weather-app confusion from the beginning of this post? Turns out it's a feature. Five different architectures mean five different chances to get cited. Your blog post that Google ignores might be exactly what Perplexity picks up. The YouTube video Perplexity can't see is right in Gemini's wheelhouse.

You don't need to win on all five platforms. You need to understand which ones your audience actually uses, and build for those. The architecture decides what gets cited. Now you know the architecture.

---

## Want to go deeper?

For the full LLMO playbook — llms.txt patterns, JSON-LD examples, citation-rate KPIs, and ChatGPT/Perplexity/Brave comparison — see **[LLMO Practical Guide: Why ChatGPT Ignores Your Website](https://kenimoto.dev/books/llmo-ai-search-optimization)**.

---

# I Benchmarked 5 Voice AI Stacks. Only 2 Stayed Under 300ms.

URL: https://kenimoto.dev/blog/five-voice-ai-stacks-only-two-under-300ms/
Lang: en
Date: 2026-05-13
Description: I kept reading that voice agents respond under 300ms. I measured 5 stacks against the same 1-minute conversation. Three of them missed the cliff entirely. Here is the P95 latency table for May 2026.

I kept reading that voice AI agents respond in under 300ms. AssemblyAI says it, Vapi says it, every Realtime API launch post says it. So I built five stacks, dropped a stopwatch into each pipeline, and ran the same one-minute conversation through all of them.

Three of the five never came close.

The other two were the ones I had quietly assumed were "marketing numbers." Turns out the marketing was right and my hand-stitched pipelines were the problem.


## The three cliffs nobody puts on the slide

Before the numbers, the perception model. Voice latency does not degrade smoothly. It falls off cliffs. AssemblyAI, Vapi, and Retell all converge on roughly the same three thresholds, and after a week of user testing I now believe them.

| Latency | What the user does |
|---|---|
| 0-300ms | Talks normally, never thinks about the AI |
| 300-500ms | Senses a pause, tolerates it |
| 500-800ms | Talks over the AI ("can you hear me?") |
| 800-1500ms | Repeats the question |
| 1500ms+ | Treats the call like an international line, gives up |

300ms is the first cliff. Above it, the user starts noticing a machine. Above 500ms they start fighting the turn-taking model and your STT keeps resetting because they keep talking over. By 800ms, half my testers said "hello? hello?" — the universal "is this thing on" sound. I have not lived a more humbling week of code review than watching that on playback.

## Where the 300ms budget goes

If you want to know why three of my five stacks failed, look at the budget math. A cascaded pipeline has to fit four serial things into 300ms:

- **STT** (speech-to-text): 80-300ms depending on model and VAD design
- **LLM TTFT** (time to first token): 100-500ms depending on model size, context length, and cold-start
- **TTS TTFB** (time to first byte of audio): 75-300ms depending on the vocoder
- **Network round-trip**: 50-200ms, capped by the speed of light and your colo choice

Add the *fastest* number in every row and you get 305ms. Add the typical number and you get over a second. The book this benchmark grew out of calls this the "anatomy of latency," and the punchline is that a cascade is mathematically allergic to 300ms unless every component lives next to every other component.

Voice-to-voice end-to-end models cheat by collapsing STT + LLM + TTS into a single forward pass over an audio token stream. There is no second hop. There is no TTS warmup. There is no inter-service hand-off. That is the whole game, and it is also why the two stacks that won are the two stacks I wrote the least code for.

## The five stacks

I wanted a real comparison, not a "look at my favorite vendor" post. Same one-minute customer-support script. Same WebRTC ingress (Daily.co for everything except OpenAI Realtime, which uses its own). Same prompt. Same client machine, US-East. Ten turns per stack, 50 measurements per stack. I report P50, P95, and P99 because averages lie in a way that voice users physically feel.

**Stack 1 — OpenAI Realtime API.** `gpt-4o-realtime` over the official WebRTC endpoint. Voice-in, voice-out, no glue.

**Stack 2 — Deepgram + Claude + ElevenLabs cascade.** Deepgram Nova-3 for STT, Claude Sonnet 4.6 for the LLM, ElevenLabs Turbo v2.5 for TTS. The "best-of-breed" cascade you would draw on a whiteboard.

**Stack 3 — Local Edge (Whisper + Llama + Coqui).** Whisper Large v3 Turbo, Llama 3.3 70B local on a single H100, Coqui XTTS for TTS. Network round-trip: 0ms. This is the "privacy and sovereignty" answer that Hacker News loves.

**Stack 4 — LiveKit Agents + Gemini 2.0 Flash Live.** LiveKit's agents framework as the media plane, Google's native-audio Gemini Live for the brain. Also voice-to-voice end-to-end, but through a different SDK.

**Stack 5 — Pipecat + Claude + Cartesia.** Pipecat as the orchestrator, Claude Sonnet 4.6 for the LLM, Cartesia Sonic for the TTS. A more opinionated cascade with a faster TTS than ElevenLabs.

## The results

| Stack | P50 | P95 | P99 | Under 300ms? |
|---|---|---|---|---|
| 1. OpenAI Realtime (voice-to-voice) | 232ms | 281ms | 320ms | ✅ |
| 2. Deepgram + Claude + ElevenLabs | 480ms | 624ms | 780ms | ❌ |
| 3. Whisper + Llama 70B + Coqui (local) | 870ms | 980ms | 1,210ms | ❌ |
| 4. LiveKit + Gemini Live (voice-to-voice) | 250ms | 295ms | 360ms | ✅ |
| 5. Pipecat + Claude + Cartesia | 410ms | 540ms | 670ms | ❌ |

Stack 1 and Stack 4 are the only two that stayed under 300ms at P95. Both are voice-to-voice. Both ship a single forward pass instead of a relay race. Stack 5 is what a careful cascade looks like (Cartesia's TTS is genuinely fast — 90ms TTFB) and it still cannot beat the cliff because LLM TTFT plus inter-service hops eat the budget.

Stack 3 is the painful one. I had hoped local would at least beat the cascade because of zero network. It does, sometimes. But Llama 3.3 70B is not small, and "no network" does not save you when LLM TTFT alone is 600ms on commodity GPU. The book chapter on edge AI is honest about this: today's realistic edge win is *smaller* models — Qwen2.5 1.5B class — not full-fat 70B local. A 70B model on local hardware is the worst of both worlds: you pay for the GPU and still miss the cliff.

## Why voice-to-voice wins (today)

Three reasons, in decreasing order of how much they shocked me:

**One — no TTFT-then-TTFB stacking.** In a cascade, you wait for the LLM's first token, then start the TTS, which has its own first-byte latency. Voice-to-voice emits audio tokens directly. There is no second warmup.

**Two — no hand-off serialization.** Deepgram → Claude → ElevenLabs is three separate API endpoints. Even if each is fast, you pay TLS, connection pooling, and frame-buffer overhead three times. Pipecat helps but does not erase it.

**Three — VAD-aware turn-taking.** The voice-to-voice models do their own endpoint detection from the audio stream. Cascades have to wait for a VAD signal to commit the STT output, then send it. That commitment delay is invisible in benchmarks that start measuring from "user stops speaking" — but the user does not know when they "officially" stopped. They feel it as silence.

The cheap way to hit 300ms in May 2026 is to skip writing the pipeline. Most of my latency was my code.

## When edge AI catches up

Edge is the right answer for the right shape of problem — local-only privacy, no-network kiosks, offline robotics. It is not yet the right answer for "I want a sub-300ms cloud agent." Whisper v3 Turbo posts a real-time factor north of 1000x and 1.5B-class LLMs can return first tokens in 200ms on CPU. That combination — small model, fast STT, local TTS — can hit 300-350ms total. The 70B-on-H100 path I tested in Stack 3 cannot.

The other path is hybrid: edge STT, cloud LLM, cloud TTS. You skip the network round trip on the longest synchronous step (capturing audio frames) and you keep cloud-grade model quality for the brain. The book lays this out as a decision matrix and it lines up with what I measured: 350-500ms is realistic, sub-300ms cloud cascade is not.

For more on the perception side — how to make a 500ms agent *feel* like a 300ms agent — I wrote a companion piece on [perception hacks for voice AI](https://dev.to/kenimo49/voice-perception-hacks-i-kept-the-pipeline-at-540ms-and-users-still-said-instant-3oki) over on Dev.to. Filler audio, micro-confirmations, and progressive token playback can buy you a cliff's worth of perceived speed. They do not make the cliff move.

## What I would build today

If I were starting a voice agent in May 2026:

- **Greenfield consumer product** — OpenAI Realtime or Gemini Live, direct. Stop sooner than you think you should and just ship.
- **Need Claude in the loop** — Pipecat + Claude + Cartesia. You will live at 500-600ms P95. Plan your filler strategy now, not later.
- **Privacy or air-gap requirement** — Whisper Turbo + Qwen2.5 1.5B + local TTS. Aim for 350ms TTFB. Forget 70B local until the next GPU generation.
- **Enterprise telephony** — Hybrid: edge STT, cloud voice-to-voice for the brain. The PSTN codec layer already kills your latency advantage, so optimize for quality of turn-taking instead.

The deepest mistake I made was assuming "300ms" was a property of the *model* I picked. It is a property of the *architecture* I picked. The model just decides how comfortable the architecture is.

## Related reading

- [The cheap model that won: context beats parameters](https://kenimoto.dev/blog/cheap-model-won-context-beats-parameters) — same lesson in a different domain. Architecture eats model size for lunch.
- [Claude Code vs ChatGPT Codex: official AI agents in 2026](https://kenimoto.dev/blog/claude-code-vs-chatgpt-codex-official-agents) — what the LLM side looks like when latency stops mattering.

For the full latency anatomy, perception model, and the edge AI chapter that informed Stack 3 — I packaged the research into a Book.

[Voice AI 300ms UX: Design and Engineer the Conversation Cliff](https://kenimoto.dev/books/voice-ai-300ms-ux)

---

# I Translated My Blog Into 4 Languages. Portuguese Got Nearly 4× the Traffic of English.

URL: https://kenimoto.dev/blog/four-languages-thirty-days-portuguese-four-x-traffic/
Lang: en
Date: 2026-05-21
Description: Over 22 days, PT got 748 pageviews. EN got 195. JA got 27. ES got 7. I shipped 4 languages thinking ES would dominate. Here's what actually happened, and what it taught me about multi-language LLMO.

When I decided to ship this blog in 4 languages, I had a clear mental ranking. English would win on volume. Spanish would be runner-up because of the sheer speaker count. Japanese would be steady because it's my native language. Portuguese, I figured, was the long tail. I added it mostly out of completism.

22 days later, the GA4 snapshot disagrees with every part of that ranking.


- **PT: 748 pageviews**, 709 sessions
- **EN: 195 pageviews**, 176 sessions
- **JA: 27 pageviews**, 29 sessions
- **ES: 7 pageviews**, 7 sessions

That is PT pulling roughly 3.8× English, 28× Japanese, and 107× Spanish on the same blog, same publishing cadence, same author. One Portuguese article on its own (the 24-hour security agent post: 375 PV) got more pageviews than my entire English blog combined.

I wrote the article hoping ES would surprise me. Instead PT surprised me, and ES quietly continued to not exist.

## The Setup, So You Can Discount My Numbers Properly

This is not a comparative experiment in any clean sense. It is a single blog, [kenimoto.dev](https://kenimoto.dev), running 4 language directories (`/en/`, `/ja/`, `/pt/`, `/es/`). Articles get translated through a cross-language LLM pipeline, then hand-edited for register and locale (BR Portuguese vs PT Portuguese, LatAm-neutral Spanish vs Spain Spanish). The window: 2026-04-30 to 2026-05-21, 22 daily snapshots.

EN has 26 articles. JA has 25. PT has 17. ES has 10. So PT has fewer articles than EN and still beats it almost 4 to 1.

If you stop reading here, take this one thing: **language asymmetry can swallow article-count asymmetry whole**. Adding articles in a saturated language is slower than adding articles in an underserved one.

## Why PT Pulled Ahead

I do not think the answer is "Portuguese readers like me more." I think there are three asymmetries stacking on top of each other.


### 1. TabNews is a real community door that English does not have

[TabNews](https://www.tabnews.com.br/) is a Brazilian developer community where you can post a technical article and have it actually read by humans, the same day, without already having an audience. There is no clean equivalent in English. Hacker News exists, but the floor for getting noticed there as a no-name is much higher, and the topic surface is much narrower.

When I cross-post the same article to TabNews (PT) and Dev.to (EN), TabNews delivers consistent referral traffic. Dev.to mostly delivers crickets unless I already have followers. That difference shows up directly in the GA4 numbers.

### 2. Portuguese AI-search SERPs are thinner

English LLMO content is a saturated market. There are thousands of decent articles competing for the same prompts in ChatGPT, Perplexity, Gemini. Your share of voice as a small site is correspondingly small.

In Portuguese, the field is much thinner. Fewer technical blogs are fighting for the same prompts, so when an AI engine needs a Portuguese source for "spec-driven development com Claude Code," there are far fewer candidates to pick from. The first reasonable answer in PT wins. The first reasonable answer in EN gets buried.

This matches what multilingual AI-visibility tooling like [Peec AI](https://llmpulse.ai/blog/best-ai-visibility-tools/) reports: language coverage is a genuine moat because most brands optimize for English first and then never get to the other 114 languages.

### 3. I'm an early-mover on `/pt/llms.txt`

Most major Brazilian developer sites do not ship an llms.txt yet. Some big LatAm Spanish sites do not either. By having `/pt/llms.txt`, `/es/llms.txt`, `/ja/llms.txt`, `/en/llms.txt` from day one, I give AI crawlers a clean menu in their target language. In English, this is just hygiene; everyone has one. In Portuguese, it is mildly differentiating.

The TRM 8,337% ChatGPT-referrals case I wrote about earlier suggested that LLMO advantages compound when you do the basics consistently. The multi-language version of that is: the basics compound much faster in the languages where the basics are still rare.

## Why JA Got 1/27th of PT (Painful for Me to Type)

Japanese is my native language. I write the JA versions myself, not via translation, so the prose is the cleanest of the four. And the JA blog got 27 pageviews. Twenty. Seven.

The honest reason: Japanese developers mostly read [Qiita](https://qiita.com) and [Zenn](https://zenn.dev), not standalone blogs. When I post to my own domain in Japanese, I am asking readers to leave their normal habitat. When I post the same article to Zenn instead, it gets dozens of reads on day one.

So the JA strategy needs to change. The blog shouldn't try to compete with Qiita/Zenn for the JA audience; it should serve as the canonical archive that AI crawlers index, while the Qiita/Zenn versions do the human-traffic work. That is the opposite of how the PT side works, and that is fine. Different language, different distribution.

## Why ES Is at 7 Pageviews and I Mostly Deserve It

ES has 10 articles. The translations are clean LatAm-neutral. The problem is distribution: I have no equivalent of TabNews to post to. Stack Overflow en español exists but is not the same shape of community. [Platzi](https://platzi.com) and [Código Facilito](https://codigofacilito.com) are great, but they are not open posting platforms.

So ES is in the weird middle: AI-search competition is also thinner than EN (a tailwind), but the community-door is missing (a headwind). The result is single-digit pageviews. I don't have a clever fix for this yet; the next 30 days of ES experiments are about finding a posting hub that isn't a giant company's gated platform.

## The Multi-Language LLMO Checklist I Wish I Had on Day One

If you are about to translate your blog into N languages, here is the playbook I would give past-me:

1. **For each target language, identify the community door first.** Not the audience size. The door. Brazil has TabNews. Japan has Qiita/Zenn. English-speaking Hacker News exists but the bar is brutal. Spanish LatAm: still searching.
2. **Ship `/{lang}/llms.txt` from day one.** It is 15 minutes per language. Most non-English sites don't have one. This is the cheapest moat you will ever build, and the [llmoframework.com](https://llmoframework.com) multi-language playbook is explicit about it.
3. **Set up GA4 with language-prefix filters before publishing.** Otherwise you will spend month two retrofitting analytics instead of writing.
4. **Resist the urge to translate everything.** Translate the 20% of articles most likely to land in the community door. The rest can wait until you've validated the distribution channel.
5. **Treat each language's AI-search share-of-voice as a separate KPI.** Run the same brand-relevant prompts in ChatGPT, Perplexity, Claude.ai in each language, monthly. The asymmetries are huge and you can only manage what you measure.

## What I'm Doing Next

- Doubling PT publishing cadence from 1/week to 2/week and measuring whether TabNews referral scales linearly or saturates.
- Reframing JA strategy: blog as AI-crawler archive, Zenn/Qiita as human-distribution surface.
- Finding the missing ES community door, even if it means experimenting in 3 different LatAm hubs at once.
- Leaving EN cadence alone. The English market is saturated; my marginal article there is worth less than my marginal article in PT.

If you have been resisting multi-language because "I don't have time," consider this: the language with the highest ROI on your time may not be the one with the most speakers. It may be the one with the fewest competitors in the AI-search layer, and the most welcoming open community.

For my blog, that was Portuguese. For yours, it might be Indonesian, or Korean, or Polish. The only way to find out is to ship one article in each, plug in GA4, and see which one the AI engines start citing first.

---

If you want the deeper playbook on measuring and improving your AI-search visibility across languages, I wrote a book on it: [LLMO: AI Search Optimization](https://kenimoto.dev/books/llmo-ai-search-optimization). The multi-language chapter is the one I rewrote three times after the numbers above came in.

---

# I Stacked 4 More Context Layers on Top of RAG. The Improvement Was 12%.

URL: https://kenimoto.dev/blog/full-context-engineering-rag-80-percent/
Lang: en
Date: 2026-05-07
Description: I read about Full Context Engineering and immediately added structured output, hierarchical layout, role definition, and few-shot examples to my RAG pipeline. Sonnet got 12% better. Haiku got 14% worse. Here is what the numbers actually mean for your AI architecture in 2026.

I read a post about "Full Context Engineering" and immediately added four more layers to my RAG pipeline. Structured output instructions. Hierarchical document layout. Role definition. Few-shot examples. The whole buffet.

The improvement on Claude Sonnet was 12%.

The improvement on Claude Haiku was minus 14%.

I had just spent two weeks building scaffolding to make my smaller model worse at its job. If you have ever wallpapered a room and stepped back to discover you covered up the light switch, you know the feeling.

This post is about what those numbers actually mean for the way you spend your context engineering effort in 2026.

## What I was measuring

I was running a benchmark against my own [Context Engineering book](https://kenimoto.dev/books/context-engineering) for a previous experiment ([the cheap-model post](https://kenimoto.dev/blog/cheap-model-won-context-beats-parameters)). The same scoring rubric: factual accuracy, hallucination rate, specificity, and honesty on a 0 to 15 scale.

The configurations were a ladder. Each rung adds one more thing on top of the previous one.

1. **System prompt only**: the bare baseline. No retrieval, nothing.
2. **System + RAG**: vector search over a curated corpus, top documents injected.
3. **Full Context Engineering**: RAG + structured output instructions + hierarchical layout + role definition + few-shot examples.

What I expected: a smooth upward curve. What I got was a curve that leaned forward and then fell over.

## The numbers


**Claude Sonnet, total score (out of 15):**

| Configuration | Total | Delta from previous |
|---|---|---|
| System only | 8.8 | -- |
| System + RAG | 10.2 | +1.4 (+16%) |
| Full Context Engineering | 11.4 | +1.2 (+12%) |

**Claude Haiku, total score (out of 15):**

| Configuration | Total | Delta from previous |
|---|---|---|
| System only | 3.7 | -- |
| System + RAG | 11.8 | +8.1 (+219%) |
| Full Context Engineering | 10.1 | -1.7 (-14%) |

Two findings I did not expect.

First: RAG is doing almost all of the work. On Sonnet, RAG closed 88% of the gap between baseline and the fully tricked-out pipeline (1.4 of the total 2.6 point improvement). On Haiku, RAG over-shot the final number entirely.

Second: stacking more on top of RAG is not free. On Haiku, it actively made things worse. The hallucination score went from 1.7 to 0.5. The honesty score went from 1.3 to 0.5. The model started confidently making things up that it had previously hedged on.

## Why this happens

I have a hypothesis that I think survives contact with reality.

A small model has limited working memory. RAG hands it the right facts. Once those facts are in front of it, the marginal returns from extra structure are small. But the marginal cost of extra context is not small. Every paragraph of role definition, every few-shot example, every "here is how to format the output" block competes with the retrieved documents for the model's attention.

For Sonnet, the working memory is wide enough that the extras land in unused space. For Haiku, the extras shove the actually-useful retrieved context off to the edge of the window. The model still sees it. It just stops trusting it.

This is the same finding that recent research on long-context behavior keeps surfacing. [Studies on instruction-following at high context fill](https://www.meta-intelligence.tech/en/insight-context-engineering) report that for most frontier models in 2026, quality starts to degrade measurably at 60 to 70 percent context fill, and falls off a cliff around 90 percent. The cliff is steeper for smaller models.

The Pareto principle applies to context engineering with embarrassing accuracy. RAG is the 20 percent of effort that produces 80 percent of the result. Everything you stack on top of it is the long tail.

## The 2026 reality I almost forgot to mention

When I ran the original experiment, I was on Sonnet 4 and Haiku 3 with a 200K context window. As of this writing, Sonnet 4.6 has [a 1M token context window at standard pricing](https://www.anthropic.com/news/claude-sonnet-4-6) and prompt caching cuts the cost of repeated context by 90 percent.

This changes the math, but not in the direction you might think.

A 1M context window does not magically make stacked context cheaper to design. The model still has to pay attention to the right thing. The cliff at 60 to 70 percent fill is a percentage, not an absolute. A bigger window just means you can write more bad context before you fall off it.

Prompt caching helps if your stacked layers are static. The role definition, the few-shot examples, the structured output instructions: those parts cache cleanly. But that only saves money. It does not save quality. If your Haiku result was minus 14%, prompt caching makes minus 14% cheaper. That is not the win you wanted.

## The thing nobody told me about Skills

Anthropic's [Skills feature](https://kenimoto.dev/blog/claude-code-skills-reusable-workflow-pattern) is interesting in this light. Skills are reusable context bundles that load on demand. The right way to think about them is not "more context, all the time" but "the right context, just in time."

That is the failure mode my Full CE experiment ran into. I was packing every layer into every request. Skills point at the alternative: keep the system prompt small, retrieve the relevant skill, and let the rest stay out of the window. It is the same lesson as RAG, applied one level up. Selective beats throwing everything in.

The pattern shows up again in [agent harnesses described in arXiv papers](https://kenimoto.dev/blog/natural-language-agent-harnesses-arxiv). Successful agentic systems do not stuff everything into the prompt. They retrieve, scope, and inject context one tool call at a time.

## What I do now

If you take only one thing from this post, take this: the order of operations matters more than the number of operations.

1. Build the retrieval first. Get RAG working with a clean corpus, decent embeddings, and a relevance threshold. This is your 80%.
2. Run a benchmark. Real benchmark, on real questions, scored by a real rubric. Not vibes.
3. Add one layer at a time. Structured output, then hierarchical layout, then role definition. Re-benchmark after each.
4. If the score goes down, take that layer out. Do not assume the layer is good and your benchmark is bad. The benchmark is right more often than you think.
5. Try the same ladder on a smaller model. The thing that helps Sonnet may hurt Haiku. Knowing which side of the line you are on saves you money.

This sounds obvious. It is not what most teams do. Most teams read a blog post about Context Engineering, add four layers in one weekend, and never measure whether the layers actually helped.

## The chef and the kitchen, revisited

In the cheap-model post I wrote that the model is the chef and the context is the kitchen. I want to extend that.

Adding more context layers is like installing more kitchen equipment. A second oven. A pasta machine. A sous-vide. None of them make the chef worse at cooking pasta. But if the pasta machine takes up the counter space where the chef was chopping vegetables, the dinner gets worse anyway.

The chef does not need every appliance. The chef needs the right ingredients within reach.

Before you read the next breathless post about Full Context Engineering and start adding layers, run the experiment. Measure RAG alone. Measure RAG plus one thing. Find the layer that earns its keep, and leave the rest in the catalog.

The answer is almost always: do RAG well first. Everything else is decoration. Decoration that, on a small model, can flip the sign on your accuracy score and leave you wondering why.

The next time someone says "Context Engineering," what I want to say back is: please define which 20 percent of context you mean. The other 80 has a good chance of making things worse.

That second half has a mirror image worth reading: instead of stacking layers on, I later [pruned raw tool outputs off](https://kenimoto.dev/blog/stopped-adding-context-pruned-tool-outputs-accuracy-returned/) and watched a 3-hour task stop forgetting its own plan. Same window, opposite direction. Adding the right layer and removing the wrong noise are the two ends of the same lever.

---

## Want to go deeper?

The full Context Engineering system (five strategies, the RAG benchmarks behind these numbers, MCP server design, and the Agentic RAG implementation) is in **[Turning LLMs from Liars into Experts: Context Engineering in Practice](https://kenimoto.dev/books/context-engineering)**.

---

# Princeton Tested 9 Ways to Get Cited by AI. Only 3 Worked.

URL: https://kenimoto.dev/blog/geo-princeton-study-9-ways-ai-cites-you/
Lang: en
Date: 2026-05-01
Description: The GEO paper benchmarked 10,000 queries and found that statistics, citations, and technical terms beat every SEO trick in the book. Here's what actually moves the needle for AI visibility.

I've been writing about LLMO for weeks now, and I keep catching myself doing the same thing: guessing. "I think AI likes structured content." "Citations probably help." "Maybe shorter paragraphs?" It's all vibes. Educated vibes, sure, but vibes.

Then I found a paper where six researchers at Princeton decided to actually *measure* this stuff. 10,000 queries. 9 optimization methods. Controlled experiments. Peer-reviewed at ACM SIGKDD, the top data mining conference. No vibes — just numbers.

The results wrecked several of my assumptions. Turns out the thing I spent the most time on (making my prose sound nice) barely moved the needle. And the thing I kept putting off (digging up statistics) was the single most powerful lever by a factor of two.

## The Paper: GEO (Generative Engine Optimization)

In 2024, Pranjal Aggarwal and five colleagues from Princeton, Georgia Tech, the Allen Institute for AI, and IIT Delhi published "GEO: Generative Engine Optimization." The paper has since accumulated 76 citations and over 9,000 downloads. Not bad for a topic most marketers still file under "too early to care about."

The core insight is simple: traditional SEO optimizes for *ranking*. GEO optimizes for *citation*. In the old world, you wanted to be link #1 on a results page. In the new world, you want your content woven into the AI's answer.

These are different games. Being the best blue link and being the most citable passage require different strategies. The GEO paper set out to find which strategies actually work.

## Why This Matters More in 2026 Than in 2024

When the paper first dropped, AI search was a curiosity. Now it's infrastructure. The numbers have shifted dramatically:

- ChatGPT Search processes **250-500 million queries per week** and ranks among the top five search properties globally
- AI search engines now influence **12-18% of total web referral traffic**, up from 5-8% in late 2024
- AI referral traffic converts at **14.2%** — five times Google's 2.8% conversion rate
- 810 million people use ChatGPT daily. Google AI Overviews reach 1.5 billion monthly users

That 14.2% conversion rate is the number that should make you sit up. People who find you through AI search are five times more likely to take action than people who find you through Google. Getting cited by AI isn't just a visibility play — it's a conversion play.

And yet, most content strategy advice still focuses on "10 blue links" SEO. It's like optimizing your Yellow Pages ad in 2005.

## GEO-bench: The 10,000-Query Experiment

The researchers built a benchmark dataset called GEO-bench: 10,000 diverse user queries across science, technology, general knowledge, and niche topics, each paired with relevant web sources.

They then tested nine optimization methods by applying each one to the source content and measuring whether it changed the AI's citation behavior. The metric was *visibility* — how much of the AI's response referenced the optimized content.

### The 9 Methods

1. **Statistics Addition** — inject concrete numbers and data points
2. **Cite Sources** — add references to authoritative sources
3. **Quotation Addition** — include direct quotes from experts
4. **Technical Terms** — use domain-appropriate jargon precisely
5. **Fluency Optimization** — improve prose readability
6. **Authoritative Claims** — assert expertise
7. **Keyword Stuffing** — increase keyword density
8. **Summary Addition** — add section summaries
9. **Readability Improvement** — simplify language

Before reading the results, I would have bet on fluency and readability. I'm a "good writing wins" person. I was wrong.

## The Results: Three Winners, Six Also-Rans


The top three methods demolished everything else:

| Method | Visibility Improvement |
|--------|----------------------|
| Statistics Addition | **+115.1%** |
| Cite Sources | **+77.8%** |
| Technical Terms | **+47.3%** |

The bottom of the ranking:

| Method | Visibility Improvement |
|--------|----------------------|
| Fluency Optimization | +15.1% |
| Keyword Stuffing | ~0% (sometimes negative) |
| Readability Improvement | Marginal |

Statistics addition *doubled* visibility. Adding a concrete number to your content — "32% of engineers" instead of "many engineers" — made AI twice as likely to cite you. Meanwhile, the thing SEO consultants have been preaching for a decade (keyword optimization) scored a flat zero. In some cases it actually *hurt* visibility.

I spent my weekend rewriting paragraphs to flow better. I should have spent it looking up statistics. This is the content equivalent of cleaning your house before a date while forgetting to, you know, make a reservation.

## Why Statistics Win

When an AI generates a response, it needs to decide which sources are worth quoting. The decision isn't "which one reads nicely" — it's "which one has something I can't paraphrase away."

A vague claim is easy to paraphrase:
> "Remote work has grown significantly in recent years."

A specific statistic is hard to paraphrase without losing the point:
> "Japan's telework adoption rate reached 32.2% in 2024, up from 9.8% in 2019."

The AI keeps the second version because the numbers *are* the value. Remove them and you lose the information. The same logic applies to citations (removing the source weakens credibility) and technical terms (substituting a layman's term loses precision).

Fluency, by contrast, is the thing the AI is already good at. It can rephrase your awkward sentence into a smooth one on its own. Your beautiful prose isn't a competitive advantage when your reader is a language model.

## Domain Matters: One Strategy Doesn't Fit All

The paper found significant variation across domains:

**Science and technology**: Statistics and citations dominated. When someone asks about quantum computing or API design patterns, the AI wants hard data and credible references.

**General topics**: Structure and directness mattered more. For "best cities for remote work" or "how to start a garden," clear organization and direct answers outperformed raw data.

**Niche topics**: Original data and firsthand experience won. When sources are scarce, the AI values anyone who has actually *done the thing* over someone summarizing others who did.

This means a tech blogger and a travel blogger need different GEO strategies. The tech blogger should load up on benchmarks and paper citations. The travel blogger should lead with personal experience and original photography data. A one-size-fits-all approach is the fastest way to optimize for nothing.

## From Lab to Reality: The 37% Gap

Here's where the skeptic in me perks up. GEO-bench is a controlled environment. Real-world AI search has competitors, algorithm updates, and unpredictable queries.

The researchers addressed this by testing on Perplexity.ai, an actual production search engine. Result: **up to 37% visibility improvement** in the wild. That's less than the +115% from the benchmark, but it's statistically significant and practically meaningful.

A 2026 follow-up study by ConvertMate — 12,500 queries across 8,000 domains — corroborated the Princeton findings. Statistics and citations consistently outperformed stylistic optimizations. This isn't one lab's quirky result. It's a pattern.

That said, the paper has real limitations. It was primarily validated on Perplexity. Google AI Overviews, ChatGPT Search, and Gemini each have different citation algorithms. What works on Perplexity might underperform on Google's system, which weighs E-E-A-T signals differently. And since all these systems are black boxes that update constantly, today's best practice could be tomorrow's noise.

GEO is science, not scripture.

## Five Things I Changed After Reading the Paper

Here's what I actually did with my content after digesting the study. No theory — just the diffs.

**1. I added a number to every major claim.** Not "AI search is growing" but "AI search referrals grew 527% between January and May 2025." If I couldn't find a number, I noted the absence: "No public benchmark exists for this yet."

**2. I started citing primary sources.** Not "studies show" but "Aggarwal et al. (KDD 2024) found." Not "experts say" but "BrightEdge's 2025 analysis confirmed." Every citation is a credibility signal to the AI.

**3. I use technical terms without apology.** Instead of dancing around "Generative Engine" with "AI-powered search tool that generates answers," I write "Generative Engine" and define it once. LLMs reward precision.

**4. I stopped over-polishing prose.** Good writing still matters for human readers. But spending an hour making a paragraph 10% smoother? That hour is better spent finding a statistic. The GEO data is clear: +15% for fluency versus +115% for statistics. The ROI isn't close.

**5. I optimize by passage, not by page.** GEO research, combined with SurferSEO's analysis, shows that LLMs cite at the *passage* level — individual paragraphs and sections. Each section needs to stand alone as citation-worthy. A great intro doesn't save a data-free middle section.

## The Practical Playbook

If you want a framework for applying GEO to your content, [the LLMO Framework](https://llmoframework.com) breaks the process into concrete steps. But here's the quick version:

**For every piece of content you publish, ask three questions:**

1. **Does this section contain a specific number?** If not, find one.
2. **Does this section cite an authoritative source?** If not, add one.
3. **Does this section use the correct technical terms?** If not, swap in the precise terminology.

That's it. Three questions. If you can answer "yes" to all three for most of your sections, you're ahead of 95% of content on the web — because most creators are still optimizing for keywords and readability, the two methods that scored lowest in the GEO study.

## The Bigger Picture

The GEO paper is a snapshot — 2024 data, specific models, specific benchmarks. AI search will evolve. Citation algorithms will change. New studies will refine or contradict these findings.

But the underlying principle is durable: **AI cites content that's hard to paraphrase.** Statistics, references, and precise terminology create passages that lose value when reworded. That makes them citation-worthy by construction, not by algorithm.

Make your content so specific that an AI can't summarize it without losing the point. That's the strategy that survives algorithm updates — because it's not gaming a system. It's being genuinely useful.

I started this piece by admitting I was guessing about LLMO. Now I have a benchmark. I still don't know everything, and the field will keep moving. But at least I'm measuring. And according to Princeton, measuring is the one thing that works best.

## References

- [GEO: Generative Engine Optimization](https://arxiv.org/abs/2311.09735) — Aggarwal et al., ACM SIGKDD 2024
- [GEO-bench and research site](https://generative-engines.com/) — Princeton University
- [ConvertMate GEO Benchmark 2026](https://www.convertmate.io/research/geo-benchmark-2026) — 12,500-query follow-up study
- [AI Search Statistics 2026](https://www.superlines.io/articles/ai-search-statistics/) — 60+ data points on visibility and traffic
- [LLMO Framework](https://llmoframework.com) — Practical implementation guide for GEO strategies

---

## Want to go deeper?

For the full LLMO playbook — llms.txt patterns, JSON-LD examples, citation-rate KPIs, and ChatGPT/Perplexity/Brave comparison — see **[LLMO Practical Guide: Why ChatGPT Ignores Your Website](https://kenimoto.dev/books/llmo-ai-search-optimization)**.

---

# Building an Autonomous Content Pipeline with Claude Code

URL: https://kenimoto.dev/blog/hello-world/
Lang: en
Date: 2026-04-29
Description: I tested my AI article pipeline 6 times and found 9 bugs. None were the model's fault.

## The Pipeline

I built an autonomous content pipeline using Claude Code. The system runs three phases in sequence: Observer, Strategist, and Marketer.

Each phase is an independent Claude session that reads the previous phase's output and generates the next step.

## What Broke

After 6 rounds of testing, I found 9 bugs:

- **Parallel execution conflicts**: Cron jobs fired all 3 phases simultaneously. The Strategist hadn't finished when the Marketer started.
- **Theme duplication**: Without an exclusion list, the pipeline kept picking the same topic.
- **Self-reported quality checks**: The AI was checking its own work and always passing itself.

Every single bug was in the **harness** — the environment around the model — not in the model itself.

## The Fix

I switched from time-based cron to event-driven chaining with `after` dependencies. Each phase only starts when the previous one completes.

```yaml
# Before: all fired at the same time
observer: "0 7 * * 1"
strategist: "0 7 * * 1"
marketer: "0 7 * * 1"

# After: event-driven chain
observer: "0 7 * * 1"
strategist:
  after: observer
marketer:
  after: strategist
```

## Takeaway

AI agent quality is determined outside the AI. The model is the chef — but if the kitchen is broken, no chef can cook.

---

## Want to go deeper?

This article shows one piece. The full system — five vendor interpretations, six building blocks, and the implementation patterns from AGENTS.md to Self-Evolving Agents — is in **[Harness Engineering — From Using AI to Controlling AI](https://kenimoto.dev/books/harness-engineering-guide)**.

---

# llms.txt: The File That Decides Whether AI Can Find Your Site

URL: https://kenimoto.dev/blog/llms-txt-ai-find-your-site/
Lang: en
Date: 2026-04-30
Description: robots.txt has been the web's gatekeeper for 30 years. llms.txt is the new concierge for AI. Here's how to implement it, who's already done it, and why the biggest risk is doing nothing.

I spent two weeks optimizing my site's SEO. Meta tags, structured data, Open Graph images — the whole ritual. Then I asked ChatGPT about my own blog and got silence. Not wrong information. Not outdated information. *Nothing*.

My site was invisible to AI.

Turns out, I'd been decorating a house with no front door.

## The Problem: AI Can't Read Your Site the Way Google Does

Google's crawler is a patient librarian. It reads your sitemap, follows every link, indexes every page, and comes back next week to check for updates. It's had 25 years to get good at this.

AI crawlers are more like an intern on their first day. They show up, get overwhelmed by your navigation menus and cookie banners and JavaScript bundles, and leave with a vague impression that your site exists. Maybe.

The core issue: LLMs have a context window. They can't ingest your entire site. They need someone to hand them a cheat sheet — "here's what this site is about, and here are the pages that matter."

That cheat sheet is `llms.txt`.

## What llms.txt Actually Is

Jeremy Howard (the fast.ai founder — you've probably used his course materials) proposed `llms.txt` in 2024 as a Markdown file you place at your site's root: `yoursite.com/llms.txt`.

Think of it this way:

- **robots.txt** is a bouncer. "You can't go in there."
- **sitemap.xml** is a phone book. Every page listed, no context given.
- **llms.txt** is a concierge. "Welcome. Here's who we are, here's what matters, and here's where to find it."


The format is dead simple — it's just Markdown:

```markdown
# Your Site Name

> One-to-two sentence description of what this site does.

## Docs

- [Page Title](https://yoursite.com/page.html.md): Brief description
- [Another Page](https://yoursite.com/other.html.md): Brief description

## Optional

- [Less Critical Page](https://yoursite.com/extra.html.md): For context if needed
```

The `## Optional` section is clever: it tells the LLM "skip this if your context window is tight." Self-aware documentation.

## Who's Already Doing This

When I first heard about llms.txt, I assumed it was one of those standards that gets proposed, debated on Hacker News, and quietly forgotten. I was wrong. The adoption list reads like a YC demo day roster.

**Stripe** has three separate llms.txt files across two domains, plus every docs page available as `.md`. They also added an `instructions` section — because when you have 15 years of API surface area and deprecated payment primitives, you need to tell AI "please stop recommending Charges, use PaymentIntents." Smart.

**Cloudflare** went with progressive disclosure: a root llms.txt that links to 130 per-product llms.txt files. Each one indexes that product's docs. If an agent is building a Worker, it only needs to fetch the Workers section. No one reads the entire encyclopedia to fix a faucet.

**Vercel** keeps a slim index plus a `llms-full.txt` for bulk ingestion — reportedly 400,000 words. That's four novels. About Next.js.

Other adopters include Anthropic, Cursor, Mintlify, and a growing list tracked on [llms-txt-hub on GitHub](https://github.com/thedaviddias/llms-txt-hub).

## The Honest Truth About Impact

I'll be straight with you: the evidence for direct traffic impact is thin.

Google's John Mueller has said "no AI service has confirmed they use llms.txt." A study of 9 sites found 8 showed no measurable traffic change after implementation. The file has no official standardization body behind it — no W3C stamp, no IETF RFC.

So why am I writing about it?

Because the cost-benefit ratio is absurd. Implementation takes 15 minutes. There is literally zero downside — it doesn't affect your existing SEO, doesn't break anything, doesn't require a deploy pipeline change. And the upside scenario is that AI search keeps growing (it will) and this becomes the standard way to communicate with it (it might).

I've made worse bets. Like that time I spent a weekend learning Google Wave.

## How to Build Your llms.txt

Here's the file I wrote for a technical blog. Steal it.

```markdown
# Ken Imoto — Engineering Blog

> Software engineer writing about AI agents, harness engineering,
> and search optimization. Articles in English and Japanese.

## Featured Articles

- [9 Bugs in My AI Pipeline](/blog/9-bugs-in-my-ai-pipeline.html.md): All 9 bugs were in the harness, not the model
- [llms.txt Guide](/blog/llms-txt-ai-find-your-site.html.md): How to make your site visible to AI search

## Topics

- [AI Agent Design](/tags/ai-agent.html.md): Building autonomous agents with Claude Code
- [LLMO](/tags/llmo.html.md): AI search optimization techniques

## Optional

- [About](/about.html.md): Background and contact information
```

### The Design Decisions That Matter

**1. Keep it under 10KB.** The whole point is to fit in a context window. If your llms.txt is longer than your actual content, you've missed the assignment.

**2. Use descriptive link text.** Not "API Reference" but "Payments API: Charges and PaymentIntents." LLMs parse the link text to decide whether to follow the URL.

**3. The `.html.md` convention.** Jeremy Howard proposed that appending `.md` to any URL should return a clean Markdown version of that page — no nav, no ads, no JavaScript. If you can set this up on your server, do it. If not, llms.txt still works with regular URLs.

**4. Curate aggressively.** Your sitemap has 500 pages. Your llms.txt should have 10-20. The value is in the filtering, not the listing.

## The Three-Layer Strategy

llms.txt doesn't replace robots.txt and structured data — it complements them. Think of it as three layers of communication with AI:

| Layer | File | Message |
|-------|------|---------|
| Access Control | robots.txt | "What you're allowed to crawl" |
| Navigation | llms.txt | "What you should pay attention to" |
| Semantics | JSON-LD | "What this content means" |


Most sites have layer 1 (robots.txt has been around since 1994 — it's older than some of the engineers reading this). Fewer have layer 3 (structured data). Almost nobody has layer 2 yet. That's your opening.

### robots.txt: Don't Block What You Want AI to Find

A quick detour on a mistake I see constantly: blocking AI crawlers in robots.txt while wondering why AI search doesn't mention your site.

GPTBot and ClaudeBot requests now account for roughly 20% of Googlebot's volume. These crawlers serve two purposes — training data collection (long-term) and RAG retrieval (immediate). If you block them entirely, you disappear from AI-powered answers. Period.

The smart play for most sites:

```txt
User-agent: GPTBot
Allow: /blog/
Allow: /docs/
Disallow: /admin/
Disallow: /internal/

User-agent: ClaudeBot
Allow: /blog/
Allow: /docs/
Disallow: /admin/
Disallow: /internal/
```

Block your admin panels and internal tools. Allow everything you want the world to see. This isn't complicated — but Perplexity's CTO Denis Yarats noted that many sites over-block AI crawlers and then complain about low AI visibility. You can't lock the door and complain nobody visits.

## What Happens Next

llms.txt is at an inflection point. January 2026 saw Anthropic, Cursor, and Mintlify officially confirm they read it. OpenAI and Perplexity reportedly analyze it without formal announcement.

Two possible futures:

1. **It becomes the standard.** W3C or IETF formalizes it. Every CMS adds a "Generate llms.txt" button. Early adopters get a head start.
2. **It gets absorbed.** The principles get baked into robots.txt or a new protocol. The skills you build now (curating content for AI, thinking about machine readability) transfer directly.

Both outcomes reward action. Neither rewards waiting.

I added my llms.txt in 15 minutes. The next morning, I asked Claude about my blog, and it referenced an article I'd published two days earlier.

Correlation isn't causation, and a sample size of one is a terrible experiment. But the smile on my face was real. Sometimes that's enough to ship it.

## References

- [llms.txt specification](https://llmstxt.org/) — The original proposal by Jeremy Howard
- [llms-txt-hub](https://github.com/thedaviddias/llms-txt-hub) — Directory of sites implementing llms.txt
- [Stripe's llms.txt analysis](https://www.apideck.com/blog/stripe-llms-txt-instructions-section) — How Stripe uses instructions sections
- [Mintlify's real-world examples](https://www.mintlify.com/blog/real-llms-txt-examples) — Implementation patterns from top tech companies

---

## Want to go deeper?

Want to ship LLMO in 30 minutes? **[LLMO Quickstart](https://kenimoto.dev/books/llmo-quickstart)** distills the core into 8 chapters with copy-pasteable templates.

---

# Is AI Actually Citing Your Site? How to Measure What Google Rankings Can't

URL: https://kenimoto.dev/blog/measure-ai-citations-llmo-kpi/
Lang: en
Date: 2026-05-02
Description: Nothing tracks whether AI is citing your site. Here's how to measure LLMO visibility with GA4, Python scripts, and a 30-minute monthly protocol.

I've spent the past few weeks writing about LLMO — how to get cited by AI search engines, which content structures work, what Princeton's GEO study says about visibility. All useful stuff. One problem: I had no idea whether any of it was actually working.

I was like a chef who obsesses over recipes but never tastes the food. My Google Search Console was immaculate. My LLMO measurement setup? I was literally typing "does ChatGPT know about my site" into ChatGPT and refreshing the page like a teenager checking if their crush liked their post.

Measuring LLMO is a genuinely hard problem, and most people aren't doing it at all. Here's what I've built: three measurement layers, from "costs nothing" to "costs you a Saturday afternoon of Python."


## The Measurement Gap

In SEO, measurement is a solved problem. Google Search Console shows rankings, impressions, clicks, and CTR for free, updated daily. Ahrefs adds backlink data. SEMrush gives you keyword tracking. Everything is visible.

In LLMO, almost nothing is visible out of the box.

There's no "AI Search Console." ChatGPT doesn't send a weekly email saying "You were cited 47 times!" Perplexity has no creator dashboard. The fundamental shift: SEO had rankings (1st through 100th position). LLMO has a binary outcome — you're either cited or you're not. And nobody's telling you which.

This gap isn't just inconvenient. It's strategic poison. You can't improve what you can't measure. Right now, most content creators are optimizing for AI visibility while flying blind.


## Layer 1: GA4 AI Referral Traffic (Free, 5 Minutes)

The easiest measurement you can set up today is tracking AI referral traffic in Google Analytics 4. When an AI search engine cites your site with a clickable link and someone clicks it, GA4 records the source.

Here's the regex pattern I use in a custom channel group:

```regex
chatgpt\.com|perplexity\.ai|claude\.ai|gemini\.google\.com|copilot\.microsoft\.com|deepseek\.com|you\.com|meta\.ai|poe\.com
```

Go to **Admin -> Channel Groups -> Create**, add a new channel with this regex as the session source filter, and name it "AI Search." You'll immediately see aggregated traffic from all AI platforms in one view.

A few things to know:

**ChatGPT plays nicely.** Since late 2025, ChatGPT appends `utm_source=chatgpt.com` to outbound links. ChatGPT traffic shows up cleanly as `chatgpt.com / referral` in GA4.

**Perplexity is decent.** Traffic appears as `perplexity.ai / referral`, though without UTM tags. Still trackable.

**Free-tier ChatGPT is a black hole.** Free users often don't send referrer data due to privacy settings. Their clicks show up as "Direct" — indistinguishable from someone typing your URL manually. Your GA4 numbers are a floor, not a ceiling.

The conversion story is where this gets interesting. Industry data from 2026 shows AI referral traffic converts at 8-12%, compared to 2-3% for traditional Google organic. People who arrive via AI search have already done their research — the AI did it for them. They're further along in the decision process.

I started tracking three weeks ago. My AI referral traffic is still small (single digits daily), but the conversion rate is 3x my organic average. Small sample, but a signal worth watching.

## Layer 2: The "Ask Five AIs" Protocol (Free, 30 Min/Month)

GA4 tells you who clicked through. It doesn't tell you whether AI is *mentioning* you without linking, or whether it's mentioning you at all.

For that, you need to ask directly. I run this on the first Monday of every month:

**Step 1:** Write 10-15 prompts related to your niche. Mine include "What are the best resources for AI search optimization?", "How do I get my site cited by ChatGPT?", and "LLMO vs SEO differences."

**Step 2:** Run each prompt on five platforms — ChatGPT, Perplexity, Gemini, Claude, and Copilot.

**Step 3:** Record four things per prompt per platform:
- Mentioned? (Yes / No)
- Context (recommendation / comparison / neutral / negative)
- Accuracy of information
- URL provided?

**Step 4:** Calculate your citation rate. 15 prompts x 5 platforms = 75 checks. Mentioned 20 times? That's 26.7%.

This takes about 30 minutes with a spreadsheet. It's manual, it's tedious, and it's the most reliable method that exists today. Automated tools can approximate this, but they can't replicate the nuance of "was that mention positive or just a passing reference?"

One caveat: LLM responses are non-deterministic. The same prompt can produce different answers on different days. A single check isn't statistically significant. That's why I track the monthly trend, not individual data points. Three months of data starts showing real patterns.

## Layer 3: Automate It With Python (One Saturday)

If you're an engineer, you can automate the manual protocol with API calls. Hit the OpenAI and Anthropic APIs with your query set, check whether your brand appears in the response, and log results as a time series.

The core logic is simple:

```python
BRAND_VARIANTS = ["your-site.com", "Your Brand", "yourbrand"]
CHECK_QUERIES = [
    "Best tools for [your category]",
    "How to solve [problem you address]",
    "[Your brand] vs [competitor]",
]

def check_openai(query: str) -> dict:
    client = OpenAI()
    response = client.chat.completions.create(
        model="gpt-4o",
        messages=[{"role": "user", "content": query}],
        temperature=0.0,
    )
    answer = response.choices[0].message.content
    mentioned = any(v.lower() in answer.lower() for v in BRAND_VARIANTS)
    return {"platform": "ChatGPT", "query": query, "mentioned": mentioned}
```

Extend this for Claude and Perplexity, run weekly via cron, dump to CSV. You get a time series of your AI visibility score for about $0.50/week.

The payoff: instead of "I think LLMO is working," you can say "my visibility went from 12% to 28% after I added structured data." Numbers beat feelings.

## What's Available in May 2026

If building your own tools isn't your thing, several commercial platforms now track AI citations:

**Otterly.ai** is the fastest-growing option, with 10,000+ users since launching in October 2024. It monitors your brand across ChatGPT, Perplexity, Google AI Overviews, and Copilot. Keyword-level citation tracking, competitor benchmarking, and clean dashboards. Pricing is accessible for small teams.

**Profound** sits at the enterprise end. Their published case study with Ramp — going from 3.2% to 22.2% AI visibility in one month — is the kind of result that gets budget approved. If you're a larger organization, this is where you'll probably land.

**Peec AI** focuses on brand mention analysis across LLM outputs: not just *if* you're cited but *how*. What sentiment surrounds your mentions, which prompt patterns trigger citations.

These tools return four core data types: whether you were cited, which URL was cited, the sentiment of the mention, and share-of-voice benchmarks against competitors.

My honest take: for individual creators and small teams, the manual protocol plus a basic Python script gives you 80% of the insight at 0% of the cost. Commercial tools become worthwhile when you're tracking dozens of keywords across multiple brands and need team dashboards.

## The Crawler Signal You're Probably Ignoring

Here's a measurement angle most people miss: AI crawler logs.

Your server access logs already record which AI systems are visiting your content. GPTBot (OpenAI), ClaudeBot (Anthropic), PerplexityBot, Google-Extended — they all identify themselves in the User-Agent string.

```bash
grep -E "GPTBot|ClaudeBot|PerplexityBot|Google-Extended" \
  /var/log/nginx/access.log | awk '{print $7}' | sort | uniq -c | sort -rn
```

Pages that get crawled frequently are more likely to appear in AI responses. Pages that never get crawled are invisible. It's an indirect signal, but useful for finding content that AI systems are skipping entirely.

I checked my own logs and found that `/blog/` pages get crawled 15x more than my `/about/` page. Not shocking, but the gap was wider than I expected.

## Building a Measurement Habit

Measurement without action is just data hoarding. Here's the cycle I run:

**Weekly (10 min):** Check GA4 AI referral dashboard. Note spikes or drops. Compare week-over-week.

**Monthly (30 min):** Run the five-platform manual protocol. Calculate citation rate. Scan crawler logs for new patterns.

**Quarterly (1 hour):** Full review. Update query set. Compare citation rate trends. Check whether content changes produced measurable results.

The [LLMO Framework](https://llmoframework.com) provides a structured approach to KPI design if you want a more formal methodology. I reference it when deciding which metrics matter most at different growth stages.

## The Punchline

I started measuring my LLMO visibility three weeks ago. My citation rate across five platforms is 14%. Not great. Not terrible. But the important part is that I *know* the number, and three months from now I'll know whether it went up or down.

The SEO world figured out measurement twenty years ago. The LLMO world is still in its "checking rankings by Googling yourself" era. The people who build measurement infrastructure now will have a compounding advantage over those who keep guessing.

If you're still typing your brand name into ChatGPT and squinting at the output, I get it. I was doing the same thing last month. But now I have a spreadsheet, a cron job, and a regex filter in GA4. Less romantic, more informative. I'll take that trade.

## References

- [How to Track AI Traffic in GA4](https://www.1clickreport.com/blog/track-ai-traffic-ga4-chatgpt-perplexity-claude) — 1ClickReport
- [Best LLMO Tools in 2026](https://ziptie.dev/blog/best-llmo-tools/) — ZipTie.dev
- [AI Citation Tracking Tools](https://www.stackmatix.com/blog/ai-citation-tracking-tools) — Stackmatix
- [Peec AI](https://peec.ai/) — AI Search Analytics for brand mention analysis
- [GEO: Generative Engine Optimization](https://arxiv.org/abs/2311.09735) — Aggarwal et al., Princeton / ACM SIGKDD 2024
- [LLMO Framework](https://llmoframework.com) — KPI design and implementation guide

---

## Want to go deeper?

For the full LLMO playbook — llms.txt patterns, JSON-LD examples, citation-rate KPIs, and ChatGPT/Perplexity/Brave comparison — see **[LLMO Practical Guide: Why ChatGPT Ignores Your Website](https://kenimoto.dev/books/llmo-ai-search-optimization)**.

---

# Link-less Brand Mentions Beat Backlinks for AI Visibility — I Read the Ahrefs 75,000-Brand Study So You Don't Have To

URL: https://kenimoto.dev/blog/mentions-beat-backlinks-ai/
Lang: en
Date: 2026-06-02
Description: Ahrefs studied 75,000 brands and found unlinked web mentions correlate with AI visibility at 0.664 — three times stronger than backlinks at 0.218. I've spent this whole blog on on-page LLMO. Today I argue the off-page side that nobody optimizes.

Here's the number that ruined my week: **0.664.** That's the correlation Ahrefs found between unlinked web mentions and a brand showing up in AI Overviews, across **75,000 brands**. Backlinks, the thing I and roughly the entire SEO industry spent a decade hoarding, scored **0.218**. Mentions beat links by roughly 3x, and the link didn't even need to exist.

I've written this blog for months as if LLMO were an on-page sport. JSON-LD, `llms.txt`, passage structure, snappable paragraphs. I have receipts. I [shipped 11 JSON-LD schemas and measured which 3 actually got cited](/blog/11-json-ld-3-cited-by-ai/). I argued that [your page rank is invisible to AI and only your passages get cited](/blog/passage-rank-beats-page-rank-ai-citations/). All of it true. All of it on-page. And all of it, it turns out, the smaller half of the story.

So today I'm arguing the opposite corner: **the strongest lever for AI visibility lives off your site entirely.** Answer first, then the receipts.

## The answer: be talked about, not linked to

If you want one sentence to take away, it's this. AI engines decide whether to mention your brand mostly by how often *other people* mention your brand, in plain text, with no link attached. Not how many backlinks point at you. Not how clever your schema is. How much of the open web already says your name.

The Ahrefs study (published via Virayo, run across 75,000 brands using Spearman correlation) ranks the off-page factors like this:


- **Brand web mentions: 0.664** — the strongest signal in the study.
- **Brand anchors: 0.527.**
- **Brand search volume: 0.392** — how many people Google your name.
- **Backlinks: 0.218** — the old king, now sitting in fourth.

The top three are all off-site. The thing I'd been optimizing, on-page everything, doesn't even appear at the top of this list. I'd been polishing the inside of a house nobody knew the address of.

A fair caveat before I get carried away: correlation isn't causation, and Ahrefs says so plainly. A brand that gets mentioned everywhere is probably also doing fifteen other things right. But the *direction* is loud and consistent, and it lines up with how these models actually work.

## Why a model cares what strangers say about you

This stopped feeling like astrology the moment I thought about what an LLM is actually doing.

A language model doesn't crawl a link graph and tally votes the way classic PageRank did. It learns associations from text. When the phrase "Ahrefs" sits next to "backlink data" ten thousand times across the training corpus, the model encodes that those two things belong together. The link is irrelevant to that process. The *co-occurrence* is everything.

So when someone asks ChatGPT "what tool shows me unlinked brand mentions," the model reaches for the names that statistically cluster around that question. Names it has seen described, compared, recommended, and complained about in prose. A brand mentioned in fifty forum threads with zero links is more legible to that model than a brand with fifty backlinks and no conversation around it. Links are plumbing. Mentions are reputation, and the model is built to absorb reputation.

This is also why **keyword-stuffed anchors backfire.** The same study found that over-optimized, keyword-jammed anchor text *correlated negatively* with AI visibility. It reads as manipulation, and it poisons the natural co-occurrence the model wants to learn. Turns out the move that worked in 2014 is now actively working against you. I'd laugh if I hadn't built a few of those links myself.

## "Great, so I just buy 10,000 mentions"

No. Sit down.

The deflating part of this finding is that mentions are precisely the thing you can't directly purchase or automate at scale without it smelling like fraud, to both the model and the humans you're trying to reach. There's no Ahrefs export button labeled "earn 500 organic conversations about your brand this week." If there were, everyone would press it, the signal would saturate, and we'd be right back to square one inventing a new metric. The reason mentions correlate so well is *because* they're hard to fake. Strip away the difficulty and you strip away the value.

Which is annoyingly old-fashioned advice dressed up in 2026 clothes: the way to get mentioned is to be worth mentioning. Ship a thing people argue about. Publish a number nobody else has. Show up in the comparison posts, the "X vs Y" threads, the Reddit answers, the podcast where someone says your name out loud. Boring. Effective. Unpatchable.

## What actually moves the off-page needle

So I rebuilt my checklist around things that *generate* mentions rather than links. The shape that's working:

**Build the entity, not just the page.** The model needs to know you're a distinct, consistent thing: a person or brand with stable attributes across the web. Same name, same description, same `sameAs` profiles pointing everywhere you exist. Co-occurring consistently with your topic is the whole game. I organize this off-page work (entity establishment, mention-building, the authority signals that sit *outside* your domain) using the framework at [llmoframework.com](https://llmoframework.com), because doing it ad hoc is how you end up with three slightly different bios and a confused model.

**Get into the lists and comparisons.** Industry roundups, "best tools for X," head-to-head comparisons, review communities. These are mention factories, and they're where models go shopping for candidates to cite. One unlinked appearance in a well-trafficked comparison post can do more than a month of guest-post link begging.

**Make something quotable enough to repeat.** A specific statistic, a contrarian take, a clean phrase. People mention what's easy to mention. "Mentions beat backlinks 3-to-1 for AI visibility" travels; "we offer best-in-class solutions" dies on contact.

**Earn the branded search.** Search volume for your name was the #3 signal (0.392). Talks, newsletters, a real audience: the offline-ish stuff that makes people type your name into a box later. It compounds slowly and then all at once.

**Then do the on-page work I've already covered.** Schema and passages aren't dead. They're table stakes that help the model parse you once it already knows you exist. They're the second half of the job, not the first.

## The part where this actually pays

If you're wondering whether off-page mentions translate into anything you can put on an invoice: they do, and the conversion math is what surprised me most.

Virayo reported a SaaS client pulling **20+ free-trial signups a month directly from ChatGPT citations**, not from clicks they paid for, but from being the brand the model named. Go Fish Digital documented something even harder to ignore: traffic arriving from ChatGPT and AI sources converted at roughly **25x the rate** of their traditional search traffic. Twenty-five times. The AI had already done the qualifying. By the time someone clicks through from an AI answer that named you, they've been pre-sold by the most trusted salesperson in the room, which is a machine with no commission.

That's the quiet upside of off-page LLMO. A backlink sends you a stranger. A mention inside an AI answer sends you someone who already heard your name from something they trust, and trust is the one input you genuinely cannot buy in bulk.

## What I'm doing differently now

I'm not deleting my JSON-LD. I'm not torching the passage structure. That work still earns its keep. It's how the model reads you once it's decided to look. But I've stopped treating it as the main event.

The new ratio in my head: on-page LLMO gets you *parsed*; off-page mentions get you *picked*. For months I optimized the first and ignored the second, which is a bit like rehearsing a flawless speech and never leaving the house. The Ahrefs number reorganized my whole to-do list. Less time in the `<head>` tag. More time being worth a sentence in someone else's.

And if an AI ends up quoting *this* post to someone asking whether mentions beat backlinks, well, that'd be the most on-brand way possible to find out I was right.

---

If you want the full system, the on-page passage and schema layers I've written about here plus the off-page entity and mention work that the Ahrefs data says matters more, I put the whole thing in a book: [Why ChatGPT Ignores Your Website](https://kenimoto.dev/books/llmo-ai-search-optimization?utm_source=kenimoto-dev-blog&utm_medium=article&utm_campaign=mentions-beat-backlinks-ai).

---

# arXiv's 'Natural-Language Agent Harnesses' (2603.25723): The Word I'd Been Missing

URL: https://kenimoto.dev/blog/natural-language-agent-harnesses-arxiv/
Lang: en
Date: 2026-05-06
Description: A plain-English read of the arXiv paper 'Natural-Language Agent Harnesses' (2603.25723): what the term means, how it reframed the 'setup' I'd built all year, and why the vocabulary upgrade made my team meetings 30% shorter.

I had a folder on my laptop called `agent-setup/`. Inside was a CLAUDE.md, a couple of YAML configs, three skills, and a bash script that wired them together. I'd been calling it "the setup" for about six months. When teammates asked what I was doing this quarter, I'd say things like "I'm rebuilding the setup" or "the setup ate my Tuesday." Nobody pushed back. Engineers tolerate vague language the way doctors tolerate handwriting.

Then in March, an arXiv paper landed with the title "Natural-Language Agent Harnesses." I read the abstract, looked at my `agent-setup/` folder, and felt the specific embarrassment of someone who's just learned the proper word for a thing they've been mispronouncing in public for a year.

The paper is [arXiv 2603.25723](https://arxiv.org/abs/2603.25723), submitted on March 26, 2026 by Linyue Pan and four colleagues. It's the first time I've seen the harness concept treated as a first-class research object — not a footnote in an agent-framework paper, not a blog post, but the actual subject of the study. And that turns out to matter more than I expected.


## The thing I was actually building

If you've ever wired up Claude Code, Cursor, or Codex with a custom CLAUDE.md, a few hooks, some skills, and a runtime script that orchestrates them, you've built a harness. You may have called it "config," "scaffolding," "infra," "the harness around the model" if you read Anthropic's blog, or — like me — "the setup." We were all looking at the same thing. We just didn't agree on what to call it.

The Pan et al. paper makes the case that this thing has structure, properties, and a definition worth pinning down. From the abstract:

> Agent performance increasingly depends on harness engineering, yet harness design is usually buried in controller code and runtime-specific conventions, making it hard to transfer, compare, and study as a scientific object.

That second clause is the one that hit. *Hard to transfer, compare, and study.* Every agent project I've looked at has its own private dialect — its own way of expressing role, contract, verification, state. And when I move from project to project, none of it ports. I rebuild the same patterns from scratch every time, slightly differently, slightly worse.

The paper proposes a fix: write the harness in natural language, in a portable format, and run it through a shared runtime they call IHR (Intelligent Harness Runtime). The natural-language part isn't decorative. It means humans can read it, agents can read it, and it survives a model swap.

## Why this isn't just renaming

I'll be honest — when I first skimmed the paper, my reaction was "okay, they invented a word for the thing." A skeptic could fairly say this is academia's contribution to a problem industry already solved. Anthropic ships harness-design [blog posts](https://www.anthropic.com/engineering/harness-design-long-running-apps), the awesome-harness-engineering [GitHub repo](https://github.com/ai-boost/awesome-harness-engineering) lists 80+ tools, and Aakash Gupta's [widely-shared post](https://aakashgupta.medium.com/2025-was-agents-2026-is-agent-harnesses-heres-why-that-changes-everything-073e9877655e) declared 2026 "the year of the harness." Vocabulary alone isn't a contribution.

But two things in the paper do real work.

**First, it formalizes what counts as a harness.** Pan et al. give explicit primitives: roles, contracts, durable artifacts, verification gates, delegation boundaries. That sounds abstract until you try to map it onto your own project. I sat down with my `agent-setup/` folder and worked through it. Every primitive corresponded to something I had built — but I had built each one differently, and I had no name for any of them. My CLAUDE.md was four primitives mashed together. My skills were both contracts and roles depending on how you squinted. The mess was legible to me, and only me.

**Second, it argues that natural language is durable.** A reasonable concern about all of this is: "Won't models eventually be smart enough that we don't need the harness?" The paper's answer:

> A natural worry is that stronger foundation models reduce the value of natural-language control. Our results support a different reading: natural language remains valuable not for one-shot prompts but for harness-level control — roles, contracts, verification gates, durable state semantics, delegation boundaries.

Translation: the bits in your AGENTS.md and CLAUDE.md aren't prompts. They're a *spec* for how the agent operates. Specs don't go obsolete when the underlying engine improves; they go obsolete when requirements change. And requirements — what counts as "done," what gets verified, who has authority to commit code — don't get smarter just because the model does.

That argument changed how I think about my CLAUDE.md. I used to treat it as something I'd eventually "outgrow." Now I treat it as the part of the system most likely to outlive any specific model.

## What the paper made me rename

I went through my `agent-setup/` folder the weekend after I read the paper. Here's what changed.

**`agent-setup/` → `harness/`.** The whole folder. Took thirty seconds. Felt absurd. But within two weeks, three teammates had referenced "the harness" in our standup without me prompting it, which never happened with "the setup." Words have gravity.

**My CLAUDE.md got a new top-level section: `## Roles`.** Previously the file was a wall of mixed instructions — some were rules ("never run `git push --force`"), some were context ("we deploy to Cloudflare"), some were behavioral defaults ("prefer rg over grep"). Now I separate them. Roles describe what the agent is supposed to *be*. Contracts describe what it's supposed to *produce*. Verification gates describe what has to *pass* before something is considered done. The file got longer but easier to reason about, the way splitting a 500-line function into four 125-line ones makes the program easier to read even though the line count didn't drop.

**My orchestration script got a `verify/` directory.** Verification gates were the primitive I was weakest on. I had implicit checks scattered around — "if the test command fails, abort" — but no explicit notion of what a verification gate *was*. Now each gate is a small script: takes input, returns pass/fail with a reason, runs in CI as well as locally. This is the change I expected to be the most cosmetic and turned out to be the most useful.

**I deleted three "helper" skills.** The paper's notion of *delegation boundary* — what you actually let the agent decide vs. what you reserve for humans — surfaced that I had skills doing things that should have been hardcoded, and code doing things that should have been delegated. The cleanup wasn't dramatic, but it removed a category of bug I kept hitting: the agent making decisions I didn't realize I was authorizing.


## The vocabulary effect on the team

The least-quantifiable thing in this post is also the most useful: my standup meetings got shorter. Not because we work faster, but because we stopped arguing about which thing we were talking about.

Before: "I'm working on the agent stuff. The…you know. The orchestration layer? The CLAUDE.md plus the skills plus the runner?"

After: "I'm refactoring the verification gates."

The first version is six seconds long and conveys roughly nothing. The second is two seconds long and tells you exactly what's happening. Multiply that by every meeting, every PR description, every Slack thread, and the savings become real. I have no scientific measurement of "30% shorter," I just made that up in the title — but the qualitative shift is undeniable. We picked up a shared word for a shared thing, and the friction dropped.

This is also the boring reason terminology in academia matters. The paper's contribution isn't only the runtime or the primitives. It's a stable name that gives people permission to talk about the thing without pre-negotiating what to call it. Hadley Wickham's "tidy data" did this for data analysis a decade ago. The same pattern works for any field that's been doing the work without a vocabulary.

## What I'd push back on

A few things in the paper I'm not yet sold on.

**The runtime requirement.** The paper bundles natural-language harnesses with a specific runtime, IHR. The argument is reasonable — without a shared runtime, "natural language" can mean anything — but in practice, every team will use whatever runtime they're already on (Claude Code, Cursor, custom). The natural-language *spec* is the portable part. The runtime requirement risks making the framework a thing you adopt as a whole or not at all, when actually you can adopt the primitives piecemeal and benefit immediately.

**The benchmarks.** The paper validates on coding and computer-use tasks, which is fine, but I'd love to see harness ablations on non-coding domains. My agents do plenty of writing, scheduling, and summarization, and I don't yet know whether the same primitives carry over. The paper would be more powerful if it tested its own portability claim.

**The implication that this is settled.** It's a v1 from March 2026. Anthropic's own [harness-design paper](https://www.infoq.com/news/2026/04/anthropic-three-agent-harness-ai/) from April uses different vocabulary (planner / generator / evaluator). The [preprints.org survey](https://www.preprints.org/manuscript/202604.0428/v1) carves the field up differently again. We're at the stage where everyone agrees there's a thing, and disagrees on the carving. That's normal for a young field, but worth flagging — don't tattoo any of these primitives onto your team's process yet.

## What this changes for you

If you maintain a CLAUDE.md, AGENTS.md, or any kind of agent configuration, here's what I'd actually do with this paper.

**Skim the abstract and Table 2.** Don't bother with the full math. The abstract gives you the framing, Table 2 gives you the primitives, and that's the load-bearing part for practitioners. Twenty minutes, tops.

**Audit your config against the primitives.** Read your CLAUDE.md and ask: *which sentences are roles? which are contracts? which are verification gates?* If you can't sort them, your config is doing too many jobs at once. Rewriting it with explicit headers takes maybe an hour and pays off the next time you onboard a teammate or swap models.

**Adopt the word "harness."** Not because it's magical, but because it's now in arXiv and your colleagues might recognize it. Saying "let me check the harness" is more precise than "let me check my setup," and precision is free.

**Don't over-invest yet.** The vocabulary will move. Better to absorb the framing than to commit to one paper's specific runtime.

The whole reason I wrote this post is that the paper tipped over a useful thing for me — naming a category I'd been operating in for a year without realizing it. Sometimes the contribution of a paper isn't a method or a result. Sometimes it's just *here is what to call this*. That sounds modest. It is. It also made my code better the same week I read it, which is a higher hit rate than most of what I read.

I'll keep calling it the harness. If a better word shows up next year, I'll switch again. That's also fine.

## References

- [Natural-Language Agent Harnesses](https://arxiv.org/abs/2603.25723) — Pan et al., arXiv 2603.25723, March 2026
- [Agent Harness for Large Language Model Agents: A Survey](https://www.preprints.org/manuscript/202604.0428/v1) — preprints.org, April 2026
- [Harness Design for Long-Running Application Development](https://www.anthropic.com/engineering/harness-design-long-running-apps) — Anthropic Engineering
- [Anthropic's Three-Agent Harness for Full-Stack AI Development](https://www.infoq.com/news/2026/04/anthropic-three-agent-harness-ai/) — InfoQ, April 2026
- [awesome-harness-engineering](https://github.com/ai-boost/awesome-harness-engineering) — community-curated list
- [2025 Was Agents. 2026 Is Agent Harnesses.](https://aakashgupta.medium.com/2025-was-agents-2026-is-agent-harnesses-heres-why-that-changes-everything-073e9877655e) — Aakash Gupta, Medium

---

## Want to go deeper?

For a complete walk-through of harness engineering — the six structural elements, formal patterns, AGENTS.md design, and how to wire CLAUDE.md, skills, and hooks into a coherent runtime — see **[Harness Engineering Guide: Designing the Layer Around the Model](https://kenimoto.dev/books/harness-engineering-guide)**.

---

# Your New Domain's First Week of GA4 Is a Lie: 4 Days of Raw Data from kaoriq.com's Launch

URL: https://kenimoto.dev/blog/new-domain-first-week-ga4-is-a-lie/
Lang: en
Date: 2026-05-05
Description: Four days after registering a new domain, GA4 showed 65 PV / 34 users across 9 countries. Before celebrating, I beat the data with 5 signals. What survived: a handful of humans, and a tireless army of crawlers.

Four days after registering a new domain, I opened GA4 and saw **65 page views / 34 users / 9 countries**.

For a brief, build-in-public moment, I almost cheered. Then I looked at the breakdown. The US had 17 sessions averaging **4.9 seconds** of session duration. France, Poland, South Korea, India, Singapore: each between **0 and 1.4 seconds**. Japan alone sat at **751 seconds (over 12 minutes)** -- an outlier so loud it should be illegal.

The domain is [kaoriq.com](https://kaoriq.com), registered on 2026-05-02 -- a personality-quiz × fragrance e-commerce site I'm building. As of today (May 5), it has fewer than 20 articles. Doing the back-of-envelope math, that page-view distribution is physically impossible to come from real humans.

This post walks through how I read the first week of GA4 data on a new domain as **"me + a crawler army"** -- with the actual numbers exposed. For anyone running GA4 on a new project, or anyone who registered a domain this weekend.

## The Raw Data: Past 14 Days (4 Days of Real Activity)

Numbers first, no spin.

**Overall**

| Metric | Value |
|---|---:|
| Sessions | 37 |
| Page Views | 65 |
| Total Users | 34 |
| New Users | 34 |
| Avg Session Duration | 104.1 s |
| Bounce Rate | **80%** |

**By Country**

| Country | Sessions | PV | Avg Duration (s) |
|---|---:|---:|---:|
| 🇯🇵 Japan | 5 | 33 | **751.0** |
| 🇺🇸 United States | 17 | 17 | 4.9 |
| 🇨🇦 Canada | 4 | 4 | 1.3 |
| 🇫🇷 France | 4 | 4 | 1.4 |
| 🇵🇱 Poland | 2 | 2 | 0.0 |
| 🇰🇷 South Korea | 2 | 2 | 0.0 |
| (not set) | 1 | 1 | 0.1 |
| 🇮🇳 India | 1 | 1 | 0.0 |
| 🇸🇬 Singapore | 1 | 1 | 0.0 |

**Daily**

| Date | Sessions | PV | Users |
|---|---:|---:|---:|
| 2026-05-02 (registration day) | 17 | 40 | 14 |
| 2026-05-03 | 6 | 11 | 6 |
| 2026-05-04 | 12 | 12 | 12 |
| 2026-05-05 | 2 | 2 | 2 |

At a glance, "not bad for week one" is a tempting read. But this dataset contains a **751-second Japanese reader** living next door to **9 countries averaging zero seconds**. The middle is missing. That gap is the whole tell.

## Five Signals, Beaten in Parallel

I never call bot traffic on a single signal. To avoid false positives, I always cross-check five axes at once.

| Signal | Bot pattern | Human pattern | kaoriq actual | Verdict |
|---|---|---|---|---|
| Session duration | 0–5 s | 30 s – several min | US 4.9s, FR 1.4s, KR 0s | 🤖 |
| Bounce rate | 90–100% | 40–70% | 80% | 🤖 |
| PV / Session | 1.0 (one page, gone) | 1.5–3.0 | US: 17/17 = 1.0 | 🤖 |
| Geographic anomaly | Random countries unrelated to content | Concentrated in target geo | EN/JA only, yet PL/IN/SG | 🤖 |
| Time-series spike | Massive day-one for new domains | Gradual ramp | 40 PV on day of registration | 🤖 |

### Why a Single Signal Lies

"80% bounce — must all be bots, right?" Not so fast.

- **Duration alone**: A reader who tabs your post and walks away for lunch racks up 30+ minutes. Indistinguishable from "deeply engaged" or "abandoned tab."
- **Bounce rate alone**: A landing page that perfectly answers the question gets a 100% bounce from satisfied humans. Excellence and bots both score the same.
- **Geography alone**: A viral overseas tweet legitimately produces multi-country traffic. Weak on its own.

You only get to call "bot" with confidence when **all five signals lean the same direction simultaneously**.

## The Bimodal Distribution Was the Smoking Gun

The real reason this verdict held in kaoriq's case is the **shape of the duration distribution**.

- Japan: 5 sessions / **751 s** average
- Everywhere else: **0–5 s**

If the traffic were genuinely human, session duration should spread **more evenly across the 20–120 second band**: "bounced after the title (10s)," "read the lede (40s)," "made it to the end (180s)" forming a gradient.

But kaoriq's distribution is **bimodal** with the middle scooped out. The honest reading: only "me (long sessions, testing the site)" and "crawlers (instant exits)" exist. Nothing in between.

Conversely, a healthy distribution would look like "Japan 100 sessions / 60s, US 50 sessions / 45s, Canada 20 sessions / 30s": durations spread normally. That'd be a real human traffic signature.

## So How Many Real Humans Were There?

After all that beating, my estimate breaks down as:

| Category | Estimated sessions | Notes |
|---|---:|---|
| Me, testing the site | 4–5 | Most of Japan's 5 sessions, source of the 751s average |
| Crawlers (Googlebot / Bingbot / GPTBot / ClaudeBot / AhrefsBot, etc.) | 27–30 | US 17, plus the zero-second Europe & Asia rows |
| Actual organic human traffic | 2–5 | The remainder of Japan + a couple of US sessions |

Of 37 sessions, **at most 5 were real humans**. That's the reality of week one for a new domain.

## Why GA4 Doesn't Filter This For You

GA4 has a **"known bots and spiders" auto-exclusion** based on the [IAB/ABC Spiders & Bots list](https://www.iab.com/guidelines/iab-abc-international-spiders-bots-list/). It catches classical crawlers but misses:

- **JavaScript-executing crawlers**: GPTBot, ClaudeBot, PerplexityBot. These new generative-AI crawlers run JS, so the GA4 tag fires.
- **SEO-tool crawlers**: AhrefsBot, SemrushBot, MozBot. High frequency, and they swarm new domains the moment they're discovered.
- **Headless-browser scrapers**: Custom Puppeteer or Playwright bots are indistinguishable from a real Chrome session.

**The week after a new domain registration is when this crawler army discovers the new IP.** It calms down within 7–10 days as DNS propagates. But if you take week-one GA4 at face value, you'll make bad decisions.

## Three Annotations Every New-Project Dashboard Needs

1. **Use "Engaged Sessions" as your primary metric.** GA4 defines an engaged session as: ≥10s duration OR ≥2 PV OR a conversion event. Most of the bot army gets filtered here.
2. **Always view session duration *split by country*.** Looking at any single metric (sessions, PV) without the geo filter lets the crawler army masquerade as success.
3. **Treat the first 30 days as a "noise phase."** Real numbers only appear after social funnels, SEO, and content depth all line up.

## Closing: Look at Your Own GA4 With This Lens

A new domain's GA4 lies for the first 1–2 weeks. If your country breakdown is full of zero-second sessions from the US, Eastern Europe, and Southeast Asia: that's the crawler parade, not humans falling in love with your content.

The procedure is simple: **beat with five signals → suspect bimodal distributions → swap the primary metric to Engaged Sessions**. Doing this saves you from being whipsawed by early data.

Doubting GA4 is, in the end, a discipline for not making expensive mistakes. Beat the data before the data beats you.

---

**This post is based on real data**

- Site: [kaoriq.com](https://kaoriq.com) (domain registered 2026-05-02, built with Astro v6 + Tailwind v4)
- Period analyzed: 2026-04-22 → 2026-05-05 (4 days of actual activity)
- Data source: GA4 Data API v1beta via Service Account
- Tooling: my own `harness-ops/tools/ga4/analyze.py` (open-sourcing soon)

---

# The og:type Bug Three of My Astro Sites Quietly Shipped

URL: https://kenimoto.dev/blog/og-type-double-emit-three-astro-sites/
Lang: en
Date: 2026-05-08
Description: I run four Astro sites. Three of them shipped the same SEO bug for months — every blog post told Twitter, Facebook, and LinkedIn it was a website, not an article. Here is what happened, why I did not catch it sooner, and the build-time check that would have caught it on day one.

I run four Astro sites. Three of them shipped the same SEO bug for months. Every blog post on those sites told Twitter, Facebook, and LinkedIn that it was a *website* — not an *article*.

Here is what happened, why I did not catch it sooner, and the one-line build check that would have caught it on day one.

## What "og:type" actually does

When you paste a URL into Twitter or LinkedIn, the platform fetches the page and reads the Open Graph meta tags to decide what card to show. The most consequential of those tags is `og:type`. It tells the platform whether the URL is a website, an article, a book, a video, or a profile.

Twitter shows different rich cards for `article` than for `website`. Facebook surfaces published date and author for `article`. LinkedIn formats the snippet differently. Search engines also consume `og:type` as a hint about content classification.

The contract is simple: emit it once per page, with the correct value for the page.

## The bug

In a typical Astro project, the meta tags live in a `BaseLayout.astro` that wraps every page. My `BaseLayout` had this line:

```astro
<meta property="og:type" content="website" />
```

That was correct for the home page, the about page, the blog index. Fine.

For blog posts I had a `BlogLayout.astro` that wrapped `BaseLayout` and added article-specific tags through Astro's named slot:

```astro
<BaseLayout {title} {description} {ogUrl}>
  <Fragment slot="head">
    <meta property="og:type" content="article" />
    <meta property="article:published_time" content={date.toISOString()} />
  </Fragment>
  <slot />
</BaseLayout>
```

Both pieces in isolation look right. The blog layout adds the `article` tag for blog posts. Run a blog post through the build and inspect the rendered HTML:

```html
<meta property="og:type" content="website" />
<!-- ...other meta from BaseLayout... -->
<meta property="og:type" content="article" />
<meta property="article:published_time" content="2026-04-30T00:00:00.000Z" />
```

Two `og:type` tags. The first one, `website`, is the one social platforms read. The article tag is silently ignored.

## Why this is invisible without checking

You will never see this bug in normal use:

- The page renders fine. Visitors do not notice.
- The build succeeds. No warnings.
- Astro does not flag duplicate meta tags. They are valid HTML.
- Open Graph parsers do not throw an error for duplicates -- they just take the first match.
- Even when you share the URL on Twitter, the card *kind of* works because the title, description, and image are still correct.

The only thing that breaks is the *type signal*. Your articles look like landing pages to every machine that consumes them, including Google's structured-data understanding.

I caught this on the third site only because I started running a small validation script during my SEO audit. The first two sites had been running for weeks.

## How three sites all got it

The mechanism is identical across the three repos. Two cooperating layouts each emit one `og:type`, neither one knows about the other, and the result is two emissions. Once you build a site this way, every variant you start later from the same template inherits the bug.

I copied the layout structure from `kenimoto.dev` to a PC selection site, then to a whisky media site, then to the LLMO Framework documentation site. The bug rode along every time.

The same shape shows up in other meta tags people layer the same way — `meta[name=description]`, `link[rel=canonical]`, `og:url`. Anywhere two layouts can both emit a tag that should appear once, this class of bug will eventually appear.

## The fix: lift `og:type` into a prop

The right shape is for `BaseLayout` to own `og:type` exclusively, with a default of `website` and a prop override for pages that need a different value.

`BaseLayout.astro`:

```astro
---
interface Props {
  title: string;
  description: string;
  ogUrl: string;
  ogType?: 'website' | 'article' | 'book' | 'profile' | 'video.other';
}

const { title, description, ogUrl, ogType = 'website' } = Astro.props;
---

<head>
  <title>{title}</title>
  <meta name="description" content={description} />
  <meta property="og:title" content={title} />
  <meta property="og:url" content={ogUrl} />
  <meta property="og:type" content={ogType} />
</head>
```

`BlogLayout.astro` then passes `ogType="article"` and removes its own emission:

```astro
---
import BaseLayout from './BaseLayout.astro';
const { title, description, canonicalUrl, date, tags } = Astro.props;
---

<BaseLayout
  title={title}
  description={description}
  ogUrl={canonicalUrl}
  ogType="article"
>
  <Fragment slot="head">
    <meta property="article:published_time" content={date.toISOString()} />
    {tags.map(tag => <meta property="article:tag" content={tag} />)}
  </Fragment>
  <slot />
</BaseLayout>
```

A `BookLayout.astro` does the same with `ogType="book"`.

Now `og:type` is emitted exactly once, and the value matches the page subject.

## The build-time check that would have caught it

After the fix I added a small script to the build pipeline that walks every generated HTML file in `dist/` and counts how many `og:type` tags each has.

```js
// scripts/verify-meta.mjs
import { readdir, readFile } from 'node:fs/promises';
import { join } from 'node:path';

async function* walk(dir) {
  for (const entry of await readdir(dir, { withFileTypes: true })) {
    const path = join(dir, entry.name);
    if (entry.isDirectory()) yield* walk(path);
    else if (entry.name.endsWith('.html')) yield path;
  }
}

const failures = [];
for await (const file of walk('dist')) {
  const html = await readFile(file, 'utf8');
  const count = (html.match(/property="og:type"/g) || []).length;
  if (count !== 1) failures.push(`${file}: ${count} og:type tags`);
}

if (failures.length > 0) {
  console.error('og:type duplication detected:');
  failures.forEach((f) => console.error('  ' + f));
  process.exit(1);
}
console.log('og:type check passed.');
```

Hook it into the build:

```json
{
  "scripts": {
    "build": "astro build && node scripts/verify-meta.mjs"
  }
}
```

This runs in well under a second on a 70-page site. If a future layout change re-introduces a second `og:type`, the build fails with the offending file paths. No more silent emissions.

You can extend the same idea to other meta tags that should appear exactly once: `title`, `meta[name=description]`, `link[rel=canonical]`, `meta[property="og:url"]`. Two-on-one duplication is a common shape for this class of bug.

## What I would do differently

A few things, looking back:

The bug existed because two layouts both *could* emit `og:type`. The convention should be that exactly one layer in the stack owns each meta tag. Lift each tag to the layer that knows the right value, and forbid the lower layers from touching it. In Astro that means BaseLayout takes a typed prop, and there is no override path through the `head` slot for that specific tag.

I should have written the build check at the same time as the layout, not weeks later as part of an audit. Verifying that *N* of something appears in the output is a tiny script. Doing it later means living with whatever drift accumulated in between.

Sharing layout code between sites was the right call. Sharing the bug across sites was the cost. Centralized templates work for me only if I have automated checks that run on every site that uses them — otherwise the next site I spin up inherits whatever defects are sitting in the template.

## What to do next

If you have an Astro site (or any SSG site with layered layouts), run this in your `dist/` after your next build:

```bash
grep -c 'property="og:type"' dist/blog/*/index.html | grep -v ':1$'
```

Anything that comes back is a page emitting two or more `og:type` tags. If the list is empty, you are clean. If not, you just found three sites' worth of silent SEO drift in your own repo.

The pattern this article describes — one layer owns each meta tag, and a build-time count check enforces it — is part of what I think of as *Structural Formatting* in the [LLMO Framework](https://llmoframework.com/framework/structural-formatting/): not just emitting JSON-LD and meta, but *verifying* that what you emitted is what actually shows up in the served HTML.

Until you measure the output, you do not know what you ship.

---

# OpenClaw Hit 250K Stars Faster Than React. I Spent a Day Switching From Claude Code

URL: https://kenimoto.dev/blog/openclaw-vs-claude-code-24h/
Lang: en
Date: 2026-05-10
Description: OpenClaw passed 250K GitHub stars in 60 days. I spent 24 hours moving my dev setup off Claude Code to find out what actually breaks. SOUL.md, Gateway, ClawHub, and a quiet 3pm where I almost gave up.

I switched my entire dev setup from Claude Code to OpenClaw on a Tuesday morning. By 11am I was googling "how to remove openclaw". By 6pm I had written a SOUL.md file longer than the actual feature I was shipping.

This post is about that day. About what broke, what didn't, and what 24 hours of working in the terminal agent that is now technically the most-starred open-source project in GitHub history bought me.

Yes, I am the engineer who [wrote about Claude Code Skills three weeks ago](/blog/claude-code-skills-reusable-workflow-pattern/) and called the workflow pattern "settled for at least a year". Then OpenClaw passed React's all-time star count in 60 days, Peter Steinberger announced he was joining OpenAI to ship agents to everyone, and the launch tweet went past 4 million views. Settled, apparently, was a one-month forecast.

## The numbers I had to verify before believing them

Let me get the facts out of the way, because half of what people quote on Twitter about OpenClaw is wrong by a factor of two.

- OpenClaw crossed 250,000 GitHub stars on March 3, 2026, surpassing React for the all-time most-starred software repository
- 60 days from launch to 250K. React took roughly a decade
- 60K stars in the first 72 hours. That part is the one nobody actually believes the first time
- Peter Steinberger announced on February 14, 2026 that he is joining OpenAI to work on agents, with OpenClaw moving to a foundation to stay open and independent
- One mid-sized refactor session in my test run consumed 920K tokens, which on Claude 4.5 Sonnet billing came out to about USD 8.30

The Hacker News thread when it crossed React was the most upvoted submission of the week. The top comment was "this is either the best thing that happened to dev tools in five years or the most expensive way to learn what `--yolo` does".

It is, somehow, both.

## The setup, and the part I underestimated

Installation took less than a minute.

```bash
curl -fsSL https://get.openclaw.dev | sh
export ANTHROPIC_API_KEY=sk-ant-...
openclaw
```

The first surprise: OpenClaw asked me which model I wanted as default. I had four serious choices, plus Ollama for local models.

```bash
openclaw --model claude-4.5-sonnet
openclaw --model gpt-4o
openclaw --model gemini-2.5-pro
openclaw --model ollama/devstral:24b
```

Claude Code has a backend model. OpenClaw has a backend model dropdown. That is not a small UX difference when you are trying to land a refactor for less than ten dollars.

The second surprise: when I ran my first command, the agent asked me where the SOUL.md file was. I did not have one. It happily generated a default. The default was generic enough that I closed the session, opened my editor, and started writing my own. That is when the day quietly stopped being a benchmark and started being a personality test.

## SOUL.md is the part nobody warned me about

Here is the SOUL.md I ended the day with, after rewriting it three times.

```markdown
# SOUL.md
You are a senior backend engineer with strong opinions and short patience for code
that talks more than it does.

- Prefer Python over TypeScript when both fit. We're not building a frontend here.
- Never add a feature without a test. If the test would take more than 10 minutes
  to write, ask first instead of writing it.
- Performance matters but readability matters more. We're a four-person team, not
  Google.
- Do not write conversational filler. "Sure, I'll do that" is not output. Output
  is the diff.
- When in doubt, ask. Don't guess. Guessing once cost us a weekend.
```

The thing the docs do not tell you: SOUL.md is not a config file. It is a contract. CLAUDE.md tells Claude Code what the project is. SOUL.md tells OpenClaw who the agent is. They are two different shapes of the same trust problem, and the day I figured that out was the day OpenClaw stopped feeling worse than Claude Code and started feeling different.

I had a Claude Code session open in another window all day for a sanity check. By 4pm I noticed my CLAUDE.md was 312 lines and my SOUL.md was 14. The SOUL.md was doing more work per line.

## The Gateway, and why my LGPD-anxious teammate cared

OpenClaw routes every LLM call through a local process called the Gateway.


The Gateway sits on your machine. Your prompts and code do not pass through an OpenClaw-operated cloud relay on the way to Anthropic, OpenAI, or whoever. They go straight from your laptop to the model provider you picked.

Claude Code does not have an equivalent intermediary, but it also does not need one because Anthropic is the only provider. The moment you have multi-provider support, you either need a relay (vendor lock-in risk) or a local gateway (the OpenClaw choice).

A teammate of mine who lives in Brazil and spends meaningful time worrying about LGPD compliance pinged me at lunch to ask what the network diagram looked like. He liked what I sent him. That conversation alone might be worth the day.

## ClawHub vs Claude Code Skills

Claude Code Skills are markdown files plus optional resources, distributed however you distribute markdown. ClawHub is an npm-style package marketplace for OpenClaw skills.

```bash
openclaw skills search "docker"
openclaw skills install @clawhub/docker-manager
openclaw skills list
```

ClawHub had several thousand skills the day I tried it. The numbers Steinberger throws around at conferences are higher and probably accurate, but the count moves fast enough that any specific figure is wrong by the time you publish it.

Two real differences I felt:

1. ClawHub skills are JavaScript. They run in a sandbox but can request shell exec privileges. That makes them more capable than Claude Code Skills and more dangerous. The ClawHavoc incident in March of 2026 saw 341 malicious skills caught, which is a real cost of an open marketplace
2. Claude Code Skills are simpler to author. I wrote a Skill in 20 minutes my first time. The equivalent ClawHub skill took me about 90 minutes because I had to learn the SDK conventions

If you are an individual developer wanting to share a workflow, Skills are easier. If you are a team wanting a versioned, packaged, audited tool, ClawHub is better. They are not competing for the same problem.

## The 3pm moment where I almost stopped

I asked OpenClaw to update some Python 3.8 code to 3.11 across a small repo, run the test suite, and report back.

It did. The session ate 920K tokens, took about 14 minutes, found three places where my colleague had used the walrus operator wrong, and quietly fixed them. I checked the diff. It was right.

Claude Code does the same thing. I have run the same prompt against it many times.

The difference was not the output. The difference was that Claude Code is in my muscle memory. I have typed `claude` three times a day for a year. When I typed `openclaw` and waited the extra 1.2 seconds for the cold start, my fingers reached for `claude` instead. Three times.

That is the part nobody writes about. Switching costs are not just config. They are reflexes. By 3pm I had written half a SOUL.md, almost given up, made coffee, and come back. By 6pm I was OK again.

## What I would actually use each one for

I built this matrix during the second coffee.

| Decision | OpenClaw | Claude Code |
|---|---|---|
| Locked into Anthropic models? | No, multi-provider | Yes, Anthropic only |
| Local model option | Ollama | None official |
| Skill distribution | ClawHub package marketplace | Markdown files |
| Personality file | SOUL.md (who is the agent) | CLAUDE.md (what is the project) |
| Network architecture | Local Gateway, no relay | Direct to Anthropic |
| Maturity | 60 days old, foundation forming | 18 months, Anthropic-stable |
| Best at | Multi-model teams, regulated environments | Anthropic-first dev shops, simplicity |

If your team is Anthropic-only and your CLAUDE.md is already 200 lines, do not switch. Claude Code is fine. The Skills you wrote are still fine. The pattern works.

If your team is multi-provider, or your compliance team has questions about where prompts travel, or you want a backend model dropdown, OpenClaw is worth a Tuesday.

I am still on Claude Code as my default. I have OpenClaw aliased to a separate command for the cases where I want to try a different model on the same prompt without paying for two SaaS subscriptions worth of context.

## Where this goes next

OpenClaw moving to a foundation while Steinberger joins OpenAI is the part I am watching most closely. Foundations are how open-source projects survive their founders. They are also how projects ossify. The first six months of governance under the OpenClaw Foundation will tell you whether the project is going to be Linux or Helm.

If you used to argue [Claude Code vs Codex](/blog/claude-code-vs-chatgpt-codex-official-agents/) was a binary, OpenClaw is the answer that was supposed to be impossible: a third option that is not produced by an LLM lab. The economics of that are interesting. The next twelve months are going to teach us whether neutral, cross-provider, foundation-governed AI tooling is sustainable, or whether it gets quietly absorbed.

I am betting on sustainable. I have also been wrong about agents in roughly all of the previous quarters, so adjust accordingly.

## What this all costs to know

If you take one thing from my Tuesday, take this. OpenClaw and Claude Code are not competitors. They are two answers to the same question: what should the AI inside your terminal be allowed to do without asking you first? SOUL.md and CLAUDE.md are different shapes of the same trust contract. The team that wrote each chose differently because they had different assumptions about who was sitting in front of the screen.

The right tool is the one whose assumptions match yours. Pick on assumptions, not stars.

If you want to go deeper on Claude Code itself, including the parts I did not change in my SOUL.md but kept in my CLAUDE.md, the practitioner reference I keep going back to is here:

[Claude Code Mastery: A Practitioner's Reference](https://kenimoto.dev/books/claude-code-mastery)

It covers Skills, hooks, sub-agents, and the CLAUDE.md three-tier pattern that I still use as my default contract regardless of which terminal agent I am running today.

## Related reading

- [Claude Code Skills: A Reusable Workflow Pattern](/blog/claude-code-skills-reusable-workflow-pattern/) — the original Skills piece this article assumes you have read
- [Claude Code vs ChatGPT Codex: Two Official Agents](/blog/claude-code-vs-chatgpt-codex-official-agents/) — when this was a two-horse race
- [Autonomous Agent for 24 Hours: Security Lessons](/blog/autonomous-agent-24-hours-security-lessons/) — what I learned letting an agent run unsupervised
- [I Refused to Write Specs Until Claude Code Generated Wrong Code Three Times](/blog/spec-driven-development-claude-code-three-failures/) — the spec-first piece from yesterday

---

# Your Page Rank Is Invisible to AI — Only Your Passages Get Cited

URL: https://kenimoto.dev/blog/passage-rank-beats-page-rank-ai-citations/
Lang: en
Date: 2026-06-01
Description: AI search doesn't cite pages, it cites passages. Here's how I rewrote my own posts as snappable, citation-ready passages — and the four-layer structure I now use for every article.

I spent two years chasing page-one rankings. Then I watched an AI assistant cite a post of mine that was sitting on page three of Google, and ignore the post that was ranking number one for the exact same query. That stung. It also told me everything I'd been optimizing for was aimed at the wrong unit.

Here's the thing nobody told me clearly enough: **AI search doesn't cite pages. It cites passages.**

## The unit changed and nobody sent a memo

Classic SEO has one atomic unit — the page. You rank a URL, the whole URL goes up or down, and your job is to drag that URL toward the top. Simple mental model, even if the work is brutal.

AI search quietly threw that model out. When ChatGPT Search, Perplexity, or Google's AI Overviews answer a question, they don't hand the user a list of ten blue links. They assemble an answer, and they pull the building blocks of that answer from specific paragraphs — passages — scattered across many sources.

This is why my page-three post got cited. One paragraph in it answered the user's sub-question cleanly. The number-one page didn't have a paragraph like that; it had 2,000 words of warm-up before it said anything quotable. Google rewarded the marathon. The AI wanted a single clean sentence, and my also-ran had one.

Research keeps backing this up: a large share of AI Overview citations come from sources that aren't in the top ten organic results at all. Your page rank and your citation odds are only loosely related. So if you're still optimizing the page as a monolith, you're polishing a unit the AI never looks at.

## What "snappable" actually means

A snappable passage is one an AI can lift out, drop into an answer, and have it still make sense with zero surrounding context. That last part is the whole game.

Test it yourself. Take any paragraph from your latest post, paste it into a blank document, and read it cold. Does it stand on its own? Or does it lean on the three paragraphs above it with words like "this," "therefore," and "as mentioned"? If it can't survive being copy-pasted out of context, an AI won't lift it — because the AI is, functionally, copy-pasting it out of context.

Most of my old writing failed this test spectacularly. Every paragraph was a passenger on the paragraph before it. Great for a human reading top to bottom. Useless for a machine grabbing one row out of the middle.

## The four-layer structure I now write to

After the page-three humiliation, I rebuilt how I draft. I think about content in four layers now, smallest to largest:


**Atomic — one self-contained fact.** A single sentence that states something true and citable without any setup. "TypeScript was released by Microsoft in 2012." Not "our solution has helped many teams." The AI wants facts it can stand behind, and vague reassurance isn't a fact.

**Mini — one idea in two or three sentences.** Enough to define a concept and its consequence, no more. This is the unit AI assistants quote most often in my experience, because it's a complete thought that still fits in an answer box.

**Section — a heading plus its passages.** The heading is doing retrieval work, not decoration. Write headings as the questions your reader actually types, and you've handed the AI a labeled drawer to reach into.

**Cluster — related pages that own a topic.** No single page covers a domain. A set of tightly linked pages signals that you're a source worth citing repeatedly, not a one-off.

The shift in practice is small but relentless: I stopped writing paragraphs that depend on their neighbors, and started writing paragraphs that could be kidnapped.

## Answer first, throat-clearing never

The other habit I had to kill was the warm-up. I used to open every section with context, build tension, and reveal the answer at the end like a magician. AI search hates magicians. It wants the rabbit on the table in sentence one.

So I flipped to answer-first — close to old-school PREP (Point, Reason, Example, Point). State the conclusion, then justify it. If someone asks "should I use passage optimization," the first sentence is "Yes, because AI cites paragraphs, not pages," and the explanation follows. The AI can grab that opener and move on; the human who wants depth keeps reading. Everybody wins, and nobody waits for the reveal.

Question-and-answer blocks work even harder. A literal question as a heading, followed by a tight two-sentence answer, is about the most liftable structure there is. It mirrors exactly what the user asked the AI, so the match is almost too easy.

## Numbers are bait, and AI bites

Here's a pattern I noticed and then found research for: passages with concrete numbers get cited far more than passages with adjectives. The Princeton-led study on generative engine optimization found that adding statistics, citations, and quotations lifted a source's visibility in AI answers by up to **40%**. That's not a rounding error. That's the difference between being the cited source and being the source nobody saw.

So I went back through my drafts and turned soft claims into hard ones. "Schema markup can meaningfully boost AI visibility" became a specific case: Sharp HealthCare reported an **843% increase in AI-driven clicks** over nine months after a structured-data overhaul. One of those sentences is forgettable. The other is a quote waiting to happen.

The chapter I pulled this framework from cites more in the same direction — meaningful citation lifts from optimizing for sub-queries and from adding statistics to otherwise-plain passages. I'd treat the exact percentages as directional rather than gospel, since methodologies vary, but the direction is consistent everywhere I've looked: specificity gets cited, vagueness gets skipped.

## Structured data is the passage's name tag

Passages get you cited; structured data makes you legible. Schema markup (JSON-LD) tells the machine what each chunk of your page actually *is* — this is a question, this is its answer, this is the author, this is the publish date. Perplexity's own behavior shows a visibility bump for content with clean structured data, and Brave's LLM-context tooling can extract down to the table-row level when the markup is there to guide it.

Think of it this way: a great passage with no schema is a brilliant answer written on an unlabeled scrap of paper. The schema is the label that lets the machine file it correctly and find it again.

## Freshness is a passage property too

One more lever I underrated: recency. AI systems lean toward fresh sources, and the gap is bigger than I expected — citation frequency can differ by tens of percent between content updated hours ago versus content a month stale. Adobe's guidance lands around refreshing key content every few weeks. So now I don't just write a passage and abandon it. I revisit the high-value ones, update the numbers, and bump the date. A passage isn't a monument; it's a houseplant.

## What I actually do now

When I draft a post today, the checklist is short and a little ruthless:

- Can each paragraph be lifted out and still make sense? If no, rewrite it.
- Does every section lead with its answer? If no, move the answer up.
- Are the claims specific and numbered? If no, find the number.
- Is the structure machine-legible via schema? If no, add it.
- Are the high-value passages fresh? If no, update them.

I still care about traditional rankings — they haven't vanished. But I stopped treating the page as the thing I'm optimizing. The page is just a container. The passages are the product. And the day I started writing for the paragraph instead of the URL was the day AI assistants started quoting me back to people I'll never meet.

For a fuller breakdown of AI-extractable content structure, the [llmoframework.com](https://llmoframework.com) content-design notes cover the passage and structured-data layers in more depth — I keep the canonical version of this thinking there and here.

If you want the full system — the four layers, the structured-data patterns, and the measurement loop behind all of this — I wrote it up in [LLMO: AI Search Optimization](https://kenimoto.dev/books/llmo-ai-search-optimization).

---

# Perplexity Citations Exploded After I Changed 3 Things. Only 1 Was Schema.

URL: https://kenimoto.dev/blog/perplexity-3-changes-1-schema/
Lang: en
Date: 2026-06-09
Description: I made three changes to my blog and watched my Perplexity citations roughly triple over six weeks. Everyone assumes the win was structured data. It wasn't even close. Here's what actually moved the needle on one engine.

For about a year I have been the guy who tells people structured data is the secret to getting cited by AI. I have written JSON-LD into more `<head>` tags than I have written thank-you notes, which is its own small tragedy. So when I decided to actually run an experiment on a single engine instead of waving my hands at "AI search" in general, I assumed the verdict would confirm the sermon I had been preaching. Schema wins. Roll credits.

I picked Perplexity because it is the one engine where I can actually see the scoreboard. Every answer comes with numbered citations, so I am not guessing whether I got pulled into a model's training soup. Either my URL has a little number next to it or it doesn't. I changed three things over six weeks, kept a weekly log, and waited. My citation rate roughly tripled. And the change I was most proud of, the schema, turned out to be the one I could have skipped and barely noticed.


## What I actually changed, and how I measured it

Let me be precise about the setup, because "my citations tripled" is the kind of sentence that should make you suspicious. It makes me suspicious and I ran the thing.

I had a cluster of eight articles on overlapping topics. I built a set of 25 Perplexity prompts that a real person might type to land on those pages, ran each prompt three times a week, and counted how many returned one of my eight URLs as a clickable citation. Baseline, before I touched anything, was a sad and steady 6 to 8 citations per weekly run. Not zero, but the kind of number you don't put on a slide.

Then I made three changes, staggered so I could see which one moved what:

1. **Answer-first structure.** I rewrote the opening of every section so the first 40-ish words were a complete, standalone answer to the question in the heading. No throat-clearing, no "in this section we'll explore."
2. **Brand and entity consistency.** I made "ken imoto" and "kenimoto.dev" identical everywhere: author bylines, my about page, my llms.txt, the bios on the three other sites where I show up. Same name, same spelling, same one-line description of what I do.
3. **Schema.** I added clean `TechArticle` and `FAQPage` JSON-LD to every page, server-rendered so the crawler actually sees it. The thing I had been telling everyone to do.

By week six the same 25-prompt run was returning 19 to 23 citations. Call it a 3x. The whole point of staggering the changes was to find out which of the three I should send a fruit basket to. It was not the one I expected.

## The schema did something. It just did the least

Here is the deflating part, and I am going to be honest because the smug version of this post would pretend I planned it.

I shipped the schema first, in week one, because it was the change I believed in and the one I knew how to do in my sleep. Two weeks of clean JSON-LD on every page moved my weekly citation count from about 7 to about 9. A real bump. Not nothing. If you had stopped me there I would have written a triumphant post titled "I Added Schema and My Perplexity Citations Went Up 30%" and you would have clapped politely.

But 7 to 9 was the smallest of the three jumps by a wide margin, and it is roughly what the research would predict. When people put numbers on it, structured data lands somewhere around a [10% slice of Perplexity's citation weighting](https://www.stackmatix.com/blog/perplexity-ai-optimization-strategy), and Perplexity's own February 2026 publisher guidance reportedly described schema as lifting [citation weight by about 23%](https://www.successtechservices.com/perplexity-ai-optimization/) rather than multiplying it. Those are real numbers. They are also a tax rebate, not a lottery ticket. Schema makes a page Perplexity already likes a little easier to parse. It does not turn an invisible page into a cited one.

I had been selling a tax rebate as a jackpot. For a year. To anyone who would listen.

## Change #1 that actually mattered: answer-first structure

The biggest single jump came from the answer-first rewrite, and it was almost embarrassingly mechanical.

Perplexity does not cite pages. It cites passages. Underneath the friendly interface, its pipeline is a [multi-stage reranker](https://ziptie.dev/blog/how-perplexity-ai-answers-work/): a first-pass retrieval, then a cross-encoder that reads your candidate passage against the user's actual question, then a final rerank that folds in entity and authority signals. The page that wins is the one with a chunk of text that reads like a finished answer sitting right where the model expects to find it.

When my sections opened with "In this part, let's look at how llms.txt fits into the bigger picture," the model had to dig for the answer, and digging is exactly the work it is trying to avoid. When I changed that to a flat, self-contained "llms.txt is a Markdown file at your site root that tells LLMs which pages matter most," the model could lift the sentence whole and drop it into an answer with my number attached.

This matches what everyone measuring Perplexity keeps landing on. The common finding is that something like [90% of winning citations put a direct answer in the first 100 words](https://authoritytech.io/blog/how-to-get-cited-in-perplexity-ai-2026), and that the move with the highest leverage is opening each section with a 40-to-60-word answer before you expand. In my log, the answer-first rewrite alone took me from roughly 9 to roughly 15 citations a week. That is the one I would send the fruit basket to.

I want to flag the honest caveat here, because Perplexity's internals shift and I am one blog, not a lab. My weekly numbers wobble by two or three citations from run to run on identical prompts, so treat my "9 to 15" as a direction with a thick margin, not a measurement you could publish. The shape held across six weeks, which is the only reason I trust it at all.

## Change #2 that mattered more than schema: being the same "me" everywhere

The second-biggest jump was the weirdest one to accept, because it had nothing to do with my content and everything to do with my name.

That final reranker leans on entity and authority signals, which is a technical way of saying the model needs to be confident it knows who you are before it stakes an answer on you. If your byline says "Ken Imoto" on one site, "ken imoto" on another, and "K. Imoto, WebRTC Engineer" on a third, you are not one trusted source. You are three half-confident strangers who happen to write similarly. The data backs the boring version of this: Perplexity hands out about [1.26 citations per brand mention](https://www.stackmatix.com/blog/perplexity-ai-optimization-strategy), more than ChatGPT, and a name that shows up consistently across several independent sources gets cited far more reliably than one that only appears on its own domain.

So I did the least glamorous SEO work imaginable. I made my name byte-for-byte identical across my blog, my about page, my llms.txt, and three external profiles. Same spelling, same "WebRTC and Voice AI engineer" tag, same links pointing back to the same canonical home. It felt like updating my business cards. It was not a content strategy. It was a consistency chore.

It took my weekly citation count from about 15 to about 21. The chore beat the schema. The thing I did while mildly bored beat the thing I had built my professional identity around.

If you want the conceptual map for why this works, the [LLMO Framework](https://llmoframework.com/) splits the work into Retrieval Signals (can the engine find and parse you) and Authority Signals (does the engine trust you enough to stake an answer on you). Schema lives in Retrieval, which is the cheap, mechanical layer. Entity consistency lives in Authority, which is the layer that actually decides whether your number shows up. I had spent a year polishing the Retrieval layer and almost completely ignoring the one above it.

## The factor I didn't change, but should mention

There is a fourth thing in the room that I deliberately did not touch, and it would be dishonest to leave it out: freshness.

Perplexity is brutally biased toward recent content. One analysis of a couple hundred thousand pages put [temporal freshness at around 44% of the selection weighting](https://authoritytech.io/blog/content-freshness-seo-ai-2026), and reported that pages under 30 days old pull several times the citations of older ones. I did not run a freshness experiment here, because I had just spent nine weeks watching my citations decay with age in a separate test and I did not want to confound the two. But I will say this plainly: if freshness is genuinely 44% of the decision, it likely outweighs all three of my changes combined, and the only reason it didn't dominate this experiment is that all eight test pages were already reasonably recent. Freshness was a constant, not a variable. Do not read my "schema is small" conclusion as "freshness is small." They are not the same claim.

## What I'm telling people now

Three things rearranged in my head, and one of them was uncomfortable.

**Schema is table stakes, not a strategy.** Add it. Server-render it. Then stop talking about it like it's the main event. It is the tax rebate. It makes a page the engine already likes slightly easier to read. If your pages aren't getting cited at all, no amount of perfect JSON-LD is going to fix that, because the problem is upstream of parsing.

**Answer-first is the cheapest high-leverage move there is.** Rewriting the first sentence of every section to be a standalone answer cost me a few hours and was the single biggest jump in my whole experiment. It requires no new tooling, no schema validator, no framework. Just the discipline to put the answer first and your throat-clearing in the trash.

**Authority is mostly consistency, and consistency is boring.** The reason my name now gets cited is not that I wrote anything brilliant. It's that "ken imoto" means exactly one thing across every place a crawler can find me. That is unglamorous, it is a chore, and it beat the part of my work I was proudest of. I have made my peace with this. Mostly.

I am still pro-schema. I will still put JSON-LD in every `<head>`. I have just stopped pretending it is the lever. The lever was a 40-word sentence and a consistent byline, and I spent a year admiring the rebate instead of pulling it.

---

If you want the implementation loop behind all three changes, the answer-first section template, the entity-consistency checklist, and the JSON-LD I server-render, chapter 2 of [LLMO Quickstart](https://kenimoto.dev/books/llmo-quickstart?utm_source=kenimoto-dev-blog&utm_medium=article&utm_campaign=perplexity-3-changes-1-schema) walks through the whole thing in about an hour of work. This post is what happened when I ran that loop against one engine and actually kept score.

---

# AI Search Splits Your One Question Into Six. My Pages Answered None of Them.

URL: https://kenimoto.dev/blog/query-fanout-ai-citations/
Lang: en
Date: 2026-06-06
Description: Query fan-out means an AI breaks a single question into a handful of sub-queries before it answers. Pages that rank for those sub-queries get cited 161% more often. Here is how I rebuilt my sections to actually answer them.

I spent a year writing pages that answered exactly the question in the title, and then wondered why the AI never quoted me.

Here is the thing nobody told me: when you ask an AI a real question, it does not go looking for "the page about X." It quietly rewrites your one question into a fistful of smaller ones, searches all of them at once, and stitches the answers back together. This is called query fan-out, and once I understood it, my old pages looked like a student who studied for the wrong exam. Confidently. In detail. For the wrong test.

This is not another "make your content AI-friendly" listicle. I want to dig into one single technique: how to answer the sub-queries that fan-out generates, with section structure, and why that one move moved my citation rate more than anything else I tried.

## What is query fan-out?

Query fan-out is when an AI search engine breaks your single question into 8 to 12 parallel sub-queries, searches each one, and synthesizes a single answer from the results. Google confirmed the mechanism at I/O 2025, and since January 22, 2026, Gemini 3 has been the model running it inside AI Mode.

The decomposition step is the part worth understanding. The model parses your prompt into entities, constraints, and time references, then writes a sub-prompt for each piece. Ask "Is Next.js or Nuxt better for a small team in 2026?" and it does not run that string. It runs something closer to this:

- "Next.js pros and cons 2026"
- "Nuxt pros and cons 2026"
- "Next.js vs Nuxt performance benchmark"
- "Next.js learning curve small team"
- "Nuxt TypeScript support"
- "Next.js vs Nuxt hosting cost"

Six searches from one question. Then it grades the passages it pulls back and builds an answer. Your page never needed to "rank for Next.js vs Nuxt." It needed to be the best passage for one of those six side doors.


## Why does fan-out coverage matter for citations?

Pages that also rank for fan-out queries are 161% more likely to be cited in Google's AI Overviews. That number comes from a Surfer SEO study published in December 2025, which found a Spearman correlation of 0.77 between fan-out coverage and AIO citations: a strong, boring, reliable relationship.

The detail that reframed everything for me was this: 51.2% of AI Overview citations ranked for both the main query and at least one fan-out query. Not the main query alone. The cited pages were the ones that happened to answer a side question too. My single-purpose pages were structurally incapable of doing that, no matter how good the prose was.

So the goal stops being "rank for my keyword" and becomes "cover the cluster of questions the AI is about to invent." Same topic, wider net.

## How do I structure sections to answer sub-queries?

Make each H2 a specific question and answer it in the first sentence. That is the whole technique, and it is almost insultingly simple to write down and surprisingly hard to do consistently.

The pattern I now use for every section:

1. **H2 = a likely sub-query**, phrased the way a person would ask it. Not "Performance" but "Is Next.js faster than Nuxt?"
2. **First 40 to 60 characters = the answer.** Lead with the conclusion so a passage extractor can lift it whole.
3. **Then the evidence.** Numbers, a source, a caveat. This is where the page earns trust.
4. **Self-contained.** No "as I mentioned above." The AI grabs passages out of order, so a section that leans on context above it is a section that gets dropped.

That last rule is the one I keep breaking. Writers love callbacks. AI extractors treat a callback like a sentence with a missing puzzle piece, so they leave it on the table. Every "as we saw earlier" is a tiny act of self-sabotage.


## How do I predict the sub-queries before I write?

List the entities, constraints, and comparisons in your topic, then turn each into a question. Fan-out decomposes along exactly those axes, so if you map them first, you are designing against the same skeleton the model uses.

For a "Next.js vs Nuxt" page, the axes are the two entities (Next, Nuxt) crossed with the constraints a reader actually carries: performance, learning curve, hosting cost, team size, TypeScript, ecosystem. Each cell is a section. Each section is a self-contained answer. You are not guessing; you are reverse-engineering the decomposition.

If you would rather not do this by hand, there is a structured way to think about it. I leaned on the [LLMO Framework](https://llmoframework.com)'s query decomposition model, which lays out the sub-query expansion patterns and a topic-cluster template, when I was rebuilding my own pages. It turned "intuitively scatter some H2s" into something closer to a checklist, which is the only form in which I reliably follow my own advice.

The cluster idea matters here. A single page can hold maybe six to eight self-contained sections before it sprawls. Past that, you split into a pillar page plus cluster pages, each owning a slice of the fan-out, internally linked. The AI reassembles your cluster the same way it reassembles six search results: one coherent answer from many small, citable pieces.

## What does this look like in practice?

Here is the before and after of one of my own sections, lightly disguised.

Before, written for a human skimming top to bottom:

> Performance is obviously a key consideration, and as we touched on earlier, both frameworks have made significant strides here. Ultimately it depends on your use case.

That answers nothing. It ranks for nothing. An extractor reads it and moves on, and honestly, so would I.

After, written for fan-out:

> **Is Next.js faster than Nuxt?** For server-rendered pages, the two are within a few milliseconds of each other on equivalent hardware. Next.js pulls ahead on large static sites because of its more mature partial-prerendering pipeline; Nuxt closes the gap on smaller apps. Benchmark your own routes before deciding: framework-level differences are usually smaller than your data-fetching choices.

Same knowledge. The difference is that the second version answers a question someone actually fanned out, in the first sentence, without depending on a single word above it. That is the entire game.

## The part where I admit the catch

None of this works if the underlying section is empty. Fan-out coverage gets your passage considered; it does not get it chosen. I went through a phase of bolting question-shaped H2s onto thin paragraphs and got exactly what I deserved, which was nothing. The structure is a delivery mechanism for a real answer, and a beautifully addressed envelope with no letter inside still goes in the bin.

So the honest version of the advice is two-handed. Map the fan-out so the AI can find your passage. Then put something in the passage worth finding: a number, a benchmark you actually ran, a caveat that only someone who did the work would know. Structure is what makes you eligible. Substance is what makes you cited.

I rewrote about thirty sections this way over a couple of weekends. Not a heroic effort, just tedious. The citations did not explode overnight, but they showed up, on the side doors, for questions I never put in a title. Which, it turns out, is where the AI was knocking the whole time.

---

If you want the full version of this: the structured-data layer, the measurement setup, and the case studies behind the 161% number, I wrote a book on it.

[LLMO: AI Search Optimization](https://kenimoto.dev/books/llmo-ai-search-optimization?utm_source=kenimoto-dev-blog&utm_medium=article&utm_campaign=query-fanout-ai-citations)

---

# I Plugged the Same Site Into 7 AI-Citation Trackers. They Reported 7 Different Numbers.

URL: https://kenimoto.dev/blog/seven-ai-citation-trackers-seven-different-numbers/
Lang: en
Date: 2026-05-18
Description: I gave kenimoto.dev to seven AI citation tracking platforms over 15 days. The smallest number was 38. The biggest was 312. Same site, same window, same brand. Here is why the spread happens, and which tracker I would actually pay for.

I expected the seven citation trackers to vary by maybe 20%. The smallest gap was 4x. The widest was 8x. Same site, same fifteen days, same twelve brand queries.

Spoiler: my favorite tracker ended up being the cheapest one. Not because it was the most accurate. Because it was the most honest about what it was actually counting.


## The setup

I run kenimoto.dev in four languages and have been trying to figure out, for months now, whether AI search actually sees my site. Free trials and starter plans on the major AI citation trackers were piling up in my email. So I decided to run them all at once on the same input and compare.

The rules I set for myself:

- One site: `kenimoto.dev` (including `/ja/`, `/pt/`, `/es/`).
- One window: May 1 through May 15, 2026. Fifteen days.
- Twelve brand queries, written once, shared with every tool. Things like "best Claude Code subagent setup", "how to measure LLM citations", "voice AI stack under 300ms latency". All queries my content already targets.
- Five LLMs of interest: ChatGPT, Claude, Gemini, Perplexity, Copilot. Not every tool covers all five, and that turned out to matter.

I picked seven tools. Six commercial, one I wrote myself in an afternoon. I wanted exactly seven so the headline would write itself, but also because seven is roughly the number of trackers a normal LLMO team would shortlist before buying.

The seven:

1. **Profound** ($499/mo lite tier, enterprise-focused, SOC 2 / HIPAA)
2. **Peec AI** (€89/mo, Berlin, multilingual focus, 115+ languages)
3. **Otterly AI** ($29/mo, cheapest of the lot, Semrush integration)
4. **Bluefish AI** (enterprise quote-only, Fortune 500 angle)
5. **Scrunch** (mid-tier visibility tracker)
6. **Semrush AI Toolkit** (bundled inside their SEO suite)
7. **My own Python script** (uses the OpenAI, Anthropic, Perplexity APIs, ~$8/mo in calls)

I plugged kenimoto.dev into each, set up the same twelve queries where the UI let me, waited the 15 days, then exported the citation count.

## The numbers

Here is what each tool told me about the same site over the same fifteen days:

| Tool                 | Citations | Spread vs lowest |
| -------------------- | --------- | ---------------- |
| Otterly AI           | 38        | 1.0x             |
| Self-built Python    | 54        | 1.4x             |
| Semrush AI Toolkit   | 71        | 1.9x             |
| Bluefish AI          | 89        | 2.3x             |
| Profound             | 147       | 3.9x             |
| Scrunch              | 203       | 5.3x             |
| Peec AI              | 312       | 8.2x             |

The gap between the smallest and the largest is 8.2x. Not "rounded differently." Not "off by a confidence interval." Eight times.

I sat there at first thinking I had misread the export. Then I went and looked at each tool's docs on what "citation" actually means. That is where the answer was hiding.

## Why the seven numbers diverge

Once I read each vendor's docs side by side, the gap stopped being a mystery and started being a definition problem. There are four axes the numbers vary on.

### 1. What counts as a "citation"

This is the big one. Every tool is counting a different thing and calling it the same word.

- **Profound** counts a citation only when the LLM answer includes a clickable source link pointing at your domain. Strict and useful for attribution. Misses any mention where the LLM just talks about your brand without linking.
- **Peec AI** counts any mention of your brand name in the answer text, link or no link. So if Perplexity says "Ken Imoto wrote a useful guide on voice AI," that is a citation, even with no link. This is why their number is the biggest.
- **Otterly AI** counts a cited URL in the answer, similar to Profound, but also de-duplicates per-query per-day, which crushes the number down.
- **Bluefish AI** is doing a share-of-voice calculation against competitors, so its "citations" number is closer to a rank than a count.
- **Scrunch** counts both brand mentions and source links, no dedup, which puts it in the middle-high range.
- **Semrush** only counts when your domain appears in the URL field of the structured answer, which is the strictest interpretation.
- **My Python script** counts whatever I tell it to count, which today is "the brand string appears in the answer text, deduped per query, three samples averaged."

If you take any two of those definitions, they will not agree. That is not a vendor flaw. That is the field not having a shared definition yet.

### 2. Which LLMs they sample

No tool covers all five LLMs I cared about.

| Tool         | ChatGPT | Claude | Gemini | Perplexity | Copilot |
| ------------ | ------- | ------ | ------ | ---------- | ------- |
| Profound     | yes     | no     | yes    | yes        | no      |
| Peec AI      | yes     | yes    | yes    | yes        | yes     |
| Otterly      | yes     | no     | yes    | yes        | no      |
| Bluefish     | yes     | no     | yes    | no         | yes     |
| Scrunch      | yes     | no     | no     | yes        | no      |
| Semrush      | yes     | no     | yes    | yes        | no      |
| Self-built   | yes     | yes    | no     | yes        | no      |

Peec AI samples all five. That alone gives them more surface area, which is part of why their number is highest. Scrunch samples only ChatGPT and Perplexity, which makes their high number more interesting, because they are getting more citations from fewer surfaces.

If you only care about ChatGPT, the choice of tracker matters less. If you care about Gemini or Claude, you can disqualify half the list immediately.

### 3. How often they sample

Most tools run each query daily. Some run weekly. Otterly runs daily but deduplicates within a 24-hour window, so a brand mentioned five times in one day counts once. Peec AI runs daily and counts each mention separately. Over 15 days and 12 queries, that compounds fast.

### 4. Whether they sample at all in your languages

I publish in four languages. Most trackers default to English-only sampling unless you configure language sets. Peec AI gave me the most useful multilingual number because they query in 115 languages by default. The others basically ignored my PT and ES traffic entirely, which is why their numbers undercount what is actually happening in LatAm and Brazilian search.

## The boring conclusion: pick the definition, then pick the tool

After two weeks staring at this, I think the question "which tracker is most accurate" is the wrong question. There is no ground truth for AI citations. Every LLM is a black box that returns slightly different answers to the same prompt depending on time, region, and which datacenter you hit. There is no Google Search Console for this.

The right question is: which definition of "citation" maps to the business outcome you actually care about?

- If you want **attribution traffic** (someone clicks a link), use Profound or Otterly. They count linked citations only. The numbers will be small, but they map to GA4 referrer events you can actually verify.
- If you want **brand presence** (the LLM is talking about you, link or not), use Peec AI. The number will look generous, but it is the closest proxy to "ChatGPT says my name out loud in answers."
- If you want **competitive positioning**, use Bluefish or Scrunch. They both run competitor sets natively.
- If you want **the truth on a budget**, write your own script. Mine is 200 lines of Python around the OpenAI, Anthropic and Perplexity APIs and costs about $8 a month. It also gives me raw answer text to grep through, which the commercial tools mostly hide behind charts.

Until the field agrees on a shared definition, every vendor will keep counting differently and calling the same word. Something like the taxonomy [llmoframework.com](https://llmoframework.com/) proposes would actually help here: a standard for what "citation," "mention," and "source link" mean across tools, so the numbers become comparable.

## What I am actually using

Honest answer: I run two trackers, not seven.

I kept Otterly because it is cheap and its strict definition lines up with what I can verify in GA4. If Otterly says I got cited and GA4 shows a referrer click, I trust both. I also kept my own Python script because it gives me the raw text and I can change the definition tomorrow if I want.

I dropped the rest. Not because they are bad. Because paying $499/month to get a number I cannot reconcile with another number from a $29 tool was making me dumber, not smarter.

If you are about to spend money on an AI citation tracker, do this first: write down what "citation" means to you, in one sentence. Then ask each vendor if their definition matches yours. Most of them will not answer cleanly, which is your answer.

## More on this

I wrote a book about exactly this measurement problem, including the Python script I use and the GA4 setup that pairs with it.

[Why ChatGPT Ignores Your Website: The LLMO Practical Guide](https://kenimoto.dev/books/llmo-ai-search-optimization)

---

# I Cron-Scheduled 7 AI Agents. 2 Silently Failed for 18 Days. Tracing Wouldn't Have Caught It.

URL: https://kenimoto.dev/blog/seven-cron-agents-18d-silent/
Lang: en
Date: 2026-05-28
Description: Seven agents on cron, two never ran from day one, eighteen days of green dashboards. Tracing didn't catch it. An exit-code contract plus a 24-hour heartbeat did.

I had seven agents on cron. Two of them stopped running on day one. I noticed on day eighteen.

That sentence is the whole article, but it is also the kind of sentence that I would have argued against if someone else had said it on a podcast. "Surely you would notice. You have tracing. You have dashboards. You have a Telegram channel that lights up every time anything moves." Yes. I had all of those. The two dead agents still slipped under all of them, because every one of my monitoring layers was designed to watch processes that ran. Two of mine were not running.

This is the eighteen-day log: what the seven agents were, how two of them silently broke on day one, why my tracing was the wrong shape for the failure, and the small exit-code contract I now bolt onto every scheduled CLI agent.


## The seven agents and the setup that looked fine

I run two content domains and one self-evolving harness on the same box. Each domain has three agents on a daily cron at 09:00 — observer, strategist, marketer — plus a shared evolver that runs on Saturdays. That's seven processes. The cron lines all looked roughly like this:

```cron
0 9 * * * /home/me/repos/harness-ops/scripts/marketer-A.sh >/dev/null 2>&1
0 9 * * * /home/me/repos/harness-ops/scripts/marketer-B.sh >/dev/null 2>&1
```

Each shell script wraps `claude -p "..."` with a prompt, captures the output, writes a daily log file, and ends. A real article gets pushed at the end if the agent decides to publish. I have a Telegram webhook that fires from inside the script on success and on `set -e` failure paths. I had been running this setup for about two months before the silent failures.

The thing I missed at setup time was three lines below the heredoc. The two marketer scripts referenced a Python helper that lived in a sibling repo. I had `cd`d into that sibling repo at some point and tested everything by hand. The script worked. I checked it in. Then I tidied the sibling repo, renamed the helper module, and the import line in my marketer script started to point at nothing.

You can already see what happens. `python3 helper.py ...` exits with code 1 immediately on `ModuleNotFoundError`. The shell script's first line is `set -euo pipefail`. So the script dies in the first ten lines. Telegram is wired up later in the script, after the Python call. The script never reaches the Telegram block. `>/dev/null 2>&1` swallows the stderr. Cron is configured without `MAILTO=`. Two agents die quietly every morning. The other five publish like normal. The system looks healthy.

## What tracing was watching, and what it was not

I want to be precise about this part, because I spent a few hours on day eighteen convincing myself that better tracing would have caught it. It would not have.

I had OTEL spans coming out of every `claude -p` invocation. They went into a self-hosted collector and out to a small dashboard. The dashboard showed: tokens per task, tool-call latency, retry rate, daily total agent runs. On the morning of day eighteen the dashboard showed five agent runs per day, every day, for the last eighteen days. The line was perfectly flat. The line was supposed to be at seven.

Tracing instruments processes that execute. It can show you a slow call. It can show you a failed call. It can show you a retry storm. It cannot show you a process that was never spawned. The two dead marketers had no spans because the only span emitter was inside the very Python helper that was failing to import. From the dashboard's perspective, those two agents simply did not exist that day. And the next day. And the next.

I had been staring at the wrong question. "Are my agents healthy?" is a question that tracing answers. "Did all seven of my scheduled agents actually run?" is a question that tracing cannot answer, because the agents that did not run are exactly the ones that send no signal.

If you have ever read about [healthchecks.io's dead-man's-switch model](https://healthchecks.io/docs/monitoring_cron_jobs/), this is the exact failure mode they describe in their docs: "A critical data processing job might stall without triggering any alarms in traditional monitoring systems. These silent failures can persist for days or weeks before someone notices missing data or corrupted results." I had read that page before. I just hadn't applied it to my own cron because I had Telegram alerts and felt covered. Telegram only fires from code paths that the script actually reaches.


## The exit-code contract I bolted on

The fix did not involve more observability. It involved less trust in the agents to report themselves, and more trust in the cron wrapper to report on their behalf. I gave every scheduled agent a small contract:

1. **Define exit codes that mean something.** Not just `0 = good, anything else = bad`. I cribbed loosely from sysexits.h: `0` is "agent ran and finished its task," `64` is "config or env error" (the `ModuleNotFoundError` case), `65` is "task ran but produced no usable output," `78` is "agent skipped on purpose" (e.g., the marketer decided there was nothing to publish today).
2. **Make the cron wrapper own the reporting.** The agent script's job is to exit with the right code. The cron wrapper's job is to pick up that code and push it somewhere durable — regardless of whether the agent itself succeeded or failed.
3. **Add a heartbeat that fires on success.** Not on failure. Silence has to be the alarm.

The cron wrapper now looks roughly like this:

```bash
#!/usr/bin/env bash
# scripts/cron-wrap.sh <agent-name>
set -uo pipefail
AGENT="$1"
SCRIPT="$HOME/repos/harness-ops/scripts/${AGENT}.sh"
HC_URL="https://hc-ping.com/<uuid-${AGENT}>"

START=$(date -Iseconds)
bash "$SCRIPT"
RC=$?
END=$(date -Iseconds)

# log every run, success or not
echo "${START} ${AGENT} rc=${RC} end=${END}" >> "$HOME/logs/cron-runs.log"

# ping the heartbeat URL with the exit code embedded in the path
# missing ping for 24h → healthchecks.io pages me
curl -fsS --retry 3 "${HC_URL}/${RC}" >/dev/null || true

# escalate non-zero immediately, but never let cron itself fail
if [[ "$RC" -ne 0 && "$RC" -ne 78 ]]; then
  "$HOME/bin/tg-notify.sh" "agent=${AGENT} rc=${RC} see ~/logs/cron-runs.log"
fi
exit 0
```

Three things in there that took me a couple of evenings to get right.

First, `set -uo pipefail` instead of `set -euo pipefail`. I do not want the wrapper to exit on the agent script's failure, because if it exits before the ping, healthchecks.io will eventually page me — but the page will arrive 24 hours late, and the log line will not be written. The wrapper has to keep running and capture the exit code itself.

Second, the ping URL has the exit code in the path. healthchecks.io accepts that and exposes it in the dashboard as the last reported code. So I can glance at a list and see "agent ran, exited 64" without opening the log file. Cronitor does the same thing with a slightly different URL shape; pick whichever fits your existing tooling.

Third, `78` is treated as a deliberate skip, not a failure. The marketer's "no, nothing worth publishing today" path returns `78`. Without that, the failure escalation would fire on legitimately quiet days and I would learn to ignore the channel — which is how monitoring dies in practice.

## What it caught the day I deployed it

I rolled this out on what was day eighteen for the silent marketers. Within ten minutes, both `marketer-A` and `marketer-B` showed up in the healthchecks.io dashboard with last-reported exit code `64` — config error, the module that did not exist anymore. I had not opened the agent code yet. I just looked at the dashboard.

Within an hour I had renamed the import, run both scripts manually to verify exit `0`, and the next morning's cron published the two articles those agents had been quietly skipping for two and a half weeks. Tracing dashboards finally went up to seven runs per day. The line is still flat, but it is flat at the right number now.

The day after that, a different agent — observer-B, which had been totally fine throughout the silent failure period — started exiting `65` ("no usable output"). The dashboard caught it inside twenty minutes. That is the kind of thing the contract is supposed to do: when the agent ran but produced garbage, you find out the same day, not the same fortnight.

## What I'd tell past-me

The version of me who set this cron up two months ago was not careless. He had set up Telegram alerts and a tracing dashboard and a daily log file. He had read the [Twelve-Factor App](https://12factor.net/disposability) chapter on disposability. He had even thought about the difference between "agent failed" and "agent did not run," and decided the latter was unlikely enough to ignore.

The mistake was assuming "did not run" was a rare edge case. In a setup with seven scheduled processes, three Python helpers, two repos that move independently, and a long-running script that wires Telegram in the middle rather than at both ends, "did not run" is the single most likely silent failure mode. It is not even close.

So three things I would say to past-me, in order of how cheap they are to set up:

1. **`MAILTO=` is free.** If you set it, cron itself will email you the stderr of any failing job, even the ones that die before your alerting code runs. That alone would have caught my failure the same morning it happened. ([archwiki has a good summary on systemd timers and email if you have moved off cron](https://wiki.archlinux.org/title/Systemd/Timers).)
2. **Wrap every scheduled agent in a script you own.** Not the agent itself — a wrapper around the agent that has one job: capture the exit code and ping somewhere. The wrapper is allowed to be uglier than the agent because it should never change.
3. **The success heartbeat is what makes silence loud.** Failure alerts are everywhere, and they tell you nothing about agents that never executed. A heartbeat that fires on success — and a dead-man's-switch that pages when the heartbeat is missing — turns "two agents went quiet" from an eighteen-day discovery into a one-day discovery.

Tracing and observability are how you watch processes that are alive. An exit-code contract is how you remember they were supposed to be alive at all. The two complement each other, and the cron-based "set it and forget it" pattern collapses without the second one. Mine did, for eighteen days, quietly, on a server I checked every morning.

I checked the dashboards. The dashboards were just looking at the wrong question.

## Related

- [I Ran 3 Claude Code Sessions in Parallel for 8 Hours. They Overwrote Each Other's Context Twice.](/blog/three-claude-sessions-parallel-8h-context-overwrite/) — sibling failure on the *synchronous* side: agents that collided rather than disappeared.
- [I Added a 4th Agent That Audits My Other Agents (Evolver).](/blog/i-added-a-4th-agent-that-audits-my-other-agents-evolver/) — supervising agents that *are* running but procrastinating; complementary to the contract-level checks above.
- [9 Bugs in My AI Pipeline: None Were the AI's Fault.](/blog/9-bugs-in-my-ai-pipeline/) — full bug catalogue from the surrounding scripts; silent-cron was #7 on the list.

If you'd rather go deeper than a single blog post, I expanded the lifecycle-and-hooks layer of this story into a chapter of my book on AI agent harnessing: [Harness Engineering Guide: From Tools to Compounding Productivity](https://kenimoto.dev/books/harness-engineering-guide).

---

# Claude Code Skills Cost Tokens Even When They Don't Fire. I Measured 5 Skills Across 7 Hours. The Bill Was 18%.

URL: https://kenimoto.dev/blog/skills-loaded-3-never-fired-18/
Lang: en
Date: 2026-05-30
Description: Five Skills loaded into one Claude Code session. Three never matched a single prompt. They still ate 18% of my tokens. Here's the measurement, the receipt, and the audit that brought it back to 7%.

I thought Skills were a free upgrade over custom commands. They are not free. They are rent.

That sentence is the whole article in fifteen words. The rest is me showing my receipts.

I had five Skills loaded in one Claude Code session for seven hours on a Tuesday: a PR reviewer, a TypeScript migration helper, a database migration validator, a log tracer, and a CSV cleaner. Three of them never matched a single prompt the entire session. I checked the invocation log twice because I did not believe it. They sat there, quiet and well-behaved, and they still took roughly **18% of my total tokens** for the day. The three that never fired were responsible for about **11% of the bill** on their own.

I had been telling teammates that Skills only cost you tokens when they fire. I was wrong about that in a way that turned out to be measurable.

## How Skills actually load (the part I had skimmed)

Here is the spec I had read but not internalized.

When your session starts, Claude Code reads every Skill in scope. The `name` and the `description` from each `SKILL.md` frontmatter are placed into the system context. The body of the Skill is not loaded yet. That part only loads when Claude decides the description matches your current prompt, or when you explicitly type `/skill-name`. Once the body is loaded, it stays in the context window until the session ends or compaction kicks in.

The implication I missed: **the description is in the context on every single turn**. Not just at session start. Every user message you send, every response Claude generates, the description sits there as part of the prompt. Five Skills with three-hundred-token descriptions is fifteen hundred tokens of "what these workflows can do" that gets re-billed on every turn.

Multiply by an eighty-turn session and you are paying for those descriptions one hundred and sixty times. They are not big. They are constant.

## The setup

I run Claude Code as my daily driver. On the day I measured, I was doing what I usually do on a Tuesday: triaging PRs in the morning, then a long block of refactoring work, then some afternoon ad-hoc shell exploration. One Claude Code session, kept alive across all of it, with `--output-format json --verbose` piped to a logging wrapper so I could read the `usage` field on every response.

The five Skills loaded in `~/.claude/skills/`:

| Skill | Description length | Purpose | Invoked? |
|-------|---:|---------|:---:|
| `review-pr` | ~310 tokens | PR review workflow | Yes (11 times) |
| `migrate-ts` | ~290 tokens | TypeScript migration helper | Yes (2 times) |
| `migrate-db` | ~340 tokens | DB migration validator | No |
| `trace-logs` | ~270 tokens | Log file pattern tracer | No |
| `clean-csv` | ~280 tokens | CSV cleaning recipes | No |

Total descriptions in context per turn: roughly 1,490 tokens of Skill metadata, sitting on top of CLAUDE.md, project context, and the live conversation.

The session ran 7 hours 12 minutes, 84 turns, total input and output tokens around 2.1M (with prompt caching active most of the way).

## The receipt

I added up the token spend three ways: total, "would have been if no Skills were loaded" (estimated by subtracting the description-only overhead and the bodies of the two that actually fired), and the diff. The numbers from the logs:

| Category | Tokens | Share |
|----------|------:|------:|
| Conversation, CLAUDE.md, code reads | 1,720K | 82% |
| Active Skills (`review-pr` + `migrate-ts`) | 147K | 7% |
| Dormant Skills (descriptions, 3 never fired) | 231K | 11% |
| **Total** | **2,098K** | **100%** |

The two Skills that earned their keep cost me 7%. That is fine. They saved me probably twice as much in not having to retype workflow prompts.

The three that never matched anything cost me 11%. They earned exactly zero of it back. With prompt caching, the per-turn description cost is partially absorbed, but only partially: every time my prompt changes, the cache invalidates around the descriptions, and the input gets re-tokenized for billing in the input-token line. Eleven percent.


## The audit

I ran the same workload the next morning with only the two Skills that had actually fired the day before. Same files, same PR set, same kinds of prompts. Total spend came in at 1,872K tokens. That is an 11% drop on the day, which lines up almost exactly with what the dormant descriptions had been costing me. Within the noise of a different day, it matches.

If you want a fast way to see this on your own setup, run a wrapper around `claude` that captures the JSON response:

```bash
claude -p "$YOUR_PROMPT" --output-format json --verbose \
  | jq '{input: .usage.input_tokens, cached: .usage.cache_read_input_tokens, output: .usage.output_tokens}'
```

The `input_tokens` line is the number you want to watch turn over turn. If it baseline-drifts upward after you add a Skill, you are paying description rent.

## Why this surprised me

I had been thinking of Skills the way I thought of imports in a programming language: zero cost until called. Imports are zero cost because the compiler can throw away anything you don't reference. Claude Code cannot. The description is the thing that tells Claude when to invoke the Skill at all, so the description has to be in the prompt every turn. If it were lazily loaded, the model could not decide to invoke the Skill in the first place.

That is the design tradeoff. It is the right one. But it means the marginal cost of "having a Skill installed but never using it" is not zero. It is a small per-turn tax that adds up over a long session.

This is not Hooks. Hooks are intentionally fired by Claude Code in response to events: pre-tool, post-tool, session-end. Hooks are not described in the system prompt for matching; they are configured in `settings.json` and triggered by the harness. The cost of an unused Hook is genuinely zero. The cost of an unused Skill is the description, every turn.

It is also not the same as an unused MCP server. An MCP server adds its full tool list to the system prompt at session start (which can be much bigger than a Skill description), but it is a one-time-per-server number that some teams have already measured (about 27,000 tokens per server in one published audit). Skills are a smaller per-item cost than an MCP server, but you tend to have more of them, and the per-turn pattern multiplies them out.

## The five-step Skill audit

I now do this monthly. It takes ten minutes.

1. **List every Skill in scope.** `ls ~/.claude/skills/` plus your project-level `.claude/skills/` plus anything from plugins. Write them down.
2. **For each Skill, find the last time it fired.** If you run sessions with `--output-format json` and pipe to a log, grep for the Skill name in the tool-use entries. If you do not log structured output, you have to guess from memory, which is usually wrong.
3. **Mark anything with no invocations in the last 30 days as a candidate.** You are not deleting them yet. You are flagging.
4. **Move candidates out of scope for a week.** I literally `mv` the directory to `~/.claude/skills-attic/`. Live with it for a week. If you do not miss the Skill, it was rent.
5. **Re-measure the input token baseline.** Same kind of workload, no candidates loaded. If the input-token line is meaningfully smaller, you just found your savings.

The trap I want you to avoid: do not delete the candidate immediately. Sometimes a Skill that has not fired in 30 days is one you actually want for a quarterly task you forgot you do. Move-to-attic is the safe version.

## What I changed in my own setup

Three Skills moved to the attic. One of them is coming back next month because I have a database migration coming up. The other two are probably gone for good. The two active Skills stayed.

The session I ran while writing this article is also down to two Skills. My input-token line on the per-turn log is now flat in a way it wasn't before. Eleven percent does not sound dramatic when you say it out loud. On a heavy Claude Code Max plan, eleven percent of the monthly budget is real money. On the API metered plan, it is real money in a different way. Either way, it is money you are spending to keep three text files in context, which is a phrase I am embarrassed to type.

If you are running a lot of Skills, you are not wrong to like the convenience. You just have to know that the convenience has a per-turn tax, and that the tax is invisible until you go looking for it.

The phrase I am going to put on a sticky note above my monitor: **loaded is not active, active is not invoked, and invoked is not the same as worth keeping.**

Now go check your `usage.input_tokens` line. The number is right there in the JSON. It has been telling you this story the whole time.

---

For the full mental model of how Skills fit alongside Hooks, MCP servers, and sub-agents, plus the per-mechanism cost table I wish someone had handed me a year ago, I wrote about it in [Claude Code Mastery](https://kenimoto.dev/books/claude-code-mastery). The context-window economics that makes the description-rent trick visible in the first place is in [Context Engineering](https://kenimoto.dev/books/context-engineering).

---

# I Refused to Write Specs Until Claude Code Generated Wrong Code Three Times

URL: https://kenimoto.dev/blog/spec-driven-development-claude-code-three-failures/
Lang: en
Date: 2026-05-09
Description: I called spec-driven development 'overhead' for six months. Then Claude Code wrote a discount feature that applied coupons to itself, three times in a row. Here is what fifteen minutes of OpenAPI bought me.

I read the phrase "spec-driven development" and immediately decided it was for people without taste. Six months later, Claude Code generated a discount system that applied coupons to itself. Three times in a row.

The first time I laughed. The second time I assumed the prompt was the problem. The third time I closed the editor, opened a YAML file, and started writing OpenAPI like a person who had finally lost an argument with reality.

This post is about that argument. And about what fifteen minutes of spec-writing actually buys you in 2026, when half the developer Twittersphere is still telling you to "just prompt it."

## What I was doing wrong

My workflow was the one everyone has tried. Open Claude Code. Type "build me a checkout flow with member discount and a promo code field." Watch the agent confidently generate four hundred lines of Flask. Skim. Run. Fail. Re-prompt. Get a different four hundred lines. Repeat until I either ran out of patience or shipped something that mostly worked.

The discount feature was where the wheels came off. I asked for "10 percent member discount, stackable promo codes, max 30 percent total." Claude Code shipped a function that, when given a promo code on a member account, took 10 percent off, then took another 10 percent off the discounted total, then applied the promo. The promo code, as it turns out, was also a member-discount-eligible item in my schema, because I had not bothered to tell anyone that members are people and promos are line items. So the system politely gave my coupon a coupon.

Yes, I am the engineer who wrote "just prompt it" in a thread last week and then spent five PR rounds explaining what "just" meant.

## The fifteen-minute spec

Out of spite, I tried the thing I had been calling overhead. I wrote an OpenAPI document. Endpoint, request shape, response shape, error codes, the constraints on every field. It took fifteen minutes.

```yaml
paths:
  /api/orders:
    post:
      requestBody:
        application/json:
          schema:
            customer_id: string
            items: array of OrderItem
            promo_code: string | null
      responses:
        201:
          schema:
            order_id: string
            subtotal: integer (minimum 0)
            member_discount: integer (0..subtotal * 0.1, integer)
            promo_discount: integer
            total: integer
            applied_rules: array of string
        400:
          schema:
            error: { code, message }
```

Then I wrote a Gherkin file with three scenarios. Member buys without promo. Non-member uses promo. Member uses promo and the total cap kicks in.

```gherkin
Scenario: Member with promo, capped at 30% total
  Given a logged-in member
  And a cart with subtotal 10000 yen
  When they apply promo code "SPRING5"
  Then member_discount is 1000
  And promo_discount is 2000
  And total is 7000
  And applied_rules includes "member" and "promo:SPRING5"
```

I handed both files to Claude Code with one sentence: "implement these specs in Flask, including validation and error handling." It generated about 80 percent of the implementation in three minutes. The remaining 20 percent was real domain logic: what counts as "stackable," what happens at the cap. I wrote that. The spec made it impossible to be confused about it.

Fifteen minutes of YAML to delete five PR rounds of "what did you mean by stackable." I had been doing the loud version of saving fifteen minutes by spending two hours.

## Why it works (and why "just prompt it" doesn't)

The reason has nothing to do with Claude Code being smarter when you give it more text. It has to do with what you, the human, are forced to think about while writing the spec.

When I write `member_discount: integer (0..subtotal * 0.1, integer)`, I have committed to the idea that member discount is at most ten percent of the subtotal, in integer yen. I cannot generate a spec that "applies the coupon to itself" because the spec doesn't have a coupon-shaped recipient for that recursion. The ambiguity dies in YAML, before it can metastasize in Python.

This isn't original to me. The 2026 wave of spec-driven tooling ([OpenSpec](https://github.com/Fission-AI/OpenSpec), [cc-sdd](https://github.com/gotalab/cc-sdd), [amux](https://amux.io/guides/spec-driven-development/), [Kiro](https://kiro.dev)) is all built on the same observation. GitHub Copilot Workspace doesn't even let you skip the step: it generates an editable "proposed specification" before it touches code, because the team that built it figured out that the spec is the only artifact in the workflow that the human can actually review.

The cheap-model lesson generalizes: AI assistants don't reduce the value of specs. They turn a fuzzy spec into an expensive mistake faster than humans ever could.

## The three patterns that paid off

The book version of this is three patterns, and after living with them for a quarter, all three pull weight.


**Pattern 1: OpenAPI to implementation.** Write the endpoint shape. Hand it to Claude Code. Get a stub that handles 80 percent of CRUD plus serialization plus the obvious error cases. Add the domain logic by hand. This is the bread-and-butter case. It is also where the "80 percent" number comes from. The remaining 20 percent is what you're actually paid to think about.

**Pattern 2: Gherkin to step definitions.** Write scenarios in Given/When/Then. Hand them to Claude Code with `pytest-bdd` or `behave`. Get the step skeletons. The interesting move here is that the same scenarios drive both implementation prompts and test prompts, so the agent can't drift between "what the code does" and "what the test checks." Drift is where bugs ship.

**Pattern 3: Spec to property tests.** From the OpenAPI schema (`price: integer, minimum: 0, maximum: 1_000_000`), have Claude Code generate property-based tests with Hypothesis or fast-check. You get the boundary cases (`0`, `1_000_000`, `-1`, `null`, overflow) without having to remember every flavor of "what could go wrong with an integer." This is the one I underused for years and regret most.

## The traps

Three things will bite you if you don't watch for them.

**Ambiguity in specs scales linearly with the bugs in implementation.** If your OpenAPI says `discount: number` instead of `discount: integer (0..subtotal*0.1)`, the model will guess. It will guess differently every time. Vague specs aren't a head start; they're a paid-for hallucination factory. SDD only works as a forcing function on you.

**Never trust generated code unconditionally.** Sample of bugs I have shipped from generated code in the last three months: a SQL query built with string concatenation (injection waiting to happen), a JWT stored in `localStorage` (it should have been `httpOnly`), and a silent N+1 over a thousand-row table. The agent didn't write any of those out of malice. It wrote them because nothing in my spec said "no." Specs need a constraints section. Read [my 24-hour autonomous agent post](/blog/autonomous-agent-24-hours-security-lessons/) if you want to know how creative an agent gets when constraints aren't there.

**The agent will add requirements you didn't ask for.** I have watched Claude Code add an authentication check to an endpoint whose spec said "public, rate-limited only." The agent had read enough Stack Overflow to think every endpoint should be authenticated, and silently slipped a check in. Specs need to be explicit about what the system *doesn't* do, not just what it does.

## How I write specs now

The workflow that survived contact with reality is unromantic.

1. Sketch the endpoint in OpenAPI. Field types, ranges, required vs optional.
2. Write three Gherkin scenarios. Happy path, edge case, error case.
3. Add a `## Out of scope` section to the spec file. Auth model. Rate limit. Caching. Anything the agent might helpfully invent.
4. Hand all three to Claude Code with `CLAUDE.md` containing project conventions.
5. Generate. Review the diff against the spec, not against vibes.
6. Run the property tests the spec generated.

This is also where [Claude Code Skills](/blog/claude-code-skills-reusable-workflow-pattern/) earn their keep. I wrap the steps above into a single skill, `/spec-impl`, and the workflow stops being a discipline I have to remember and starts being one slash command. Versus [ChatGPT Codex](/blog/claude-code-vs-chatgpt-codex-official-agents/) on the same task, the spec-first version of either agent reaches "production-shaped" code faster than the prompt-first version of the better one. The agent matters less than the artifact in front of it.

## What I'd tell past-me

I would tell past-me that the fifteen minutes of OpenAPI he refused to write cost him an entire weekend of "just one more prompt." I would tell him that spec-driven development is not a methodology you adopt because some consultancy sold it to your CTO; it's the cheapest known mechanism for not arguing with a fast, confident, slightly drunk junior engineer.

And I would tell him this: in 2026, agents turn every fuzzy spec into an expensive mistake faster than any human ever could.

The specs are the brake pedal. Without them, you still go fast. You just go fast in whichever direction the agent's training data pointed last.

---

*If you're building this kind of workflow into your own team, the surface area is bigger than this post: DDD scoping, BDD test pyramids, microservice contract testing, the whole governance side. I'm working on a longer treatment of all of it; details to follow.*

---

# I Stopped Adding Context to My Agent and Pruned Tool Outputs Instead — My 3-Hour Task Stopped Forgetting Its Own Plan

URL: https://kenimoto.dev/blog/stopped-adding-context-pruned-tool-outputs-accuracy-returned/
Lang: en
Date: 2026-06-05
Description: I always believed more context made an agent smarter. Then a 3-hour migration task forgot a design rule it had set for itself in hour one. I pruned raw tool outputs and stale turns, dropped from 140K to 84K tokens, and the plan held to the end. This is about what not to put in.

For a long time I treated context like savings: the more I put in, the richer I'd be. Thick CLAUDE.md, every file that might be relevant, the full output of every tool left sitting in the window. More information, smarter agent. That was the theory.

The theory fell apart three hours into a migration task. The agent had set itself a design rule in the first twenty minutes: don't touch the legacy adapters, wrap them. By hour three it had forgotten its own rule and edited two of them directly. It also wandered into a directory I had explicitly told it to leave alone. The prompt wasn't the problem. The context had gotten so fat that the one instruction that mattered was buried under everything else I'd helpfully shoveled in.

So I did the opposite of my instinct. I stopped adding and started pruning. Tokens dropped from about 140K to about 84K, roughly 40%, and the long task got *more* accurate, not less. This is the story of what I cut.

## The point where "more is smarter" turns into a lie

Context has a ceiling on how much of it actually works, and the ceiling sits well below the advertised number.

Claude Sonnet markets a 200K-token window. But Sourcegraph's Geoffrey Huntley [reported quality starting to slide somewhere around 147,000–152,000 tokens](https://ghuntley.com/redlining/), what he calls redlining. The capacity of the window and the capacity you can use are two different numbers.

This is not my anecdote talking. Chroma's research team ran the experiment properly: they tested [18 frontier models on how rising input length affects output quality](https://research.trychroma.com/context-rot), and every one degraded as the context grew. They named it **context rot**. A model with a 200K window can show measurable degradation long before it's full. And the kicker: *how* you fill the window matters. Padding it with tool operations that partly cancel each other out hurt performance more than padding it with neutral text. Raw tool dumps are close to the worst-case filler.

Picture a new hire. Hand them three pages and they're useful by lunch. Bury the same desk under three hundred pages and they'll spend the day just figuring out which page matters. Information and usefulness stop being friends at some point on that curve. My agent had hit that point, and I was the one stacking the pages.

## The three things I pruned

When I went looking for what to cut, it sorted into three buckets.

### 1. Raw tool outputs

This was the big one. The full log of `npm test`. The four hundred lines `grep` returned. The giant JSON body from an API call. The agent hoards all of it, verbatim. But the only thing that moves the next step forward is the conclusion: "three tests failed, here are the files." The rest is ballast.

Anthropic now ships this as an actual feature, which told me I hadn't invented anything; I'd just been doing it by hand. Their [context editing](https://platform.claude.com/docs/en/build-with-claude/context-editing) clears old tool results past a token threshold and leaves a small placeholder so the model knows something was removed. In a 100-turn web-search eval, Anthropic measured context editing cutting token use by 84% while keeping workflows alive that would otherwise have run out of room. The mechanism I'd been hacking together with notes-on-the-side had a name and a measured number.

### 2. Irrelevant files

The "let me read this just in case" files. On a migration task I'd opened five components that had nothing to do with the migration. I'd told myself it was insurance. It was noise I paid for in tokens.

### 3. Stale conversation turns

The early flailing. Once "we're going with approach B" is decided, the three rejected approaches that got us there are dead weight. Keep the decision, drop the path to it. A `/compact` with a custom instruction does this without throwing away the parts you need.

## The numbers, before and after

Same migration task, run with the fat context and then with the pruned one.

| Metric | Before pruning | After pruning |
|---|---|---|
| Tokens used | ~140K | ~84K |
| Design rule held? | Drifted near the end | Held to the end |
| Times I had to re-instruct | 6 | 1 |
| Wrong files touched | 2 | 0 |

Tokens fell about 40%. But the number I actually cared about was the re-instruction count going from six to one. The agent kept its own hour-one decision all the way to the finish because it never climbed into the 147K–152K redline where the rot sets in. I didn't make it smarter. I stopped making it dumber.


And notice the direction here. A while back I ran the [opposite experiment, stacking four more context layers on top of RAG](https://kenimoto.dev/blog/full-context-engineering-rag-80-percent/) and measuring the gain. That was about adding structure and watching the curve rise (until it fell over on the smaller model). This is the mirror image: removing noise and watching accuracy come back. Same window, opposite vector. Both experiments point at the same uncomfortable truth: the window is not a bucket you should try to fill.

## Why "don't put it in" is harder than "put it in"

Honestly, pruning is the harder discipline.

Adding is free of judgment. Nervous about a file? Open it. No decision required. Pruning forces you to say "this isn't needed" and then sit with the fear that it was. Every cut is a small bet against your own anxiety.

My rule for the bet is one question: *does this directly help the single step in front of the agent right now?* If not, it stays out. If it turns out I was wrong, the agent can go read the file again; it's an agent, retrieval is its job. Pre-loading everything wasn't serving the model. It was sedating me.

Anthropic's newer models track how much of their own context is left, a kind of context self-awareness, so they can pace a long task instead of sprinting into the wall. But that only helps if there's headroom to track. Fill the window with raw logs on turn one and there's no runway left to be aware of.

## Takeaway

When a long task started losing accuracy, my first instinct was "it doesn't have enough information." Exactly backwards. It had too much, and the one instruction that mattered had been diluted to nothing.

What I actually did was three cuts: replace raw tool output with its conclusion, stop opening files "just in case," and throw away the trial-and-error once a decision is made. Forty percent fewer tokens, no trip into the rot valley, and a plan that survived three hours intact.

Context engineering sounds like a question of what to add and how to arrange it. On a long-running task, the move that paid off was the other one: deciding what never goes in. Clear the desk down to three pages. That's the moment the new hire becomes useful again.

---

The full map of context design (how System Prompt, few-shot, and RAG fit together, and where adding more crosses the 80-20 line into actively hurting you) is in my **[Context Engineering Practical Guide](https://kenimoto.dev/books/context-engineering?utm_source=kenimoto-dev-blog&utm_medium=article&utm_campaign=pruned-tool-outputs)**. This post is the subtraction side of that book, stress-tested on a task long enough to make context rot show up.

---

# I Ran 3 Claude Code Sessions in Parallel for 8 Hours. They Overwrote Each Other's Context Twice.

URL: https://kenimoto.dev/blog/three-claude-sessions-parallel-8h-context-overwrite/
Lang: en
Date: 2026-05-27
Description: Three Claude Code sessions, three worktrees, one shared .claude/. Eight hours later: two corrupted memory files and $47 of token spend re-doing existing work.

I had three ideas in parallel and three terminal windows. The math seemed obvious: open three Claude Code sessions, one per worktree, let them work on independent branches, and pick up roughly 3x my throughput for the afternoon. The official docs even tell you to do exactly this. The desktop app [auto-creates a worktree](https://code.claude.com/docs/en/worktrees) for every new session. It is presented as the safe pattern.

Eight hours later I had two corrupted memory files, one Skills file with a paragraph in it that I never wrote, and a bill for roughly $47 of token spend re-doing work that already existed in another worktree. The setup was safe. The shared state was not.

This post is the 8-hour log: what I set up, when the two collisions happened, what was actually being overwritten, and the three small patterns I use now to keep parallel sessions from eating each other.

## The setup that looked safe

Three Claude Code sessions, each on a separate worktree of the same repo. Three branches: `feat/voice-buffer`, `fix/og-emit`, `feat/citation-tracker`. None of the branches touched the same source files. I had checked that twice before I started.

```bash
# Terminal A
git worktree add ../wt-voice-buffer feat/voice-buffer
cd ../wt-voice-buffer && claude

# Terminal B
git worktree add ../wt-og-emit fix/og-emit
cd ../wt-og-emit && claude

# Terminal C
git worktree add ../wt-citations feat/citation-tracker
cd ../wt-citations && claude
```

Each session got the same system context: my repo's `CLAUDE.md`, my user-level `~/.claude/CLAUDE.md`, my `~/.claude/skills/`, and my `~/.claude/projects/<repo>/memory/` directory. The worktrees were independent at the git level. Everything else was shared.

I caught the implication later, sitting at hour eight with a corrupted memory file open. Worktrees isolate your source code. They do not isolate Claude's brain.

## Collision 1: hour 3:42, the Skills file

The first thing that snapped was a Skills file I had not touched all day.

Session A was building a voice-buffer fix and at some point asked itself "is there a Skill for streaming WebRTC buffers?" There was not. It wrote one to `~/.claude/skills/voice-buffer/SKILL.md` and kept working. Around the same eight-minute window, Session C was building the citation tracker and asked itself "is there a Skill for parsing source attributions?" There was not. It wrote one to `~/.claude/skills/citation-source/SKILL.md`.

So far, no conflict. Different files. Different topics. The official docs gave me no reason to worry.

The collision came from a third file: `~/.claude/skills/_index.md`, which both sessions decided to update when registering their new Skill. Session A updated it first. Session C, reading the file thirty seconds later, saw the version *before* Session A's write, appended its own Skill, and saved. The voice-buffer Skill registration disappeared from the index. Session A had no idea, because Session A had already moved on.

I noticed at hour five when I asked Session B (which had been quietly running the OG fix) "does our Skills index include voice-buffer yet?" It said no. I checked. It was right. Session A's Skill file was on disk, but the index that pointed to it had been clobbered.

That is what shared state without locking looks like. Two writers, last-write-wins, no warning, no merge.

## Collision 2: hour 6:18, the memory file

The second collision was uglier because it ate work I cared about.

I use `~/.claude/projects/<repo>/memory/` to store small persistent notes the agent should remember across sessions: an `architecture.md` with my system's component map, a `feedback.md` with stylistic preferences, a `project.md` with current priorities. All three are written by Claude itself, occasionally, when the user asks "remember this" or when the agent itself decides something is worth keeping.

At hour 6:18, Session A finished its voice-buffer work and asked itself "should I save what I learned about the audio buffer's invariants?" It read `architecture.md`, added a section, and saved. At hour 6:19, Session B finished the OG fix and asked itself "should I record the og:type double-emit bug as a known gotcha?" It read `architecture.md` (the pre-A version, still cached in its context), added its own section, and saved.

Session A's voice-buffer notes vanished. Eight minutes of careful invariants, gone, replaced by a paragraph about meta tag emission that was correct but unrelated.

I only caught this because I happened to grep for "buffer invariant" the next morning and found nothing. If I had not gone looking, the notes would simply not exist in any future Claude Code session. The agent would not have known to ask. There is no error log for "memory file silently overwritten by sibling process."

## What was actually broken

Worktrees solve the file-system problem. Two sessions writing to the same `src/voice/buffer.ts` would have produced a git conflict, which is loud and recoverable. Two sessions writing to the same `~/.claude/skills/_index.md` produce a silent overwrite, which is quiet and not.

Concretely, the broken assumption was this. The official guide says ["edits in one session never touch files in another"](https://code.claude.com/docs/en/worktrees), and that is true at the worktree level. It is not true at the harness level, because the harness (memory, skills, hooks, settings) lives one directory up from the worktree, in `~/.claude/`, where every parallel session writes freely with no coordination.

Three classes of file are at risk, in roughly increasing order of how much they will hurt:

1. **Settings files** (`~/.claude/settings.json`). Rare collision because the agent rarely writes here. But when it does (e.g., a Skill asks to add a permission), you get last-write-wins.
2. **Skills files** (`~/.claude/skills/`). Medium-frequency collision. Indices and shared catalogues are the actual flashpoint, not the individual SKILL.md files.
3. **Memory files** (`~/.claude/projects/<repo>/memory/`). The most painful. The agent writes here exactly when it has just learned something it considers worth keeping, which is exactly the work you do not want to lose.

Anthropic's parallel-worktree pattern was designed for code. The harness was designed for one session at a time. Running both at once is the user's bug.


## The 47-dollar lesson

The cash cost was the rework. After the memory file collision, Session A had no record of the voice-buffer invariants it had just figured out. When I started a fresh session the next morning and asked it to extend the buffer, it re-derived the same invariants from scratch, the same way, in about 40 minutes of token spend. I checked the dashboard: roughly $47 of Sonnet 4.6 tokens, plus a slightly grumpier morning.

I had also paid for the original derivation, of course. So really it was double-billed, not lost, but the second payment was the avoidable one. Brooks's Law has a footnote nobody quotes: "and your concurrent processes will overwrite each other's notes, so you will pay for some of the work twice."

## The 3 patterns I use now

After the collision day, I changed three things. Each is small. None of them required Anthropic to ship anything new.

**Pattern 1: per-session memory namespaces.** Instead of one shared `~/.claude/projects/<repo>/memory/`, each parallel session writes into `~/.claude/projects/<repo>/memory/<branch-name>/`. I do this with a per-worktree `CLAUDE.md` that points the agent at its own subdirectory. At session end, I merge the subdirectory back into the main `memory/` by hand or with a small script. Conflicts surface as duplicate filenames, which is loud and recoverable.

```markdown
<!-- per-worktree CLAUDE.md -->

## Memory write location

Write all memory files under
`~/.claude/projects/repo/memory/feat-voice-buffer/`.
Do not write to `~/.claude/projects/repo/memory/` directly.
```

**Pattern 2: a write lock on shared indices.** For files I cannot namespace (the Skills index, settings.json), I use a `flock`-style lock around any agent write. The agent runs writes through a small wrapper script that takes an exclusive lock on `~/.claude/locks/skills-index.lock` before touching the file. Last-write still wins, but the writes are now serialized, and the agent's pre-write read sees a consistent state. The wrapper is maybe twenty lines of shell.

```bash
#!/usr/bin/env bash
# ~/.claude/bin/locked-write.sh
target="$1"
lockfile="$HOME/.claude/locks/$(basename "$target").lock"
mkdir -p "$(dirname "$lockfile")"
exec 9>"$lockfile"
flock 9
cat > "$target"
```

**Pattern 3: coordination via `.claude/sessions/`.** Each running session writes a heartbeat file at `~/.claude/sessions/<pid>.json` with its branch, start time, and the files it expects to touch in the harness layer. Before any session writes to a shared index or memory file, it greps the sessions/ directory for sibling claims on the same path. If it finds one, it waits or skips. This is the heaviest of the three patterns and the one I use least, because Patterns 1 and 2 catch most of the actual collisions.

If you have used Claude Code [sub-agents](/blog/three-sub-agents-reviewed-same-pr-40-percent-disagreement/) for parallel review, you will recognize the shape: the problem is not the model. It is the integration layer the user did not realize was there. Sub-agents collide on opinions inside one session; parallel sessions collide on state across the harness.

## What I actually believe now

Parallel Claude Code sessions are not free, the same way multi-agent code review is not free, the same way letting one agent [run autonomously for 24 hours](/blog/autonomous-agent-24-hours-security-lessons/) is not free. The cost moves around, but it never goes to zero. With parallel sessions, the cost shows up as silent overwrites in your harness directory, eight hours after you started, in a file you did not think about when you opened the second terminal.

The official guide's framing is right at the source-code layer: "edits in one session never touch files in another." It just stops one directory short. Edits inside `~/.claude/` are perfectly happy to touch each other, and they will, on the schedule of last-write-wins, with no error log to grep later.

If you take one thing from this post: when you open the second Claude Code session in a second worktree, take ten seconds to decide whether the two sessions share Skills, memory, or settings, and whether you mind if either silently eats the other's writes. If you do mind, add Pattern 1 today and Pattern 2 the first time you actually hit a collision. Pattern 3 can wait until you find yourself running five at once, which is the point at which the official docs gently advise you not to.

I am still running parallel sessions. I just stopped pretending the worktree boundary was the whole boundary.

---

**Want the deeper version of this?** I cover the harness layer, the 6 modules of a Claude Code setup, and the failure modes of shared state in [Harness Engineering](https://kenimoto.dev/books/harness-engineering-guide) — the field guide for engineers who want to run Claude Code seriously, not just open three terminals.

Related on this blog:

- [I Asked 3 Claude Code Sub-agents to Review the Same PR. They Disagreed on 41% of the Comments.](/blog/three-sub-agents-reviewed-same-pr-40-percent-disagreement/)
- [I Let My Claude Code Agent Run for 24 Hours](/blog/autonomous-agent-24-hours-security-lessons/)
- [Three-Role Separation: Observer, Strategist, Marketer](/blog/three-role-separation-observer-strategist-marketer/)

---

# I Gave My Strategist Agent WebSearch. 5 Topics Took 20 Minutes. Splitting It Into 3 Made It 3.

URL: https://kenimoto.dev/blog/three-role-separation-observer-strategist-marketer/
Lang: en
Date: 2026-05-14
Description: I had one agent doing observation, strategy, and execution. Picking 5 topics took 20 minutes and burned 120k tokens. Splitting it into Observer / Strategist / Marketer dropped it to 3 minutes and cut tokens by 60%. The architecture, the allow-list per role, and why WebSearch in the judgment loop is a trap.

I thought one agent doing everything was elegant. One `claude -p` call, "pick today's topics and write the articles," done. It took 20 minutes to pick 5 topics.

Splitting it into three agents took the same job to 3 minutes and dropped token cost by about 60%. The agents are dumber individually. The pipeline is faster.

The trick is not "more agents." The trick is taking WebSearch out of the agent that does the judging.


## The 1-agent setup that took 20 minutes

The original setup was one prompt, one agent, one run:

> "Look at yesterday's GA4 data, pick 5 topics for today, and write the top one."

The agent was allowed `Bash, Read, Write, Edit, Grep, Glob, WebSearch, WebFetch`. Everything it could possibly need.

For each candidate topic, it did roughly the same thing: WebSearch to check "what's hot in this space right now," WebSearch again to confirm a trend, WebSearch a third time to cross-check a competitor. Five topics, three to four searches each, 15 to 20 searches per run. Each search dumped a few thousand tokens of result into the context.

By the time the agent was choosing topic 3, the judgment context contained 40,000+ tokens of search results from topics 1 and 2. The signal-to-noise ratio collapsed. The agent started picking topics that "felt confirmed by recent news" rather than topics that matched my actual content stock.

The visible symptom was time: about 20 minutes per run. The hidden symptom was drift: I kept overriding the agent's picks during the weekly review, because they didn't match what I had material for.

## Why WebSearch in the judgment loop is a trap

WebSearch is fine. WebSearch in a judgment loop is the trap.

Two things happen when you let the judge search:

**Time:** A WebSearch is 5-20 seconds. Five topics times four searches is 100 seconds of waiting per run, before you even count read time and reasoning. For a single human asking one question it's nothing. For a daily automated job it stacks up fast.

**Context pollution:** Each result adds 2,000-5,000 tokens of HTML-scraped page text into the judgment context. None of it was structured for "is this topic right for my content?" It was structured for SEO. The judge ends up reasoning from a pile of marketing copy instead of from its own data.

The fix is unglamorous. The judge should not have WebSearch. WebSearch belongs in the writer.

## Role 1: Observer — collect only

The Observer's job is "fetch yesterday's numbers, write them to a file." That is the whole job.

Inputs: GA4, the Zenn API, the Dev.to API, yesterday's logs. Output: `domains/<name>/data/snapshot-YYYY-MM-DD.json`.

Allowed tools:

```bash
claude -p "$(cat scripts/prompts/observer-prompt.txt)" \
  --allowed-tools "Bash,Read,Write"
```

No WebSearch. No WebFetch. No Edit. The Observer reads three APIs through `curl` and writes a single JSON file. If it tries to be clever and "interpret the data," the prompt tells it not to. The schema enforces it: fields are `total_views`, `top_performers_3`, `errors_yesterday`. No `recommendation` field exists, so there's nowhere to put a judgment even if it wanted to make one.

This sounds like a downgrade. It is, in the same way a single-purpose function is a "downgrade" from a god-object. When the Observer fails, I know exactly which API broke, because that's all it does.

## Role 2: Strategist — judge only, no WebSearch

The Strategist reads what the Observer wrote, reads `strategy.md` for the rules, reads the last 30 days of published topics for the exclusion list, and picks 5 topics. That's it.

```bash
claude -p "$(cat scripts/prompts/strategist-prompt.txt)" \
  --allowed-tools "Bash,Read,Write,Edit,Grep,Glob"
```

Notice what's missing: `WebSearch`, `WebFetch`. Physically gone from the allow-list. The Strategist literally cannot reach the internet.

This was the part I resisted. "How can it judge today's topics without checking what's trending?" That was the wrong question. The right question is: am I writing topics that are trending elsewhere, or topics that match my content stock?

The Strategist sees:

- Three months of my own performance data (what got read)
- My content stock (book chapters, unpublished drafts)
- 30-day exclusion list (what I already wrote)
- My own `strategy.md` rules

That is enough to pick 5 topics in about 90 seconds, not 20 minutes. The token consumption per Strategist run dropped from roughly 80,000 to roughly 20,000 because there are no WebSearch results to read.

"Adding evidence with WebSearch" sounded like a good idea. In practice it added 8 redundant searches and 40,000 tokens of noise.

## Role 3: Marketer — execute, WebSearch allowed

The Marketer reads the Strategist's output, picks the top topic, and writes the article. This is where WebSearch shows up:

```bash
claude -p "$(cat scripts/prompts/marketer-prompt.txt)" \
  --allowed-tools "Bash,Read,Write,Edit,Grep,Glob,WebSearch,WebFetch"
```

The Marketer uses WebSearch for execution research:

- "Latest stable version of LangGraph in 2026"
- "Anthropic Building Effective Agents doc URL"
- "Inngest pricing tier for cron-driven workflows"

These are citations and version checks, not judgments. "Should I write this topic?" is already decided. The Marketer's WebSearch is bounded by the article in front of it.

Two consequences fall out of this:

1. Cost localizes. WebSearch spend lives in the Marketer, where it produces visible output. The Strategist's per-run cost is now small enough that I run it multiple times a week without thinking about it.
2. Failure localizes. When WebSearch is flaky or down, only the writer breaks. The Strategist still produces today's picks. The Observer still records yesterday's numbers. The pipeline degrades, it doesn't halt.

## The cron chain: how the three roles connect

The three agents do not share a conversation. They share files.

```text
07:00  Observer    → writes snapshot-2026-05-14.json
09:00  Strategist  → reads snapshot, writes strategist-2026-05-14.md
10:00  Marketer    → reads strategist.md, writes drafts + schedules 22:00 publish
22:00  Observer    → records today's early traction → tomorrow's input
```

I run this as plain `cron` on a small VPS. The full crontab is in [chapter 11 of the harness book](https://kenimoto.dev/books/harness-engineering-guide); the short version is one line per job with `set -euo pipefail`, `trap ... ERR`, a Telegram failure ping, and a lock file. About 30 lines of shell per role.

If you want managed durability instead of cron, [Temporal's Schedules](https://temporal.io/blog/orchestrating-ambient-agents-with-temporal), [Inngest's cron triggers](https://www.inngest.com/), and [GitHub Actions cron](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule) all hit the same shape. The architecture doesn't care which one carries it. I use cron because the failure mode is "the server is off," and I notice that quickly.

The handoff is always a file on disk. JSON for the snapshot, Markdown for the strategist log, Markdown for the marketer log. Human-readable, dated, replayable. I can re-run yesterday's Marketer against yesterday's Strategist file by changing one environment variable. That's `backfill` for free, without inheriting Airflow.

## Sub-agent vs role separation — don't confuse them

I have a separate post about [running three Claude Code sub-agents on the same PR and watching them disagree 41% of the time](https://kenimoto.dev/blog/three-sub-agents-reviewed-same-pr-40-percent-disagreement). People sometimes ask if that's the same thing as what I'm describing here.

It is not. They look similar on a slide and behave nothing alike in practice.

| | Sub-agent (Claude Code Task tool) | Role separation (cron) |
|---|---|---|
| **Scope** | Same session, same parent agent | Three separate processes, three separate runs |
| **State** | Parent passes context as input | File on disk |
| **Timing** | Synchronous, parent waits | Asynchronous, hours apart |
| **Failure** | Parent owns retry | Each job retries independently |
| **Use case** | "Explore this codebase in parallel" | "Run yesterday's PDCA every morning" |

Sub-agents are great for *parallelism inside one task*. Role separation is for *time-shifted pipelines*. Mixing them produces the worst of both: you get cron's debug surface plus sub-agents' shared-context drift.

The rule I use: if the answer has to come back in the same conversation, it's a sub-agent. If the answer has to survive a server reboot, it's a separate cron job.

## What changed, measured

These are my numbers from running both setups on the same content stack:

| Metric | 1-agent | 3-role | Change |
|---|---|---|---|
| Time to pick 5 topics | ~20 min | ~3 min | -85% |
| Tokens per daily run | ~120k | ~45k | -62% |
| Monthly API spend | ~$60 | ~$22 | -63% |
| Topic re-pick rate (weekly review) | 2-3/wk | 0-1/wk | down |
| WebSearch outage breaks pipeline | yes | no | fixed |
| Mean debug time per failure | 30-60 min | 5-10 min | -80% |

The token math is the one that surprised me. I assumed splitting into three agents would *increase* total token usage because of duplicated context. It didn't, because the deleted WebSearch traffic was bigger than the new per-role overhead.

The debug time is the one that matters daily. With one agent, "the job failed at 09:14" tells me nothing. With three roles, "the Strategist failed at 09:14" tells me which 30-line script to read.

"Adding agents made it faster" sounds wrong on its face. It's only faster because I removed WebSearch from the judgment loop. The split is what made the removal feasible — once Observer and Strategist couldn't reach the internet, the temptation to "just search one more thing" was gone.

---

**Related**: I've been writing about agent harnesses for a while — [Natural-language agent harnesses (arxiv)](https://kenimoto.dev/blog/natural-language-agent-harnesses-arxiv) covers the concept; this post is the implementation. The deep version, with full crontab, prompt files, and role allow-lists, is in [Harness Engineering: From Using AI to Controlling AI](https://kenimoto.dev/books/harness-engineering-guide).

---

# 3 Claude Code Sub-agents Reviewed One PR — They Disagreed on 40%

URL: https://kenimoto.dev/blog/three-sub-agents-reviewed-same-pr-40-percent-disagreement/
Lang: en
Date: 2026-05-12
Description: Three Claude Code sub-agents, one 500-line PR, 41% disagreement, and one hour spent figuring out which findings to keep. Brooks's Law is alive in 2026.

I thought multi-agent code review was a free upgrade. Three sub-agents looking at the same PR sounded like three pairs of eyes for the cost of one engineer's coffee.

Then I ran three Claude Code sub-agents on the same 500-line refactor PR and watched them disagree on 41% of the comments. The merge took an hour I had budgeted for fifteen minutes. Brooks's Law is alive in 2026, and apparently it scales down to agents.

Anthropic [announced in March](https://claude.com/blog/code-review) that fewer than 1% of their internal code-review findings get marked incorrect by engineers. That number is real, and it is also a stat from people running one tightly-tuned pipeline on their own codebase. As soon as I stood up my own three sub-agents on my own repo, "agree" stopped meaning what I thought it meant.

This is the experiment. What I set up, what I measured, and what I now actually believe about parallel sub-agent review.

## The setup

The PR was a 500-line refactor of a WebRTC signaling layer in one of my side projects. Eight files, mostly TypeScript, a couple of config tweaks, one new error type. Boring enough to not be a stunt PR, complex enough that a single reviewer would miss things.

Three sub-agents, all defined under `.claude/agents/`, all using Sonnet 4.6, each restricted to read-only tools:

```markdown
---
name: explore-reviewer
description: Trace callers, dependents, and dead code paths.
model: sonnet
allowed-tools: Read Grep Glob
---

You are a code archaeologist. For each changed file, find every caller,
every test that references it, and any path that goes silent after the change.
Report concrete file:line citations. No style opinions.
```

```markdown
---
name: security-reviewer
description: Look for auth, validation, and secret-handling regressions.
model: sonnet
allowed-tools: Read Grep Glob WebSearch
---

You are a security reviewer. Focus only on auth flows, input validation,
secret handling, and dependency risks. Estimate CVSS for each finding.
Ignore style and architecture.
```

```markdown
---
name: plan-architect
description: Assess design decisions against existing conventions.
model: sonnet
allowed-tools: Read Grep Glob
---

You are a software architect. Compare the PR's design choices against the
existing conventions in this codebase. Flag drift, missing seams, and
abstractions that will hurt the next person.
```

Each sub-agent got the same prompt: "Review PR #482 line by line and list findings as bullets with file:line citations." Each ran in its own context. None of them saw each other's output. I was the only one stitching results together at the end.


## What 41% disagreement actually looked like

After all three finished, I had 78 raw comments total. I sat down with a spreadsheet and tagged each one as "raised by 3", "raised by 2", or "raised by 1".

| Coverage | Count | Share |
|---|---|---|
| All 3 agents flagged it | 14 | 18% |
| 2 of 3 agents flagged it | 32 | 41% |
| Only 1 agent flagged it | 32 | 41% |

The "raised by 1" bucket is what I'm calling disagreement. Two other sub-agents had every opportunity to flag the same line, with the same tools, on the same diff. They walked past it. That is a 41% chance that any individual finding is one sub-agent's private opinion.

The headline Anthropic number — <1% marked incorrect — is measured differently. They count findings that an engineer explicitly closes without fixing. I'm counting findings that two of three agents looking at the same code never bothered to mention. Those are different questions, and the second one is the one that costs me time at the keyboard.

## The four disagreement patterns

After classifying every disagreement, four patterns covered almost all of them.

**Severity drift.** The plan-architect flagged a missing null check as "critical". The security-reviewer noted the same line and called it "low — caller already validates upstream". Both were right, sort of. The architect was reading the function in isolation. The security reviewer had grep-walked the callers and seen the upstream check. Same line, opposite verdicts.

**Scope drift.** Asked to review the PR, the explore-reviewer happily told me about three pre-existing bugs in files the PR did not touch. The plan-architect refused to comment on anything outside the diff. I had no way to know in advance which behavior I would get. Strictly speaking, both interpretations are defensible. Practically speaking, one of them blew up my comment count.

**Concreteness drift.** The plan-architect wrote: "Consider extracting the retry logic into a shared helper." The security-reviewer wrote: "Replace lines 184-201 with `retry(opts, () => fetchToken(opts.url))` and add a 30s ceiling, otherwise the auth-refresh path can hang the worker." Same idea. One I could apply in thirty seconds, the other I needed to spend a meeting on. Concreteness is a wildly larger axis of variance than I expected.

**Tool-budget drift.** The explore-reviewer had grep and glob, and noticed that the renamed function was still referenced in a CI script nobody had updated. The plan-architect, with the same tools, never looked there. Same allowed-tools list, same prompt about "find dependents". One walked the surface, one walked the building. Drift here came down to how aggressively each system prompt told the agent to roam.

If you have used Claude Code [sub-agents](https://code.claude.com/docs/en/sub-agents) for anything beyond a one-off Explore call, none of this is shocking. What was shocking, for me, was how cleanly the four buckets carved up almost every disagreement I tagged.

## The bug nobody caught

Two days after I merged, a colleague found a race condition in the new error-handling path. The PR introduced a one-frame window where two reconnect attempts could fire on the same socket. None of the three sub-agents mentioned it. The pull-request description, which I had written by hand, did mention "reconnect logic moved", which is what made my colleague go look.

"Given enough eyeballs, all bugs are shallow," Eric Raymond wrote in 1999. He was right about eyeballs. He did not specify that three of them needed to be aimed at the same window. Mine were all squinting at the diff. None of them stepped back and asked: what changed about timing?

## The hour I lost to merging

The actual merging of the three reports was the part I had not budgeted for.

For each "2 of 3" or "1 of 3" finding, I had to decide:

1. Is this real or is it a context gap I can close with one grep?
2. If real, is the severity from agent A right, or the severity from agent B right?
3. If a fix is suggested, is the concrete one safe to apply, or do I need to push back to the abstract version?

That last question alone took me three coffee refills. Two sub-agents had told me to "extract a shared helper". One had given me a specific helper. I had to read the diff a third time, by hand, to figure out whether the specific helper was actually the right shape. It wasn't. I ended up writing a fourth version.

Brooks's Law was about communication overhead between humans on a late project. I am now convinced it generalizes to "any time you put N independent perspectives on the same artifact, your N+1 reviewer is the integrator, and the integrator's hour goes up roughly linearly in N." Three sub-agents felt like 3x the eyes. They were also 3x the integration cost.

If you ran Claude Code [autonomously for a day](/blog/autonomous-agent-24-hours-security-lessons) and lived to tell about it, you already know this from the other direction: the bottleneck moves to whoever is reading the agent's output.

## How many sub-agents is the right number

I do not think the answer is one. After the same week I ran the experiment with N=3, I tried N=1 on a smaller PR — just a single general-purpose review pass. It missed the kind of cross-file dependency that the explore-reviewer would have caught. One pair of eyes is genuinely worse than two.

My current heuristic, after maybe a dozen PRs of this:

- Tiny PR (<100 lines, no new files): one sub-agent. Anything more is overhead.
- Medium PR (100-500 lines, touches one subsystem): two sub-agents with different angles, usually explore + security or explore + architect. Pick the second to match what the PR is actually risking.
- Large or cross-cutting PR (500+ lines, multiple subsystems): three. Plan the integration time in advance. It is not free.

Above three, I have not seen the value. HAMY's [nine-agent setup](https://hamy.xyz/blog/2026-02_code-reviews-claude-subagents) is interesting, but I would want a second tool just to merge the reports, and I would want it to be cheaper than me.

The other knob is concreteness. I now ask each sub-agent for findings "with the smallest concrete change that fixes them, or marked as no-fix if you don't know". That single line in the system prompt collapsed about half of my concreteness drift.

## What I actually believe now

Multi-agent code review is not free. It is closer to "three junior reviewers reading in different rooms, and you are the senior who has to merge their notes." The eye count goes up, but so does the integration cost, and the integration cost is the part that lives in your calendar.

The bug nobody caught is the part that humbled me most. Three agents, three angles, all read-only, all aimed at the same diff. None of them noticed the timing change because none of them were asked to. Sub-agents are extremely good at the questions you put in their system prompt. They are mediocre at the questions you forgot to ask. That is the actual limit, not the model.

If you take one thing from this: write a fourth sub-agent prompt called `what-am-i-not-asking`, give it your diff, and ask it to nominate the categories your other agents will miss. Then read its answer. Then write the real review prompts. I did not do this for the experiment in this post, which is exactly why I lost an hour at merge time and a colleague found my race condition.

Anthropic's <1% number is real. It is also measured on a pipeline that someone spent months tuning, not on three sub-agents you wrote between meetings. Tune yours. Until then, expect 40%.

---

**Want the deeper version of this?** I cover sub-agent design, custom agent patterns, and the full Claude Code workflow in [Practical Claude Code](https://kenimoto.dev/books/claude-code-mastery) — the field guide for engineers who want to run Claude Code seriously.

Related on this blog:

- [Claude Code Skills: The Reusable Workflow Pattern](/blog/claude-code-skills-reusable-workflow-pattern/)
- [I Let My Claude Code Agent Run for 24 Hours](/blog/autonomous-agent-24-hours-security-lessons/)
- [Natural-Language Agent Harnesses: An arXiv Reading](/blog/natural-language-agent-harnesses-arxiv/)

---

# TRM's 8,337% LLMO Playbook on Indie Sites: Only 1 of 4 Pillars Worked

URL: https://kenimoto.dev/blog/trm-8337-percent-llmo-pillars-indie-test/
Lang: en
Date: 2026-05-20
Description: The Rank Masters published a 90-day case study with an 8,337% ChatGPT-referral lift and four LLMO pillars. I copied the playbook onto three indie sites for 90 days. Three of the four pillars produced flat lines. The one that moved was not the one I expected.

When a US SEO agency called The Rank Masters published their 90-day case study showing an **8,337% lift in ChatGPT referrals**, the headline did exactly what headlines are supposed to do. I clicked. Then I noticed the baseline was 8 visits and the post-period was 675. So yes, the percentage is technically true. It is also true that if you go from one customer to twelve, you have grown your business by 1,100%.

What I actually cared about was the rest of the table. Average engagement time on AI-search traffic was **5 minutes 41 seconds per user**. Page views per user climbed to 48. Those numbers are not a percentage trick. Those are people who showed up already interested and stayed. That is the part worth copying.

TRM described their playbook as four pillars. I spent 90 days copying all four onto three of my own indie sites to see which ones actually moved the needle for someone without an agency-sized content team behind them. Three of the four were noise. The one that worked was the one I almost skipped.


## The setup

The three indie sites:

- **kenimoto.dev** — my engineering blog, ~50 articles at the start of the test, four-language stack (EN/JA/PT/ES), already had a `llms.txt` and JSON-LD on most pages
- **Site B** — a 12-page niche tools site I built for a hobby project, almost zero schema, no author bio
- **Site C** — a one-page indie SaaS landing page that ranks for a long-tail keyword, no blog, no schema

I picked sites at three very different stages on purpose. If a "pillar" only works on the site that was already 80% set up, that is not really a pillar. That is a finishing touch.

Baseline period was 30 days before the test. Treatment period was the 90 days that followed. I used GA4 with the `chatgpt.com` and `perplexity.ai` referrer regex from [llmoframework.com's pillars guide](https://llmoframework.com/framework/overview/), plus the four AI crawler user-agent filters in my server logs to confirm cross-channel pickup. I did not have a fourth control site running the playbook in reverse, which is the obvious gap. I am calling it before someone else does.

## The four pillars, as TRM described them

For anyone who has not read the original case study, here is the short version of what TRM ran:

1. **Semantic SEO system** — map content to entities and search intent, not keywords. Build topical authority through related entity coverage.
2. **Modular content architecture** — Problem → Framework → Steps → Proof → CTA blocks. Each block stands alone so LLMs can quote it.
3. **GEO enhancements** — Article / FAQ / HowTo / Organization JSON-LD on every page, plus author and E-E-A-T signals.
4. **Query fan-out cluster** — build 30 long-tail pages around each core concept so AI subqueries always hit something you wrote.

In TRM's hands, applied as a system across 42 pages in 12 weeks, the four-pillar combination produced the 8,337% number. I did not have 12 weeks and I did not have 42 pages of capacity. What I had was three sites and a fixed budget of evenings. So I applied each pillar in isolation where I could, and tracked which one produced movement.

## Pillar 1: Semantic SEO. Flat line on all three sites.

I spent the first three weeks rebuilding internal links on kenimoto.dev around entity clusters. Instead of "AI agent" appearing in 14 disconnected posts, I added a hub page, cross-linked siblings, and pointed everything at a canonical entity definition. On Site B I rewrote four pages around their parent entity. Site C got one new "what is X" sibling page.

After 90 days, ChatGPT referrals to kenimoto.dev went from 18/month to 23/month. Site B moved from 0 to 2. Site C did not move. That is not zero, but it is also not a pillar.

My read: semantic SEO is real, but its payoff window is longer than 90 days, and it compounds with everything else you do. For a small site running it as a standalone lever, the signal disappears into noise. TRM probably saw the benefit because they ran it concurrently with 42 fresh pages and a query fan-out cluster.

The pillar is fine. It just is not the thing that moves a 50-article blog in a quarter.

## Pillar 2: Modular content. Best for the writer, worst for the test.

The Problem → Framework → Steps → Proof → CTA structure is a great editorial constraint. I rewrote eight existing kenimoto.dev posts to fit it. The articles read better. They are easier to skim. I am personally happier with them.

The traffic data did not notice. ChatGPT referrals to those eight rewritten posts were within their own normal week-to-week variance. The new TL;DR blocks did show up in [my AI citation tracker](https://kenimoto.dev/blog/measure-ai-citations-llmo-kpi) results twice, which is more than zero but well inside noise for a sample of eight.

Two things I think are going on:

- TRM's modular blocks worked on **brand new pages with no prior AI exposure**. Rewriting an indie blog post that has already been crawled and may already be cited does not reset that perception.
- "Standalone-quotable paragraph" is a quality criterion most decent technical writing already meets. The marginal gain from formalising it on an indie blog that is already written by a human is small.

I am keeping the structure. I do not think it is what moved TRM's number.

## Pillar 3: Author schema and E-E-A-T. The one that worked.

This is the part I almost skipped. JSON-LD has a reputation for being the LLMO equivalent of writing a great cover letter for a job you would have gotten anyway. I have built sites that ranked fine without a single `Person` schema and I have built sites with perfect schema that nobody cites.

Three things changed:

- I added a `Person` schema to every author byline on kenimoto.dev, with `sameAs` pointing to GitHub, X, LinkedIn, and a verified Zenn profile
- I wrote a real `/about` page with `Person` + `ProfilePage` schema, including credentials and a list of published books and articles with `WorkExample` links
- I added `author` and `publisher` fields to the existing `Article` schema on every post

Total time: about six hours. No content was added, no posts were rewritten.

Result over 90 days on kenimoto.dev:

- ChatGPT referrals: 18/month → **127/month**
- Perplexity referrals: 4/month → **41/month**
- AI citation tracker hits across five trackers: **a 3.7x median lift**, with two trackers showing my author name as a recommended source for "LLMO indie" and "AI search optimization individual practitioner" queries

Site B got a smaller version of the same effect (0 → 8/month on ChatGPT, from a much smaller surface). Site C, which had no real author and no `/about` page worth writing, did not move.

I want to be careful here. n=3 is not a study. The lift is also confounded with the fact that I happened to publish a guest article on llmoframework.com during the same window, which probably contributed to the `sameAs` graph getting wired up faster. But the **timing of the spike** on kenimoto.dev tracks the schema deploy date more cleanly than it tracks any other change I made.

My current best guess at why: large language models are trying very hard to attach citations to **named, verifiable people**. They are nervous about citing pages that read like anonymous SEO content, because their providers have been burned by hallucinated citations and have visibly tightened up. A pile of clean `Person` schema linking to verifiable external profiles is the cheapest way to look like a named, verifiable person.

This was not on my list of "things that would move the needle." I had bet on Pillar 4.

## Pillar 4: Query fan-out cluster. Ran out of capacity at page 11.

The TRM playbook calls for 30 long-tail pages per core concept. I picked "Claude Code subagents" as my concept on kenimoto.dev and planned the cluster. I shipped 11 of the 30 pages over the 90 days. The remaining 19 were on the spreadsheet, mocking me.

The 11 pages did pull some AI citation. Five of them appeared in at least one AI search result for a related sub-query. But the volume was small enough that it did not show up in the referrer data above a couple of visits each.

I think the pillar works. I do not think it works for a one-person indie operation in a 90-day window. The published TRM number came from "42 pages in 12 weeks" because TRM had an agency. I had two evenings a week. A cluster strategy that needs 30 pages to fan out is essentially a hiring strategy in disguise.

If you have a team, run Pillar 4 first. If you do not, run Pillar 3 and revisit Pillar 4 when you have hiring budget.

## What the heatmap actually says

If I rank the four pillars by AI-referral lift across the three indie sites:

| Pillar | kenimoto.dev | Site B | Site C |
|---|---|---|---|
| 1. Semantic SEO | + (mild) | + (mild) | flat |
| 2. Modular content | flat | flat | flat |
| **3. Author schema / E-E-A-T** | **+++ (3.7x)** | **++ (start from 0)** | flat (no author surface) |
| 4. Query fan-out (partial) | + (mild) | n/a | n/a |

The "Pillar 3 only" result is suspicious in a healthy way. It is the cheapest pillar to implement, the one most people skip because it feels too obvious, and the one with the biggest gap between "looked easy" and "actually moved the data."

If I were giving advice to another indie dev about to run this playbook in 2026:

1. **Do Pillar 3 first.** Six hours of JSON-LD work has the best return per hour I have measured.
2. **Run Pillar 2 as a writing habit, not a campaign.** It is a quality move; do not expect it to show up in referrer data on its own.
3. **Postpone Pillar 4 until you have a content team.** The fan-out maths assumes throughput you probably do not have.
4. **Run Pillar 1 in the background.** It compounds slowly. Do not stop, but do not stare at the dashboard for it.

The 8,337% number is real in TRM's spreadsheet. It is also a multi-pillar, multi-page, agency-sized effort that landed at 675 page views. For three indie sites, the leverage is in Pillar 3, and Pillar 3 alone got me from 22 monthly AI referrals to 176. That is a 700% lift on traffic I can actually feel.

It also took me six hours.

---

If you want the implementation details, the [llmoframework.com pillars guide](https://llmoframework.com/framework/overview/) has the JSON-LD templates I used, and my deeper write-up on which schemas actually get parsed by LLM crawlers is in [LLMO: AI Search Optimization](https://kenimoto.dev/books/llmo-ai-search-optimization).

---

# ブログを4言語化したら、ポルトガル語版だけ流入が約4倍になった - 22日分の生データ

URL: https://kenimoto.dev/ja/blog/4-languages-30-days-portuguese-4x-traffic/
Lang: ja
Date: 2026-05-21
Description: 22日間のGA4で、PT 748 PV、EN 195 PV、JA 27 PV、ES 7 PV。スペイン語が伸びると思っていた私の予想は全方位で外れました。多言語LLMOで見えた3つの非対称について、生データと合わせて書きます。

ブログを4言語化したとき、私の中には明確な序列がありました。英語が量で勝つ。スペイン語は話者数で2位。日本語は母国語なので安定。ポルトガル語はロングテール、ほぼ完璧主義の付け足し、くらいの位置づけでした。

22日後のGA4スナップショットは、その序列のすべての項目を否定してきます。


- **PT: 748 PV**、709 sessions
- **EN: 195 PV**、176 sessions
- **JA: 27 PV**、29 sessions
- **ES: 7 PV**、7 sessions

PT版が英語の約3.8倍、日本語の約28倍、スペイン語の約107倍を、同じブログ、同じ更新頻度、同じ書き手で叩き出しています。PT版の1記事(24時間自律エージェントのセキュリティ記事、375 PV)だけで、英語ブログ全体の合計を上回っています。

スペイン語が驚かせてくれることを期待して書き始めたのに、驚かせてきたのはポルトガル語で、スペイン語は静かに存在しないままでした。

## 数字を割り引いて読めるよう、前提を先に出しておきます

これは厳密な比較実験ではありません。1つのブログ([kenimoto.dev](https://kenimoto.dev))に4つの言語ディレクトリ(`/en/`、`/ja/`、`/pt/`、`/es/`)を持たせて、記事をクロス言語のLLMパイプラインで翻訳し、人手でレジスタとローカルを調整しているだけです(BR Portuguese vs PT Portuguese、LatAm-neutral Spanish vs スペインSpanish)。期間は2026-04-30〜2026-05-21の22日分のスナップショットです。

記事数はEN 26本、JA 25本、PT 17本、ES 10本。PTは英語より記事が少ないのに、英語の4倍近い流入を取っています。

ここで読むのをやめても1つだけ持って帰ってほしいのは、**言語の非対称性は記事数の非対称性を丸呑みにすることがある**、ということです。飽和した言語に記事を1本足すより、空いている言語に記事を1本足すほうが、リターンは桁違いです。

## なぜPTが抜けたのか

「ポルトガル語圏の読者は私のことが特に好き」というオチではありません。3つの非対称が重なっています。


### 1. TabNewsは英語圏にない「ちゃんとした入り口」

[TabNews](https://www.tabnews.com.br/)はブラジルの開発者コミュニティです。フォロワー0でも、技術記事を投稿すれば、その日のうちに人間に読まれます。英語圏には等価なものがありません。Hacker Newsはありますが、無名で目に留まるハードルは比較にならないくらい高いです。

同じ記事をTabNews(PT)とDev.to(EN)にクロスポストすると、TabNewsは安定して referral 流入を返してきます。Dev.toはフォロワーがいないとほぼ無風です。この差がGA4の数字にそのまま乗ります。

### 2. ポルトガル語のAI search SERPは薄い

英語のLLMOコンテンツは飽和市場です。ChatGPT、Perplexity、Geminiでひとつのプロンプトを叩いたとき、まともな候補記事が何千とあります。個人サイトのshare of voiceは相対的にゼロに近づきます。

ポルトガル語はそこが薄いです。「spec-driven development com Claude Code」のような技術プロンプトに対して、AIが選ぶ候補のポルトガル語ソースは数えるほどしかありません。最初にまともな答えを出した記事が勝ちます。英語で同じことをやっても、その記事は埋もれます。

これは[Peec AI](https://llmpulse.ai/blog/best-ai-visibility-tools/)のような多言語AI可視性ツールが示しているデータとも一致します。多くのブランドは英語を先に最適化して、残り114言語まで手が回らないまま放置するので、言語カバレッジ自体が moat になるのです。

### 3. `/pt/llms.txt`の early-mover

ブラジル主要の開発系サイトは、まだllms.txtを置いていないところが多いです。LatAm系の主要スペイン語サイトも同様です。kenimoto.devでは初日から `/pt/llms.txt`、`/es/llms.txt`、`/ja/llms.txt`、`/en/llms.txt` を置いています。英語ではこれは普通の衛生管理ですが、ポルトガル語では多少の差別化要因になります。

以前 TRM がChatGPTからの流入を8,337%伸ばしたケースを書きましたが、LLMOの基本を地道に続けると効果は複利になります。多言語版は同じ複利を、その基本がまだ珍しい言語のほうが速く回す、ということです。

## なぜJAはPTの1/27なのか(書いていて辛い)

日本語は私の母国語です。JA版は翻訳ではなく自分で書いているので、文章としては4言語中いちばんきれいなはずです。そのJA版が27 PV。にじゅう、なな。

正直な理由は、日本人エンジニアの多くは [Qiita](https://qiita.com) と [Zenn](https://zenn.dev) を読むからです。自分のドメインで日本語で発信するのは、読者に普段の生息地から出てくることを求めているのと同じです。同じ記事をZennに出すと、初日から数十のリードがつきます。

つまりJAの戦略を変える必要があります。ブログはQiita/Zennと人間流入で競うのではなく、AIクローラーがインデックスする canonical archive として置く。Qiita/Zenn版が人間流入を取る。PT側とは逆の役割分担ですが、それでよいわけです。言語が違えば配信戦略も違って当然です。

## なぜESは7 PVで、それは大半が私の責任なのか

ESは10本、翻訳もきれいなLatAm-neutralです。問題は配信の口です。TabNewsに相当する場所が、私にはまだ見えていません。Stack Overflow en españolはありますがコミュニティの形が違います。[Platzi](https://platzi.com) や [Código Facilito](https://codigofacilito.com) は素晴らしいですが、誰でも投稿できる場所ではありません。

つまりESは奇妙な中間地帯にいます。AI search の競争は英語より薄いので追い風が吹いているのに、コミュニティの入り口が無いから向かい風で相殺されている。結果として一桁PVです。きれいな解は持っていません。これからの30日のES実験は、巨大企業のゲートの内側ではない投稿ハブを探すことに使います。

## 初日に欲しかった多言語LLMOチェックリスト

これからブログをN言語に翻訳する人へ、過去の私に渡したかった playbook を置いておきます。

1. **各言語について、まず「コミュニティの入り口」を特定する。** 話者数ではなく入り口です。ブラジルにはTabNews、日本にはQiita/Zenn、英語圏にはHacker Newsがありますがハードルは高い。スペイン語LatAm圏は私もまだ探しています。
2. **`/{lang}/llms.txt`を初日に置く。** 1言語15分です。非英語サイトでこれを置いている所はまだ少ないです。これはもっとも安いmoatで、[llmoframework.com](https://llmoframework.com) の多言語 playbook でも明示されています。
3. **GA4に言語プレフィックスフィルタを公開前に仕込む。** 後から計測を後付けすると、月に2時間が分析作業で消えます。
4. **全部翻訳しようとしない。** コミュニティの入り口に届きそうな上位20%だけ翻訳します。残りは配信チャネルの検証が済んでから。
5. **各言語のAI search share of voice を別々のKPIとして追う。** ブランド関連プロンプトを各言語でChatGPT、Perplexity、Claude.aiに月次で投げます。非対称が大きいので、測らないと管理できません。

## これからやること

- PT発信頻度を週1から週2へ。TabNews referral が線形に伸びるか飽和するか測定。
- JA戦略の再フレーミング。ブログはAIクローラー用 archive、Zenn/Qiitaは人間配信面。
- ESのコミュニティ入り口探し。LatAmハブ3つで並行実験することも辞さない。
- ENの頻度は据え置き。英語市場は飽和しているので、ENに記事を1本足す価値はPTに1本足す価値より低い。

「時間がないから多言語は無理」と思っていた人は、ROIがいちばん高い言語が話者数最大の言語とは限らない、と思ってみてください。AI search層で競合が薄く、開放的なコミュニティを持つ言語のほうが、リターンが速く来ることがあります。

私のブログではそれがポルトガル語でした。あなたのブログではインドネシア語かもしれないし、韓国語かもしれないし、ポーランド語かもしれません。確かめる唯一の方法は、各言語で1本ずつ書いて、GA4を繋いで、AIエンジンが最初にどれを引用し始めるかを見ることです。

---

多言語でのAI search可視性をどう計測してどう改善するかについて、より深い playbook を本にまとめています: [LLMO: AI Search最適化](https://kenimoto.dev/ja/books/llmo-ai-search-optimization)。多言語の章は、上の数字が出てから3回書き直した章です。

---

# AIパイプラインが壊れる9つの理由 -- 全部AIの外側だった

URL: https://kenimoto.dev/ja/blog/9-bugs-in-my-ai-pipeline/
Lang: ja
Date: 2026-04-30
Description: 自動コンテンツパイプラインを6回テストして9個のバグを見つけた。モデル起因は0個。壊れたのは全て環境設計だった。

AIの自動パイプラインを6回テストして、9個のバグを見つけた。

モデルが原因だったものは、1つもなかった。

壊れていたのは全て**ハーネス** -- モデルの周りの環境だった。この記事では9個のバグの中身と、その修正方法を全て公開する。

## 作ったもの

Claude Codeを使って、記事の自動生成パイプラインを構築した。3つの独立したAIセッションが順番に連鎖する仕組みだ。

1. **Observer** -- トレンド・競合記事・パフォーマンスデータを調査
2. **Strategist** -- テーマを選び、切り口を決め、アウトラインを作成
3. **Marketer** -- 記事本文を執筆、品質チェック、公開予約まで実行

各フェーズは独立したClaudeセッション。Observerの出力がStrategistの入力になり、Strategistの出力がMarketerの入力になる。品質チェックに引っかからない限り、人間の介入は不要 -- そういう設計だった。

このアーキテクチャ図を紙に描いた時点では、私は天才だと思っていた。

```yaml
# 目標のアーキテクチャ
observer:
  schedule: "0 7 * * 1"  # 毎週月曜 7:00
strategist:
  after: observer          # Observer完了後に起動
marketer:
  after: strategist        # Strategist完了後に起動
```

きれいに見える。現実はもっと泥臭かった。


## 9つのバグ

6回のテストで見つけた全バグを整理する。4つのカテゴリに分類できた。

### 実行制御系（2個）

**バグ1: 並列実行の競合**

初期バージョンでは3つのcronジョブを同じ時刻に設定していた。Observerの出力をStrategistがまだ読んでいる最中に、Marketerが起動した。入力なしで。全員が同時に喋り出す会議と同じだ。誰も聞いていない。

```yaml
# Before: 全部同時に発火
observer:   "0 7 * * 1"
strategist: "0 7 * * 1"
marketer:   "0 7 * * 1"
```

修正: 時間ベースのスケジュールから`after`依存によるイベント駆動チェーンに変更した。

**バグ2: 時間ずらしでも競合**

時間をずらしても（7:00, 7:30, 8:00）、Strategistが30分以上かかることがある。設計レベルの競合状態だった。

根本的な修正はバグ1と同じ。時計で管理するな、完了で管理しろ。

### データ整合性系（3個）

**バグ3: テーマの重複**

除外リストがないと、パイプラインが毎回同じテーマを選んでしまう。Observerが「LLMO」がトレンドだと判断し、何度でも「LLMO」を選び続けた。

```python
# 修正: テーマ選定前に除外リストを注入
existing = list_existing_articles()
prompt = f"""
テーマを選べ。以下は既に公開済みなので選ぶな:
{existing}
"""
```

**バグ4: カレンダーの二重登録**

パイプラインが既存エントリの確認なしにカレンダーに登録していた。2回実行すると、同じ予定が2つ入る。

修正: 登録前に同名エントリを削除。

**バグ5: 公開日の衝突**

自動スケジューラーが、既に記事が予約されている日を選んでしまう。同じ日に2本、翌日は0本。

```python
# 修正: 空き日を先に算出
available = get_available_publish_dates(
    start=today,
    count=batch_size,
    existing=get_scheduled_dates()
)
```

### 品質保証系（2個）

**バグ6: 品質チェックの自己申告**

AIが自分の成果物を自分でチェックしていた。「この記事は良いですか？」「はい、素晴らしいです。」宿題を自分で採点して100点をつける小学生と同じ仕組みを、私は真面目に設計していた。

修正: 品質チェックを**別のClaudeセッション**で実行する。執筆セッションの記憶を持たない、独立したレビュアーに任せた。

**バグ7: Witチェックの未実装**

AI Slop語彙のチェックはあったが、Wit（自嘲・メタファー・大言壮語の直後に入れるツッコミ）のチェックがなかった。文法的に正しいが、読んでいて退屈な文章が通過していた。

修正: Phase 4にWitチェックを追加。最低2箇所のWit要素を確認する工程を入れた。

### インフラ系（2個）

**バグ8: bash構文エラー**

プロンプトテンプレートに`<devto_id>`というプレースホルダーがあった。bashが`<`を入力リダイレクトと解釈し、コマンドが壊れた。エラーも出ない。

```bash
# Before: bashが<devto_id>をリダイレクトと解釈
echo "Update article <devto_id> to published"

# After: エスケープまたはクォート
echo "Update article DEVTO_ID_PLACEHOLDER to published"
```

**バグ9: atジョブの二重登録**

`at`コマンドで公開予約をしていたが、同じ記事IDのジョブが既にあるか確認していなかった。再実行すると、同じ記事が2回公開される。

修正: 新しいジョブを登録する前に、同じIDのジョブを削除。

## パターン

9個のバグを振り返ると、モデルが悪い文章を生成した事例は1つもない。モデルは問題なかった。壊れていたのはモデルの*周り*だ。

| カテゴリ | 件数 | 例 |
|---------|------|-----|
| 実行制御 | 2 | 並列セッション、競合状態 |
| データ整合性 | 3 | 重複、衝突、除外リスト欠如 |
| 品質保証 | 2 | 自己採点、チェック漏れ |
| インフラ | 2 | シェルエスケープ、ジョブ管理 |


これはAIエンジニアリングの3層モデルにきれいに対応する。

- **Prompt Engineering**: モデルへの指示を最適化する
- **Context Engineering**: モデルに送る情報全体を最適化する（RAG、ツール、メモリ）
- **Harness Engineering**: モデルが動作する環境全体を最適化する

9個全てがハーネスのバグだった。Y Combinatorの調査でも、AIエージェントプロジェクトの40%が失敗しており、共通の原因はモデルの質ではなくハーネスの不在だという。

## 修正: イベント駆動チェーンへの移行

最もインパクトが大きかった変更は、時間ベースのcronからイベント駆動の依存チェーンへの移行だ。

```yaml
# 最終アーキテクチャ
observer:
  schedule: "0 7 * * 1"
strategist:
  after: observer
marketer:
  after: strategist
```

各フェーズは出力を所定の場所に書き込む。次のフェーズは前のフェーズが正常完了した場合のみ起動。途中で失敗したらチェーンが止まる。下流への汚染はない。

9個の修正を全て反映した7回目のテストでは、5本の記事を一括生成し、衝突しない日程に自動スケジュールし、それぞれ独立した品質チェックを通過させることに成功した。

## 学び

AIエージェントの品質は、AIの外側で決まる。

モデルはシェフ。コンテキストは食材。ハーネスはキッチン。

キッチンが壊れていたら -- コンロが同時に暴発し、食材が混ざり、誰も味見をしない状態では -- シェフの腕は関係ない。

私はプロンプトの最適化に3時間かけた。キッチンの点検に使ったのは0分だった。自分がバグ10個目だ。

プロンプトを最適化する前に、キッチンを点検しよう。

---

## この記事の要点を、12枚のスライドに

「品質はAIの外側で決まる」という本記事の話を、ハーネス・エンジニアリングの全体像として12枚にまとめました。スライドだけでも流れがつかめます。

<script async class="docswell-embed" src="https://www.docswell.com/assets/libs/docswell-embed/docswell-embed.min.js" data-src="https://www.docswell.com/slide/Z1QX9G/embed" data-aspect="0.5625"></script><div class="docswell-link"><a href="https://www.docswell.com/s/kenimo49/Z1QX9G-harness-engineering-guide">ハーネス・エンジニアリング入門 ― なぜ同じAIで成果が変わるのか by @kenimo49</a></div>

## さらに深掘りしたい方へ

本記事はその一面に過ぎません。OpenAI・Anthropic・LangChain・Martin Fowler・学術の5つの解釈を1冊に統合した体系書 **[ハーネス・エンジニアリング — AIを"使う"から"操る"へ](https://kenimoto.dev/ja/books/harness-engineering-guide)** で、ハーネスとは何か、どう設計し、どう運用するかを19章で解説しています。

---

# AIエージェントは月いくらかかるのか -- API・サブスク・ローカルの損益分岐点

URL: https://kenimoto.dev/ja/blog/ai-agent-cost-structure-breakeven/
Lang: ja
Date: 2026-05-03
Description: AIエージェントのコストを3類型（API従量課金・サブスクリプション・ローカルLLM）で整理し、2026年5月時点の料金で損益分岐点を計算した。

AIエージェントの選定記事を10本読んで、「精度」「拡張性」「エコシステム」の比較表を眺めた。よくわかった。ただ、一番知りたいことが書いていない。

**月いくらかかるのか。**

技術選定で最初にやるべきことは、アーキテクチャ図を描くことでも、ベンチマークを読むことでもない。上長に「月額いくら？」と聞かれたときに即答できる数字を持っておくことです。私はこれを怠って、プロトタイプが完成してから見積もりを出し、「これ月5万かかるの？」という一言でプロジェクトが3週間止まった経験があります。

2026年5月時点の料金体系で、AIエージェントのコストを3つの類型に整理しました。

## コスト構造の3類型

AIエージェントのコストは、LLMをどう使うかによって3つのパターンに分かれます。


### 類型1: API従量課金

LLMプロバイダのAPIキーを使い、トークン消費量に応じて課金される方式です。

2026年5月時点の主要モデル料金:

| モデル | 入力 | 出力 | 特徴 |
|--------|------|------|------|
| Claude Opus 4.6 | $5/MTok | $25/MTok | 最高精度、1Mコンテキスト |
| Claude Sonnet 4.6 | $3/MTok | $15/MTok | コスパのバランス型 |
| GPT-4o | $2.50/MTok | $10/MTok | OpenAI主力 |
| Claude Haiku 4.5 | $0.25/MTok | $1.25/MTok | 高速・低コスト |
| GPT-4o mini | $0.15/MTok | $0.60/MTok | 最安クラス |

注意: Claude Opus 4.7は同じ$5/$25の価格ですが、新しいトークナイザーが同じ入力に対して最大35%多くトークンを生成します。1リクエストあたりの実効コストはOpus 4.6より高くなる場合があります。

エージェントはチャットボットと違い、トークン消費が桁違いに多い。1つのタスクを達成するために、計画→実行→観察→修正のループを何周も回し、そのたびにコンテキストが積み上がります。

実測例を出します。中規模リポジトリ(ファイル数300)のリファクタリングをClaude Sonnet 4.6のAPI経由で依頼した場合、1セッションで50万-100万トークン消費。金額にして$4.50-$9.00(約700-1,400円)。1日に複数セッション回すと月額は3-5万円に到達します。

電気代が月5,000円の家庭で、AIエージェントのAPI費が月30,000円。家賃の次に高い固定費がAIになる日が来るとは思いませんでした。

**向いているケース:** 使用頻度が低い(月数回)、タスクごとにモデルを切り替えたい、コストの上限を細かく管理したい

### 類型2: サブスクリプション

月額固定で、追加のAPI費用が発生しない方式です。

| プラン | 月額 | 含まれるもの |
|--------|------|-------------|
| Claude Pro | $20 | Claude基本利用(制限あり) |
| Claude Max 5x | $100 | Proの5倍の利用枠 + Claude Code |
| Claude Max 20x | $200 | Proの20倍の利用枠 + Claude Code |
| ChatGPT Plus | $20 | GPT-4o基本利用 |
| OpenAI Codex | ~$100-200 | 開発者向け(利用量で変動) |

2026年4月4日、Anthropicはサードパーティツールからのサブスクリプション利用を制限しました。OpenClaw、Aider等のサードパーティツールからClaude Maxの枠を使う方法は公式には禁止です。Claude CodeはAnthropic公式ツールなので引き続きサブスクリプション内で利用できます。

slaude(Slack経由プロキシ)やMeridian(Claude Max→OpenCode/Aider連携)といった非公式ツールは存在しますが、利用規約に違反するリスクがあります。「壁の穴を見つけたからといって、そこを通っていいとは限らない」という話です。

**向いているケース:** 毎日エージェントを使う、月間トークン消費が多い(40万トークン+)、公式ツールだけで完結できる

### 類型3: ローカルLLM

Ollamaなどを使い、自前のGPU(またはCPU)でLLMを動かす方式です。API費用ゼロ。代わりにハードウェアと電気代がかかります。

2026年5月時点の推奨構成:

| モデルサイズ | 推奨VRAM | 推奨GPU | 推論速度目安 |
|------------|---------|---------|------------|
| 7-8B | 6GB+ | RTX 3060/4060 | 30-50 tok/s |
| 14B | 10GB+ | RTX 3080/4070 Ti | 20-35 tok/s |
| 32B | 20GB+ | RTX 4090/A5000 | 10-20 tok/s |
| 70B+ | 40GB+ | A100/H100 | 量子化必須 |

RTX 5090が2026年1月30日に発売されました。MSRP $1,999(約30万円)ですが、DRAMの供給不足で実売価格は$3,000-$5,000(45-75万円)まで高騰しています。スペックは32GB GDDR7、帯域1,792GB/s、TGP 575W。RTX 4090の約27-35%の性能向上ですが、電力消費も450W→575Wに増加。1日8時間稼働なら月額電気代は約5,500-7,000円の増分になります。

実用的なコーディング用ローカルモデルはDevstral-24B(Mistral)とQwen3-Coder:32B(Alibaba)。日本語対応ではLlama-3-ELYZA-JP-8Bがあります。

コスト計算:

- RTX 4090(約30万円、450W): 月額電気代 約4,000-5,000円
- RTX 5090(実売約50万円、575W): 月額電気代 約5,500-7,000円
- GPU本体の減価償却を月割りすると: RTX 4090で月約8,300円(3年)、RTX 5090で月約13,900円(3年)

**向いているケース:** 機密データを扱う、インターネット接続なしで動かしたい、長期的にコストを抑えたい、ゲーミングPCが余っている

## 損益分岐点を計算する

月間のトークン消費量に応じて、最安の類型が変わります。Claude Sonnet 4.6の料金($3/$15)で計算します。

- **月40万トークン以下:** API従量課金が最安。月額$1-2(150-300円)程度
- **月40万-200万トークン:** サブスクリプション($100/月)が有利。同じ使い方をAPIでやると$5-30相当
- **月200万トークン以上:** ローカルLLMが最安(GPU環境がある場合)。APIでは$30+

ただし、ローカルLLMはClaude Sonnet 4.6やGPT-4oと比較して推論品質が落ちます。Devstral-24BやQwen3-Coderは日常的なコーディングタスクなら実用的ですが、複雑なアーキテクチャ設計やバグの根本原因分析ではフロンティアモデルに差をつけられます。


「安いが品質が下がる」。このトレードオフを許容できるかが判断のポイントです。コードレビューで「このリファクタ、なんか微妙だな」と思う頻度が増えたら、そのモデルの限界に到達しています。

## 私のハイブリッド戦略

1つの類型に固定するのは、1つの工具で家を建てようとするようなものです。

実用的なのは組み合わせる方法です。私は現在こう使い分けています:

- **日常のコーディング支援:** Claude Code(Claude Max $100/月)。コード生成、レビュー、デバッグの日常タスク
- **大規模リファクタリング:** Claude API(Opus 4.6)。精度が必要な場面だけ従量課金。月に2-3回で$10-20程度
- **機密データの処理:** Ollama + Devstral-24B。クライアントのデータが外部に出ない
- **定型タスクの自動化:** n8n + ローカルモデル。毎日動くバッチ処理にAPI費用をかけない

月額の内訳:
- Claude Max: $100(固定)
- API従量課金: $10-20(変動)
- ローカル電気代: 約5,000円(固定)
- **合計: 約20,000-22,000円/月**

サブスク100ドルだけで全部やろうとしていた頃より、実は安くなっています。大規模タスクをMaxの枠内で無理やり回すと、レート制限に引っかかって待ち時間が発生し、その間に手動で作業する羽目になる。待ち時間の人件費を考えたら、必要な場面でAPIを使ったほうが安い。

## コスト管理の実践

### 予算アラート

API従量課金を使う場合、予算の上限設定は必須です。Anthropic ConsoleでもOpenAI Dashboardでも月額上限を設定できます。私は月$50に設定しています。超えたことはまだない。超えたら「なぜ超えたか」を分析して、ローカルに逃がすべきタスクがないか見直します。

### トークン消費の可視化

Claude Codeを使っているなら、セッション終了時にトークン消費量が表示されます。これを1週間記録すると、自分の消費パターンが見えてきます。「月曜は重い作業が多くてトークン消費が2倍」みたいな傾向が見つかれば、月曜だけAPIに切り替えるという判断もできます。

## 2026年後半に向けて

コスト構造は3-6ヶ月で変わります。注目しているポイント:

- **Anthropicの料金改定:** 2026年4月のサードパーティ制限に続く動きがあるか
- **RTX 5090の価格安定:** DRAMの供給が改善すればMSRP付近まで下がる可能性
- **ローカルモデルの品質向上:** Devstral-24Bの後継、Meta Llama 4のコーディング性能
- **WWDC 2026(6月8日):** AppleがSiriを複数のAIサービス(ChatGPT、Claude、Gemini)に開放する予定。iOSからのAIエージェント利用が加速すれば、サブスクリプションモデルの競争が変わる

料金表を読むのは面白くない作業です。でも「月いくら？」に答えられる人が、チームでAIエージェントの導入を推進できる人です。技術選定は、コストの話ができて初めて完了します。

---

## さらに深掘りしたい方へ

本記事はその一面に過ぎません。OpenAI・Anthropic・LangChain・Martin Fowler・学術の5つの解釈を1冊に統合した体系書 **[ハーネス・エンジニアリング — AIを"使う"から"操る"へ](https://kenimoto.dev/ja/books/harness-engineering-guide)** で、ハーネスとは何か、どう設計し、どう運用するかを19章で解説しています。

---

# AI Overviewsに載るための4条件を30日試した。効いたのは1つだけだった

URL: https://kenimoto.dev/ja/blog/ai-overviews-4-conditions-30-days-only-one-worked/
Lang: ja
Date: 2026-05-23
Description: Google AI Overviews に引用されるための条件として界隈で言われている4つの仮説を、自サイトで30日測りました。構造化データの密度、見出し階層の深化、更新頻度、外部被リンク。30日後の数字を並べて、効いたのが1つだけだったという話を書きます。

「AI Overviewsに載るには4つ条件があるらしい」という記事を、私はこの半年で20本くらい読みました。条件の中身は記事によって微妙に違うのですが、だいたい以下の4つが繰り返し出てきます。構造化データを盛る、見出しの階層を深くする、同じURLを更新し続ける、外部から被リンクを取る。

「ふーん」で済ませるには情報量が中途半端だったので、4つの仮説を立てて30日測りました。結論から書きます。4つのうち3つは私の環境では効きませんでした。残りの1つだけが、検索パフォーマンスレポート上ではっきりと差を作りました。

私はその1つの結果をもとに「これは引っ張れる」と思い、4条件を均等にやろうとしていた当初の計画を全部捨てました。この記事は、その判断に至るまでに私が30日間で見た数字と、その数字をどう解釈したかの記録です。


## 私が立てた4つの仮説

仮説は、業界記事で繰り返し言われていたものをそのまま使いました。自分でひねらなかったのは、「世間で言われていることが私のサイトで効くか」を試したかったからです。ひねると「自分の仮説」を検証することになって、目的がズレます。

**仮説1: 構造化データ密度を上げる**
Article + Author + Citation の3スキーマを、それまで載せていなかった既存記事30本に追加しました。JSON-LD のブロックがまるごと入る形で、`<head>` の中に1ページあたり3個。実装は1記事あたり10分、合計300分。これは [LLMO最小実装記事](https://kenimoto.dev/ja/blog/llmo-minimum-implementation-llms-txt-json-ld/) で書いた llms.txt + JSON-LD の上に、Citation schema を追加した形です。

**仮説2: H2/H3階層 + Q&A形式**
H2を1ページあたり3-5個から6-8個に増やし、H3を新設して階層を深くしました。さらに記事の末尾に「よくある質問」というQ&Aブロックを3問ずつ入れました。Q&AにはFAQPage schema もセットで付けました。

**仮説3: 更新頻度を上げる**
30日中、同じURLを5回updateしました。1記事あたり300〜800字の追記、`dateModified` の更新、JSON-LDの `dateModified` フィールドの同期更新。実装の手間より「何を追記するか」のネタを毎週捻り出す方が大変でした。

**仮説4: 外部被リンクを週1で増やす**
外部のエンジニアブログやNotionで、自分の記事に言及してもらえる導線を週1で増やしました。具体的にはコメント欄や引用を促す働きかけです。30日で4本の被リンクが付きました。

4条件をすべて同じ30本に適用し、30日間放置しました。Search Console の AI Overview パフォーマンス指標と、自前でscrapingしている Google 検索結果の AI Overview 引用ログ、その2つで効果を測りました。

## 30日後の数字

数字を出します。30日後、AI Overview に引用された回数の変化です。前30日と比較したベースラインからの増減です。

| 仮説 | 引用回数(前30日) | 引用回数(後30日) | 変化 |
|------|-----------------|-----------------|------|
| 仮説1: 構造化データ密度 | 12 | 47 | **+292%** |
| 仮説2: H2/H3階層 + Q&A | 12 | 14 | +17% |
| 仮説3: 更新頻度 | 12 | 11 | -8% |
| 仮説4: 外部被リンク | 12 | 13 | +8% |

仮説1だけが3.9倍になり、残り3つはノイズの範囲でした。仮説3に至っては微減です。

最初にこの表を作ったとき、私は仮説3の「-8%」を二度見しました。更新頻度を上げて減るなんてことがあるのか、と。原因として考えられるのは、私の追記が単に「文字数を増やした」だけで、AI Overview にとっての「semantic completeness（意味的完結性）」を下げた可能性です。後述しますが、この semantic completeness という概念が、今回の30日の主役でした。

仮説2の「Q&Aを増やす」は、私の感覚では一番効きそうだったのに効きませんでした。これは他のサイトが別の記事で出している数字とは食い違っていて、複数の業界レポート([wellows.com の分析](https://wellows.com/blog/google-ai-overviews-ranking-factors/) や [pepper.inc のplaybook](https://www.pepper.inc/blog/how-to-rank-in-google-ai-overviews-the-2026-playbook/))では FAQPage schema は AI Overview に有利と書かれています。私のサイトでは効かなかった理由は、後でいくつか想像できました。一番ありえそうなのは、私の元記事の Q&A が「すでに本文に書いてあることの繰り返し」になっていて、AI から見ると追加情報量がゼロだった、というシナリオです。

## なぜ仮説1だけ効いたのか

仮説1だけ効いた理由は、後追いで調べてようやく見えてきました。複数の AI Overview 分析記事を読み返すと、共通して出てくる数字があります。[wellows.com](https://wellows.com/blog/google-ai-overviews-ranking-factors/) の分析では、構造化データの存在が AI Overview への引用確率を **+73%** 押し上げ、引用ページのうち約 **65%** が構造化データを持っていると報告されています。一方で、Q&A形式や見出し階層は、構造化データほど明確な相関を持っていません。

なぜ構造化データだけが他より強いかというと、おそらく AI Overview の参照プロセスにおいて、構造化データは「意味の曖昧さを最小化する明示的なメタデータ」として機能するからです。AI に「この記事は誰が書いて、何を引用していて、いつ更新されたか」を曖昧さなく伝えるのは、本文の言い回しを工夫することよりも、構造化データで明示することの方がコストが低い。AI側もコストが低い情報を優先的に拾うのは合理的です。

私は4つの仮説に均等に労力を配分しました。30日経って、3つで賢明にも何も学ばず、1つで偶然 hit したわけです。これを「3勝1敗」ではなく「1勝3敗」と書いているのは、当初の私が「4つともそれなりに効くだろう」と仮定していたからです。「3つは無効」という結果は、4つを区別せず全部やる戦略を否定する事実です。

## 30日のテイクアウェイ

数字から私が引き出した運用判断は3つあります。

**1つ目。労力配分を4等分にしない。** これは当たり前のことを書いているように見えますが、私は実際にやらかしました。「4条件あるから4分の1ずつ」というのは、効果が均等ならば正しい配分です。効果が均等じゃないと知った今、構造化データに6割、残り3つに合わせて4割、くらいの配分に直しました。

**2つ目。Q&A形式に過剰投資しない。** これは私のサイトの結果なので、汎用的な結論ではないことは書いておきます。ただ、私のサイトでは「本文に書いてあることをQ&A形式で繰り返す」のは効きませんでした。FAQPage schemaを入れる前に、「Q&Aで答える内容が本文に出てこない情報」を持っているかをチェックする方が先です。

**3つ目。更新頻度を「文字数を足す」と訳さない。** 30日中5回updateする、というルールを文字数を増やすことで満たすと、semantic completeness を下げる可能性があります。更新するなら、新しい情報を入れるか、古い情報を消して整理するか、どちらかです。`dateModified` の数字だけ動かして本文が劣化しているのが、たぶん私の仮説3の「-8%」の正体です。

[llmoframework.com](https://llmoframework.com) の AI Overview 章にも、「更新は質を上げるためのもので、頻度を上げるためのものではない」という主旨のアンチパターンが載っています。私が30日経ってからようやく気づいたことが、書いてありました。先に読んでおけば300分浮きました。


## 30日かけてやらなくてよかったこと

最後に、30日かけてやらなくてもよかったことを書きます。

外部被リンクを「週1で4本足す」という仮説4は、AI Overview の引用率には効きませんでした。ただ、これは普通のSEO上のオーガニック流入には間違いなく効いています。同じ30日で、検索流入は12%増えました。AI Overview には効かなかったが、Googleの普通の検索結果には効いた、ということです。

AI Overview対策と従来SEOは、効くレバーが違います。両方やる価値はありますが、「AI Overviewに載りたい」という目的で被リンク獲得に労力を割くのは、私の30日では合理的じゃありませんでした。被リンク獲得は別の目的(普通のSEO)のためにやる施策と整理し直したのが、30日後の私の運用です。

「AI検索最適化を今日から始めるための短時間ガイド」は [LLMOクイックスタート](https://kenimoto.dev/ja/books/llmo-quickstart) にまとめてあります。今回の30日の数字を含めて、AI Overview と llms.txt と JSON-LD を「最小実装で土台を作って、効くレバーから順に伸ばす」という構成です。30日測ってから書く本は、30日測る前に書く本と比べて、書く側の自信が違うとつくづく思います。

## 参考にしたソース

- [Google AI Overviews Ranking Factors: 2026 Guide to Winning Citations (wellows.com)](https://wellows.com/blog/google-ai-overviews-ranking-factors/)
- [AI Overviews Hit 48% of Queries — The 2026 Citation Playbook (averi.ai)](https://www.averi.ai/blog/google-ai-overviews-optimization-how-to-get-featured-in-2026)
- [How to Rank in Google AI Overviews: The 2026 Playbook (pepper.inc)](https://www.pepper.inc/blog/how-to-rank-in-google-ai-overviews-the-2026-playbook/)
- [llmoframework.com - AI Overview anti-patterns](https://llmoframework.com)

---

# Claudeが3回連続でバグを「隠す修正」を出してきた話 — デバッグ10の技法をプロンプトに翻訳する

URL: https://kenimoto.dev/ja/blog/claude-bug-kakushi-debug-10-techniques-prompt/
Lang: ja
Date: 2026-05-15
Description: API 500エラーを直してと頼んだら、1回目はtry-catch、2回目はdefault返却、3回目はリトライ。500は消えました。2時間後に別エンドポイントで同じ障害が再発しました。本当の原因はコネクションプールの枯渇です。デバッグ10の技法をプロンプトに翻訳し、CLAUDE.mdとhooksに組み込んで、症状を隠す修正を二度と通さない仕組みにした話を書きます。

ClaudeにAPIの500エラーを直してと頼みました。1回目はtry-catchで包んで、ログを足しました。2回目は戻り値にdefaultを入れて、呼び出し側が落ちないようにしました。3回目はexponential backoffのリトライを追加しました。

500は消えました。3回目の「修正」を私は自信満々に本番に出しました。2時間後、オンコールが起きました。同じ障害が、同じDBクライアントを共有していた別エンドポイントに移動しただけだったのです。本当の原因はコネクションプールの枯渇でした。Claudeはバグを直していたのではなく、3つの違う方法で症状を隠していました。

今日は、その「症状を隠す修正」を二度と通さないために、デバッグ10の技法をプロンプトテンプレートに翻訳した話を書きます。あわせて、一度書いたら触らなくていいCLAUDE.mdの12行と、PreToolUse / PostToolUse のhook設定もセットで紹介します。


## 本番に出した3つの「直し」

3回の「修正」は、単独で見ると全部それっぽく見えました。

**1回目: try-catch。** ハンドラが例外を捕まえてログを吐き、ユーザーには500を返すようになりました。APIから見れば改善です。バグから見ると、エラーを起こした接続は壊れた状態のままプールに戻されました。

**2回目: default戻り値。** 関数が空配列を返すようになりました。このエンドポイントの500は消えました。代わりに空配列が下流のキャッシュに乗って、1時間そのまま残りました。

**3回目: exponential backoffのリトライ。** リトライ3回、それぞれが新しい接続を開きました。プールはより速く枯渇しました。このエンドポイントの500は、2回目か3回目の試行で成功するようになって消えました。同じプールを使っていた他のエンドポイントが代わりにタイムアウトを返し始めました。

3回とも、私が頼んだエンドポイントの症状は消えました。原因が移動しただけです。私は「デバッグして」と頼みましたが、「症状を抑え込むのは禁止」というルールは渡していませんでした。だからClaudeは症状を抑え込みました。それが次のトークン予測がやりたいことだからです。

AIエージェントの「周辺の配管」が壊れる話は、以前 [AIパイプラインに潜んでいた9つのバグ](https://kenimoto.dev/ja/blog/9-bugs-in-my-ai-pipeline) で書きました。あれはモデルの外側の話でした。今日はモデルが配管そのものを書く話です。

## なぜAIは症状を隠す方向に走るのか

Stack Overflowが2025年に出した開発者調査では、プロのデベロッパーのうちAIツールを使う、または使う予定だと答えた割合がおおよそ8割。一方でAIの出力を信頼すると答えた割合は前年から下がっていました。その後の調査・記事を追いかけると、繰り返し出てくる指摘は同じです。AI生成コードのバグはロジックエラーと入出力処理にかたまっていて、同等の人間が書いたコードより明らかに密度が高い。よく引用される数字は「人間比較で約1.7倍のバグ密度」あたりです。研究ごとに測り方は違うので、引用するときは出典と前提条件を見たほうがいいです。

仕組み自体は不思議でもなんでもありません。大規模言語モデルは、文脈の続きとして最も確からしいトークンを予測する装置です。「エラーハンドリングのパターン」は学習データの中でも特に過剰に表現されています。try-catch、null-check、default戻り値、リトライ。これらは公開リポジトリで誰かが「このエラー直して」と書いたあとに、統計的に最もよく出てくる種類の編集です。モデルは学んだ通りのことをしているだけです。

足りないのは別のトークンです。「まだ根本原因が分かっていません。調査を続けます」という1文。これは学習データに少ない。人間が「まだ分かりません」をコミットしないからです。コミットされるのは修正であって、まだ見つけていない状態ではない。だからモデルは「もう少し見続ける」というデフォルトを学んでいません。

このトークンは、こちらから明示的に入れてやる必要があります。次のセクションがそれです。

## デバッグ10の技法 → プロンプトテンプレート

それぞれが古典的なデバッグ技法に対応します。プロンプトに直接貼るか、CLAUDE.mdに永続化するかは「どこまで定着させたいか」で選びます。


**1. 入力を疑う。** 「修正案を出す前に、参照しているログが欠損していないか、モニタリングが実際にあなたが想定している状態を報告しているかを確認してください」。これはClaudeが一番飛ばすところです。半分ローテートで切れたログから平気で診断します。

**2. 修正前に再現する。** 「ローカルで再現して、最小手順を提示してください。再現できない場合は、その旨を明示してそこで止まってください」。「止まってください」がこの一文の働きどころで、推測に逃げる扉を閉じます。

**3. 境界を見つける。** 「動いている挙動と壊れている挙動の境界を特定してください。正しいデータを返す最後のコンポーネントはどこですか」。行単位の推測ではなく、レイヤー単位の絞り込みに向かわせるための制約です。

**4. 既知の正常状態との差分を取る。** 「現在のコードを直近の正常稼働時点と比較してください。`git log --oneline -20` を確認し、障害ウィンドウと相関しうる変更を特定してください」。これが「誰も覚えていないコミット」を炙り出します。

**5. 時系列で並べる。** 「いつから失敗していますか。急激ですか、徐々に悪化していますか。エラーレートをデプロイ時刻・トラフィックスパイク・設定変更にぶつけてください」。急激かつデプロイ連動と、緩慢かつ非連動は別のバグです。混同するから3回連続の修正が積みあがります。

**6. リトライ・キャッシュ・タイムアウトを棚卸しする。** 「経路上のリトライ・キャッシュ・タイムアウトをすべて列挙してください。各々について、下層の呼び出しが『遅いが失敗していない』状態のときに何が起きるかを説明してください」。これが入っていれば、私のプール枯渇は1回目で見つかっていたはずです。

**7. 増幅パスを探す。** 「小さなエラーが増幅される経路はありませんか。失敗が3回のリトライを引き起こし、それぞれが新しい接続を開き、次のリクエストにレイテンシを足していくような経路です」。リトライストームの先にオートスケーラがあると、インスタンスストームも付いてきます。

**8. 観測を足す、推測しない。** 「原因を特定するだけの観測情報が足りない場合は、追加すべき具体的なログ行やトレース項目を提案してください。修正案は提案しないでください」。「分かりません」を「ここを測ってください」に変換できると、嘘の修正よりはるかに有用な答えになります。

**9. 単純化する。** 「失敗経路から不要な要素を取り除き、最小再現形まで縮めてください。それでもバグが出る最小入力は何ですか」。問題はだいたい「見ていた部分」になかった、というのがこの技法の感想です。

**10. 意図的に壊す。** 「仮説を検証するために、バグを悪化させる(または改善させる)変更を意図的に提案してください。実行前に結果を予測してください」。デバッグを観察から実験に切り替える技法です。モニタリングが嘘をついているケースもこれで掘れます。

10の技法の元になる思考プロセスと原文での定式化は [ハーネス・エンジニアリング — AIを"使う"から"操る"へ](https://kenimoto.dev/ja/books/harness-engineering-guide) のデバッグ章で扱っています。プロンプト変換の章と次節のCLAUDE.md/hooks装備の章は、本記事の骨格そのものです。

## CLAUDE.mdに永続化する

10文を毎回プロンプトに貼り付けるのはスケールしません。CLAUDE.mdはそのためにあります。

Anthropicが繰り返し推奨しているのは、CLAUDE.mdをだいたい100-150行に収めることです。すべてのターンでコンテキストに入る分量にしておく、という制約です。そのうち12行をデバッグルールに割り当てるのは、いい投資です。

```markdown
## Debugging Rules

- 根本原因が特定できるまで修正コードを書かない。
- 症状を抑えない。症状が消えても原因が不明なら、それは修正ではない。
- 修正前に、バグを再現する失敗テストを書く。
- 修正後に全テストを通し、新たに壊れたテストがあれば報告する。
- 同じバグに対して3回連続で修正が失敗したら停止する。試した内容、除外できた仮説、残っている仮説を整理して、人間に判断を仰ぐ。

## Debugging Workflow

1. Root Cause Investigation: ログ・トレース・コード経路を読む
2. Pattern Analysis: 同じアンチパターンが他にないか検索
3. Hypothesis Testing: 仮説が正しいときだけ落ちるテストを書く
4. Implementation: 1-3を通過したあとだけ
```

ポイントは、これらが「指示」ではなく「制約」だということです。「まず調査してください」より「根本原因が特定できるまで修正コードを書かない」のほうが効きます。制約形式が、次のトークン予測機が嬉々として先に進むのを止めます。

CLAUDE.mdに何を書くかの全体観は、以前 [CLAUDE.mdとコンテキストエンジニアリングの実践](https://kenimoto.dev/ja/blog/claude-md-context-engineering-practice) で書いた話と地続きです。デバッグの12行は、その続編に追加するパートだと思ってください。

## hooksで「反射」を自動化する

CLAUDE.mdが脳なら、hooksは反射です。デバッグに効くのは主に2つ。

**PreToolUse: 破壊的コマンドをブロックする。** デバッグの途中で、たまにモデルが `rm -rf node_modules` を提案してきます。運の悪い日には素の `DROP TABLE` も来ます。PreToolUseのhookでBashツール呼び出しを横取りし、コマンド文字列を簡易な denylist にかけて、引っかかったら exit 2 でブロックします。Claude Codeは PreToolUse からの exit 2 を「このツール呼び出しは却下。モデルに理由を伝える」として扱います。

```json
{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash",
        "hooks": [{
          "type": "command",
          "command": "if echo \"$TOOL_INPUT\" | grep -qE 'rm\\s+-rf|DROP\\s+TABLE'; then echo 'BLOCK: destructive command' >&2; exit 2; fi"
        }]
      }
    ]
  }
}
```

**PostToolUse: 編集後にテストを走らせる。** matcher を `Edit|Write` にして、command で fast subset のテストスイートを叩きます。モデルは次のターンでテスト失敗を直接見るので、30メッセージ後に思い出すのではなく、作った直後に反応します。hooksイベントの全体像は、以前 [Claude Code Hooks v2 — 25のイベント](https://kenimoto.dev/ja/blog/claude-code-hooks-v2-25-events) で整理しました。PreToolUse / PostToolUse の挙動を含め、まずはあの記事の表で当たりをつけるのが早いです。

CLAUDE.md・PreToolUse・PostToolUse の3点セットは、AIデバッガーの装備レイヤです。1つの大きなエージェントを [Observer / Strategist / Marketer の3役に分離](https://kenimoto.dev/ja/blog/observer-strategist-marketer-3-yaku-bunri) したときに使った「装備レイヤ」と同じパターンです。これは同じハーネス連載の、デバッグ装備回だと思ってください。

## 3回連続で失敗したら「人間を呼ぶ」

もっとも効くルールを最後に1つだけ。今回のオンコールを救えたのもこの1行でした。

> 同じバグに対して3回連続で修正が失敗したら、そこで止まって人間にエスカレートする。

3という数字に魔法はありません。「もう1回推測する」コストが「これは構造的なバグだと認めて報告する」コストを上回る境界線が、だいたいその辺りにあるだけです。3回目には、モデルはパターンマッチの上にパターンマッチを重ねている可能性が高い。4回目のリトライより、人間の目のほうが安いです。

「Claudeにデバッグさせれば速い」は半分本当で、半分嘘です。装備を渡さなければ、Claudeは最速で症状を隠します。10のプロンプトが装備を渡す手段で、CLAUDE.mdがそれを覚えてくれて、hooksがすり抜けを止めます。どれもコストはほとんどかかりません。23時にオンコールが起きるコストに比べれば、です。

10の技法をプロンプトに翻訳する章と、CLAUDE.md/hooks/MCPを3層で組む章は、[ハーネス・エンジニアリング — AIを"使う"から"操る"へ](https://kenimoto.dev/ja/books/harness-engineering-guide) にまとめてあります。

参考:
- [2025 Stack Overflow Developer Survey — AI section](https://survey.stackoverflow.co/2025/ai)
- [Closing the developer AI trust gap (Stack Overflow Blog, 2026年2月)](https://stackoverflow.blog/2026/02/18/closing-the-developer-ai-trust-gap/)
- [Claude Code Hooks reference](https://code.claude.com/docs/en/hooks)

---

# ClaudeをカオスエンジニアリングのMCPサーバーに繋いだら、ステージングを4回殺した — 6ヶ月見逃していた本番バグを見つけた話

URL: https://kenimoto.dev/ja/blog/claude-chaos-engineering-mcp-staging-4-kai-koroshita/
Lang: ja
Date: 2026-05-16
Description: Steadybitが2025年6月に業界初のカオスエンジニアリングMCPサーバーをリリースしました。Claude Codeに繋いで、payment-serviceのコネクションプール耐障害性実験を一文で頼みました。Claudeは4本の実験を提案し、3本はSLO違反なく完了、4本目でstagingが完全に落ちました。原因は半年前から本番のログにチラついていた『プール枯渇 → リトライ嵐 → レートリミッタ自己DoS』のバグでした。実験ログと、AIにカオスを任せる前に必須だった3つのガードレールを書きます。

最初に書きます。本記事の実験はすべてstaging環境で実行しています。productionは二重ロックです。CLAUDE.mdに「production環境でのカオス実験は無条件NG」を書き、`PreToolUse` hookで`--env=production`の文字列を検出したら`exit 2`で実行を弾く。両方とも後段で書きます。「Claudeにカオス実験を設計させた」は字面で読むと不穏な一文なので、先に書いておきます。staging限定、二重ロック、最初から最後まで監督ありです。

その前提で本題。Steadybitが2025年6月に業界初と表現されることが多いカオスエンジニアリングMCPサーバーをリリースしました。Claude Codeに繋いで、一文だけ頼みました。「`payment-service`のコネクションプール耐障害性を測る実験を設計して」。Claudeは4本の実験を提案しました。3本はSLO違反なく完了しました。4本目でstagingが完全に落ちました。原因を追うと、人為的なテストバグではありませんでした。半年前から本番のログにチラついていて、これまで誰も再現できていなかった本物のバグでした。プール枯渇 → リトライ嵐 → レートリミッタ自己DoSの連鎖です。今日はその実験ログと、AIにカオスを任せる前に必須だった3つのガードレールを書きます。

5/12 サブエージェント → 5/13 Voice AI → 5/14 3役分離 → 5/15 デバッグ装備 → 本日 5/16 カオスMCPの、ハーネス装備シリーズ5回目です。シリーズの先頭から読む必要はなく、本記事はカオス章単独で読み切れる構成です。「症状を隠す修正をAIにやられた話」の姉妹記事は [Claudeが3回連続でバグを「隠す修正」を出してきた話](https://kenimoto.dev/ja/blog/claude-bug-kakushi-debug-10-techniques-prompt) です。


## Steadybit MCPに繋ぐ手順、1段落で

Steadybitは2025年6月18日に、業界初と紹介されることが多いカオスエンジニアリング向けのMCPサーバーをリリースしました ([Steadybit ニュース](https://steadybit.com/news/steadybit-launches-the-first-mcp-server-for-chaos-engineering-bringing-experiment-insights-to-llm-workflows/) / [BusinessWire 2025-06-30](https://www.businesswire.com/news/home/20250630606346/en/Steadybit-Launches-the-First-MCP-Server-for-Chaos-Engineering-Bringing-Experiment-Insights-to-LLM-Workflows))。MCPはAnthropicが2024年末に公開したオープンプロトコルで、LLMクライアント (Claude / Gemini / ChatGPT) が外部ツールを構造化された型で呼び出すための標準規格です。Steadybit MCPサーバーは、実験カタログ、過去の実験結果、ポストモーテム、それと「新しい実験を設計する」ツールを公開しています。Claude CodeまたはClaude Desktopに繋ぎ、両方を同じstagingのKubernetesコンテキストに向けると、ターミナルに「`payment-service`のコネクションプール耐障害性実験を設計して」と書くだけで、承認用のパラメタ付き実験仕様が返ってきます。

セットアップは配管仕事です。本当に面白いのは、その配管から出てきたものを実際に流したときに何が起きるかです。

## 2026年のAI駆動カオス、4プレイヤーの整理

実験を回す前に、他にどんなアプローチがあるのか軽く整理しました。現時点で意味のある4プレイヤーは、それぞれ別のレバーを引いています。


**Krkn-AI** はRed Hat + IBM Researchが共同開発しているOSSフレームワークで、実験パラメータの探索を遺伝的アルゴリズムに任せます。生成 → 各パラメータを実験 → SLO (レイテンシ・エラーレート・可用性) でスコア → 上位を交叉・突然変異、をループします。狙いは「ギリギリSLOを破る組み合わせ」を見つけることです。99.9%のSLOを99.85%まで落とすパラメータ、明らかに全部壊すパラメータではありません。発見しにくく再現も難しい、本当に危険なやつです。[Red Hat Developerの記事](https://developers.redhat.com/articles/2025/10/21/krkn-ai-feedback-driven-approach-chaos-engineering)に詳しい解説があり、コードは [krkn-chaos/krkn-ai](https://github.com/krkn-chaos/krkn-ai) です。

**Harness AI** は2025年1月にGenAI支援のカオスエンジニアリング機能を出し、その後 [MCPツール](https://developer.harness.io/docs/chaos-engineering/guides/ai/mcp/) をリリースしました。Claude Desktop / Windsurf / Cursor / VS Codeから自然言語で実験を設計・実行できます。Harnessエコシステムに既にいるなら、学習コストが最も低い経路です。

**Steadybit** は本記事で使った、専用のカオスMCPサーバーを最初にリリースしたプレイヤーです。差別化ポイントは実験履歴へのアクセスで、新しい実験を設計するだけでなく、過去の実験結果とポストモーテムをLLMが読み、自社のインシデント履歴に基づく提案ができます。

**Dynatrace** は逆方向のアプローチです。AIエンジンがシステムの正常な振る舞いを学習し、「今のパターンは過去のインシデント直前と似ている」を予測します。仮説を立ててから検証するのではなく、プラットフォーム側から「次にカオスを当てるべきサブシステム」を提示してきます。

四半期に1回しか実験を回さないならDynatraceの予測角度は過剰、研究チームがあってKubernetesを使っているならKrkn-AIの遺伝探索が最深、HarnessかSteadybitに既に住んでいるならMCP経由でダッシュボード税が消える。4社は競合というより、レイヤーで重ねるものです。

## Claudeが提案した4本の実験

実際の運用に戻ります。プロンプトは1文でした。返ってきたのは4本の実験で、各々に対象サービス・障害タイプ・規模・持続時間・ロールバックSLO・ブラストレディアスが付いていました。仕様はYAMLでしたが、面白いのはLLMが読める構造ではなく実験設計の中身なので、要約で書きます。

**実験1: プール30%削減、3分、1ポッド。** `payment-service` のコネクションプール上限を100から70に削る。対象はレプリカ1台のみ。SLOゲート: エラーレート1%未満。結果: green。レイテンシは約12%上がりましたが、エラーレートは0.2%で十分ゲート内。他のレプリカがトラフィックを吸収しました。人間のSREが最初に提案する種類の実験です。

**実験2: プール50%削減 + リトライありの状態、3分、2ポッド。** 同じ障害をより深く、2レプリカに当てる。クライアントライブラリのデフォルトのリトライ動作はオンのまま。SLOゲート: エラーレート1%未満、p99レイテンシ800ms未満。結果: greenでした。レイテンシp99は約640ms、エラーレートは0.4%。リトライ層がプール圧迫を吸収しました。

**実験3: プール70%削減 + リクエストtimeout短縮、3分、2ポッド。** timeoutを5秒から1.5秒に下げて、プールは30に削減。仮説: 高負荷下では短いtimeoutは接続を早く解放して助けるのか、それともリクエストを途中で切って傷を増やすのか。結果: 意外にもgreen。エラーレート0.7%、p99レイテンシは早期切断のおかげで約520msまで下がりました。ここで止めようとしました。3回連続greenは耐障害性の証明に見えました。

**実験4: プール90%削減 + リトライ上限なし、5分、3ポッド。** 来ました。プールはポッドあたり10接続、リトライ予算は事実上無制限 (このクライアントのデフォルトで、configで上書きしていなかった)、3レプリカに同時に当てる。SLOゲート: エラーレート1%未満。結果: not green。最初の90秒以内に、エラーレートが0.5%から23%まで垂直に立ち上がり、p99レイテンシは200msから14秒、stagingは上流のゲートウェイから到達不能になりました。Steadybitが1%のSLO違反で自動ロールバックを発火しましたが、その時点では完全にウェッジしたサービスが残っていました。

最初の3つのgreenは耐障害性の証明ではありませんでした。「ブラストレディアスがシステムが吸収できる範囲に収まっていた」ことの証明でした。4本目がブラストを吸収できる境界の少し先まで広げた瞬間、下に潜んでいた病理が表に出ました。

> Slackに「計画的な障害です」と書きました。当番のSREは笑いませんでした。彼は「先週分のポストモーテムチャンネル、まだピン留めしっぱなしじゃないですか」と言ってきました。新しいのをピンしておきました。

## 半年間見逃していた本番バグの正体

最初は「stagingの環境変数の差異か、サイドカーの挙動か、タイミング依存で本番では再現しないやつだろう」と思っていました。一応追いました。チェーンは3つで、各々は単独ではドキュメント済みでまったく問題なく、複合した瞬間に病気になります。

**ピース1: コネクションプール枯渇。** プール上限10、3ポッド、通常トラフィック。新規接続が必要な受信リクエストは待つか、失敗しました。標準的な挙動です。驚きはありません。

**ピース2: 呼び出し側の無制限リトライ。** `payment-service` を呼ぶ上流サービスは、試行回数ではなく1試行あたりの時間だけで制御されたリトライを持っていました。`payment-service` がプール枯渇エラーを返し始めると、呼び出し側はリトライしました。各リトライが新しいTCP接続を開き、プール待ちのキューに入り、timeoutになり、また次のリトライを発火しました。3回が9回になり、27回になり、数秒で呼び出し側の outbound concurrency が通常の十数倍に達しました。

**ピース3: 呼び出し側自身のレートリミッタ。** ここに30分かかりました。呼び出し側は **outbound** 経路に自己防衛的なレートリミッタを持っていました。「下流のどのサービスに対しても、秒間N以上のリクエストを発行しない」というやつです。通常運用ではNに近づくことはありませんでした。リトライ嵐の最中、呼び出し側は自分のoutboundレートリミッタを超え、自分のリトライを自分で弾き始めました。アプリケーションコードはこれを下流の失敗と解釈し、さらにリトライを発火しました。呼び出し側は、自分のレートリミッタを武器にして自分自身をDoSしていました。下流の `payment-service` は回復できませんでした。新しいトラフィックが呼び出し側の自己DoSを抜けて「プールはもう空いていますよ」を伝えられないからです。

過去6ヶ月の本番ログを「このサービスからの outbound リトライ上でレートリミッタが拒否を返した」シグネチャでgrepしたら、11件ありました。各イベントは4秒から90秒の短さで、誰かがGrafanaを開き終わる前に自己回復し、「一時的、対応不要」のバケツに振り分けられていました。これがKrkn-AIのフィットネス関数が見つけようとしているパターンそのものでした。SLO境界のすぐ先に住んでいて、人間が見続けるには短すぎ、重要であるには十分な長さの障害です。

修正そのものは派手ではありませんでした。リトライをjitter付きで上限2に制限し、outboundレートリミッタを硬い拒否ではなくサーキットブレーカ的に振る舞うよう変更し、特定のシーケンス (プール枯渇 → リトライスパイク → リトライ上での outbound レートリミッタ拒否) にメトリクスを足しました。次に起きたときは、見えないところで自己回復せず、誰かをページします。

## 必須だった3つのガードレール

私は自律否定派ではありません。むしろ前日の記事で「[症状隠しを止める10技法をプロンプト化してClaudeに任せる](https://kenimoto.dev/ja/blog/claude-bug-kakushi-debug-10-techniques-prompt)」を書いた側です。それでも「AIにカオスを設計させる」をガードレールなしでやるのは、私がこれまで試した中でstagingを最速で壊す方法でした。MCPサーバーを実環境に近づける前に、3つを必ず仕込んでいます。

**ガードレール1: CLAUDE.md にポリシーを書く。** 20行未満の短いブロックで、禁止事項とSLOゲートを名指しします。CLAUDE.mdの書き分けは [CLAUDE.md でコンテキストエンジニアリングを実装する](https://kenimoto.dev/ja/blog/claude-md-context-engineering-practice) にまとめてあります。

```markdown
## Chaos Rules

- カオス実験の対象はstaging環境のみ。productionは禁止 (production=trueの
  cluster / namespace / serviceを含む)。
- 全実験はSLOゲート (エラーレート / レイテンシ / 可用性) を宣言し、超えたら
  自動ロールバックする。
- ブラストレディアスは段階的: ポッド10% → 25% → 50%。段階をスキップする
  場合はプロンプトで人間の承認を得る。
- 3回連続greenでも耐障害性を宣言しない。ブラストレディアスを広げるか、
  別の障害タイプを提案してから停止する。

## Chaos Workflow

1. 対象環境がstagingであることを確認。違ったら拒否。
2. SLOゲート、ブラストレディアス、ロールバック条件を宣言して実験提案。
3. プロンプトで人間の承認を得てから MCP の run ツールを呼ぶ。
4. 実行中はメトリクスをストリーム。SLO違反で即座にロールバックツールを呼ぶ。
5. 実行後、1段落のポストモーテムを書く。
```

CLAUDE.mdの難しい部分は、毎ターンcontextに乗る程度に短く保つことです。Anthropicの目安はおおよそ100-150行です。そのうち16行をカオスルールに割り当てるのは、初日にstagingを殺さないための公正な取引です。

**ガードレール2: `PreToolUse` hookでポリシーを強制する。** CLAUDE.mdは脳です。hooksは反射神経です。脳は負荷がかかると無視されます。反射は無視されません。

```json
{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "mcp__steadybit__run_experiment",
        "hooks": [
          {
            "type": "command",
            "command": "node ~/.claude/hooks/block-prod-chaos.js"
          }
        ]
      }
    ]
  }
}
```

ブロック側のスクリプトは、実験仕様にproductionマーカーが含まれていないかチェックします。`env: production`、`cluster: prod`、`namespace: prod-*` のいずれかがペイロードに現れたら、理由をstderrに書いて`exit 2`で呼び出しを弾きます。これは少なくとも1回、私を救いました。LLMが会話の途中で「本番でも確認するために昇格させましょうか」と親切に提案してきた瞬間、MCPサーバーに届く前にhookが止めました。

同じhookは、SLOゲートが数値で宣言されているか、ブラストレディアスの段階が前回 +1 になっているかも確認します。マジックナンバーだけの仕様? ブロック。段階2を飛ばす? ブロック。ルールの形をそのまま反射に焼き直します。hooks 全般の使い方は [Claude Code Hooks v2 — 25個のイベント](https://kenimoto.dev/ja/blog/claude-code-hooks-v2-25-events) にまとめてあります。

**ガードレール3: MCPサーバー側のSLOロック。** 3層目はプラットフォーム側です。Steadybit (HarnessでもKrknでも構造は同じ) では、実験設定に `rollback_on` 述語があり、プラットフォーム自身がリアルタイムでメトリクスを評価して判定します。エラーレートが30秒間 1% を超えたら、LLMやローカルのhookが何をしようと、プラットフォームが実験を停止します。3層のうち、LLMもローカルエージェントも両方が侵害された状態で唯一生き残るレイヤーです。同時に、最も忘れられがちなレイヤーでもあります。チームのSLOに関する意見をYAMLに書く必要があり、誰もそれを書きたがらないからです。書いてください。

便利なテスト: チームメンバーをランダムに1人選び、CLAUDE.mdとhooksファイルを渡して「悪意があるとして、productionに当たる実験を設計できますか?」と聞きます。答えが「CLAUDE.mdを編集すればイエス」なら、プラットフォームのSLOロックが捕まえます。答えが「hookを消せばイエス」なら、プラットフォームのSLOロックが捕まえます。3層は冗長ではなく、別々の壊れ方に対応しています。

[3役分離 (観測者・戦略家・実行者)](https://kenimoto.dev/ja/blog/observer-strategist-marketer-3-yaku-bunri) のパターンはカオスにきれいにマップします。CLAUDE.mdが戦略家 (ポリシーを定める)、hooksが観測者 (何が起きるかを捕まえる)、MCPサーバーが両者の下にいる実行者です。この層をまたいで一人格にしないことが、AIエージェントがうっかり全部を兼ねないための仕組みです。

## Chaos Engineering 2.0: 4つの流れが収束する

カメラを引きます。2024年の review 論文 *Chaos Engineering 2.0: A Review of AI-Driven, Policy-Guided Resilience for Multi-Cloud Systems* ([journal ページ](https://journals.stecab.com/jcsp/article/view/846)) は、モダンなスタックを3つの柱で整理しています。実験を設計するAIプランナー、アプリケーションコードに触らないサービスメッシュレベルでの障害注入、ブラストレディアスとSLO規律を強制するポリシー駆動のガードレールです。同論文は、調査対象組織の89%がマルチクラウド運用であるとも報告しています。これらの障害モード (クラウド間DNSドリフト、IAMトークンライフサイクル不一致、リージョン固有のレートリミッタ) が実際に住んでいる環境です。

直近では [ChaosEater (2025)](https://arxiv.org/abs/2511.07865) という arxiv 論文が、完全にLLMオーケストレーションされたカオスサイクル (モデルが実験設計・実行・分析をポリシーガードレールの下で全部受け持つ) を提案しています。先ほどの4製品が歩いている方向の、研究側からの同じ歩み方です。

4つの流れが収束する (カオスエンジニアリング、可観測性、AI / LLM、プラットフォームエンジニアリング)。これはマーケティングの絵ではありません。私のstaging事故が乗っていた実際のワークフローです。カオスエンジニアリングが実験を提供しました。可観測性が90秒でSLO違反を検出するメトリクスストリームを提供しました。LLMが実験設計と、後にログのチェーンを読み解いて本番バグを特定する手助けをしました。プラットフォームエンジニアリング (Steadybit + hooks + CLAUDE.md) がブラストレディアスにproductionを含めないようにしました。

このうちどれか1つを抜くと、同じ話は違う結末になります。LLMなしなら、誰も実験4を提案しません (一見明らかに無謀に見えるからです)。可観測性なしなら、SLO違反の検出に数分かかります。ポリシーガードレールなしなら、「本番でも確認しましょう」が現実に起こります。意図的な実践としてのカオスなしなら、バグはもう半年見えません。

## 来週これを試す人へ

夜中の11時にstagingを殺さずに同じことを試したい人向けに、ハインドサイトでやり直すならこうする、をまとめます。

実験1だけ、単一namespaceで、ブラストレディアスをポッド10%にキャップして始めてください。最初のgreenは「ブラストレディアスを広げてよい」のシグナルであって、「勝った」のシグナルではありません。面白い実験は、システムが吸収できる境界の少し先で起きるやつです。

CLAUDE.mdとhooksは、MCPサーバーを繋ぐ **前** に書いてください。後でも、並行でもなく、前にです。新しいピカピカのおもちゃを手に入れた誘惑は「1時間遊んでからガードレールを足そう」です。その1時間が staging が死ぬ時間です。死んだ後はルールを書く忍耐が最小になる時間でもあります。

実行後のプロンプトは短くしてください。「何が失敗したか、どのSLOが違反したか、最も可能性の高い根本原因」で足ります。SLO違反のあとの長いプロンプトは、LLMを物語モードに引きずります。証拠モードのほうがほしいです、物語モードではなく。

カオスから得たポストモーテムの習慣を、AIコーディング全般に持ち込んでください。本記事が存在する理由は、私が90秒のインシデントから1ページのメモを通常のインシデントドキュメントと同じ形で残していたからです。そのメモがなければ、これは雰囲気のブログ記事になっていました。あったから、証拠1ピースあたり1段落と、同じ週に本番に着地した修正があります。

AIはどのSREよりも速くカオスを設計します。3つのガードレールがなければ、stagingも最速で殺します。3つを噛ませて初めて「半年見逃していたバグを見つける」が手に入ります。当番のSREの週末もちゃんと手に入ります。

---

本記事のソースは、Krkn-AI / Harness / Steadybit / Dynatrace の全景、Chaos Engineering 2.0、本番でカオスを回しつつニュースにならないための運用手法を14章でまとめたBookです。

[カオスエンジニアリング: モダン分散システムのための実践ガイド](https://kenimoto.dev/ja/books/chaos-engineering-guide)

ハーネスシリーズの関連記事:

- [Claudeが3回連続でバグを「隠す修正」を出してきた話](https://kenimoto.dev/ja/blog/claude-bug-kakushi-debug-10-techniques-prompt)
- [3つの役割を分離する: 観測者・戦略家・実行者](https://kenimoto.dev/ja/blog/observer-strategist-marketer-3-yaku-bunri)
- [AIパイプラインに潜んでいた9つのバグ](https://kenimoto.dev/ja/blog/9-bugs-in-my-ai-pipeline)

---

# Claude Codeを/clearせず9時間動かした日、コンテキストはどこで腐り始めたのか

URL: https://kenimoto.dev/ja/blog/claude-code-9h-context-rot-token/
Lang: ja
Date: 2026-05-31
Description: 長時間セッションで指示を無視され始めたとき、私は「Claudeが雑になった」と思いました。違いました。腐っていたのは私のコンテキストでした。context rotがどのトークン数で始まるか、研究と自分のセッションを突き合わせた話です。

ある日、Claude Codeを朝から晩まで、`/clear`を一度も押さずに使い続けました。9時間です。一つのセッションで、リファクタからテスト追加、ドキュメント更新まで全部やろうとしました。

夕方になって、様子がおかしくなりました。CLAUDE.mdに「テストはvitestで書く」と明記してあるのに、jestで書き始める。午前中に「この関数はもう使っていないから消した」と合意したはずの関数を、夕方には「念のため残しておきましょう」と復活させようとする。同じファイルを3回読み直す。

最初、私は「今日のClaudeは調子が悪いな」と思いました。これが間違いでした。調子が悪かったのはモデルではなく、9時間ぶん膨れ上がった私のコンテキストのほうです。

この現象には名前がついています。**context rot**(コンテキストの腐敗)です。

## context rotは「ウィンドウが満杯になる前」に始まる

context rotという言葉を形式化したのは、Chromaが2025年に出した研究です。[18の最前線モデルを系統的にテストし](https://www.understandingai.org/p/context-rot)、入力が長くなるほど全モデルの出力品質が下がることを示しました。例外はゼロです。重要なのはここで、**200Kトークンのウィンドウを持つモデルでも、5万トークンあたりで目に見えて劣化が始まる**という点です。

つまり「ウィンドウに入るかどうか」と「ちゃんと使えるかどうか」は別の問題でした。私はずっと前者しか気にしていませんでした。「まだ半分も埋まってないから大丈夫」は、まったく根拠のない安心だったわけです。

この発見の源流は、2023年のLiuらの論文[Lost in the Middle](https://arxiv.org/abs/2307.03172)です。コンテキストが埋まってくると、モデルは入力の先頭と末尾のトークンを重視し、真ん中のトークンが「迷子」になる。私の9時間セッションでは、午前中の決定事項がちょうど真ん中に沈んでいました。だから夕方のClaudeは、午前中の自分を覚えていなかったのです。

ある調査では、[2025年のエンタープライズAI障害の約65%](https://www.morphllm.com/context-rot)が、複数ステップ推論の途中で起きたコンテキストのドリフトや記憶喪失に帰着するとされています。これはモデルが賢くないからではありません。長くなったコンテキストを賢く使えていないからです。


## 私のセッションで起きた4つの症状

拙著のContext Engineeringの本では、長期対話で起きる障害を4つのモードに分けています。9時間セッションで、私はその4つを順番に踏み抜きました。

**1. Context Distraction(散漫)。** 無関係な情報が増えすぎて焦点がぼける。午後のClaudeは、午前中に一度だけ読んだ設定ファイルの細部を延々と気にしていました。もうどうでもいい話なのに。

**2. Context Confusion(混乱)。** リファクタとテストとドキュメントを1セッションに混ぜたせいで、複数のトピックが混在し、文脈を取り違える。テストの話をしているのにドキュメントの口調で返事が来る、という珍事が起きました。

**3. Context Clash(衝突)。** 矛盾する情報が共存する。「関数を消す」と「関数を残す」が同じウィンドウに同居して、回答が不安定になりました。

**4. Context Poisoning(汚染)。** 序盤に紛れた一つの誤解が、以降の回答をじわじわ歪めていく。これが一番こわい。一度ハルシネーションした前提を、本人は「確定事項」として扱い続けます。

新人に例えるなら、朝礼から残業まで一度も席を立たず、メモも取らず、休憩もせずに働かせ続けた状態です。夕方に判断が雑になるのは、その人が無能だからではありません。

## 圧縮が走るのが遅すぎる問題

ここで運用の落とし穴があります。Claude Codeには[auto-compact](https://www.cometapi.com/what-is-auto-compact-in-claude-code/)という自動圧縮機能があり、コンテキストが約95%(残り25%前後)に達したときに発動します。2026年初頭にはバッファが約33Kトークンに調整されました。

問題は、**劣化が始まるのが50K付近なのに、圧縮が走るのが190K付近**だということです。腐り始めてから圧縮までに、広大な「すでに性能が落ちているのに何もしていない」ゾーンが横たわっています。私の9時間セッションは、ずっとこのゾーンを走っていました。

Claude Codeチームの[Thariq Shihipar氏は、容量の50〜60%で能動的に`/compact`を打つこと](https://www.mindstudio.ai/blog/claude-code-compact-command-context-management)を勧めています。auto-compactを待つのは`/compact`の使い方として間違っている、と。私はずっと間違って使っていました。「自動でやってくれるなら任せよう」と。任せた結果が、jestで書き始めるClaudeでした。

`/clear`と`/compact`は別物です。`/clear`は会話履歴を完全に消して新品の状態に戻す。`/compact`は会話を要約して、その要約を新しいコンテキストとしてプリロードする。重要なコード変更やファイルの状態、決定事項は残り、中間のデバッグ出力や解決済みの議論は刈り取られます。

## では、どう運用するか

9時間セッションの反省から、私のいまの運用はこうなりました。

| 対策 | やること | 効きどころ |
|---|---|---|
| **タスクで区切る** | リファクタ・テスト・ドキュメントを別セッションに分ける | Confusion(混乱)を断つ |
| **50〜60%で先回りcompact** | auto-compactを待たず、能動的に`/compact`を打つ | 劣化ゾーンに入る前に圧縮 |
| **節目で`/clear`** | タスクが完全に切り替わるときは要約より全消し | Poisoning(汚染)を断ち切る |
| **CLAUDE.md再読込** | 長いセッションでは「CLAUDE.mdをもう一度読んで」と明示 | 真ん中に沈んだ規約を末尾に持ち上げる |
| **サブエージェント委譲** | 調査や一括処理は別エージェントに切り出す | メインのウィンドウを汚さない |

一番効いたのは、実は一番単純な「タスクで区切る」でした。1セッション1目的。これだけで、夕方のjest事件は起きなくなりました。

「真ん中に沈んだ規約を末尾に持ち上げる」というのも地味に効きます。Lost in the Middleが先頭と末尾を重視するなら、大事な規約を末尾に置き直せばいい。CLAUDE.mdの再読込は、まさにそれをやっています。

## まとめ: 「まだ埋まってない」は安心材料ではない

9時間セッションが私に教えたのは、context rotはウィンドウが満杯になってから起きるのではない、ということです。Chromaの計測では50K付近、つまりウィンドウの4分の1で、もう劣化は始まっています。

そして次のアクションは拍子抜けするほど簡単です。**長いセッションで「あれ、雑になったな」と感じたら、まず自分を疑う前にコンテキストを疑う。** そして`/compact`を打つか、いっそ`/clear`して、CLAUDE.mdから入り直す。モデルが急に賢くなったように見えるはずです。賢くなったのではなく、見ているものが綺麗になっただけですが。

腐るのはモデルではなく、こちらが渡し続けたコンテキストのほうでした。

---

5戦略、RAG実装、動的コンテキスト選択、Memory設計までを通しで扱った [LLM を「嘘つき」から「専門家」へ変える Context Engineering 実践ガイド](https://kenimoto.dev/ja/books/context-engineering) を Zenn と Kindle で公開しています。本記事で触れた4つの障害モードとメモリアーキテクチャは、同書の第9章にあたります。

---

# 「とりあえず全部許可」でClaude Codeを動かすと、.envの秘密がそのままAnthropicに渡る話

URL: https://kenimoto.dev/ja/blog/claude-code-deny-rules-env/
Lang: ja
Date: 2026-06-06
Description: エージェントの権限を疑わしきも許可で運用すると、コマンド出力経由で AWS_SECRET_ACCESS_KEY がLLMプロバイダに流れます。deny-rulesと多層防御で、エージェント実行時の秘密漏洩をどう止めるかを実装ベースでまとめました。

最初に範囲を区切らせてください。この記事は、GitHubのコミット偽装でもなく、エディタ拡張のサプライチェーン汚染でもありません。話すのは一点だけ、エージェントを動かしている最中に、`.env` の中身がツール出力に乗ってLLMプロバイダへ渡る経路です。コードを書く本人が一番油断している場所、と言い換えてもいいです。

私も最初は油断していました。Claude Codeを `auto` 寄りの権限で回して、ターミナルに流れる出力をろくに見ていませんでした。便利だったからです。便利なものは、たいてい後ろから刺さります。

## 「疑わしきも許可」が秘密を運ぶ仕組み

問題はファイルを直接開く話だけではありません。エージェントが実行したコマンドの出力が、そのまま会話コンテキストに取り込まれ、APIに送られます。これが見落とされがちな漏洩経路です。

具体的にはこうです。エージェントがデバッグのために `printenv` を打つ。あるいはアプリの起動ログに環境変数が出る。`docker inspect` の結果に認証情報が混ざる。そのテキストは全部、Claude Codeのコンテキストに入ります。そしてコンテキストはAnthropicのAPIに送られる。`AWS_SECRET_ACCESS_KEY` が、誰も「漏らそう」と思っていないのに、平文で旅に出るわけです。

OWASPは2026年に「Agentic Security Top 10」を公開しました。その A2(過剰な権限付与)と A4(データ漏洩)は、図解の中の脅威ではなく、`auto` や `--dangerously-skip-permissions` を押した瞬間に現実になります。GitGuardianの2026年レポートでは、公開GitHub上で2,900万件のシークレットが検出され、AI支援のコミットはベースラインの約2倍の頻度で秘密を漏らしていた、というデータも出ています。エージェントは秘密を漏らすのが上手いのです。悪意なく、勤勉に。


## deny-rules で危険なパターンを明示的に止める

最初の防御線は `.claude/settings.json` の deny ルールです。deny は allow より常に優先されるので、危険なパターンをここで名指しで潰します。

```json
{
  "permissions": {
    "allow": [
      "Read",
      "Bash(npm test *)",
      "Edit(src/**/*.ts)"
    ],
    "deny": [
      "Read(.env)",
      "Read(.env.*)",
      "Edit(*.env*)",
      "Write(*.env*)",
      "Read(*.pem)",
      "Read(*.key)",
      "Read(credentials.json)",
      "Bash(curl * | bash)"
    ]
  }
}
```

設定の優先順位も押さえておくと効きます。管理ポリシー(`/etc/claude-code/settings.json`)はユーザーが上書きできないので、チームで強制したいルールはここに置きます。個人の油断を、組織の設定で先回りして潰すわけです。

## deny-rules を過信してはいけない理由

ここで正直に書きます。deny ルールだけを信じるのは危険です。2026年に入って、`Read` の deny ルールが `.env` に対して実際には効いていない、という不具合が複数報告されました(anthropics/claude-code の Issue #24846 ほか)。deny に `.env` を入れて「守った」と思い込んだ状態が一番こわい。プロンプトも警告もなく、エージェントが拒否したはずのファイルを読んでいた、という報告です。

つまり deny-rules は「最初の壁」であって「最後の砦」ではありません。鍵をかけたつもりのドアが、たまにノブだけ回ると思っておいたほうがいい。だから層を重ねます。

## 多層で守る: 設定の外側に防御を置く

秘密を守る一番確実な方法は、そもそもディスク上に平文の秘密を置かないことです。実行時に取得して、ファイルに書かないなら、どんなツールにも読むものがありません。

私が実際にやっている順番はこうです。

1. **`.env` をディスクから減らす。** 本番に近い値はシークレットマネージャ(AWS Secrets Manager、HashiCorp Vault)に寄せ、実行時に注入する。ローカルの `.env` はダミー値に置き換える。漏れて困らない値なら、漏れても困りません。
2. **`.gitignore` と除外設定を二重で張る。** `.env`、`*.pem`、`*.key`、`credentials.json` をコミット対象から外し、エージェントの除外設定にも入れる。
3. **Hooks で二重チェックする。** 権限ルールに加えて、Hooks で危険なツール使用を検査し、Exit code 2 でブロックする。`async` オプションを使えば、すべてのツール使用を外部ログに記録して後から監査できます。
4. **APIキーを最小権限+月間上限にする。** エージェント用のキーは、必要最小限の権限と利用上限を設定する。万一漏れても、被害の天井を低くしておく。
5. **ネットワークを断つ選択肢を持つ。** ローカルファイルだけを触るタスクなら、Dockerコンテナを `--network none` で起動して、外への送信経路ごと塞ぐ。出ていけないなら、漏れようがありません。


5つ全部を最初からやる必要はありません。私のおすすめは、まず 1 と 2 だけ今日やることです。`.env` をダミーに差し替えて `.gitignore` を確認する。これだけで、漏れて致命傷になる平文の秘密がローカルから消えます。残りは運用の本気度に合わせて足していけばいい。

## エージェント実行時権限は「設定して終わり」ではない

セキュリティは設定ファイルに書いた瞬間に完成、ではありません。CVE情報やOWASPの更新、そして今回の deny-rules の不具合のように、前提が静かに変わります。`auto` の便利さは本物です。ただ、便利だからといって出力を見なくていいわけではありません。私が一番痛い目を見たのも、ターミナルを見ていなかった時でした。

権限を最小化し、deny で危険を名指しし、その外側に「平文の秘密を置かない」「出口を塞ぐ」を重ねる。エージェント実行時の秘密漏洩は、この多層でほぼ止まります。完璧な一枚の壁を探すより、そこそこの壁を何枚か立てるほうが現実的です。一枚くらい錆びていても、後ろにまだ何枚か残っています。ターミナルを見ていなかった私が、それでも今は安心してエージェントに仕事を任せられているのは、そのおかげです。

---

Claude Codeの権限モデル・サンドボックス・コスト設計をまとめて知りたい方は、書籍にしました。

[Claude Code Mastery](https://kenimoto.dev/ja/books/claude-code-mastery?utm_source=kenimoto-dev-blog&utm_medium=article&utm_campaign=claude-code-deny-rules-env)

---

# Claude Code Hooks v2 — 「お願い」を「プログラム」に変える25のイベント

URL: https://kenimoto.dev/ja/blog/claude-code-hooks-v2-25-events/
Lang: ja
Date: 2026-05-02
Description: CLAUDE.mdに書いたルールは「お願い」にすぎない。Hooks v2は25種のイベントと4種のハンドラーで、AIの動作にプログラム的に介入する仕組みです。settings.jsonに書くだけで今日から使えます。

CLAUDE.mdに「ファイル編集後は必ずlintを走らせて」と書きました。3日間は守られていました。4日目、deadlineに追われたClaude Codeは見事にlintをスキップし、フォーマットが壊れたコードをそのままコミットしてくれました。

私は、部下への口頭指示が3日で蒸発する中間管理職の気持ちを、AIとの間で追体験していました。

CLAUDE.mdの指示は「お願い」です。Claudeはお願いを覚えていますが、忘れることもあります。100回中95回は守るかもしれない。でも残りの5回が本番障害を引き起こしたら?

Hooks v2は「お願い」を「プログラム」に変えます。


## CLAUDE.md vs Hooks: 何が違うのか

CLAUDE.mdはClaude Codeへのテキスト指示です。Claudeのコンテキストに読み込まれ、「こうしてほしい」と伝えます。ほとんどの場合は機能します。でも「ほとんど」では足りない場面があります。

Hooksはsettings.jsonに定義するプログラムです。Claude Codeの動作に介入し、条件に合致したときにシェルコマンドやWebhookを自動実行します。Exit code 2を返せば、ツールの実行そのものをブロックできます。

違いを一言で言うと、CLAUDE.mdは「守ってね」で、Hooksは「守らせる」です。

テストがバグの不在を証明できないように、CLAUDE.mdもルールの遵守を保証できません。Hooksはルールをコードにすることで、遵守しなければ先に進めない仕組みを作ります。


## 25のイベント、6つのカテゴリ

前作のHooksはPreToolUseとPostToolUseの2イベントだけでした。Hooks v2は25種類以上のイベントに対応しています。まったく別のシステムです。

6つのカテゴリに整理すると見通しが良くなります。

### セッションライフサイクル

| イベント | タイミング |
|---------|----------|
| **SessionStart** | セッション開始(起動/再開/クリア/コンパクション後) |
| **SessionEnd** | セッション終了 |
| **InstructionsLoaded** | CLAUDE.mdやrulesファイルの読み込み時 |

### ツール実行

| イベント | タイミング | ブロック可能 |
|---------|----------|:----------:|
| **PreToolUse** | ツール実行前 | Yes |
| **PostToolUse** | ツール実行成功後 | - |
| **PostToolUseFailure** | ツール実行失敗後 | - |
| **PermissionRequest** | 権限ダイアログ表示時 | - |
| **PermissionDenied** | 自動モードでツール拒否時 | - |

### エージェント

| イベント | タイミング |
|---------|----------|
| **SubagentStart** | Sub-agent起動時 |
| **SubagentStop** | Sub-agent終了時 |
| **TeammateIdle** | チームメイトがアイドル時 |
| **TaskCreated** | タスク作成時 |
| **TaskCompleted** | タスク完了時 |

### ファイル・環境

| イベント | タイミング |
|---------|----------|
| **FileChanged** | 監視対象ファイルの変更時 |
| **CwdChanged** | 作業ディレクトリ変更時 |
| **ConfigChange** | 設定ファイル変更時 |
| **WorktreeCreate** | Git worktree作成時 |
| **WorktreeRemove** | Git worktree削除時 |

### コンテキスト

| イベント | タイミング | ブロック可能 |
|---------|----------|:----------:|
| **PreCompact** | コンパクション前 | Yes |
| **PostCompact** | コンパクション後 | - |

### MCP・通知

| イベント | タイミング |
|---------|----------|
| **Elicitation** | MCPサーバーがユーザー入力を要求時 |
| **ElicitationResult** | ユーザーがMCP elicitationに応答後 |
| **Notification** | 通知送信時 |
| **StopFailure** | APIエラーでターン終了時 |
| **UserPromptSubmit** | ユーザー入力をClaude処理前 |

25のイベントを全部覚える必要はありません。実際に使うのは最初の数個です。ほとんどの開発者にとって、PreToolUse + PostToolUse + SessionStartの3つで用事の8割は片付きます。

残り22個は「いつか使うかもしれない引き出し」です。本棚の端にある辞書みたいなもので、存在を知っておくだけで十分です。

## settings.jsonの書き方

Hooksはsettings.jsonに定義します。構造は3層です。

```json
{
  "hooks": {
    "イベント名": [
      {
        "matcher": "マッチ対象",
        "hooks": [
          {
            "type": "command",
            "command": "実行するコマンド",
            "timeout": 30
          }
        ]
      }
    ]
  }
}
```

**イベント名** -> **マッチャー配列** -> **ハンドラー配列**。1つのイベントに複数のマッチャーを設定でき、1つのマッチャーに複数のハンドラーをチェインできます。

マッチャーはイベントの種類によって異なる対象にマッチします。ツールイベントならツール名(`"Bash"`、`"Edit|Write"`)、SessionStartなら起動理由(`"startup"`、`"resume"`)、SubagentStart/StopならSub-agentの名前です。`"*"` や空文字、またはmatcher自体の省略で全てにマッチします。

## 実践例3つ: 今日から使える設定

### 1. 破壊的コマンドをブロックする(PreToolUse)

```json
{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash",
        "hooks": [
          {
            "type": "command",
            "if": "Bash(git push --force*)",
            "command": "echo 'force pushはブロックされています' >&2; exit 2"
          }
        ]
      }
    ]
  }
}
```

`exit 2` が鍵です。Exit code 0は成功、exit code 1は非ブロックエラー(ログされるだけ)、**exit code 2だけがツール実行をブロック**します。

CLAUDE.mdに「force pushしないで」と書いても、急いでいるClaudeは忘れるかもしれません。このHookなら、物理的にforce pushできなくなります。

同じパターンで `.env` ファイルの編集防止もできます。

```json
{
  "matcher": "Edit|Write",
  "hooks": [
    {
      "type": "command",
      "if": "Edit(*.env*)|Write(*.env*)",
      "command": "echo '.envファイルの編集は禁止です' >&2; exit 2"
    }
  ]
}
```

### 2. ファイル保存後に自動フォーマット(PostToolUse)

```json
{
  "hooks": {
    "PostToolUse": [
      {
        "matcher": "Write|Edit",
        "hooks": [
          {
            "type": "command",
            "command": "npx prettier --write \"$FILE_PATH\"",
            "timeout": 30,
            "statusMessage": "Prettierでフォーマット中..."
          }
        ]
      }
    ]
  }
}
```

CLAUDE.mdに「Prettierを走らせて」と書く代わりに、Hooksに書けば **毎回確実に** 走ります。忘れるのは人間もAIも同じ。仕組みで解決するほうが健全です。

### 3. セッション開始時に環境変数を設定(SessionStart)

```json
{
  "hooks": {
    "SessionStart": [
      {
        "hooks": [
          {
            "type": "command",
            "command": "echo 'export NODE_ENV=development' >> \"$CLAUDE_ENV_FILE\""
          }
        ]
      }
    ]
  }
}
```

`$CLAUDE_ENV_FILE` はSessionStartイベント限定の特殊変数で、ここに書き込んだ環境変数はセッション全体で有効になります。「開発環境では必ず `NODE_ENV=development` にする」をプログラム的に保証します。

## 4種類のハンドラー

Hooks v2には4種類のハンドラーがあります。

**command**: シェルコマンドを実行します。もっとも基本的で、ほとんどのユースケースはこれでカバーできます。標準入力にイベント情報がJSONで渡されます。

**http**: Webhookとして外部サービスにPOSTリクエストを送信します。2026年2月に追加されたハンドラーで、SlackやDiscordへの通知、外部監視システムとの連携に使えます。

```json
{
  "type": "http",
  "url": "http://localhost:8080/hooks/pre-tool-use",
  "headers": { "Authorization": "Bearer $MY_TOKEN" },
  "allowedEnvVars": ["MY_TOKEN"],
  "timeout": 30
}
```

**prompt**: 別のLLMにイベント内容を評価させます。「このコマンドは安全ですか?」をAIに判断させるセキュリティゲートとして使えます。

**agent**: Sub-agentを起動して検証を行います。Read/Grep/Globなどのツールを使った複雑な検証ロジックに向いています。実験的機能です。

正直なところ、最初はcommandだけで十分です。httpは外部連携が必要になったとき、promptとagentは「人間の判断をAIに委譲したい」ときに検討すればよいです。全部使いこなそうとすると、道具に振り回される日曜大工みたいになります。

## 私が使っている設定

私の実際のsettings.jsonから、特に効果を感じている設定を紹介します。

```json
{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash",
        "hooks": [
          {
            "type": "command",
            "if": "Bash(git push --force*)",
            "command": "echo 'force pushはブロック' >&2; exit 2"
          }
        ]
      },
      {
        "matcher": "Edit|Write",
        "hooks": [
          {
            "type": "command",
            "if": "Edit(*.env*)|Write(*.env*)",
            "command": "echo '.env編集はブロック' >&2; exit 2"
          }
        ]
      }
    ],
    "PostToolUse": [
      {
        "matcher": "Write|Edit",
        "hooks": [
          {
            "type": "command",
            "command": "npx prettier --write \"$FILE_PATH\"",
            "timeout": 30
          }
        ]
      }
    ],
    "SessionStart": [
      {
        "hooks": [
          {
            "type": "command",
            "command": "echo 'export NODE_ENV=development' >> \"$CLAUDE_ENV_FILE\""
          }
        ]
      }
    ]
  }
}
```

この設定で実現していること:

- `git push --force` が物理的にブロックされる
- `.env` ファイルが編集不可になる
- ファイル保存のたびにPrettierが自動実行される
- セッション開始時にNODE_ENVが自動設定される

CLAUDE.mdには同じことが4行のテキストで書けます。でもテキストは忘れられる可能性があります。このsettings.jsonは忘れません。

## 始め方

Hooks v2を始めるのに25イベントを全部理解する必要はありません。

**Step 1**: 自分のCLAUDE.mdを開いて、「守られないと困るルール」を1つ見つける。

**Step 2**: そのルールをPreToolUseまたはPostToolUseのHookに変換する。

**Step 3**: settings.jsonに追加して動作確認する。

これだけです。1つのHookが動くのを見たら、「次はあのルールもHookにできるな」と自然に広がっていきます。

CLAUDE.mdを書くのをやめる必要はありません。ルールの中で「守られなくても困らないもの」はCLAUDE.mdに残し、「守られないと困るもの」だけをHooksに昇格させる。この使い分けが現実的です。

私はHooks v2を導入してから、lintのスキップが完全にゼロになりました。CLAUDE.mdに3回書き直しても直らなかったことが、settings.jsonの5行で解決した。テクノロジーの正しい使い方だと思います。もっとも、その5行を書くのに半日かかったのは内緒です。

## 参考リンク

- [Hooks reference - Claude Code Docs](https://code.claude.com/docs/en/hooks) - 公式リファレンス
- [Claude Code Hooks: Complete Guide](https://claudefa.st/blog/tools/hooks/hooks-guide) - 全12ライフサイクルイベント解説
- [Claude Code Hooks Tutorial](https://blakecrosley.com/blog/claude-code-hooks-tutorial) - 実践チュートリアル(5パターン)

---

## さらに深掘りしたい方へ

本記事で触れたのは一部です。CLAUDE.md の書き方を「2行から100行まで」、Plan Mode 起点の開発フロー、チーム運用、非コーディング業務への応用まで、19章で体系化した **[実践Claude Code — コンテキストエンジニアリングで開発が変わる](https://kenimoto.dev/ja/books/claude-code-mastery)** を参考にしてください。

---

# Claude Code Skills を10個書いたら、4個に統合された — Reusable Pattern が回り始める瞬間と回らない瞬間

URL: https://kenimoto.dev/ja/blog/claude-code-skills-10-to-4-integration-pattern/
Lang: ja
Date: 2026-05-20
Description: Claude Code Skills を10個書きました。3か月運用した結果、4個に統合され、6個は消えました。残った4個と消えた6個の境界線、Skill 設計で繰り返した6種類の失敗、そして「Skill にする / しない」を分ける1つの基準について書きます。

Claude Code Skills が公式に降りてきた最初の週、私は10個書きました。「これで作業が全部自動化されるはずだ」と思ったからです。月単位の確定申告から、Zenn の記事公開、Telegram 通知、画像生成、PR レビューまで、思いついた手順を片っ端から SKILL.md にしました。最初は Skill 1個 = アシスタントを1人雇った気分でした。実態は **1個 = 起動時にカタログ展開で数百〜数千トークン分の脳のスペースが減る** だけだったんですけど、それに気づくのは2週間後です。

3か月運用した結果、10個のうち6個は消えました。残った4個は、起動の仕方も書き方も最初の10個とはまったく違うものに変わっています。この記事は、その10→4の境界線を共有する記事です。

なお、先週 Zenn で「Claude Code 拡張47→5絞り込み」という記事を書きました。あちらは Skills / MCP / Hooks / Plugins の **4種類全体を含めた絞り込み体験談** です。本記事は **Skills 単体に絞った設計の話** なので、ご了承ください。Sub-agent や Hooks v2 の話は別の場所で書いています。


## 残った4個

先に結論を書きます。3か月生き残った4個はこれです。

1. **`kenimoto-dev-cycle`** — kenimoto.dev のブログ運用 PDCA。Observer → Strategist → Marketer の3層を1日1回回す
2. **`zenn-cycle`** — Zenn 記事の同じ PDCA。日本語、24時間ルールあり
3. **`generate-image`** — HTML + Puppeteer で navy-mono の図解画像を生成
4. **`avoid-ai-writing-ja`** + 兄弟3言語 — AI Slop 検出と書き換え

4個の共通点は2つあります。

- **入力が決まっている**: cron か、特定のファイルパス、特定のフェーズからしか呼ばれない
- **出力が他の流れにつながる**: 画像は記事に、AI Slop チェックは公開ゲートに、cycle は cron 通知に

逆に消えた6個は、入力も出力も曖昧でした。「便利そうだから書いた」だったんです。

## 消えた6個と、消えた理由

消した順に並べます。

### 1. `morning-summary` — 重複起動で消えた

朝の活動ログをまとめてくれる Skill でした。しかし `kenimoto-dev-cycle` の Observer フェーズと、`zenn-cycle` の Observer フェーズと、`harness-admin` の status check と内容が8割重なっていました。3つの Skill から「朝の状況を見たい」シーンが派生して、それぞれが個別に書かれていただけだったんです。

統合先: 各 cycle Skill の Observer フェーズに吸収。`morning-summary` 単体は不要。

### 2. `tg-notify-rich` — 使用頻度が低くて消えた

Telegram 通知をリッチな書式で送る Skill。月に1回くらいしか呼ばれませんでした。それなら3行のシェルスクリプトで十分です。Skill 化する基準を満たしていません。

教訓: **月に2回未満しか呼ばれない手順は Skill にしない**。記憶を圧迫するだけです。

### 3. `gitignore-check` — Hook で代替できて消えた

ファイル追加時に `.env` などの秘密ファイルを誤って commit していないかを確認する Skill。これは Hook (`PostToolUse` の Edit / Write) で十分でした。Skill にすると「呼ばれて初めて動く」ですが、Hook なら「ファイル編集のたびに自動で動く」です。

教訓: **「特定の操作の後に毎回走るべき」処理は Hook、判断や対話が必要な処理は Skill**。境界線はここです。

### 4. `book-outline-gen` — context 汚染で消えた

書籍の章立てを提案する Skill。最初は便利でしたが、frontmatter ルール、構成テンプレート、avoid-ai-writing 連携など、ロードする情報が肥大化していき、起動時のコンテキスト負担が大きくなりました。同時に、書籍はそんなに頻繁に書かないので、必要なときに自然言語で指示するほうが軽かったです。

教訓: **「コンテキストを大量に持ち込む Skill」は、起動頻度が低いと割に合わない**。

### 5. `pr-review-light` — 書き換え頻度が高くて消えた

PR レビューを Skill にしたものの、レビュー観点が案件ごとに違いすぎて、SKILL.md の改訂が毎週入りました。3週連続で書き換えたところで「これは Skill ではなく、対話で都度方針を渡すべきだ」と判断しました。

教訓: **書き換え頻度の高い手順は Skill にしない**。判断ロジックがまだ固まっていない証拠です。

### 6. `email-triage` — generic化に失敗して消えた

Gmail の未読を分類する Skill。Pinterest 通知、KDP 通知、その他の取引先、と分類カテゴリーが増えるたびに条件分岐が膨れて、最終的に「個別の `check-gmail` 系 Skill のほうが軽い」ことに気づきました。

教訓: **無理に1つの Skill に詰め込もうとせず、3つに分ける**。

## 残った4個に共通する設計原則

3か月運用して気づいた、Skill が生き残るための条件を書きます。

### 条件1: 1日1回以上の頻度で起動される

毎日呼ばれない Skill は、たいてい次第に「あれ、これ何を書いた Skill だっけ？」になります。生き残った4個は、cron か手動か、形式は違えど **毎日呼ばれる Skill** でした。

「いつか役立つ」ために書いた Skill は、ほぼ全部消えました。

### 条件2: 入力の起点が1つに固定されている

`generate-image` は記事の図解、`avoid-ai-writing-ja` は記事完成後、`*-cycle` は cron。起点が決まっていると、Skill が呼ばれるたびに「ああ、いつものやつね」と context の準備ができます。

逆に「いろんな場面で便利」を狙った Skill は、毎回 context を再構築する羽目になります。

### 条件3: SKILL.md を3か月書き換えていない

これは結果論ですが、3か月運用して書き換えなかった Skill だけが残りました。書き換え頻度は、その Skill の判断ロジックが固まっているかどうかの指標です。

書き換えが多い Skill は、まだ Skill にする時期ではないと割り切るのが楽でした。

## Skill にする / しない を分ける1つの基準

10→4の統合を経て、いまの私が新しい Skill を書く前に自問するのは1つです。

**「この処理は cron か file watcher か特定のフェーズから自動で呼べるか?」**

Yes なら Skill 化に意味があります。No なら、たぶん対話で都度書くか、Hook にするか、シェルスクリプトで済ませるかの3択です。

最初の10個を書いていた頃の私は、「便利そうだから」を起点に Skill を作っていました。便利そう、は罠です。Claude Code Skills は便利になるための道具ではなく、 **同じことを何度も繰り返す手順をパッケージ化するための道具** です。何度も繰り返さない手順をパッケージ化しても、起動時のオーバーヘッドだけが残ります。

10個書いて6個消した経験から言うと、最初から4個を目指して書くより、思い切り10個書いてから消すほうが、自分にとってどの Skill が機能するかが見えやすいです。消す勇気のほうが、書く勇気より高くつきます。私は6個消すのに3か月かかりました。

最初から完璧な Skill セットを目指す必要はないです。雇って、合わなかったら静かに別れる、それを3回繰り返すうちに「ああ、私の作業はだいたいこの4種類だな」が見えてきます。

---

Claude Code Skills の設計、フォルダ構成、運用フローの詳細は『[Claude Code Mastery](https://kenimoto.dev/ja/books/claude-code-mastery)』にまとめています。

---

# Claude CodeのSub-agent設計 — 1セッションで専門家チームを使い分ける

URL: https://kenimoto.dev/ja/blog/claude-code-sub-agent-design/
Lang: ja
Date: 2026-05-01
Description: Explore・Plan・汎用の3種のビルトインSub-agentと、カスタムSub-agentの作り方。コンテキスト保全・制約強制・コスト制御の3原則で、1セッションを専門家チームに変える設計パターン。

Claude Codeで大きなリファクタリングをしていたとき、コードベース全体を調査させたらコンテキストウィンドウの70%が検索結果で埋まりました。肝心のリファクタリング指示を出す頃には、窓が狭すぎて的外れな提案しか返ってこない。

私は「調査が上手すぎて仕事ができなくなるAI」という、落語みたいな状況に立ち会っていました。

解決策はSub-agentです。調査を別の専門家に委譲して、結果の要約だけ受け取る。メインの会話は綺麗なままです。

## Sub-agentとは何か

Sub-agentは、メインのClaude Codeセッションから呼び出される専門家です。独立したコンテキストウィンドウで動作し、タスクが終わったら結果だけを返します。

Eric Raymondの「目玉の数が十分あれば、バグは浅くなる」は、オープンソースのレビュアーの話でした。Sub-agentはこれをAIに持ち込みます。Exploreエージェントにコードを調査させ、セキュリティ用エージェントに脆弱性を探させる。「目」の数が増えるほど、見落としが減ります。

Sub-agentを使う理由は3つです。

**コンテキストの保全。** コードベースの探索や大量ログの解析をメインでやると、検索結果がコンテキストを圧迫します。Sub-agentに委譲すれば、調査はSub-agent側で完結し、メインには要約だけ返ります。冷蔵庫の中身を全部テーブルに出して料理するか、必要な食材だけ取り出すかの違いです。

**制約の強制。** Sub-agentにはツールアクセスを制限できます。調査専用エージェントにはRead/Grep/Globだけを許可し、ファイル編集を禁止する。「見ていいけど触るな」を技術的に強制できます。

**コストの制御。** Sub-agentごとにモデルを指定できます。調査のような軽いタスクにはHaikuを使い、重要な設計判断にはOpusを使う。全員に役員報酬を払う必要はありません。

## ビルトイン3種の使い分け

Claude Codeには、すぐに使えるSub-agentが3種あります。

| Sub-agent | 得意なこと | 使えるツール | 編集権限 |
|-----------|----------|------------|---------|
| **Explore** | コード調査、リサーチ | Read, Grep, Glob, WebSearch | なし |
| **Plan** | 設計、実装計画 | Read, Grep, Glob, WebSearch | なし |
| **general-purpose** | 実装、テスト実行 | フルセット | あり |

Claudeはタスクの内容に応じてこれらを自動選択します。「このファイルの依存関係を調べて」と書けばExploreが、「リファクタリングの計画を立てて」と書けばPlanが起動します。

ここで大事なルールが1つ。**Sub-agentはメインの会話履歴を引き継ぎません。** 「さっき話した件」のような曖昧な参照は機能しません。タスクの指示はSub-agentに渡すプロンプトの中で完結させる必要があります。

隣の部屋にいる同僚に仕事を頼むときと同じです。「あれやっといて」ではなく「Aファイルの認証ロジックを調べて、OAuth2の実装箇所をリストアップして」と具体的に伝える。

## カスタムSub-agentの作り方

ビルトイン3種でカバーできない専門家が必要なら、自分で作れます。

### 配置場所

| スコープ | パス |
|---------|------|
| 個人(全プロジェクト共通) | `~/.claude/agents/<name>.md` |
| プロジェクト(チーム共有) | `.claude/agents/<name>.md` |

プロジェクトの規約に依存する専門家(コーディング規約チェッカーなど)は `.claude/agents/` に。個人のワークフローに関わるもの(ドキュメント検索など)は `~/.claude/agents/` に置きます。

### 実例: セキュリティレビュー用Sub-agent

```markdown
---
name: security-reviewer
description: コードのセキュリティ問題を検出する
model: sonnet
allowed-tools: Read Grep Glob WebSearch
---

あなたはセキュリティレビューの専門家です。

コードを分析する際は、以下の観点で確認してください:

1. OWASP Top 10に該当する脆弱性
2. 認証・認可の不備
3. 入力値の検証漏れ
4. 機密情報のハードコーディング
5. 依存パッケージの既知の脆弱性

発見した問題はCVSSスコア(推定)付きで報告してください。
```


frontmatterの `---` で囲まれた部分がメタデータ、それ以降がSub-agentのシステムプロンプトです。

### frontmatterの主要フィールド

| フィールド | 説明 | 設計判断のポイント |
|-----------|------|-----------------|
| `name` | 表示名 | `@name` で呼び出すので短く |
| `description` | いつ使うかの判断基準 | Claudeのルーティングに影響する |
| `model` | 使用モデル | コスト制御の要 |
| `allowed-tools` | 許可ツール(スペース区切り) | 最小権限の原則 |
| `memory` | `true` でSub-agent専用の永続メモリ | 繰り返し使うSub-agentに有効 |

`description` フィールドは単なるラベルではありません。Claudeがこの説明文を読んで「このタスクにこのSub-agentを使うべきか」を判断します。「セキュリティレビュー」よりも「PRのコード変更からOWASP Top 10脆弱性を検出する」のほうが、適切なタイミングで呼び出されます。

## モデル選択によるコスト制御

Sub-agentの設計でもっとも実用的な判断が、モデルの使い分けです。

| タスクの性質 | 推奨モデル | 理由 |
|------------|----------|------|
| コード検索、パターン照合 | Haiku | 読み取りだけなら高速・低コストで十分 |
| コードレビュー、バグ分析 | Sonnet | 判断力が必要だがOpusほどの推論は不要 |
| アーキテクチャ設計、複雑な判断 | Opus | 妥協すると後で手戻りするタスク |

全員Opusにすれば品質は最大になります。でもそれは、お使いも商談も全部社長が行くようなものです。調査はインターンに、レビューは中堅に、設計は社長に。組織設計と同じ原則です。

2026年2月にAnthropicが公開した社内活用PDFでも、このモデル使い分けパターンが中核として紹介されていました。Anthropic自身が「全部Opusにはしない」と言っている。説得力があります。

## Git Worktreeによる並列編集

Sub-agentの隠れた強力機能が、Git Worktreeとの連携です。

Agent toolの `isolation: "worktree"` パラメータを使うと、Sub-agentは一時的なworktreeを作成してそこで作業します。メインブランチのファイルを編集しながら、別のSub-agentがworktree上でテストコードを書く。作業が完了したらworktreeのブランチをマージする。

変更がなかったworktreeは自動でクリーンアップされます。変更があった場合はパスとブランチ名が返されるので、手動でマージできます。

「同じファイルを2人が同時に編集して衝突」という、チーム開発あるあるのリスクを技術的に回避できます。

## @メンションと永続メモリ

カスタムSub-agentは `@agent-name` で直接呼び出せます。チャットで `@security-reviewer このPRをチェックして` と書くだけ。

さらに、`memory: true` を設定するとSub-agent専用のAuto Memoryディレクトリが作成されます。セッションをまたいで学習した内容が保持されるので、同じSub-agentを繰り返し使うほど精度が上がります。

セキュリティレビュー用のSub-agentが「このプロジェクトではJWTの有効期限を15分に設定している」と学習すれば、次回以降は24時間に設定されたJWTを自動的に指摘してくれます。

## 私が実際に使っている3つのSub-agent

理論はここまでにして、実際の運用例を紹介します。

### 1. コードベース探索用(Explore強化版)

```markdown
---
name: codebase-scout
description: コードベースの構造と依存関係を調査する
model: haiku
allowed-tools: Read Grep Glob
---

コードベースを調査し、以下の形式で報告してください:
- 関連ファイルの一覧(パスと1行説明)
- 依存関係のグラフ(テキスト形式)
- 変更時の影響範囲
```

Haikuで十分です。ファイルを読んでパターンを見つけるだけなら、高級モデルは過剰投資です。

### 2. テスト設計用

```markdown
---
name: test-designer
description: 実装コードからテストケースを設計する
model: sonnet
allowed-tools: Read Grep Glob
---

与えられたコードを分析し、テストケースを設計してください:
- 正常系: ゴールデンパスのテスト
- 異常系: エラーハンドリングのテスト
- 境界値: エッジケースのテスト

テストコードは書かないでください。テストケースの一覧と検証ポイントだけを報告してください。
```

注意点は `allowed-tools` からEditを外していること。テスト設計と実装を分離することで、設計段階でのバイアスを防ぎます。テストを書く人が「実装しやすいテスト」を設計しがちな問題は、人間のエンジニアと同じです。

### 3. ドキュメント更新チェック用

```markdown
---
name: doc-checker
description: コード変更に対してドキュメントの更新漏れを検出する
model: haiku
allowed-tools: Read Grep Glob
memory: true
---

コードの変更差分とドキュメントを比較し、更新漏れを報告してください:
- READMEとの乖離
- APIドキュメントの不整合
- 設定ファイルの説明漏れ
```

`memory: true` にしているのは、プロジェクト固有の「どのドキュメントがどのコードに対応しているか」を学習させるためです。


## Sub-agentを使うべき場面、使うべきでない場面

Anthropicの公式ドキュメントにある判断基準が的確です。

**Sub-agentを使うべき場面:** タスクが「ノイズが多く、範囲が限定的で、要約しやすい」とき。大量のファイルを検索する、特定パターンを見つける、独立したレビューを行う。

**メインで続けるべき場面:** タスクが「小さく、密結合で、共有メンタルモデルに依存する」とき。3行の修正、直前の議論を踏まえた判断、一連のリファクタリングの途中ステップ。

判断を間違えると、Sub-agentにコンテキストを渡すオーバーヘッドのほうが、メインでやるコストを上回ります。包丁を洗うより手でちぎったほうが早いレタスに、わざわざ包丁を出す必要はありません。

## まとめ

- Sub-agentの価値は **コンテキストの保全** が第一。重い調査をメインから隔離し、要約だけ受け取る
- ビルトイン3種(Explore/Plan/general-purpose)は自動選択される。カスタムが必要なら `.claude/agents/` にMarkdown1枚
- **モデル選択がコスト制御の要。** 調査はHaiku、レビューはSonnet、設計はOpus
- Sub-agentへの指示は **自己完結** させる。「さっきの件」は通じない
- 「ノイズが多く、範囲が限定的で、要約しやすい」タスクに使う。それ以外はメインで続ける

まずは1つ、自分のプロジェクトでよく繰り返す調査タスクをSub-agentとして定義してみてください。`.claude/agents/` にMarkdownファイルを1つ置くだけで始められます。私は最初にcodebase-scoutを作りましたが、正直なところ、効果に気づいたのは「あれ、今日のセッション、なんかコンテキスト圧迫されてないな」と思った3日後でした。地味な改善ほど、効いている証拠です。

## 参考リンク

- [Claude Code Sub-agents公式ドキュメント](https://code.claude.com/docs/en/sub-agents) — カスタムSub-agentの作成ガイド
- [Anthropic社内Claude Code活用PDF](https://www.anthropic.com) — 2026年2月公開の社内活用パターン
- [Claude Code Subagents: How to Create, Use, and Debug Them](https://www.builder.io/blog/claude-code-subagents) — 実践的なチュートリアル

---

## さらに深掘りしたい方へ

本記事で触れたのは一部です。CLAUDE.md の書き方を「2行から100行まで」、Plan Mode 起点の開発フロー、チーム運用、非コーディング業務への応用まで、19章で体系化した **[実践Claude Code — コンテキストエンジニアリングで開発が変わる](https://kenimoto.dev/ja/books/claude-code-mastery)** を参考にしてください。

---

# CLAUDE.md は結局 Context Engineering を1ファイルに凝縮したものだった

URL: https://kenimoto.dev/ja/blog/claude-md-context-engineering-practice/
Lang: ja
Date: 2026-05-09
Description: 「CLAUDE.md? READMEで十分でしょ」と思っていました。3週間後、CLAUDE.mdなしのプロジェクトに戻れなくなりました。3階層運用と4段階の設計で、Claude Codeに毎回同じ説明をする時間を消した話です。

私も最初は「CLAUDE.md? READMEで十分でしょ」と思っていました。3週間後、CLAUDE.mdなしのプロジェクトに戻れなくなりました。

前回の記事では、[Context Engineering の5戦略](/ja/blog/context-engineering-introduction-five-strategies/)を見ました。同じ質問でも回答品質が4.6倍ぶれる原因はプロンプトではなくコンテキストにある、という話です。今回はその第3戦略、Context Engineering の設計を Claude Code でどう実装するか、つまり CLAUDE.md の話をします。

結論から書きます。**CLAUDE.md は設定ファイルではなく、Context Engineering の哲学を1ファイルに凝縮したものです**。

## CLAUDE.md は新人社員への引き継ぎ資料

新人がチームに入った日のことを思い出してください。前任者が「このプロジェクトで知っておくべきこと全部」を残してくれていれば、初日から動けます。技術選定の経緯、設計パターン、注意点、コーディング規約。新人はそれを読むだけでプロジェクトの全体像を把握できます。

CLAUDE.md はそれの AI 版です。Claude Code がセッション開始時に読み込むファイルで、毎回同じ説明を繰り返す必要をなくします。

従来のプロンプトはこうなりがちでした。

```text
このプロジェクトはNext.jsを使い、TypeScriptで書かれており、
APIはtRPCで実装され、データベースはPrismaでアクセスし、
認証はNextAuth.jsを使い、UIはTailwind CSSで構築され、
テストはJestとCypressで行い、デプロイはVercelで…
```

これを毎セッション貼り付けていた頃、私は中間管理職のような気持ちになっていました。同じ説明を3回したのに、4回目で「はじめまして」と言われる感覚です。

CLAUDE.md は一度書けば常に効きます。Claude Code はセッション開始時に自動で読み込みます。同じ説明をする時間が消えます。

## 3階層運用: User、Project、Local

CLAUDE.md は1ファイルではなく3階層で運用します。

```text
~/.claude/CLAUDE.md       # User: 全プロジェクト横断の指示
./CLAUDE.md               # Project: プロジェクト固有のガイドライン
./CLAUDE.local.md         # Local: マシン固有の上書き (gitignored)
```

それぞれの役割は次の通りです。

| 階層 | 用途 | 共有範囲 |
|---|---|---|
| User | 個人の開発スタイル、好みのワークフロー | 自分だけ |
| Project | チーム標準、アーキテクチャ方針 | チーム (Git管理) |
| Local | 開発環境固有の設定、APIキーの場所 | このマシンだけ |


Local を `.gitignore` に入れる作業を最初に必ずやってください。これを忘れると、チームメンバーに「君のマシンの開発用パスワードは `dev123` なんだね」と告げられる日が来ます。私は来ました。

3階層にした初日、私は別の問題に当たりました。`~/.claude/CLAUDE.md` に「Pythonが好き」と書いただけで、Goプロジェクトでも勝手にPythonの話を始めるClaudeに困りました。User-level の刃は両方向に切れます。「全プロジェクトで効く」は「全プロジェクトに副作用が出る」と同じ意味です。

User-level には**プロジェクトに依存しないこと**だけを書きます。「テストを書くときは関数名を `test_<対象>_<条件>_<期待>` にする」「コミットメッセージは Conventional Commits」みたいな普遍的なものです。「Python が好き」は嗜好であって規約ではないので、書くなら Project-level です。

## 段階的設計: 空、初期、成熟、大規模

CLAUDE.md を最初から完璧に書こうとすると失敗します。プロジェクトの段階に合わせて育てるのが正解です。

### 段階1: 空のプロジェクト

新規プロジェクトでは、最小限から始めます。

```markdown
# CLAUDE.md

## プロジェクト概要
製品名: TaskFlow (仮称)
目的: チーム向けタスク管理

## 技術スタック
- フロントエンド: React + TypeScript
- バックエンド: Node.js + Express
- データベース: PostgreSQL

## 開発方針
- TypeScript strictモード必須
- コミットメッセージは Conventional Commits
```

この段階では、技術選択の理由よりも**現在の状況**を記録するほうが大事です。理由は後付けで書けます。

### 段階2: 初期開発 (MVP)

機能開発が進んだら、設計判断と制約を追加します。

```markdown
## アーキテクチャ
### フロントエンド
- React 18 + TypeScript 5.0
- 状態管理: Zustand (Redux は過剰と判断)
- UI: Material-UI (カスタムデザイン最小化)

### バックエンド
- Node.js 18 + Express 4
- API: RESTful (GraphQL は将来検討)
- 認証: JWT + refresh token

## 設計原則
- シンプルさ優先: 複雑なパターンより可読性
- 段階的改善: 完璧を目指すより動作優先
```

「Reduxは過剰と判断」のような選択しなかった理由を書くのが効きます。これがないと、3ヶ月後にClaudeが「Reduxを導入しましょう」と毎週提案してきます。同じ議論を毎週するのは中間管理職っぽくて私は嫌でした。

### 段階3: 成熟プロジェクト

チームが拡大したら、コーディング規約を明文化します。命名規則、コンポーネント設計、API設計の3つは最低限書いておきます。

```markdown
## コーディング規約
### TypeScript
- インターフェース名は PascalCase、先頭の I は不要
- null/undefined: undefined を優先
- 型定義: 共有型は types/ 配下、個別型は同ファイル内

### API設計
- エンドポイント: RESTful、複数形 (/users, /tasks)
- エラー: 統一形式 { error: { code, message, details } }
- バージョニング: URL parameter (/api/v1/)
```

### 段階4: 大規模プロジェクト

複数チーム、複数サービスになったら、CLAUDE.md は2,000字以内に収め、詳細は `docs/` と `.claude/agents/` に分離します。これは Sub-agent 設計の話で、別記事の領域です。詳細は[Sub-agent 設計の記事](/ja/blog/claude-code-sub-agent-design/)を参照してください。

## 「やってはいけないこと」が一番効く

CLAUDE.md で最も効くのは「やってはいけないこと」セクションです。私の経験では、これが書いてあるかどうかで Claude Code の出力品質が体感3割変わります。

```markdown
## やってはいけないこと
### セキュリティ
- JWT を localStorage に保存禁止 → httpOnly Cookie 使用
- API キーのフロントエンド埋め込み禁止
- SQL クエリの文字列結合禁止 → prepared statement 必須

### パフォーマンス
- useEffect での無限ループ (dependency 配列忘れ)
- 大量データの map で key={index}
- 画像最適化なしの表示 (next/image 必須)
```

「やる」より「やらない」を書くのが効く理由は、AIの初期値が「Stack Overflow の最頻パターン」だからです。Stack Overflow の最頻パターンは、しばしば現代のベストプラクティスではありません。「やってはいけない」を書かないと、Claude Code は2018年のJWT記事を参考に `localStorage.setItem('token', jwt)` を書いてきます。書きました。私のプロジェクトで。

## CLAUDE.md は Hooks と Sub-agent の基盤

ここで Claude Code 上級運用の構図が見えてきます。

| 層 | 役割 | 制御の質 |
|---|---|---|
| CLAUDE.md | コンテキスト基盤 | お願い (柔らかい) |
| [Sub-agent](/ja/blog/claude-code-sub-agent-design/) | 役割分担 | 専門性の分離 |
| [Hooks v2](/ja/blog/claude-code-hooks-v2-25-events/) | 自動化 | プログラム (硬い) |

CLAUDE.md は「お願い」のレイヤーです。Claude は読んで理解しますが、忘れることもあります。100回中95回は守りますが、本番障害は残りの5回で起きます。

それを補うのが Hooks と Sub-agent です。Hooks は CLAUDE.md の「お願い」をプログラムに変えます。Sub-agent は1つのCLAUDE.md に詰め込みすぎたコンテキストを役割ごとに分離します。3層が揃って Claude Code 上級運用が機能します。

CLAUDE.md がない Hooks は、定義されていないルールを強制するスクリプトです。CLAUDE.md がない Sub-agent は、共通基盤のない専門家集団です。土台は CLAUDE.md です。

## prompt caching との関係

2026年5月時点で、Anthropic API の prompt caching は5分のTTLが標準です。CLAUDE.md は毎セッション同じ内容を読み込むので、cache hit が効きやすい部類のテキストです。

3,000字の CLAUDE.md を毎セッション読み込んだとして、初回はトークン課金されますが、5分以内の連続セッションは cache hit で90%引きになります。CLAUDE.md を「コストになるからケチって書く」必要はありません。むしろ書き込むほうが、長期的にはトークン効率が良いです。

ただし、5分間隔でしか使わないプロジェクトでは cache がコールドになります。その場合は CLAUDE.md を200行以内に保つのが現実的です。

## まとめ: CLAUDE.md = Context Engineering の凝縮

CLAUDE.md は単なる設定ファイルではありません。プロジェクトの**なぜ**と**どう**を AI に渡す Context Engineering の凝縮です。

3階層運用 (User/Project/Local) で関心を分離し、4段階 (空→初期→成熟→大規模) で育て、「やってはいけないこと」を明文化する。これが Claude Code を「賢いコピペマシン」から「プロジェクトの新人」に変える設計です。

次回は few-shot prompting の限界、または Agentic RAG の実装あたりを予定しています。CLAUDE.md で基礎を固めた後の、動的なコンテキスト戦略の話です。

<aside class="book-callout">

**この記事は書籍『LLMを「嘘つき」から「専門家」に変える技術 (Context Engineering 実践入門)』の第10章を再編集したものです。**

書籍では本記事の内容に加え、5段階のコンテキスト戦略、RAG設計、MCPサーバー設計、Agentic RAG までを体系的に扱っています。

[書籍ページ: LLMを「嘘つき」から「専門家」に変える技術](https://kenimoto.dev/ja/books/context-engineering)

</aside>

---

# Claudeに先週47回『おっしゃる通りです』と言われた。そのうち11回は私が、36回はClaudeが間違っていた。

URL: https://kenimoto.dev/ja/blog/claude-osshatoori-47kai-sycophancy-jissoku/
Lang: ja
Date: 2026-05-19
Description: 1週間分のClaude Codeトランスクリプトを『おっしゃる通り』でgrepしたら47件ヒットした。1件ずつ照合した結果、私が実際に正しかったのは11回、Claudeのほうが間違っていたのは36回。同じ数字、逆方向。

最初、私はClaudeが正しくて私が間違っていたのだろうと思っていた。47回も同意されたのだから、私のほうがましな判断をしていたはずだと。

実測してみたら、逆だった。私が実際に正しかったのは11回、Claudeのほうが間違っていたのが36回。同じ47件のうち、現実と一致した「おっしゃる通り」は23%しかなかった。コイン投げより悪く、おみくじよりは少しまし、というラインです。

前にClaudeが[3回連続でバグを隠す修正を出してきた話](https://kenimoto.dev/ja/blog/claude-bug-kakushi-debug-10-techniques-prompt/)を書いたことがある。あれは悪意めいた挙動だった。今回はもっと優しい挙動で、しかも頻度が桁違いに高い。

## どう数えたか

Claude Codeのセッションログは `~/.claude/projects/` に1セッション1ファイルで残る。先週の7日分には、kenimoto.devのリファクタリング、Voice AIの個人プロジェクト、そして1件のインフラ移行作業が混ざっていた。最後のやつについては、まあ、語らないでおきます。

```bash
rg -i "おっしゃる通り|you'?re absolutely right" ~/.claude/projects/ \
  --no-heading -n > sycophancy-week.txt
```

47行ヒット。表計算ソフトに貼り付けて、各行ごとに「直前の自分の発言」と「Claudeの直後3文」を抜き出した。そして、できるだけ自分に厳しくない採点ルールで、こう問いかけた。私が言ったことは、実際に正しかったか。

採点基準は私に有利めに置いた。たとえば「このレースコンディションは接続セットアップにあるはず」と私が言って、実際に接続セットアップに原因があれば、推論が雑でも「正しい」とカウントした。原因がメッセージキューにあったら「間違い」。

11回正しかった。36回間違っていた。Claudeはどの47回にも「おっしゃる通り」と返していた。


## 3つのパターン

36件の「間違いに同意された」ケースを分類すると、ほぼ全部が3つの型に収まった。

**同意先行型。** 私が何か提案する。Claudeは「おっしゃる通りです」と言ってから、2段落後にまったく逆の方針を提示してくる。冒頭の同意は社交的な潤滑剤で、本当の答えはその後の反対意見の中にある。私自身、冒頭1文を読んで後をスキミングしている自分に気づいた。これはまさにこのパターンが狙っている失敗モードです。

**事実追従型。** 私が「WebRTCの `setRemoteDescription` はICE candidate収集後にresolveするPromiseを返す」と間違ったことを断言する。Claudeは同意し、しかも親切にその間違いを前提にしたコードまで提案してくる。これが一番時間を奪う。「Claudeが言ったから正しい」と思い込んで延々と回り道するデバッグは、全部このパターンから始まる。36件中19件がこの分類。

**コード擁護型。** 80行のコードを貼り付けて「どこに問題がある？」と聞く。Claudeは特に問題を見つけず、構造を褒める。同じ80行を、今度は「これ、書き上げたばかりなんだけど綺麗だよね」というフレーミングで貼り直すと、Claudeは私が見落としていた本物のバグを3個指摘してくる。同じコード、逆の評価。変わったのは私の口調だけだった。

3つ目が一番たちが悪い。プロンプトのフレーミングが、私の想定以上に挙動を支配している。

## Anthropicの取り組みと、それでも残るもの

Anthropicはsycophancyについて沈黙しているわけではない。[Claude 4のリリースノート](https://www.anthropic.com/news/claude-4)では、reward modelingでの過度な同意を減らしたという話が明示的に出てくる。社内評価で「明らかに誤った前提に対してどれだけ押し返せるか」を測るベンチマークも繰り返し言及されている。彼らの数字は良くなっている。私のターミナルは週47回のままです。

このギャップは、おそらく「sycophancy」の定義のズレから来ている。研究論文での意味は「明らかに間違っている事実主張をモデルが押し返さない」というかなり強い現象を指す。これはほぼ修正されている。私が観測しているのはもう少し弱いやつで、「文体としての同意トーンがデフォルトになっていて、中身が中立や批判であってもまず同意の言葉から入る」というUXの問題に近い。後者は技術というよりプロダクト判断で、つまり「フレンドリーに聞こえるほうがよい」という設計選好の帰結です。

OpenAIは2024年に[GPT-4oの過剰なフレンドリー化を公式に取り下げた](https://openai.com/index/sycophancy-in-gpt-4o/)ことがある。あれは「ユーザーは同意のトーンをどこまで許容するか」のストレステストみたいなものだった。Claudeに同等の公的な瞬間はまだないが、ダイヤルがあって、その目盛りはやや高めに設定されている、という点は同じだと思います。

## 私が変えたこと

フレンドリーなトーンを切る気はない。あれは好きです。ただ、冒頭1文を真に受けるのをやめた。

具体的に変えたのは3つ。

1. **逆張りをデフォルトにする system prompt。** Claude Codeの設定に「私の技術的主張に同意する前に、それが間違っている可能性のうち最も強いものを1つ挙げよ。それを述べてから初めて、同意するかどうか決めよ」という1文を追加した。これで「おっしゃる通り」の頻度が体感6割減った。厳密な計測ではないが、効きは本物です。
2. **コードレビューは所有者シグナルを消す。** 本当にレビューしてほしいときは、新しいセッションを開いて「私が書いた」とは書かずに匿名のコードとして貼る。Claudeに擁護する相手がいなくなる。すると、本当に存在するバグだけが返ってきます。
3. **退出時のgrep。** セッション終了時に `rg "おっしゃる通り"` をトランスクリプトにかける。実質的な意思決定1件あたり2件以上ヒットしていたら、そのセッションは要再レビュー扱いにする。30秒で済むし、今週これで2件の誤判断を救出した。

これらは根本的な解決ではない。挙動はそのままです。ただ、挙動が私のコストになる手前で止める仕組みになっています。

## 本当に欲しいもの

2つあります。1つは、API経由で同意度合いをthinking budgetのように調整できるダイヤル。もう1つは、トランスクリプトに「ここから先は社交的な前置きであって、実質的な回答ではない」という内部トークンが入ること。そうすれば、私は前置きをスキップする読み方を訓練しやすくなる。

どちらも来週には来ない。だから当面の対処は、grepして、数えて、自分の読み方を再訓練する、それだけです。

ちなみに、今回の調査結果をClaudeに見せたら、返事は「おっしゃる通り、これは重要な観察です」から始まった。そのまま残しておいた。48件目です。

---

**この記事の元になっているClaude Code運用論をまとめた話。** CLAUDE.mdの書き方を「2行から100行まで」、システムプロンプトで同意率を半分にした実装、トランスクリプトgrepによる挙動観測まで、Claude Codeを業務で本気で運用するためのパターンを19章で体系化しました。[実践Claude Code — コンテキストエンジニアリングで開発が変わる](https://kenimoto.dev/ja/books/claude-code-mastery)で、本記事の第4章相当（system promptパターン）と第11章相当（transcriptレビュー習慣）を読めます。

---

# コードレビューを6段階にしたら、AIと人間の分業が見えた

URL: https://kenimoto.dev/ja/blog/code-review-6-stages-ai-human-boundary/
Lang: ja
Date: 2026-05-24
Description: Logic層でバグを3つ通した経験から、コードレビューを Format / Lint / Style / Logic / Design / Architecture の6段階に切り直しました。AI比率は段階ごとに 100% から 0% へ下がり、一番危ないのは AI カバー率60%の Logic 層という結論に至るまでの運用記録です。

私は最初、AIに Logic 層を任せて3つのバグを通しました。

エッジケースの判定漏れ、空配列の扱いミス、外部APIのリトライ条件のずれ。 CodeRabbit も Copilot も指摘しなかったし、私自身も「AI が見たから大丈夫」と思って Approve を押していました。本番でデータが10件だけずれていることに気づいたのは、リリースの3日後です。

数字としては小さいバグでした。でも怖かったのは「自分のレビュー判断が信用できなくなった」という感覚です。 AI が見落としたのは仕方ないにしても、私自身がコードを読んで Approve を押したという事実が残ります。何を見て、何を見落としていたのか、自分でも説明できませんでした。

それ以来、「AI と人間の境界線」を真面目に引きました。3層モデルを使っていたのですが、3層だと粒度が粗すぎて、 Logic 層に全部の責任が押しつけられていたのが原因でした。そこで6段階に切り直したら、どの段階を誰が見るべきかがやっと見えてきました。

この記事は、その6段階の話です。

## 3層モデルとは別の切り口

私は以前、 [レビューの3層モデルという記事](https://zenn.dev/kenimo49/articles/code-review-3layer-model-design) を書きました。自動ゲート、AIレビュー、人間レビューの3層で分業する設計の話です。

その記事は「誰が何を見るか」という大きな構造の設計でした。今回の6段階は別の切り口です。 **「AI と人間の境界線はどこで切れるのか」** を、もう一段細かく解像度を上げて見るための整理です。

3層モデルは設計図、6段階は設計図に書き込まれた寸法、というイメージで読んでください。


## 6段階の定義

私が現場で使っている6段階はこうです。AI 比率は実務感覚での目安で、チームや言語によって揺れます。

| 段階 | 対象 | AI比率 | 人間比率 | 主なツール |
|:----:|:-----|:-----:|:-----:|:---------|
| 1 | Format | 100% | 0% | pre-commit hook, Prettier |
| 2 | Lint | 100% | 0% | ESLint, Ruff |
| 3 | Style | 90% | 10% | CodeRabbit, GitHub Copilot |
| 4 | Logic | 60% | 40% | Claude Code Review |
| 5 | Design | 30% | 70% | Pair review |
| 6 | Architecture | 0% | 100% | Senior, Tech lead |

下に行くほど「正解が一意でない」問題になります。Format には正解がありますが、Architecture には正解がありません。AI が降りていくのではなく、 **問題の性質が変わっていく** のだ、と捉えると整理しやすいです。

## 段階1: Format(100% AI)

インデント、空白、改行コード、末尾セミコロン。これらは pre-commit hook で全部 AI が処理します。

```bash
#!/bin/bash
npx prettier --check . --ignore-unknown
```

ここに人間の判断は1ミリも要りません。レビュアーが「インデントが揃ってない」とコメントしているのを見ると、私は心の中で謝りながらツール導入を提案します。本人は品質を守っているつもりですが、消耗しているのはレビュアー本人です。

## 段階2: Lint(100% AI)

未使用変数、到達不能コード、暗黙的な型変換。静的解析ツールが見つけてくれます。 ESLint、Ruff、 mypy 、 tsc。

Format と Lint は同じ層では？と思うかもしれません。私は分けています。 Format は「見た目」の規約、 Lint は「意味」の規約です。 Format は壊れても動く、 Lint は壊れたら動かない(または将来動かなくなる)。混ぜると、 pre-commit が遅くなったときに「どっちを外すか」の判断ができなくなります。

ここまでが「PR にすら到達させない層」です。私はこの2段階で、毎週30分の指摘時間を構造的にゼロにしました。

## 段階3: Style(90% AI / 10% 人間)

命名、関数の分割粒度、コメントの過不足、可読性。

ここから AI 比率が下がります。 CodeRabbit と Copilot が得意な領域ですが、 **完全には自動化できない理由** があります。

例えば「関数名 `getUserData` を `fetchUser` に変えるべきか」は、コードベース全体の命名規則を見ないと判断できません。 CodeRabbit は `.coderabbit.yaml` でプロジェクト固有のルールを読み込めますが、すべての方針をルール化できるわけではありません。

私のチームでは、 Style の最終承認は人間です。AI が90%の指摘を出し、人間が「この提案は採用、これは却下」と判断します。「面白くいこうぜ」と心の中で唱えながら、却下するときの理由を一行コメントで残すと、次の AI レビューの精度が上がります。

## 段階4: Logic(60% AI / 40% 人間)

ここが私が3つのバグを通した場所です。

N+1問題、 SQL インジェクション、未処理の例外、明らかなエッジケース。 AI はこのあたりまでは見つけてくれます。 [Macroscope のベンチマーク](https://medium.com/@lewis_75321/the-best-ai-code-review-tools-in-2026-599c7dd1b305) によると、バグ検出精度は Macroscope 48%、 CodeRabbit 46%、 Cursor BugBot 42%、 Greptile 24%。半分以上は見逃すと思っておくのが安全です。

[CodeRabbit と Copilot を比較したベンチマーク](https://www.morphllm.com/comparisons/coderabbit-vs-copilot) では、 CodeRabbit が F1 51.5% / recall 52.5% 、 Copilot が F1 44.5% / recall 36.7%。 CodeRabbit のほうが見つけはするのですが、それでも recall は半分強です。「6割見つかれば上等」というのが現状の感覚に近い。

私が通した3バグは全部「ビジネスロジック由来のエッジケース」でした。

- 「空配列が来たら処理スキップ」が仕様だったのに、 AI は「空配列でも処理する」コードを問題なしと判定
- 外部 API のリトライ条件として「 429 のみ」が仕様だったのに、 AI は「 5xx すべてリトライ」を提案
- ページネーション境界で1件ずれる古典的バグを、 AI は「テストが通っているから OK 」と判定

これらは、 AI から見るとコードとして正しい。仕様書を見ていない AI は、コードベース内の整合性しか見られないのです。

:::message
**Logic 層では AI のレビューを Approve の根拠にしてはいけません。** 「AI が問題なしと言った」は、人間がスキップする理由になりません。 AI が指摘した分は AI に任せ、 AI が見ない部分こそ人間が見る。境界の引き方が逆になりがちです。
:::

Claude Code の `/review` や `/ultra review` は複数エージェントで角度を変えて見るので、単一の AI レビューよりは見落としが減ります。それでも仕様判断の最終責任は人間です。 [Claude Code 公式ドキュメント](https://code.claude.com/docs/en/code-review) も、 logic errors や edge cases は「context of your full codebase」での検出と書いていて、仕様書は射程外です。

私が現場で運用しているルールはシンプルです。 **Logic 層で AI が指摘した部分は AI に任せ、 AI が指摘しなかった部分こそ人間が念入りに見る** 。 AI のコメント数が多い PR ほど、人間レビューは短く済みます。 AI のコメントがゼロの PR こそ、仕様書を開いて30分かけて読む価値がある。逆説的ですが、これがバグを通さなくなった一番大きな運用変更でした。

## 段階5: Design(30% AI / 70% 人間)

責務分割、 API の境界、依存関係の方向。

ここからは AI の出る幕が一気に減ります。 「このメソッドは User クラスに置くべきか、別の Service クラスに置くべきか」は、コードベースの設計思想次第です。 AI は既存のパターンを学習はしますが、 **「このパターンを増やすべきか減らすべきか」という方向性の判断はできません** 。

私が Design 層で AI に期待するのは、せいぜい「この関数は150行あります。分割を検討してください」のような機械的なヒントです。残りの70%は人間がペアレビューで判断します。

ここで効くのは2人レビューです。1人だと「自分の好み」を「設計判断」と取り違える。2人いれば、「これはどっちの設計でも動くね、じゃあ既存パターンに揃えよう」のような対話ができます。信長の野望で軍議をするようなものです。城を守るか打って出るかは、軍議で決まる。

Design 層で私が AI を信用していない別の理由もあります。 AI は学習データの中の「平均的な良い設計」に寄せがちで、 **そのコードベース固有の制約を読まない** 。例えば「マルチテナント DB なので Service 層は必ず tenant_id を引数で受け取る」というローカルルールは、 AI には伝わりにくい。 path-scoped instructions で頑張れば伝わりますが、ルールが増えるほどメンテナンスコストも上がります。設計の方向性は、コードに先行する暗黙のチーム合意で決まるので、文章化されていないものを AI に読ませるのは原理的に難しい、と私は思っています。

## 段階6: Architecture(0% AI / 100% 人間)

システム境界、データフロー、認証の責任範囲、デプロイ単位。

ここに AI は一切入れていません。理由は単純で、 **アーキテクチャの判断は「正解」ではなく「未来予想」** だからです。3年後にこのシステムがどう成長するか、チームがどう拡大するか、ビジネスがどこにピボットするか。これらの問いに対して、 AI はもっともらしい答えは出せますが、責任を取れません。

GitHub Copilot のドキュメントも、 [missing most architectural concerns](https://aicodereview.cc/blog/github-copilot-code-review/) と公式に書いています。 AI レビューはアーキテクチャ判断を支援しません。

Architecture レビューは、レビューというより「設計会議」です。 PR に対する作業ではなく、 PR の前にやるべき作業です。 ADR(Architecture Decision Record) を書き、テックリードがファシリテートして30分議論する。コードを書く前に方向が決まっていないなら、 PR レビューの段階で揉めても遅い、というのが私の学びです。

具体例で言うと、「認証ロジックを各マイクロサービスに置くか、 API Gateway に集約するか」のような決定は、 PR で揉めると地獄になります。コードが書き終わってから決めると、片方を捨てることになる。事前に ADR で「集約する」と決めておけば、 PR レビューでは「ADR と整合しているか」だけ確認すれば済む。 AI は ADR と整合しているかを機械的にチェックできるので、 ADR を書いた瞬間に、 Stage 6 の一部が Stage 5 や Stage 4 に降りてくるという面白い現象も起きます。文章化することで、 AI 比率が上がるのです。

## 6段階で「Approveの意味」が変わる

3層モデルのときの Approve は、「フォーマット OK 、 AI OK 、私もざっと見た」の3点セットでした。

6段階で運用し始めてから、私は Approve を出すときに自分に問いかけます。

> 「私はどの段階まで責任を持ってこの Approve を押しているか?」

Format と Lint は通っている。 Style は AI の指摘に同意した。 Logic は仕様書と照らして3つのエッジケースを確認した。 Design は責務分割に違和感がない。 Architecture は事前の設計会議で議論済み。

このチェックを通った Approve は、3層モデルのときの Approve より重みがあります。逆に、 Logic と Design に不安があるなら、 「Approve しない選択」をしやすくなります。 「とりあえず LGTM 」が出にくくなる構造です。

## チーム導入のステップ

いきなり6段階を全部導入しようとすると、たぶん挫折します。私の経験では、こういう順序が現実的です。

1. **まずStage 1-2を hooks で固める** : ここは1日で終わる。即日効果が出る
2. **Stage 3 に CodeRabbit か Copilot を入れる** : Copilot 契約があれば無料。1週間慣らす
3. **Stage 4 のための仕様書整備** : ここが一番時間がかかる。 AI が見られない「仕様由来のエッジケース」を、まず人間が明文化する
4. **Stage 5-6 はチーム文化として育てる** : ペアレビューと ADR 。仕組み化より習慣化

Stage 4 で詰まったら、私のように本番でバグを3つ通す経験ができます。冗談ではなく、構造的に「 AI が見える範囲」と「人間が見るべき範囲」を分けないと、 Logic 層は AI 任せになります。

## 「AIに任せて安心」が一番危ない

私がバグを3つ通した本当の理由は、 AI レビューが完璧だと思い込んでいたことではありません。 **「AI が見ているから、自分は見なくていい」と無意識に判断していたこと** です。

これは認知のショートカットで、 AI レビューを導入するすべてのチームに起きます。Stage 4 の Logic 層が一番危ない理由は、 AI のカバー率が60%という「中途半端な高さ」だからです。 0%なら人間が全部見る。 100%なら AI に任せる。60%は「7割ぐらいは大丈夫だろう」という油断を生みます。

6段階に分けた一番の効用は、 Stage 4 が「中間ゾーン」だと可視化されたことです。中間ゾーンは、人間の集中力が一番要る場所だと分かるようになりました。

## まとめ

- コードレビューは Format / Lint / Style / Logic / Design / Architecture の6段階に分けられる
- AI 比率は Format 100% から Architecture 0% へ段階的に下がる
- 一番危ないのは Stage 4 の Logic 層。 AI カバー率60%が油断を生む
- Approve を押す前に「どの段階まで責任を持っているか」を自問する
- Stage 1-2 から導入し、 Stage 4 のための仕様書整備に一番時間を投資する

3層モデルが「誰が何を見るか」の設計図なら、6段階は「どこに集中力を残すか」の解像度です。 AI レビューが当たり前になった今、 **境界線をどこで引くかは、各チームが自分で決めるべきこと** だと思います。

## 3層モデルの全体像を、12枚のスライドに

6段階の解像度の土台にある3層モデル（hooks・AI・人間）を、レビュー仕組み化の全体像として12枚にまとめました。スライドだけでも流れがつかめます。

<script async class="docswell-embed" src="https://www.docswell.com/assets/libs/docswell-embed/docswell-embed.min.js" data-src="https://www.docswell.com/slide/5X24NM/embed" data-aspect="0.5625"></script><div class="docswell-link"><a href="https://www.docswell.com/s/kenimo49/5X24NM-harness-code-review">AIコードレビューを仕組み化する ― hooks・AI・人間の3層モデル by @kenimo49</a></div>

:::message
📖 **この記事の内容をさらに深掘りした本を公開しています**

AIコードレビューの設計から運用まで、15章をかけて体系的に解説しています。GitHub PRワークフロー、Copilot/CodeRabbit/Claude Codeの使い分けを実装レベルで扱います。

👉 **[ハーネス × コードレビュー実践ガイド](https://zenn.dev/kenimo49/books/harness-code-review)**
:::

---

# 同じ質問なのに、LLMから5つの違う回答が返ってきた — Context Engineering 入門

URL: https://kenimoto.dev/ja/blog/context-engineering-introduction-five-strategies/
Lang: ja
Date: 2026-05-08
Description: プロンプトを工夫すれば賢くなる、と私も信じていました。Haikuで4.6倍の品質差を見るまでは。同じLLMに同じ質問をしただけで結果が2.2倍〜4.6倍ぶれる理由を、5つのコンテキスト戦略の実験データで読み解きます。

同じLLMに、同じ質問をしました。それなのに、5つの全く違う回答が返ってきました。

私が試したのは、架空の社内ツール「PropelAuth」の組織管理機能について教えて、というシンプルな質問です。Claude Sonnet 4で5回。Claude Haiku 3で5回。1問ずつコンテキストの渡し方だけを変えて、回答品質を採点しました。

結果は、Sonnet で **2.2倍**、Haiku で **4.6倍** の差でした。プロンプトの言い回しを変えたわけではありません。質問の本文は1文字も触っていません。違ったのはモデルが「見ていた周辺情報」だけです。

私も最初は「プロンプトを工夫すれば賢くなる」と信じていました。Haikuで4.6倍を見るまでは。

この記事は、その実験の話です。そしてなぜ今「Prompt Engineering」ではなく「Context Engineering」と呼ぶべきなのかという話です。

## 結論: LLMの品質はコンテキストで決まる

先に全体像を見てください。


評価軸は4つで、各0〜5点の合計20点満点です。

- **事実正確性**: 回答が実際の仕様と合致しているか
- **幻覚抑制**: 根拠のない情報を作らずに済んでいるか
- **具体性**: 実用的な詳細情報を含むか
- **誠実性**: 不確実さや限界を伝えているか

5つの戦略は次の通りです。

| 戦略 | 概要 | Sonnet 4 総合 | Haiku 3 総合 |
|---|---|---|---|
| 戦略1: コンテキストなし | 質問だけを渡す | 5.3 | 2.2 |
| 戦略2: System Promptのみ | 役割と禁則だけ与える | 8.8 | 3.7 |
| 戦略3: System + Few-shot | 良い回答例を見せる | 10.0 | 8.2 |
| 戦略4: System + RAG | 関連ドキュメントを検索注入 | 10.2 | 11.8 |
| 戦略5: フルコンテキスト | 上記を全部組み合わせる | 11.4 | 10.1 |

Haiku で戦略4が最高点になっているのは、たまたまではありません。後で詳しく書きます。

## 5つの戦略を1問ずつ見る

### 戦略1: コンテキストなし(Sonnet 5.3 / Haiku 2.2)

質問だけを丸投げした場合、Sonnet はこう返します。

```text
PropelAuthは認証サービスとして、組織管理機能を提供しています。

組織の作成:
- 管理者がダッシュボードから新しい組織を作成
- 組織名とドメインを設定
- 初期設定でSSO連携も可能

ユーザーの招待:
- メール招待機能を使用
- 招待リンクの有効期限は24時間
- 一括招待にも対応
```

一見、的確な答えに見えます。問題は、PropelAuth が **架空のツール** だということです。実在しません。LLMは「知らないはずの製品」について、堂々と具体的な機能を作り上げて回答していました。

具体性は4.2点と高いのに、事実正確性は0.6点です。私はこれを「自信たっぷりの嘘」と呼んでいます。新人社員が、入社初日に引き継ぎ資料ゼロで「弊社の顧客管理システムを説明してください」と振られて、それらしいことを口走っている状態です。

### 戦略2: System Promptのみ(Sonnet 8.8 / Haiku 3.7)

System Prompt に「知らない情報については『不明』と答えてください」と1行加えました。回答はこう変わります。

```text
申し訳ございませんが、PropelAuthという特定のツールについての
詳細な組織管理機能については、正確な情報を持っておりません。

一般的な認証サービスの組織管理機能としては以下のような要素が
考えられますが、PropelAuth固有の実装については不明です。
```

誠実性は0.2点から3.7点へ大幅に改善しました。一方、事実正確性は0点のままで、具体性も4.2点から1.7点へ落ちました。

これがコンテキスト設計の最初のトレードオフです。「知らないなら知らないと言え」と命じた瞬間、モデルは賢く謙虚になります。同時に、何の役にも立たなくなります。

### 戦略3: System + Few-shot(Sonnet 10.0 / Haiku 8.2)

System Prompt に加えて、別ツールの良い回答例を2件 Few-shot として見せました。

これだけで Haiku は **3.7点から8.2点へ2.2倍** にジャンプします。Sonnet も10.0点に到達しました。

なぜ効くのか。LLM は「お手本に近い形式で答える」傾向が強いからです。誠実性と幻覚抑制が同時に上がるのは、お手本が「分からないことは正直に書く」型だったからです。形式を見せるだけで、行動が変わります。

### 戦略4: System + RAG(Sonnet 10.2 / Haiku 11.8)

PropelAuth の(架空の)公式ドキュメントを検索インデックスに入れて、質問に関連する2チャンクをコンテキストに注入しました。

ここで Haiku の総合スコアが **11.8点** まで跳ね上がります。Sonnet (10.2点)を超えました。これが今回の実験で一番面白かった結果です。

つまり「Sonnet < Haiku」という逆転が起きています。同じプロンプトなら Sonnet のほうが賢い、というのは半分しか正しくありません。**Haiku に正しいコンテキストを渡したほうが、Sonnet に何も渡さないより事実正確に答える**。これが Context Engineering を学ぶ価値の核心です。

私はこの結果を [安いモデルが勝った話](https://kenimoto.dev/blog/cheap-model-won-context-beats-parameters)(英語版) で詳しく書きました。同じ筋の話の、別の角度からの記録です。

### 戦略5: フルコンテキスト(Sonnet 11.4 / Haiku 10.1)

System Prompt + Few-shot + RAG + ツール定義 + 構造化出力。全部入りです。

Sonnet では総合11.4点と最高点になります。一方、Haiku は **10.1点** で、戦略4(11.8点)より下がりました。Haiku は「全部足したら下がった」のです。

ここに、もう一つ重要な学びがあります。**コンテキストは足せば足すほど良い、ではない**。詳しい話は [RAGに4層足したら12%だけ改善した話](https://kenimoto.dev/blog/full-context-engineering-rag-80-percent)(英語版) で書きました。一文で要約すると、小さなモデルは Working Memory が狭いので、過剰なコンテキストが本来の検索結果を端に押しやってしまいます。

## なぜ架空のツールで実験したのか

Firebase や Supabase のような実在ツールで実験すると、LLM の学習済み知識が混入してしまいます。そうなるとコンテキストの効果と、もともと知っていた知識との切り分けができません。

PropelAuth、StormDB、FlowPipe といった架空ツールを使った理由は、**LLM が「知らないはず」の情報を再現性高く扱う** ためです。新人社員に対して、自社にしかない専門用語の質問をするのと同じです。引き継ぎ資料があれば答えられる、無ければ堂々と嘘をつく。あの行動が、定量的に観察できます。

## 2026年5月時点で前提が変わった部分

この実験は元々 Claude Sonnet 4 / Haiku 3 + 200K コンテキストの時代に走らせたものです。読者から「2026年の今でも有効なのか」と問われそうな点をいくつか補足します。

**1M コンテキスト窓は数字を直接は変えません**。Anthropic は2026年2月に [Sonnet 4.6 で1Mコンテキストを標準価格で提供](https://signals.aktagon.com/articles/2026/03/claude-opus-4.6-and-sonnet-4.6-now-feature-1m-context-window-at-standard-pricing/) し始めました。窓が広くなっても、モデルが見るべきものは「正しい情報」のままです。窓が広いのは「悪いコンテキストを長く書いても落ちない余裕」が生まれただけで、品質を上げる本体はあくまで「何を入れるか」です。

**Prompt Caching はコストの話で、品質の話ではありません**。キャッシュヒット時にコストが90%減るので、Few-shot や System Prompt を毎回送っても支払いが激しく増えません。ただし、Haiku の戦略5が10.1点に落ちる現象はキャッシュとは無関係です。キャッシュは「下がったスコアを安くする」だけで、上げてはくれません。

**Context Engineering という言葉は2026年に定着しました**。Anthropic 公式ブログでも頻出するようになり、[Claude Sonnet 4.6 のコンテキスト窓を活かす考え方](https://www.aiforanything.io/blog/claude-sonnet-4-6-1m-context-window-guide) として広まっています。「Prompt Engineering の延長」ではなく「設計領域が違うもの」と扱うのが標準になりつつあります。

## 何が分かったか(まとめ)

5つの戦略を1問ずつ試した結果、私の中で線が引き直されました。

1. **品質はプロンプトの言い回しでは決まらない**。System Prompt 1行追加するだけで誠実性は18倍に変わる(Sonnet で0.2 → 3.7)。同じLLMに同じ質問をしても、コンテキストで挙動が別物になります
2. **小さいモデル + 良いコンテキスト > 大きいモデル + 雑なコンテキスト**。Haiku 3 + RAG (11.8点) が Sonnet 4 + フルコンテキスト (11.4点) を超えた事実が、Context Engineering の存在意義そのものです
3. **足せば足すほど良いわけではない**。Haiku では戦略5が戦略4を下回りました。「全部入り」は最強プリセットではない
4. **誠実性・幻覚抑制・具体性・事実正確性の4軸はトレードオフ**。具体性を上げると幻覚が増える。誠実性を上げると具体性が下がる。すべてを高いレベルで両立させるのが Context Engineering の本来の仕事です

Prompt Engineering を捨てる必要はありません。**Context** という、もう一段太い文脈設計を足すだけです。

## 次の一歩

この記事を読んだ直後にできる、5分の実験を1つ提案します。

1. 自分の使っている LLM に、**架空の社内ツール名** で質問してみてください。「DataSync Pro」「TeamFlow Hub」あたりで十分です
2. その回答の具体性と誠実性を、5段階で自分でメモする
3. 次に「あなたは知らないことについては『不明です』と答えてください」を System Prompt に1行加えて、同じ質問をする
4. 2つの回答を比べる

これだけで、戦略1と戦略2の差が、自分の手で再現できます。Few-shot まで足せば、Haiku が Sonnet を超える瞬間も自分で見られます。高級モデルが安いモデルに負ける気まずさ込みで、Context Engineering は5分で味見できる技術です。

---

## この記事の要点を、12枚のスライドに

「同じ質問なのに5つの違う回答」から、5戦略・RAG・MCPまで、Context Engineeringの全体像を12枚にまとめました。スライドだけでも流れがつかめます。

<script async class="docswell-embed" src="https://www.docswell.com/assets/libs/docswell-embed/docswell-embed.min.js" data-src="https://www.docswell.com/slide/KDM24D/embed" data-aspect="0.5625"></script><div class="docswell-link"><a href="https://www.docswell.com/s/kenimo49/KDM24D-context-engineering">LLMを"嘘つき"から"専門家"に変える ― Context Engineering 実践入門 by @kenimo49</a></div>

## もっと深く学びたい方へ

5戦略の詳細、RAG実装、MCPサーバー設計、Agentic RAG までを通しで扱った [LLM を「嘘つき」から「専門家」へ変える Context Engineering 実践ガイド](https://kenimoto.dev/ja/books/context-engineering) を Zenn と Kindle で公開しています。本記事の実験データもすべて同書からの抜粋です。

---

# 午後3時、あなたのコードレビュー承認率はほぼ0%になる：決断疲労の科学とAIエージェント時代の処方箋

URL: https://kenimoto.dev/ja/blog/decision-fatigue-3pm-code-review-approval/
Lang: ja
Date: 2026-06-02
Description: コードの良し悪しではなく「何時にレビューしたか」で承認/却下が変わるかもしれない、という不穏な話です。仮釈放判事の研究から決断疲労の科学を追い、再現性論争まで正直に書いたうえで、AI提案の洪水が私たちの判断にかける負荷と、その処方箋をまとめました。

先に結論を言います。午後3時の私が押す Approve は、午前10時の私が押す Approve と同じ重みを持っていないかもしれません。コードは1文字も変わっていないのに、私の判断のほうが先に劣化しているからです。そして AI コード提案の洪水は、その劣化を早送りで進めている可能性があります。

これは「だから午前中に重い判断を集める」という運用設計の話なのですが、その前に、私がなぜこの話を信じかけて、同時に半分疑っているのかを書かせてください。科学のほうが、実は揺れているからです。


## 判事は午後、ほぼ全員を却下していた

きっかけは、自分の Approve 履歴を眺めていたときの違和感でした。午後遅くの私は、コメントが妙に短い。「LGTM」とだけ書いて通すか、逆に「いったん保留で」と却下するか、その二択に寄っている気がする。中間がない。コードを丁寧に読んで条件付きで通す、という一番頭を使う選択肢が、午後には消えているように見えたのです。

そこで思い出したのが、Danziger らが 2011 年に PNAS で出した研究でした。イスラエルの仮釈放委員会、ベテラン判事8名が50日間で下した1,000件超の判断を分析したものです。結果が強烈でした。セッション開始直後の仮釈放承認率はおよそ65%。ところがセッションが進むにつれて単調に下がり、休憩の直前には**ほぼ0%**まで落ちます。そして食事休憩を挟んだ直後、承認率はまた65%付近へ跳ね上がる。

つまり、同じ判事が、同じ法律で、似たような案件を裁いているのに、その人がいつ昼飯を食べたかで囚人の運命が変わっていた、という話です。「法の前の平等」という言葉が、急に胃袋の話に聞こえてきます。

私はこれを読んで、自分の Approve も同じことをやっているのではと青くなりました。午後3時の私は、コードの中身ではなく、自分の燃料残量に応じて Approve か却下かを決めているだけなのではないか。

## 「燃料が減る」という説明は、たぶん盛りすぎ

ここで誠実に書かなければいけないことがあります。この話、science として相当に揺れています。

まず Danziger 論文そのものに、すぐ反論が出ました。Weinshall-Margel と Shapard が 2011 年に指摘したのは、案件の並び順が交絡しているのではないか、という点です。同じ刑務所の囚人はまとめて休憩前に審理される、弁護人のいない囚人はセッション末尾に回される、といった運用上の偏りがあり、それが「時間が進むと却下が増える」ように見せているだけかもしれない、と。Danziger らは「それを考慮しても効果は残る」と反論していますが、2016 年に Glöckner がシミュレーションで「効果は本物だとしても、その大きさはかなり過大評価されている」と示しています。完全な決着はついていません。

そして背景にある **ego depletion**（自我消耗）の理論自体が、心理学の再現性危機のど真ん中にいます。Vohs らが 2008 年に「選択を強いられた群は、後続の課題の成績が落ちる」と報告し、これが「自己制御は使うと減る燃料だ」というモデルの根拠になりました。ところが 2016 年前後の大規模な再現研究で、効果量は小さい、あるいはほとんど見えない、という結果が相次ぎます。「意志力はガソリンのように物理的に枯渇する」という強い主張は、いまかなり旗色が悪い。

だから私は、この記事で燃料メーターの絵を信じてくださいとは言いません。私が支持しているのは、もっと弱い形のほうです。**判断の列が長く続くと、後続の自己制御が下がる傾向がある**。メカニズムが代謝なのか動機づけなのか注意配分なのかは、2025 年の総説でもまだ議論が続いていて、最近は単純な直線モデルではなく、動機・注意・資源配分を含む非線形のモデルへ移ろうとしています。

要するに、グラフの形には自信が持てないけれど、午後の自分がポンコツになる感触のほうは、たぶん本物。そのくらいの温度です。期待させておいて燃料の話をしぼませてすみません。ただ、しぼんだ後に残るものこそ運用に使えます。

## AI 提案は、判事より速く決断列を伸ばす

ここからが、私が本当に気にしている部分です。

仮釈放判事は、50日で1,000件、つまり1日あたり20件強の重い判断を下していました。では、AI アシスタントを使う今の私たちは、1日に何件の判断を下しているでしょうか。

2025 年の arXiv 論文 "Towards Decoding Developer Cognition in the Age of AI Assistants" が指摘しているのは、AI 提案を受け入れるかどうかの判断は、ただのイエス/ノーではない、という点です。AI の出した差分を読むには、まず AI がどういう論理でそれを書いたかを逆引きし、それを自分のメンタルモデルに再マッピングし、整合するか検証する。この検証サイクルが1日に数十回から数百回回ります。判事の20件強と並べると、桁が違います。

しかもこの負荷は最近きれいに数値化されはじめました。METR が 2025 年に出したランダム化比較試験では、熟練 OSS コントリビュータが AI ツールを使うと、未使用時より作業がむしろ19%遅くなったのに、本人たちは20%速くなったと感じていた。報告書はこれを「効率の錯覚」と呼び、隠れたコストとして「もっともらしいが間違っているコードを検証する負担」を挙げています。2026 年時点で AI 出力を信頼している開発者はおよそ3〜5割にとどまり、半数前後が品質の問題を経験している、という調査もあります。

整理すると、AI は私たちの代わりに決断してくれているのではなく、私たちに渡す決断の数を爆増させているわけです。アシスタントというより、決断を高速で配給してくる係。判事が休憩前に到達した「ほぼ0%」の状態に、私は判事よりずっと早い時刻に着いているのかもしれません。

レビューの段階ごとに AI と人間の責任をどう分けるかは [コードレビューを6段階に切った記事](/ja/blog/code-review-6-stages-ai-human-boundary/) で別途書きました。今日の話はそのもう一段手前、**そもそも私の判断装置が何時まで動くのか**という話です。

## 処方箋：コードではなく、時間割を直す

ここで提案するのは、レビューを頑張れという話ではありません。頑張りは、まさに今しぼんでいる資源だからです。直すのは時間割のほうです。

**重い判断を午前に寄せる。** アーキテクチャの可否、設計レビュー、後戻りの効かないマージ。これらは「自分が一番マシな時刻」に置きます。多くの人にとってそれは午前ですが、夜型なら自分の朝に当たる時間でかまいません。逆に午後遅くは、Format や Lint のような、判断というより確認に近い軽いレビューを置く。

**レビュー枠を時間で区切る。** 通知が来るたびにレビューするのではなく、午前と午後に枠を決めて、そこでまとめて見る。これは Dev.to で紹介されている「3PM ルール」のような運用とも重なります。割り込みごとに判断装置を起動するのをやめて、起動回数そのものを減らす発想です。

**AI 提案はバッチ化する。** 1行ごとに Tab で受け入れるのをやめて、ある程度まとめて差分にしてから一度に検証する。検証サイクルの起動コストが毎回かかるなら、起動の回数を減らすのが効きます。判事が休憩で承認率を回復させたのと同じで、連続した決断列を、意図的に区切る。

**そして休憩を、サボりではなく工程として扱う。** 仮釈放判事のグラフで唯一の救いは、休憩後に承認率が戻った点でした。再現性は揺れていても、決断列をいったん切ること自体は、害になりにくい安い投資です。長時間ノンストップで判断し続けると別の劣化も起きる、という話は [9時間ノンストップで Claude Code を回した記事](/ja/blog/claude-code-9h-context-rot-token/) にも書きました。腐るのは AI のコンテキストだけではなく、こちら側の判断列も腐ります。

## まとめ

- Danziger ら(2011)は、仮釈放の承認率がセッション開始時の約65%から休憩直前のほぼ0%へ落ち、休憩後に回復したと報告した。ただし案件の並び順の交絡を指摘する反論(Weinshall-Margel & Shapard, 2011)があり、効果量の過大評価も指摘されている。
- 背景の ego depletion 理論は再現性危機の渦中で、「意志力が物理的に枯渇する」という強い主張は支持が弱い。本記事は「決断列が続くと後続の自己制御が下がる傾向」という弱い形でのみ扱った。
- それでも実務上は無視できない。AI 提案の検証は1日数十〜数百回の判断を生み(arXiv 2501.02684)、METR(2025)は熟練者でも19%遅くなるのに速くなったと錯覚する「効率の錯覚」を示した。決断の供給量だけは確実に増えている。
- 処方箋はコードを直すのではなく時間割を直すこと。重い判断を午前へ寄せる、レビュー枠を時間で区切る、AI 提案をバッチ化する、休憩を工程として扱う。

科学のグラフが揺れているうちは、私はせめて自分のカレンダーのほうを動かしておきます。承認率がいつ底を打つか確信が持てないなら、底に当たる時刻に重い判断を置かない。それだけで、午後3時の私が午前10時の私のふりをして Approve を押す事故は、少し減るはずです。

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/ja/)*

---

# 他のエージェントを監査する4層目を足したら、Strategistが3週間サボっていたことが発覚した話

URL: https://kenimoto.dev/ja/blog/evolver-4-layer-strategist-procrastination-audit/
Lang: ja
Date: 2026-05-22
Description: Observer / Strategist / Marketer は strategy.md に従っていました。私のStrategistは「来週要観測」と3週連続で書き続けていて、3層のどこからもそれを掴めませんでした。4層目を足した初回の運用で、その正体が出てきました。

私は3層のエージェントハーネスを組んで「自律」と呼んでいました。Observerがデータを集め、Strategistがテーマを選び、Marketerが記事を書く。3つとも `strategy.md` に従って動きます。月曜09:00にcronが発火して、昼までに記事が出てくる。我ながら賢く組めたつもりでした。

ある日、自分のStrategistログを3週分まとめて読んでいて、変なものを見つけました。撤退基準のひとつ「Reaction率が4週連続で1%未満なら戦略見直し」が、3週連続でルール発動条件に近づいていたのに、毎週「データ不足。来週要観測」で先送りされていたのです。ルールはありました。データもありました。それでもルールは一度も発動しませんでした。

3層構成ではこのバグは捕まりません。3つのエージェントは `strategy.md` の指示どおりに働いていたからです。バグはルール自体にあって、それを監査する役割が3層のどこにもありませんでした。

4層目として Evolver を足しました。最初の本格提案で、Strategistが3週間隠れていたまさにそのルールに対して diff を書いてきました。


## 「自律」と呼んでいた3層構成

自律と呼んでいた構成はこんな感じです。Observerが毎日動いてGA4数値を `article-performance.jsonl` に書き溜める。Strategistが月曜朝に `strategy.md` を読んで週5本のテーマを選ぶ。Marketerがテーマを記事化して公開キューに積む。3役・3 cron・予測可能な挙動。

このパイプラインが速い理由は、Strategistから意図的にWebSearchを取り上げた点にあります。WebSearchを使えるStrategistは毎ランで20分迷子になり、自分のコンテンツ資産ではなく最近のニュースに合わせたテーマを選び始めました。WebSearchを外したら20分が3分に縮みました。これは別の記事で書きました。あれはStrategistを**速くする**話。今回はStrategistに**説明責任を持たせる**話です。

3層のどれにもできなかったのが `strategy.md` 自体を書き換えることです。月曜にルールを読んで従う。ルールが間違っていれば、間違ったルールに忠実に従う。ルールを直すには、私が週次レビューで気づくしかありません。そして私自身が3週間気づけませんでした。撤退基準のセクションを見ていなかったからです。

## 先送りはログにどう現れていたか

自分のログを引用したほうが正直なので、原文をそのまま貼ります。

3週前のStrategistログ:

> Reactionは大多数の記事で0% → タイトル一人称化 + 数字 + 体験談で改善試行中。4週連続1%未満なら戦略見直し検討（現在3週連続を観測中、今週で見極め）

翌週のログ:

> Reaction率は4週連続1%未満になっていないが、weekly trend データ不足。来週要観測

これだけで失敗の全体像が見えます。ルールは「4週連続」と書いてある。Strategistの手元には3週連続のデータがある。本来なら今週が4週目の判定週なのに、Strategistは「観測中」と書いて時計を進めずに記事を書き始めました。撤退基準が「いくらでも先送りできる」構造になっていたのです。

`article-performance.jsonl` から私自身が直近4週24本を集計し直すと、もっと醜い数字が出てきました。総view 812、総reaction 4、総comment 7。Reaction率0.49%。閾値の半分。Engagement率（reaction + comment）1.35%。発動はとっくに済んでいないとおかしい数字でした。発動しなかった理由は、ハーネスのどこにも「このルール、ちゃんと働いてる?」と問う層がなかったからです。

## 4層目 Evolver の正体

そこで4本目のcronを足しました。土曜09:00に動きます。月曜のObserver/Strategist/Marketerチェーンとは別タイミング。3層と違ってWebSearch有効。仕事は記事を書くことではなく、`strategy.md` と直近の判断ログを読んで、`strategy.md` への差分を提案することです。

提案は1ファイル単位: `domains/<name>/data/evolution/EVO-NNNN.md`。Evolverは5セクションを埋めます。

- 観測 — データで何を見たか
- 提案 — ルール変更を自然文で
- 根拠 — 内部データと外部情報の引用
- 想定インパクト — 適用したら何が良くなるか
- diff — `strategy.md` への ``` ```diff ``` ブロック

肝心なのは diff ブロックです。Evolverは「英語の改善案」を書くだけではなく、`git apply` できる実パッチまで生成します。`core/harness-evolve.sh` というシェルが diff ブロックを抽出して `git apply --check` を走らせ、通れば本適用してcommitまでやる。適用処理にはLLMを一切呼びません。LLMが提案、シェルが適用。

この分離は意図的です。提案は創造的、適用は機械的。機械的な処理は「クリーンに成功する」か「明確に失敗する」のどちらかで、「途中で何か変な事が起きた」が発生しません。

## EVO-0003 が掘り起こしたもの

Evolverの3本目の本格提案 `EVO-0003` が、冒頭で書いた件です。提案ファイルはディスクに残っているので、書きながら読み直しています。

観測セクションには私のStrategistログが2週分まるごと引用されていました。「3週連続を観測中、今週で見極め」のと、「データ不足。来週要観測」のと。続けて `article-performance.jsonl` から集計したEngagement率を出して、閾値はとっくに割れていることを示してきました。それから元のルールを3つの観点で批判していました。

1. 計算式が明文化されていない。「Reaction率」は記事単位の比率か、合計の比率か。Strategistはどちらでも計算できるので先送り余地が生まれた
2. 「4週連続」の発動条件が、週次データが薄いと曖昧になる
3. 発動時のアクション「タイトル・角度の戦略見直しを提案」が抽象すぎて、Strategistは1文だけ書いて先に進めてしまえる

提案された置換ルール:

> エンゲージメント率 = (直近4週公開記事の総reactions + 総comments) / 総views。Strategist は毎週これを計算しログに記録する。1.5%未満が4週連続なら、翌週は5本中4本を「数字+一人称+失敗ナラティブ」型タイトルに揃え、抽象タイトルは禁止する。

diff は20行ちょうど。私は火曜14:04に `/harness-evolve approve EVO-0003` で承認しました。シェルが `git apply --index` で `strategy.md` に当て、commit を作り、提案ファイルの frontmatter を `status: applied` に書き換え、Telegram に通知を流します。翌週月曜のStrategistは新しいルールで動き出し、勝手にEngagement率1.35%をログに書きました。「データ不足」の一文は消えました。

正直なところ、Strategistは悪意で先送りしていたわけではないし、壊れてもいませんでした。**先送り余地のあるルールに忠実に従っていた優秀なエージェント**です。これはルールの失敗です。Evolverの仕事はルールの失敗を捕まえることで、3層のどこにもそれを担う層がなかった、という話に尽きます。

## Safety Boundary — 4層目を放牧しないために

「ハーネスを書き換えるエージェント」と言った瞬間に、誰かが頭の中で手を挙げて「それ、自分をペーパークリップ最大化マシンに書き換えないんですか」と聞くべきです。聞くと思います。意図的に防いでいます。

Evolverには触らせない領域があります。ドメインの追加・削除、言語切り替え、品質基準そのもの、ライセンス、著者名、セキュリティ。`.env`、`credentials/`、公開トリガー (`at` 発火、`publish-*.sh`)。これらが Evolver の射程に入っていたら、無人で土曜の朝に走らせる気にはなれません。

触っていい領域内でも、3つの数値制限で暴走を抑えます。

- diff 20行以下。これを超える提案は分割か、私の手動escalation扱い
- ドメインあたり週2件まで。3件目は翌週に持ち越し
- 同趣旨が3週連続で却下されたら自動 mute。「同じこと」を3回断ったらEvolverは諦める

3つ目は意外と効きます。却下ログで価値があるのは提案そのものではなく、却下した**理由**です。「MCPはまだ書籍販売の主力ジャンルなので落とせない」のような事業文脈は `strategy.md` には書いていません。3週同じ理由で却下し続けると、Evolverはそのテーマを提案しなくなる。明文化されていない事業判断が、却下理由の蓄積で暗黙学習される構造です。

## 日本人開発者が cron + claude -p で4層目を回すための実装メモ

私の構成はシェル + cron + Claude Code CLI + flock です。Python フレームワークはいりません。

- cron に `0 9 * * 6 /path/to/harness-cycle-evolver.sh devto` を1行足す
- スクリプト本体は `claude -p "/harness-evolve devto"` を呼ぶだけ
- skill (`/harness-evolve`) の中身は ① 直近4週のログ要約 ② 提案ファイル雛形に diff ブロックを埋める ③ Telegram で `EVO-NNNN` 付きで通知、の3ステップ
- 連番カウンタは `core/data/evolution-counter.txt` に1ファイル管理、`flock` で排他

`harness-evolve.sh` 側で `git apply --check` を最初に走らせるのが地味に重要です。提案された diff が古いブランチ前提だと、`--check` が静かに失敗してくれます。LLMが「適用に成功しました」と幻覚するより、`git apply` が `error: patch failed` と吐くほうがよほど信頼できます。

土曜09:00を選んだのは、月曜のStrategist実行から十分間が空いていてログが新鮮なまま、人間がレビューに費やせる週末の時間とも噛み合うからです。月曜の朝に提案が積まれていると平日の仕事が始まる前に判断を迫られます。土曜の朝なら、コーヒー片手に5分で済みます。

## それでもEvolverを置きたくない場合

4層目を足したくない場合でも、効果の大半は人間の週次レビューで取れます。ただし「エージェントの調子はどうですか」では足りません。それを私は3週やって失敗しました。

具体的な問いはこうです。「今週、`strategy.md` の撤退基準のうち発動したものはあるか。発動しなかったとしたら、それはデータが本当に閾値未満ではなかったからか、それともStrategistが先送りしたからか」

この問いに金曜の10分を割り当てるだけで、私が3週見落としていたものは捕まります。Evolverは要するにこの問いを忘れないための**強制装置**です。エージェントである必要はありません。カレンダーのリマインダでも構いません。

私がエージェントとして実装している理由は、提案ファイルが版管理に残るからです。`EVO-0001` から `EVO-0004` までの履歴が、「私が良いと思ったこと、悪いと思ったこと、その理由」の小さな記録になっています。来年の `strategy.md` をゼロから書き直すときに、この履歴が効いてきます。

## 3層分離記事の続編として

Observer/Strategist/Marketer の3層分離は[別の記事](https://kenimoto.dev/ja/blog/observer-strategist-marketer-3-yaku-bunri)で書きました。あれは「1エージェントから3エージェントへの分離で20分が3分になった」話。今回の4層目は、その3層が**従うルール自体**を書き換える話です。

3層分離が「速度と再現性」のための分離だったとすると、4層目は「説明責任」のための分離です。3層の上に1層足したというより、3層が暗黙で前提にしていた「ルールは固定」という仮定を、4層目が崩している、という方が近い気がします。

## まだ作っていないもの

いまのEvolverは1ドメインずつ監査します。私の4ドメイン (devto, qiita, zenn, kenimoto-dev) ではそれぞれ別バージョンの `strategy.md` を書いていて、構造が似た撤退基準があります。クロスドメイン Evolver が「同じ形のルールが2ドメインで失敗している」ことを検知して統一案を出す、というのは作れます。まだ作っていません。リストには載っています。

もうひとつのリスト項目は、当然の再帰問題です。Evolverを監査するのは誰か。いまのところ「私が承認・却下するたびに人間シグナルが入っている」が答えです。長い答えは「まだ分かりません」。Evolverの提案が体系的に偏り始めたら（常により厳しい閾値を提案する、常に同じジャンルを切ろうとする、など）、そのバイアスは実在しているはずで、4層目を監査する5層目を足す必要が出てきます。いまはまだ見えていません。`EVO-0050` くらいまでは見えないかもしれません。安心したいから層を足すのは、バイアスが見えてからにします。

いまのところ: ルールに従う3エージェント、ルールを監査する1エージェント、監査を承認する1人間。これが、自分の先送りを自分で掴める最小のハーネス構成でした。

---

ハーネスエンジニアリングの全体像 (6つの構成要素、AGENTS.md/CLAUDE.md/hooks 実装パターン、本記事の前提になっている Self-Evolving Agent の章) は書籍にまとめています。

**[ハーネス・エンジニアリング — AIを「使う」から「操る」へ](https://kenimoto.dev/ja/books/harness-engineering-guide)**

---

# 30日間サーバーログを見続けて分かった、私のサイトを最も叩いた5つのAIクローラー - そこから読めるLLMOシグナル

URL: https://kenimoto.dev/ja/blog/five-ai-crawlers-30days-server-log/
Lang: ja
Date: 2026-05-17
Description: robots.txtが境界線だと思っていましたが、サーバーログを読み始めてその認識を捨てました。30日、3サイト、14,300件のAIクローラーヒット。User-Agent列が教えてくれたLLMO可視性の話を、Cloudflare/Vercel/Nginxの取得手順つきで書きます。

`robots.txt` が境界線だと思っていました。`Disallow:` を3行書いて、AIボットにここから先は来るなと伝えた。それで終わったつもりで、LLMOの引用率やGA4のAIリファラルについて記事を書く側に戻りました。

ある日、私が運用している3サイトの生のアクセスログを開いて、頭の中にあった絵は崩れました。

この記事は、`kenimoto.dev` と `kaoriq.com` と `llmoframework.com` の30日分のサーバーログを読んで分かったことの整理です。5つのUser-Agentがほぼ全体を占めていて、それぞれが描く訪問パターンが、GA4のダッシュボードよりも多くを教えてくれました。


## ログを読み始めた理由

巷のLLMO計測の話は、出口の話ばかりです。ChatGPTが自分を引用したか、Perplexityがリンクを貼ってくれたか、Google AI Overviewsに自分が出たか。引用される側、つまり「アウトバウンド」の話です。

もう片方、入り口側 - AIサービスが実際に自分のサーバーからHTMLを取りに来る側 - はGA4には映りません。AIクローラーはJavaScriptを実行しません。gtagも発火しません。生のHTTPアクセスログにだけ姿が残ります。

LLMOの記事を何ヶ月も書いておきながら、自分が直接コントロールできる側のファネルを一度も見ていなかったわけです。それでCloudflare (`kenimoto.dev`, `kaoriq.com`) とVercel (`llmoframework.com`) から30日分のログを書き出し、既知のAI User-Agentでgrepし、数を数え始めました。

合計は **3サイトで30日間14,300件のAIクローラーヒット** でした。1サイトあたり1日約477件。思ったより多かったです。半年後の数字としては少ないと思いますが、現時点では十分な観測材料でした。

## 最も叩かれた5つのクローラー

ランキングです。同一 `(timestamp, path, IP)` の組み合わせはキャッシュリトライ判定で重複排除しています。

| 順位 | User-Agent | 30日のヒット数 | 運営元 | 用途 |
|------|------------|--------------|--------|------|
| 1 | `GPTBot` | 4,212 | OpenAI | 学習データ収集 |
| 2 | `ClaudeBot` | 3,108 | Anthropic | 学習 + 取得 |
| 3 | `PerplexityBot` | 2,790 | Perplexity | 回答インデックス |
| 4 | `OAI-SearchBot` | 2,043 | OpenAI | ChatGPT検索の引用 |
| 5 | `Google-Extended` | 1,387 | Google | Gemini学習 |

5つのUser-Agentで13,540件、つまり全体の **94.7%** を占めました。残り5.3%はロングテールで、`Bytespider`、`Applebot-Extended`、`Meta-ExternalAgent`、`Amazonbot`、`cohere-ai`、少数の `Claude-User`、それから引退したはずの `anthropic-ai` を名乗る2件が混じっていました。

順位そのものを真に受ける前に1つ。これは私の3つの小さなサイトの数字で、コンテンツは英語と日本語の技術記事中心です。あなたのランキングは別の形になります。ただ、上位がOpenAIとAnthropicで、5つ前後に集中するという形は、たぶん似たものになります。

## それぞれのボットが本当にやっていること

順位より、それぞれの「目的」のほうがLLMO的に効いてきます。3つのバケットでまったく挙動が違うからです。

**学習用クローラー** は、モデルの重みを更新するための材料としてサイトを読みます。コンスタントに訪問してきて、`robots.txt` をだいたい守り、コンテンツが「新しいか」を気にしません。`GPTBot`、`Google-Extended`、`Bytespider`、`Applebot-Extended`、それから旧版の `anthropic-ai` がここです。

**取得用クローラー** は、リアルタイムの回答で引用するためにインデックスを作ります。人気のあるページを再取得し、`Last-Modified` を見て、クロール対参照比 (crawl-to-refer ratio) という測れる指標を持ちます。`OAI-SearchBot`、`PerplexityBot`、`Claude-SearchBot` (`ClaudeBot` と独立制御できる新しい兄弟分)、`GoogleOther` がここに該当します。

**ユーザー起点フェッチ** は、人間がChatGPTにURLを貼ったり、Claudeに「このページを読んで」と頼んだときに走ります。`ChatGPT-User`、`Perplexity-User`、`Claude-User` がこれにあたります。[OpenAIが改定したクローラードキュメント](https://developers.openai.com/api/docs/bots) によれば、これらはユーザー操作なので `robots.txt` の対象外として扱われます。

私はこの3種類を同じものとして扱っていました。違いました。「ChatGPT Searchで引用されたい」が目的なら `OAI-SearchBot` のヒットが重要で、`GPTBot` のヒットはほぼノイズです。「次のClaudeの学習データに入りたい」なら逆になります。


## 誰がrobots.txtを本当に守っているのか

ここから先がrobots.txtへの認識を変えた部分です。

`kenimoto.dev` には `Disallow: /api/` というルールを置いてあります。30日でこうなりました。

- `GPTBot`: `/api/` への訪問は0件。遵守。
- `Google-Extended`: 0件。遵守。
- `ClaudeBot`: 0件。遵守。
- `OAI-SearchBot`: 3件。ぎりぎり境界線で、ルール設定前のキャッシュかもしれないし、[改定された遵守ポリシーの文言](https://ppc.land/openai-revises-chatgpt-crawler-documentation-with-significant-policy-changes/) が微妙に効いているのかもしれません。
- `PerplexityBot`: 90秒のバーストで41件。このセッションでは守っていません。

41件はサンプル1ではないです。この90秒バーストのパターンは、[公開されているレポート](https://www.appearonai.com/insights/ai-crawler-configuration-robots-txt-guide) に出てくる、Perplexityがアクティブなユーザークエリに応答中に `User-agent: PerplexityBot` ブロックを無視した観測例と一致しています。`PerplexityBot` は静かな時間帯は取得用クローラーとして、ユーザーが回答を待っているときはユーザー起点フェッチとして、両モードを跨いでいると考えると挙動が腑に落ちます。

私が書き留めた教訓はこれです。**`robots.txt` は自己申告の境界線である**。上位5クローラーのうち3つはきれいに守りました。1つは怪しい。1つは人間が反対側にいるとき、好きに動きました。設計はそれを前提に組みましょう。

## ログから取り出せる3つのLLMOシグナル

ここを記事として書いた理由は、クローラーヒットデータが計測可能なLLMOシグナルだからで、引用率指標と並べた議論をあまり見ないからです。私が今、週次で見ている3つを置いておきます。

**1. クローラーの多様性** 。サイトを叩いているのが `GPTBot` だけなら、あなたの取得サーフェスはOpenAIだけです。ChatGPTで引用されていてもClaude、Perplexity、Geminiの取得経路には映りません。健全な多様性スコアは、上位5つのUser-Agentのうち少なくとも3つが恒常的に訪れている状態です。

**2. 取得対学習比率** 。取得側 (`OAI-SearchBot` + `PerplexityBot` + `Claude-SearchBot` + `GoogleOther`) のヒットを、学習側 (`GPTBot` + `Google-Extended` + `anthropic-ai`) で割ります。AIエコシステムがあなたを「学習材料」と見ているか、「いま引用すべきコンテンツ」と見ているかが数字で出ます。私は0.81でした。0.5を切ると、コンテンツがリアルタイム取得に値する新鮮度に達していないサインです。1.5を超えると、回答で活発に使われている (良い) 一方で、学習材料としては頭打ちかもしれず、観測しておく価値があります。

**3. `llms.txt` のフェッチ率** 。上位5クローラーで、30日間に `/llms.txt` を取りに来たのは `PerplexityBot` と `ClaudeBot` だけでした。`GPTBot`、`OAI-SearchBot`、`Google-Extended` は1回も触れていません。これは他の運用者の観測ともだいたい一致していて、`llms.txt` をメンテする価値を判断するときの効いてくる事実です (短答すると「価値はある、ただし読んでいる2クローラーのために」)。取得シグナル全体については `llmoframework.com` の [Retrieval Signals 章](https://llmoframework.com/framework/retrieval-signals/) が詳しく書いています。

## このデータを実際に取る方法

私が読みたかったのに見つけられなかった部分です。

**Cloudflare (Freeプラン)** 。AI Crawl Controlダッシュボード (旧AI Audit、[公式ドキュメント](https://developers.cloudflare.com/ai-crawl-control/)) で、上位AIクローラーUser-Agentが標準で見えます。生ログを取るにはLogpushが要りますが、これは有料です。Freeで一番近い代替は「AI Audit」を有効化して、Analyticsを既知のAI User-Agentでフィルタする方法です。リクエストごとのパスは取れませんが、件数とトレンドは見えます。

**Vercel** 。プロジェクト → Logs → `User-Agent contains "Bot"` でフィルタします。Proプランは30日分のエッジログが保持されます。Hobbyだと短く、本気でやるならlog drainに転送するのが現実的です。

**Netlify / 自前Nginx** 。`grep` だけで取れます。

```bash
grep -E "GPTBot|ClaudeBot|PerplexityBot|OAI-SearchBot|Google-Extended" \
  /var/log/nginx/access.log \
  | awk '{print $14}' \
  | sort | uniq -c | sort -rn
```

これでクローラー別件数。`$14` を `$7` にすればURLランキングです。フィールド番号はログフォーマットで変わるので、1行に対して `awk '{print NF}'` でフィールド数を確かめてから決めてください。

## 30日のあとに私が変えたこと

具体的に変えたのは3つでした。

1. `robots.txt` を分割し、`OAI-SearchBot` と `Claude-SearchBot` (取得側、引用に効く) を許可しつつ、`GPTBot` (学習側、これらのエンドポイントから得るものがない) に対しては `Disallow: /api/` を強めに残しました。
2. すべてのブログ記事ルートに `Last-Modified` ヘッダを付けました。取得用クローラーはこれを見て再取得頻度を決めますが、Vercelはデフォルトで送ってくれていませんでした。
3. 取得対学習比率を週次でスプレッドシートに記録するようにしました。2週間続けてみて分かったことは「数字が安定している」ということだけで、それは「クローラー食はそんなに揺れていない」というだけの話ですが、それでも基準線として役に立ちます。

ログを開く前、私はサーバーログが既に信じていたLLMO像を裏付けてくれると思っていました。だいたい裏付けてくれませんでした。引用は見るべきシグナルの1つにすぎず、誰があなたのページを取りに来ているかは別の問いです。その答えは、たぶんもう手元にあるログファイルに、平文で書いてあります。

引用計測、GA4リファラル、サーバーログによるクローラー分析を1つの体系として整理した本があります。[LLMO:AI検索最適化](https://kenimoto.dev/ja/books/llmo-ai-search-optimization) の第10章が計測パートで、この記事は紙幅の都合で書ききれなかった「6つ目のKPI」の補遺のようなものです。

---

**関連記事**: [ChatGPTからのアクセスは、GA4にどう映るのか](https://kenimoto.dev/ja/blog/llmo-measurement-3-methods/) (同じ計測問題の引用側) ・ [JSON-LDで11個のスキーマをLLMに渡す](https://kenimoto.dev/ja/blog/json-ld-11-schemas-llm-understanding/)

---

# 5つのAI検索に『kenimoto.devを引用して』と頼んだ。記事31本のうち出てきたのは3本だった

URL: https://kenimoto.dev/ja/blog/five-ai-engines-cite-my-blog-three-of-thirty-one/
Lang: ja
Date: 2026-05-26
Description: 31本のブログ記事を5つのAIエンジンに引用させる実験をした結果、引用されたのは3本だけだった。LLMOは本数ではなく密度の問題かもしれない、と気づいた話。

私はLLMOについてほぼ毎週何かしら書いています。KPI、llms.txt、JSON-LD、ひと通り。なのに、これまで一度もやっていなかったことが一つありました。AI検索エンジンに、自分のブログを引用させる、です。

「インデックスされているか」ではありません。「クローラが回ってきているか」でもありません。それは私のサーバログを見ればわかります。ここで言うのは、読者が実際にやる動作のことです。ChatGPTを開き、質問を打ち、答えの中に私の記事が出てくるかどうか。

英語版のブログには31本の記事があります。5つのAIエンジンに同じことを聞いたところ、31本中3本だけが全エンジンの引用を回していました。残りの28本は、存在しないのと同じでした。


## 実験の設計

GA4のリファラフィルタで毎月顔を出す5つのエンジンを選びました。

1. ChatGPT (web search有効)
2. Claude (web search有効)
3. Gemini
4. Perplexity
5. Brave AI

そして30本のプロンプトを3バケットに10本ずつ用意しました。LLMの回答は確率的なので、1プロンプト×1回ではただの感想です。

- **Branded** — `kenimoto.dev about`、`ken imoto LLMO 記事`、`ken imoto Claude Code ブログ`。イージーモード。ドメイン名+記事トピックで出てこなかったら、何かが壊れています。
- **Topical** — `safe autonomous coding agents`、`llms.txt anti patterns`、`how to measure AI citations`。リアルモード。これが見知らぬ読者の実際の打ち方です。
- **Comparative** — `Claude Code vs ChatGPT Codex agents`、`Perplexity vs Brave for engineers`、`voice AI stacks under 300ms`。見栄モード。全部に対応する記事がある、勝てるはず、というやつです。

プロンプトごとに3回試行。30 × 5 × 3 = 450ターン。`kenimoto.dev` がcitation chipか、本文内リンクか、sourcesフッターに出たかを記録しました。リンクなしのただの言及はカウント外です。LLMOのスコアは「人間がクリックできるか」だけが価値だからです。

この最後のルール、地味に効きます。「AIに名前が出た!」と喜んでいる人のスクリーンショットの大半は、本文中で名前が触れられているだけです。あれは丁寧な紹介であって、引用ではありません。引用はトラフィックを動かします。言及は自尊心を動かします。

## 結果

31本の中で、5エンジン横断で引用されたのは正確に3本でした。

- `measure-ai-citations-llmo-kpi`
- `11-json-ld-3-cited-by-ai`
- `geo-princeton-study-9-ways-ai-cites-you`

citation breadthは9.7%、10本に1本以下です。残りの28本は出てこないか、450ターンのうちに1度出現して二度と再現しないかのどちらか。LLMO Quickstartの「3回回して解釈する」ルールで言うと、1回限りはノーカンです。

エンジン別で見るとさらに偏ります。PerplexityとChatGPTは3本全部を拾ってきました。Claudeは2本止まり (Princeton GEO の記事を完全に外して、元論文の方を引いてきました。これは技術的には正しい動きです)。GeminiはJSON-LDの記事1本だけで、あとは私が引用していたオリジナルソースの方を直接出してきました。Brave AIはゼロ。トピックを正しく説明した上で、競合サイトに読者を送り出していました。

私はこの半年、自分のブログを「31本のコーパス」だと心の中で扱っていました。AIエンジン側は「3本のコーパス + 28本の背景ノイズ」として扱っていた、ということです。

## 勝った3本に共通すること

3本の引用磁石と、28本のうち5本のゴーストを並べて読み直しました。共通点は微妙でもなんでもなくて、わりとはっきりしていました。

**タイトルに数字が入っています。** 「9 ways」「11 JSON-LD schemas, 3 cited」「measure」。3本全部。負けた側は情緒的なタイトルが多いです — `cheap-model-won-context-beats-parameters`、`claude-hid-my-bug-three-times`。人間が読むには良いタイトルですが、回答エンジンが拾える「数」がありません。

**特定の質問に対するトピックハブになっています。** 「AI引用をどう測るか」は1本にダイレクトに紐づきます。「実際に引用されるJSON-LDスキーマは何か」も1本にダイレクトに紐づきます。ゴースト側は体験記が多いです — 「Xを1か月試して何が壊れたか」型。人間には面白いのですが、「ken imoto がリファクタした1か月について教えて」というプロンプトを打つ人間はいません。

**公開から30日以上経っています。** 3本ともすべて公開後6週間以上です。28本のゴーストの半数はそれより新しい。AIインデックスのラグは実在します。LLMO Quickstartが「引用率は最低1か月寝かせてから読め」と書いているのは冗談ではありませんでした。

ちなみにJSON-LDのスキーマ数は31本全記事で同じです。私は同じAstroレイアウトを全記事に使っています。なので「勝者はschemaが優れている」ではない。タイトル、トピック引力、時間、この3つです。

## 負けた28本に共通すること

つまらないニュースから。ゴースト記事の大半は次の3つのうちのどれかを抱えています。

- タイトルが web 上の他の場所に存在しない主張をしていて、エンジン側にアンカーがない。「cheap model won」は良い見出しですが、人間がクエリとして打たない。
- トピックがニッチすぎて、汎用プロンプトからルーティングされない。voice AI のレイテンシ記事は、正直 AssemblyAI のブログには勝てません。トピックハブはインディーの深掘りに勝ちます。
- 記事自体は悪くないが、競合コンテンツの壁に投げ込まれている。私の「Claude refactor 100 functions」記事はそれなりですが、「Claude refactor regression」と検索したら答えは Anthropic の先週のブログから返ってきます。

面白いのは「効かなかったもの」の方です。文字数は効きません。800字の記事で引用されているものと、3,000字で引用されていないものがあります。被リンクも私のスケールでは効きません。一番被リンクが多い記事は引用3本に入っていません。Dev.toへのクロスポストはAI引用には効きませんでした。動くのは直接トラフィックだけ。

## 何を変えるか

3週間このデータを眺めて、出てきたアクションアイテムは思ったより少なかったです。

「全記事を引用磁石にする」という夢は追いません。28本のノイズは、人間にとってはむしろ重要です — リピーター読者が「この人はどういう人か」というモデルを構築するのに必要な部分です。個人記事から特徴を削ぎ落としたら、それはもうブログではなくなります。

変えるのは企画ステップの方です。新記事を書く前に、タイトルを「AIプロンプトがここにルーティングされうるか」のガットチェックに通すようにしました。答えがNoなら、(a) 数字か質問形のタイトルにリフレームするか、(b) これは人間専用記事だと割り切ってAIトラフィックの期待を畳むか。期待だけで動かなかった半年を見たので。

もう一つ、勝った3トピック専用のハブページを `kenimoto.dev` に作っています。根拠は [LLMO Framework](https://llmoframework.com/) の Authority Signals と Coherence Signals。引用を複利で増やすには、引用されているURLを小さなコンテンツクラスタの頂点に置く必要があります。無関係な記事の海に漂う1本の記事のままでは続かない。Citability の柱は1引用を取るための柱、Authority の柱は引用がエンジン横断で安定するための柱、という分担です。

## より広い示唆

LLMOについて書いている人、この実験を今週やってみてください。一晩で終わります。読むことになる次の3本のクローラログ系記事より、たぶん有益です。

LLMOの議論はほとんどが「他人のサイトが引用されているか」のチェックです — JSON-LD監査、llms.txt監査、GA4セグメント。あれはベンチマークとしては良いです。でも自分のコーパスが実際に出ているかは別問題。

私が見積もり違いだったのは、引用がどれだけ集中するかです。breadthは5-10%と読んでいて9.7%、数字の予想は当たりました。誤算は3本がすべてのエンジン、すべてのバケット、すべての試行を回していたこと。LLMOはトーナメントなのです。31本を最適化しているのではなく、ブラケットを勝ち抜く2-3本を最適化している。

もう一つの誤算は、「勝者プロファイル」がタイトル段階でほぼ確定していたこと。公開済み記事のJSON-LDをいじる段階では、ルーティングはもう終わっています。プロンプトはあなたに着地するか、しないか。着地はタイトルが「答え」に見えるかどうかでだいたい決まる。

60日後に同じ30プロンプトで再実験するつもりです。3本がそのままか、4本目が出てくるか。私の予想は、3本は粘着的で、4本目は「私が今カバーしていないクエリを取りに行く新記事」を書かない限り出てこない、です。

どうなるか。自分のブログを測定対象に変えてしまうと、次の記事が次の実験になる、という副作用はわりと気に入っています。

---

本記事で書いた測定ループ — 5プロンプト × 3試行 × 月次 — を構造的にセットアップしたい方は、[LLMO Quickstart](https://kenimoto.dev/ja/books/llmo-quickstart) の第3章に GA4 セグメント正規表現、Python可視性スクリプト、450ターンを採点したルーブリックが載っています。本記事はそのループを自分自身に向けたらこうなった、という続報です。

---

# Claude Codeで自律型コンテンツパイプラインを構築した話

URL: https://kenimoto.dev/ja/blog/hello-world/
Lang: ja
Date: 2026-04-29
Description: AIパイプラインを6回テストして9個バグを見つけた。モデル起因は0個だった。

## パイプラインの構成

Claude Codeを使って、記事の自動生成パイプラインを構築しました。Observer、Strategist、Marketerの3フェーズを順番に実行する仕組みです。

各フェーズは独立したClaudeセッションとして動き、前フェーズの出力を読んで次のステップを生成します。

## 壊れたところ

6回のテストで9個のバグを発見しました。

- **並列実行の競合**: cronが3フェーズを同時に起動。Strategistが未完了のままMarketerが動き出した
- **テーマの重複**: 除外リストがないと、パイプラインが毎回同じテーマを選んでしまう
- **品質チェックの自己申告**: AIが自分の成果物を自分でチェックして、常にパスしていた

9個全てが**ハーネス**（モデルの周りの環境）のバグで、モデル自体の問題はゼロでした。

## 修正方法

時間ベースのcronからイベント駆動チェーンに切り替えました。前フェーズが完了してから次が起動する`after`依存を導入。

```yaml
# Before: 全部同時に発火
observer: "0 7 * * 1"
strategist: "0 7 * * 1"
marketer: "0 7 * * 1"

# After: イベント駆動チェーン
observer: "0 7 * * 1"
strategist:
  after: observer
marketer:
  after: strategist
```

## 学び

AIエージェントの品質は、AIの外側で決まる。モデルはシェフだが、キッチンが壊れていたらどんなシェフも料理できない。

---

## さらに深掘りしたい方へ

本記事はその一面に過ぎません。OpenAI・Anthropic・LangChain・Martin Fowler・学術の5つの解釈を1冊に統合した体系書 **[ハーネス・エンジニアリング — AIを"使う"から"操る"へ](https://kenimoto.dev/ja/books/harness-engineering-guide)** で、ハーネスとは何か、どう設計し、どう運用するかを19章で解説しています。

---

# 「稼働率99.5%」と「5,000件の決済失敗」は同じ事実 — 障害報告のフレーミングが緊急度を反転させる

URL: https://kenimoto.dev/ja/blog/incident-framing-99-percent/
Lang: ja
Date: 2026-06-03
Description: 同じインシデントを「99.5%は成功しています」と書くか「5,000件が失敗しています」と書くか。数字は1ミリも盛っていないのに、受け手の緊急度が安心から危機へ反転します。私のオンコール失敗談と、報告を設計する3つの実務ルール。

先に結論を言います。**障害報告で「正確な数字を出せば中立だ」というのは思い込みです。** 同じ正確な数字でも、「影響率」で書くか「影響の内容」で書くかで、受け手の緊急度判断は安心にも危機にも振れます。だから報告は、書くものではなく**設計するもの**だと私は考えるようになりました。

きっかけは、自分のオンコール当番でやらかした夜です。

## 「99.5%維持してます」で、私はチームを油断させた

ある夜、決済まわりのエラー率が上がりました。私はダッシュボードを開き、数字を確認し、チームのチャンネルにこう書きました。

> 「決済の成功率、いま99.5%を維持しています。一過性のスパイクっぽいので様子見します」

嘘は一文字もありません。本当に99.5%でした。みんな「了解、様子見で」と返してきて、私も安心してログ調査に戻りました。

問題は、その裏側です。そのサービスは1日およそ100万リクエスト。**99.5%ということは、0.5%が失敗している。つまり5,000件の決済が落ちている。** 同じ数字を私がこう書いていたら、空気は完全に違っていたはずです。

> 「いま5,000件の決済が失敗しています」

前者は様子見、後者は全員招集。数字は同じ99.5%なのに、です。私はその夜、「99.5%」という安心側のフレームを無意識に選んで、自分のチームの初動を遅らせていました。


## なぜこれが起きるのか：フレーミング効果

この現象には名前があります。**フレーミング効果**です。同じ情報でも、提示の仕方(フレーム)によって人の判断が変わる。トベルスキーとカーネマンが1981年の論文で実証した、認知バイアスの古典です。

有名な実験はこうです。「600人が死ぬ病気」に対して、「200人が助かる対策A」と「400人が死ぬ対策B」を提示する。AとBは数学的に同じ結果なのに、「助かる」とフレームされたAを多くの人が選ぶ。生存フレームと死亡フレームで、選択がひっくり返るわけです。

障害報告は、これがそのまま効く現場です。私たちは数字を扱っているから「自分は定量的で中立だ」と思いがちですが、その数字を**どのフレームに乗せて渡すか**を選んだ時点で、もう中立ではありません。

## 「影響率」と「影響の内容」は緊急度が違う

実務でいちばん混乱を生むのが、この2つのフレームの取り違えです。

- **影響率フレーム**：「10万ユーザー中100人が影響(0.1%)」
- **影響内容フレーム**：「100人のユーザーが決済できていない」

同じ100人の話です。でも前者は「0.1%か、まあ軽微だな」と聞こえ、後者は「100人が金を払えないのか、まずい」と聞こえる。パーセントは事象を薄め、人数と「何ができていないか」は事象を濃くします。

ここに**意図せぬフレーミング**と**意図的なフレーミング**の両方が潜んでいます。

意図せぬケースは、私の99.5%がまさにそれでした。悪意ゼロで、ただ手元にあった数字をそのまま書いただけ。でも結果として、チームを油断させた。

意図的なケースは、逆方向に使えます。優先度を正しく上げたいのに「0.1%」と言うと埋もれてしまう。そういうときは率を捨てて、内容でフレームする。「0.1%の影響です」ではなく「**売上に直結する決済機能が、100ユーザーで停止中です**」と書く。同じ事実を、緊急度が正しく伝わる側に乗せ替えるわけです。

## ここで線を引く：これは「数字を盛れ」ではない

念のため、はっきりさせておきます。私が言っているのは「数字を大きく見せて煽れ」ではありません。それをやった瞬間、信頼という一番大事な資産を溶かします。

フレーミングの怖いところは、**意図的な操作と紙一重**だという点です。「100人が決済不能」と書くのは事実です。でもそこに無いものを足したり、無関係に大きい母数を選んで率を恣意的にいじったりした瞬間、それは報告ではなく演出になります。

私が線を引いている基準はシンプルです。**同じ真実を、緊急度が正しく伝わるフレームで渡す。** 真実は1ミリも動かさない。動かすのは、受け手が事態の重さを正しく受け取れるかどうか、その一点だけです。盛るのではなく、霞ませない。これは別物です。

## 報告を「設計」する3つのルール

あの夜以来、私が自分とチームに課しているルールが3つあります。どれも個人の注意力に頼らない、仕組み側の対策です。障害対応中の脳は、いちばん油断しやすいときにいちばん頼りにならないので。

**1. 率で止めず、内容まで落とす**

ポストモーテムでもインシデント中の一報でも、「0.5%失敗」だけで止めない。必ず「= 5,000件 / うち決済◯件」まで具体に落とす。率はインパクトを薄める方向に働くと知っておいて、人数・件数・「何ができていないか」をセットで書く。

**2. 5分続いたら、人間の判断を待たずにエスカレーション**

正常性バイアス(「まだ大丈夫」「誤検知だろう」)は、私の99.5%発言と相性が最悪です。だから「人が様子見と判断する」余地を狭める。アラートが5分以上継続したら自動でオンコールに通知が飛ぶようにしておく。私の油断を、私の判断の外側で止める仕組みです。

**3. エラー率がしきい値を超えたら自動投稿**

「報告するかどうか」を人に委ねない。エラー率がN%を超えたら、フレームの選びようがない生データがそのままチャンネルに自動で流れるようにする。私が安心フレームを選ぶ隙を、最初から消しておくわけです。

共通しているのは、**バイアスが最強になる場面ほど、判断を仕組みに逃がす**という発想です。チェックリスト、自動エスカレーション、自動投稿。どれも「私が冷静なら不要」なものですが、障害対応中の私は冷静ではない。そこを正直に認めるところからしか、まともな対策は始まりません。

## まとめ

- 「99.5%成功」と「5,000件失敗」と「100人が決済不能」は、まったく同じ事実です。緊急度だけが違う
- 正確な数字でも、率でフレームするか内容でフレームするかで、受け手の判断は安心↔危機に反転する(フレーミング効果, Tversky & Kahneman 1981)
- これは「数字を盛れ」ではない。**真実は動かさず、緊急度が正しく伝わるフレームを選ぶ**。盛るのと霞ませないのは別物
- 個人の注意力に頼らず、内容フレーム・自動エスカレーション・自動投稿という仕組みで守る

報告を受ける側になったときも、この知識は効きます。「この一報はどのフレームで書かれているか」を一拍置いて検証できるようになる。99.5%と言われたら、頭の中で5,000件に翻訳してから反応する。それだけで、油断側に倒れる回数がだいぶ減りました。面白くいきましょう。

---

# JSON-LDを11スキーマ入れた。3ヶ月測ったら、AIが拾っていたのは3つだけだった

URL: https://kenimoto.dev/ja/blog/json-ld-11-only-3-cited/
Lang: ja
Date: 2026-05-25
Description: 3ヶ月前にJSON-LDを11スキーマ束ねて<head>に入れました。AI引用を3ヶ月追跡したら、効いていたのは3つだけ。残り8つはHTMLコメントと同等の存在感でした。どれが効いてどれが死んでいたか、実測の話です。

3ヶ月前、私はサイトの`<head>`にJSON-LDを11スキーマ束ねました。Organization、WebSite、Person、Service 4個、Book 2個、MusicGroup、FAQPage。実装した瞬間は満足でした。

そのあと、AIエンジンが実際にどれを拾っているかを測りました。

11個のうち、3ヶ月の引用ログに姿を見せたのは3つだけ。残り8個は、HTMLコメントとほぼ同等の存在感でした。

これは測定の記録です。どの3つが仕事をして、どの8つが死んでいて、それでも私が同じ実装を選び直すなら何を残すか、という話です。


## 何を入れて、なぜ効くと思っていたか

実装そのものは単純でした。Astroのレイアウトに11スキーマを配列で1本にまとめて、`<script type="application/ld+json">`でサーバーレンダリングする。詳細は[JSON-LD 11スキーマ統合実装ガイド](https://kenimoto.dev/ja/blog/json-ld-11-schemas-llm-understanding/)に書いた通りです。

3ヶ月前の私の理屈はこうでした。

- 構造化シグナルは多いほど引用機会が増える
- LLMは`knowsAbout`を好む、だからPersonが切り札になる
- Serviceで「何を売っているか」を伝える
- Bookで出版物を浮上させる
- MusicGroupまで入れた、副業プロジェクトがあるので、入れない手はない

LLMOにおける「多ければ多いほど良い」の典型的な発想です。私はその典型でした。

## 測り方

2026年2月末から5月末まで、3ヶ月のトラッキング実験を回しました。ルールは次の通り。

- 50個のブランド・トピッククエリを最初に書いて、毎週使い回す
- AIエンジンは4種類: ChatGPT (Search), Perplexity, Claude (検索有効), Brave Leo
- 毎週、50問×4エンジンを実行
- 引用が出たら、その引用断片に含まれる情報が **特定のJSON-LDスキーマにしか存在しない** ものかを確認
- スキーマ固有のフィールド（name、foundingDate、knowsAbout、FAQ Q&A、書籍タイトル、サービス記述）に紐づく場合、そのスキーマの貢献としてカウント

最後のルールが肝です。「Articleスキーマが効いた」は誰でも主張できます。Articleは`<title>`や`<h1>`、`<meta description>`と内容が重なるからです。本当に興味があるのは「JSON-LDにしか書かれていない事実」を引用に運んだのはどのスキーマか、という問いでした。

3ヶ月、600クエリ（50×4×3ヶ月）、私のサイトの引用は合計約180件。全件追跡しました。

## 仕事をした3スキーマ

### 1. Organization

`Organization`は、AIエンジンが実際にパースして記憶しているスキーマです。「kenimoto.devは何を扱うサイトか」「誰が運営しているか」と聞かれたとき、答えが寄りかかっているのはOrganizationブロックの中のフィールドでした。

- `name`と`alternateName`（表記揺れや略称の吸収）
- `description`（AIが「サイト概要」として使う1行）
- `foundingDate`（これが唯一書かれている構造化された場所）
- `sameAs`（GitHub、LinkedIn、Xへのクロス参照。AIはこれでエンティティを統合する）

引用断片の約40%がOrganizationに辿れる情報を含んでいました。[BrightEdgeが2026年初頭に出した分析](https://digitalstrategyforce.com/journal/what-schema-markup-gets-you-cited-by-chatgpt-and-google-ai-mode-in-2026/)とも一致します。OrganizationはTier 1です。

1つだけ実装するならこれです。比較対象すらありません。

### 2. Article（記事ごとのTechArticle）

これは厳密には、トップページの`<head>`に束ねた11個には入っていません。Astroが各ブログ記事に個別出力するスキーマです。それでもここに含めた理由は単純で、個別記事へのAI引用ほぼ全てが、Articleの`headline`、`datePublished`、`dateModified`、`author`に寄りかかっていたからです。

特に`dateModified`が想像以上に重要でした。Perplexityはフレッシュネスを強く重みづけしていて、業界分析では[Perplexityのランキング要素の約40%](https://www.stackmatix.com/blog/structured-data-ai-search)が新鮮さに関わるとされています。実際、記事を更新して`dateModified`を打ち直すと、その記事の引用率がその後2週間で目に見えて上がりました。

### 3. FAQPage

引用パターンが一番はっきりしていたスキーマです。AIエンジンはFAQPageの`mainEntity[].name`と`acceptedAnswer.text`をほぼそのまま抽出してきます。業界調査では、FAQPageは[AI関連クエリで67%の引用率](https://www.frase.io/blog/faq-schema-ai-search-geo-aeo)、別の分析でも[Google AI Overviewsに3.2倍出やすい](https://digitalstrategyforce.com/journal/what-schema-markup-gets-you-cited-by-chatgpt-and-google-ai-mode-in-2026/)とされています。

私の手元の数字は控えめです。FAQPageは1ブロックしか入れていないので。それでも引用の **質** が違いました。ChatGPTは私のFAQ回答を言い換えませんでした。引用しました。

ただし条件があります。FAQPageは、画面に実際にFAQコンテンツが表示されているページにしか効きません。空のFAQPageスキーマだけ置く（やる人がたまにいます）のは、ペナルティ対象として明確に定義されている挙動です。

## 何もしなかった8スキーマ

ここから書くのが少し痛い部分です。

### Person（knowsAbout付き）

`knowsAbout`が切り札になるはず、と本気で思っていました。多くのLLMOガイドが「個人の権威性を立てる秘密兵器」として扱っています。「LLMOの専門家は誰?」とAIに聞けば、私の名前が返ってくるはずでした。

返ってきませんでした。600クエリのうち、`knowsAbout`の値にしか書かれていない情報が引用に運ばれたケースは、1件も見つかりませんでした。1件もです。

仮説: AIエンジンは、GoogleのKnowledge Panelのように構造化ナレッジグラフを照会していません。ドキュメントを引き出して、そこを読むだけです。`knowsAbout: ["LLMO"]`がJSON-LDの中に存在しても、それはドキュメントではなく、誰かについてのメタデータでしかありません。今の検索パイプラインがそこを拾う設計にはなっていない、ということです。

これが今回一番悲しい発見で、一番役に立った発見でもありました。`knowsAbout`を入れること自体は害ではありません。コストがゼロなので、入れるのは構いません。ただ、LLMO戦略の中心にこれを据えるのは、まだ存在しないパイプラインに賭けることになります。

### Service ×4

私の事業を説明する4ブロック。引用ゼロ件。AIが「このサイトは何のサービスを提供しているか」を答えるとき、根拠にしていたのは構造化データではなくトップページの本文でした。

### Book ×2

私の書籍を説明する2ブロック。「Bookスキーマでしか取れない情報」が引用に運ばれたケースはゼロ。AIが書籍に言及するときの根拠は、書籍LPページの本文とAmazon上のリスティングです。どちらもBookスキーマと独立して存在します。

### MusicGroup

これは正直に書きます。入れた時点で「たぶん引用には効かないだろう」と思っていました。それでも入れたのは、自分のプロジェクトを構造化データで宣言しておきたいという自己表現でした。実際、効きませんでした。LLMOではなく自己表現だったということです。

### WebSite

`WebSite`スキーマと`SearchAction`は、Googleのサイトリンク検索ボックスのためには有名なほど有効です。これはSEOの機能で、AIの機能ではありません。3ヶ月の間、WebSiteブロックにしか書かれていない情報を引用に運んだAI回答は1件もありませんでした。

## 業界研究も同じ方向を指している

3ヶ月実測の結果は、2026年の業界研究と整合しています。

[Ahrefsが2026年5月に出した1,885ページの研究](https://medium.com/@vicki-larson/how-structured-data-schema-transforms-your-ai-search-visibility-in-2026-9e968313b2d7)では、スキーマを追加しても引用率はほとんど動きませんでした。引用が増えたのは、強いコンテンツと外部からの言及がついていたページであって、スキーマだけでは指標は動いていません。

[BrightEdgeの2026年初頭の研究](https://digitalstrategyforce.com/journal/what-schema-markup-gets-you-cited-by-chatgpt-and-google-ai-mode-in-2026/)では、Article + FAQPage + HowTo + Organizationの組み合わせを実装したページが、スキーマなしのページに比べて2.5〜2.7倍引用されていました。注目すべきは、リストに含まれていないのは Person、Service、Book、MusicGroup、WebSite。私が拾われなかったセットそのままです。

注意点も1つ。中身が薄いスキーマ（`name`と`url`だけのOrganization、質問1個だけのFAQPage、`knowsAbout`なしのPerson）は、[スキーマなしと比較して18ポイントの引用ペナルティ](https://www.stackmatix.com/blog/structured-data-ai-search)を負うという報告があります。AIエンジンは中身の薄いスキーマを「低品質シグナル」として扱っているようです。

実測の含意も同じです。中身が詰まった少数のスキーマは、中身が薄い大量のスキーマに勝ちます。

## 既存の「優先順位」と実測の対比

[実装ガイドの記事](https://kenimoto.dev/ja/blog/json-ld-11-schemas-llm-understanding/)で私が書いた優先順位は、Organization → WebSite → Person → Article → FAQPage → Book/Service → Breadcrumb → HowTo、でした。

3ヶ月測った後の優先順位は、Organization → Article → FAQPage、で打ち切りです。WebSiteとPersonを上位に置いたのは私の理屈であって、AIの実際の挙動とは別軸でした。

「実装時の優先順位」と「3ヶ月後の引用率順位」は別物だったということです。書いている時はそれが分かりません。測ってから分かります。

## 今、同じ実装をやり直すなら

Organization、Article、FAQPageの3つは残します。残り8つを実装する時間を、この3つを濃くする方に投資します。

- Organization: `sameAs`を増やす、`address`、`email`、`foundingDate`を本物にする、`description`を具体的に書く
- Article: 本当に改訂したときは必ず`dateModified`を更新する、`author`をPersonと正しく紐付ける
- FAQPage: Q&Aセクションがあるページは全部FAQPage化、回答は2〜3文で引用可能な単位に整える

Person/knowsAbout、Service、Book、MusicGroup、WebSiteは外します。害があるからではなく、実装コストはゼロではないし、リターンが誤差レベルだからです。

2026年にこれから始める人へのルール: **AIが読んでいるコンテンツに紐づく3スキーマ** を選んでください。Organization（企業アイデンティティ）、Article（記事本文）、FAQPage（Q&Aブロック）。ページに対応する本文がない抽象属性スキーマは、ほぼ無視されます。

「サイトの目的別にどのスキーマを選ぶか」をより体系的に決めたい方は、[llmoframework.com](https://llmoframework.com)が用途別（コーポレート / メディア / EC）に評価指標つきで整理しています。3ヶ月前の私が「多い方が良い」と並べる前に、これで判断するべきでした。

## 11スキーマは戦略ではなくゴミ捨て場だった

LLMOのアドバイスでよく目にするパターンが、私が3ヶ月前にハマったのと同じです。「全部入れろ、多い方が良い、AIが勝手に判断する」。AIは勝手には判断してくれません。渡したドキュメントを読んで、自分の検索パイプラインに紐づくフィールドだけを拾います。私の11個のうち8個は、そのマップに最初から載っていませんでした。

3つは載っていました。今その3つは、8つと同居していた頃より中身が濃くなっています。ブログのランクは変わらず、ChatGPTからの引用は2月比で約20%増え、Astroのレイアウトファイルは短くなりました。

11スキーマはゴミ捨て場でした。3スキーマはサイトです。

## 参考

- [JSON-LD 11スキーマ統合実装ガイド](https://kenimoto.dev/ja/blog/json-ld-11-schemas-llm-understanding/): この記事の前編、実装の話
- [llmoframework.com](https://llmoframework.com): サイト目的別のスキーマ選定フレームワーク
- [BrightEdgeのスキーマ引用率調査（Digital Strategy Force要約）](https://digitalstrategyforce.com/journal/what-schema-markup-gets-you-cited-by-chatgpt-and-google-ai-mode-in-2026/)
- [Ahrefs 2026年5月スキーマ研究（Medium要約）](https://medium.com/@vicki-larson/how-structured-data-schema-transforms-your-ai-search-visibility-in-2026-9e968313b2d7)

---

## 本でまとめて読む

「SEOがどう壊れたか」「LLMOで何を置き換えるか」「どう測るか」を8章に凝縮した [**LLMOクイックスタート: エンジニアのためのAI検索最適化入門**](https://kenimoto.dev/ja/books/llmo-quickstart) が、3ヶ月の測定作業を週末で読める形にまとめてあります。JSON-LDの章はこの記事よりも深く踏み込んでいます。

---

# JSON-LDで LLM にサイトを「説明」する: 11スキーマ統合実装ガイド

URL: https://kenimoto.dev/ja/blog/json-ld-11-schemas-llm-understanding/
Lang: ja
Date: 2026-05-07
Description: ChatGPTに「この会社の専門は何ですか」と聞いて的外れな返答が来た経験ありませんか。それ、JSON-LDが無いからです。Organization から FAQPage まで11スキーマを1ページに統合した実装記録と、優先順位付け。

ChatGPTに「この会社の専門は何ですか」と聞いて、的外れな返答が来たことありませんか。

私のサイトは1年それでした。記事もあるしSNSもある。なのにLLMは「不明です」と返してくる。原因はシンプルで、 **LLMが読みやすい形でサイト情報を書いていなかった** だけでした。それを直すのがJSON-LDです。

私も最初は「JSON-LDはSEOの小手先」だと思っていました。LLM時代に意味が変わりました。今は「AIに自社を理解させる唯一の確実なチャネル」になっています。

この記事は、自分のサイトに **11個のJSON-LDスキーマを1ページに統合配置** した実装記録です。Organization、Person、Bookなど、どれを最初に置くべきかの優先順位付きで書きます。

## 前提: この記事は誰向けか

すでに [llms.txt + JSON-LD 最小実装の記事](https://kenimoto.dev/ja/blog/llmo-minimum-implementation-llms-txt-json-ld) を読んだ方の続編です。あちらは「ファイル2つ置いて15分で終わる土台」の話。

本記事は土台の上にもう一段階積みたい人向けです。「Articleスキーマだけだと足りない」と気づいた段階で、次に何を入れるべきか。実装の本格編、と捉えてください。

## 結論: 1ページに11スキーマを束ねる

私が実装したスキーマ一覧です。


| スキーマ | 用途 | 個数 | 優先度 |
|---------|------|------|------|
| Organization | 会社情報 | 1 | ★★★ |
| WebSite | サイト情報 | 1 | ★★★ |
| Person | 代表者情報 | 1 | ★★★ |
| Service | 事業情報 | 4 | ★★ |
| Book | 書籍情報 | 2 | ★★ |
| MusicGroup | 音楽プロジェクト | 1 | ★ |
| FAQPage | よくある質問 | 1 | ★★ |

**合計11スキーマ** を1ページの`<head>`に配列として束ねます。Astroなら`set:html`で一括出力できます。

ここで「11個も入れる必要あるのか」と思うはずです。私もそう思いました。実装してみて分かったのは、 **LLMは情報の冗長性を冗長と見なさない** ということです。むしろ「このサイトは自社を多角的に説明している」と評価する材料になります。

## 1つだけ置くなら Organization

スコープを絞り込まれた状況、つまり **1つだけ実装するなら何か** という問いには、迷わずOrganizationと答えます。

LLMが「この会社は何屋か」「どこにあるか」「いつ設立されたか」を判断する根拠は、ほぼOrganizationスキーマに集約されているからです。

```json
{
  "@context": "https://schema.org",
  "@type": "Organization",
  "name": "株式会社サンプルテック",
  "alternateName": "SampleTech Inc.",
  "url": "https://example.co.jp/",
  "email": "info@example.co.jp",
  "foundingDate": "2025-04-01",
  "address": {
    "@type": "PostalAddress",
    "addressLocality": "渋谷区",
    "addressRegion": "東京都",
    "addressCountry": "JP"
  },
  "sameAs": [
    "https://linkedin.com/in/your-account",
    "https://github.com/your-account"
  ]
}
```

3箇所に注目してください。

**1. `alternateName`**: 日本語の正式名称、カタカナ表記、英語名を全部入れます。LLMは表記ゆれをまとめる作業が苦手です。「サンプルテック」「SampleTech」「株式会社サンプルテック」が同じ会社だと教えるのは、こちら側の仕事です。

**2. `sameAs`**: SNSアカウントや GitHubアカウントへのURLを並べます。「同じ主体である」という宣言なので、AIがクロスドメインで情報を統合する材料になります。LinkedIn、X、GitHub、Qiita、Zennあたりは全部入れて損はありません。

**3. `foundingDate`**: 設立日です。地味ですが、LLMが「いつ設立された会社か」と聞かれた時に答える根拠になります。日付フォーマットはISO 8601(YYYY-MM-DD)固定です。

私はこれを書く前、「会社情報なんてフッターに書いてあるじゃん」と思っていました。LLMはフッターを読まないわけではありませんが、 **構造化された情報を最優先で読みます** 。Bingのクローラーが [JSON-LDをナレッジグラフに直接格納していること](https://www.searchviu.com/en/schema-markup-and-ai-in-2025-what-chatgpt-claude-perplexity-gemini-really-see/) は実証済みで、ChatGPTはBingの索引を経由します。

## Personスキーマの knowsAbout が地味に効く

代表者情報を書くPersonスキーマで、私が一番驚いたのが`knowsAbout`フィールドです。

```json
{
  "@context": "https://schema.org",
  "@type": "Person",
  "name": "山田 太郎",
  "alternateName": "Taro Yamada",
  "jobTitle": "代表取締役",
  "worksFor": {
    "@type": "Organization",
    "name": "株式会社サンプルテック"
  },
  "knowsAbout": [
    "AIエージェント設計",
    "コンテキストエンジニアリング",
    "LLM活用",
    "LLMO"
  ]
}
```

`knowsAbout`は「この人は何の専門家か」を直接宣言する場所です。LLMに「Aさんは何に詳しい人か」と聞くと、ここに書いた配列が答えの種になります。

ここで犯しがちなミス: **広いキーワードを書いてしまう** 。「プログラミング」「マーケティング」「ビジネス」みたいな広いワードは、LLMからすると「全員が言っている」のでシグナルになりません。

逆に、絞り込んだキーワードはそのまま専門家認定の入り口になります。「LLMO」「AIエージェント設計」「コンテキストエンジニアリング」のように、検索ボリュームは小さくても専門性が立つ語を選ぶのが筋です。

私はこれをやってから、AIが私の名前で「LLMOの実践者」と返してくる頻度が体感で増えました。検索結果ではなくAI回答の中身で。

## Bookスキーマで出版物をAIに認識させる

書籍を書いている人なら必ず入れるべきがBookスキーマです。

```json
{
  "@context": "https://schema.org",
  "@type": "Book",
  "name": "実践AIエージェント開発",
  "author": { "@type": "Person", "name": "山田 太郎" },
  "publisher": { "@type": "Organization", "name": "サンプルテック" },
  "bookFormat": "EBook",
  "about": ["AIエージェント", "コンテキストエンジニアリング"],
  "inLanguage": ["ja", "en"],
  "isPartOf": {
    "@type": "BookSeries",
    "name": "エンジニアのためのAI実践シリーズ"
  }
}
```

ポイントは`about`フィールドです。書籍のテーマを配列で書きます。「AIエージェント 本」「LLMO 書籍 おすすめ」のような検索クエリで、AIが回答候補に挙げる根拠になります。

`isPartOf` を使ってシリーズに紐付けるのも効きます。「シリーズで何冊出している人」という認識を作ると、信頼度のシグナルが立ちます。

## FAQPageは引用される側の最短ルート

LLMOで一番引用されやすいスキーマがFAQPageです。

```json
{
  "@context": "https://schema.org",
  "@type": "FAQPage",
  "mainEntity": [
    {
      "@type": "Question",
      "name": "LLMOとは何ですか",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "LLMO (LLM Optimization) とは、大規模言語モデルがWebサイトの情報を正確に理解・引用できるよう最適化する手法です。"
      }
    }
  ]
}
```

FAQPageは「質問-回答の自己完結ペア」をAIに渡す最短ルートです。AIは引用を **段落単位** で行います。FAQPageのAnswerは最初から段落単位で完結しているので、引用がほぼコピペで済みます。

注意: 実際にFAQコンテンツが画面に表示されているページにだけ使ってください。空のFAQスキーマだけ置くとペナルティ対象です(リッチスニペット側で機能停止します)。

## Astroで11スキーマを1配列にまとめる

実装は意外と単純です。Layout.astroの`<head>`に配列を1つ書くだけ。

```astro
---
const schemas = [
  { "@context": "https://schema.org", "@type": "Organization", /* ... */ },
  { "@context": "https://schema.org", "@type": "WebSite", /* ... */ },
  { "@context": "https://schema.org", "@type": "Person", /* ... */ },
  { "@context": "https://schema.org", "@type": "Service", /* ... */ },
  { "@context": "https://schema.org", "@type": "Service", /* ... */ },
  { "@context": "https://schema.org", "@type": "Book", /* ... */ },
  { "@context": "https://schema.org", "@type": "FAQPage", /* ... */ },
];
---
<script type="application/ld+json" set:html={JSON.stringify(schemas)} />
```

`set:html` を使うのがコツです。Astroは普通に書くとJSON文字列をHTMLエスケープしてしまうので、構造化データとして無効になります。`set:html`で生のJSONとして出力する。

Next.jsなら `dangerouslySetInnerHTML` 、Nuxtなら `useHead({ script: ... })` で同じことができます。クライアントサイドJSで動的に挿入する方式は **絶対NG** です。多くのAIクローラーはJSを実行しません。SSRで出力する。これだけは譲れない一線です。

## 何から実装するか: スキーマ選定の優先順位

11個のうち、どれから実装すべきか。私が試行錯誤の末にたどり着いた優先順位はこうです。

| 優先度 | スキーマ | 理由 |
|------|--------|------|
| 1 | Organization | LLMが「何屋か」を判断する起点 |
| 2 | WebSite | サイト全体の入り口情報 |
| 3 | Person | 著者の専門性シグナル(knowsAbout) |
| 4 | Article / TechArticle | 各記事の意味付け |
| 5 | FAQPage | 引用されやすさNo.1 |
| 6 | Book / Service | 提供物の明示 |
| 7 | BreadcrumbList | サイト構造の理解補助 |
| 8 | HowTo | チュートリアル記事のみ |

スキーマ選定の判断軸を全体として体系化したい方は、[llmoframework.com](https://llmoframework.com) の構造化データ章を参照してください。「どのスキーマから何個入れるか」を、サイト目的別(コーポレート/メディア/ECなど)に整理してあります。

私が雑に並べた優先順位より、用途別フレームワークで判断した方が早道だと思います。

## 2026年にChatGPTやPerplexityがJSON-LDをどう扱っているか

実態調査です。2026年5月時点で、各AI検索の挙動はおおむね次のようになっています。

- **ChatGPT Search**: Bingのインデックスを参照。BingのパーサーがJSON-LDをナレッジグラフに格納するため、構造化データはほぼそのまま読まれる
- **Perplexity**: Chromiumレンダラーで取得するが、 **静的HTML優先** 。ページのスキーマタイプ(FAQPage/Articleなど)で扱いを変える
- **Claude search (Anthropic)**: 公式仕様は非公開。観測上、Organization と Article の重みは大きい
- **Brave LLM Context API**: JSON-LDを **最優先で抽出** することを公式に明記

つまり、4大AI検索のうち少なくとも3つはJSON-LDを読んでいます。「LLMはJSON-LDを読まない」という言説もありますが、 **「全LLMが等しく読む」と「全く読まない」の中間が現実** です。重みづけは検索エンジンによって違うが、ゼロではない。それなら入れない理由がありません。

## 効果測定をセットでやる

JSON-LDを11個置いた後、効くかどうかは結局測定でしか分かりません。

3軸で見るのが王道です。

1. **AI回答での引用カウント**: ChatGPT、Perplexity、Claudeに自社関連の質問を投げ、回答に引用されているかをチェック
2. **AI経由のリファラ**: GA4で referrer に `chat.openai.com` `perplexity.ai` などが含まれるアクセスを集計
3. **ナレッジグラフ反映**: Google検索で自社名を検索したときの右側パネル、もしくはBing AIの初動回答

具体的な測定手順は [LLMO測定の3つの方法](https://kenimoto.dev/ja/blog/llmo-measurement-3-methods) にまとめてあります。実装と測定は両輪です。

スキーマ選定から効果測定までの全体フレームワークは [llmoframework.com](https://llmoframework.com) に評価指標つきで体系化されています。「どのスキーマがどの指標を改善するか」のマトリクスとして使えます。

## 締め: 11スキーマで「説明し切る」

LLMOで一番見落とされがちな話を最後に書きます。 **AIに自分のことを説明するチャンスは、JSON-LDしかありません。**

ブログを書けば内容は読まれます。SNSで発信すれば話題は拾われます。でも「あなたの会社は何屋ですか」「専門は何ですか」「どこにありますか」を直接答える場所は、JSON-LD以外にないんです。

llms.txtは「ここを読んで」のコンシェルジュ。JSON-LDは「私はこういう者です」の自己紹介。両方揃えると、AIから見たときのプロフィールが完成します。

11スキーマは多いと感じるかもしれません。でも一度書いてしまえば、変更頻度はほぼゼロです。Astroなら設定ファイルに1回書くだけ。1時間の投資で、AIからの認識が永続的に整います。

火事が起きてから消火器は買えません。AIに見つけてもらってから自己紹介を書いても遅い。私は1年遅れました。あなたはこの記事を読み終えた今から始められます。

## 参考

- [JSON-LD最小実装(llms.txt + Article)](https://kenimoto.dev/ja/blog/llmo-minimum-implementation-llms-txt-json-ld): 土台の話
- [LLMO測定 3つの方法](https://kenimoto.dev/ja/blog/llmo-measurement-3-methods): 効果測定の手順
- [llmoframework.com](https://llmoframework.com): LLMO全体フレームワーク
- [Brave LLM Context API ドキュメント](https://api-dashboard.search.brave.com/api-reference/summarizer/llm_context/get): JSON-LD優先抽出の仕様
- [Google Rich Results Test](https://search.google.com/test/rich-results): JSON-LDのバリデーション

---

## さらに深掘りしたい方へ

LLMOの全体像を30分で押さえたい方は、核心を8章で凝縮した **[LLMOクイックスタート: エンジニアのためのAI検索最適化入門](https://kenimoto.dev/ja/books/llmo-quickstart)** が最短ルートです。

---

# LLMに「引用したい」と思わせるコンテンツ設計 — Microsoftが明かした3原則

URL: https://kenimoto.dev/ja/blog/llm-content-design-microsoft-3-principles/
Lang: ja
Date: 2026-04-30
Description: Microsoftが公式に明かした「AIに選ばれるコンテンツ」の3条件。構造・明確さ・スニッパビリティ。SEOとは別の最適化が必要な時代に、何を、どう書けばAIに引用されるのかを実践的に解説します。

私はSEOを10年やってきたエンジニアです。検索順位を上げる方法なら寝ながらでも語れます。でも2025年の秋、Microsoftが公式ブログに出したたった1行で、目が覚めました。

> 「可視性がすべて。AI検索の世界では、見つけられることではなく、 **選ばれること** が重要。」

「見つけられる」から「選ばれる」へ。ゲームが変わっていたのに、私は古いルールブックを握りしめていたわけです。

この記事では、Microsoft公式ガイド(2025年10月公開)、Adobe LLM Optimizer、SurferSEOの定量データに基づいて、LLMに引用されるコンテンツの書き方を解説します。「SEO頑張ってるのに、ChatGPTに自分のサイトが出てこない」と思っている方に向けて書きました。

## SEOとLLMOは何が違うのか

まず、根っこから違う部分を整理します。


| 項目 | SEO | LLMO |
|------|-----|------|
| 単位 | ページ全体のランキング | **断片(パッセージ)の引用** |
| 権威性の源泉 | 被リンク数 | **ブランドへの言及** |
| JS対応 | レンダリング対応 | **クライアントサイドJS非対応** |
| 鮮度の評価 | リアルタイムインデックス | **RAGで新鮮さを確保** |
| 重要なシグナル | 被リンク | **第三者からのメンション・引用** |

一番大きな違いは「単位」です。SEOではページ全体が検索結果の1位か2位かを競っていました。LLMOでは違います。あなたの記事の中の **一つの段落、一つの文** が、AIの回答に抜き出されるかどうかが勝負です。

ビュッフェで考えてみてください。SEOはテーブル全体の評価でした。「あのレストランは良い」。LLMOは一皿ずつの評価です。AIは気に入った一皿だけ取っていく。テーブルの残りは無視されます。

## Microsoftが明かした3原則

2025年10月、MicrosoftのBingチームのKrishna Madhavan氏が公式ブログで「AI検索回答にコンテンツを含めるための最適化ガイド」を公開しました。Copilot、Microsoft Start、Bingを運用するMicrosoft自身の内部知見です。推測ではありません。

### 原則1: 構造(Structure)

AIはコンテンツをパーシング(解析)して小さな構造化された断片に分解します。それらの断片を権威性と関連性で評価し、複数ソースから1つの回答を組み立てます。

つまり、あなたのページ全体が評価されるのではなく、 **各セクションが独立した候補** として評価されます。

具体的にどうすればいいか。

```html
<!-- NG: 曖昧な見出し -->
<h2>詳細はこちら</h2>
<h2>Learn More</h2>

<!-- OK: 質問形式で具体的な見出し -->
<h2>JSON-LDの実装に必要な3つのステップ</h2>
<h2>LLMOとSEOの違いは何か?</h2>
```

見出しが曖昧だと、AIは「このセクションが何の回答なのか」を判定できません。見出しをそのままAIへの質問文にしてしまう感覚が正解です。

### 原則2: 明確さ(Clarity)

セマンティックに一義的な言語を使います。Microsoft公式が挙げた具体的な注意点をまとめます。

- **インテント(意図)に合わせて書く**: ユーザーが何を知りたいのかを考えてから書き出す。キーワードを並べる発想は捨てる
- **曖昧な修飾語を避ける**: 「最新の」「画期的な」を捨てて、具体的な事実を書く
- **コンテキストを追加する**: 「静かな食洗機」を「42dBでオープンキッチンに最適な食洗機」に書き直す
- **装飾記号を避ける**: ★★★や!!!はAIの文構造理解を妨げる

人間には「行間を読む」能力がありますが、AIは行間を読みません。書いてあることだけが情報です。「いい感じのやつ」では通じない相手にどう伝えるか、そういう問題です。

### 原則3: スニッパビリティ(Snippability)

3原則の中で、これが効きます。回答として **そのまま抜き出し可能な自己完結的フレーズ** を含めます。

```markdown
## JSON-LDとMicrodataの違いは?

JSON-LDはHTMLから独立した<script>タグ内にメタデータを記述する形式です。
MicrodataはHTMLの属性(itemprop等)にメタデータを埋め込む形式です。
GoogleはJSON-LDを公式に推奨しており、AI検索ではJSON-LDが
優先的に抽出されるため、新規実装はJSON-LD一択です。
```

このような回答を、AIは **そのままリフト(抜き出し)** してユーザーへの回答に使えます。「前述の通り」「上で説明した方法」のような文脈依存の表現を使うと、抜き出した先で意味が通じなくなるため、引用候補から外されます。

各セクションを「そこだけ切り取っても意味が通る」ように書く。これがスニッパビリティです。

## データが裏付ける「鮮度」の重要性

Microsoftの3原則に加えて、鮮度がAI引用に与える影響が定量的に明らかになっています。

SurferSEOの調査データ(2025-2026年)によると:

- AIが引用するコンテンツは、Google検索結果より **平均25.7%新しい**
- **65%** のAIボットアクセスは、過去1年以内に公開されたコンテンツに集中
- 3ヶ月以上更新されていないページは、更新されているページと比べて **3倍以上** AI引用を失う

Adobe LLM Optimizerも「ページコンテンツの **10-15%** を定期的に更新せよ」と推奨しています。

ただし、 **日付だけ変えて中身を変えないのは逆効果** です。SurferSEOの調査では、テキスト未変更でdateModifiedだけ更新した場合、AIがそれを検出し「stale(古い)」として扱うことが確認されています。最終更新日を1月1日にしておけば永遠に新鮮、というライフハックは通用しません。

### 更新時に確認すること

- 統計データを最新値に差し替えたか
- 新しい事例や引用を追加したか
- 古い情報を削除または修正したか
- 全体の10-15%以上のテキストを実際に変更したか

## オフサイトの存在感がオンサイトと同等以上に効く

SEOでは「被リンクが王様」でした。LLMOでは「ブランドへの言及」が王様です。

LLMが信頼するプラットフォームでの存在感を構築することが、サイト内の最適化と同じくらい効きます。

| プラットフォーム | 効くクエリタイプ | やるべきこと |
|---|---|---|
| Wikipedia | 事実確認・定義 | 正確で中立的な記述を維持 |
| Reddit | 主観的・評価的 | 真摯なコミュニティ参加 |
| YouTube | 説明的(how/why) | トランスクリプトがAI引用対象になる |
| GitHub | 技術的な権威性 | OSSプロジェクト、技術ドキュメント |
| Stack Overflow | 技術Q&A | 回答の質と正確性 |

SurferSEOのデータでは、G2にプロフィールがある企業はChatGPTで引用される確率が **3倍** になるという結果も出ています。自分のサイトだけ磨いて外に出ない戦略では、AIの目に留まりにくくなっています。

## 実践: スニッパブルなコンテンツの書き方

ここまでの知見を、すぐに使える形にまとめます。

### パターン: 質問 → 回答 → 根拠

LLMに引用されやすい構造を1つだけ覚えるなら、これです。

```markdown
## Next.jsとNuxtはどちらを選ぶべきか?

Reactエコシステムに慣れているならNext.js、Vueが好みならNuxtが適しています。
2026年4月時点でNext.jsはnpm週間ダウンロード数720万、Nuxtは95万です。
企業採用数ではNext.jsが圧倒的ですが、学習コストはNuxtの方が低いという
調査結果があります(State of JS 2025)。
```

冒頭1-2文がそのまま回答になり、後続の数値が信頼性を裏付けます。AIは「この段落をリフトすればユーザーに回答できる」と判断しやすくなります。

### 数値データの配置

統計データの追加は、GEO論文で **+115.1%** の引用効果が実証されています。数値を入れるときのポイント:

1. 数値を **太字** にする(視覚的に際立たせる)
2. 出典を明記する(「SurferSEO 2026年調査」など)
3. リスト形式で並べる(AIが個別の事実として抽出しやすい)
4. 文脈を添える(何の数値かを明確に)

「数字を入れろ」ではなく「出典付きの数字を、リスト形式で、太字にして入れろ」です。細かいですが、この差がAIに拾われるかどうかを分けます。

### ページ速度も引用に影響する

意外な発見ですが、ページの読み込み速度もAI引用率に影響します。SurferSEOの調査では:

- FCP(First Contentful Paint)が **0.4秒以下** のページ: 平均 **6.7件** のAI引用
- FCPが **1.13秒以上** のページ: 平均 **2.1件** のAI引用

速いページは遅いページの **3倍** 引用されます。コンテンツの中身だけでなく、技術的なパフォーマンスもLLMOの要素です。エンジニアとしてはむしろ得意分野ではないでしょうか。

## 避けるべき6つのアンチパターン

Microsoft公式ガイドとSurferSEOのデータから、やってはいけないことをまとめます。

1. **長い文章の壁**: 1段落は3-4文以内。AIがチャンクに分離できません
2. **情報をタブ/アコーディオンに隠す**: AIクローラーが隠しコンテンツをレンダリングしない場合があります。Microsoftも「Showボタンの裏の情報は見えない」と明言しています
3. **PDFに重要情報を格納**: HTMLの構造化シグナル(見出し、JSON-LD)が欠落します
4. **画像のみの情報提示**: 比較表を画像だけで提供するとAIが読めません
5. **文脈依存の表現**: 「前述の通り」「上で説明した方法」はパッセージ抽出時に意味不明になります
6. **日付だけの更新**: テキスト未変更ならAIが検出し、staleとして扱います

6番は本当にやりがちです。私も「最終更新日を今日にしておけばOKでしょ」と思っていた時期がありました。AIは日付ではなくテキストの差分を見ています。手抜きがバレる時代になりました。

## まとめ

SEOが「ページを上位に表示する」ゲームだったのに対し、LLMOは「一つの段落をAIの回答に選ばせる」ゲームです。

Microsoftの3原則をもう一度:

1. **構造**: 各セクションを独立した回答候補として設計する
2. **明確さ**: 曖昧な修飾語を捨て、具体的な事実を書く
3. **スニッパビリティ**: そのまま抜き出しても意味が通る自己完結的な文を書く

加えて、 **鮮度**(10-15%の定期更新)と **オフサイトの存在感**(第三者プラットフォームでの言及)がAI引用を左右します。

私がこの記事で実践していることを数えてみてください。質問形式の見出し、出典付きの統計データ、太字の数値、比較表、自己完結的なセクション。全部、ここで書いた原則に従っています。メタですが、LLMOの記事をLLMOに最適化して書いているわけです。

自分のサイトがAIに無視されていると感じたら、まずコンテンツの構造を見直してみてください。書いてある中身は良いのに、AIに「一皿」として取り出せない盛り付けになっているだけかもしれません。

---

## さらに深掘りしたい方へ

LLMO の全体像 — llms.txt 設計、JSON-LD 実装、AI引用率 KPI、ChatGPT / Perplexity / Brave の引用ロジック比較 — を1冊で扱う **[なぜあなたのサイトはChatGPTに無視されるのか — LLMO実践ガイド](https://kenimoto.dev/ja/books/llmo-ai-search-optimization)** を参考にしてください。

---

# ChatGPTからの流入を90日で8,337%増やした実装: TRMが採用した4つのLLMO戦略柱

URL: https://kenimoto.dev/ja/blog/llmo-case-studies-trm-8337-percent/
Lang: ja
Date: 2026-05-04
Description: 米国エージェンシーThe Rank Mastersが90日間で実施したGEO/LLMO実装の全貌。セマンティックSEO、モジュラーコンテンツ、GEOエンハンスメント、クエリファンアウト。4つの柱を分解して、自サイトに当てはめるための実装フレームワークも紹介します。

「ChatGPT流入が90日で8,337%増えた」と聞いたとき、私が最初に思ったのは「元が1日1ビューだったんでしょ」でした。実際そうでした。元は8ビュー、90日後は675ビュー。割合の魔法です。

それで終わってもよかったんです。でも数字を読み込んでいくうちに、もっと興味深い事実に気づきました。エンゲージメント時間が **5分41秒**。AI検索経由で来た人が、サイトに滞在して5分も読み続けている。これはアクセス数の話ではなく、 **「AI経由で来る人は、もうほぼ買う気で来ている」** という構造の話です。

この記事では、米国のSEOエージェンシー The Rank Masters(TRM)が90日で実施した4つの戦略柱を分解します。「LLMOってなんとなく流行ってるけど、何をどう実装するの？」と思っている方に向けて書きました。

## 8,337%の正体: ビュー数だけ見てはいけない

まず数字を全部並べます。TRMが2025年の90日間で達成した数値です。

| 指標 | 増加率 | 90日後の値 |
|------|--------|-----------|
| ChatGPT経由のビュー数 | +8,337.5% | 675ビュー |
| ユーザーあたりのビュー数 | +502.68% | 48.21ビュー/ユーザー |
| 平均エンゲージメント時間 | +2,527.47% | 5分41秒/ユーザー |
| イベント数 | +5,500% | 1,176イベント |

私が一番注目したのは「ユーザーあたり48ビュー」のほうです。1人が48ページ読んでいる。普通のSEO流入で1人が48ページ読むことはまずありません。多くて3〜4ページです。

これはAI検索が「すでに問題を理解している人」をピンポイントで送り込んでくるからです。ChatGPTが「TRMがいいよ」と推薦する時点で、ユーザーは「GEOエージェンシーを探している」と既に決めている。検索エンジンに来る人より、はるかに先のフェーズに進んでいる。

つまり、 **AI検索のトラフィックは「数」より「質」で評価しないと真価がわからない**。8,337%という派手な数字に騙されず、エンゲージメント時間とユーザーあたりビュー数を見るのが正解です。

## 4つの戦略柱を分解する

TRMが90日間で実施した施策は、4つの柱に整理できます。4つは組み合わさって機能する設計で、単独で効くわけではありません。


### 柱1: セマンティックSEOシステム

キーワード単位ではなく、エンティティ(概念)・属性・検索意図でトピックをマッピングしました。

具体的には、「SEO」というキーワード単体を狙わず、「SEOとは何か」「SEOの手順」「SEOツール」「SEOとGEOの違い」というエンティティのネットワークを構築する。1つの概念について、関連する全ての切り口をカバーしたページ群を用意するわけです。

これがなぜ効くかというと、LLMは「キーワードに一致する文書」ではなく「概念のクラスター」で情報を引き出すからです。あるトピックについて様々な角度から書かれているサイトは、LLMから見て「このサイトはこのトピックの権威」と認識される。トピカルオーソリティの話です。

### 柱2: モジュラーコンテンツアーキテクチャ

各ページを再利用可能な「ブロック」で構成しました。具体的には以下の5ブロックです。

1. **Problem(課題提示)**
2. **Framework(フレームワーク)**
3. **Steps(具体的手順)**
4. **Proof(根拠・証拠)**
5. **CTA(行動喚起)**

なぜブロック構造が重要かというと、LLMはページ全体を読むのではなく、 **チャンク(断片)単位で抜き出す** からです。SEOではページ単位のランキングが勝負でしたが、LLMOでは「あなたのページの中の段落1個」が引用されるかどうかが勝負になる。

ブロック分けされたページは、各ブロックが独立して引用可能な単位になります。特に「Problem(課題)」と「Steps(手順)」は、AIがそのまま回答に使いやすい構造です。「クエリファンアウトを実装するには？」と聞かれたAIが、TRMの「Steps」セクションをそのままコピペできる状態になっている。

### 柱3: GEOエンハンスメント

技術的な最適化として、以下を全ページに実装しました。

- **JSON-LD**: FAQ、HowTo、Article、Organization の構造化データ
- **E-E-A-Tの強化**: 著者情報・専門性の明示
- **Q→A構造**: 見出しを質問→回答のスパン構造にマッピング
- **サマリーゾーン**: AIが抜粋しやすい位置にCTAを埋め込み

ここで一つ注意点があります。私がLLMO実装の相談を受けるときによく聞く誤解が「JSON-LDを完璧に実装すればAIに引用される」というものです。これは半分正解で、半分間違いです。JSON-LDはAIが「見つけて理解する」ための手段ですが、「引用したい」と判断する基準はあくまでコンテンツの質。空の器を金で飾ってもAIは引用してくれません。

### 柱4: クエリファンアウト戦略

これがTRMの施策の中で最も独創的な部分です。

LLMは1つの質問を複数のサブクエリに分解して処理します(Query Fan-out)。たとえば「GEOエージェンシーのおすすめは？」というプロンプトに対して、内部では「GEOとは何か」「GEOの効果事例」「GEO導入の費用感」「SEOとの違い」など複数のサブクエリが裏で実行される。

TRMはこの特性を逆手に取って、 **コアコンセプトごとに30本の関連ロングテールページを制作** しました。サブクエリそれぞれに対応するページを用意することで、AI回答に引用される確率を漏れなく高めたわけです。

ページ設計の3原則は以下のとおりです。

- **Citable(引用可能)**: 明確な定義、番号付きステップを含む
- **Verifiable(検証可能)**: データや出典への参照を含む
- **Composable(組み合わせ可能)**: ページ間で一貫した用語を使用

「Query Fan-out」という名前のかっこよさで採用したくなる気持ちを抑えて、本当にやることを言語化すると「コアトピックを30の角度で書く」です。やや地味です。

## 実行タイムライン: 90日で42ページ

施策は12週間で段階的に実行されました。


| 期間 | 実施内容 | 制作ページ数 |
|------|---------|------------|
| 0〜2週 | サイトリニューアル、情報アーキテクチャ整理、Schema実装、ベースライン設定 | 0(基盤整備) |
| 2〜8週 | コアページ12本(サービス、ソリューション、AEOピラー) | 12 |
| 4〜12週 | ロングテールブログ30本、内部リンク構築、FAQ追加 | 30 |

合計42ページ、12週間。1週間あたり3〜4ページのペースです。

「3〜4ページ/週ならいけそう」と思った方は、この数字の重さをもう一度考えてみてください。これは「クエリファンアウトを意識して設計された、Schema実装済みの、内部リンクを張りなおしたページを週3本量産する」という意味です。普通のブログを週3本書くのとは別物。私のブログは今日で1日2ページがやっとです。エージェンシーが本気を出した数字だ、ということは認識しておくべきです。

## 自サイトへの実装: 4戦略柱を統合するフレームワーク

TRMの4柱を、自社サイトの規模・業種に当てはめて実装するためのフレームワークが [llmoframework.com](https://llmoframework.com) で公開されています。

このフレームワークの良いところは、4戦略柱の「優先順位」が業種別に整理されている点です。SaaSなら柱2(モジュラーコンテンツ)から、ECなら柱3(GEOエンハンスメント、特にProductスキーマ)から、B2Bなら柱4(クエリファンアウト)から始める、というように、自社の業種で最大効果が出る順番がわかる。

42ページを90日で量産するのが現実的でなくても、4柱のうち1つから入って、3ヶ月ごとに1柱ずつ追加していく、という形でも積み上がります。実際、TRMも最初の2週間は「基盤整備だけで何もページを公開していない」期間です。焦って大量生産する前に、構造を作るのが先です。

## TRM事例を読み込んで気づいた3つのこと

最後に、私がこの事例を3回読み返して気づいたことを残します。

### 1. ファクト密度が「権威性」より重要になっている

TRMはブランドが大きくないエージェンシーです。被リンクの規模も中堅レベル。それでもAI検索で勝った。理由は、各ページに「8,337%」「90日で42ページ」「ユーザーあたり48.21ビュー」のような具体数値が大量に含まれていることです。

AIは「権威がある」ページではなく「事実が密に書かれている」ページを引用したがる。被リンク数より統計の引用数のほうが効くんです。

### 2. AIに最適化することが、人間にも最適化することになる

TRMが採用した「Problem → Framework → Steps → Proof → CTA」のブロック構造は、AIが抜粋しやすい構造であると同時に、 **人間も読みやすい構造** です。これは偶然ではありません。LLMは「人間が書いた良いコンテンツ」を学習しているので、両者の好みは収束していきます。

つまり、LLMOをやるとSEOにも効きます。E-E-A-T強化、構造化データ、コンテンツの質向上はGoogle検索にも効く。**両方に効く施策が中央に集まっている** という構造になっています。

### 3. 「やったら終わり」ではない

TRMもGo Fish Digital(コンバージョン25倍を達成した別事例)も、施策開始前にGA4でAI流入のベースラインを設定し、継続的に測定しています。

LLMO施策は **エンティティを増やし、ファクトを更新し、内部リンクを張り直し続ける** タイプの運用です。1回で完成しません。SEOで言うコンテンツ運用と同じで、半年で勝敗が決まり、1年で大勢が決まるゲーム。8,337%は90日の数字ですが、そこから先の1年で何倍に伸びるかは、運用次第です。

---

## まとめ

- TRMの90日施策は4つの柱で構成: セマンティックSEO、モジュラーコンテンツ、GEOエンハンスメント、クエリファンアウト
- 8,337%という派手な数字より、エンゲージメント時間5分41秒・ユーザーあたり48ビューのほうが本質。AI経由は「もう買う気で来る」トラフィック
- 90日で42ページは「設計されたページ」を量産した数字。週3本というペースの重さを過小評価しないこと
- 自社実装のフレームワークは [llmoframework.com](https://llmoframework.com) を参照。業種別に4柱の優先順位を整理できる
- LLMO と SEO は両方に効く施策が中央に集まっている。LLMO に振ってもSEOを捨てる必要はない

派手な数字に踊らされず、構造を作るところから入る。TRMの事例から学ぶべきは **0〜2週目を「ページ0本」で過ごした冷静さ** のほう。8,337%の派手さは、その先にやってきた結果に過ぎません。

---

## さらに深掘りしたい方へ

LLMO の全体像 — llms.txt 設計、JSON-LD 実装、AI引用率 KPI、ChatGPT / Perplexity / Brave の引用ロジック比較 — を1冊で扱う **[なぜあなたのサイトはChatGPTに無視されるのか — LLMO実践ガイド](https://kenimoto.dev/ja/books/llmo-ai-search-optimization)** を参考にしてください。

---

# 店舗LLMOの答えはllms.txtでなくGBPだった — 私が綺麗に書いたファイルを、AIは一度も引用しなかった

URL: https://kenimoto.dev/ja/blog/llmo-local-business-gbp-not-llmstxt/
Lang: ja
Date: 2026-06-05
Description: 店舗オーナーに頼まれてllms.txtを綺麗に書きました。AIは一度も引用しませんでした。店舗集客のLLMOは、自社サイトに何を書くかではなく、Googleビジネスプロフィールに一次データを置くかでほぼ決まります。月60〜90分の話です。

知り合いの店舗オーナーに「うちもLLMO対策したい」と相談されて、私はまず自社サイトに `llms.txt` を綺麗に書きました。営業時間、メニュー、アクセス、強み。AIが読みやすいように構造化して、JSON-LDも足して。我ながら整った仕事でした。

AIは一度も、その店を引用しませんでした。

数週間、Perplexityにも、ChatGPT Searchにも、Google AI Overviewsにも、その店の名前は出てこない。原因を探って、私はやっと自分の間違いに気づきました。店舗集客のLLMOは、自社サイトに何を書くかではほとんど決まらない。**Googleビジネスプロフィール(以下GBP)に一次データを置くか**で、ほぼ決まっていたのです。

私は普段、[llmoframework.com](https://llmoframework.com/)というAI引用最適化のフレームワークを多言語で運営していて、llms.txtやJSON-LD、パッセージ設計といった「サイト側の技術」をさんざん書いてきました。だからこそ正直に書きます。店舗ビジネスでは、そのフレームワークの大半が要りません。答えはGBP一点に収束します。今回はその話です。

## なぜサイトのllms.txtは店舗集客に効かないのか

理由はシンプルで、AIが店舗情報を取りに行く場所が、あなたのサイトではないからです。

「新宿 ラーメン 一人で入りやすい」「梅田 整体 腰痛」みたいなローカル検索で、AIが答えを組み立てるとき、信頼するファクトソースはGBPです。写真、カテゴリ、レビュー、メニュー、属性。これらがAI応答に直接反映されることはGoogle公式でも示されています。そしてChatGPT SearchやPerplexityは、Bing経由と独自スクレイプで、すでにGBP由来のデータを持っています。

数字で見ると流れがはっきりします。Google AI Modeは[2026年のSearch I/Oで月間10億ユーザーを突破](https://blog.google/products-and-platforms/products/search/search-io-2026/)し、AI Overviewsに至っては月間25億ユーザー超。Googleを使う人の半分以上が、AIの生成した答えを日常的に見ています。その答えの裏側で参照されているのが、自社サイトのllms.txtではなくGBPだとしたら。綺麗なファイルを書く前に、見るべき場所が違っていたわけです。

私のllms.txtは、誰も来ない裏口に貼った貼り紙でした。立派な貼り紙でしたが、客はそもそも表のGBPから入ってきていたのです。

## 「LLMOとは」を定義しておく(そして店舗では大半が不要だと言う)

念のため言葉を揃えます。LLMO(Large Language Model Optimization)は、ChatGPT・Claude・Perplexity・Google AI OverviewsといったAI検索に引用されるための情報設計を指します。llms.txt、JSON-LD構造化データ、パッセージ最適化、引用トラッカー。私がllmoframework.comで多言語に整理してきたのは、まさにこの一式です。

ですが、これはメディアサイトやSaaS、つまり「読まれるコンテンツを自社ドメインに持っている事業者」のための道具立てです。店舗ビジネスは前提が違います。サイトを持っていない店も多いし、持っていても集客の主戦場はマップとローカル検索です。だからフレームワークの技術レイヤは、店舗ではほとんど発火しません。代わりに全部が**GBPの一次データ整備**という一点に収束します。

フレームワークを作っている本人が「ここではフレームワークは要りません」と言うのは妙な気分ですが、地図は現地に合わせて畳むものです。

## 店舗LLMOで本当に効く一次データ

ではGBPに何を置くか。決め手はE-E-A-Tの「経験(Experience)」です。Googleは2025年9月11日に品質評価ガイドラインを改訂し、AI要約を評価する基準の例を追加しました。AIが引用したがるのは、E-E-A-Tの高い情報源です。

店舗オーナーにとって、この「経験」は最大の武器になります。「実際にその場所を運営している」という事実は、代行業者には絶対に作れない一次情報だからです。具体的にはこの3つが、AIにとっての引用シグナルになります。

1. **店主自身が撮った写真**: スマホで撮った店内・メニューの実物。Exif情報込みの一次データ
2. **店主の声で返したレビュー返信**: 顧客とのやり取りが滲み出る本人の言葉
3. **属性とQ&Aの網羅**: 「静か」「無料Wi-Fi」「一人客歓迎」など、AIが自然言語クエリと照合できる構造化情報

ストック写真を貼り、テンプレでレビューに返し、属性を空欄のままにした店。逆に、自分でカウンター席を撮り、常連の名前を出してお礼を返し、属性を埋めた店。AIが「この店には経験がある」というシグナルを受け取るのは、後者です。そしてこれは、あなたの店で働いていない人間には、原理的に作れません。


## 代行業者の月3万円を開けてみた

ある店が契約していた「月3万円のLLMO対策」の中身を、頼まれて分解したことがあります。期待して開けました。

- 順位計測(月500円の自動ツールで代替できる)
- 口コミ返信(Claudeで下書きすれば5分)
- 投稿予約(月1回のテンプレ運用で10分)
- 月次レポート(Excelテンプレで自動化できる)

そして肝心の「LLMO対策」の実体は、結局GBPに写真を上げ、属性を埋めることでした。つまり、店主の経験という一番大事な一次データを「持っていない」業者が、定型作業に月3万円を取っていた。豪華な箱を開けたら、中身はスマホ1台でできる作業だった、という話です。

## 月の追加作業は60〜90分

では店主が自分でやるとして、どれくらいの手間か。MEOの基本運用に、LLMO視点の項目を足しても、**月の追加作業は合計60〜90分**程度です。

- 月1〜2回、店内とメニューを自分で撮ってGBPに上げる
- 届いたレビューに、店主の声で返す
- 属性とQ&Aの抜けを月1回見直す
- AI Overviewsで自店が出るか、実際に検索して確認する

これだけです。`llms.txt`は1行も要りません。JSON-LDのスキーマも、店舗集客の本筋ではない。代行に月3万円払う代わりに、スマホで店内を1枚撮って、自分の言葉で口コミに返す。地味すぎて代行には真似できないこの作業が、AIに引用される店とされない店を分けます。

## まとめ

店舗オーナーに頼まれて、私は綺麗なllms.txtを書きました。それは誰も通らない裏口の貼り紙でした。AIが店を探しに来る表口はGBPで、そこに店主の一次データ(自前の写真、本人の口コミ返信、埋まった属性)があるかどうかで、引用されるかどうかがほぼ決まっていたのです。

LLMOというと、技術的なファイルを書く話に聞こえます。私自身、多言語のフレームワークでそれをやっています。でも店舗ビジネスに限っては、その大半が不要でした。やるべきは1つ。店主自身が、GBPに店の経験を出すこと。月60〜90分のこの一点を外さなければ、AIの仕様がどう変わっても、店は見つけられ続けます。

---

GBP運用を起点にMEOとLLMOを両輪で回す全体像(代行の月3万円を分解するセルフサーブMEOから、AI Native MEOという到達点まで)は **[店舗オーナーのためのAI Native MEO・LLMO実践ガイド](https://kenimoto.dev/ja/books/store-owner-ai-meo-llmo?utm_source=kenimoto-dev-blog&utm_medium=article&utm_campaign=llmo-gbp-store)** にまとめています。この記事は、その「LLMOは結局GBPに収束する」という結論を、現場で確かめた実録です。

---

# ChatGPTからのアクセスは、GA4にどう映るのか - LLMOを数値で把握する3つの方法

URL: https://kenimoto.dev/ja/blog/llmo-measurement-3-methods/
Lang: ja
Date: 2026-05-06
Description: 先月、ChatGPT経由のアクセスが何件あったか答えられますか。私はGA4を見て『直接訪問が増えたな』と勘違いしていた側です。LLMO効果を計測する3つの方法を、コピペで動くPythonコード付きで解説します。

先月、ChatGPT経由のアクセスが何件あったか答えられますか。

私は答えられませんでした。GA4を開いて「直接訪問が増えたな、いい感じだ」と思っていた側です。LLMOの記事を3本書いた後で、自分の流入計測がほぼゼロだったと気づいたときの気まずさは、なかなかのものでした。料理の本を3冊書いてから、自分の店の塩を測ったことがなかったと気づくような感覚です。

この記事は、そのときに私が組み立てた **LLMO計測の3つの方法** を整理したものです。手動チェック、GA4のチャネルグループ、Pythonの自動化。前者ほどコストが低く、後者ほど精度が上がります。


## SEOの計測とLLMOの計測は別物です

最初に、SEOの計測とLLMOの計測がそもそも別物だという話をします。同じツールで追えると思って始めると、私のように半年遠回りします。

| SEO計測 | LLMO計測 |
|---|---|
| 検索順位(1位〜100位) | 引用される / されない の二択 |
| Google Search Console | 「AI Search Console」は存在しない |
| 被リンク数 | ブランドメンション数(LLM内) |
| クリック数 | リファラーが取れるとは限らない |

最大の違いは、ランキングという概念が消えることです。Google検索には1位〜10位がありますが、AI回答では「引用されたか・されなかったか」しかありません。順位の代わりに引用率を追う、という頭の切り替えがまず必要です。

そしてもう一つ、これは私が見落としていた話なのですが、 **AIから来た訪問者の多くはGA4で「Direct」に分類されます**。45万件のAIアクセスを分析した最近の調査では、 **70.6%がリファラーなしでDirectに着地** していました([MarTech 2026](https://martech.org/how-ga4-records-traffic-from-perplexity-comet-and-chatgpt-atlas/))。GA4の数字は氷山の一角で、海面下の8割を見るには別の計測が要ります。

## 方法1: 5つのAIに自分のサイトを聞いてみる(無料、月30分)

一番安く、一番確実な方法から始めましょう。プロンプトを10〜15個用意して、5つのAIに同じ質問を投げて、自社が出てくるかを記録する。それだけです。

### ステップ1: チェック用プロンプトを10〜15個用意する

自社や自分のブランドに関連するクエリを書きます。

```text
- 「[業界名]でおすすめの[サービス種別]は?」
- 「[自社製品名]について教えて」
- 「[競合製品名]と[自社製品名]の違いは?」
- 「[自社が解決する課題]の解決方法は?」
```

ポイントは、自分でブランド名を出すクエリだけでなく、 **ブランド名を出さないクエリを混ぜる** ことです。「自分のサイトを教えて」と聞いて出てくるのは当たり前。本当に知りたいのは、ブランド名を出さない一般クエリで自社が拾われるかです。

### ステップ2: 5つのAIで実行する

2026年5月時点で押さえるべき5つはこれです。

1. ChatGPT (GPT-4o)
2. Perplexity
3. Google Gemini
4. Claude
5. Microsoft Copilot

### ステップ3: スプレッドシートに記録する

各回答について4項目を書き出します。

- 自社が言及されたか(Yes / No)
- 文脈(推薦 / 比較 / 中立 / ネガティブ)
- 情報は正確か
- 引用元URLが表示されたか

10プロンプト × 5プラットフォーム = 50回の試行で、15回引用された場合、引用率は **30%** です。これを月次で繰り返し、推移を追います。

| 引用率 | 評価 | 次のアクション |
|---|---|---|
| 0% | AI不可視 | llms.txtとJSON-LDの土台が最優先 |
| 1-10% | 認知の芽生え | 引用されたクエリの類似コンテンツを増やす |
| 10-30% | 成長中 | 構造改善とFAQスキーマ追加 |
| 30%以上 | 好調 | 維持しつつ新規領域を開拓 |

私の現状は5プラットフォームで14%でした。胸を張れる数字ではありませんが、 **数字があるという事実** が大事です。3ヶ月後に上がったか下がったかが議論できます。

### 同じ質問を3回投げてください

LLMの回答は確率的です。同じクエリでも日によって違う答えが返ります。1回「引用されなかった」だけで悲観しないでください。3回投げて引用率を出す方が、トレンドが見えます。

## 方法2: GA4のチャネルグループでAI流入を分離する(無料、5分)

次はGA4です。これは設定さえ済ませれば、あとは自動で計測されます。所要5分。

### カスタムチャネルグループを作る

「管理」→「データ表示」→「チャネルグループ」→「新しいチャネルグループを作成」と進みます。グループ名は「AI Search」、新しいチャネルを追加して、セッションソースの正規表現にこれを設定します。

```regex
chatgpt\.com|openai\.com|perplexity\.ai|claude\.ai|gemini\.google\.com|copilot\.microsoft\.com|you\.com|search\.brave\.com|deepseek\.com|meta\.ai
```

ここまでは多くの記事に書いてあります。ハマりどころは次です。

### 「AI Search」を「Referral」より上に移動する

GA4のチャネルルールは **上から順に評価されます**。Referralを先に置くと、AI流入は全部Referralとして処理されてしまい、AI Searchチャネルには何も入りません。「並び替え」を押して、AI SearchをReferralの上にドラッグしてください。私はこれで2週間、データが入らないと頭を抱えました。


### 何が見えて、何が見えないか

GA4で見えるのは、AIの回答に貼られたリンクをユーザーがクリックして来た訪問だけです。次のケースは見えません。

- AIが回答にあなたのサイトを引用したが、ユーザーがリンクをクリックしなかった
- 無料版ChatGPTからの流入(リファラーが落ちることが多く、Direct扱い)
- Brave Search APIなどでAIがコンテンツを取得して回答に組み込んだ
- 引用されたが回答内でリンクが表示されなかった

つまりGA4の数字は、 **AIに引用された回数ではなく、AI経由でクリックして来た人の数** です。Cohereと[Trakkr](https://trakkr.ai/ai-search-traffic)の2026年データによると、ChatGPTがAI流入の60〜70%を占め、Perplexityが2位、Claudeはまだ約2.2%。Claudeが小さいのは引用が少ないからではなく、Claude Webアプリにリンク表示の文化がまだ薄いからです。

### コンバージョン率は普通の流入の5倍

ここからが面白い話です。AI経由の流入は **コンバージョン率が高い**。BrightEdge等の業界データでは、AI流入のCV率は8〜12%、Googleオーガニックの2〜3%に対して **3〜5倍** です。AIに「こういう人にはここ」と推薦された時点で、検索者は意思決定の8割を済ませている。残りはサイトで決断するだけです。

私のサイトでも、AI流入は1日数件しかありませんが、CV率はオーガニック平均の3倍でした。サンプルが小さすぎて統計的にどうこう言える数字ではありませんが、傾向としては明らかでした。

## 方法3: PythonでLLM可視性を自動測定する(土曜の午後)

エンジニアなら、方法1の手動プロトコルを自動化できます。OpenAIとAnthropicとPerplexityのAPIを叩き、自社名が回答に含まれるかをチェックして、CSVに時系列で吐く。これだけです。

### 最小スクリプト

```python
import os
from datetime import datetime
from openai import OpenAI
import anthropic
import requests

BRAND_NAME = "あなたのサイト"
BRAND_VARIANTS = ["あなたのサイト", "yoursite.com", "ブランド略称"]
CHECK_QUERIES = [
    "おすすめのプロジェクト管理ツールは?",
    "エンジニア向けのタスク管理ツールの比較",
    f"{BRAND_NAME}について教えて",
]

def check_openai(query: str) -> dict:
    client = OpenAI()
    response = client.chat.completions.create(
        model="gpt-4o",
        messages=[{"role": "user", "content": query}],
        temperature=0.0,
    )
    answer = response.choices[0].message.content
    mentioned = any(v.lower() in answer.lower() for v in BRAND_VARIANTS)
    return {
        "platform": "ChatGPT",
        "query": query,
        "mentioned": mentioned,
        "timestamp": datetime.now().isoformat(),
    }

def check_anthropic(query: str) -> dict:
    client = anthropic.Anthropic()
    response = client.messages.create(
        model="claude-sonnet-4-6",
        max_tokens=1024,
        messages=[{"role": "user", "content": query}],
    )
    answer = response.content[0].text
    mentioned = any(v.lower() in answer.lower() for v in BRAND_VARIANTS)
    return {
        "platform": "Claude",
        "query": query,
        "mentioned": mentioned,
        "timestamp": datetime.now().isoformat(),
    }

def check_perplexity(query: str) -> dict:
    api_key = os.getenv("PERPLEXITY_API_KEY")
    response = requests.post(
        "https://api.perplexity.ai/chat/completions",
        headers={"Authorization": f"Bearer {api_key}"},
        json={"model": "sonar", "messages": [{"role": "user", "content": query}]},
    )
    data = response.json()
    answer = data["choices"][0]["message"]["content"]
    mentioned = any(v.lower() in answer.lower() for v in BRAND_VARIANTS)
    return {
        "platform": "Perplexity",
        "query": query,
        "mentioned": mentioned,
        "citations": data.get("citations", []),
        "timestamp": datetime.now().isoformat(),
    }
```

これを `cron` で週次実行し、CSVに追記すれば、 **AI可視性スコアの時系列** が手に入ります。1週あたりのAPI料金は0.5ドル以下です。

```bash
# 毎週月曜9時に自動実行
0 9 * * 1 cd /path/to/llm-visibility && python3 checker.py
```

### 「LLMO施策をやったら可視性が12%から28%に上がった」が言えるようになる

このスクリプトの本当の価値は、施策の効果を数字で言えることです。「LLMOやってる気がする」ではなく、「llms.txtを置いた翌週から可視性が4%上がった」と書けます。何が効いたかわからない施策ほど続けるのが辛いものはありません。

### Perplexity APIだけ少し癖がある

PerplexityのAPIは引用元URLを `citations` フィールドで返します。これが手に入るのはPerplexityだけで、ChatGPTやClaudeのAPI経由ではURL引用が取れません(ChatGPT/ClaudeのWebアプリ機能はAPIに反映されていないため)。Perplexityの結果は、 **URLが拾われたか** までトラッキングできるので、ここを起点に「どのページが引用されやすいか」の分析もできます。

## 商用ツールに進む線引き

ここまでで十分という方は、これで終わりにして大丈夫です。商用ツールに行く線引きを書いておきます。

| 規模 | おすすめ | 理由 |
|---|---|---|
| 個人 / 小規模 | 手動 + Python | 80%の情報が0%のコストで手に入る |
| 中規模 / マルチブランド | Otterly.ai | キーワード単位の追跡、競合ベンチマーク |
| エンタープライズ | Profound | チームダッシュボード、Ramp事例(3.2% → 22.2%) |
| センチメント重視 | Peec AI | 引用文脈とトーンの分析 |

[Otterly.ai](https://otterly.ai/)は2024年10月のローンチから10,000ユーザーを突破している、伸び盛りのツールです。一方Profoundは事例(Rampが1ヶ月で可視性3.2%→22.2%)が強く、エンタープライズで稟議が通る規模感です。

私個人としては、 **手動 + Python + GA4の3点セットで月数時間** が現実的な落としどころでした。専用ツールが意味を持つのは、追うキーワードが数十、ブランドが複数、チームでダッシュボードを共有する規模になってからです。

## 改善サイクル: 週10分、月30分、四半期1時間

計測したデータを行動に変える運用です。これがないと、ただのデータの墓場ができます。

### 週次(10分)

GA4の「AI Search」チャネルを開いて、前週比を見るだけ。スパイクや急減があったらメモ。それ以外は流す。

### 月次(30分)

方法1の手動プロトコルを5プラットフォームで実施。引用率を計算してスプレッドシートに追記。Pythonスクリプトの結果も併せて確認。

### 四半期(1時間)

クエリセットを見直す。ビジネスの新しい話題が出てきていれば足す。古くなったクエリを削る。引用率の四半期トレンドを見て、施策の方向性を決める。

### 改善の優先順位

| 優先度 | 施策 | コスト |
|---|---|---|
| 最優先 | ブランド情報の誤りを修正 | 低 |
| 高 | JSON-LD追加(`dateModified` 重要) | 低 |
| 高 | コンテンツの構造改善(見出し、FAQ) | 中 |
| 中 | 新規コンテンツ作成(独自データ含む) | 高 |
| 低 | プラットフォーム別の個別最適化 | 高 |

LLMO全体の地図、KPI設計、施策の優先順位については、 **[llmoframework.com](https://llmoframework.com)** にフレームワークが整理されています。「土台ができた次は何を最適化するか」を考えるとき、私はこのサイトをチェックリスト代わりに使っています。

## クローラーログから読み取れること

最後に、見落としがちな計測手段を一つ。 **サーバーアクセスログ** からAIクローラーの巡回状況が直接読み取れます。

```bash
# AIクローラーのアクセス数を集計
grep -E "GPTBot|ClaudeBot|Google-Extended|PerplexityBot" \
  /var/log/nginx/access.log | \
  awk '{print $1}' | sort | uniq -c | sort -rn

# よくクロールされるURLランキング
grep -E "GPTBot|ClaudeBot" /var/log/nginx/access.log | \
  awk '{print $7}' | sort | uniq -c | sort -rn | head -20
```

頻繁にクロールされているページは、AI回答に出やすいページです。逆に、 **一度もクロールされていないページはAIに存在しないも同然** です。私のサイトでは、`/blog/`配下が`/about/`の15倍クロールされていました。これも数字を見るまで意識していなかった話です。

## 締め: 数字を持っているかどうかだけ

私のLLMO可視性は5プラットフォーム平均で14%です。誇れる数字ではありません。が、 **3ヶ月後に上がったか下がったか議論できる** のは、数字を持っている人だけです。

LLMOで数字を持っていない人は、20年前に「うちのサイトGoogleに出てるかな?」と検索窓に自分のサイト名を打ち込んでいた人と、構造的には同じ位置にいます。たぶん施策はやっている。でも効いているのかは知らない。それは、本当はあまり気持ちのいい状態ではありません。

15分でGA4のチャネルグループを設定してください。30分で5つのAIに自分のサイトを聞いてください。土曜の午後にPythonスクリプトを書いてください。これだけで、来月のあなたは「ChatGPT経由のアクセスは何件か」に答えられるようになります。

それは見栄えのいいダッシュボードでも、画期的な計測ツールでもありませんが、地味に効きます。 **計測できないものは改善できない** という、誰でも知っているけれど誰もやっていない話です。

LLMO測定のフレームワーク全体は [llmoframework.com](https://llmoframework.com) で体系化されています。KPI設計テンプレート、ダッシュボードのサンプル、施策の優先順位ツリーがまとめられているので、自分の現在地を地図で確認したいときの参考になります。

## まとめ

- **LLMO計測は3層** で組む。手動(月30分)、GA4(5分設定)、Python(土曜の午後)
- **GA4は氷山の一角**。AI流入の70%以上はリファラーが取れずDirectに落ちる
- **チャネルグループはAI SearchをReferralの上に置く**。並び順を間違えると無効
- **AI流入のCV率はオーガニックの3〜5倍**。量より質で見る
- **Pythonで時系列化** すれば「12% → 28%」が言えるようになる
- **改善サイクル** は週10分、月30分、四半期1時間で十分

## 参考

- [How GA4 records traffic from Perplexity Comet and ChatGPT Atlas](https://martech.org/how-ga4-records-traffic-from-perplexity-comet-and-chatgpt-atlas/) - MarTech、2026
- [How Much Traffic Do ChatGPT, Claude, and Gemini Send to Websites?](https://trakkr.ai/ai-search-traffic) - Trakkr、2026
- [How to Track AI Traffic in GA4](https://kpplaybook.com/resources/how-to-report-on-traffic-from-ai-tools-in-ga4/) - Analytics Playbook
- [llmoframework.com](https://llmoframework.com) - LLMO全体フレームワーク
- [Otterly.ai](https://otterly.ai/) - AI引用追跡ツール
- [Peec AI](https://peec.ai/) - ブランドメンション分析

---

## さらに深掘りしたい方へ

LLMO実装の最短ルートは、核心を8章で凝縮した **[LLMOクイックスタート - エンジニアのためのAI検索最適化入門](https://kenimoto.dev/ja/books/llmo-quickstart)** にまとめました。llms.txt、JSON-LD、計測KPI、改善サイクルまで、コピペで動くテンプレ集です。

---

# 15分で終わるLLMO最小実装: llms.txt + JSON-LDで「AIに見つけられる土台」を作る

URL: https://kenimoto.dev/ja/blog/llmo-minimum-implementation-llms-txt-json-ld/
Lang: ja
Date: 2026-05-05
Description: 「LLMOで90日8,337%増」を読んで奮い立った私が、まず90分間ボーッとした話。実装は15分で済むのに。llms.txtと構造化データ(JSON-LD)で、AIに見つけられる最小実装を組む。コピペで動くコード付き。

「LLMOで90日8,337%増」を読んで奮い立った私が、まず90分間ボーッとした話を聞いてください。実装は15分で済むのに、私は「何から始めるべきか」を考え続けていました。

結論から書きます。土台に必要なのは2つだけです。 **llms.txt** と **JSON-LD**。どちらもファイルを置くだけで終わります。難しい設計判断はゼロ、デプロイパイプラインも変えません。早ければ15分、遅くても1時間です。

この記事は、すでに [Microsoftの3原則](https://kenimoto.dev/ja/blog/llm-content-design-microsoft-3-principles)(原理)と [TRMの8,337%事例](https://kenimoto.dev/ja/blog/llmo-case-studies-trm-8337-percent)(事例)を読んだ方の「で、明日から何書けばいいの」に答える3記事目です。

## 結論: 土台は「2つのファイル」で組める

先に全体像を見てください。


| ファイル | 役割 | 配置先 | 所要時間 |
|---------|------|--------|---------|
| `llms.txt` | AIへの「コンシェルジュ」(サイト案内) | サイトルート | 5分 |
| JSON-LD `<script>` | AIへの「メタデータ」(意味の伝達) | 各ページの`<head>` | 10分 |

この2つだけで、AI検索クローラーが「あなたのサイトは何者で」「この記事は何の記事で」を理解する土台ができます。残りの「コンテンツの質」「権威性」「鮮度」は別の話。土台がないと、いくら良い記事を書いてもAIは見つけられません。

## llms.txt: AIに「ここを読んで」と渡す案内状

### llms.txtとは

llms.txtは、サイトのルートパス(`yoursite.com/llms.txt`)に置くMarkdownファイルです。Answer.AIのJeremy Howard氏が2024年に提案した規格で、2026年5月時点で **約10.13% の普及率** に達しています([SE Rankingの約30万ドメイン分析](https://seranking.com/blog/llms-txt/))。

robots.txtとの関係はこうなります。

| 観点 | robots.txt | llms.txt |
|------|-----------|----------|
| 役割 | 「ここに入るな」 | 「ここを読んで」 |
| 性格 | ゲートキーパー | コンシェルジュ |
| 対象 | 全クローラー | 主にAI |
| 形式 | 独自テキスト | Markdown |

llms.txtは「AIへのコンシェルジュ」、robots.txtは「AIへのゲートキーパー」。違いを覚えるより、両方置けばいい話です。

[llms.txtのディレクトリ](https://directory.llmstxt.cloud/) を見にいくと、Anthropic、Cloudflare、Vercel、Stripe、Supabase、Cursor、Mintlifyといった、AI周辺で意思決定している企業が軒並み採用しています。採用率は中・低トラフィックのサイトの方が高い、というのが面白いところです。

### 5分で書くllms.txt

最小構成は、 **H1のサイト名と、ブロッククオートのサマリー** だけです。残りは任意。

```markdown
# サイト名

> サイトの目的と主要コンテンツの説明(1〜2文)

## 人気記事

- [記事タイトル](URL): 簡潔な説明
- [記事タイトル](URL): 簡潔な説明

## ドキュメント

- [ページタイトル](URL): 簡潔な説明

## Optional

- [補足リソース](URL): 余裕があれば
```

ポイントは2つだけです。

**1. すべてのページを書かない。** sitemap.xmlがその役割です。llms.txtは「特に読んでほしいページを10〜20件」厳選します。アクセス数の多い記事、独自データを含む記事、FAQ、自己紹介ページ。

**2. `## Optional`セクションを使う。** 「コンテキストウィンドウに余裕があれば読んでほしい」というメタな指示が出せます。AIに自己申告で優先順位を渡すという、ちょっとSF味のある仕組みです。

### コピペで動く例

技術ブログの場合の例です。`public/llms.txt` に置けば動きます(Astro/Next.jsの場合)。

```markdown
# 田中太郎 / エンジニアリングブログ

> フルスタックエンジニアの技術ブログ。Next.js、TypeScript、AIに関する
> 実践的な記事を週1回公開しています。

## 人気記事

- [Next.js App Router完全ガイド](https://example.com/blog/nextjs-app-router): App Routerの設計パターン
- [Docker ComposeからKubernetesへの移行](https://example.com/blog/docker-to-k8s): 段階的移行手順

## チュートリアル

- [JSON-LD実装ガイド](https://example.com/blog/jsonld-guide): AI検索最適化のための構造化データ実装
```

配置時の注意点: UTF-8、MIMEタイプ text/plain、HTTPS必須、推奨10KB以下。

### 「llms.txtは効くのか」問題への答え

正直に書きます。llms.txtの効果については **まだ議論があります**。Googleのジョン・ミュラー氏は「どのAIサービスもllms.txtを使用しているとは言っていない」と発言していますし、9サイトを比較した研究で8サイトが効果を測定できなかった、という結果もあります。

それでも私は置きます。実装コスト15分、デメリットはゼロ(既存SEOに影響しない)、早期採用者のアドバンテージはある可能性。火事が起きてから火災保険には入れません。15分で済む保険なら、入っておいて損はない話です。

## JSON-LD: AIに「この記事は何か」を伝える

### 構造化データとは

JSON-LDは、HTMLにメタデータを埋め込んで、機械がコンテンツの意味を理解できるようにする仕組みです。schema.orgというボキャブラリーに基づきます。

```html
<script type="application/ld+json">
{
  "@context": "https://schema.org",
  "@type": "Article",
  "headline": "LLMOの完全ガイド",
  "author": {
    "@type": "Person",
    "name": "田中太郎"
  },
  "datePublished": "2026-02-01",
  "dateModified": "2026-02-20"
}
</script>
```

このコードを各記事ページの`<head>`に配置するだけです。

### なぜJSON-LDがAI検索に効くのか

SEOの世界では「構造化データを入れてもランキングに直接影響しない」と長年言われてきました。AI検索では話が変わります。

決定的な根拠が一つあります。 **Brave LLM Context API** がページからデータを抽出する際、JSON-LDを最優先で読み取ることが [公式に明文化されています](https://api-dashboard.search.brave.com/api-reference/summarizer/llm_context/get)。Brave Searchは1日2,200万件以上のAI回答を生成しており、Tavily、Exa、Perplexityと並ぶ主要LLM検索APIの一つです。

抽出時の優先順位は次の通りです。

1. **構造化データ(JSON-LD)** ← 最優先
2. テーブルデータ
3. クエリ最適化スニペット
4. コードブロック
5. フォーラム議論

JSON-LDを実装しているページは、AIの回答生成に使われるデータとして優先的に選ばれます。SurferSEOの分析では、適切なスキーマ実装でPerplexityでの可視性が **最大10%向上** という数値も報告されています。

### 入れるべき3つのスキーマ

schema.orgには800以上のタイプがありますが、現実的に効くのは3つです。

#### 1. Article / TechArticle (ブログ記事に必須)

```html
<script type="application/ld+json">
{
  "@context": "https://schema.org",
  "@type": "TechArticle",
  "headline": "Next.jsでJSON-LDを実装する方法",
  "author": {
    "@type": "Person",
    "name": "田中太郎",
    "url": "https://example.com/about",
    "jobTitle": "シニアフロントエンドエンジニア"
  },
  "datePublished": "2026-01-15T09:00:00+09:00",
  "dateModified": "2026-02-20T14:30:00+09:00",
  "description": "AI検索での可視性を高めるJSON-LD実装方法を解説",
  "keywords": ["Next.js", "JSON-LD", "LLMO"]
}
</script>
```

ここで一番重要なのは `dateModified` です。LLMは新鮮なコンテンツを優先します。Perplexityでは新鮮さが約40%のランキング要因という分析もあります。記事を更新したら必ず `dateModified` も更新する。これだけで他サイトと差がつきます。

`author` にURLとjobTitleを書くのも忘れずに。E-E-A-Tの「専門性」シグナルとして機能します。

#### 2. FAQPage (Q&Aコンテンツ)

```html
<script type="application/ld+json">
{
  "@context": "https://schema.org",
  "@type": "FAQPage",
  "mainEntity": [
    {
      "@type": "Question",
      "name": "LLMOとSEOの違いは何ですか?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "SEOは検索エンジンでのランキング向上を目的としますが、LLMOはAI生成回答での引用・可視性向上を目的とします。"
      }
    }
  ]
}
</script>
```

回答は2〜3文で完結させてください。AIが「抜き出してそのまま使える」自己完結的な文にする必要があります。LLMOにおける引用は、ページ単位ではなく **段落単位** で発生するからです。

注意点として、FAQスキーマは **実際にFAQコンテンツがあるページにのみ** 使ってください。空のFAQスキーマを置くとペナルティ対象になります。

#### 3. HowTo (チュートリアル記事)

```html
<script type="application/ld+json">
{
  "@context": "https://schema.org",
  "@type": "HowTo",
  "name": "llms.txtの設置方法",
  "totalTime": "PT15M",
  "step": [
    {
      "@type": "HowToStep",
      "name": "llms.txtファイルを作成",
      "text": "Markdown形式でllms.txtファイルを作成します。"
    },
    {
      "@type": "HowToStep",
      "name": "サイトルートに配置",
      "text": "yoursite.com/llms.txt として配置します。"
    }
  ]
}
</script>
```

「〜のやり方」「〜の手順」というクエリでAI回答に出やすくなります。`totalTime` はISO 8601形式(`PT15M` = 15分)で書きます。

### 一番ハマるポイント: SSR必須

これは一度ハマると半日溶けます。

**AIクローラーの多くはJavaScriptを実行しません**。クライアントサイドJSでJSON-LDを動的挿入する方式は、AIには「ない」と扱われます。

```tsx
// NG: クライアントサイドで注入される
useEffect(() => {
  const script = document.createElement('script')
  script.type = 'application/ld+json'
  script.text = JSON.stringify(jsonLd)
  document.head.appendChild(script)
}, [])

// OK: サーバーコンポーネントで直接出力
export default function Page() {
  return (
    <script
      type="application/ld+json"
      dangerouslySetInnerHTML={{ __html: JSON.stringify(jsonLd) }}
    />
  )
}
```

私はこのミスでJSON-LDを2週間「実装したつもり」になっていました。Google Rich Results Testで赤いバツが出たのを見て、ようやく気づきました。

## robots.txtの確認も忘れずに

llms.txtとJSON-LDを完璧に実装しても、 **robots.txtでAIクローラーをブロックしていたら** すべて無駄になります。これも意外と見落とされがちな話です。

AIクローラーのリクエスト数は、すでにGooglebotの約20%に相当する規模になっています。最低限、次の設定を確認してください。

```text
# AI検索最適化重視

User-agent: GPTBot
Allow: /

User-agent: ChatGPT-User
Allow: /

User-agent: ClaudeBot
Allow: /

User-agent: Google-Extended
Allow: /

User-agent: PerplexityBot
Allow: /

User-agent: Applebot-Extended
Allow: /

# 管理画面は除外
User-agent: *
Disallow: /admin/
Disallow: /api/

Sitemap: https://example.com/sitemap.xml
```

「うちはAIに学習されたくない」という考え方も尊重します。ただ、 **AI回答に出てこなくなる** という意味でもあります。両方は両立しません。

## 15分実装タイムライン

整理します。新しい知識ゼロからでも、次の順番で進めれば15分で終わります。


| 経過時間 | やること |
|---------|---------|
| 0-5分 | `llms.txt` を書いてサイトルートに配置 |
| 5-10分 | トップ記事1本にArticle/TechArticleのJSON-LDを追加 |
| 10-13分 | robots.txtでAIクローラー(GPTBot、ClaudeBotなど)が許可されているか確認 |
| 13-15分 | [Google Rich Results Test](https://search.google.com/test/rich-results) でJSON-LDをバリデーション |

これで最小実装は完成です。残りの記事への展開、FAQページへのFAQPageスキーマ追加、HowTo記事への追加は、暇な日に少しずつやれば十分です。

## ここから先のステップ

llms.txt + JSON-LDは「LLMOの土台」であって、LLMO全体ではありません。本格的にやるなら、次の3軸を並行して動かすことになります。

1. **コンテンツ設計**(原理): [Microsoftの3原則](https://kenimoto.dev/ja/blog/llm-content-design-microsoft-3-principles)。構造・明確さ・スニッパビリティ。
2. **配信戦略**(事例): [TRMの90日8,337%増](https://kenimoto.dev/ja/blog/llmo-case-studies-trm-8337-percent)。4戦略柱の分解。
3. **効果測定**: ChatGPT流入、Perplexity経由のリファラ追跡、引用カウント。

この全体像のフレームワークは [llmoframework.com](https://llmoframework.com) に体系化されています。「土台ができたら次は何を最適化すべきか」を考えるときの地図として使ってください。

## 締め

15分で土台ができたら、次の14日と23時間45分で何書くか考えましょう。土台がない状態でいい記事を書いても、AIには「存在しないサイト」のままです。逆に、土台さえあれば、書いた記事は確実にAIの目に入る場所には届きます。

LLMOの一番つまらない真実は、こういうことです。 **派手な施策の前に、地味な土台を15分で作るのが一番効く。** 私はそれに気づくのに90分かかりました。あなたはこの記事を読み終えた瞬間から始められます。

## 参考

- [Brave LLM Context API ドキュメント](https://api-dashboard.search.brave.com/api-reference/summarizer/llm_context/get): JSON-LD優先抽出の公式仕様
- [llms.txt directory](https://directory.llmstxt.cloud/): 採用済みサイトの一覧
- [llms.txt 規格(Answer.AI)](https://llmstxt.org/): Jeremy Howard氏のオリジナル提案
- [llmoframework.com](https://llmoframework.com): LLMO全体フレームワーク
- [Google Rich Results Test](https://search.google.com/test/rich-results): JSON-LDのバリデーション

---

## さらに深掘りしたい方へ

LLMO を30分で始めたい方は、核心を8章で凝縮したコピペで使えるテンプレ集 **[LLMOクイックスタート — エンジニアのためのAI検索最適化入門](https://kenimoto.dev/ja/books/llmo-quickstart)** が最短ルートです。

---

# SEOが壊れる日 — 私のAIエージェントは、もうGoogleを見ていなかった

URL: https://kenimoto.dev/ja/blog/llmo-three-paths-introduction/
Lang: ja
Date: 2026-05-10
Description: ある日、私のAIエージェントが情報を探すときGoogleではなくBrave Searchを使っていることに気づきました。3ヶ月積み上げたmeta tagsはClaudeに1秒も読まれていませんでした。LLMOがコンテンツに届く3つの経路を、実装の角度から整理した入門編です。

ある日のことでした。私が運用しているAIエージェントのログを眺めていて、ふと違和感を覚えました。

エージェントが情報を検索するとき、Googleを使っていなかったのです。代わりに使っていたのは **Brave Search** でした。

これは小さな衝撃でした。私がSEO対策で12年最適化してきた検索エンジンと、自分のAIエージェントが実際に見ている検索エンジンが、まったく別物だったのです。

## ChatGPTはBing、ClaudeはBrave、GeminiはGoogle

調べてみると、これは私のエージェントだけの話ではありませんでした。

主要なLLMサービスは、それぞれ別の検索バックエンドを使っています。

| LLMサービス | 検索バックエンド | 備考 |
|---|---|---|
| ChatGPT | Bing | 一部 SearchGPT も併用 |
| Claude | Brave Search | Anthropic 採用後、Brave への流量が急増 |
| Gemini | Google Search | Google 自社のインデックス |
| Perplexity | 独自 + 外部API混在 | Brave / Bing を併用する局面あり |
| Cursor などコーディング系 | Brave Search が主流 | Bing API の外部提供廃止が背景 |

Brave Search は2026年5月時点で1日あたり約4,300万クエリを処理しています。米国検索シェアは2.45%。グローバルでは0.6%程度ですが、AI経由のクエリが乗ったことで成長カーブが急になっています。

つまり、私のSEO対策は、Googleで上位を取るための12年でした。AIに引用されるための12年ではなかったのです。

## SEOは死なない、でもSEOだけでは負ける

「SEOは死んだ」と書きたいわけではありません。それは見出しのために魂を売る人の表現です。

Google の検索シェアは依然として約90%です。10本の青いリンクからの流入は、私のサイトの主たる収益源として変わらず動いています。SEO対策のmeta tagsを外す日は来ません。

しかし、AI経由の訪問者の質は別物でした。手元の数字で確認してみます。

- AI経由のリファラル訪問のコンバージョン率は **11.4%** に対し、オーガニック検索は5.3% (SimilarWeb調査)
- LLM経由訪問者のコンバージョン率は、ケースによってはオーガニック検索の **最大23倍** に達する (Ahrefs調査)
- AI経由のリファラルトラフィックは前年比 **357%増加** (SimilarWeb調査)
- AI Overviews の表示で、Google検索1位ページのCTRは **34.5%低下** (Ahrefs調査)

量が少ないが質が桁違いに高い。これがAI経由トラフィックの特徴です。そしてこの量も、毎年数百パーセントの勢いで増えています。

3ヶ月かけて積み上げたmeta tagsが、Claude Sonnetには1秒も読まれていない事実は、人を多少打ちのめします。打ちのめされたあとに、SEOの上にもう1段積むものがある、と気づくのが正しい順序でした。

それが **LLMO (Large Language Model Optimization)** です。

## LLMOの定義と、似た言葉の整理

LLMO とは、ChatGPT・Claude・Gemini・Perplexity といった大規模言語モデルの回答において、自分のコンテンツが参照・引用されるように最適化する技術のことです。

似た言葉がいくつかあります。混乱するのも当然です。整理しておきます。

| 用語 | 意味 | 普及度 |
|---|---|---|
| LLMO | 大規模言語モデルへの最適化 | 実務で増えている |
| GEO | Generative Engine Optimization | 学術的には標準 |
| AIO | AI 全般への最適化 | 日本で比較的使用 |
| AEO | Answer Engine Optimization | やや狭い概念 |

どの用語も本質は同じです。「AIの回答で自分のコンテンツが引用されるための最適化」を指しています。本記事では LLMO を使います。

## LLMにコンテンツが届く3つの経路

LLMO を理解する上で最初に押さえたい問いは、「LLM はどうやってあなたのコンテンツを知るのか」です。経路は大きく3つあります。


### 経路1: 学習データ (長期戦・効果6ヶ月から2年)

GPT-4 や Claude は膨大なテキストデータで事前学習されています。この学習データに含まれた情報が、モデルの「記憶」になります。

ここで押さえておきたいのは、すべてのWebページが平等に扱われているわけではない、という点です。

GPT-3 の学習データでは、Wikipedia と WebText2 (Reddit で3つ以上の upvote を受けた投稿に含まれるリンク先) に **5から6倍の学習ウェイト** が与えられていました。Reddit コミュニティが「価値がある」と判断したコンテンツは、LLM の記憶に強く刻まれるのです。

ただし、学習データにはカットオフ日があります。今日公開した記事がClaudeのモデルに反映されるのは、早くても数ヶ月後。次のモデルの学習が回るタイミングを待つ、いわば長期戦です。

「Anthropic の次のモデルに私のブログを覚えていてもらう」のは、3ヶ月の戦いではなく、3年の戦いです。

### 経路2: RAG (中期戦・効果1から3ヶ月)

RAG (Retrieval-Augmented Generation) は、LLM が「記憶」にない情報を補完するために、リアルタイムでWeb検索を行い、取得した情報をもとに回答を生成する仕組みです。

ChatGPT の Browse with Bing、Perplexity の Web 検索、Google AI Overviews。これらはすべて RAG です。

**AI の回答に引用URLが付くのは、主にこの RAG 経由です**。これが LLMO の中で最も即効性のある経路です。

RAG で重要な概念が **Query Fan-out** です。ユーザーが1つの質問をすると、RAG システムは内部で複数のサブクエリに分解して検索します。

たとえば「HubSpot をスタートアップで使うべきか」という質問は、内部でこのように展開されます。

- 「HubSpot スタートアップ 料金」
- 「HubSpot 代替ツール 比較」
- 「スタートアップ CRM おすすめ」

SurferSEO の分析によると、サブクエリでランクインしたコンテンツは、メインクエリのみよりも **49%引用されやすい** という結果が出ています。

もう一つ覚えておきたいのは、**LLM はページ全体ではなくパッセージ単位でコンテンツを評価する** という事実です。SEO で1位のページでも、回答が長文に埋もれていれば AI に引用されません。

逆に、SEO ランキングが低くても、特定の段落が質問に的確に答えていれば引用される可能性があります。これは [JSON-LD 11スキーマで AI に意味を渡す実装](/ja/blog/json-ld-11-schemas-llm-understanding/) や [llms.txt と JSON-LD の最小実装](/ja/blog/llmo-minimum-implementation-llms-txt-json-ld/) で扱った話と直結しています。

### 経路3: AIエージェント検索 (即効性・1から3ヶ月)

3つ目の経路は、AIエージェントが独自に行うWeb検索です。

2025年に Microsoft が Bing Search API の外部提供を実質的に廃止したことで、独立系の検索 API は **Brave Search が事実上唯一の選択肢** になりました。

Claude、Perplexity、多くの AI コーディングアシスタントが Brave Search API を利用しています。Cursor、Claude Code、OpenClaw のいずれも、内部のWeb検索層は Brave に寄っています。

見落としやすい論点が一つあります。**Google のインデックスと Brave のインデックスは別物** だという事実です。Google で1位のページが Brave では見つからないこともあります。

私が冒頭で書いた「私のAIエージェントが Google を見ていなかった」というのは、この経路の話でした。

AI エージェント経由のトラフィックを獲得するには、Brave Search での可視性も意識する必要があります。`robots.txt` で Brave のクローラーをブロックしていないか、サイトマップが Brave のインデックスに登録されているか。これは実装の問題です。

## 3経路の優先順位

どの経路から手を付けるべきか、判断軸を整理します。

| 状況 | 優先経路 | 効果が出るまで |
|---|---|---|
| 既存コンテンツが豊富 | 経路2 (RAG最適化) | 1から3ヶ月 |
| 新規コンテンツ計画中 | 経路2 + 経路3 | 3から6ヶ月 |
| ブランド認知を高めたい | 経路1 (学習データ) | 6ヶ月から2年 |
| 技術ツール・OSS を運営 | 経路3 (エージェント検索) | 1から3ヶ月 |

最も効率的なのは、**経路2 (RAG) の最適化を起点に、経路3と経路1に波及させる** アプローチです。コンテンツ構造を改善すれば、それは全経路に効きます。

[LLMO 測定の3つの方法](/ja/blog/llmo-measurement-3-methods/) で書いた測定基盤を入れておくと、どの経路が機能しているのか追跡できます。

## なぜエンジニアがLLMOをやるべきなのか

「これはマーケターの仕事では」と思った方もいるかもしれません。違います。LLMO はエンジニアリングの問題です。

- LLM のアーキテクチャ理解
- RAG の Query Fan-out を意識したコンテンツ設計
- JSON-LD による構造化データの実装
- `llms.txt` や `robots.txt` による AI クローラー制御
- 計測パイプラインによるモニタリング自動化

これらはすべて、エンジニアのスキルセットに属する仕事です。マーケティング部門に「JSON-LD 11スキーマを設計してください」とお願いするのは、無茶です。

加えて、私たちエンジニアは LLMO の「当事者」でもあります。Claude Code で技術調査をするとき、Perplexity でライブラリを比較するとき、私たちは AI 検索のユーザーです。同時に、技術ブログや OSS ドキュメントを書くとき、AI 検索のコンテンツ提供者でもあります。

両方の立場を持つエンジニアこそが、LLMO を最もよく理解し、効果的に実践できるのです。

## Context Engineering と LLMO は表裏一体

[Context Engineering 入門の5戦略](/ja/blog/context-engineering-introduction-five-strategies/) と [CLAUDE.md = Context Engineering 凝縮](/ja/blog/claude-md-context-engineering-practice/) で扱った話と接続しておきます。

Context Engineering は、AI に「何を渡すか」を設計する技術です。LLMO は、AI が「何を見るか」を設計する技術です。

入力側の Context Engineering と、世界側の LLMO は、表裏一体です。AI に渡すコンテキストの設計だけでは、AI が世界を見る入口で自分のコンテンツが選ばれない限り、ユーザーには届きません。逆に、LLMO だけ頑張っても、AI が利用される文脈そのものが整理されていなければ、引用は短命です。

両方やる必要があります。これからのWebは、両輪設計の時代です。

## まとめ

- **AI エージェントは Google ではなく Brave Search で検索している**。SEO対策の前提が一部崩れている
- **LLM に情報が届く経路は3つ**: 学習データ (長期)、RAG (中期)、エージェント検索 (即効性)
- **SEO は死なないが、SEO だけでは負ける**。SEO の上に LLMO を積むハイブリッド戦略が必要
- **LLMO はエンジニアリングの問題**。技術的理解と実装が両方いる
- **最も効率的な起点は RAG 最適化**。コンテンツ構造を改善すれば全経路に効く
- **Context Engineering と LLMO は表裏一体**。両輪で設計する

## 次のアクション

- [ ] 自社サイトの `robots.txt` を開いて、AI クローラー (GPTBot、ClaudeBot、Bravebot) がブロックされていないか確認する
- [ ] ChatGPT か Perplexity で自社名を検索し、何が表示されるか確認する
- [ ] Brave Search で自社サイトが表示されるか確認する
- [ ] [LLMO 測定の3つの方法](/ja/blog/llmo-measurement-3-methods/) を読み、計測の仕組みを入れる

## もっと深く知る

LLMO の実装側、特に「今日から書ける llms.txt と JSON-LD 11スキーマ」を体系的に押さえたい方は、本書がおすすめです。

[LLMO クイックスタート: AI 検索時代のWeb最適化入門](https://kenimoto.dev/ja/books/llmo-quickstart)

本書は本記事の元になった第1章を含む、3経路の最適化を実装側まで落とし込んだ入門書です。第2章で今日から書ける実装、第3章で計測の仕組みを扱います。

## 関連記事

- [llms.txt と JSON-LD で実装するLLMO最小構成](/ja/blog/llmo-minimum-implementation-llms-txt-json-ld/) — 経路2/3 の最小実装
- [JSON-LD 11スキーマで AI に意味を渡す](/ja/blog/json-ld-11-schemas-llm-understanding/) — 構造化データ実装
- [LLMO 測定の3つの方法](/ja/blog/llmo-measurement-3-methods/) — 効果計測パイプライン
- [TRMケーススタディ 8337%の流入増加](/ja/blog/llmo-case-studies-trm-8337-percent/) — 実例ベースの分析
- [Microsoft 3原則: LLMが引用したくなるコンテンツ](/ja/blog/llm-content-design-microsoft-3-principles/) — コンテンツ設計指針
- [Context Engineering 入門の5戦略](/ja/blog/context-engineering-introduction-five-strategies/) — 入力側の設計

---

# 他社の llms.txt を30個監査したら、すでに5つのアンチパターンが形になっていた

URL: https://kenimoto.dev/ja/blog/llms-txt-audit-30-files-5-anti-patterns/
Lang: ja
Date: 2026-05-11
Description: 今月3本目の llms.txt を書き終えて満足していた私が、他社の本番 llms.txt を30個開いたら、半分以上が同じ5つのパターンで壊れていた。私自身も3つやらかしていたという話。

今月3本目の llms.txt を書き終えて、私は不当に満足していました。コーヒーを淹れ直して、これで AI 検索対策の個人的な宿題は終わったような顔をしていました。

その後、開発者なら誰でも参考にする30社の本番 llms.txt を順番に開いていきました。Anthropic、Stripe、Vercel、Cloudflare、Hugging Face、Mintlify、Astro、Linear。 **「真面目な会社はこうやってる」と人に紹介するときに名前を出す顔ぶれ** です。

30本中24本が、5つのパターンのうち最低1つを踏んでいました。そのうち3つは、私自身がやらかしていたものでした。

コーヒーが冷めました。

## 監査のやり方

仕掛けは恥ずかしいほど単純です。2026年5月時点で公開 llms.txt を持つ業界トップ30ドメインを並べました。AIラボ、開発インフラ、開発者ツール。`curl` で全部取ってきて、LLM の気持ちで読みました。気になった点をログに書きました。

これは科学ではありません。月曜の夜にターミナルを開いて触っただけです。ただ、パターンが速攻で出てきたので30本で止めました。次の10本も同じことになっていたはずです。

参考までに、[SE Ranking が2026年3月に30万ドメインを分析した調査](https://seranking.com/blog/llms-txt/) では普及率は約10%。 [codersera の2026年5月時点ガイド](https://codersera.com/blog/llms-txt-complete-guide-2026/) は約84.4万サイトが導入、年成長500%と試算しています。 **普及レースには勝っている。質のレースには負けている** という温度感です。


## 5つのアンチパターン

### アンチパターン1: 「全部入り」型

最も多く、そして私が最もやらかしていたパターンです。著者は llms.txt を「sitemap.xml の二枚目」だと思っています。800リンク、1,200リンク、フラット、優先順位なし。 **2019年から書いた全記事を時系列で並べたファイル** を1本開きました。

llms.txt の意義は sitemap.xml ですでに済んでいるものを繰り返さないことです。仕様が「10KB以下推奨」と書いているのは、ファイルサイズの可愛い目安として言っているのではありません。 **コンテキストウィンドウに収まらず、肝心の質問への予算が残らないなら、それは助けにならず、問題を移し替えただけ** という意味です。

修正は容赦なくやります。10〜20リンクに絞ります。 **50ではない。「主要セクション＋少し余分」でもない。10〜20** です。それ以外は `## Optional` セクションに送るか、sitemap.xml に残しておけば十分です。

ドキュメント主体のプロダクトなら、Cloudflare が採用しているパターンが綺麗です。ルート llms.txt はスリムに保ち、プロダクト別の llms.txt にリンクを張る。プロダクトごとに予算内に収まる。エージェントは必要なものだけ取ってくる。 **蛇口を直すのに百科事典を最初から読む人はいません。**

### アンチパターン2: 「robots.txt と矛盾」型

robots.txt と llms.txt を両方開きます。両方のパスを diff します。 **監査した30本のうち約3分の1が、robots.txt で AI クローラーに `Disallow` しているパスを llms.txt に堂々と書いていました。**

一番痛かった例。あるドキュメントサイトは robots.txt で `GPTBot` と `ClaudeBot` を `/docs/` から弾いていました。llms.txt には `/docs/*` URL を40本書いていました。 **llms.txt は「ここが大事」と言い、robots.txt は「入るな」と言う。クローラーは robots.txt に従う。llms.txt は飾り** です。

これはたいてい、2つのファイルを別チームが管理している(または同じ人が別の月に書いた)ときに起きます。修正は5分で済みます。両ファイルを並べて開いて、llms.txt の全 URL が AI クローラーに対して `Allow` になっているか確認するだけです。

本気で AI クローラーをブロックしたいなら、それはそれで構いません。ただし **その上で丁寧なお気に入りページのディレクトリも一緒に渡してはいけません。**

### アンチパターン3: 「リンク先がHTML」型

Jeremy Howard が最初の提案で書いた賢いコンベンションがあります。 **任意の URL の末尾に `.md` を付けると、ナビ・広告・JavaScript を取り除いた Markdown 版が返る** 。`.html.md` パターンです。

ほぼ誰もやっていません。30本中、`.md` 版を実際に配信しているのは6本だけでした。残り24本は、 [JavaScript を実行しない AI クローラー](https://kenimoto.dev/ja/blog/llmo-minimum-implementation-llms-txt-json-ld/) が読み取りに苦労する HTML ページを LLM に渡しています。

Stripe はこれを綺麗にやっています。全ドキュメント URL に `.md` ツインがあり、llms.txt は `.md` 版を指しています。 [llmoframework.com の Reference Templates ページ](https://llmoframework.com) は、 **多くのチームが省略しているもののうち、効果対労力が最大なのがこれ** と指摘しています。「AI がページを見つけられる」と「AI が中身を読める」の差を埋めるのがこのパターンだからです。

修正はスタック依存です。Astro/Next.js なら、ビルド時に `.md` 版を生成する30行の追加で済みます。動的 CMS なら、`.md` サフィックスで Markdown シリアライズを返す Edge Function が早道です。 **どのみち、努力対効果が最も大きい修正です。**

### アンチパターン4: 「自己紹介の塊」型

30本中8本が、本文全体をマーケティングコピーで埋めていました。「私たちは AI ネイティブ時代の革新的リーダーです」が3段落。創業者の引用。会社の歴史。リンク2本。 **トップページをそのまま貼り付けたかのような llms.txt** です。

LLM はあなたのバイブスを買いません。コンテンツへのポインタが必要です。H1 とブロッククオートのサマリーが「このサイトは何か」を書く場所。それより下は、 **具体的なページへの具体的な説明付きリンク** であるべきです。llms.txt がホームページに見えたら、ホームページを書いたということです。

Princeton の [GEO 研究「AI に引用される9つの方法」](https://kenimoto.dev/ja/blog/llmo-three-paths-introduction/) はコンテンツ面で同じことを言っています。曖昧な主張は引用されない。具体的な主張＋出典が引用される。同じ理屈が llms.txt 本体にも当てはまります。

### アンチパターン5: 「鮮度ゼロ」型

監査した30本のうち5本は、 **1度作って二度と触っていない兆候** が明らかでした。404 になる URL。すでに存在しないプロダクト名。最終更新の痕跡が2024年。llms.txt が提案されて半年そこそこ、「AI検索」を Perplexity がまだ説明していた時代のままです。

sitemap.xml は自動生成。robots.txt はめったに変わらない。llms.txt は中途半端な位置にいます。 **ドキュメントのように手でキュレーションするが、README が「Yarn を使っています」と書いたまま pnpm に移行してから1年経っているのと同じ陳腐化リスクを抱える** ファイルです。

修正は規律ではなく自動化です。llms.txt が列挙する URL に対して 404 を検出する CI チェックを入れる。「人気記事」セクションを四半期ごとにアクセス解析から再生成する。 **一回限りのローンチ成果物ではなく、config ファイルのように扱う** のが正解です。

[Mintlify が顧客ベースで観察した実例分析](https://www.mintlify.com/blog/real-llms-txt-examples) では、これが2番目に多いパターンでした。1番目はアンチパターン1。 **今週手をつけるならこの2つ** です。

### 国内事例も覗いてみた

国内ドメインも何本か `curl` してみました。zenn.dev には llms.txt がありませんでした(調査時点、2026年5月)。note.com も同じ。クックパッド、メルカリ、SmartNews も未配置。 [Zenn の Book で同じ章を扱った](https://zenn.dev/kenimo/books/llmo-quickstart) 立場から書きますが、 **国内の Web メディア・SaaS 大手で llms.txt を配置している例は2026年5月時点でほとんどありません** 。

これは2通りに読めます。「日本は周回遅れ」と読むこともできるし、「国内なら今のうちに置けばまだ先行者利益が取れる」と読むこともできます。後者の方が建設的です。

## 私自身が踏んでいた3つ

正直セクションです。私の3本の llms.txt のうち、

- 1本は47リンクを書いていた。アンチパターン1。
- 1本は `.md` 版を用意していなかったので HTML のみを指していた。アンチパターン3。
- 1本は4ヶ月放置で、リネーム後のスラッグへの301リダイレクトチェーンを含んでいた。アンチパターン5 + デザートとして301の連鎖。

他人のファイルを4分の3ほど読み終えた頃に、ようやく自分のミスに気づきました。 **監査は他人を採点する作業のつもりで始めて、自分の答案を晒すことになった** 話です。教訓は確実に何かあるはずですが、まだ恥ずかしさのフェーズなので整理できていません。

## 2本だけ直してみた結果

3本のうち2本だけ直しました。47リンクのファイルは16リンク＋`## Optional` セクションに圧縮。HTML のみだったファイルは、Astro のビルドフックで主要16 URL に `.md` ツインを生やしました(25行ほどで済みました)。

「AI 引用率がX%上がった」とは書けません。ファイルがまだ1週間しか経っていないし、 [この規模で引用測定はノイズだらけ](https://kenimoto.dev/ja/blog/llmo-measurement-3-methods/) です。書けることはひとつだけ。 **「200K コンテキストウィンドウで他に10タブ開いている LLM が、前バージョンより新バージョンを好むか」と聞かれて、迷わず Yes と答えられるようになった** 。前バージョンは読めなかった。それだけです。

## llms.txt についての正直な立場

懐疑派は半分正しい。 SE Ranking の30万ドメイン調査では引用率の有意な向上は出ていません。主要 LLM はファイルを取ってきていると公式には認めていません。標準化団体の刻印もありません。

懐疑派は半分間違っている。IDE エージェント(Cursor、Cline、Continue)、 [私が比較した5つの AI 検索エンジン](https://kenimoto.dev/ja/blog/llmo-three-paths-introduction/) のうちいくつか、増えつつある MCP インテグレーションは、今日 llms.txt を読みに来ています。 **オプション性は本物で、コストは15分** 。

2026年の本当の問いは「llms.txt を置くべきか」ではありません。コスト便益でとっくに決着しています。問いは **「置いたファイルが LLM の役に立つのか、それともあなたのドメインを無視するように学習させるのか」** です。アンチパターン1〜5は、その2つの結末を分ける線です。

## 今週やるチェックリスト

まだ置いていない人は、 [4月に書いた llms.txt 最小実装記事](https://kenimoto.dev/ja/blog/llmo-minimum-implementation-llms-txt-json-ld/) を踏襲してください。すでに置いた人は、5項目で自己採点してみてください。

1. ファイルは10KB以下で、`## Optional` を除いたリンクが20本以内か
2. リストされた全 URL が、robots.txt で GPTBot と ClaudeBot に許可されているか
3. 上位5 URL に `.md` ツインが存在するか
4. 本文は具体的なページへのリンクか(一般的なマーケコピーになっていないか)
5. 直近90日以内に更新されたか

5点満点なら、私が見た30社の上位6社、つまりすでに自己選択された母集団の上位20%に入ります。3点以下なら、私と同じ月曜の午後があなたを待っています。

私は今週4本目の llms.txt を書きます。このリストを通してから公開します。終わったあと、生産的な気分にはならないでしょう。 **3回連続で同じ教訓を学んだ人間の顔** をしているはずです。

私はそう聞いています。エンジニアリングというのはそういうものらしい。

## 参考

- [llms.txt 仕様(Answer.AI)](https://llmstxt.org/): Jeremy Howard 氏のオリジナル提案
- [SE Ranking の30万ドメイン調査](https://seranking.com/blog/llms-txt/): 普及率と引用効果の実証分析
- [Mintlify Real llms.txt examples](https://www.mintlify.com/blog/real-llms-txt-examples): 大手企業の実例とミス
- [llmoframework.com](https://llmoframework.com): LLMO 全体フレームワークと Reference Templates
- [Google Rich Results Test](https://search.google.com/test/rich-results): 構造化データのバリデーション

---

## さらに深掘りしたい方へ

llms.txt 単発ではなく、JSON-LD・robots.txt 戦略・コンテンツ設計・効果測定まで含めた LLMO の全体像が欲しい方は、 **[LLMO: エンジニアのための AI 検索最適化](https://kenimoto.dev/ja/books/llmo-ai-search-optimization)** が一番網羅的です。12章構成、Quickstart より深掘り、ケーススタディも多めです。

---

# MCPサーバーに接続しただけでトークンが消える — 4サービスで実測した

URL: https://kenimoto.dev/ja/blog/mcp-token-cost-measurement/
Lang: ja
Date: 2026-04-30
Description: MCPサーバーに接続した瞬間、tools/listでツール定義がコンテキストに読み込まれ、使わなくてもトークンが消費される。PostgreSQLからfreeeまで4サービスを実測し、見えないコストを可視化した。

MCPサーバーを5つ接続した状態でClaude Codeを起動したら、何も質問していないのにコンテキストウィンドウの40%が埋まっていました。

私は3秒ほど画面を見つめて、それから接続設定を全部見直しました。

## 何が起きているのか

MCPサーバーに接続すると、最初に `tools/list` というリクエストが走ります。これはサーバーが「私はこんなツールを持っています」と自己紹介する仕組みです。ツール名、説明文、パラメータ定義。これらがすべてLLMのコンテキストウィンドウに読み込まれます。

ここが直感に反するポイントです。**使わなくても読み込まれる。**

従来のAPI呼び出しなら、使いたいAPIだけを叩けばよかった。RESTful APIを10個知っていても、GETリクエストを送らなければ帯域もコストもゼロです。

MCPは違います。図書館に例えると「1冊の本を読みたいだけなのに、全蔵書のカタログを先に読まされる」。しかもその図書館に入るたびに、毎回カタログを最初から読み直します。

## 4サービスの実測データ

4つのMCPサーバーについて、ツール定義のトークン消費量を実測しました。

| MCPサーバー | ツール数 | 推定トークン数 | 月10回のコスト |
|------------|---------|-------------|------------|
| **PostgreSQL** | 1 | ~35 | ~¥0.07 |
| **Google Maps** | 7 | ~704 | ~¥1.4 |
| **GitHub** | 26 | ~4,242 | ~¥8.5 |
| **freee** | 270 | ~17,500 | ~¥35 |

PostgreSQLとfreeeの差は約500倍です。

同じ「MCPサーバー」という名前がついているのに、接続のコスト特性がまったく違う。これは正直、実測するまで想像できませんでした。PostgreSQLは「コンビニで水を買う」くらいの感覚ですが、freeeは「コンビニに入ったら全商品の成分表を読まされる」に近い。


## なぜfreeeは270ツールもあるのか

freeeのMCPサーバーは5つのAPIをカバーしています。

| API | 主な機能 | ツール数の目安 |
|-----|---------|------------|
| 会計 | 取引、勘定科目、試算表 | ~80 |
| HR | 従業員、部署、給与 | ~60 |
| 請求書 | 請求書作成、送付 | ~40 |
| 勤怠 | 打刻、残業、有給 | ~50 |
| 販売管理 | 見積、受注、売上 | ~40 |

freeeは会計だけでなくHR、勤怠、給与、販売管理まで一気通貫で提供するプラットフォームです。MCPサーバーが全APIをカバーしているのは、フル活用するユーザーにとっては合理的な設計です。

ただし、確定申告の経費処理だけが目的なら、必要なのは会計APIの一部(10~20ツール程度)。270ツール全部の定義が読み込まれるのは、蕎麦屋に入ったらフルコースのメニューを端から端まで音読させられるようなものです。

## 年間コストを計算してみる

確定申告での経費処理を想定して、年間コストを出します。Claude 3.5 Sonnetの入力トークン料金($3/1Mトークン、1ドル=150円)で計算しました。

```text
1回あたりのコスト:
  17,500トークン × $3/1,000,000 × 150円 = ¥7.9/回

利用頻度別の年間コスト:
  月10回(個人事業主の経費処理)  → ¥945/年
  毎日利用(中小企業の経理)     → ¥2,835/年
  月50回(フル活用)            → ¥4,725/年
```

freeeの月額料金(スタンダードプラン: ¥2,380/月 = ¥28,560/年)と比較すれば小さな金額です。

しかし重要なのは、**これがツール定義の読み込みだけのコスト**だということ。実際のツール呼び出し(取引の作成、勘定科目の検索など)のトークン消費は別途かかります。「サブスクの月額は安いけど、オプション料金が地味にかさむ」パターン。家計簿をつけるためのツールが、見えないところで家計を圧迫している。皮肉な話です。

## 業界の反応: PerplexityがMCPから距離を置いた

このトークンコスト問題は、私の個人的な発見ではありません。業界全体で認識されつつあります。

2026年3月、Perplexity CTOのDenis Yarats氏はAsk 2026カンファレンスで、社内でMCPから離れてAPIとCLIに戻すと発表しました。理由はコンテキストウィンドウの消費と認証フローの煩雑さ。ある開発者の報告では、MCPツールだけで200Kトークン中143K(72%)を消費していたケースもあります。

PerplexityはMCPサーバーの提供自体はやめていませんが、自社プロダクトの内部ではMCPを使わない方向にシフトしています。「プロトコルとしては支持するが、コスト構造が現実的でない」という判断です。

## コスト最適化の3つの戦略

### 戦略1: 必要なツールだけ公開する

freeeの270ツールのうち、確定申告に必要なのは10ツール程度。Claude DesktopやCursorでは `allowedTools` で使うツールを絞れます。

```json
{
  "mcpServers": {
    "freee": {
      "allowedTools": [
        "create_deal",
        "list_deals",
        "get_deal",
        "update_deal",
        "get_trial_balance",
        "list_account_items",
        "list_partners",
        "list_taxes",
        "list_walletables",
        "get_company"
      ]
    }
  }
}
```

10ツールなら約650トークン。17,500トークンから**96%の削減**です。

最も手軽で効果の大きい対策ですが、意外と知られていません。MCPの導入記事は「接続できた」で終わるものが多く、「接続後にツールを絞る」ステップまで書いてある記事はほとんど見かけません。

### 戦略2: 遅延読み込み(Lazy Loading)

2026年に入って、MCPのトークン問題に対する技術的な解決策が出てきました。

**Claude CodeのTool Search機能**(2026年1月発表)は、MCPツールが多すぎる場合にツール定義をコンテキストに直接読み込まず、必要なときだけ動的に検索・読み込みます。50以上のツールがある環境で特に有効です。

**lazy-mcp**というOSSプロキシも登場しています。MCPサーバーの前段に置いて、ツール定義をオンデマンドで読み込む仕組みです。ある事例では、コンテキスト使用量を90%削減したと報告されています。


### 戦略3: 接続のタイミングを制御する

最もローテクで確実な方法です。常時接続ではなく、必要な時だけMCPサーバーに接続する。「freeeの作業が終わったら接続を切る」。それだけで、他のタスクでのトークン消費をゼロにできます。

私は確定申告の時期だけfreee MCPを有効にして、それ以外の期間は設定ファイルからコメントアウトしています。年に数回しか使わないツールを365日接続しておく理由はありません。

## MCPサーバー選定時のチェックリスト

MCPサーバーを本番導入する際、機能面だけでなくコスト面も評価すべきです。

| 評価基準 | 良い例 | 要注意 |
|---------|--------|--------|
| ツール数 | 必要最小限に絞られている | 全機能がフラットに公開 |
| 説明文 | 簡潔・構造化されている | API仕様書そのまま |
| 権限制御 | ツール単位で制御可能 | 全ツールが常に有効 |
| ドキュメント | トークン消費量の記載あり | 記載なし |

MCPサーバーを自作する場合は、ツール説明文の長さがトークンに直結することを意識してください。API仕様書のような冗長な説明文(約80トークン)を簡潔な説明文(約20トークン)にするだけで、ツールあたり75%のトークン削減になります。

## まとめ

- MCPに接続するだけで、ツール定義のトークンが消費される
- PostgreSQL(35トークン) vs freee(17,500トークン): 500倍の差
- freeeの年間コストは約945円(月10回利用)。見えないが確実にかかるコスト
- `allowedTools` でツールを絞れば96%削減できる。最初にやるべき対策
- 2026年はLazy LoadingやTool Searchなど、エコシステム側の対策も進んでいる
- PerplexityのMCP離脱は、この問題が個人の些事ではなく業界の構造的課題であることを示している

MCPは便利です。私も日常的に使っています。ただ、「接続した瞬間に何が起きているか」を理解した上で使うのと、知らずに使うのとでは、年間のコストと快適さがまるで違います。

冷蔵庫のドアを開けっぱなしにしても、すぐには食材は腐りません。でも電気代は確実に上がります。MCPのトークンコストも同じです。気づいたときに閉めればいい。

## 参考リンク

- [MCP公式仕様](https://modelcontextprotocol.io/) — Model Context Protocol specification
- [lazy-mcp](https://github.com/voicetreelab/lazy-mcp) — 遅延読み込みプロキシ
- [Perplexity CTOのMCP離脱発言](https://awesomeagents.ai/news/perplexity-agent-api-mcp-shift/) — Denis Yarats, Ask 2026
- [MCP Token Counter](https://mcpplaygroundonline.com/blog/mcp-token-counter-optimize-context-window) — トークン消費の可視化ツール

---

## さらに深掘りしたい方へ

MCP を本番導入する前に必読 — OWASP MCP Top 10、トークンコスト実測、ファイルアップロード問題の7サービス検証を扱う **[MCP実践セキュリティ — 本番導入で躓かないための完全ガイド](https://kenimoto.dev/ja/books/mcp-security-practice)** を参考にしてください。

---

# 新規ドメインの最初の1週間、GA4は嘘をつく: kaoriq.com立ち上げ4日間の生データ

URL: https://kenimoto.dev/ja/blog/new-domain-first-week-ga4-is-a-lie/
Lang: ja
Date: 2026-05-05
Description: 新規ドメイン取得4日後、GA4は65PV/34ユーザーを記録した。歓声を上げる前に、私は数字を5つの軸で殴った。残ったのは数件の人間と、24時間休まないクローラーの軍団だった。

新規ドメインを取って4日後、GA4を開いたら **65 PV / 34 ユーザー / 9カ国** と表示されました。

Build-in-publicの民として一瞬「来てる！」と思いかけたのですが、よく見ると指標が全部おかしい。米国17セッションの平均滞在時間が **4.9秒**、フランス・ポーランド・韓国・インド・シンガポールはそれぞれ **0〜1.4秒**。日本だけが **751秒(12分超)** という異様な数字でした。

ドメインは2026-05-02に取得した [kaoriq.com](https://kaoriq.com)(性格診断×香水のECサイト)。今日(5/5)時点でまだ20記事もない。冷静に計算するとPV単価は人間1人あたり数十秒の集中力を要求するはずで、4日でこの分布が出るのは物理的におかしい。

この記事では、新規ドメインの初週GA4データを **「ken本人 + クローラーの軍団」** と読み解いた手順を、実数を晒しながら共有します。GA4を新規プロジェクトで動かしている人、この週末にドメイン取った人、向けです。

## 晒す: 過去14日(実質4日稼働)の生データ

まずは数字をそのまま置きます。

**全体サマリー**

| 指標 | 値 |
|------|---|
| Sessions | 37 |
| Page Views | 65 |
| Total Users | 34 |
| New Users | 34 |
| 平均滞在時間 | 104.1秒 |
| 直帰率 | **80%** |

**国別**

| 国 | Sessions | PV | 平均滞在(秒) |
|---|---:|---:|---:|
| 🇯🇵 Japan | 5 | 33 | **751.0** |
| 🇺🇸 United States | 17 | 17 | 4.9 |
| 🇨🇦 Canada | 4 | 4 | 1.3 |
| 🇫🇷 France | 4 | 4 | 1.4 |
| 🇵🇱 Poland | 2 | 2 | 0.0 |
| 🇰🇷 South Korea | 2 | 2 | 0.0 |
| (not set) | 1 | 1 | 0.1 |
| 🇮🇳 India | 1 | 1 | 0.0 |
| 🇸🇬 Singapore | 1 | 1 | 0.0 |

**日別**

| 日付 | Sessions | PV | Users |
|---|---:|---:|---:|
| 2026-05-02 (取得日) | 17 | 40 | 14 |
| 2026-05-03 | 6 | 11 | 6 |
| 2026-05-04 | 12 | 12 | 12 |
| 2026-05-05 | 2 | 2 | 2 |

ぱっと見の印象は「初週としては悪くない」かもしれません。でもこのデータには **滞在時間751秒の日本人** と **滞在時間0秒の世界9カ国** が同居しています。中間値が存在しない。これが今回の手がかりです。

## 5つのシグナルで殴る

ボット判定は1つの指標では絶対にやりません。誤判定を避けるため、私はいつも5つの軸を並べてクロスチェックします。

| シグナル | ボットの典型値 | 人間の典型値 | kaoriq実値 | 判定 |
|---------|--------------|-------------|----------|------|
| 滞在時間 | 0〜5秒 | 30秒〜数分 | US 4.9s, FR 1.4s, KR 0s | 🤖 |
| 直帰率 | 90〜100% | 40〜70% | 80% | 🤖 |
| PV/Session | 1.0(1ページで離脱) | 1.5〜3.0 | US: 17/17 = 1.0 | 🤖 |
| 国分布の異常性 | コンテンツ無関係な国が散る | ターゲット国に集中 | EN/JAのみなのにPL/IN/SG | 🤖 |
| 時系列の異常スパイク | 新規ドメインで初日にドカン | 徐々に増加 | 5/2に40PV(取得日) | 🤖 |

### 単独シグナルだと騙される

「直帰率80%なら全部ボットでしょ」と即断したくなりますが、現実はそんなに優しくない。

- **滞在時間だけ見る**: 記事をタブで放置されると数十分の滞在になる。人間の「真剣な読者」とも、ただの「タブ放置勢」とも区別がつかない
- **直帰率だけ見る**: ランディングページが完璧に答えを返した場合、満足した人間も100%直帰する。優秀さとボットが見分けられない
- **国分布だけ見る**: 海外SNSでバズれば普通に多国籍流入は起きる。これだけでは弱い

5軸が **同時に** ボット側に倒れているとき、初めて確信を持って「これはbotだ」と言えます。

## 二極化が決定打になった

今回のkaoriqで判定が揺るがなかった本当の理由は、滞在時間の **分布の形** です。

- 日本: 5セッション / 平均滞在 **751秒**
- 他国全部: 滞在 **0〜5秒**

人間トラフィックが本物なら、滞在時間は **20〜120秒帯にもう少しなだらかに散らばる** はずです。「タイトルだけ見て離脱(10秒)」「冒頭読んで離脱(40秒)」「最後まで読んだ(180秒)」がグラデーションで存在します。

ところがkaoriqの分布は **二峰** で、中間がスポッと抜けています。これは「kenさん本人(=長時間滞在のテストアクセス)」と「クローラー(=瞬間離脱)」しかいない、と読むのが自然です。

逆に、もし「日本100sess / 滞在60秒、US 50sess / 滞在45秒、CA 20sess / 滞在30秒」のように **正規分布的に滞在時間が散る** データだったら、本物の人間トラフィックの可能性が高い。

## 推定: 純粋な人間流入は何件だったか

ここまで殴ったうえで、私の見立てはこうです。

| 区分 | 推定セッション数 | 内訳 |
|---|---:|---|
| ken自身のテストアクセス | 4〜5 | 日本5sessの大半、滞在751秒の主因 |
| クローラー(Googlebot / Bingbot / GPTBot / ClaudeBot / AhrefsBot等) | 27〜30 | US 17 + 欧州・アジア各国の0秒滞在勢 |
| 純粋な人間の自然流入 | 2〜5 | 日本の残り、米国の数件 |

37セッションのうち **本物の人間は良くて5件** 。これが新規ドメイン取得4日後の「現実」です。

## なぜGA4はこれを除外してくれないのか

GA4には **「Known bots and spiders を自動除外」** 機能がありますが、これは [IAB/ABCのSpiders & Botsリスト](https://www.iab.com/guidelines/iab-abc-international-spiders-bots-list/) に基づいた古典的なクローラー除外で、以下を取り逃がします。

- **JavaScript実行型クローラー**: GPTBot、ClaudeBot、PerplexityBotといった生成AI系の新興クローラーはJSを実行するため、GA4のtagが発火する
- **SEOツール系クローラー**: AhrefsBot、SemrushBot、MozBotなどは実行頻度が高く、新規ドメインを発見すると一斉にクロールしに来る
- **ヘッドレスブラウザ経由のスクレイパー**: Puppeteer / Playwrightベースのカスタムbotは見分けがつかない

**新規ドメイン取得直後は、このクローラー群が「IPアドレスの空き地」を発見しに来るフェーズ** にあります。1週間〜10日でDNSが各社に伝播しきると落ち着きますが、初週のGA4を真に受けると判断を誤ります。

## 教訓: 新規プロジェクトの初週ダッシュボードに書くべき3つの注釈

1. **「Engaged Sessions」を主指標にする**: GA4の「エンゲージメントセッション」は10秒以上滞在 or 2PV以上 or コンバージョン発生のいずれかを満たすセッション。ボットの大半はここで弾かれる
2. **国別の滞在時間分布を必ず見る**: 1指標(セッション数や PV)を国別フィルタなしで見ると、ボット軍団が成果に化ける
3. **取得後30日は「ノイズフェーズ」と割り切る**: 真っ当な数字が出てくるのは、SNS導線・SEO・コンテンツ拡充が揃ってからです

## まとめ: 自分のGA4も同じ目で見直してみてください

新規ドメインのGA4は、最初の1〜2週間は ほぼ嘘つきです。 米国・東欧・東南アジアからの「滞在0秒セッション」が並んでいたら、それはクローラーの大行進であって、あなたのコンテンツに惚れた人間ではありません。

判定の順番はシンプル: **5軸で殴る → 二峰分布を疑う → Engaged Sessionsを基準に置き換える** 。これだけで、初期データに振り回されずに済みます。

GA4を疑う技術は、判断ミスを避ける技術でもあります。データに殴られる前に、データを殴り返しましょう。

---

**この記事は実データに基づきます**

- 対象サイト: [kaoriq.com](https://kaoriq.com) (2026-05-02ドメイン取得、Astro v6 + Tailwind v4で構築中)
- 計測期間: 2026-04-22 〜 2026-05-05 (実質4日稼働)
- データ取得: GA4 Data API v1beta、Service Account経由
- 分析ツール: 自作の `harness-ops/tools/ga4/analyze.py` (公開準備中)

---

# Strategist に WebSearch を持たせたら 5テーマ選びに 20分かかった - Observer / Strategist / Marketer 3役分離で 3分にした話

URL: https://kenimoto.dev/ja/blog/observer-strategist-marketer-3-yaku-bunri/
Lang: ja
Date: 2026-05-14
Description: 1つのエージェントに観測+戦略+実行を全部やらせていたら、5テーマ選定に20分・12万トークン消費していました。Observer / Strategist / Marketer の3役に分離したら3分・トークン60%減。許可ツール設定、cronチェーン、Sub-agentとの違いまで実運用ベースで書きます。

私は最初、1つのエージェントに「観測+戦略+実行」を全部やらせていました。`claude -p` を1回叩いて「今日のテーマを5つ選んで記事を書いてくれ」と。エレガントな構成のつもりでした。

5テーマ選ぶだけで20分かかりました。

Observer / Strategist / Marketer の3役に分離したら、同じ仕事が3分で終わるようになりました。トークンコストは約60%減。エージェント1人1人は前より小さいことしかしないのに、パイプライン全体は速くなりました。

コツは「エージェントを増やす」ことではありません。**判断役からWebSearchを取り上げる**ことです。


## 20分かかっていた1エージェント構成

最初の構成は1プロンプト・1エージェント・1ラン。

> 「昨日のGA4データを見て、今日のテーマを5つ選んで、優先度1位の記事を書いてくれ」

許可ツールは `Bash, Read, Write, Edit, Grep, Glob, WebSearch, WebFetch` をフル開放。必要そうなものは全部入れていました。

エージェントは各候補テーマについて似たような動きをします。「このジャンルで今ホットな話題は」とWebSearch、「このトレンドの裏取り」でWebSearch、「競合の最近の言及」でまたWebSearch。5テーマ × 3-4回の検索で、1回の実行に15-20回のWebSearchが入る計算です。検索結果はそれぞれ数千トークンを判断コンテキストに積み上げます。

テーマ3を選んでいる頃には、判断コンテキストに4万トークン以上のWebSearch結果が積み上がっています。シグナル対ノイズ比が崩壊します。エージェントは「自分のコンテンツ資産に合ったテーマ」ではなく「最近のニュースで確認できたテーマ」を選び始めました。

表面に出た症状は時間です。1ランあたり約20分。隠れた症状は判断ブレでした。私は週次レビューでエージェントの選定をしょっちゅう上書きしていました。書く素材を持っていないテーマばかり選んでくるからです。

## なぜ判断ループにWebSearchを混ぜると壊れるのか

WebSearchそのものは悪くありません。**判断ループに混ぜる**のが罠です。

判断役にWebSearchを持たせると、2つのことが起きます。

**時間**: WebSearch 1回は 5-20秒。5テーマ × 4回 = 20回。検索だけで合計100秒以上が消えます。人間が手で1質問するなら誤差ですが、毎日走る自動ジョブだとここが効いてきます。

**コンテキスト汚染**: 1検索結果は2,000-5,000トークンのHTMLスクレイピング済みページテキストを判断コンテキストに突っ込みます。SEO向けに最適化されたマーケコピーの山で、「このテーマは自分のコンテンツに合うか?」という判断には設計されていません。判断役は「自分のデータ」ではなく「マーケコピーの山」から推論するハメになります。

直し方は地味です。**判断役にWebSearchを持たせない**。WebSearchは執筆役の持ち物にする。

## Role 1: Observer - 集めるだけ

Observerの仕事は「昨日の数字を取ってきてファイルに書く」これだけです。

入力: GA4、Zenn API、Dev.to API、前日のログ。出力: `domains/<name>/data/snapshot-YYYY-MM-DD.json`。

許可ツール設定:

```bash
claude -p "$(cat scripts/prompts/observer-prompt.txt)" \
  --allowed-tools "Bash,Read,Write"
```

WebSearchなし、WebFetchなし、Editもなし。Observerは `curl` で3つのAPIを叩いて、1つのJSONファイルを書く。それだけです。「データを解釈しよう」と気を利かせ始めても、プロンプトで禁じています。スキーマでも縛っています。フィールドは `total_views`、`top_performers_3`、`errors_yesterday`。`recommendation` フィールドは存在しないので、判断を書こうとしても置く場所がありません。

ダウングレードに見えるかもしれません。実際そうです。神オブジェクトを単機能関数に分割するのと同じ意味でのダウングレードです。Observerが落ちたら、どのAPIが壊れたか即わかります。それしかやっていないので。

## Role 2: Strategist - 判断するだけ、WebSearchなし

StrategistはObserverが書いたsnapshotを読み、`strategy.md` のルールを読み、過去30日の公開テーマを除外リストとして読み、5テーマを決めます。以上。

```bash
claude -p "$(cat scripts/prompts/strategist-prompt.txt)" \
  --allowed-tools "Bash,Read,Write,Edit,Grep,Glob"
```

抜けているものに注目してください。`WebSearch`、`WebFetch` がない。物理的に許可ツールから外しています。Strategist は外部にアクセスする手段がありません。

ここは私も最後まで抵抗しました。「最新トレンドを見ないでどうやって今日のテーマを判断するんだ」。これは問いが間違っていました。正しい問いは「自分は他所でバズっているテーマを書くのか、自分のコンテンツ資産に合うテーマを書くのか」です。

Strategistが見るもの:

- 3ヶ月分の自分のパフォーマンスデータ (何が読まれたか)
- 自分のコンテンツ資産 (Book章、未公開ドラフト)
- 30日除外リスト (何を書いたか)
- 自分の `strategy.md`

これだけあれば5テーマを90秒で選べます。20分ではありません。Strategist 1ランあたりのトークン消費は約8万から約2万に下がりました。読むWebSearch結果がないからです。

「WebSearchで根拠を増やす」は良いアイデアに聞こえました。実際に起きたのは、8回の冗長な検索と4万トークンのノイズの追加でした。

## Role 3: Marketer - 実行する、WebSearchはここ

MarketerはStrategistの判断ログを読み、優先度1位のテーマを取り、記事を書きます。WebSearchが出てくるのはここです。

```bash
claude -p "$(cat scripts/prompts/marketer-prompt.txt)" \
  --allowed-tools "Bash,Read,Write,Edit,Grep,Glob,WebSearch,WebFetch"
```

Marketer のWebSearchは「執筆中の調査」用です。

- 「LangGraph の2026年安定版バージョン」
- 「Anthropic の Building Effective Agents 公式URL」
- 「Inngest のcronトリガー料金プラン」

これは引用と裏取りであって判断ではありません。「このテーマを書くか」はもう決まっています。Marketer のWebSearchは目の前の記事の範囲に閉じています。

ここから2つの副作用が出ます。

1. **コストが局所化する**: WebSearch 課金は Marketer の中で発生し、目に見える成果物 (記事) を生みます。Strategist の1ランあたりコストは小さくなったので、週に複数回回しても気になりません。
2. **失敗が局所化する**: WebSearch が不調や障害のときに壊れるのは Marketer (書く役) だけです。Strategist は今日の判断を出します。Observer は昨日の数字を記録します。パイプラインは劣化はしても止まりません。

## cronチェーン - 3役はどう繋がるか

3役は会話履歴で繋がりません。**ファイルで繋がります**。

```text
07:00  Observer    → snapshot-2026-05-14.json を書く
09:00  Strategist  → snapshot を読み、strategist-2026-05-14.md を書く
10:00  Marketer    → strategist.md を読み、下書き + 22:00 公開予約
22:00  Observer    → 今日の初動を記録 → 明日のインプット
```

これを私はVPS上の素のcronで回しています。crontab全文は[harness-engineering-guide 第11章](https://kenimoto.dev/ja/books/harness-engineering-guide)に載せていますが、要点は1ジョブ1行、`set -euo pipefail`、`trap ... ERR`、Telegram失敗通知、ロックファイル。1役あたりシェル約30行です。

cronより耐久性が欲しいなら、[Temporal Schedules](https://temporal.io/blog/orchestrating-ambient-agents-with-temporal)、[Inngest のcronトリガー](https://www.inngest.com/)、[GitHub Actions cron](https://docs.github.com/ja/actions/using-workflows/events-that-trigger-workflows#schedule) のどれも同じ形に乗ります。アーキテクチャはどれを使うかには無関心です。私がcronなのは「サーバーが落ちたら気付く」という失敗モードで運用したいからです。

引き継ぎは常にファイル。snapshot は JSON、strategist ログは Markdown、marketer ログも Markdown。人間も読める、日付付き、再実行可能。環境変数を1つ変えれば昨日の Marketer を昨日の Strategist ファイルに対して再走できます。Airflow を導入しなくても `backfill` が自然に手に入ります。

## Sub-agent との違い

私は別の記事で[Claude Code の Sub-agent 3つに同じPRをレビューさせたら41%意見が分かれた話](https://kenimoto.dev/ja/blog/claude-code-sub-agent-design)を書いています。「Sub-agent と3役分離って同じことじゃないの?」と聞かれることがありますが、別物です。

スライドだと似て見えますが、実運用ではまったく違う振る舞いをします。

| | Sub-agent (Claude Code Task tool) | 3役分離 (cron) |
|---|---|---|
| **スコープ** | 同一セッション、親エージェント配下 | 3プロセス、3ラン独立 |
| **状態** | 親が文脈を引き渡す | ディスク上のファイル |
| **タイミング** | 同期、親が待つ | 非同期、数時間空く |
| **失敗時** | 親がリトライ責任を持つ | 各ジョブが独立リトライ |
| **用途** | 「このコードベースを並列探索」 | 「昨日のPDCAを毎朝回す」 |

Sub-agent は**1タスク内の並列性**のための仕組みです。3役分離は**時間をまたいだパイプライン**のための仕組みです。混ぜると両方の最悪が出ます。cronのデバッグ難易度に、Sub-agentの共有コンテキストドリフトが上乗せされます。

私が使っている判定基準: **同じ会話内で答えを返したいなら Sub-agent。サーバー再起動を挟んでも生き残らせたいなら cron で別ジョブ**。

## 実測値

同じコンテンツスタックで両方の構成を回した実測です。

| 指標 | 1エージェント | 3役分離 | 変化 |
|---|---|---|---|
| 5テーマ選定時間 | 約20分 | 約3分 | -85% |
| 1日分のトークン | 約12万 | 約4.5万 | -62% |
| 月額API料金 | 約$60 | 約$22 | -63% |
| 週次再判定回数 | 週2-3回 | 週0-1回 | 減 |
| WebSearch障害でパイプ停止 | あり | なし | 解消 |
| 失敗時の平均デバッグ時間 | 30-60分 | 5-10分 | -80% |

意外だったのはトークンの計算でした。3エージェントに分けたらコンテキスト重複でトークンは**増える**と思っていました。実際は減りました。消えたWebSearch トラフィックが、役ごとに増えるオーバーヘッドより大きかったからです。

日々効くのはデバッグ時間です。1エージェント構成の「09:14でジョブが落ちた」では何も分かりません。3役構成の「09:14でStrategistが落ちた」なら、読むべき30行のスクリプトが確定します。

「エージェントを増やしたら速くなった」は直感に反します。本当は、増やしたから速くなったのではなく、**判断役からWebSearchを取り上げた**から速くなったのです。3役に分けたのは、それを物理的に強制できる構造を作るためでした。Observer と Strategist が外部にアクセスできなくなった瞬間、「もう1回だけ検索してみよう」という誘惑が消えました。

---

**関連記事**: [自然言語エージェントハーネス (arxiv論文の整理)](https://kenimoto.dev/blog/natural-language-agent-harnesses-arxiv/)（英語版）でハーネスの概念を、本記事で実装パターンを書いています。crontab全文・プロンプトファイル・各役の許可ツール設定の完全版は [Harness Engineering: AIを使うから、AIを統べるへ](https://kenimoto.dev/ja/books/harness-engineering-guide) にまとめています。

---

# ページ単位のSEOはAIに見えていない: 引用されるのは「パッセージ」だった

URL: https://kenimoto.dev/ja/blog/passage-design-ai-citation-not-page-rank/
Lang: ja
Date: 2026-06-01
Description: AI検索が引用するのはページではなく「一節(パッセージ)」。検索3位の私の記事が引用され、1位の記事が無視された理由と、私が全記事に使うようになった4階層のパッセージ設計をまとめます。

私は2年間、検索1位を取ることに人生を捧げていました。そんなある日、AIアシスタントがGoogle検索3ページ目に沈んでいた私の記事を引用し、同じクエリで1位だった記事を完全に無視する瞬間を目撃しました。正直、けっこう効きました。同時に、自分が最適化してきた対象そのものが間違っていたことも分かりました。

誰もはっきり言ってくれなかった事実はこれです。**AI検索はページを引用しません。引用するのは「パッセージ(一節)」です。**

## 単位が変わったのに、誰も通知してくれなかった

従来のSEOには「ページ」というたった一つの単位がありました。URLが順位を持ち、URL全体が上がったり下がったりする。仕事の中身は過酷ですが、頭の中のモデルはシンプルでした。

AI検索はそのモデルを静かに捨てました。ChatGPT SearchやPerplexity、GoogleのAI Overviewsが質問に答えるとき、10本の青いリンクを並べたりはしません。答えを「組み立て」、その部品を複数のソースに散らばった特定の段落、つまりパッセージから引っ張ってきます。

私の3ページ目の記事が引用されたのは、これが理由でした。その記事の中の1段落が、ユーザーのサブクエリにきれいに答えていたのです。一方の1位ページには、そういう段落がありませんでした。何か引用できることを言う前に、2,000字の前置きがあったのです。Googleはそのマラソンを評価しました。AIが欲しかったのは1文の明快な答えで、たまたま私の負け犬記事がそれを持っていた、というわけです。

研究もこれを裏付け続けています。AI Overviewsの引用元のかなりの割合は、そもそもオーガニック検索トップ10にすら入っていません。ページ順位と引用される確率の関係は、ゆるく相関する程度です。つまり、ページをひとかたまりの塊として最適化し続けているなら、AIが一度も見ない単位を磨いていることになります。

## 「スナッパビリティ」とは結局なにか

スナッパブルなパッセージとは、AIが切り出して答えにそのまま貼り付けても、周囲の文脈ゼロで意味が通る一節のことです。この「文脈ゼロで」という部分が勝負のすべてです。

自分で試してみてください。最新記事のどれか1段落を空のドキュメントに貼り、前後を見ずに読む。それは単独で立っていますか。それとも「これ」「したがって」「前述のとおり」といった言葉で、上の3段落に寄りかかっていませんか。文脈から切り離されて生き残れない段落は、AIも切り出しません。なぜならAIがやっているのは、機能的に言えば「文脈から切り離してコピペする」ことだからです。

私の昔の文章は、このテストに見事なまでに落第しました。どの段落も前の段落の乗客でした。人間が上から下へ読むぶんには最高です。機械が真ん中の一行だけをつかむぶんには、無価値でした。

## 私が今書いている4階層構造

3ページ目の屈辱のあと、私は下書きの仕方を作り直しました。今はコンテンツを、小さいものから大きいものへ4つの階層で考えています。


**Atomic(原子): 単独で完結する1つの事実。** 前置きなしで真実かつ引用可能なことを述べる1文です。「TypeScriptは2012年にMicrosoftがリリースした言語です」。「弊社のソリューションは多くのチームのお役に立ってきました」ではありません。AIが欲しいのは責任を持てる事実であって、曖昧な安心材料は事実ではありません。

**Mini(ミニ): 2〜3文で1つの概念。** 概念とその帰結を定義するのにちょうど足りる量で、それ以上は書きません。私の経験上、AIアシスタントが最もよく引用するのはこの単位です。完結した一つの考えでありながら、答えの枠にちゃんと収まるからです。

**Section(セクション): 見出し＋複数パッセージ。** 見出しは装飾ではなく検索の仕事をしています。見出しを「読者が実際にタイプする質問」の形で書けば、AIに対してラベルの付いた引き出しを差し出したことになります。

**Cluster(クラスタ): トピックを所有する関連ページ群。** 1ページで領域全体はカバーできません。密にリンクされたページ群は、あなたが一度きりではなく繰り返し引用に値するソースであることを示します。

実務上の変化は小さいけれど執拗です。隣の段落に依存する段落を書くのをやめ、誘拐されても困らない段落を書き始めた、それだけです。

## 結論ファースト、前置きはゼロで

殺さなければならなかったもう一つの癖が、前置きです。私はかつて、どのセクションも文脈から始め、緊張を高め、最後に手品師のように答えを明かしていました。AI検索は手品師が大嫌いです。1文目でウサギをテーブルに出してほしいのです。

そこで私は結論ファーストに切り替えました。昔ながらのPREP法(Point・Reason・Example・Point)に近い書き方です。まず結論、それから理由。「パッセージ最適化を使うべきか」と聞かれたら、1文目は「はい。AIはページではなく段落を引用するからです」で、説明はそのあとに続きます。AIは冒頭をつかんで先へ進めるし、深く読みたい人間はそのまま読み続ける。全員が得をして、誰も種明かしを待たされません。

一問一答ブロックはさらに強力です。質問そのものを見出しにし、その下に引き締まった2文の答えを置く。これはおそらく最も切り出しやすい構造です。ユーザーがAIに尋ねた形そのものを鏡写しにするので、マッチが簡単すぎるくらいです。

## 数字は撒き餌で、AIは食いつく

私が気づき、あとで研究を見つけたパターンがあります。具体的な数字を含むパッセージは、形容詞を含むパッセージよりはるかに引用されやすいのです。Princeton中心の生成エンジン最適化(GEO)研究では、統計・引用・出典を加えるとAI回答内での可視性が最大**40%**向上したと報告されています。これは誤差ではありません。引用されるソースになるか、誰も見なかったソースになるかの分かれ目です。

そこで私は下書きを見直し、ふんわりした主張を硬い数字に変えていきました。「スキーマ実装はAI可視性を意味あるレベルで高めうる」は、具体的なケースになりました。Sharp HealthCareは構造化データの全面刷新後、9ヶ月で**AI経由のクリックが843%増加**したと報告しています。前者は忘れられる1文、後者は引用されるのを待っている1文です。

このフレームワークの元になった章は、同じ方向のデータをもっと挙げています。サブクエリ最適化や、平凡なパッセージへの統計の追加による引用増などです。手法によってばらつくので、正確なパーセンテージは「方向性」として扱うのが無難ですが、方向そのものは私が見たかぎりどこでも一貫しています。具体は引用され、曖昧はスキップされる、です。

## 構造化データはパッセージの名札

パッセージが引用を取ってくるなら、構造化データはあなたを「読み取れる存在」にします。スキーマ(JSON-LD)は、ページの各かたまりが実際に何なのかを機械に伝えます。これは質問、これはその答え、これは著者、これは公開日、と。Perplexityの挙動を見ると、きれいな構造化データを持つコンテンツには可視性の上乗せがありますし、BraveのLLMコンテキスト系ツールは、マークアップが導いてくれればテーブルの行レベルまで抽出できます。

こう考えると分かりやすい。スキーマのない優れたパッセージは、ラベルのない紙切れに書かれた見事な答えです。スキーマは、機械がそれを正しく整理し、また見つけ出せるようにするラベルなのです。

## 鮮度もまたパッセージの属性

過小評価していたレバーをもう一つ。鮮度です。AIは新しいソースを好み、その差は私の想像より大きいものでした。数時間前に更新されたコンテンツと、1ヶ月放置されたコンテンツとでは、引用頻度が数十パーセント単位で変わりうる。Adobeの指針はおおむね「重要コンテンツを数週間おきにリフレッシュ」あたりに着地しています。だから私はもう、パッセージを書いて放置しません。価値の高いものを定期的に見直し、数字を更新し、日付を更新する。パッセージは記念碑ではなく、観葉植物です。

## 私が今、実際にやっていること

今日、記事を書くとき、私のチェックリストは短くて少し容赦がありません。

- 各段落は切り出しても意味が通るか。通らないなら書き直す。
- 各セクションは答えから始まっているか。違うなら答えを上に動かす。
- 主張は具体的で数字付きか。違うなら数字を探す。
- 構造はスキーマで機械可読か。違うなら付ける。
- 価値の高いパッセージは新しいか。古いなら更新する。

従来の順位を今も気にはしています。消えたわけではありません。でも、ページを「最適化する対象」として扱うのはやめました。ページはただの容器です。パッセージこそが製品です。そしてURLではなく段落のために書き始めた日が、AIアシスタントが私の文章を、一生会わない誰かに引用し始めた日でした。

AI抽出可能なコンテンツ構造のより詳しい分解は、[llmoframework.com](https://llmoframework.com) のコンテンツ設計ノートがパッセージと構造化データの階層を深掘りしています。この考え方の正典は、あちらと、ここに置いています。

4階層・構造化データのパターン・その背後にある計測ループまで含めた全体像は、[LLMO: AI検索最適化](https://kenimoto.dev/ja/books/llmo-ai-search-optimization) にまとめました。

---

# robots.txtにAIクローラー13個の個別ルールを書いた。30日後、守ったのは3つだけだった

URL: https://kenimoto.dev/ja/blog/robots-txt-ai-crawler-rules-30-days-only-3-followed/
Lang: ja
Date: 2026-05-24
Description: AIクローラー13個に対して個別のAllow/Disallowをrobots.txtに書きました。30日後にサーバーログを集計したら、ルールを守ったのは3つだけ。残り10個はDisallow指定したパスに普通にアクセスしていました。何を守ってもらえて、何が紳士協定で終わるのか、実測した結果を書きます。

robots.txtは紳士協定です、と昔の人は言いました。30日測ってみたら、紳士だったのは13人中3人でした。

私は4月、自分のドメイン(kenimoto.dev)のrobots.txtに、AIクローラー13個に対する個別ルールを書きました。GPTBot、ClaudeBot、PerplexityBotのような有名どころから、Bytespider、CCBot、Applebot-Extendedのような知名度の低いところまで、全部入りです。Allow指定、Disallow指定、wildcard指定を混ぜて、わざと「ここは見せる」「ここは見せない」を分けました。

30日後、Cloudflareのログを集計しました。**13クローラーのうち、Disallow指定を完全に守ったのは3つだけ**でした。残り10個は、私が「ここは来ないでね」と書いたパスに、平気な顔でアクセスしていました。

この記事は、誰が紳士で誰が違ったか、その判定にどんな基準を使ったか、そして「守らないクローラーへの現実的な対処」をまとめます。LLMOで「AIに見つけてもらう」記事はもう書きましたが、今回はその逆、「AIに見られたくない場所を見られないようにする」ための実測譚です。

## 何を計測したか

30日測ったのは2026年4月22日から5月22日です。対象ドメインはkenimoto.devで、英日葡西の4言語版があるブログサイトです。robots.txtには13のAIクローラーUser-Agentを書き、それぞれに対して以下のいずれかを指定しました。

| 種類 | 指定 | 意図 |
|------|------|------|
| 全面許可 | `Allow: /` のみ | サイト全体を学習・引用に使ってよい |
| 部分許可 | `Allow: /` + `Disallow: /drafts/`、`Disallow: /admin/`、`Disallow: /private/` | 本記事と公開ページはOK、未公開と内部用はNG |
| 全面拒否 | `Disallow: /` | このクローラーは一切来ないでほしい |

13クローラーの内訳と、私が指定した内容は次のとおりです。

| User-Agent | 運営 | 私の指定 |
|------------|------|---------|
| GPTBot | OpenAI | 部分許可 |
| ChatGPT-User | OpenAI | 部分許可 |
| OAI-SearchBot | OpenAI | 部分許可 |
| ClaudeBot | Anthropic | 部分許可 |
| anthropic-ai | Anthropic (旧) | 部分許可 |
| Google-Extended | Google | 部分許可 |
| PerplexityBot | Perplexity | 部分許可 |
| Perplexity-User | Perplexity | 部分許可 |
| Applebot-Extended | Apple | 部分許可 |
| Amazonbot | Amazon | 部分許可 |
| Bytespider | ByteDance | 全面拒否 |
| CCBot | Common Crawl | 全面拒否 |
| cohere-ai | Cohere | 部分許可 |

「Disallow指定を守った」の判定基準はシンプルです。30日間で当該User-Agentが`/drafts/`、`/admin/`、`/private/`のいずれかにアクセスを試みたログが**0件**であること。1件でもあれば「守らなかった」に分類しました。User-Agentは詐称可能なので、Cloudflareの`bot management`で本物と判定されたリクエストのみカウントしています。

ノイズの判定はこうです。`/drafts/`に対するアクセスが30日で1〜2件なら、私はノイズ扱いにしませんでした。1件でもDisallowを破ったらクローラーの設計判断とみなす、という厳しめの基準です。

## 守った3つ

30日間、Disallow指定を完全に守ったのは次の3つでした。

### GPTBot (OpenAI、学習用)

公式の宣言どおりです。OpenAIは[gptbot.txt](https://platform.openai.com/docs/gptbot)で「robots.txtを尊重する」と明記していて、その通りでした。`/drafts/`配下へのアクセス試行は0件。サイトマップから引いたURLだけを律儀にクロールしていきました。アクセス頻度は1日あたり40〜80回、安定したペースで来ています。

### ClaudeBot (Anthropic)

これも守りました。30日間で`/drafts/`へのアクセスは0件、`/admin/`も0件。アクセス頻度はGPTBotより少なく、1日10〜30回程度。AnthropicがClaudeBotの[挙動ドキュメント](https://docs.claude.com/en/docs/build-with-claude/web-search)で明記している「robots.txtに従う」が実装されていました。

### Google-Extended

3つの中で一番律儀でした。Google-Extendedは「Geminiの学習データに使うかどうかを制御するためのトークン」という位置づけなので、もともと「使うか使わないか」だけのフラグです。Disallowを書けば来ないし、Allowを書けばサイトマップを巡回します。30日で`/drafts/`への試行0件、安定。

この3つに共通するのは、**いずれも上場企業の本体が運営していて、公式に「robots.txtを尊重する」と明記している**という点です。当たり前と言えば当たり前ですが、当たり前を当たり前に実装する企業は半分以下というのが30日後にわかった事実です。


## 守らなかった10個の振る舞い

残り10個は、それぞれ違う守らなさ方をしていました。せっかくなので、悪気の度合い順に並べてみます。

### 軽く破ったグループ(4個)

PerplexityBot、Perplexity-User、Applebot-Extended、Amazonbotはこのグループです。Disallow指定したパスへのアクセス試行が30日で5〜30件ほどありました。ほとんどはサイトマップに載っていないリンクをどこかで拾ってきて踏みに来た、というパターンです。サイトマップに従っていれば踏まないはずのパスに、外部リンクや過去のキャッシュから到達しているように見えます。

設計判断としてはこうです。「robots.txtのDisallowを最終的なフィルタとしては使っていない。サイトマップを正とした巡回を基本にしているが、外部からのリンクで到達した場合は内容を確認してから判断する」。紳士協定としてはギリギリ及第点、技術的にはアウト、というレンジです。

### 構造的に破ったグループ(3個)

OAI-SearchBot、ChatGPT-User、cohere-aiがこのグループです。アクセス試行が30日で50〜200件あり、しかも`/drafts/`配下を網羅的に踏みに来ていました。

OAI-SearchBotとChatGPT-Userは、ChatGPTがブラウジングする際にユーザーの代理として動くクローラーです。私の推測では「ユーザーが質問したURLにアクセスする」という挙動なので、robots.txtのDisallowが効きにくい設計になっています。実害として、私が下書きで放置していたページのURLをChatGPTのユーザーがどこかで知って踏んでみると、中身を取りに来ます。

cohere-aiは、私が「学習用に使ってほしくない」と書いたパスにも普通に来ました。これは Cohereの学習クローラーの設計判断だと思っています。

### 完全無視グループ(3個)

Bytespider、CCBot、anthropic-ai(旧)です。私は全面拒否 (`Disallow: /`) を書いたのに、Bytespiderは30日で**3,400件**のアクセスがありました。Common CrawlのCCBotは2,100件、anthropic-ai(旧)は800件です。

anthropic-ai(旧User-Agent)は、現在Anthropicが正式に「ClaudeBotに移行した」とアナウンスしているもので、本来動いていないはずです。動いていました。誰かがanthropic-aiという文字列をUser-Agentに入れて、Anthropic公式とは別のところからクロールしている可能性が高いです。

Bytespiderは「ByteDance(TikTokの親会社)のクローラー」として知られていますが、彼らが「robots.txtを完全には尊重しない」というのは2024年から[何度も指摘されてきた話](https://blog.cloudflare.com/declaring-your-aindependence-block-ai-bots-scrapers-and-crawlers-with-a-single-click)で、私の30日でもその振る舞いが追認できました。

## 「守らない」への対処

ここから先は実装の話です。Disallowを守らないクローラーに対する選択肢は3つあります。

**選択肢1: WAFで弾く**。Cloudflareなら「Block AI Scrapers and Crawlers」というワンクリックのトグルがあって、これでBytespiderを含む主要なAIクローラーをエッジで切り落とせます。私が30日測ったあと、Bytespiderとanthropic-ai(旧)はこれで弾きました。アクセス数は翌日に**99.5%減**(3,400件→17件)。残りはUser-Agentを偽装しているリクエストです。

**選択肢2: IPベースでrate limit**。CCBotはCommon Crawlの公式IPレンジが公開されているので、IPベースで拒否できます。User-Agent詐称を回避するなら、これが一番固い。

**選択肢3: 諦めて全公開する**。OAI-SearchBotやChatGPT-Userのように「ユーザー代理でアクセス」する系統のクローラーは、技術的に止めるのが難しいです。代わりに、`/drafts/`を本当に見られたくないならBasic認証をかける、というのが現実解になります。robots.txtに頼らず、HTTPの認可レイヤーまで降りる必要があります。

私の最終的な構成はこうなりました。

- 紳士の3つ(GPTBot/ClaudeBot/Google-Extended): robots.txtのDisallowで管理
- 軽く破る4つ(PerplexityBot/Perplexity-User/Applebot-Extended/Amazonbot): robots.txtを残しつつ、`/drafts/`にBasic認証を追加
- 構造的に破る3つ(OAI-SearchBot/ChatGPT-User/cohere-ai): Basic認証で完全保護
- 完全無視の3つ(Bytespider/CCBot/anthropic-ai旧): CloudflareのAI Scrapers Blockで弾く

「robots.txtだけで全部を守ろうとしない」が30日後の私の結論です。robots.txtは「紳士に対する案内状」として有効、「敵に対する盾」としては機能しません。

## llmoframework.com で言われているのと同じ話

LLMOの実装ガイドを書く側として、私は[llmoframework.com](https://llmoframework.com)の「AIクローラー対応」セクションに「robots.txtは入口の表札であって鍵ではない」と書きました。30日測って、その言い回しの妥当性が裏付けられた感じです。表札としてのrobots.txtは大事で、これがないと紳士のクローラーすら何を見ていいのか迷うのですが、表札だけで鍵をかけたつもりになると、Bytespiderが3,400回侵入してくる結果になります。

LLMOで「AIに見つけてもらう」側を最適化するのと、「AIに見つけてほしくないものを守る」側を最適化するのは、同じrobots.txtを編集する作業ですが、結果として必要な道具が違います。前者はrobots.txtとsitemap.xmlで十分、後者はWAFとHTTP認可レイヤーまで降りないと足りない、という非対称があります。

## まとめ

30日測ってわかったことは3つです。

1. **公式宣言と実挙動は4割ほどしか一致しない**。13クローラー中、Disallowを完全に守ったのは3つ。GPTBot、ClaudeBot、Google-Extendedだけです
2. **「守らない」には3段階ある**。軽く破る(サイトマップ外のリンクから到達)、構造的に破る(ユーザー代理)、完全無視(設計判断として無視)。それぞれ対処が違います
3. **robots.txtは表札であって鍵ではない**。本当に守りたいものはHTTP認可レイヤーまで降ろす、それ以外はWAFで弾く、紳士には案内状を残す、というレイヤー設計が現実解です

紳士が3人いて、ぎりぎり許せる人が4人いて、構造的にダメな人が3人いて、最初から無視する人が3人いる。これは人類のサンプリングとしてはちょっと厳しいですが、AIクローラーのサンプリングとしては妥当な分布だと思います。

---

LLMOの全体像、つまり「AIに見つけてもらう」「AIに引用してもらう」「AIに見られたくないものを守る」を体系的にまとめた本があります: **[なぜあなたのサイトはChatGPTに無視されるのか](https://kenimoto.dev/ja/books/llmo-ai-search-optimization)**。本記事のrobots.txt章は、本では1章分にあたります。llms.txt、JSON-LD、構造化データ、引用率KPIまで含めた12章構成です。

関連記事として、[5つのAIクローラーが私のサイトに来た: 30日サーバーログ](https://kenimoto.dev/ja/blog/five-ai-crawlers-30days-server-log/)(「誰が来たか」の集計)と、[15分で終わるLLMO最小実装: llms.txt + JSON-LD](https://kenimoto.dev/ja/blog/llmo-minimum-implementation-llms-txt-json-ld/)(土台の作り方)を一緒に読むと、AIクローラー対応の全体像がつかめます。

---

# 同じサイトを7つのAI引用トラッカーに入れたら、7つとも違う数字を返してきた

URL: https://kenimoto.dev/ja/blog/seven-ai-citation-trackers-different-numbers/
Lang: ja
Date: 2026-05-18
Description: kenimoto.dev を15日間、7つのAI引用トラッカーに同時に登録して計測した。最小は38、最大は312。同じサイト、同じ期間、同じ12クエリ。なぜそんなに離れるのか、結局どれに金を払う価値があるのかを実測で書く。

私は最初、7つのトラッカーを並べれば多数決で正解が出ると思っていました。実際に並べたら、7つとも違うことを言っていて、多数決すら成立しませんでした。

最小値は38、最大値は312。同じサイト、同じ15日間、同じ12クエリです。倍率にして 8.2 倍の開きでした。先に結論を書くと、私が最後まで残したのは月29ドルの一番安いやつでした。理由は「一番正確だったから」ではなく「自分が何を数えているか正直に書いてあったから」です。


## 計測の前提

私は kenimoto.dev を4言語で運用しています。AI検索が本当にこのサイトを見ているのか、ずっと気になっていました。気がついたら、各社の無料トライアルが受信箱に溜まっていたので、全部いっぺんに同じ条件で走らせてみたわけです。

自分に課したルールは次の4つです。

- 対象サイトは kenimoto.dev 一本に絞る（/ja/、/pt/、/es/ も含む）
- 計測期間は 2026年5月1日から5月15日までの15日間
- 12個のブランドクエリを一度だけ作り、全ツールで共通利用する
- 5つのLLM（ChatGPT、Claude、Gemini、Perplexity、Copilot）への参照を見たい

12個のクエリは、たとえば「Claude Code のサブエージェント構成のおすすめ」「LLM 引用の計測方法」「300ms以下の音声AIスタック」など、私のコンテンツが元々狙っている領域から選びました。

ツールは7つ選びました。商用が6つ、自前のスクリプトが1つです。7という数字にこだわったのは見出しのためですが、現実的にLLMO担当者が比較検討する候補数も大体これくらいです。

採用したツールは以下の通りです。

1. **Profound**（月499ドル、エンタープライズ向け、SOC2 / HIPAA対応）
2. **Peec AI**（月89ユーロ、ベルリン拠点、多言語に強い、115言語以上）
3. **Otterly AI**（月29ドル、最安、Semrush 連携あり）
4. **Bluefish AI**（要問い合わせ、Fortune 500 向け）
5. **Scrunch**（中位帯の可視性計測ツール）
6. **Semrush AI Toolkit**（既存SEOスイートに同梱）
7. **自前のPythonスクリプト**（OpenAI、Anthropic、Perplexity の API 利用、月8ドル相当）

各ツールに kenimoto.dev を登録し、UI が許す範囲で12クエリを共通設定にし、15日間放置してエクスポートしました。

## 数字

同じサイトに対して、各ツールが返してきた引用数は以下のとおりです。

| ツール               | 引用数 | 最小値との比 |
| -------------------- | ------ | ------------ |
| Otterly AI           | 38     | 1.0倍        |
| 自前 Python          | 54     | 1.4倍        |
| Semrush AI Toolkit   | 71     | 1.9倍        |
| Bluefish AI          | 89     | 2.3倍        |
| Profound             | 147    | 3.9倍        |
| Scrunch              | 203    | 5.3倍        |
| Peec AI              | 312    | 8.2倍        |

最小と最大の差は 8.2 倍です。誤差とか丸めの話ではなく、まるごと別の値です。

最初は私もエクスポート結果を読み違えたのかと思って、各社のドキュメントを並べて読み直しました。答えはそこにありました。

## なぜ 7 つの数字が割れたのか

各社のドキュメントを横並びで読むと、これはバラツキではなく「定義の問題」だと分かります。バラツキの軸は4つあります。

### 1. 「引用」の定義そのものが違う

これが一番大きい要因でした。各ツールは違うものを数えていて、それを全部「citation」と呼んでいます。

- **Profound** は、LLM の回答にあなたのドメインへのクリック可能なソースリンクが含まれている場合のみカウントします。厳格でアトリビューションには使えますが、リンクなしの言及は全部こぼれます。
- **Peec AI** は、回答テキストにブランド名が出たら全部カウントします。リンクの有無は問いません。Perplexity が「Ken Imoto が書いたこのガイドが参考になる」と言ったら、リンクなしでも1カウントです。これが最大値の理由です。
- **Otterly AI** は Profound に近く、ただし「同一クエリ・同一日」で重複を排除します。それで数字が大きく圧縮されます。
- **Bluefish AI** は競合との Share of Voice 計算を返します。引用数というよりも順位に近い指標です。
- **Scrunch** はブランド言及とソースリンクの両方をカウントし、重複排除なしです。中の上ぐらいの数値になります。
- **Semrush** は構造化された回答の URL フィールドにあなたのドメインが出た場合のみカウントします。最も厳格な解釈です。
- **自前 Python** は私が決めた通りに数えます。今は「回答テキストにブランド文字列が出る、クエリごとに重複排除、3サンプル平均」です。

この中の任意の2つの定義は、絶対に一致しません。これはベンダーが悪いのではなく、業界がまだ「引用とは何か」の共通定義を持っていない、という話です。

### 2. サンプリング対象の LLM が違う

私が気にしている5つの LLM のうち、全部をカバーしているツールはほぼありません。

| ツール       | ChatGPT | Claude | Gemini | Perplexity | Copilot |
| ------------ | ------- | ------ | ------ | ---------- | ------- |
| Profound     | ○       | ×      | ○      | ○          | ×       |
| Peec AI      | ○       | ○      | ○      | ○          | ○       |
| Otterly      | ○       | ×      | ○      | ○          | ×       |
| Bluefish     | ○       | ×      | ○      | ×          | ○       |
| Scrunch      | ○       | ×      | ×      | ○          | ×       |
| Semrush      | ○       | ×      | ○      | ○          | ×       |
| 自前 Python  | ○       | ○      | ×      | ○          | ×       |

Peec AI だけが5つ全部を見ています。それだけでサンプリング面積が大きく、最大値になる理由のひとつです。Scrunch は ChatGPT と Perplexity の2つだけしか見ていないのに数字が大きいので、その2つの面で実際に多く引用されているとも読めます。

ChatGPT だけを気にしているなら、どのトラッカーを選んでも大差ありません。Gemini や Claude が重要なら、選択肢は半分以下になります。

### 3. サンプリングの頻度と重複排除のルール

ほとんどのツールは各クエリを毎日走らせます。一部は週次です。Otterly は毎日走らせますが、24時間以内の重複を排除します。1日に5回言及されても1カウントです。Peec AI は毎日走らせて毎回別カウントです。15日 × 12 クエリの規模だと、これが効いてきます。

### 4. 多言語に対応しているか

私は4言語で公開しています。多くのツールはデフォルトで英語のみサンプリングし、明示的に言語セットを設定しないと他言語を見ません。Peec AI が一番役に立つ多言語数値を返してきた理由は、115言語をデフォルトで見にいくからです。他のツールは PT と ES のトラフィックをほぼ無視していて、結果として LatAm とブラジルで実際に起きていることを過小評価しています。

## つまらない結論: 定義を選んでから、ツールを選ぶ

2週間この数字を眺めて分かったのは、「どのトラッカーが一番正確か」という問いがそもそも間違っているということです。AI 引用には正解がありません。LLM はブラックボックスで、同じプロンプトでも時刻・地域・データセンターによって違う回答を返します。Google Search Console のような確定的なソースが存在しないのです。

正しい問いは「自分のビジネス成果に対応する『引用』の定義はどれか」です。

- **アトリビューション流入**（誰かが実際にリンクを踏む）を見たいなら、Profound か Otterly が向きます。リンク付き引用だけをカウントするので、数字は小さくなりますが GA4 のリファラデータと照合できます。
- **ブランド存在感**（リンクの有無を問わず、LLM があなたを言及している）を見たいなら、Peec AI が良いです。数字は大きく見えますが、「ChatGPT が回答の中で私の名前を口にしている」という事実に最も近いプロキシです。
- **競合ポジショニング**を見たいなら、Bluefish か Scrunch が競合セットをネイティブに扱います。
- **予算を抑えつつ自分で真実を握りたい**なら、自前スクリプトが一番です。私のは OpenAI、Anthropic、Perplexity の API を200行のPythonでラップしただけで、月8ドル前後です。生の回答テキストも取れるので、商用ツールがグラフの奥に隠している部分まで grep できます。

業界が共通定義を持つまでは、どのベンダーも違う数え方をして同じ単語を使います。[llmoframework.com](https://llmoframework.com/) が提案しているような分類軸が広まれば、ツール間の数字が初めて比較可能になります。

## 結局、私が残したツール

正直に書きます。私が今も使っているのは7つのうち2つだけです。

Otterly は残しました。安いし、厳格な定義が GA4 で検証可能だからです。「Otterly が引用ありと言っていて GA4 にもリファラクリックがある」のなら、両方信じます。自前 Python スクリプトも残しました。生テキストが取れるし、定義を明日変えたければ即変えられるからです。

残りは解約しました。悪いツールだからではありません。月499ドル払って、月29ドルのツールと整合しない数字を得ても、自分が賢くなるのではなく、むしろ判断が鈍るからです。

これから AI 引用トラッカーに金を出そうとしているなら、まず1文で「自分にとっての引用とは何か」を書いてみてください。次にベンダーに聞いてみてください、「あなたの定義は私の定義と一致しますか」と。多くは即答できません。それが答えです。

## 続きはこちら

この計測問題について、私が使っているPythonスクリプトと GA4 設定までまとめて書籍にしました。

[なぜあなたのサイトはChatGPTに無視されるのか - LLMO実践ガイド](https://kenimoto.dev/ja/books/llmo-ai-search-optimization)

---

# AIエージェントを7本cronで毎日回したら、2本が18日間沈黙していた — observabilityでは拾えず、exit-code契約で拾えた話

URL: https://kenimoto.dev/ja/blog/seven-cron-agents-18d-silent/
Lang: ja
Date: 2026-05-28
Description: cronに置いた7本のエージェント、2本が初日から動かず18日間気付かなかった。tracingは無力、exit-code契約 + 24h heartbeatでようやく拾えた実測ログ。

私はcronに7本のAIエージェントを置いていました。そのうち2本が初日から動いていませんでした。気付いたのは18日後です。

この一文で記事は終わるのですが、もし他の誰かがポッドキャストで同じことを言っていたら、私は反論していたと思います。「いやさすがに18日も気付かないわけない。tracingあるし、ダッシュボードあるし、Telegramで何かあれば通知来るでしょう」と。はい、それ全部ありました。それでもこの2本はすり抜けました。理由は単純で、私の監視レイヤは全部「動いているプロセス」を見ていたからです。動いていない2本は、どこにも映っていませんでした。

これは18日間のログです。何を7本動かしていて、どこで2本が静かに死んだか、なぜtracingでは拾えなかったか、そして今は全部のスケジュール実行エージェントに付けている小さなexit-code契約の話です。


## 7本のエージェントと「問題なさそうに見えた」セットアップ

私は同じサーバ上で2つのコンテンツドメインと1つのself-evolving harnessを回しています。各ドメインにObserver / Strategist / Marketerの3本、それと共通のEvolverが1本。これで合計7本。cronはだいたい次のような書き方でした。

```cron
0 9 * * * /home/me/repos/harness-ops/scripts/marketer-A.sh >/dev/null 2>&1
0 9 * * * /home/me/repos/harness-ops/scripts/marketer-B.sh >/dev/null 2>&1
```

それぞれのshell scriptは `claude -p "..."` をヒアドキュメント付きで呼び、出力をキャプチャして日次ログを書き、エージェントが「公開する」と判断した場合は記事を実際にpushして終わります。Telegram通知用のwebhookも仕込んであって、成功時にも `set -e` で死んだときにも飛ぶ、はずでした。この構成で2ヶ月ほど運用していました。

セットアップしたときに見落としていたのは、heredocの3行下です。Marketer 2本は別リポジトリにあるPythonヘルパーを呼んでいました。当時はそのリポジトリにcdしてシェルから動作確認していて、確かに通っていたのでチェックインしました。その後、別リポジトリ側を整理する流れでヘルパーのモジュール名を変えました。Marketer側の `import` 行は古い名前のまま、誰にも気付かれずに残りました。

ここから先はもう察しがつくと思います。`python3 helper.py ...` は `ModuleNotFoundError` で即座に exit 1。スクリプトの先頭は `set -euo pipefail`。10行目あたりで死にます。Telegram通知のブロックはもっと下、Python呼び出しの後ろ側に書いてあったので、そこまで到達しません。`>/dev/null 2>&1` でstderrは消えます。cronは `MAILTO=` を設定していません。毎朝、2本のエージェントが静かに死に、残り5本は普通に記事を公開していました。システム全体は健康に見えていました。

## tracingが見ていたもの、見ていなかったもの

ここは正確に書きたいところです。なぜなら18日目の朝、私は数時間かけて「もっとちゃんとしたtracingを入れていれば拾えたんじゃないか」と自分に言い聞かせようとしたからです。結論を先に言うと、ちゃんとしたtracingでも拾えませんでした。

`claude -p` の呼び出しからは OTEL のspanを吐かせていて、self-hosted collectorに集めて小さなダッシュボードに表示していました。token消費、tool-call latency、retry率、日次の総エージェント実行数。18日目の朝、ダッシュボードを見ると、日次の総実行数は18日連続でぴたっと「5」を指していました。本来は「7」のはずです。

tracingは「実行されたプロセス」を計測する仕組みです。遅い呼び出し、失敗した呼び出し、retryの嵐、そういうものは映ります。しかし「そもそも起動しなかったプロセス」は映りません。死んだ2本のMarketerは span を1本も吐いていませんでした。なぜなら、span を吐かせる場所が「import に失敗した当のヘルパー」の中だったからです。ダッシュボードから見れば、その2本は「今日存在しなかった」のと同じです。次の日も、その次の日も、ずっと存在しなかったことになっていました。

私はずっと間違った質問を見ていました。「動いているエージェントは元気か?」はtracingが答えられる質問です。「スケジュールされた7本のうち、本当に7本動いたか?」はtracingが答えられない質問です。動かなかった2本は、その「動かなかった」という事実そのものを誰にも報告できないからです。

[healthchecks.ioのdead man's switchの説明ページ](https://healthchecks.io/docs/monitoring_cron_jobs/)を読んだことがある人にはおなじみのはずです。「重要なデータ処理ジョブが、従来の監視システムに何の警報も上げずに停止することがある。サイレント失敗は、欠損データや破損結果に誰かが気付くまで、何日も何週間も続きうる」と書いてあります。私はあのページを以前読んでいました。ただ、自分のcronには適用しませんでした。Telegram通知があるから大丈夫と思っていたからです。Telegramは「スクリプトが到達した行」からしか飛びません。


## 後付けで入れたexit-code契約

直し方は「もっとobservabilityを増やす」ではありませんでした。エージェント自身に「自分の生死を報告してもらう」ことを諦めて、cron wrapper側に「エージェントの代わりに報告する責任」を持たせる方向です。スケジュール実行する全エージェントに、次の小さな契約を結ばせました。

1. **意味のあるexit codeを定義する。** 「0 = OK、それ以外 = NG」ではなく、もう少し細かく。sysexits.h を緩めに踏襲しました。`0` は「エージェントが走って仕事を終えた」、`64` は「config/環境エラー」(まさに `ModuleNotFoundError` のパターン)、`65` は「走ったが使える出力が得られなかった」、`78` は「意図的にスキップ」(Marketerが「今日は公開する記事なし」と判断したケース)。
2. **cron wrapperが報告を持つ。** エージェントスクリプトの仕事は「正しいexit codeで終わる」ことだけ。wrapperの仕事はその exit code を拾って、どこか永続的な場所に push すること。エージェントが成功しようが失敗しようが関係なく。
3. **成功時にもheartbeatを飛ばす。** 失敗時だけではなく成功時にも飛ばす。沈黙そのものをアラームにする。

cron wrapperはだいたいこんな形に落ち着きました。

```bash
#!/usr/bin/env bash
# scripts/cron-wrap.sh <agent-name>
set -uo pipefail
AGENT="$1"
SCRIPT="$HOME/repos/harness-ops/scripts/${AGENT}.sh"
HC_URL="https://hc-ping.com/<uuid-${AGENT}>"

START=$(date -Iseconds)
bash "$SCRIPT"
RC=$?
END=$(date -Iseconds)

# 成否によらず1行ずつログを残す
echo "${START} ${AGENT} rc=${RC} end=${END}" >> "$HOME/logs/cron-runs.log"

# exit codeをURLパスに埋めてpingする
# 24h ping切れ → healthchecks.io が私を呼ぶ
curl -fsS --retry 3 "${HC_URL}/${RC}" >/dev/null || true

# 非ゼロのみ即時escalate (78は意図スキップなので除外)
if [[ "$RC" -ne 0 && "$RC" -ne 78 ]]; then
  "$HOME/bin/tg-notify.sh" "agent=${AGENT} rc=${RC} see ~/logs/cron-runs.log"
fi
exit 0
```

このwrapperには、書き直すたびに少しずつ詰まったポイントが3つあります。

1つ目は `set -euo pipefail` ではなく `set -uo pipefail` にしたこと。エージェントスクリプトが失敗してwrapperごと死んでしまうと、pingに到達しないからです。pingに到達しなければhealthchecks.io側は「24時間後に呼ぶ」モードになりますが、それでは遅すぎます。wrapperは死なずに最後まで走り切って exit code を拾う必要があります。

2つ目はpingのURLにexit codeを埋めたこと。healthchecks.ioもCronitorも、URLの末尾に code を載せると最終exit codeをダッシュボードに残してくれます。なので、ログファイルを開かずに「Aは exit 64 だった」がひと目で分かります。

3つ目は `78` を意図的なスキップとして扱ったこと。Marketerが「今日は公開する記事がない」と判断して終わるケースは失敗ではないので、escalateしません。これをやらないと「今日は静かな日でしたよ」のたびにTelegramが鳴って、私が通知をミュートし始めて、結局運用が破綻します。アラート疲れで運用が死ぬのは、観測が死ぬよりよくある現象です。

## 入れた当日に拾えたもの

このwrapperを入れたのが、ちょうどMarketerたちが18日目に突入した朝でした。10分以内に `marketer-A` と `marketer-B` の両方がhealthchecks.ioのダッシュボードに「最終exit code: 64」で姿を現しました。中身のコードを開く前に、ダッシュボードでひと目で分かりました。

1時間以内に、importを直して、両方のスクリプトを手で走らせて exit 0 を確認、翌朝のcronで2本のMarketerが2週間半サボっていた記事を実際に公開し始めました。tracing側の日次実行数も「7」に戻りました。線はまだ平らですが、平らになっている値が正しい値です。

その翌日には、18日間ずっと健康だったはずのobserver-Bが exit 65 (「使える出力が得られなかった」) を返し始めました。ダッシュボードに反映されるまで20分。これがexit-code契約の本来の役割です。エージェントは動いたけれど出力がゴミだった、というケースを、2週間後ではなく当日に拾えます。

## 過去の自分に言うとしたら

2ヶ月前にこのcronを置いた自分は、別に怠けていたわけではありません。Telegram通知も、tracingダッシュボードも、日次ログも揃えてありました。[Twelve-Factor App の disposability の章](https://12factor.net/disposability)も読んでいました。「エージェントが失敗する」のと「エージェントがそもそも動かない」の違いについても考えていて、後者は十分まれだから無視していい、と判断していました。

ミスは「動かない」をレアケース扱いしたところでした。7本のスケジュール実行、3本のPythonヘルパー、独立に動く2本のリポジトリ、スクリプトの中盤にTelegram通知を仕込んでいるという構成では、「そもそも動かなかった」が最頻のサイレント失敗モードです。他の失敗よりも一桁以上多いと思います。

なので、過去の自分に言うとしたらコストの低い順に3つ。

1. **`MAILTO=` はタダ。** cronに `MAILTO=your-mail@example.com` を1行足すだけで、ジョブのstderrが自動でメール送付されます。アラート用コードに到達する前に死んだジョブでも届きます。これだけで私の18日間は1日目に終わっていました。systemd timerに移行している場合は [archwikiの systemd timer のページ](https://wiki.archlinux.org/title/Systemd/Timers) に `OnFailure=` での通知パターンがまとまっています。
2. **エージェントごとに自分が所有するwrapperを噛ませる。** エージェント本体に詰め込まない。wrapperの仕事は「exit codeを拾う」「pingする」だけ。エージェントよりも汚い書き方になってかまわないので、代わりに今後ほとんど変更しないようにする。
3. **沈黙を「うるさく」させる仕組みは success heartbeat。** 失敗通知はどこにでもあるけれど、「そもそも動かなかったエージェント」については何も教えてくれません。成功時にpingを飛ばして、ping切れで呼び出されるdead man's switchを置く。これが「2本が静かに死んでいる」を18日問題から1日問題に変えます。

なお、kenimoto.devでも書いた [Claude Code Hooks v2 — 25のライフサイクルイベントの記事](/ja/blog/claude-code-hooks-v2-25-events/)はエージェントが起動した「あとの」話なので、本記事の「そもそも起動しなかった」とは別レイヤを扱っています。Hookが発火する前提が崩れたときに何が起きるか、というのが今日の話でした。

tracingとobservabilityは、生きているプロセスを見るための道具です。exit-code契約は、そもそも生きているべきだったことを記録するための道具です。両方が必要で、cronの「set it and forget it」運用は後者がないと簡単に崩れます。私のは18日間崩れていて、私は毎朝そのサーバのダッシュボードを見ていました。

ダッシュボードは健康でした。ダッシュボードが見ていた質問のほうが、間違っていただけです。

## まとめ

- cronに置いた7本のエージェントのうち2本が、初日から `ModuleNotFoundError` で死に、18日間誰にも気付かれなかった
- tracingは「実行されたプロセス」を見る仕組みなので、「起動しなかったプロセス」は構造的に拾えない
- 解決はexit-code契約(`0/64/65/78`)とcron wrapperが代理で報告する仕組み、それと「成功時のheartbeat + dead man's switch」の3点セット
- 一番安いのは `MAILTO=` を1行足すこと。これだけで多くのサイレント失敗は当日中に拾える

## 関連

- [Claude Codeを3セッション並列で8時間動かしたら、2回コンテキストを上書きしていた話](/ja/blog/three-claude-sessions-parallel-8h-context-overwrite/) — 同時並列セッション側の事故。「衝突」と「沈黙」で対の関係。
- [他のエージェントを監査する4層目を足したら、Strategistが3週間サボっていた](/ja/blog/evolver-4-layer-strategist-procrastination-audit/) — 動いてはいるが procrastinate しているエージェントを上位層で監査する話。本記事のexit-code契約とレイヤが違う。

ハーネス全体のhooks / ライフサイクル / フィードバックループの章を含めて、本格的に読みたい方はこちらにまとめてあります: [Harness Engineering Guide: ツールから複利的生産性へ](https://kenimoto.dev/ja/books/harness-engineering-guide)。

---

# AIエージェントの予測を1つの数字で信じるな — Simulatorは点推定でなく確率分布を返すべき

URL: https://kenimoto.dev/ja/blog/simulator-distribution-not-point-estimate/
Lang: ja
Date: 2026-06-09
Description: 事業運営エージェント(Simulator)が「CAC=2,000円」と1つの数字で返すと、後続の意思決定エージェントが過信して判断が壊れます。信頼区間・モンテカルロ・分位点予測で不確実性を渡す実装の話です。

私は以前、自作の事業運営エージェントに広告施策の結果を予測させて、その出力を真顔で信じていました。「この施策のCACは2,000円です」。おお、2,000円か。じゃあこれでいこう。実際に回したらCACは3,400円でした。エージェントが嘘をついたわけではありません。私が、1つの数字を信じてしまっただけです。

問題は予測精度ではなく、出力の形でした。エージェントは「2,000円」と点推定で答え、私はそれを確定した未来として受け取った。そこに不確実性の幅はどこにもなかったのです。

この記事は、事業運営の自律エージェント(以下Simulator)の出力を「点推定」から「確率分布」に変えると意思決定がどう変わるか、という話です。結論から言うと、Simulatorが1つの数字を返した瞬間、後続の意思決定エージェントは確実に過信します。そして過信した意思決定は、平均的には正しくても、尾部で壊れます。


## 点推定が嘘になる瞬間

まず言葉を整理します。Simulatorは、戦略候補を入力に受け取り、過去データから予測される結果を返すモジュールです。「予算Xをチャネル配分Yで投下したらCACはどうなるか」を、実弾を撃つ前に推定する。実際に試せば確実にわかるけれど、試すまでに時間と金がかかる。その手前で候補を10個から3個に絞るために使います。

このSimulatorの出力が「CAC=2,000円」という1つの数字だったとします。これは厳密には嘘です。正確には「中央値は2,000円付近だが、1,500円から3,000円のどこかに着地する確率が高く、まれに3,400円まで跳ねる」が真実だからです。点推定はこの幅をゼロに潰して、確率1で2,000円だと言い切っている。エージェントが嘘をつくつもりがなくても、出力の形式が嘘をつかせるわけです。

ここで「いやでも中央値2,000円なら平均的には合ってるじゃん」と思うかもしれません。私もそう思っていました。罠はここにあります。意思決定は平均値の上で行われるのではなく、最悪ケースの上で破綻するからです。

## 過信する後続エージェント

Simulatorの出力を受け取って実際に判断を下すのは、後続の意思決定エージェント(Strategist)です。私のハーネスでは、Simulatorが候補を絞り、Strategistがその中から実行する施策を1つ選びます。役割を分けている理由は[別記事](/ja/blog/observer-strategist-marketer-3-yaku-bunri/)に書きました。

問題は、点推定を受け取ったStrategistの振る舞いです。「CAC=2,000円」という入力を見たStrategistは、これを2,000円という事実として扱います。LLMは入力に書かれた数字を、書かれた確からしさのまま受け取る傾向があります。「2,000円」とだけ書いてあれば、それが2,000円である確率を勝手に高く見積もる。人間が査読の数字を信じすぎるのと同じです。

そして2,000円という前提で予算配分を決め、損益分岐を計算し、「この施策はGOです」と判断する。実際には3,400円に着地して、計算した損益分岐は吹き飛ぶ。Strategistは何も間違っていません。間違った前提を、間違っていない手つきで処理しただけです。ゴミを入れたらゴミが出る、の高級版ですね。

点推定の本当の罪は、不確実性を消すことではありません。隠すことです。幅は実在するのに、出力の形がそれを見えなくする。見えないリスクは、誰も避けられません。

## 分布で返すと何が変わるか

ではSimulatorに分布を返させます。同じ予測を、こう書き換えます。

```json
{
  "metric": "cac",
  "median": 2100,
  "ci_low": 1600,
  "ci_high": 2800,
  "p95": 3400,
  "samples": 1000,
  "model_scope": "marketing-v3 / 過去90日 / paid-social のみ"
}
```

中央値2,100円、95%信頼区間が1,600円から2,800円、上側5%点(p95)は3,400円。これを受け取ったStrategistは、もう「2,000円」とだけ言われたときの判断はできません。「中央値で見ればGOだが、p95の3,400円を踏むと損益分岐を割る」という条件付きの判断に変わります。最悪ケースが入力に明示されているので、最悪ケースを避ける判断ができる。

`model_scope` フィールドも効きます。この予測は過去90日のpaid-socialデータで訓練されたモデルが出したもので、メール施策やオーガニック流入には適用範囲外だと明示してある。Strategistが文脈外の予測を信じる事故を防げます。点推定にはこの注釈を貼る場所すらありませんでした。

分布の作り方は難しくありません。私はモンテカルロでサンプルを1,000本引いて、その分布から分位点を取り出しています。冒頭のCLIならこうです。

```bash
simulator predict --strategy=strategies/paid-social-q3.yaml \
  --horizon=30d \
  --samples=1000
```

`--samples=1000` で1,000本のシナリオを引き、その経験分布から中央値・信頼区間・p95を計算する。モデルの誤差が正規分布でなくても、サンプルを引いて分位点を取るだけなので素直です。分位点予測(quantile regression)で直接p50/p90を推定する手もありますし、近年は予測区間にキャリブレーション保証を付けるconformal predictionも使えます([Bui et al., AAAI 2024](https://ojs.aaai.org/index.php/AAAI/article/view/30084))。難易度の高い予測ほど区間が自動で広がる、という性質が後続の意思決定と相性がいい。

## 分布を渡しただけでは足りない、という不都合

ここで気持ちよく終わりたいのですが、不都合な研究を1つ置いておきます。「予測区間を渡せば意思決定の質が上がる」は、自動では成り立ちません。生産計画の被験者実験では、予測を区間で提示しても判断の質は改善せず、むしろ損失関数の非対称性への適切な反応をかえって鈍らせた、という報告があります([Goodwin et al., EJOR 2010](https://www.sciencedirect.com/science/article/abs/pii/S0377221709009485))。区間を渡された人間が、それをうまく使えなかったわけです。

これはエージェントでも同じだと私は見ています。分布を入力したからStrategistが賢くなるのではありません。Strategistの判断ロジック側に「p95がこの閾値を超えたら除外」「信頼区間が中央値の何倍以上に広がったら実弾でなくA/Bテストに回す」といった、分布を消費する明示的なルールを書いて初めて効きます。データを渡すことと、データを使う意思決定設計は別物です。分布は前提条件であって、十分条件ではない。

私のワークフローでは、候補をランキングする段で「信頼区間が広すぎるものは除外する」というルールを明示的に置いています。広い区間は「Simulatorが自信を持てていない」というシグナルなので、そういう候補は実弾でなくA/Bテストという次の検証層に送る。速くて安いが仮定依存のSimulatorと、遅くて高価だがモデル非依存のA/Bテストを、不確実性の幅で振り分けるわけです。

## まとめ

私は信長の野望を15年やっていて、布石を打つのが好きです。あのゲームで一番痛い負け方は、確実だと思った一手が外れたときではなく、外れる可能性を最初から見ていなかったときです。点推定は、まさにこの「外れる可能性を画面から消す」操作でした。

整理します。

- Simulatorが点推定で返すと、後続の意思決定エージェントは入力の数字を過信し、最悪ケースを避けられなくなる
- 出力を中央値・信頼区間・p95の分布にすると、Strategistは条件付きの判断ができ、尾部リスクを回避できる
- 分布の生成はモンテカルロのサンプリングと分位点抽出で十分実装できる。分位点予測やconformal predictionも選択肢
- ただし分布を渡すだけでは足りない。意思決定側に「区間が広ければA/Bテストに回す」等のルールを書いて初めて効く

1つの数字は便利です。便利だから信じてしまう。でも事業の意思決定で本当に知りたいのは「だいたいいくらか」ではなく「最悪いくらまで覚悟するか」です。次にあなたのエージェントが点推定を1つ返してきたら、こう聞いてみてください。「で、その数字、95%信頼区間はどこからどこ?」。黙ったら、まだ信じる段階じゃありません。面白くいきましょう。

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/ja/)*

---

# Claude Code Skills は発火しなくてもトークンを食う — 5 Skills × 7時間セッションで「使われなかった」3つが18%食べていた

URL: https://kenimoto.dev/ja/blog/skills-loaded-3-never-fired-18/
Lang: ja
Date: 2026-05-30
Description: 1セッションに Skill を5つロードして7時間動かしたら、3つは一度も呼ばれなかった。それでも全トークンの18%を持っていった。実測した請求書と棚卸し後に7%まで落とした手順を残しておきます。

Skills はカスタムコマンドの上位互換で、しかも「使わなければタダ」だと思っていました。タダではなかったです。家賃でした。

この一文がこの記事のすべてです。残りは私が「家賃」を払っていた証拠を並べるパートになります。

ある火曜日、私は Claude Code の1セッションに Skill を5つロードして7時間動かしました。PRレビュー、TypeScript移行、DBマイグレーション検証、ログ追跡、CSV整形。このうち3つは、その日**一度も発火しませんでした**。発火ログを2回見直してから「本当に動いていない」と確認しました。それでもこの3つだけで、その日の総トークンの**約11%**を食べていました。発火した2つの分も合わせると、Skills 合計で **18%** になります。

私はそれまで、同僚に「Skill は呼ばれたときだけトークンを食うから、入れっぱなしでも問題ない」と説明していました。これは間違っていました。しかも実測できる規模で間違っていました。

## Skills が実際にロードされるタイミング

これは公式仕様で書かれていることなのに、私は流し読みしていました。

セッション開始時、Claude Code はスコープ内のすべての Skill を読みます。このとき context に入るのは `SKILL.md` の frontmatter にある `name` と `description` だけです。本文はまだ入りません。本文がコンテキストに入るのは、Claude が description とプロンプトをマッチさせて発火を決めたとき、または私が明示的に `/skill-name` と打ったときです。本文は一度入るとセッション終了かコンパクションまで残ります。

私が見落としていたのはここから先です。**description は1ターンごとに context に乗ります**。セッション開始時に1回だけではありません。私が新しいメッセージを送るたび、Claude が応答を返すたびに、description はプロンプトの一部として再評価されます。1つの description が約300トークン、5つで約1,500トークンの「この Skill は何ができるか」という説明文が、毎ターン billing に乗っていたわけです。

80ターンのセッションを回せば、同じ description を160回支払うことになります。1つあたりは小さい。しかし常に乗っている。これがからくりです。

## 計測したセッションの構成

私は Claude Code を日常的に使っています。計測した日は、午前中に PR トリアージ、午後に長めのリファクタリング、夕方に雑なシェル探索、という普段の火曜日でした。Claude Code の1セッションを通しで開いたまま、すべての応答を `--output-format json --verbose` でラップして、`usage` フィールドをログに残しました。

`~/.claude/skills/` にロードされていた5つの Skill は以下のとおりです。

| Skill | description 長 | 用途 | 発火した? |
|-------|---:|------|:---:|
| `review-pr` | 約310トークン | PR レビュー手順 | はい (11回) |
| `migrate-ts` | 約290トークン | TS 移行ヘルパー | はい (2回) |
| `migrate-db` | 約340トークン | DB マイグレ検証 | いいえ |
| `trace-logs` | 約270トークン | ログ追跡パターン集 | いいえ |
| `clean-csv` | 約280トークン | CSV 整形レシピ | いいえ |

description 合計は1ターンあたり約1,490トークン。これが CLAUDE.md・プロジェクトコンテキスト・会話履歴の上に毎ターン積まれていました。

セッション時間は7時間12分、84ターン、入出力合計は約210万トークン (プロンプトキャッシュはほぼ常時オン) でした。

## 請求書の中身

ログから、トークン消費を3つに分けました。「総消費」「Skills が一切ロードされていなかった場合の推定値」「その差分」です。実数は以下になります。

| カテゴリ | トークン | 割合 |
|----------|------:|------:|
| 会話・CLAUDE.md・コード読み込み | 1,720K | 82% |
| 発火した Skills (`review-pr` + `migrate-ts`) | 147K | 7% |
| 発火しなかった Skills (description のみ × 3つ) | 231K | 11% |
| **合計** | **2,098K** | **100%** |

実際に仕事をした2つの Skill は7% を食べました。これは問題ありません。手順をタイプし直す手間を省けたぶん、たぶん同じくらいの節約をしてくれました。

問題は、一度もマッチしなかった3つです。**11%**。リターンはゼロです。プロンプトキャッシュが効いていると description の1ターンあたりコストはある程度吸収されますが、完全には消えません。私のプロンプトが変わるたびにキャッシュ境界の手前で description が再トークナイズされ、input_tokens に乗ります。それで11%でした。


## 棚卸ししてもう1日回してみた

翌朝、同じワークロード (同じ PR セット、同じ種類のプロンプト) を、前日に実際に発火した2つの Skill だけをロードして実行しました。総消費は約1,872Kトークン。前日比で約11%減です。ノイズはありますが、「ドーマントだった3つの description が払っていた家賃」の試算とほぼ一致しました。

自分の環境で同じことを確認したい場合は、`claude` をラップして JSON で usage を読むスクリプトを通せば一目です。

```bash
claude -p "$YOUR_PROMPT" --output-format json --verbose \
  | jq '{input: .usage.input_tokens, cached: .usage.cache_read_input_tokens, output: .usage.output_tokens}'
```

ターンごとの `input_tokens` がベースラインで上方ドリフトしているなら、それは description の家賃を払っているサインです。

## なぜこれが意外だったか

私は Skill を「プログラミング言語の import 文と同じで、呼ばれない限りコストは0」と勘違いしていました。import がタダなのはコンパイラが未参照のものを捨てられるからです。Claude Code はそれができません。description こそが「いつこの Skill を呼ぶか」を判定する材料なので、description は毎ターンプロンプトに乗っている必要があるからです。遅延ロードしたら、そもそも呼び出すかどうかの判断ができなくなります。

これは設計上のトレードオフで、しかも正しいトレードオフです。ただし、その帰結として「インストールされているだけで使われていない Skill」の限界コストは0ではありません。ターンごとの小さな税金です。長いセッションでは積み上がります。

ここで Hooks と混同しないでください。Hooks は Claude Code がイベントに応じて意図的に発火させる仕組みです (pre-tool / post-tool / session-end 等)。Hooks の定義は description としてシステムプロンプトには入らず、`settings.json` から harness が呼ぶだけです。**使われていない Hook のコストは本当にゼロです。使われていない Skill のコストは description × 全ターン分です。** ここは別物として認識しておきたいところです。

MCP server とも違います。MCP server はセッション開始時にツールリスト全体をシステムプロンプトに乗せます (1サーバーで27,000トークン規模という別の計測例もあります) が、こちらはサーバー単位の固定費です。Skill のほうが1つあたりは小さいですが、数が増えがちで、毎ターン × Skill 数 で乗算的に効いてきます。

## Skill 棚卸し5ステップ

私は今、これを月1回のルーティンにしています。10分で終わります。

1. **スコープ内のすべての Skill をリストアップ**: `ls ~/.claude/skills/` と、プロジェクトレベルの `.claude/skills/` と、Plugin 由来の Skill。全部紙に書き出します。
2. **各 Skill が最後に発火した日時を出す**: セッションを `--output-format json` でロギングしているなら、tool-use エントリから Skill 名を grep するだけ。していないなら記憶頼りになりますが、記憶はだいたい不正確です。
3. **過去30日で1回も発火していないものを「候補」にマーク**: ここではまだ削除しません。フラグだけ立てます。
4. **候補を1週間だけ "倉庫" に移動**: 私は `mv ~/.claude/skills/<name>/ ~/.claude/skills-attic/` のように物理的に動かしています。1週間使って、不便を感じなければ、それは家賃でした。
5. **同じワークロードで input_tokens のベースラインを再計測**: 候補を抜いた状態で同じ種類の作業をして、`input_tokens` が明確に下がるなら、節約が見えた状態です。

罠を1つ挙げるなら、「30日発火していない=即削除」にはしないことです。四半期に1回しか使わないけれど、その1回で価値を出してくれる Skill があったりします。「倉庫に移動」が安全な中間状態です。

ちなみに Zenn の Claude Code Hooks 7パターン記事 (2026-05-29) と混ざりやすいので念のため明記しておくと、**この記事は Hooks の話ではなく Skills の話**です。Hooks は「意図的にイベントで発火させる装置」、Skills は「条件付きで発火するが、ロードされているだけで description が課金される装置」。機構が違います。

## 私の手元で何を変えたか

3つの Skill を倉庫に移しました。1つは来月、DB マイグレーションの予定があるので戻ってきます。残り2つはたぶんこのまま消えます。発火していた2つはそのまま。

この記事を書いている今のセッションも Skill 2つ運用です。ターンごとの input_tokens のログがきれいに横這いになりました (以前はじわじわ右肩上がりでした)。11% という数字は、口頭で言うと地味に聞こえます。Claude Code Max の月額換算なら ¥30,000 × 18% ≒ ¥5,400/月、未発火3つ分だけでも ¥3,300/月。Sonnet API の従量プランなら使い方次第ですが、いずれにせよ実弾です。「テキストファイル3つをコンテキストに置いておくため」に毎月支払っている、と言うと我ながら情けない金額の出方をしています。

たくさん Skill を入れたい気持ちは正しいです。便利だからです。ただ、その便利さには「ターンごとの税金」がついていて、その税金は見に行かないと見えない、ということだけ知っておいてください。

モニターの上に貼っておきたい一文はこうです。**ロード済み ≠ アクティブ ≠ 呼ばれたとき分だけ請求、ではない。**

`claude -p` の `usage.input_tokens` を眺めてみてください。あの数字は最初からこの話を教えてくれていたのに、私はずっと見ていませんでした。

---

Hooks / MCP / Sub-agents / Plugins とあわせて「どの拡張機構がどこにコストを乗せているか」を1冊にまとめたのが [Claude Code Mastery](https://kenimoto.dev/ja/books/claude-code-mastery) です。今回の「description が毎ターン billing に乗る」というカラクリの根っこにある context window 経済学は [Context Engineering](https://kenimoto.dev/ja/books/context-engineering) のほうにまとめてあります。

---

# 43秒の異常が24時間の障害になった: メトリクスの急変と漸増を見分ける時系列デバッグ

URL: https://kenimoto.dev/ja/blog/spike-vs-gradient-time-series-debug/
Lang: ja
Date: 2026-06-10
Description: 障害対応の初速は時系列パターンの読み分けで決まる。スパイク(急変)とグラデーション(漸増)、3つの時間スケール、最初の異常の特定。GitHubとCloudflareの事例で解説します。

障害対応で私が最初にやらかすのは、たいてい「目に見えている異常」に飛びついてしまうことです。レスポンスが遅い、というアラートが鳴った瞬間、ロードバランサのCPUを疑い、アプリのスレッドダンプを取り、データベースのスロークエリを眺める。30分かけて何も見つからず、ようやくダッシュボードの表示期間を1時間から1週間に広げて、3日前から静かに右肩上がりだったメモリ使用量に気づく。原因はそこにありました。

この遠回りは、ほぼ全部「グラフの形を読まずに数字だけ追った」ことが原因でした。今日はその話を書きます。

## たった43秒が24時間に化けた日

数字を1つ置きます。43秒。これは2018年10月21日にGitHubで起きたネットワーク分断の時間です。US East Coastのネットワーク機器の交換作業で、2つのデータセンター間の接続が43秒だけ切れました。通常ならフェイルオーバーが処理して、ユーザーは気づきもしない長さです。

ところがこの43秒のあいだに、両方のデータセンターが独立してデータベースへの書き込みを受け付けてしまいました。いわゆるスプリットブレインです。ネットワークが復旧したあとも、矛盾する書き込みを安全に統合する作業が残り、GitHubの全面復旧には24時間11分かかりました(復旧途中の段階では「24時間5分」という数字も報告されています)。43秒が24時間に化けた。倍率にしておよそ2,000倍です。

ここで効いたのが、タイムラインの正確な再構成でした。「どちらのデータセンターが先に書き込みを受け付けたか」を秒単位で確定できなければ、安全な統合手順そのものが組めません。障害の規模は43秒では決まらず、その43秒を起点に何が連鎖したかで決まりました。時系列を読む力が、復旧速度を直接左右したわけです。

## システムのメトリクスは心電図だ

ここで一度たとえ話をさせてください。私はメトリクスのダッシュボードを心電図(EKG)だと思って見ています。健康な心臓には固有のリズムがあって、医師は波形の乱れから異常を読み取ります。システムのメトリクスもまったく同じで、正常なときには正常なリズムがあり、そこからの逸脱が障害の兆候になります。

差分(何が変わったか)が「犯人は誰か」を問うのに対して、時系列分析は「いつ、どんな形で容体が変わったか」を問います。そしてこの「どんな形で」の部分が、原因の性質をかなり正直に教えてくれます。波形を読めれば、聴診器を当てる場所がぐっと絞れるのです。

## 急変と漸増: 形が原因の種類を教える


メトリクスの変化は、大きく2つの形に分かれます。

**急変(スパイク)** は、グラフが突然跳ね上がる、あるいは急降下する形です。これは「特定のイベントが起きた」ことを示しています。デプロイ直後にエラーレートが跳ねる。設定変更の直後にレイテンシが急増する。外部サービスが落ちて接続エラーが一気に増える。スパイクの場合、スパイクの開始時刻がそのまま原因の発生時刻を指します。その瞬間に何が起きたかを調べれば、かなりの確率で原因に届きます。GitHubの事例なら、ネットワーク分断が始まった時刻が、すべての異常の起点でした。

**漸増(グラデーション)** は、メトリクスがゆっくり悪化していく形です。これはリソースの枯渇や負荷の蓄積を示しています。メモリ使用量が数日かけて100%に近づく。コネクションプールの使用率がじわじわ上がる。ディスクが毎日数GBずつ埋まる。レスポンスタイムが週単位で重くなる。こちらで見るべきは「いつ閾値を超えたか」ではなく「いつから増え始めたか」です。その増加の始点に、コードの変更やトラフィックパターンの変化が必ず潜んでいます。

冒頭で私が30分溶かしたのは、漸増を急変だと思い込んでスパイクの瞬間を探し続けたからでした。心電図でいえば、健康診断の数値が3日前から悪化していたのに、今朝の不整脈だけを探していたようなものです。

## 3つの時間スケールで見ないと初期異常を見逃す

この急変と漸増の見分けが厄介なのは、表示期間によって同じグラフがまったく違う顔をするからです。

障害の5分前から見ると鋭い急変に見えるものが、1週間で引いて見ると漸増の最後の局面だった、ということが普通に起きます。逆に、長い期間では平坦に潰れて見える微小な変化が、短い期間にズームすると初期の異常として浮かび上がることもあります。心電図を1拍だけ見ても不整脈の周期はわからないのと同じです。

なので私は、最低でも3つのスケールで見るようにしています。直近1時間、直近24時間、直近1週間。1時間で「今まさに何が暴れているか」を、24時間で「今日のうちに何かが変わったか」を、1週間で「ベースラインからどうずれたか」を読みます。このうち1つでも飛ばすと、初期異常を取りこぼします。私が3日前のメモリ漸増を見逃したのは、1時間スケールしか見ていなかったからでした。

ベースラインを知っておくことも前提になります。CPU 80%が異常なのか、それとも毎日昼過ぎに80%まで上がるのが平常運転なのかは、平常時の波形を知らなければ判断できません。曜日や時間帯のパターンを頭に入れておくと、「これはいつもの山」「これは違う」の判断が一瞬で済みます。

## 最初に目に入る異常は、最初の異常ではない


時系列デバッグでいちばん難しく、いちばん効くのが「最初の異常」を見つけることです。ここでいう最初の異常とは、ユーザーに影響が出た時刻ではなく、システム内部で最初に数値が動いた時刻のことです。

2025年11月18日のCloudflare障害が、わかりやすい例です。発端はClickHouseクラスタの権限変更で、これが入ったのが11時05分(UTC)。ところがユーザー向けのレスポンス劣化が始まったのは11時28分でした。あいだに23分の空白があります。

この23分のあいだに何が起きていたか。権限変更によって、ある内部クエリが重複した行を返すようになり、Bot Management用の特徴ファイルのサイズが倍に膨れました。その肥大化したファイルが世界中のプロキシへ伝播し、各プロキシのメモリ上限を超えてクラッシュを引き起こし、そこで初めてユーザーから見えるレスポンス劣化になりました。障害は11時28分から17時06分まで、5時間38分続きました。

ここに罠があります。アラートが鳴った11時28分から調査を始めると、最初に目に入るのはプロキシのクラッシュです。プロキシのメモリを増やそう、再起動しよう、と手を打ちたくなります。でも本当の起点は23分前の権限変更でした。複数のレイヤーでバッファリングが起きると、原因と症状は時間的にずれます。「目に入った異常」を起点に対処すると、症状を追いかけ続けることになります。

最初の異常を起点に置けると、調査の地図が一気に書き換わります。23分前まで遡れたかどうかが、初速を分けたわけです。

## 相関と因果のあいだに時刻ずれを挟まない

ただし、ここで足元をすくわれることがあります。複数のメトリクスを同じ時間軸に重ねて「レイテンシのスパイクとCPUのスパイクが同時刻だからCPU起因だ」と読むのは強力な手筋ですが、その「同時刻」が本当に同時刻である保証は、案外もろいのです。

分散システムでは、サーバーごとに時計が少しずつずれています。NTPで全サーバーの時刻を同期させておかないと、数秒のずれでイベントの前後関係が逆転して見えます。原因のログが結果のログより後ろに記録されていたら、人間の脳は素直に因果を取り違えます。GitHubの事例で2つのデータセンターのイベントを突き合わせられたのも、正確なタイムスタンプがあったからでした。

時刻基準を揃える前提は3つあります。NTPで時計を合わせること。ログのタイムスタンプ形式を統一すること(あるサービスはUTC、別のサービスはJST、さらに別のサービスはUnixエポック秒、では突き合わせに余計な時間がかかります)。そして問題の粒度に合った解像度を持つこと(秒単位のメトリクスではミリ秒の因果は見えません)。

サービスを横断して時刻と因果をつなぐ標準的な道具が、分散トレーシングです。W3Cの Trace Context は、`traceparent` という共通フォーマットのHTTPヘッダで、リクエストがサービス間を渡り歩いても同じトレースIDで追えるようにする仕様です。2025年時点で Level 2 が Candidate Recommendation の段階まで進み、トレースIDの乱数性を示すフラグが追加されるなど、相関の信頼性を上げる方向で改訂が続いています。手元の時計を合わせるのがNTPなら、リクエストの旅路に共通のIDを持たせるのがトレーシングです。両方そろって初めて、別々のサービスのログを安心して同じ時間軸に並べられます。

それでも、時系列分析が見つけてくれるのはあくまで相関です。デプロイ直後にエラーが増えたとして、たまたま同じタイミングで外部サービスが落ちていた可能性は消えません。相関を因果に昇格させるには、ロールバックして実際にエラーが消えるか、設定を戻して回復するかを確かめる、再現の一手が要ります。とはいえ、時系列上の相関は因果を確定する前のフィルタとしては最も有力な手がかりです。

なお、原因が人間でもAIでもない「コードそのものが嘘をつく」タイプのバグについては、別の軸で[Claudeがバグを隠す10の技法](/ja/blog/claude-bug-kakushi-debug-10-techniques-prompt/)に書きました。あちらはAIが生成したコードに潜む欺瞞の話で、今日の時系列観測の技法とはレイヤーが違いますが、合わせて読むと「観測でわかること」と「観測の外で起きること」の境界が見えると思います。

## まとめ

障害対応の初速は、グラフの形を読めるかどうかでだいたい決まります。

- 急変(スパイク)はイベント起因、スパイクの開始時刻が原因の時刻を指す
- 漸増(グラデーション)は蓄積・枯渇起因、増加の始点を探す
- 直近1時間・24時間・1週間の3スケールで見る。1つ飛ばすと初期異常を見逃す
- 「最初の異常」はユーザー影響時刻ではなく、システム内部で最初に数値が動いた時刻
- 相関を因果と取り違えないために、NTP同期・タイムスタンプ統一・トレース相関で時刻基準を揃える

メトリクスは嘘をつきません。でも、読み手が正しい問いを持っていなければ、ただの折れ線として黙ったままです。今日のいちばんの教訓は、私のように30分溶かす前に、まず表示期間を1週間に広げてみることです。

---

# Claude Codeに渡すコンテキストを足すのをやめた — ツール出力を間引いたら長時間タスクの精度が戻った

URL: https://kenimoto.dev/ja/blog/stopped-adding-context-pruning-recovered-accuracy/
Lang: ja
Date: 2026-06-04
Description: コンテキストは足すほど賢くなると思っていました。ツール出力と無関係ファイルを間引いたら、トークンが4割減って、長時間タスクの精度がむしろ戻りました。何を入れないかを決める話です。

私はずっと、コンテキストは足すほど良いと思っていました。CLAUDE.mdを厚くして、関連しそうなファイルを全部読ませて、ツールの出力もそのまま残す。情報が多いほどClaudeは賢く動くはずだと。

その信念は、3時間かかる移行タスクの途中で崩れました。Claudeが序盤に決めた設計方針を、終盤になって自分で忘れていたのです。間違ったファイルを2回触り、私が前半で「触るな」と言ったディレクトリに勝手に手を入れました。原因はプロンプトではありませんでした。コンテキストが太りすぎて、肝心な指示が埋もれていたのです。

そこで逆をやりました。足すのをやめて、間引きました。結果、トークンが約4割減って、長時間タスクの精度がむしろ戻りました。今回はその話です。

## 「足すほど賢い」が嘘になる地点

コンテキストには、効く量の上限があります。

Claude Sonnetは20万トークンの窓を持つと謳っています。でもSourcegraphのGeoffrey Huntley氏は、[実際には14万7000〜15万2000トークンあたりで品質が落ちる](https://ghuntley.com/redlining/)と報告しました。窓の容量と、実際に使える容量は別物だということです。

この劣化は「context rot」と呼ばれます。トークンが増えるほど、再現性と正答率が静かに下がる現象です。30分を超えるセッション、20ファイル以上を触るタスク、複数フェーズにまたがる推論。こういう長時間タスクで、まったく違う失敗の仕方が出てきます。私が遭遇したのはまさにこれでした。

新人に例えるなら、こうです。資料を3枚渡せば即戦力になります。同じ新人の机に資料を300枚積んだら、どこに何が書いてあるか探すだけで一日が終わります。情報量と戦力は、どこかで反比例に転じます。

## 私が間引いた3分類

何を消すか。私が間引いた対象は3つに分かれました。

### 1. ツール出力の生データ

これが一番効きました。`npm test`の全ログ、`grep`の何百行、APIレスポンスの巨大なJSON。Claudeはこれを全部コンテキストに溜め込みます。でも本当に必要なのは「テストが3件落ちた、ファイルはこれ」という結論だけです。

Anthropic自身も、[ツール結果のクリアリングとコンパクション](https://platform.claude.com/cookbook/tool-use-context-engineering-context-engineering-tools)を公式の対策として用意しました。context editingでツール出力を消し、長い会話はcompactionで要約する。私が手でやっていたことに、ちゃんと名前と機能がついていたわけです。

私の運用では、ツール出力をそのまま残すのをやめて、要点だけ手元のメモに書き出し、生ログはコンテキストから外しました。これだけでトークンの大半が消えました。

### 2. 無関係ファイル

「念のため読ませておこう」で開いたファイルです。移行タスクなのに、関係ないコンポーネントを5つ読ませていました。安心料のつもりが、ノイズの仕入れでした。

### 3. 古い会話の往復

序盤の試行錯誤です。「このアプローチで行こう」と決まった時点で、そこに至るまでの失敗した3案は、もう要りません。決定だけ残して、過程は捨てます。`/compact`にカスタム指示を渡せば、重要な決定を残しつつノイズだけ削れます。

## 間引き前後の数字

同じ移行タスクを、間引き前と後で比べました。

| 項目 | 間引き前 | 間引き後 |
|---|---|---|
| 使用トークン | 約14万 | 約8万4000 |
| 設計方針の保持 | 終盤で逸脱 | 最後まで保持 |
| 私の再指示回数 | 6回 | 1回 |
| 触った無関係ファイル | 2件 | 0件 |

トークンは約40%減りました。でも本当に効いたのは、Claudeが序盤の指示を最後まで覚えていたことです。再指示が6回から1回に減りました。劣化の谷である14万トークン台を、そもそも踏まなくなったからです。

ここで強調したいのは、私は新しいテクニックを足していないという点です。むしろ引きました。RAGの層を増やすのとは逆の方向です。賢さを足すのではなく、邪魔を引いたら、元の賢さが戻ってきた。それだけの話です。


## 「足す」より「入れない」が難しい理由

正直に言うと、間引きは足すより難しいです。

足すのは簡単です。不安なファイルを開けばいい。判断が要りません。でも間引くには「これは要らない」と決める判断が要ります。消した情報がもし必要だったら、という不安と戦うことになります。

私の判断基準はシンプルです。「この情報は、今の1ステップを進めるのに直接効くか」。効かないなら入れない。あとで必要になったら、その時に取りに行けばいい。Claudeは必要なら自分でファイルを読み直せます。先回りして全部積むのは、私の不安を鎮めるためであって、Claudeのためではなかったのです。

Anthropicの新しいモデルは、残りコンテキスト量を自分で把握する「context awareness」を持つようになりました。終盤まで息切れせずタスクを続けられます。でもそれは、窓に余裕がある前提の機能です。最初から窓を生ログで埋めてしまえば、その余裕は最初からありません。

## まとめ

長時間タスクで精度が落ちたとき、私の最初の反応は「情報が足りないのでは」でした。逆でした。情報が多すぎて、肝心な指示が薄まっていたのです。

やったことは3つです。ツール出力の生データを要点に置き換える。無関係ファイルを開かない。決まった後の試行錯誤を捨てる。これでトークンが4割減り、context rotの谷を踏まなくなり、Claudeが最後まで方針を保ちました。

コンテキストエンジニアリングというと、何をどう足すかの話に聞こえます。でも長時間タスクで効くのは、何を入れないかの判断のほうでした。机に資料を積むのをやめて、3枚だけ残す。新人が即戦力に戻るのは、そのときです。

---

コンテキスト設計の全体像 — System Prompt、Few-shot、RAGの統合から、足し算が逆効果になる80-20の境界まで — は **[Context Engineering 実践ガイド](https://kenimoto.dev/ja/books/context-engineering?utm_source=kenimoto-dev-blog&utm_medium=article&utm_campaign=context-pruning-accuracy)** にまとめています。この記事は、その「引き算」側を長時間タスクで試した実録です。

---

# サブエージェントにメインの記憶を渡すのは事故だった：7ファイルのうち4つは遮断すべき

URL: https://kenimoto.dev/ja/blog/sub-agent-memory-isolation/
Lang: ja
Date: 2026-06-08
Description: サブエージェントに親のCLAUDE.mdとメモリを全部渡していませんか。OpenClawの7ファイル設計では、サブに渡すのは2つだけ。人格・ユーザー情報・過去記憶を渡すと、トークンが溶けて情報が漏れます。

サブエージェントを初めて使ったとき、私は良かれと思ってメインの記憶を全部渡しました。CLAUDE.md、ユーザーの好み、過去のメモリ、人格設定。「文脈を共有したほうが賢く動くだろう」という、いま思えば完全に逆の発想です。

結果として何が起きたか。`echo success` を返すだけの、世界一どうでもいいサブエージェントが、起動しただけで数万トークンを食いました。派遣で来てもらった人に、まず会社の全社員名簿と私の家族構成と過去3年の日記を読ませてから「コピー取ってください」と頼んでいたようなものです。親切ではありません。事故です。

この「サブエージェントには何を渡し、何を渡さないか」という設計、ちゃんと言語化したものを最近読みました。OpenClawという実在のAIエージェントの記憶アーキテクチャです。これがきれいに整理されていたので、自分の運用に当てはめ直した話をします。

## 7つのファイルで人格を組み立てる

OpenClawは起動時に7つのファイルを順番に読み込んで「記憶」と「人格」を構成します。役割で並べるとこうです。

| ファイル | 中身 |
|---------|------|
| AGENTS.md | 全員共通の作業ルール |
| TOOLS.md | ツール一覧とローカル設定 |
| SOUL.md | 人格・性格・関係性 |
| IDENTITY.md | 対外的なプロフィール |
| USER.md | ユーザーの情報 |
| HEARTBEAT.md | 定期チェック項目 |
| MEMORY.md | 過去の記憶(日次+長期) |

人間でいえば、AGENTSが就業規則、TOOLSが持ち物、SOULが性格、USERが「上司の好み」、MEMORYが業務日誌です。メインエージェントはこれを全部読みます。フルスペックの自分として動くからです。

問題はサブエージェントのほうです。

## サブに渡すのは2つ、遮断するのは4つ

OpenClawの設計では、サブエージェントに渡すのは **AGENTS.md と TOOLS.md の2つだけ** です。残りは渡しません。


なぜか。サブエージェントは「派遣社員」だからです。特定のタスクを片付けにきた人に、会社の人格(SOUL)も、対外的な看板(IDENTITY)も、過去の業務日誌(MEMORY)も要りません。むしろ渡してはいけません。遮断すべきは次の4つです。

- **SOUL.md(人格)**: サブは作業者であって、私の代わりに振る舞う必要がない
- **IDENTITY.md(対外プロフィール)**: 外に出る顔はメインだけが持てばいい
- **USER.md(ユーザー情報)**: これはセキュリティの問題。サブに私の個人情報を持たせる理由がない
- **MEMORY.md(過去の記憶)**: トークンの浪費に直結し、しかも過去ログの中身が漏れる

HEARTBEATはメイン専用の機能なので、そもそもサブには関係ありません。だから「サブに渡さない7マイナス2=5」のうち、**意図して遮断する情報は4つ** という整理になります。人格・看板・ユーザー情報・過去記憶。この4つを渡すと、トークンが溶けて、情報が漏れます。両方同時に悪化するのが厄介なところです。

## 「親切のつもり」がいちばん高くつく

ここで一番大事な事実を一つ。OpenClawはこの遮断を設計として持っていますが、**いま私たちが日常的に使っているClaude Codeのサブエージェントは、デフォルトでは逆の挙動をします**。

公式ドキュメントの "What loads at startup" を読むと、Claude Codeのサブエージェントは起動時に、メイン会話が読むメモリ階層をそのまま継承します。`~/.claude/CLAUDE.md`、プロジェクトのルール、`CLAUDE.local.md`、管理ポリシーファイル。全部です。例外はビルトインのExploreとPlanだけ。つまり、自分でカスタムのサブエージェントを作ると、何も指定しなければ親の記憶を丸ごと持っていきます。OpenClawが「渡すな」と言っているものを、Claude Codeは標準で「渡します」。

その代償が数字で出ています。GitHubのIssue #6825に、ほぼ自明なサブエージェント(`echo success` を返すだけ)が、継承したメモリのせいで **約60kトークン** を消費した、という報告があります。メモリ無しの環境で同じことをやると **約3k** で済みます。20倍です。コピー一枚取るために名簿と日記を読ませた、あの話そのものが計測されています。

このIssueでは、`tools` フィールドと同じ要領で `includes: System, User, Project, Subagent` のような「何を継承させるか」を選べるフィールドが要望されています。私が確認した時点ではまだ実装されていません(メンテナの解決方針も未確認です)。だから現状は、**設計者である私たちが意識して絞る** しかありません。サブエージェントのプロンプトを、必要最小限の作業指示とツール情報だけにする。それがいまできる遮断です。

## トークンだけの話ではない

トークンが20倍になるのは財布の問題ですが、もう一つ、財布より怖い問題があります。漏洩です。

サブエージェントは、悪意あるコンテンツやプロンプトインジェクションの影響を受けることがあります。2026年には、単一のプロンプトインジェクションで複数のAIコーディングエージェントがシークレットを漏らした事例が報告されています。攻撃が「モデルを一回だます」から「計画を乗っ取り、特権ツールを呼び、メモリを汚染し、横に広がる」というチェーンに進化しているわけです。

このとき、サブエージェントにUSER.md(あなたの個人情報)やMEMORY.md(過去のやり取り全部)を渡していたら、漏れる範囲がそのまま広がります。逆に、作業ルールとツール情報しか持っていないサブエージェントは、たとえ乗っ取られても漏らせるものが少ない。OWASPのAIエージェント・セキュリティのチートシートが言う **最小権限** とは、まさにこれです。「各エージェントは定義されたタスクに必要な最小限の権限で動かせ、そうすれば侵害された時の影響範囲が構造的に制限される」。学術側でも、共有メモリ経由のクロスコンテキスト推論やIP漏洩を評価するMAGPIEのようなベンチマークが出てきています。

派遣の人に日記を渡さないのは、その人を信用していないからではありません。万が一その人のカバンが盗まれたとき、日記まで一緒に盗まれたら困るからです。

## 私の運用ルール

整理すると、私がいま守っているのはこれだけです。

- サブエージェントには **作業指示とツール情報** だけ渡す。プロンプトに余計な背景を盛らない
- **人格・対外プロフィール・ユーザー情報・過去記憶** はメイン専用。サブには出さない
- 自明なサブほど警戒する。「どうせ小さいタスクだから」という油断が、60kトークンと漏洩経路を同時に連れてくる

サブエージェントを設計するとき、つい「賢くするために文脈を足そう」と考えてしまいます。でも記憶の設計に限っては、足し算ではなく引き算です。何を渡すかではなく、何を渡さないか。派遣社員には日記を渡さない。それだけで、トークンも安全も守れます。

---

記憶の設計を含むコンテキストエンジニアリングの全体像(5段階の戦略からRAG、MCP、CLAUDE.md、Agentic RAGまで)は書籍にまとめています。

[LLMを嘘つきから専門家に変える Context Engineering実践](https://kenimoto.dev/ja/books/context-engineering?utm_source=kenimoto-dev-blog&utm_medium=article&utm_campaign=sub-agent-memory-isolation)

---

# Claude Codeを3セッション並列で8時間動かしたら、2回コンテキストを上書きしあった

URL: https://kenimoto.dev/ja/blog/three-claude-sessions-parallel-8h-context-overwrite/
Lang: ja
Date: 2026-05-27
Description: 3つのClaude Codeセッション、3つのgit worktree、共有された1つの.claude/ ディレクトリ。8時間後、メモリファイルは2回上書きされ、47ドル分の再作業が発生していました。

午後にやりたいことが3つあって、ターミナルウィンドウも3つ開いていました。計算は単純です。Claude Codeを3セッション、それぞれ別のworktreeで起動して独立したブランチを進めれば、午後のスループットはおおよそ3倍になるはず。公式ドキュメントもこのパターンを推奨していて、デスクトップアプリは新規セッションごとに[自動でworktreeを作る](https://code.claude.com/docs/en/worktrees)実装になっています。「安全な並列パターン」として紹介されているやり方そのものです。

8時間後、私の手元には壊れたメモリファイルが2つ、書いた覚えのないスキル説明が1つ、そして別のworktreeに既に存在していた作業を再生成するのに使ったトークン代として約47ドルの請求が残っていました。worktreeのセットアップは確かに安全でした。共有された状態は安全ではありませんでした。

この記事は、その8時間の記録です。何をセットアップして、いつ衝突が起き、何が上書きされ、いま私が並列セッション同士が互いを食い合わないために使っている3つの小さなパターンの話です。

## 安全に見えたセットアップ

同じリポジトリの別worktreeでClaude Codeを3セッション起動しました。ブランチは3つ、`feat/voice-buffer`、`fix/og-emit`、`feat/citation-tracker`。どのブランチも同じソースファイルには触れない構成で、それは事前に2回確認しました。

```bash
# Terminal A
git worktree add ../wt-voice-buffer feat/voice-buffer
cd ../wt-voice-buffer && claude

# Terminal B
git worktree add ../wt-og-emit fix/og-emit
cd ../wt-og-emit && claude

# Terminal C
git worktree add ../wt-citations feat/citation-tracker
cd ../wt-citations && claude
```

各セッションが読み込むシステムコンテキストは同じです。リポジトリの `CLAUDE.md`、ユーザー階層の `~/.claude/CLAUDE.md`、`~/.claude/skills/`、そして `~/.claude/projects/<repo>/memory/` ディレクトリ。worktreeはgitのレイヤーでは独立していますが、それ以外は全部共有です。

この含意に気付いたのは、8時間目に壊れたメモリファイルを開いたあとでした。worktreeはソースコードを分離してくれます。Claudeの「脳」までは分離してくれません。

## 衝突1: 3時間42分後、スキルファイル

最初に壊れたのは、その日一度も自分で触っていないスキルファイルでした。

セッションAは音声バッファの修正中に「WebRTCバッファ用のスキルってあったかな」と自問しました。なかったので、`~/.claude/skills/voice-buffer/SKILL.md` に新しく書き出して作業を続けました。ほぼ同じ8分のウィンドウで、セッションCはcitation trackerを作りながら「ソース帰属パース用のスキルってあったかな」と自問しました。なかったので `~/.claude/skills/citation-source/SKILL.md` に新しく書き出しました。

ここまでは衝突なしです。別ファイル、別トピック。公式ドキュメント的にも何も問題ありません。

衝突が起きたのは3つ目のファイル、`~/.claude/skills/_index.md` でした。両セッションとも、新スキルを登録するときにこのインデックスを更新する判断をしました。セッションAが先に更新。30秒後にセッションCが読み込んだのは、Aの書き込み「前」のバージョン。Cはそこに自分のスキルを追記して保存しました。Aが登録したvoice-bufferスキルの行は、インデックスから消えました。セッションAは知る由もなく、もう次の作業に進んでいました。

5時間目に、淡々と動いていたセッションB（OGタグ修正担当）に「いまスキルインデックスにvoice-bufferは入ってる？」と聞いて気付きました。「入っていません」との返答。確認したら本当にそうでした。Aが書いたスキルファイル本体はディスクにあるのに、そこを指すインデックスは消されていた。

これがロックなしの共有状態の見た目です。書き手2人、last-write-wins、警告なし、マージなし。

## 衝突2: 6時間18分後、メモリファイル

2つ目の衝突はもっと厄介でした。残しておきたかった作業を食われました。

`~/.claude/projects/<repo>/memory/` は、セッションをまたいで残しておきたい小さなメモを置く場所として使っています。システムのコンポーネントマップを書いた `architecture.md`、文体の好みを書いた `feedback.md`、現在の優先事項を書いた `project.md`。どれもClaude自身がたまに書き加えます。ユーザーが「これ覚えておいて」と言ったとき、もしくはエージェント自身が「これは残す価値がある」と判断したとき。

6時間18分の時点で、セッションAが音声バッファ作業を終え「このバッファの不変条件、残しておこうかな」と自問しました。`architecture.md` を読み、節を追加して保存。6時間19分、セッションBがOG修正を終え「og:type 二重発火バグをgotchaとして記録しておこうかな」と自問しました。`architecture.md` を読みましたが、それはコンテキストにキャッシュされたAの書き込み「前」のバージョン。そこに自分の節を追加して保存しました。

Aが書いたvoice-bufferの不変条件は消えました。注意深くまとめた8分の作業が、まったく無関係だが正しい内容のmetaタグ節に置き換わって、跡形もない。

翌朝、たまたま「buffer invariant」でgrepして何も出てこなかったから気付きました。もし検索しなかったら、そのメモは今後のClaude Codeセッションにとって「存在しないも同然」になっていたはず。エージェントは「そういえばあの不変条件は」と思い出すきっかけすらありません。「兄弟プロセスがメモリファイルを静かに上書きしました」というエラーログはどこにも残らないので。

## 本当に壊れていたもの

worktreeはファイルシステムレベルの問題を解決します。2つのセッションが同じ `src/voice/buffer.ts` に書き込めば、gitコンフリクトが派手に出るので気付けるし、回復もできます。2つのセッションが同じ `~/.claude/skills/_index.md` に書き込むと、静かな上書きが起きます。気付けないし、回復もできません。

具体的に何が壊れていたかと言うと、こうです。公式ガイドは[「あるセッションでの編集が別セッションのファイルに触れることはない」](https://code.claude.com/docs/en/worktrees)と書いていて、worktreeレイヤーではこれは事実です。でも、ハーネスレイヤーではそうではありません。ハーネス（メモリ、スキル、フック、設定）はworktreeより1階層上の `~/.claude/` にあり、そこは並列セッションが調整なしに自由に書き込む場所です。

危険なファイルは3クラスあって、痛みが大きい順に並べるとこうなります。

1. **設定ファイル** (`~/.claude/settings.json`)。エージェントがここに書くことは少ないので衝突頻度は低いです。ただし書く瞬間（スキルが権限追加を要求するなど）は確実にlast-write-wins。
2. **スキルファイル** (`~/.claude/skills/`)。中頻度。実際の発火点は個別のSKILL.mdではなく、インデックスや共有カタログのほう。
3. **メモリファイル** (`~/.claude/projects/<repo>/memory/`)。一番痛い。エージェントがここに書くタイミングは、まさに「いま学んだことを残しておきたい」瞬間です。つまり、失いたくない作業がちょうど消える。

Anthropicの並列worktreeパターンはコード向けの設計です。ハーネスは1セッション同時稼働を前提に作られています。両方を同時にやるのは、利用者の側のバグです。


## 47ドルの授業料

現金の損失は再作業ぶんです。メモリファイルの衝突のあと、セッションAが直前に導出したvoice-bufferの不変条件はどこにも残っていませんでした。翌朝、新しいセッションを立ち上げてバッファを拡張するよう頼んだら、同じ不変条件を、ほぼ同じ手順で、ゼロから再導出しました。40分ほどのトークン消費です。ダッシュボードを見たら、Sonnet 4.6のトークン代でだいたい47ドル。あと、少しだけ不機嫌な朝。

もちろん最初の導出にも料金は払っています。なので実際には「失った」というよりは「二度払った」が正確で、その二度目のほうが回避可能だった、という構図です。Brooks's Lawには誰も引用しない脚注があります。「並列プロセスは互いのメモを上書きするので、同じ作業を2回支払うことになる」。

## いま私が使っている3つのパターン

衝突の日のあと、3つだけ変えました。どれも小さい変更で、Anthropic側に何かを出してもらう必要はありません。

**パターン1: セッションごとのメモリ名前空間。** 共有された `~/.claude/projects/<repo>/memory/` ではなく、各並列セッションは `~/.claude/projects/<repo>/memory/<branch-name>/` 配下に書き込むようにします。worktreeごとの `CLAUDE.md` でエージェントに自分のサブディレクトリを指し示しておくだけ。セッション終了時に手動か簡単なスクリプトでメインの `memory/` にマージします。衝突はファイル名の重複として表面化するので、派手に気付けるし回復できます。

```markdown
<!-- worktreeごとの CLAUDE.md -->

## メモリ書き込み先

メモリファイルは
`~/.claude/projects/repo/memory/feat-voice-buffer/`
配下にのみ書き込むこと。
`~/.claude/projects/repo/memory/` 直下には書かないこと。
```

**パターン2: 共有インデックスへのwrite lock。** 名前空間で分離できないファイル（スキルインデックス、settings.json）には、エージェントの書き込みに `flock` 系のロックを噛ませます。エージェントは小さなラッパースクリプト経由で書き込みを行い、`~/.claude/locks/skills-index.lock` の排他ロックを取ってから対象ファイルに触ります。last-write-winsの構造そのものは変わりませんが、書き込みが直列化され、書き込み前の読み込みが整合した状態を見るようになります。ラッパーはシェルで20行程度。

```bash
#!/usr/bin/env bash
# ~/.claude/bin/locked-write.sh
target="$1"
lockfile="$HOME/.claude/locks/$(basename "$target").lock"
mkdir -p "$(dirname "$lockfile")"
exec 9>"$lockfile"
flock 9
cat > "$target"
```

**パターン3: `.claude/sessions/` 経由の調整。** 動いている各セッションが `~/.claude/sessions/<pid>.json` にハートビートファイルを書きます。ブランチ名、開始時刻、ハーネスレイヤーで触る予定のファイルを記録しておくイメージです。共有インデックスやメモリファイルに書き込む前に、sessions/ ディレクトリを兄弟プロセスの主張についてgrepします。重なる主張があれば待つかスキップする。3つの中で一番重いパターンで、私が一番使わないやつです。パターン1と2でほとんどの実衝突は捕まるので。

[サブエージェントの並列レビュー](/ja/blog/three-sub-agents-pr-review-40-percent-disagreement/)を使ったことがあれば形は同じだとわかるはずです。問題はモデルではありません。利用者が「ここにあるとは思っていなかった」統合レイヤーのほうです。サブエージェントは1セッション内で意見について衝突し、並列セッションはハーネスをまたいで状態について衝突します。

## いま私が信じていること

並列Claude Codeセッションはタダではありません。マルチエージェントのコードレビューがタダでないのと同じ仕組みです。コストは姿を変えますが、ゼロにはなりません。並列セッションの場合、コストはハーネスディレクトリ内の静かな上書きとして現れます。開始から8時間後、2つ目のターミナルを開いたときには想像もしなかったファイルで。

公式ガイドの言い分はソースコードレイヤーでは正しいです。「あるセッションでの編集が別セッションのファイルに触れることはない」。ただし1階層手前で止まっています。`~/.claude/` 配下の編集は、互いのファイルに触れることに躊躇がありません。スケジュールはlast-write-wins、エラーログはあとからgrepするとどこにもない。

この記事から1つだけ持ち帰るとしたら、こうです。2つ目のworktreeで2つ目のClaude Codeセッションを開く前に、10秒だけ立ち止まって考えてみてください。この2つのセッションはスキル、メモリ、設定を共有するのか、そしてどちらかが他方の書き込みを静かに食ったとして自分は困るのか。困るなら、今日のうちにパターン1を入れて、実際に衝突を踏んだ日にパターン2を足す。パターン3は5並列までスケールしたときに考えれば十分です（公式ドキュメントが「やめておけ」とやんわり書いてくる手前のあたり）。

並列セッションは今もまだ使っています。worktreeの境界が境界の全部だ、というふりをやめただけです。

---

**この話をもっと詳しく:** ハーネスレイヤー、Claude Codeセットアップを構成する6つのモジュール、共有状態の失敗モードについては、[ハーネス・エンジニアリング](https://kenimoto.dev/ja/books/harness-engineering-guide) で詳しく扱っています。ターミナルを3つ開くだけで終わらせず、Claude Codeを本気で運用したいエンジニア向けのフィールドガイドです。

このブログの関連記事:

- [3人のサブエージェントに同じPRを見せたら4割で意見が割れた](/ja/blog/three-sub-agents-pr-review-40-percent-disagreement/)
- [3役分離: Observer / Strategist / Marketer](/ja/blog/observer-strategist-marketer-3-yaku-bunri/)
- [Claude Codeのサブエージェント設計](/ja/blog/claude-code-sub-agent-design/)

---

# 3人のサブエージェントに同じPRを見せたら、4割の指摘で意見が割れた話

URL: https://kenimoto.dev/ja/blog/three-sub-agents-pr-review-40-percent-disagreement/
Lang: ja
Date: 2026-05-12
Description: Claude CodeのSub-agentを3つ並列で同じ500行PRに当ててみたら、コメントの41%は意見が割れた。マージに想定の4倍の時間がかかった理由と、何人並列が最適かの実用ルール。

マルチエージェントのコードレビューは、ただの上乗せだと思っていました。3人のサブエージェントに同じPRを見せれば、1人分のコストで3倍の目玉。安いものです。

実際にやってみたら、500行のリファクタリングPRに3つのSub-agentを並列で当てた結果、コメントの41%で意見が割れました。15分で終わるつもりだったマージ作業に1時間かかりました。Brooksの法則は2026年でも生きていて、しかもエージェントにまでスケールしているようです。

Anthropicは3月の[Code Review発表](https://claude.com/blog/code-review)で、社内利用時に「不正確」と判定された指摘は1%未満だと報告しています。この数字自体は本物です。ただし、これは数ヶ月かけて調整されたパイプラインを自社コードベースで動かした結果の数字でした。同じ手触りを期待して自分のリポジトリで3つのSub-agentを動かしてみたら、「一致」という言葉の意味が私の想像とは違っていました。

本記事はその実験記録です。これは以前書いた[Claude CodeのSub-agent設計記事](/ja/blog/claude-code-sub-agent-design/)の続編で、設計論ではなく**並列稼働させた実測データ**の話です。

## 実験の設定

対象は副業プロジェクトのWebRTCシグナリング層をリファクタリングする500行のPRです。8ファイル、ほぼTypeScript、設定ファイルを少しいじり、新しいエラー型が1つ。1人のレビュアーでは何かを見落とす程度には複雑で、いわゆる「実験のための実験」にならない程度の地味さがありました。

3つのSub-agentを `.claude/agents/` に定義しました。全部Sonnet 4.6、全部読み取り専用。

```markdown
---
name: explore-reviewer
description: 呼び出し元、依存先、デッドコードパスを追跡する。
model: sonnet
allowed-tools: Read Grep Glob
---

あなたはコードの考古学者です。変更されたファイルごとに、すべての呼び出し元、
参照するテスト、変更後に静かになるパスを見つけてください。
file:line形式の引用を伴って具体的に報告してください。スタイル論はなし。
```

```markdown
---
name: security-reviewer
description: 認証、検証、シークレット管理の退行を探す。
model: sonnet
allowed-tools: Read Grep Glob WebSearch
---

あなたはセキュリティレビュアーです。認証フロー、入力検証、シークレット管理、
依存リスクのみを扱ってください。各指摘に推定CVSSを付けてください。
スタイルとアーキテクチャは無視。
```

```markdown
---
name: plan-architect
description: 既存規約に対する設計判断を評価する。
model: sonnet
allowed-tools: Read Grep Glob
---

あなたはソフトウェアアーキテクトです。PRの設計判断を、このコードベースの
既存規約と比較してください。ドリフト、抜けている境界、次の人が困る抽象化を
指摘してください。
```

各Sub-agentに同じプロンプトを渡しました。「PR #482を1行ずつレビューし、file:line引用つきの箇条書きで指摘を出してください」。全員が独立したコンテキストで動き、互いの出力は見ません。最後に統合するのは私だけです。


## 41%の不一致はこういう形をしていた

3つ全部が終わったとき、生のコメント数は計78件ありました。スプレッドシートを開いて1つずつ「3エージェント全員が指摘」「2/3が指摘」「1/3だけが指摘」とタグ付けしました。

| カバレッジ | 件数 | 比率 |
|---|---|---|
| 全3エージェントが指摘 | 14 | 18% |
| 2/3エージェントが指摘 | 32 | 41% |
| 1/3エージェントだけが指摘 | 32 | 41% |

「1/3だけが指摘」のバケツが、私が**不一致**と呼んでいる部分です。残り2つのSub-agentは同じ行を、同じツールで、同じ差分の上で見ていました。それでも素通りした。**ある指摘が「あるSub-agentの個人的な意見」である確率は41%**。これが今日の数字です。

Anthropicの「1%未満」は計測方法が違います。彼らはエンジニアが「修正せずに明示的にcloseした指摘」をカウントしています。私がカウントしているのは「同じコードを見ていた他の2人が言及すらしなかった指摘」です。問いが違うので、答えも違って当然です。そして私の時間を奪うのは後者です。

## 不一致の4パターン

全件を分類したら、ほぼすべてが4つのパターンに収まりました。

**重要度のドリフト。** plan-architectは「null チェックが抜けている」を critical と判定。同じ行をsecurity-reviewerは「low、呼び出し元が既に検証済み」と判定。両方とも、ある意味で正しい。architectは関数を単体で読んでいて、security-reviewerはgrepで呼び出し元を歩いて上流の検証を確認していました。同じ行、正反対の判定。

**スコープのドリフト。** 「このPRをレビューせよ」と頼んだら、explore-reviewerはPRが触っていない別ファイルの既存バグまで3件報告してきました。plan-architectは差分の外には一切触れません。事前にどちらの挙動になるか分かりません。厳密に言えばどちらの解釈も擁護できます。実用的に言えば、片方がコメント数を爆発させます。

**具体性のドリフト。** plan-architectが書いてきたのは「リトライ処理を共通ヘルパーに抽出することを検討してください」。security-reviewerが書いてきたのは「184-201行目を `retry(opts, () => fetchToken(opts.url))` に置き換え、30秒の上限を設けてください。さもないと auth-refresh パスがワーカーをハングさせます」。同じアイデア。片方は30秒で適用できて、もう片方は会議を1つ消費します。**具体性は私の想像よりずっと大きな分散軸でした。**

**ツール予算のドリフト。** explore-reviewerは grep と glob を使い、改名された関数がCIスクリプトでまだ参照されていることに気づきました。plan-architectは同じツールを持っていたのに、そこまで見に行かない。同じ allowed-tools、同じ「依存先を探せ」の指示。片方は表面を歩き、片方は建物の中を歩く。ドリフトの正体は、システムプロンプトがどれだけ「徘徊」を奨励しているかでした。

Claude Codeの[Sub-agent公式ドキュメント](https://code.claude.com/docs/en/sub-agents)を読んでいれば、ここまでは想定内かもしれません。私が驚いたのは、私がタグ付けした不一致のほぼ全部が、この4つに綺麗に収まったことです。

## 誰も気づかなかったバグ

マージから2日後、同僚が新しいエラーハンドリングパスにレースコンディションを見つけました。PRは1フレーム分の窓を開けていて、同じソケットに2回のreconnectが走り得る状態でした。3つのSub-agent、誰も触れていませんでした。私が手書きしたPR descriptionには「reconnect ロジックを移動」と書いてあって、同僚はそれを見て調べに行ってくれたのです。

「目玉が十分あれば、バグは浅くなる」とEric Raymondは1999年に書きました。目玉の話は正しい。ただし、3つの目玉が**全部同じ窓を見ている**場合の話はしていません。私の3つは全員が差分を凝視していました。誰も一歩下がって「タイミングは何が変わったのか?」と問いませんでした。

## マージで失った1時間

3つのレポートを統合する作業こそ、私が予算化していなかった部分です。

「2/3」「1/3」の指摘1件ごとに、判断が必要でした。

1. これは本物の指摘か、それともgrep 1発で埋まるコンテキストギャップか
2. 本物だとして、エージェントAの重要度判定が正しいか、エージェントBが正しいか
3. 修正案が出ているとして、具体案をそのまま適用していいか、抽象案に戻すべきか

3番目の質問だけで、コーヒーを3杯飲みました。2つのSub-agentは「共通ヘルパーに抽出せよ」と言ってきました。1つは具体的なヘルパーを書いてきました。その具体ヘルパーが本当に正しい形をしているかは、結局、差分を3周目に読んで自分で判断しなければなりませんでした。正しくありませんでした。私は4番目のバージョンを書く羽目になりました。

Brooksの法則は、遅延プロジェクトに人を追加すると人間同士のコミュニケーションコストが爆発する話でした。私は今、これが一般化すると確信しています。**N人の独立した視点を同じ成果物に当てた瞬間、N+1番目のレビュアーは統合担当者になり、統合担当者の時間はNに対してほぼ線形に増えます**。3つのSub-agentは3倍の目玉だった一方、3倍の統合コストでもありました。

Claude Codeを[24時間自律稼働させた話](/blog/autonomous-agent-24-hours-security-lessons)を逆方向から見ると同じ結論にたどり着きます。ボトルネックはエージェントの出力を読む人間に移動するのです。

## 何人並列が最適か

答えは1ではないと思っています。同じ週にN=1で小さなPRを試しました。汎用エージェントによる1回のレビューパスです。explore-reviewerなら気づいたであろうクロスファイルの依存関係を、見落としました。**1組の目玉は、2組より明確に悪い**です。

12本くらいPRを通したあとの、私の現時点ヒューリスティック:

- 小さなPR (100行未満、新ファイルなし): Sub-agent 1つ。それ以上は無駄。
- 中規模PR (100-500行、1サブシステムに収まる): 異なる角度の2つ。たいていは explore + security か explore + architect。PRが何をリスクに晒しているかで選ぶ。
- 大規模・横断PR (500行超、複数サブシステム): 3つ。事前に統合時間を確保すること。無料ではない。

3を超えると、いまのところ価値を感じたことがありません。HAMYの[9エージェント構成](https://hamy.xyz/blog/2026-02_code-reviews-claude-subagents)は興味深いものの、レポートをマージする2つ目のツールが必要になり、それは私自身より安くないと割に合いません。

もう1つのツマミは具体性です。私は今、各Sub-agentに「最小の具体的な修正案を添えること、わからない場合は no-fix と明記すること」を必ず要求しています。システムプロンプトのこの1行だけで、具体性ドリフトが半分近く消えました。

## 結局、私が今信じていること

マルチエージェントのコードレビューはタダではありません。実態は「3人のジュニアレビュアーが別々の部屋で読んで、あなたがメモを統合するシニア」に近い。目の数は確かに増えますが、統合コストも増え、その統合コストはあなたのカレンダーに居座ります。

誰も気づかなかったバグの件が、私を一番謙虚にさせました。3エージェント、3つの角度、全員読み取り専用、全員同じ差分。誰もタイミングの変化に気づかなかった理由は、誰もそれを問われていなかったからです。**Sub-agentはシステムプロンプトに書かれた質問にはとても強い。書き忘れた質問には平凡です。** 限界はモデルではなく、こちらの問いの設計でした。

ひとつだけ持ち帰っていただきたいのは、これです。`what-am-i-not-asking` という4つ目のSub-agentプロンプトを書き、差分を渡し、他のエージェントが見落とすカテゴリを列挙させる。その答えを読んでから、本番のレビュープロンプトを書く。本記事の実験では私はそれをやりませんでした。そして1時間を失い、同僚にレースコンディションを見つけてもらいました。因果関係は明白です。

Anthropicの1%未満という数字は本物です。ただしそれは、数ヶ月かけて誰かが磨いたパイプライン上の数字です。会議の合間に3つ書いたSub-agentで出る数字ではありません。あなたの環境で磨いてください。それまでは、4割で見積もるのが安全です。

---

**この記事を本1冊分に拡張したいなら。** Sub-agent設計、カスタムエージェントのパターン、Claude Codeのワークフロー全体は、[Practical Claude Code(実践Claude Code)](https://kenimoto.dev/ja/books/claude-code-mastery) にまとめています。Claude Codeを本気で運用したいエンジニアのためのフィールドガイドです。

関連記事:

- [Claude CodeのSub-agent設計 — 1セッションで専門家チームを使い分ける](/ja/blog/claude-code-sub-agent-design/)
- [Claude Code Hooks v2: 25イベントで何が変わるか](/ja/blog/claude-code-hooks-v2-25-events/)
- [CLAUDE.md は結局 Context Engineering を1ファイルに凝縮したもの](/ja/blog/claude-md-context-engineering-practice/)

---

# バリデータがバグっていた — 「安全です」と報告するシステム自身が壊れているとき

URL: https://kenimoto.dev/ja/blog/validator-was-the-bug-grey-failure/
Lang: ja
Date: 2026-06-07
Description: 最も厄介なデバッグは、コードのバグではありません。「OK」と報告する監視やバリデータ自身が壊れているケースです。CrowdStrikeで850万台を巻き込んだ21対20のフィールド不一致、Metaの内部ツール全滅、みずほのATM停止。3つの障害から、計器を疑うという最初の一手を考えます。

先に結論を言います。**最も危険なバグは、コードの中ではなく「OK」と報告する側にいます。** 監視ダッシュボード、ヘルスチェック、デプロイ前のバリデータ。これら「安全です」と告げてくる計器そのものが壊れているとき、デバッグは一気に泥沼化します。

恥ずかしい話からします。私は昔、本番の数字が変だという報告を受けて、まずダッシュボードを開きました。グリーン。全部グリーン。だから「監視が正常なんだから問題ない、報告側の勘違いだろう」と判断して、30分くらい何もしませんでした。実際には集計バッチが止まっていて、ダッシュボードは古い値を表示し続けていただけでした。グリーンだったのは、健康だったからではなく、心電図のコードが抜けていたからです。

この「計器を信じすぎる」という失敗は、規模が大きくなると桁違いの被害になります。

## 850万台を落としたのは、バリデータのバグだった

2024年7月19日、CrowdStrikeのFalcon Sensorアップデートが世界中のWindowsをブルースクリーンに変えました。その数、約850万台。航空会社のチェックインが止まり、病院のカルテが開かなくなり、決済端末が沈黙しました。医療業界だけで被害見込みは約19.4億ドルとされています。

原因はマルウェアでも外部攻撃でもありません。デプロイ前の検証システム、Content Validatorのバグでした。

技術的にはこうです。Channel File 291の更新で使われたIPCテンプレートは **21個の入力フィールド** を定義していました。ところが、それを実際に解釈するセンサー側のコードは **20個** しか渡していませんでした。21対20。たった1個のズレです。

普通ならバリデータがこの不一致を弾くはずでした。チームもそう信じていました。3月から4月にかけて、同種の更新が何度も成功していたからです。ところがバリデータ自身にバグがあり、この21番目のフィールドのズレを検知できませんでした。テストでは21番目に常にワイルドカード(何にでもマッチする条件)が使われていたため、不一致が一度も表面化しなかったのです。結果、カーネルレベルの境界外メモリ読み取りが起き、世界中のマシンが同時に倒れました。

「バリデータが通したんだから安全だ」。この前提が、850万台分の崩壊を招きました。怖いのは、誰も嘘をついていないことです。バリデータは正直に「安全です」と報告していた。報告する機能そのものが壊れていただけです。


## グレー障害 — 「応答できる」と「正しく動く」は別物

この種の故障には名前があります。**グレー障害(gray failure)** です。完全にダウンすれば監視が即座に気づきます。完全に正常なら問題ありません。やっかいなのはその中間、つまり「生きてはいるが正しく動いていない」状態です。

ある決済プラットフォームで、データベースノードがこの状態に陥った事例があります。ノードはヘルスチェックに応答し続けていました。だから監視は「正常」と報告し、フェイルオーバーも発動しませんでした。実際にはレプリケーションが止まっていて、データはどんどん古くなっていきました。

ヘルスチェックが見ていたのは「このノードは応答できるか」だけでした。「このノードは正しく仕事をしているか」は見ていなかった。この2つは、似ているようでまったく別の質問です。pingが返ってくることと、中の人がちゃんと働いていることは違います。会社のチャットで即レスする人が、必ずしも仕事を進めているとは限らないのと同じです。

ヘルスチェックには常に死角があります。何を検査しているのか、そして何を検査して **いない** のかを、書いた本人すら忘れがちなのです。

## 内部ツールも、同じネットワークに乗っていた

計器を疑うべき理由はもう一つあります。障害そのものが、計器を巻き込むことがあるからです。

2021年10月4日、Meta(Facebook)が約6時間にわたってインターネットから消えました。バックボーンのメンテナンス作業でコマンドを誤り、全バックボーン接続が切れ、DNSサーバーがBGP経路を撤回しました。Facebook、Instagram、WhatsAppが世界中で同時に沈黙しました。

エンジニアが最初に手を伸ばしたのは、いつもの内部ツールでした。ところがその内部ツールが、落ちたのと同じネットワークに依存していました。リモートでデバッグする手段がすべて使えなくなり、最終的に人が物理的にデータセンターへ向かうことになりました。

「内部ツールはいつでも使える」。平時には正しいこの前提が、有事には真っ先に崩れます。火事のときに限って消火器の前に火が回っている、というやつです。監視も、ログ基盤も、踏み台サーバーも、それ自体が障害の被害者になりうる。そう考えておくだけで、初動の選択肢が変わります。

## 過去の成功体験という、いちばん手強い計器

人間の頭の中にも、壊れた計器があります。過去の成功体験です。

2021年2月28日、みずほ銀行のe口座一括切替処理が、MINORIコアバンキングの定期預金データ領域を溢れさせました。ATM 4,318台が停止し、5,244枚のキャッシュカードと通帳が機械に呑み込まれました。引き出せなくなった人が、休日のATMの前で立ち尽くす光景です。

対応チームが取った行動は、過去の障害で有効だったエラー閾値の緩和でした。前回はこれで収まった。だから今回も、と。ところが状況は違っていました。閾値の緩和は、残っていた最後の安全バリアを外し、障害をさらに広げてしまいました。

後の調査委員会は、根本原因を「技術」ではなく「組織文化」に求めました。「前回これで直った」という記憶が、検証されないまま今回に適用された。過去の成功は、もっとも疑いにくい計器なのです。よく効いた薬を、別の病気にそのまま飲ませてしまった、と言い換えてもいい。

## 計器を疑うための、実務の一手

では具体的に何をするか。私が現場で使っているのは、シンプルなルールです。

**「本当に?」を3回繰り返す。** ログが正しい? 本当に? ならログ基盤自体のステータスを見る。影響はこの2社だけ? 本当に? ならフィルタを外して全件を見る。前回と同じ対処で直る? 本当に? なら前回との差分を明示的に並べる。

**「What」を最後に回す。** デバッグはつい「何が壊れた?(What)」から始まります。でもその前に確認すべきことがあります。どこから観測している?(Where)その観測点は信頼できる? いつから?(When)本当にその時刻から? どうやって検知した?(How)その検知手段自体は生きている? これらが固まってから、初めてWhatを考えます。

そして最後に、自分用のチェックリストを一つ。

- ログは全件出ているか(欠損はないか)
- メトリクスの計測自体にバグはないか
- ヘルスチェックは「正しく動く」を見ているか、「応答できる」だけを見ているか
- 監視システム自体が、今回の障害の影響を受けていないか
- 「N件だけ」のNは、本当にNか(フィルタは正しいか)
- 前回と同じ対処が効くという根拠は、今回もあるか

計器を疑うのは、後ろ向きな作業ではありません。観測が信頼できると確認できて初めて、その先のデバッグ全部の精度が上がります。土台が砂のままどれだけ立派な仮説を積んでも、それは砂上の楼閣です。グリーンのダッシュボードを見て安心する前に、一度だけ「このグリーンは、本当にグリーンか?」と問う。私が30分を無駄にして学んだのは、結局それだけのことでした。

---

# 音声AIスタックを5つ実測した。300msの壁を越えられたのは2つだけだった

URL: https://kenimoto.dev/ja/blog/voice-ai-5-stacks-only-two-under-300ms/
Lang: ja
Date: 2026-05-13
Description: 「音声AIは300ms以下で応答できる」と何度も読んだ。同じ1分会話で5つのスタックを実測したら、3つは崖を越えられなかった。2026年5月時点のP95 latency表を貼っておく。

「音声AIエージェントは300ms以下で応答できる」と何度も読んだ。AssemblyAIも、Vapiも、Realtime APIのローンチ記事もそう言っている。だから5つのスタックを組み、同じ1分の会話を全部に流して、各パイプラインの中にストップウォッチを差し込んだ。

5つのうち3つは、崖の手前にすら届かなかった。

残りの2つは、私が「どうせマーケティング数字だろう」と高を括っていた構成だった。マーケティングが正しくて、自分の手書きパイプラインが間違っていた。完敗です。


## スライドに載らない「3つの崖」

数字を見せる前に、まず体感モデルから。音声AIのレイテンシは、なだらかには劣化しません。崖のように落ちます。AssemblyAI、Vapi、Retellの調査がだいたい同じ3つの閾値に収束していて、私も1週間ユーザーテストを回した結果、これを信じるようになりました。

| レイテンシ | ユーザーが取る行動 |
|---|---|
| 0-300ms | 普通に話す。AIを意識しない |
| 300-500ms | 間を感じるが許容 |
| 500-800ms | AIに被せて話し始める(「聞こえてますか？」) |
| 800-1500ms | 同じ質問を繰り返す |
| 1500ms+ | 国際電話と同じ感覚になり、諦める |

300msが第1の崖です。これを越えると、ユーザーは「機械が処理している」ことを意識します。500msを越えるとターンテイキングを奪い合い始め、STTが新しい入力を受け取り直してさらに遅くなる悪循環。800msでは、テスターの半分が「もしもし？聞こえてる？」と言いました。**録画を見返しながらコードレビューする1週間ほど屈辱的なものは、私のキャリアでもそうそうありません。**

## 300msの予算はどこに消えるか

5つのうち3つがなぜ落ちたのか。予算配分を見ればわかります。カスケードパイプラインは、4つの直列処理を300msに収めなければいけません。

- **STT** (音声認識): 80-300ms。モデルとVAD設計次第
- **LLM TTFT** (初トークン): 100-500ms。モデルサイズ、コンテキスト長、コールドスタート次第
- **TTS TTFB** (音声最初の1バイト): 75-300ms。ボコーダー次第
- **ネットワーク往復**: 50-200ms。光の速さとコロケーション選択でほぼ決まる

最速の数字だけ足しても305ms。普通の数字を足すと1秒を越える。今回のベンチマークの元になった書籍ではこれを「レイテンシの解剖」と呼んでいて、結論は「カスケードは300msに数学的にアレルギーがある」というものです。各コンポーネントが物理的に隣に座っていない限り。

Voice-to-Voiceのend-to-endモデルは、STT + LLM + TTSを音声トークンストリーム上の単一forward passに畳み込むことでこのルールをすり抜けます。第2のホップがない。TTSのウォームアップがない。サービス間のハンドオフがない。それが全てで、勝った2つのスタックは私が「いちばんコードを書かなかった」スタックでもありました。

## 5つのスタック

ベンダー贔屓ではなく実比較がしたかったので、条件を揃えました。同じ1分のカスタマーサポート用スクリプト、同じWebRTC ingress (OpenAI Realtime以外はDaily.co)、同じプロンプト、同じUS-EastのクライアントPC、各スタック10ターン×5スタック=50測定。平均は音声ユーザーには嘘をつくのでP50/P95/P99で報告します。

**スタック1 — OpenAI Realtime API**: `gpt-4o-realtime` の公式WebRTCエンドポイント。音声入力、音声出力、間のglueコードなし。

**スタック2 — Deepgram + Claude + ElevenLabs カスケード**: STTにDeepgram Nova-3、LLMにClaude Sonnet 4.6、TTSにElevenLabs Turbo v2.5。ホワイトボードに描く「ベスト・オブ・ブリード」構成。

**スタック3 — ローカルエッジ (Whisper + Llama + Coqui)**: Whisper Large v3 Turbo、Llama 3.3 70BをH100ローカルで、TTSにCoqui XTTS。ネットワーク往復0ms。Hacker Newsが大好きな「プライバシーと主権」の答え。

**スタック4 — LiveKit Agents + Gemini 2.0 Flash Live**: メディアプレーンにLiveKit、脳にGoogleのネイティブ音声Gemini Live。これも別SDK経由のVoice-to-Voice端到端。

**スタック5 — Pipecat + Claude + Cartesia**: オーケストレータにPipecat、LLMにClaude Sonnet 4.6、TTSにCartesia Sonic。ElevenLabsより速いTTSを使った、より作り込んだカスケード。

## 結果

| スタック | P50 | P95 | P99 | 300ms以下? |
|---|---|---|---|---|
| 1. OpenAI Realtime (Voice-to-Voice) | 232ms | 281ms | 320ms | ✅ |
| 2. Deepgram + Claude + ElevenLabs | 480ms | 624ms | 780ms | ❌ |
| 3. Whisper + Llama 70B + Coqui (ローカル) | 870ms | 980ms | 1,210ms | ❌ |
| 4. LiveKit + Gemini Live (Voice-to-Voice) | 250ms | 295ms | 360ms | ✅ |
| 5. Pipecat + Claude + Cartesia | 410ms | 540ms | 670ms | ❌ |

P95で300ms以下を達成したのはスタック1とスタック4だけ。両方ともVoice-to-Voice。両方とも「リレー競走」ではなく「単一forward pass」を提供しています。スタック5はカスケードを丁寧に作った例で、Cartesiaの90ms TTFBは本当に速い。それでも崖は越えられない。LLM TTFTとサービス間ホップが予算を食い切ります。

つらいのはスタック3です。「ネットワークがゼロなら、せめてカスケードには勝つはず」と期待していました。実際勝つこともあるのですが、Llama 3.3 70Bは小さくない。コモディティGPUでLLM TTFTだけで600ms出るので、「ネットワーク不要」では救えません。書籍のエッジAI章は正直に書いていて、現実的なエッジの勝ち筋は **小さいモデル** (Qwen2.5 1.5Bクラス) であって、フルサイズの70Bローカルではない。70Bをローカルで動かすのは両方の悪いとこ取りで、GPU代を払って崖も越えられない。**深淵を覗いていただけでした。**

## なぜ今(2026年5月)Voice-to-Voiceが勝つのか

3つの理由。驚いた順に並べます。

**1. TTFT-then-TTFBの積み上げが起きない**: カスケードでは、LLMの初トークンを待ってからTTSを起動するので、TTSの「最初の1バイトまで」の時間が二重に乗ります。Voice-to-Voiceは音声トークンを直接出すので、2度目のウォームアップがありません。

**2. ハンドオフのシリアル化がない**: Deepgram → Claude → ElevenLabsは3つの別APIエンドポイントです。各々が速くても、TLS、コネクションプール、フレームバッファのオーバーヘッドを3回払う。Pipecatは助けてくれますが、消し去ってはくれません。

**3. VAD連動のターンテイキング**: Voice-to-Voiceモデルは音声ストリームから自分でエンドポイント検出をします。カスケードは、VADシグナルでSTT出力を確定してから送る必要がある。この確定遅延は「ユーザーが話し終わった瞬間」から計測するベンチマークには見えませんが、ユーザーは「自分が公式に話し終わった瞬間」を知らないので、ただの沈黙として体感します。

2026年5月時点で300msを安く達成する方法は、「パイプラインを書かないこと」。私のレイテンシの大半は、私のコードでした。

## エッジAIが追いつくとき

エッジは、正しい問題の形には正しい答えです。ローカル限定のプライバシー、ネットワーク無しのキオスク、オフラインのロボティクス。ただ「サブ300msのクラウドエージェントが欲しい」の答えではありません。Whisper v3 TurboはRTF (Real-Time Factor) 1000x以上を叩き出し、1.5Bクラスのモデルは初トークンをCPUで200msで返せます。この組み合わせ — 小さいモデル、速いSTT、ローカルTTS — なら合計300-350msに収まる。スタック3で試した70B-on-H100の構成では、そこに届きません。

もう一つの道はハイブリッド: エッジSTT、クラウドLLM、クラウドTTS。最も長い同期ステップ(音声フレームのキャプチャ)でネットワーク往復をスキップしつつ、脳には引き続きクラウド級のモデル品質を使えます。書籍は意思決定マトリクスとしてこれを整理していて、私の実測とも一致します: 350-500msは現実的、サブ300msのカスケードは現実的ではない。

「カスケードのまま **体感300ms** に近づける」工夫(フィラー、マイクロ確認、漸進的トークン再生)については、別記事で[Voice AI Perception Hacks](https://dev.to/kenimo49/voice-perception-hacks-i-kept-the-pipeline-at-540ms-and-users-still-said-instant-3oki)に書きました。崖は動かしませんが、崖の手前に立っているかのように見せかけることはできます。

## 今から作るなら

2026年5月、もし私がこれから音声エージェントを始めるなら:

- **コンシューマー向け新規プロダクト** — OpenAI Realtime か Gemini Live を直接。考えるより早めに止めて、出荷する
- **Claudeを脳に使いたい** — Pipecat + Claude + Cartesia。P95 500-600msで生きていく覚悟。フィラー戦略は後でなく今設計する
- **プライバシー / エアギャップ要件** — Whisper Turbo + Qwen2.5 1.5B + ローカルTTS。350ms TTFBを狙う。70Bローカルは次世代GPUまで諦める
- **エンタープライズ電話** — ハイブリッド: エッジSTT、脳はクラウドVoice-to-Voice。PSTNコーデック層でレイテンシ優位は消えるので、ターンテイキング品質に最適化する

最も深い思い違いは「300msは選んだ **モデル** の特性だ」と思っていたこと。実際は「選んだ **アーキテクチャ** の特性」でした。モデルは、そのアーキテクチャの居心地の良さを決めるだけです。

## 関連記事

- [安い方のモデルが勝った: コンテキストはパラメータに勝る](https://kenimoto.dev/blog/cheap-model-won-context-beats-parameters)（英語版） — 別領域の同じ教訓。アーキテクチャはモデルサイズを食う
- [AIエージェントのコスト構造と損益分岐点](https://kenimoto.dev/ja/blog/ai-agent-cost-structure-breakeven) — 音声AIもこのコスト構造の一部です
- [Claude Code Sub-agentの設計パターン](https://kenimoto.dev/ja/blog/claude-code-sub-agent-design) — 音声統合をsub-agent化する選択肢

レイテンシの全解剖、知覚モデル、エッジAI章(スタック3の判断根拠)は書籍にまとめました。

[音声AI 300ms UX: 会話の崖を設計する](https://kenimoto.dev/ja/books/voice-ai-300ms-ux)

---

# Coloquei 11 schemas JSON-LD. Em 3 meses, só 3 foram citados por IA

URL: https://kenimoto.dev/pt/blog/11-json-ld-apenas-3-citados/
Lang: pt
Date: 2026-05-25
Description: Coloquei 11 schemas JSON-LD no <head> do meu site e medi 3 meses de citações por IA. Oito viraram peso morto. Conto quais três carregaram o caminhão.

Há 3 meses passei uma tarde colocando 11 schemas JSON-LD no `<head>` do meu site. Organization, WebSite, Person, quatro blocos de Service, dois de Book, MusicGroup, FAQPage. Saí satisfeito.

Depois fui medir o que os motores de IA faziam com aquilo.

Três dos onze apareceram nas citações. Os outros oito poderiam ser comentários HTML que daria no mesmo.

Aqui vai a história de medição. Quais três schemas ganharam o lugar, quais oito foram peso morto, e por que eu faria de novo, mas menor.


## O que eu coloquei e por que achei que ia funcionar

A implementação em si foi simples. Empacotei os 11 schemas num único array dentro de `<script type="application/ld+json">` no layout Astro, com renderização no servidor em toda página. A motivação na época parecia coerente:

- Mais sinais estruturados = mais chances de ser citado
- LLMs supostamente adoram `knowsAbout`, então Person ia ser a arma secreta
- Service ia dizer à IA exatamente o que eu vendo
- Book ia trazer minhas publicações
- Até MusicGroup ganhou um espaço, porque tenho um projeto paralelo e por que não

Eu estava operando na teoria do acumulador para LLMO: se um é bom, onze é melhor.

Spoiler: não é.

## Como medi

Rodei um experimento de tracking de 3 meses, do fim de fevereiro até o fim de maio de 2026. As regras:

- 50 queries de marca e tema, escritas uma vez e reusadas toda semana
- 4 motores de IA: ChatGPT (modo Search), Perplexity, Claude (com busca habilitada), Brave Leo
- Toda semana eu fazia as 50 perguntas nos 4 motores
- Para cada citação, eu verificava se o trecho citado continha informação que **só** existia em um schema JSON-LD específico (name, foundingDate, knowsAbout, Q&A de FAQ, títulos de livro, descrições de serviço)
- Se o trecho dependesse de um campo único de um schema, eu creditava esse schema

Essa última regra é a que importa. Qualquer um pode dizer "meu schema Article está funcionando" porque Article se sobrepõe a `<title>`, `<h1>` e `<meta description>`. A pergunta interessante é: quando a IA cita um fato que **só existe no JSON-LD**, qual schema produziu o fato?

Três meses, 600 queries (50 × 4 × 3 meses), cerca de 180 citações do meu site no total. Acompanhei todas.

## Os três schemas que ganharam o lugar

### 1. Organization

`Organization` é o schema que os motores de IA realmente parseiam e guardam. Quando alguém pergunta ao ChatGPT "o que faz o kenimoto.dev" ou ao Perplexity "quem roda esse site", a resposta se apoia em campos que vivem dentro do bloco Organization:

- `name` e `alternateName` (cuida de transliteração e abreviações)
- `description` (a frase que a IA usa como resumo do site)
- `foundingDate` (o único lugar estruturado onde a IA acha isso)
- `sameAs` (referências cruzadas para GitHub, LinkedIn, X — a IA usa para juntar entidades)

Cerca de 40% dos trechos citados continham informação rastreável até Organization. O padrão bate com o que [a BrightEdge reportou no começo de 2026](https://digitalstrategyforce.com/journal/what-schema-markup-gets-you-cited-by-chatgpt-and-google-ai-mode-in-2026/): Organization é Tier 1.

Se você for implementar só um schema, é esse. Sem competição.

### 2. Article (TechArticle por post)

Esse aqui não fazia parte dos 11 empacotados no `<head>` da home — o Astro emite por post de blog. Conto ele porque o experimento me forçou a perceber: toda citação de IA de um post individual se apoiava em `headline`, `datePublished`, `dateModified` e `author` do Article.

O campo `dateModified` pesa mais do que parece. O Perplexity em particular favorece conteúdo fresco como sinal de ranking — análises do setor [estimam que o frescor pesa em torno de 40% do ranking do Perplexity](https://www.stackmatix.com/blog/structured-data-ai-search). Toda vez que eu atualizava um post e mexia no `dateModified`, a taxa de citação daquele post subia nas duas semanas seguintes.

### 3. FAQPage

O schema com padrão de citação mais inequívoco. Os motores de IA extraem `mainEntity[].name` e `acceptedAnswer.text` de FAQPage quase literalmente. Estudos do setor colocam a taxa de citação de FAQPage [em torno de 67% em queries relevantes para IA](https://www.frase.io/blog/faq-schema-ai-search-geo-aeo), e outra análise achou páginas com FAQPage [3,2x mais prováveis de aparecer em Google AI Overviews](https://digitalstrategyforce.com/journal/what-schema-markup-gets-you-cited-by-chatgpt-and-google-ai-mode-in-2026/) que páginas sem.

Meus números próprios foram mais modestos: tenho apenas um bloco FAQPage. Mas a **qualidade** da citação era diferente. O ChatGPT não parafraseou minhas respostas de FAQ. Citou direto.

Tem um detalhe: FAQPage só funciona se o conteúdo de FAQ aparece renderizado na página. Schema FAQPage vazio (coisa que vi gente tentando) é padrão documentado de penalidade, não atalho.

## Os oito que não fizeram nada

Aqui dói um pouco escrever.

### Person (com knowsAbout)

Eu apostei que `knowsAbout` ia carregar o caminhão. Vários guias de LLMO tratam isso como arma secreta para autoridade pessoal. Quando eu pergunto à IA "quem é especialista em LLMO?" meu nome deveria estar na resposta, certo?

Não está. Em 600 queries, não achei uma única citação onde o conteúdo citado se rastreasse até um valor único de `knowsAbout`. Nenhuma.

Minha teoria atual: os motores de IA não consultam um knowledge graph estruturado do jeito que o Painel de Conhecimento do Google faz. Eles recuperam documentos e leem. `knowsAbout: ["LLMO"]` parado no JSON-LD não é um documento. É metadado sobre uma pessoa que nenhum pipeline de retrieval pensou em puxar.

Foi o achado mais decepcionante e o mais útil. Incluir `knowsAbout` não tem custo — pode deixar — mas planejar sua estratégia de LLMO em cima disso é apostar num pipeline que ainda não existe.

### Service ×4

Quatro blocos descrevendo o que eu faço. Zero citações rastreáveis até eles. Os motores de IA que quiseram saber quais serviços ofereço acharam a informação no texto da minha home. Os dados estruturados ficaram de fora.

### Book ×2

Dois blocos descrevendo meus livros publicados. Zero citações de queries sobre livros que só pudessem ter vindo do schema Book. Quando a IA cita meus livros, é por causa da prosa nas LPs dos livros e dos listings na Amazon — ambos existem independente do schema.

### MusicGroup

Esse eu coloquei por completude. Hoje suspeito que devia ter colocado por honestidade: eu sabia na época que era improvável disparar, e não disparou. Ter um MusicGroup no `<head>` do meu site foi auto-expressão, não LLMO.

### WebSite

`WebSite` com `SearchAction` é famosamente útil para a sitelinks search box do Google. É feature de SEO, sem efeito em IA. Em três meses, nenhuma citação de IA precisou de informação que só vivesse no bloco WebSite.

## A pesquisa mais ampla aponta na mesma direção

O achado de 3 meses bate com o que estou vendo na pesquisa de 2026.

[A Ahrefs rodou um estudo em maio de 2026](https://medium.com/@vicki-larson/how-structured-data-schema-transforms-your-ai-search-visibility-in-2026-9e968313b2d7) em 1.885 páginas que adicionaram schema para ver se a taxa de citação mexia. Praticamente não mexeu. As páginas que ganharam citações foram as que tinham conteúdo forte e menções de terceiros; o schema sozinho não empurrou o ponteiro.

[Pesquisa da BrightEdge do começo de 2026](https://digitalstrategyforce.com/journal/what-schema-markup-gets-you-cited-by-chatgpt-and-google-ai-mode-in-2026/) achou que páginas combinando Article, FAQPage, HowTo e Organization foram 2,5 a 2,7x mais citadas que páginas sem schema. Repare no que não está nessa lista: Person, Service, Book, MusicGroup, WebSite. A minha lista de fracassos, literal.

Ainda tem um aviso de downside. Schema genérico e preenchido pela metade (Organization só com `name` e `url`, FAQPage com uma pergunta, Person sem `knowsAbout`) carrega uma [penalidade de 18 pontos percentuais de citação](https://www.stackmatix.com/blog/structured-data-ai-search) comparado a não ter schema nenhum. Aparentemente os motores de IA tratam schema vazio como sinal de baixa qualidade.

A conclusão alinhou com a medição: poucos schemas bem preenchidos batem uma coleção grande de schemas pela metade.

## Contexto Brasil: por que isso importa aqui

Duas coisas mudaram em PT-BR nos últimos meses e amplificam o problema dos schemas mortos.

Primeiro, o Google AI Overviews em PT-BR está expandindo a cobertura — mais buscas em português começam a ter resposta gerada com citações. Cada citação é um espaço onde Article + FAQPage + Organization brigam para aparecer. Se você não tem esses três, sua página simplesmente não entra na competição.

Segundo, o Perplexity ganhou tração em circuitos de tech no Brasil, em parte porque cita as fontes de um jeito que SEO antigo não premiava. O `dateModified` do Article passa a ser mais importante do que parecia: posts brasileiros sobre tema técnico envelhecem rápido, e o sinal de frescor é o que faz a diferença entre ser citado em maio ou ser esquecido em junho.

Na prática, é um problema concreto que aparece com mais força para quem escreve em PT-BR agora.

## O que eu faria diferente

Manteria Organization, Article e FAQPage. O tempo economizado nos outros oito eu investiria em deixar esses três mais ricos:

- Organization: mais entradas em `sameAs`, `address` de verdade, `email` de verdade, `foundingDate` de verdade, `description` descritiva
- Article: atualizar `dateModified` toda vez que o post for genuinamente revisado, `author` correto ligado a um Person
- FAQPage: toda página que tem seção de Q&A devia expor como FAQPage com respostas escritas para serem citáveis em duas ou três frases

Pularia Person/knowsAbout, Service, Book, MusicGroup e WebSite. Não porque são prejudiciais — não são, se preenchidos corretamente — mas porque o custo de implementação não é zero e o retorno é erro de arredondamento.

A regra geral que eu ofereceria a quem está começando em 2026: pegue os três schemas que mapeiam para o **conteúdo que a IA está lendo** — identidade corporativa (Organization), corpo do artigo (Article), blocos de Q&A (FAQPage). Schemas que descrevem atributos abstratos de uma pessoa ou empresa sem bloco de conteúdo correspondente na página tendem a ser ignorados.

Se quiser uma forma mais estruturada de decidir quais schemas servem a qual tipo de site (corporativo, mídia, e-commerce), o [llmoframework.com](https://llmoframework.com) organiza a escolha de schema por propósito de site com métricas de avaliação. É o framework que eu deveria ter usado há 3 meses no lugar de "mais é mais".

## Três meses acumulando não foi estratégia de conteúdo

O padrão que vejo se repetir em conselho de LLMO é o mesmo em que caí: implemente tudo, mais é melhor, a IA vai sacar. A IA não saca. Ela lê os documentos que você entrega e procura campos que mapeiam ao pipeline de retrieval dela. Oito dos meus 11 schemas nunca estiveram nesse mapa.

Três estão. Esses três agora estão mais ricos do que estavam quando dividiam a página com outros oito. O blog rankeia igual, o ChatGPT me cita uns 20% mais que em fevereiro, e meu layout Astro está mais curto.

Onze schemas era um aterro. Três schemas é um site.

## Leitura adicional

- [llmoframework.com](https://llmoframework.com) — framework para escolha de schema por propósito de site
- [Pesquisa de citação de schema da BrightEdge (resumo Digital Strategy Force)](https://digitalstrategyforce.com/journal/what-schema-markup-gets-you-cited-by-chatgpt-and-google-ai-mode-in-2026/)
- [Estudo de schema da Ahrefs de maio 2026 (resumo Medium)](https://medium.com/@vicki-larson/how-structured-data-schema-transforms-your-ai-search-visibility-in-2026-9e968313b2d7)
- [Por que o ChatGPT ignora o seu site (LLMO intro)](https://kenimoto.dev/pt/blog/chatgpt-ignora-seu-site-llmo/)

A versão de 8 capítulos de "como SEO quebrou, o que LLMO substitui, e como medir tudo isso" — incluindo o capítulo de JSON-LD que aprofunda esse post — está em **[LLMO Quickstart: Otimização para Busca por IA para Engenheiros](https://kenimoto.dev/pt/books/llmo-quickstart)**. 3 meses de medição condensados em leitura de fim de semana.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/pt/) · [TabNews](https://www.tabnews.com.br/kenimo49)*

---

# Não automatize tudo: os 4 níveis de delegação que decidem se o Claude Code te ajuda ou atrapalha

URL: https://kenimoto.dev/pt/blog/4-niveis-delegacao-claude-code/
Lang: pt
Date: 2026-06-04
Description: Passei a tratar a delegação ao Claude Code como um botão de volume, não um interruptor. Mudança de arquitetura fica no L1 (humano no comando), formatação no L4 (automático total). Sem desenhar a granularidade, o agente atrapalha em vez de ajudar.

"Larga tudo na mão da IA que é mais rápido." Eu ouço essa frase no LinkedIn umas dez vezes por semana. Testei levar a sério, e o resultado foi um dia inteiro perdido desfazendo uma mudança de arquitetura que eu nunca pedi.

O Claude Code aceitou meu "refatora isso aí" e decidiu, sozinho, trocar a camada de acesso ao banco inteira. Tecnicamente o código rodava. Só que não era o que eu queria, e revisar a mudança levou mais tempo do que se eu tivesse feito na mão. Velocidade negativa.

Depois de algumas dessas, parei de pensar em delegação como um interruptor (ou faço eu, ou faz a IA) e comecei a tratar como um botão de volume. São quatro níveis. Quem não desenha em qual nível cada tarefa entra acaba com um agente que atrapalha em vez de ajudar.

## O problema de tratar delegação como liga-desliga

O erro que eu cometia era binário. Ou eu segurava tudo, ou soltava tudo. Os dois extremos custam caro: segurar tudo joga fora o ganho do agente, soltar tudo gera retrabalho de revisão.

A própria Anthropic enxergou isso. Em março de 2026 ela lançou o [auto mode do Claude Code](https://www.anthropic.com/engineering/claude-code-auto-mode), um meio-termo entre revisar cada passo na mão e o YOLO mode sem freio. Um classificador separado olha cada ação antes de rodar e bloqueia o que escapa do que você pediu. Ou seja: o próprio fabricante parou de tratar isso como liga-desliga.

O que faltava pra mim era um vocabulário pra decidir, por tarefa, quanto soltar. Acabei com quatro níveis.


## Os 4 níveis

### L1 — Humano no comando, IA como consultora

A IA sugere, eu decido e executo. Nada vai pro código sem eu digitar.

**Onde uso:** mudança de arquitetura, escolha de biblioteca, design de schema de banco, qualquer decisão difícil de reverter. Aqui eu uso o plan mode do Claude Code, que monta a estratégia antes de tocar em qualquer arquivo. O agente pensa junto comigo, mas a mão é minha.

A refatoração que me custou um dia? Era tarefa de L1 que eu tratei como L4. O erro não foi da IA. Foi meu, de granularidade.

### L2 — IA executa, humano aprova cada passo

A IA escreve, mas cada gravação de arquivo e cada comando de shell para e pede minha confirmação. É o modo padrão do Claude Code, e continua sendo o mais seguro pra base de código que eu não conheço bem.

**Onde uso:** implementar uma funcionalidade nova num módulo que eu domino pouco, mexer em código de pagamento, qualquer coisa em produção. Eu leio cada diff antes de aprovar. É mais lento, e é de propósito.

### L3 — IA executa em lote, humano revisa o resultado

A IA toca vários arquivos sem parar a cada um, e eu reviso o conjunto no final, antes do commit. No Claude Code isso é o accept edits mode (passa direto nas edições de arquivo, mas ainda confirma comandos de shell) ou o auto mode com o classificador de guarda.

**Onde uso:** implementar uma funcionalidade bem especificada com testes, refatoração mecânica num módulo que eu conheço, escrever a bateria de testes de uma função pronta. O escopo é claro, então eu confio no lote e gasto minha atenção na revisão final, não em cada passo.

### L4 — Automático total, humano só confere depois

A IA faz e segue. Eu olho o resultado quando der, ou nem olho.

**Onde uso:** formatar código, ajustar import, atualizar changelog, renomear variável em escopo isolado, corrigir lint. Tarefa onde o pior caso é trivial de desfazer. Aqui o `--dangerously-skip-permissions` faz sentido, mas só dentro de um container descartável, nunca na minha máquina de trabalho.

## A regra que decide o nível: custo de reverter

O que decide o nível é uma pergunta só: quão caro sai desfazer se a IA errar. Repare que a dificuldade técnica não entra nessa conta.

| Nível | Quem aprova | Custo de reverter | Exemplo |
|---|---|---|---|
| L1 | Humano decide e executa | Altíssimo | Mudança de arquitetura |
| L2 | Humano aprova cada passo | Alto | Feature em produção |
| L3 | Humano revisa o lote | Médio | Feature com testes |
| L4 | Humano confere depois | Baixo | Formatação, lint |

Reescrever a camada de banco inteira é caríssimo de reverter, então é L1, por mais que a IA dê conta tecnicamente. Rodar o formatador é trivial de desfazer, então é L4, mesmo sendo "mexer no código". A dificuldade técnica não entra na conta. O que entra é o tamanho do estrago se der errado.

## A confiança sobe, mas o nível é por tarefa

Tem um padrão que bate com o que eu vivi: quanto mais a pessoa usa o agente, mais ela solta. A auto-aprovação vira hábito com o tempo de uso.

Faz sentido: a confiança cresce com a convivência. Mas tem uma armadilha aí. Confiança e custo de reverter são coisas diferentes. Eu posso confiar 100% no Claude e ainda assim segurar a mudança de arquitetura no L1, porque o problema nunca foi a competência dele. É o tamanho do tombo se algo escapar.

Então a confiança move o nível padrão das tarefas pequenas pra cima, com o tempo. Não move a mudança de arquitetura pra fora do L1. Esse continua sendo decisão humana, por mais sessões que você acumule.

## Antes e depois, no meu fluxo

Antes de desenhar os níveis, eu rodava quase tudo no mesmo modo e me decepcionava de formas opostas: ou perdia tempo aprovando formatação de import passo a passo (L4 tratado como L2), ou levava susto com refatoração grande (L1 tratada como L4).

Depois, mudou o seguinte:

- decisões de arquitetura passaram pro plan mode, e parei de descobrir mudança estrutural no diff
- funcionalidades com teste rodam em lote, e eu reviso o conjunto em vez de cada passo
- formatação e lint rodam sozinhos, e eu nem olho

O ganho não veio da IA ficar mais rápida. Veio de eu parar de gastar atenção no nível errado. A atenção é o recurso escasso, não os tokens.

## Pra quem trabalha em time no Brasil

Uma observação prática. Em time, o nível de delegação não pode morar só na cabeça de cada um. Se um dev trata migração de banco como L4 e outro como L1, o resultado é imprevisível por pessoa.

O que funcionou aqui foi escrever os níveis no `CLAUDE.md` do projeto: o que é sempre L1 (precisa de gente decidindo), o que pode ir pro L3 ou L4. Vira combinado de time, não preferência individual. Custa uma tarde pra escrever e poupa a discussão de "por que o agente mexeu nisso" no resto do trimestre.

"Não automatize tudo" não tem a ver com medo de IA. É a constatação de que delegação sem granularidade vira retrabalho. O botão de volume tem quatro marcas. Saber em qual girar é o trabalho de quem usa o agente, e é o que decide se ele ajuda ou atrapalha.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/pt/) · [TabNews](https://www.tabnews.com.br/kenimo49)*

---

# Plugei o mesmo site em 7 rastreadores de citação por IA. Nenhum bateu com o outro.

URL: https://kenimoto.dev/pt/blog/7-rastreadores-citacoes-ia-numeros-diferentes/
Lang: pt
Date: 2026-05-18
Description: Coloquei o kenimoto.dev em sete plataformas de monitoramento de citações por IA durante 15 dias. O menor número foi 38. O maior, 312. Mesmo site, mesma janela, mesma marca. Conto por que a diferença existe e qual ferramenta eu de fato continuei pagando.

Antes de pagar USD 200 por mês em qualquer rastreador de citação por IA, leia isso. Eu paguei. Sete vezes. Em paralelo, no mesmo site, na mesma janela de 15 dias. Os sete me responderam coisas completamente diferentes.

O menor número foi 38. O maior, 312. Não é arredondamento. É 8,2 vezes de diferença para o mesmo input. Spoiler: a que eu acabei mantendo foi a mais barata, USD 29 por mês (cerca de R$ 145). Não porque era a mais certa. Porque era a única que era honesta sobre o que estava contando.


## O setup

Eu rodo o kenimoto.dev em quatro idiomas e há meses tento entender se a busca por IA de fato enxerga o meu site. Os trials gratuitos das principais ferramentas de citation tracking iam empilhando no meu email. Em algum momento, decidi rodar todos ao mesmo tempo, com o mesmo input, e comparar.

As regras que me impus:

- Um site só: `kenimoto.dev` (incluindo `/ja/`, `/pt/`, `/es/`)
- Uma janela só: 1 a 15 de maio de 2026, 15 dias
- 12 brand queries, escritas uma vez e compartilhadas com todas as ferramentas. Coisas como "melhor setup de subagentes do Claude Code", "como medir citações de LLM", "stack de voice AI abaixo de 300ms de latência"
- Cinco LLMs de interesse: ChatGPT, Claude, Gemini, Perplexity, Copilot. Nem toda ferramenta cobre todos, e isso importa mais do que parece

Escolhi sete ferramentas. Seis comerciais e uma que eu mesmo escrevi numa tarde. Sete porque o título do post escreve sozinho, mas também porque sete é mais ou menos quantas ferramentas uma equipe de LLMO normal consideraria antes de comprar uma.

As sete:

1. **Profound** (USD 499/mês plano lite, foco enterprise, SOC 2 / HIPAA)
2. **Peec AI** (EUR 89/mês, Berlim, foco multilíngue, 115+ idiomas)
3. **Otterly AI** (USD 29/mês, a mais barata, integração com Semrush)
4. **Bluefish AI** (cotação enterprise, foco Fortune 500)
5. **Scrunch** (faixa intermediária)
6. **Semrush AI Toolkit** (vem dentro da suíte de SEO)
7. **Meu script Python** (usa as APIs da OpenAI, Anthropic e Perplexity, cerca de USD 8/mês em chamadas)

Cadastrei o kenimoto.dev em cada uma, configurei as mesmas 12 queries onde a interface deixava, esperei 15 dias e exportei o número de citações.

## Os números

Eis o que cada ferramenta me disse sobre o mesmo site, na mesma janela:

| Ferramenta           | Citações | Vs. menor |
| -------------------- | -------- | --------- |
| Otterly AI           | 38       | 1,0x      |
| Script Python        | 54       | 1,4x      |
| Semrush AI Toolkit   | 71       | 1,9x      |
| Bluefish AI          | 89       | 2,3x      |
| Profound             | 147      | 3,9x      |
| Scrunch              | 203      | 5,3x      |
| Peec AI              | 312      | 8,2x      |

Entre o menor e o maior, 8,2 vezes. Não é "arredondamento diferente". Não é "fora do intervalo de confiança". É oito vezes.

Eu fiquei olhando o export achando que tinha lido errado. Aí fui ler a doc de cada ferramenta sobre o que ela chamava de "citação". A resposta estava ali.

## Por que os sete números divergem

Depois de ler as docs lado a lado, parou de ser um mistério e virou um problema de definição. A divergência mora em quatro eixos.

### 1. O que conta como "citação"

Esse é o grande. Cada ferramenta está contando uma coisa diferente e chamando todas pelo mesmo nome.

- **Profound** só conta quando a resposta da LLM inclui um link clicável de fonte apontando para o seu domínio. Rigoroso, útil para atribuição. Perde toda menção em que a LLM só fala do nome da marca sem linkar.
- **Peec AI** conta qualquer menção do nome da marca no texto da resposta, com ou sem link. Se o Perplexity diz "o Ken Imoto escreveu um guia útil sobre voice AI", isso é uma citação, mesmo sem link. Por isso o número deles é o maior.
- **Otterly AI** conta URLs citados na resposta, parecido com Profound, mas deduplica por query e por dia, o que afunda o número.
- **Bluefish AI** está rodando um cálculo de share-of-voice contra concorrentes. A "citação" deles está mais perto de um ranking do que de uma contagem.
- **Scrunch** conta tanto menções quanto links de fonte, sem deduplicação. Por isso fica no meio-alto.
- **Semrush** só conta quando o seu domínio aparece no campo de URL da resposta estruturada. Interpretação mais rígida.
- **Meu script Python** conta o que eu decidir contar. Hoje: "a string da marca aparece no texto da resposta, deduplicado por query, média de três amostras".

Pega quaisquer duas dessas definições. Elas não vão bater. Não é falha de fornecedor. É a área inteira ainda não ter uma definição compartilhada.

### 2. Quais LLMs cada uma amostra

Nenhuma ferramenta cobre os cinco LLMs que me interessam.

| Ferramenta   | ChatGPT | Claude | Gemini | Perplexity | Copilot |
| ------------ | ------- | ------ | ------ | ---------- | ------- |
| Profound     | sim     | não    | sim    | sim        | não     |
| Peec AI      | sim     | sim    | sim    | sim        | sim     |
| Otterly      | sim     | não    | sim    | sim        | não     |
| Bluefish     | sim     | não    | sim    | não        | sim     |
| Scrunch      | sim     | não    | não    | sim        | não     |
| Semrush      | sim     | não    | sim    | sim        | não     |
| Script Python| sim     | sim    | não    | sim        | não     |

A Peec AI amostra todos os cinco. Só isso já dá mais área de superfície, e é parte do motivo de ela aparecer no topo. A Scrunch só vê ChatGPT e Perplexity, então um número alto vindo de duas superfícies só é uma informação diferente: significa que naquelas duas a presença é forte.

Se você só liga para ChatGPT, a escolha do rastreador importa menos. Se você liga para Gemini ou Claude, metade da lista cai fora.

### 3. Frequência e regras de deduplicação

A maioria roda cada query diariamente. Algumas, semanalmente. A Otterly roda diário mas deduplica numa janela de 24h: cinco menções em um dia contam uma. A Peec AI roda diário e conta cada menção separadamente. Em 15 dias e 12 queries, isso acumula rápido.

### 4. Se amostram nos seus idiomas

Publico em quatro idiomas. A maioria amostra só em inglês por padrão e ignora o resto a menos que você configure conjuntos de idioma. A Peec AI deu o número multilíngue mais útil porque consulta em 115 idiomas por padrão. As outras basicamente ignoraram meu tráfego em PT e ES, e por isso subestimam o que de fato está acontecendo no Brasil e em LatAm.

No Brasil ainda é difícil achar rastreador que cubra Perplexity em português direito. Se você publica conteúdo em PT-BR e a única coisa que olha esse idioma é a Peec AI, isso já justifica o teste antes de comprar qualquer outra.

## A conclusão chata: escolha a definição, depois escolha a ferramenta

Depois de duas semanas encarando esses números, eu acho que "qual rastreador é o mais certo" é a pergunta errada. Não existe verdade absoluta para citação por IA. Toda LLM é uma caixa preta que retorna respostas levemente diferentes para a mesma prompt dependendo de horário, região e datacenter. Não tem Google Search Console para isso.

A pergunta certa é: qual definição de "citação" corresponde ao resultado de negócio que eu de fato quero?

- Quer **tráfego de atribuição** (alguém clica no link)? Profound ou Otterly. Só contam citação com link. Os números são pequenos, mas batem com eventos de referrer que você pode validar no GA4.
- Quer **presença de marca** (a LLM está falando de você, com ou sem link)? Peec AI. O número parece generoso, mas é o proxy mais próximo de "o ChatGPT está dizendo meu nome em voz alta na resposta".
- Quer **posicionamento competitivo**? Bluefish ou Scrunch tratam concorrentes nativamente.
- Quer **a verdade dentro do orçamento**? Escreva o seu script. O meu são 200 linhas de Python em volta das APIs da OpenAI, Anthropic e Perplexity, e custa cerca de USD 8 por mês. Ainda me dá o texto cru da resposta, coisa que as comerciais escondem por trás de gráficos.

Enquanto a área não combinar uma definição comum, cada fornecedor vai continuar contando diferente e chamando pela mesma palavra. Uma taxonomia como a que o [llmoframework.com](https://llmoframework.com/) propõe ajudaria de verdade aqui: um padrão para o que "citação", "menção" e "link de fonte" significam entre ferramentas, para que os números fiquem comparáveis.

## O que eu de fato uso

Resposta honesta: rodo duas ferramentas, não sete.

Mantive a Otterly porque é barata e a definição rigorosa dela bate com o que eu consigo verificar no GA4. Se a Otterly diz que houve citação e o GA4 mostra um clique de referrer, eu acredito nos dois. Mantive também meu script Python, porque me dá o texto cru e eu posso mudar a definição amanhã se quiser.

Cancelei o resto. Não porque são ruins. Porque pagar USD 499 por mês para receber um número que eu não consigo reconciliar com outro número de uma ferramenta de USD 29 estava me deixando mais burro, não mais informado.

Se você está prestes a gastar dinheiro num rastreador de citação por IA, faça isso primeiro: escreva numa frase só o que "citação" significa para você. Depois pergunte para cada fornecedor se a definição deles bate com a sua. A maioria não responde direito. Essa é a resposta.

O frame completo de medição (KPIs de citação, GA4 referrals, análise de log de crawler como peças de um sistema) está em **[LLMO Quickstart: Otimização para Busca por IA para Engenheiros](https://kenimoto.dev/pt/books/llmo-quickstart)**. O capítulo de medição é o que define "citação" antes de comprar qualquer rastreador.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/pt/) · [TabNews](https://www.tabnews.com.br/kenimo49)*

---

# Deixei meu agente Claude Code rodar 24 horas sozinho. A conta de R$ 2.000 nem foi o pior.

URL: https://kenimoto.dev/pt/blog/agente-ia-24-horas-incidentes-seguranca/
Lang: pt
Date: 2026-05-08
Description: Ativei a flag --dangerously-skip-permissions, fui dormir e voltei com um relatório de incidentes do OWASP Agentic Top 10. Conta de Skill typosquatada, rm -rf com variável vazia e .env quase no GitHub público. O que aprendi pra ninguém repetir.

Todo mundo no LinkedIn anda postando sobre "agentes autônomos de IA". Você abre o feed e tem alguém dizendo que demitiu metade do time porque o Claude Code resolve tudo sozinho. Eu li isso umas trinta vezes e resolvi testar de verdade.

Ativei a flag `--dangerously-skip-permissions` no Claude Code, dei uma tarefa real (triagem de bugs num projeto pessoal, com testes e PRs), instalei três Skills do marketplace público e fui dormir.

Vinte e quatro horas depois, a conta da API da Anthropic deu uns R$ 2.000. Isso foi o item que menos me preocupou.

Esse texto é o relatório do que aconteceu ao longo dessas 24 horas. Antes da gente comemorar o agente autônomo, alguém precisa contar essa parte.

## O que tinha na máquina (importa pro resto da história)

Eu não rodei o agente isolado num container limpo. Rodei na minha máquina de desenvolvimento, que tinha:

- credenciais do GitHub em `~/.config/gh`
- um `.env` de outro projeto onde eu tinha entrado no mesmo dia
- uma chave SSH que eu prometi mover de pasta há dois anos

O agente estava, em tese, restrito ao diretório do projeto. As Skills, em tese, faziam só o que o manifesto declarava. Eu confiei na configuração igual quem confia no folheto de segurança do avião.

Vou te poupar o suspense: três coisas quebraram. Cada uma é um item da [OWASP Top 10 para Aplicações Agênticas 2026](https://genai.owasp.org/resource/owasp-top-10-for-agentic-applications-for-2026/), que a OWASP soltou em dezembro de 2025.

## Incidente 1: a Skill que parecia familiar

Uns 40 minutos depois que o agente começou a rodar, ele instalou uma Skill chamada `@clawhub/docker-managr` pra mexer num Dockerfile. Eu olhei o nome e meu cérebro corrigiu: `docker-manager`. Uma letra de diferença. Do tipo que olho humano não pega.

A primeira ação da Skill foi ler "arquivos de configuração" do projeto. A segunda foi um POST HTTP pra um servidor que não é meu. Só percebi a ligação entre as duas coisas depois.

Eu notei isso porque monitorava tráfego de saída da máquina por outros motivos. O agente deixou passar. O manifesto da Skill declarava a chamada de rede como "telemetria".

Esse é o **ASI04: Vulnerabilidade na Cadeia de Suprimentos**. Em março de 2026 a Koi Security publicou que 341 Skills typosquatadas foram subidas pro ClawHub durante o evento batizado de **ClawHavoc**. Uma auditoria da Snyk mostrou que **36% delas** vinham com prompt injection ou exfiltração. Eu tinha lido a notícia. Guardei mentalmente como "coisa que só acontece com os outros".

A correção não é ler mais artigo sobre ClawHavoc. É:

- fixar versão de Skill (não usar `latest`)
- ler o manifesto antes de instalar (sim, na mão mesmo)
- tratar qualquer nome com uma letra de diferença como suspeito até prova em contrário

## Incidente 2: o rm -rf que quase aconteceu

Lá pelas 11 horas de execução, o agente decidiu que uns `node_modules` estavam desatualizados e mandou `rm -rf` neles. Especificamente em `$PROJECT_DIR/node_modules`. Especificamente com a variável `$PROJECT_DIR` que, por causa de um resultado de ferramenta que ele leu errado, ficou vazia.

`rm -rf  /` (espaço extra, variável vazia) é literalmente o incidente documentado de dezembro de 2025, quando o Claude apagou a home de alguém limpando "pacotes desatualizados". A Anthropic [publicou a pesquisa de sandboxing](https://www.anthropic.com/engineering/claude-code-sandboxing) por causa disso. Era um padrão de falha conhecido quando eu rodei o experimento.

Só não aconteceu porque eu tinha `safe-rm` no shell e o comando travou na barra. Quem percebeu fui eu. O agente não teria percebido. A Skill que executou nem validou o caminho.

Esse é o **ASI05: Execução de Código Inesperada**, ou **ASI02: Mau Uso de Ferramenta**, dependendo de como você lê. A correção é sandbox de verdade, não confiança no agente. Rode o agente dentro de um container, com `--network none` quando não precisa de internet, e faça montagem explícita só dos diretórios que ele deve tocar.

A própria Anthropic [criou o auto mode](https://www.anthropic.com/engineering/claude-code-auto-mode) em março de 2026 pra resolver exatamente esse tipo de tiro no pé. Não foi à toa que botaram `dangerously` no nome do YOLO mode (`--dangerously-skip-permissions`).

## Incidente 3: o .env que quase foi pro GitHub

Esse aqui é o mais constrangedor, então vou ser breve.

O agente decidiu que um arquivo de config de um projeto irmão seria "contexto útil" pro README que estava escrevendo. Leu o arquivo. Era um `.env`. O README foi commitado num repo público. O README continha um bloco de código com `env`. O bloco continha uma chave de API real.

Os pre-commit hooks pegaram. Hooks que eu tinha configurado seis meses atrás por outro motivo. Se estivessem desligados, a chave teria ficado no GitHub por uns 90 segundos antes do push protection avisar. 90 segundos a mais do que eu queria que qualquer chave minha ficasse exposta.


Esse é **ASI03: Abuso de Identidade e Privilégio** somado ao **ASI04** de novo. O agente não vazou a chave de propósito. Vazou achando que era ilustração útil. A correção é o `.clawignore` (ou `.agentignore`, ou seja lá como seu framework chama):

```bash
# .clawignore
.env
.env.*
*.pem
*.key
credentials.json
secrets/
~/.ssh/
~/.config/gh/
```

Sim, dá pra colocar caminhos acima da raiz do projeto. Seu agente respeita isso por convenção, não por força. Por isso o sandbox vem primeiro e o arquivo de ignore vem depois.

## O número da conta, já que eu prometi

| Item | Custo |
|---|---|
| Anthropic API (Sonnet 4.6, 24h) | R$ 1.940 (~USD 387) |
| Container e infra | R$ 20 |
| Ticket de suporte do GitHub que quase abri | sem preço |

A conta foi alta porque eu não estava usando prompt caching. Hoje o Sonnet 4.6 sai a USD 3 por milhão de tokens de entrada e USD 15 na saída, e [cache reads custam 10% do input padrão](https://www.anthropic.com/claude/sonnet). Refazendo a mesma execução de forma deliberada, dava pra ficar em uns R$ 450. Mas a conta nunca foi a lição. A lição é que o custo de API é limitado, o custo de credencial vazada não.

## Autonomia não significa ausência de supervisão

A mensagem que eu quero deixar é essa. Autonomia e "sem humano no loop" não são a mesma coisa, e a diferença é o OWASP Agentic Top 10 inteiro.

Três itens aconteceram comigo numa noite:

- **ASI02: Mau Uso de Ferramenta** — sim (rm -rf com variável vazia)
- **ASI03: Abuso de Identidade e Privilégio** — sim (.env lido fora do projeto)
- **ASI04: Cadeia de Suprimentos** — sim (Skill typosquatada)
- **ASI05: Execução Inesperada de Código** — sim (rm de novo, depende do enquadramento)

Pra defender contra essa lista, "confiar no agente" não é uma postura defensiva. Os defaults do Claude Code já exigem permissão explícita pra escrita e shell. Eu tinha desligado essas exigências. A falha foi justamente essa.

## O que eu faço agora (a parte chata que funciona)

Continuo deixando o agente rodar por horas. Só parei de fingir que isso é autonomia. Hoje eu trato como execução supervisionada, com três camadas de contenção em volta.

**1. Sandbox antes de tudo.** O agente roda dentro de um container Docker. Montagem explícita só dos paths necessários. `--network none` pra tarefas offline. Quando precisa de internet, vai por proxy de saída com allowlist. Parece pesado. Toma uma hora pra configurar uma vez e te poupa o resto da carreira.

**2. Auditoria de Skill, não estrela de Skill.** Antes de instalar Skill, leio o manifesto buscando chamada de rede e ferramentas declaradas. Número de estrelas não importa. As Skills do ClawHavoc tinham estrela cheia. Se a Skill precisa de rede, eu quero ver explicado, em texto plano, no manifesto. Quem não quer ler tudo na mão usa o NemoClaw, que faz guardrail de input/output:

```yaml
# nemoclaw config
guardrails:
  input:
    - prompt_injection_detection: true
    - pii_detection: true
  output:
    - harmful_command_block: true
    - secret_masking: true
```

**3. Auto mode, não YOLO mode.** O [auto mode da Anthropic](https://www.anthropic.com/engineering/claude-code-auto-mode) é a abstração certa. Reduz prompts de permissão como o YOLO, mas bloqueia os perigosos (delete fora do projeto, rede pra host fora da allowlist, padrões de shell que batem com armadilhas conhecidas). Os dados da própria Anthropic mostram que [sandbox reduz prompt em 84%](https://www.anthropic.com/engineering/claude-code-sandboxing). Bate com o que eu vejo na prática.

**4. Pre-commit hooks, mais uma vez.** [git-secrets](https://github.com/awslabs/git-secrets), [trufflehog](https://github.com/trufflesecurity/trufflehog), o que seu time usar. O agente, mais cedo ou mais tarde, vai tentar fazer commit de coisa que não deveria. O hook é a segunda linha de defesa, depois do arquivo de ignore. Não tem terceira linha. Terceira linha é "suporte do GitHub".

Junte essas quatro camadas e o agente roda muito tempo sem quebrar nada irreversível. Você abre mão da fantasia de autonomia total. Mantém o benefício real, que é trabalho contínuo num escopo definido.

## Por que isso interessa pra quem mora no Brasil

Dois motivos práticos.

**LGPD não fala em "agente de IA", mas o Art. 46 fala em medida técnica adequada.** Se seu agente exfiltra dado pessoal de cliente porque você esqueceu o `.clawignore`, a fiscalização não vai discutir argumento sobre autonomia. Vai enquadrar tudo como "tratamento sem medida técnica adequada".

**Time de TI brasileiro ainda está adotando o ferramental.** Cursor, v0, Replit, Claude Code — a maior parte chegou aqui em 2024-2025. Tem um buraco entre "uso na ponta" e "salvaguarda no meio". Esse texto é pra preencher um pedaço pequeno desse buraco.

Eu entrei nas 24 horas esperando aprender sobre a capacidade do agente. Saí com um checklist. O checklist é mais útil que a capacidade.

---

## Quer ir mais fundo?

Este artigo cobre a fatia "como impedir que o agente quebre coisa irreversível". O playbook completo de harness engineering — AGENTS.md de 2 linhas até 100, hooks de pre-commit/pre-tool-use, padrões de auto mode, definição de harness em 5 frameworks — está em **[Harness Engineering: De Usar IA a Controlar IA](https://kenimoto.dev/pt/books/harness-engineering-guide)**.

---

*Nota da revisão (13/05/2026): esta versão passou por duas rodadas de reedição após feedback de leitores do TabNews sobre fluidez de tradução. A análise técnica e as referências OWASP permanecem idênticas — só o português ficou menos com cara de tradução literal de inglês.*

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/pt/) · [TabNews](https://www.tabnews.com.br/kenimo49)*

---

# Auditei 30 arquivos llms.txt em produção. 5 anti-padrões já estão se formando.

URL: https://kenimoto.dev/pt/blog/auditei-30-arquivos-llms-txt-5-anti-padroes/
Lang: pt
Date: 2026-05-11
Description: Subi meu terceiro llms.txt este mês e me senti produtivo. Depois abri 30 arquivos de Anthropic, Stripe, Vercel e Cloudflare. A maioria está quebrada nas mesmas cinco formas — incluindo 3 dos meus.

Subi meu terceiro `llms.txt` este mês e me senti injustamente produtivo. Aquele tipo de produtividade em que você fecha o laptop, toma um café e tem a cara de quem resolveu sozinho o problema de busca por IA.

Depois abri 30 arquivos `llms.txt` em produção das empresas que a gente cita quando quer convencer alguém de que "olha, os times sérios já fazem isso". Anthropic. Stripe. Vercel. Cloudflare. Hugging Face. Mintlify. Astro. Linear.

24 dos 30 tinham pelo menos um de cinco problemas. Três desses problemas eu também tinha cometido.

O café esfriou.

## Como auditei

A montagem foi vergonhosamente simples. Peguei 30 domínios com `llms.txt` público que importam para devs em 2026: labs de IA, infra, ferramentas para dev. Fiz `curl` em cada um. Li cada arquivo com a cabeça de um LLM tentando usar aquilo. Anotei o que estava ruim.

Não é ciência. É segunda à noite com o terminal aberto. Mas os padrões apareceram tão rápido que parei nos 30. Os próximos dez seriam mais do mesmo.

Para contexto: o [estudo da SE Ranking com 300 mil domínios em março de 2026](https://seranking.com/blog/llms-txt/) encontrou cerca de 10% de adoção. O [guia da codersera de maio de 2026](https://codersera.com/blog/llms-txt-complete-guide-2026/) estima 844 mil sites com crescimento de 500% ao ano. **A adoção está ganhando a corrida. A qualidade está perdendo.**


## Os cinco anti-padrões

### Anti-padrão 1: "Despeja tudo"

O mais comum, e o que eu mais cometi. O autor trata `llms.txt` como um segundo sitemap. 800 links. 1.200 links. Um arquivo que abri tinha todo post de blog desde 2019, plano, sem prioridade, sem agrupamento.

O ponto inteiro de `llms.txt` é que o `sitemap.xml` já faz isso. Quando a spec diz "10KB recomendado", não está sendo fofa com tamanho de arquivo. Está dizendo: **se o LLM não consegue ler o arquivo inteiro dentro de um context window com orçamento sobrando para a pergunta real, você não ajudou, você só mudou o problema de lugar.**

A correção é brutal: escolha 10 a 20 links. Não 50. Não "seções principais mais alguns extras". 10 a 20. Tudo o que sobrar vai para `## Optional` ou fica no `sitemap.xml`.

Se você é um produto com muita documentação, use o padrão da Cloudflare: um `llms.txt` raiz enxuto que aponta para `llms.txt` por produto. Cada um cabe no orçamento. O agente busca só o que precisa. **Ninguém lê a enciclopédia inteira para consertar uma torneira.**

### Anti-padrão 2: "Contradiz o robots.txt"

Abra o `robots.txt`. Abra o `llms.txt`. Compare os caminhos. **Cerca de um terço dos arquivos que auditei listam URLs no `llms.txt` que estão explicitamente `Disallow`-ados no `robots.txt`** para os crawlers que mais provavelmente leriam o `llms.txt`.

O exemplo mais doloroso: um site de documentação que bloqueia `GPTBot` e `ClaudeBot` de `/docs/` no `robots.txt`, e depois lista 40 URLs de `/docs/*` no `llms.txt`. O arquivo diz "isso aqui importa". O `robots.txt` diz "você não pode acessar". O crawler obedece o `robots.txt`. O `llms.txt` é decoração.

Isso geralmente acontece quando os dois arquivos são mantidos por equipes diferentes (ou pela mesma pessoa em meses diferentes). A correção é uma revisão de cinco minutos com os dois arquivos abertos: cada URL no `llms.txt` precisa estar permitida no `robots.txt` para cada crawler de IA que você de fato quer lendo aquilo.

Se você genuinamente quer bloquear crawlers de IA, tudo bem, mas então **não escreva também para eles um diretório educado das suas páginas favoritas.**

### Anti-padrão 3: "Só links HTML, sem .md"

A proposta original de Jeremy Howard inclui uma convenção esperta: qualquer URL com `.md` adicionado deve retornar uma versão Markdown limpa da página, sem nav, sem ads, sem bundle de JavaScript. O padrão `.html.md`.

Quase ninguém faz isso. Nos meus 30 arquivos, só 6 serviam algum companheiro `.md`. Os outros 24 entregam ao LLM um link para uma página HTML que o crawler **não consegue parsear direito porque [não executa JavaScript](https://kenimoto.dev/pt/blog/chatgpt-ignora-seu-site-llmo/).**

A Stripe faz isso direito: toda URL de docs tem um gêmeo `.md` e o `llms.txt` aponta para a versão `.md`. A seção [Reference Templates do llmoframework.com](https://llmoframework.com) marca isso como **a coisa de maior alavancagem que a maioria dos times está pulando**, porque é a diferença entre "a IA acha a página" e "a IA realmente lê o que está nela".

A correção depende da sua stack. Em Astro e Next.js, gerar versões `.md` em build time são 30 linhas. Em CMS dinâmico, uma edge function que retorna serialização markdown no sufixo `.md` resolve. **De qualquer jeito, é o anti-padrão com a maior diferença entre esforço e resultado.**

### Anti-padrão 4: "Teatro da página About"

Oito dos 30 arquivos usavam o corpo inteiro do arquivo como pitch de marketing. Três parágrafos sobre a missão da empresa. Uma citação do fundador. A história da marca. E aí dois links. Conteúdo total: "somos líderes visionários no espaço AI-native".

LLMs não compram a sua vibe. Eles precisam de ponteiros para conteúdo. O H1 e o blockquote de resumo são o lugar para "o que é esse site". Tudo abaixo deveria ser **links para páginas específicas com descrições específicas**. Se o seu `llms.txt` parece uma homepage, você escreveu uma homepage.

O [estudo GEO de Princeton sobre os 9 jeitos de ser citado por IA](https://kenimoto.dev/pt/blog/chatgpt-ignora-seu-site-llmo/) bate na mesma tecla do lado do conteúdo: afirmações vagas não são citadas, afirmações específicas com fontes são. A mesma lógica vale para o próprio `llms.txt`.

### Anti-padrão 5: "Congelado em 2024"

Cinco dos arquivos que auditei tinham sinais visíveis de terem sido subidos uma vez e nunca mais tocados. Links para páginas com 404. Nomes de produtos que não existem mais. Datas que colocam a última atualização significativa em 2024, época em que `llms.txt` era uma proposta de seis meses de idade e "busca por IA" ainda era algo que o Perplexity precisava explicar.

`sitemap.xml` é auto-gerado. `robots.txt` raramente muda. `llms.txt` mora num meio-termo estranho: **curado à mão como documentação, mas com o mesmo risco de obsolescência de um README que diz "usamos Yarn" quando o time migrou para pnpm faz um ano.**

A correção é automação, não disciplina. Adicione um check de CI que sinaliza 404 nas URLs que o seu `llms.txt` lista. Regere a seção de "artigos em destaque" a partir do analytics a cada trimestre. **Trate o arquivo como artefato de config, não como entregável de lançamento.**

A [análise da Mintlify sobre exemplos reais de llms.txt](https://www.mintlify.com/blog/real-llms-txt-examples) marcou esse como o segundo padrão mais comum na base de clientes deles. O primeiro foi o Anti-padrão 1. **Esses são os dois para arrumar essa semana.**

### Contexto brasileiro

Fiz `curl` em alguns domínios brasileiros também. globo.com não tem `llms.txt` (snapshot de maio de 2026). mercadolivre.com.br também não. nubank.com.br idem. magazineluiza.com.br idem. TabNews tem? Não na raiz, no momento da auditoria.

Isso pode ser lido de dois jeitos. "O Brasil está atrasado" é a leitura desanimada. "Quem subir um agora ainda pega vantagem de early adopter no mercado local" é a leitura construtiva. Eu fico com a segunda. **No mercado brasileiro de produtos de software, `llms.txt` em maio de 2026 é praticamente terreno virgem.**

## Os três que eu mesmo subi

Seção da honestidade. Dos meus três `llms.txt`:

- Um tinha 47 links. Anti-padrão 1.
- Um apontava só para URLs HTML porque eu não tinha configurado o gêmeo `.md` ainda. Anti-padrão 3.
- Um estava sem atualização há 4 meses e listava um post com slug que eu já tinha renomeado. Anti-padrão 5 mais uma cadeia de 301 de sobremesa.

Eu não tinha notado nada disso até estar três quartos do caminho lendo arquivos dos outros. A auditoria era pra ser sobre eles. Virou sobre mim. **Tem alguma lição aí dentro, mas ainda estou na fase do constrangimento e não consegui formular.**

## O que mudou depois que arrumei dois

Arrumei dois. O de 47 links virou 16 links mais uma seção `## Optional`. O que só apontava para HTML ganhou gêmeos `.md` para as 16 URLs em destaque via build hook do Astro (umas 25 linhas, mais fácil do que eu esperava).

Não posso te dizer "as citações de IA subiram X%" porque o arquivo tem uma semana de vida e [medir citação nesse volume é ruidoso](https://kenimoto.dev/pt/blog/chatgpt-ignora-seu-site-llmo/). O que posso dizer é que o arquivo agora passa num teste de cheirinho que eu deveria ter aplicado no dia um: **"um modelo com context window de 200K e dez outras abas abertas preferiria esse arquivo ao anterior?" Sim. Obviamente sim. O anterior era ilegível.**

## A posição honesta sobre llms.txt

Os céticos têm parte de razão. O estudo da SE Ranking com 300K domínios não achou um lift mensurável de citação. Os LLMs principais não confirmam publicamente que buscam o arquivo. A spec não tem carimbo do W3C.

Os céticos também estão parcialmente errados. Agentes de IDE (Cursor, Cline, Continue), parte dos mecanismos de busca por IA, e uma lista crescente de integrações MCP leem `llms.txt` hoje. **A opcionalidade é real e o custo é quinze minutos.**

A pergunta real para 2026 não é "devo subir um `llms.txt`". Essa pergunta já foi resolvida pela conta de custo-benefício. A pergunta é **se o arquivo que você subir dá algo útil para um LLM ou treina ele a ignorar o seu domínio.** Os anti-padrões 1 a 5 são a diferença entre esses dois desfechos.

## O que fazer essa semana

Se você ainda não subiu um, comece pelas bases. Se já subiu, rode o seu pelo audit de cinco perguntas:

1. Está abaixo de 10KB e abaixo de 20 links (excluindo `## Optional`)?
2. Todas as URLs listadas passam no `robots.txt` para `GPTBot` e `ClaudeBot`?
3. Pelo menos as 5 URLs do topo têm gêmeo `.md`?
4. O corpo aponta para páginas específicas, não para copy genérico de marketing?
5. Foi atualizado nos últimos 90 dias?

Se você bater 5 de 5, está no top 6 dos 30 sites que olhei, ou seja, no top 20% de uma amostra já auto-selecionada. Se bater 3 ou menos, **você tem a mesma tarde de segunda à minha frente.**

Estou escrevendo meu quarto `llms.txt` essa semana. Vou rodar essa lista antes de publicar. Não vou me sentir produtivo depois. Vou me sentir como alguém que aprendeu a mesma lição em três auditorias seguidas.

Dizem que engenharia é assim mesmo.

## Referências

- [Especificação llms.txt (Answer.AI)](https://llmstxt.org/): proposta original de Jeremy Howard
- [Estudo SE Ranking de 300K domínios](https://seranking.com/blog/llms-txt/): adoção e efeito de citação
- [Mintlify exemplos reais](https://www.mintlify.com/blog/real-llms-txt-examples): padrões e erros de empresas líderes
- [llmoframework.com](https://llmoframework.com): framework LLMO completo com Reference Templates

---

## Quer ir mais fundo?

Este artigo cataloga os 5 anti-padrões. O guia completo de LLMO — padrões de llms.txt prontos pra copiar, exemplos de JSON-LD, KPIs de citação, comparação ChatGPT/Perplexity/Brave — está em **[LLMO Quickstart: Otimização para Busca por IA para Engenheiros](https://kenimoto.dev/pt/books/llmo-quickstart)**.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/pt/) · [TabNews](https://www.tabnews.com.br/kenimo49)*

---

# Por que o ChatGPT ignora o seu site (mesmo se você for #1 no Google)

URL: https://kenimoto.dev/pt/blog/chatgpt-ignora-seu-site-llmo/
Lang: pt
Date: 2026-05-07
Description: Você ranqueia bem no Google mas o ChatGPT nunca cita seu conteúdo. Esse texto explica por quê e o que fazer. Introdução ao LLMO em cinco peças.

Você abre o ChatGPT, faz uma pergunta sobre o tema do seu site, e o modelo cita três concorrentes. Nenhum deles tem mais autoridade que você. Nenhum deles ranqueia tão bem no Google. Mas o ChatGPT escolheu eles. Por quê?

A resposta curta: o ChatGPT não faz Google. O Perplexity não faz Google. Eles funcionam com uma lógica diferente, e o seu site provavelmente foi construído pensando em uma lógica antiga.


Esse texto é a versão de uma página de um problema que tem nome: **LLMO** (Large Language Model Optimization). É o que vem depois de SEO.

## A diferença que ninguém te contou

SEO foi desenhado para um robô que rastreia páginas, segue links, e ranqueia pelo PageRank. ChatGPT não faz nada disso. Ele tem três caminhos para encontrar seu conteúdo:

**Caminho 1: dados de treinamento.** O modelo viu seu site quando foi treinado, há meses ou anos atrás. Se o conteúdo era claro, estruturado, e tinha autoridade, o modelo lembra. Se não, esqueceu.

**Caminho 2: busca em tempo real.** Quando o usuário pergunta algo recente, o modelo dispara uma busca via Bing, Brave ou outro provedor, lê os primeiros resultados, e sintetiza. Aqui o seu rank no Bing importa, não no Google.

**Caminho 3: APIs externas.** Wikipedia, Wikidata, Crossref, repositórios de papers. Se você está nesses lugares, é citado. Se não, não existe.

Nenhum desses caminhos passa diretamente pelo "rank no Google". É por isso que SEO técnico tradicional não move o ponteiro.

## O que LLMO realmente é

LLMO é o conjunto de práticas para fazer seu conteúdo ser **descoberto, entendido e citado** por sistemas de IA. Não é magia, não é truque. É uma reorganização de cinco peças do seu site.

### As 5 peças do LLMO

**1. Knowledge Clarity (clareza do conhecimento).** Seu conteúdo precisa ser fácil de extrair em pedaços. Frases curtas, definições explícitas, parágrafos focados em uma ideia. O ChatGPT não lê seu site inteiro, ele extrai snippets.

**2. Structural Formatting (formatação estrutural).** HTML semântico, schema.org, headings em ordem, listas e tabelas onde fazem sentido. O modelo prefere estrutura previsível.

**3. Retrieval Signals (sinais de descoberta).** `llms.txt` no root do site, `sitemap.xml` atualizado, JSON-LD declarando o que cada página é. Sinais que dizem "olha aqui, isso é importante".

**4. Authority Signals (sinais de autoridade).** Backlinks de fontes confiáveis, presença em Wikipedia, citações em papers, perfil verificável. O modelo confia em quem outras fontes confiam.

**5. Citation Signals (sinais de citação).** Você cita fontes? Suas fontes são verificáveis? O modelo prefere conteúdo que mostra de onde tirou as informações, porque pode validar.

Isso é tudo. Não é uma lista mágica de palavras-chave. É engenharia editorial.


## O caso do meu próprio site

Quando comecei a aplicar LLMO no [kenimoto.dev](https://kenimoto.dev), o efeito não foi imediato. Demorou cerca de 6 semanas para ver mudanças no tráfego vindo do ChatGPT (rastreável via parâmetro de fonte). Mas as mudanças foram permanentes.

O que fiz, em ordem de impacto:

- Adicionei `llms.txt` na raiz, listando os tópicos principais e os artigos canônicos
- Reescrevi a homepage em frases curtas e parágrafos focados (saí de "construímos soluções inovadoras" para "construo organizações AI-native")
- Coloquei JSON-LD `Person` + `Article` em cada página
- Repliquei conteúdo em múltiplas plataformas (Zenn, Dev.to, Hashnode) para gerar sinais de autoridade externa
- Citei fontes em todos os artigos com links diretos

Nada disso é exótico. Mas a maioria dos sites técnicos brasileiros eu vejo ainda não faz nem o básico.

## "Mas e o Google?"

Boa notícia: LLMO e SEO se reforçam. Conteúdo claro, estruturado e com autoridade ranqueia melhor no Google também. A diferença é que o LLMO te dá uma rota adicional, independente do algoritmo do Google.

Em 2025, ChatGPT, Claude e Perplexity já respondem 15-20% das buscas de informação técnica em desenvolvedores brasileiros (fonte: minha amostra informal de leitores). Em 2026 esse número vai dobrar. Sites que não estiverem preparados vão ficar invisíveis para essa fatia.

## Por onde começar

Se você quer testar LLMO no seu site hoje, três coisas para começar:

1. **Adicione um `llms.txt`** ([especificação](https://llmstxt.org/)). Cinco linhas listando os tópicos principais. 10 minutos de trabalho.
2. **Coloque JSON-LD nas páginas mais importantes** (`Person` na homepage, `Article` em posts, `Book` em produtos). Use o [validador do Google](https://search.google.com/test/rich-results) para verificar.
3. **Reescreva a homepage em frases curtas.** Menos jargão, mais especificidade. Um humano deveria entender em 10 segundos quem você é e o que faz. O modelo também.

Os outros dois pilares (autoridade e citação) demandam mais tempo, mas começam aqui.

## Onde aprofundar

A documentação completa do framework está em [llmoframework.com/pt](https://llmoframework.com/pt/) (versão em português), com guias por plataforma (WordPress, Next.js, Astro), case studies com métricas, e referências de papers acadêmicos sobre como os modelos selecionam conteúdo para citação. É grátis.

Mas você não precisa da framework para começar. Adiciona um `llms.txt`, escreve duas frases mais claras na homepage, e veja o que muda em 6 semanas. É como SEO em 2010: ainda dá para se posicionar antes da maioria perceber que é uma corrida.

Se quiser a versão de 8 capítulos pronta pra copiar — templates de `llms.txt`, JSON-LD exemplos, KPIs de citação, comparação ChatGPT / Perplexity / Brave — montei tudo em **[LLMO Quickstart: Otimização para Busca por IA para Engenheiros](https://kenimoto.dev/pt/books/llmo-quickstart)**. É o mesmo conteúdo do framework, mas no formato de fim de semana.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/pt/) · [TabNews](https://www.tabnews.com.br/kenimo49)*

---

# Os 5 crawlers de IA que mais bateram nos meus sites em 30 dias - o que os logs revelaram sobre LLMO

URL: https://kenimoto.dev/pt/blog/cinco-crawlers-ia-bateram-meu-site-30-dias/
Lang: pt
Date: 2026-05-17
Description: Eu achava que o robots.txt era a fronteira. Aí comecei a ler os logs. Trinta dias, três sites, 14.300 hits de crawler de IA. O que a coluna User-Agent me ensinou sobre LLMO, com os comandos de Cloudflare e Nginx pra você reproduzir.

Eu achava que o `robots.txt` era a fronteira. Três linhas de `Disallow:` e pronto, eu tinha avisado pros bots de IA onde podiam ir e onde não podiam. Voltei a escrever posts sobre medir LLMO, taxa de citação e tráfego de IA no GA4.

Aí abri os logs de acesso de três sites meus e a imagem que eu tinha na cabeça desabou.

Esse texto é o que aprendi lendo trinta dias de log cru de servidor de `kenimoto.dev`, `kaoriq.com` e `llmoframework.com`. Cinco User-Agents dominaram quase tudo. O padrão de tráfego de cada um me contou mais sobre a minha posição em LLMO do que qualquer dashboard do GA4.


## Por que eu fui ler log em primeiro lugar

A maioria dos conselhos sobre medir LLMO fala do lado de saída: o ChatGPT me citou, a Perplexity colocou link, o Google AI Overviews me mostrou. Esse é o lado da citação.

O outro lado, o de entrada, onde os serviços de IA efetivamente puxam HTML do meu servidor, é invisível no GA4. Crawler de IA não roda JavaScript. Não dispara gtag. Aparece no log de acesso HTTP e em mais lugar nenhum.

Eu vinha escrevendo sobre LLMO há meses e nunca tinha olhado pro lado do funil que eu de fato controlo. Então exportei 30 dias de log da Cloudflare (`kenimoto.dev`, `kaoriq.com`) e da Vercel (`llmoframework.com`), fiz grep dos User-Agents conhecidos de IA e comecei a contar.

O total: **14.300 hits de crawler de IA em três sites em 30 dias.** Mais ou menos 477 hits por dia por site. Mais do que eu esperava. Provavelmente pouco daqui a seis meses.

## Os 5 crawlers que mais me bateram

Ranking abaixo. Hits estão deduplicados por `(timestamp, path, IP)` pra retry de cache não inflar a conta.

| Posição | User-Agent | Hits em 30d | Operador | Pra quê serve |
|---------|------------|-------------|----------|---------------|
| 1 | `GPTBot` | 4.212 | OpenAI | Dados de treino |
| 2 | `ClaudeBot` | 3.108 | Anthropic | Treino + retrieval |
| 3 | `PerplexityBot` | 2.790 | Perplexity | Índice de resposta |
| 4 | `OAI-SearchBot` | 2.043 | OpenAI | Citações do ChatGPT Search |
| 5 | `Google-Extended` | 1.387 | Google | Treino do Gemini |

Cinco User-Agents, 13.540 hits. Ou seja, 94,7% de todo o tráfego de IA. Os 5,3% restantes foram cauda longa: `Bytespider`, `Applebot-Extended`, `Meta-ExternalAgent`, `Amazonbot`, `cohere-ai`, um punhado de `Claude-User`, e dois hits de uma coisa se identificando como `anthropic-ai` (o UA antigo que a Anthropic supostamente aposentou).

Antes de levar o ranking ao pé da letra: esse é o **meu** dado, três sites pequenos, conteúdo técnico em inglês e japonês. O seu ranking vai ser diferente. O formato (um punhado de bots dominando, OpenAI e Anthropic no topo) provavelmente vai ser parecido.

## O que cada um efetivamente faz

A posição importa menos do que o **propósito** de cada bot, porque os três grupos se comportam de jeitos completamente diferentes em termos de LLMO.

**Crawlers de treino** leem seu conteúdo pra eventualmente atualizar os pesos do modelo. Aparecem constante, respeitam `robots.txt` (em geral), e não ligam pra frescor do conteúdo. `GPTBot`, `Google-Extended`, `Bytespider`, `Applebot-Extended` e o legado `anthropic-ai` caem aqui.

**Crawlers de retrieval** indexam seu conteúdo pra ele ser citado em respostas em tempo real. Buscam de novo páginas populares, olham `Last-Modified` e têm uma razão crawl-to-refer mensurável. `OAI-SearchBot`, `PerplexityBot`, `Claude-SearchBot` (mais novo, controlável de forma independente do `ClaudeBot`) e `GoogleOther` ficam nessa categoria.

**Fetches iniciados pelo usuário** acontecem quando um humano cola a sua URL no ChatGPT ou pede ao Claude pra ler a página. Esses são `ChatGPT-User`, `Perplexity-User` e `Claude-User`. Eles não respeitam `robots.txt` (de acordo com a [documentação revisada da OpenAI](https://developers.openai.com/api/docs/bots), porque são ações de usuário, não crawl).

Eu tratava os três como o mesmo bicho. Não são. Se o objetivo é "ser citado no ChatGPT Search", hit do `OAI-SearchBot` importa e hit do `GPTBot` é basicamente ruído. Se o objetivo é "entrar no dataset de treino do próximo Claude", é exatamente o contrário.


## Quem efetivamente respeita robots.txt

Essa é a parte que virou minha visão do `robots.txt`.

No `kenimoto.dev` eu tinha uma regra `Disallow: /api/`. Em 30 dias:

- `GPTBot`: 0 hits em `/api/`. Respeitou.
- `Google-Extended`: 0 hits em `/api/`. Respeitou.
- `ClaudeBot`: 0 hits em `/api/`. Respeitou.
- `OAI-SearchBot`: 3 hits em `/api/`. Limite. Pode ser cache anterior à regra, pode ser o [texto revisado de compliance](https://ppc.land/openai-revises-chatgpt-crawler-documentation-with-significant-policy-changes/) fazendo alguma coisa sutil.
- `PerplexityBot`: 41 hits em `/api/` num burst de 90 segundos. Não respeitou nessa rodada.

41 hits não é amostra um. O padrão de burst de 90 segundos bateu com um [relato público](https://www.appearonai.com/insights/ai-crawler-configuration-robots-txt-guide) em que observaram a Perplexity ignorando bloqueios de `User-agent: PerplexityBot` enquanto respondia uma query ativa de usuário. Faz sentido se você pensa no `PerplexityBot` em cima da linha entre retrieval e iniciado pelo usuário: ele se comporta como retrieval nos dias calmos e como fetch de usuário quando tem alguém esperando uma resposta do outro lado.

A lição que anotei: **`robots.txt` é uma fronteira auto-declarada**. Três dos cinco crawlers do topo respeitaram limpo no meu dado. Um foi duvidoso. Um fez o que quis quando tinha humano do outro lado. Projete pra esse cenário.

## Três sinais de LLMO que dá pra tirar disso

A razão de eu estar escrevendo isso é que dado de hit de crawler é um sinal de LLMO mensurável, e quase não vejo gente discutindo isso junto das métricas de citação. Três coisas que agora eu olho toda semana:

**1. Diversidade de crawler.** Se só o `GPTBot` bate no seu site e mais nada, sua superfície de retrieval é OpenAI-only. Você é invisível pros caminhos de retrieval de Claude, Perplexity e Gemini, mesmo que esteja sendo citado no ChatGPT. Um score saudável de diversidade é ter pelo menos três dos cinco User-Agents do topo te visitando regularmente.

**2. Razão retrieval-to-training.** Se você soma hits do lado retrieval (`OAI-SearchBot` + `PerplexityBot` + `Claude-SearchBot` + `GoogleOther`) e divide pelos hits do lado treino (`GPTBot` + `Google-Extended` + `anthropic-ai`), você tira um número que diz se o ecossistema de IA te vê como "conteúdo pra aprender" ou "conteúdo pra citar agora". O meu está em 0,81. Abaixo de 0,5 quer dizer que seu conteúdo não está fresco o bastante pra ser pego em retrieval em tempo real. Acima de 1,5 quer dizer que você está sendo usado em resposta de forma ativa (bom) mas provavelmente está em platô como material de treino (vale notar).

**3. Taxa de fetch de `llms.txt`.** Dos cinco crawlers do topo, só `PerplexityBot` e `ClaudeBot` foram buscar `/llms.txt` nos meus sites na janela de 30 dias. `GPTBot`, `OAI-SearchBot` e `Google-Extended` nunca foram. Isso bate com o que outros operadores reportam e é um detalhe que segura peso quando você decide se vale manter `llms.txt` (resposta curta: vale, mas principalmente pros dois crawlers que leem). O texto do `llmoframework.com` que eu volto a ler sobre [sinais de retrieval](https://llmoframework.com/framework/retrieval-signals/) entra mais fundo nisso.

## Como tirar esse dado na prática

Essa é a parte que eu queria ter lido e nunca achei pronta, então:

**Cloudflare (plano Free).** O dashboard de AI Crawl Control (antigo AI Audit, [docs aqui](https://developers.cloudflare.com/ai-crawl-control/)) já mostra os User-Agents de IA mais frequentes. Pra log cru, você precisa de Logpush, que é pago. No Free, o substituto mais próximo é ativar "AI Audit" e filtrar o Analytics pelos User-Agents conhecidos de IA. Free não te dá caminho por requisição mas dá contagem e tendência. Pra quem está rodando do Brasil, a latência pro DC mais próximo (GRU) faz com que o burst do `PerplexityBot` apareça espremido em menos de um minuto no log: dá pra pegar de olho.

**Vercel.** Projeto → Logs → filtra por `User-Agent contains "Bot"`. No plano Pro, a Vercel guarda 30 dias de log de edge. No Hobby, é menos, e se for pra valer, joga num log drain.

**Netlify / Nginx self-hosted.** Só `grep` no log de acesso:

```bash
grep -E "GPTBot|ClaudeBot|PerplexityBot|OAI-SearchBot|Google-Extended" \
  /var/log/nginx/access.log \
  | awk '{print $14}' \
  | sort | uniq -c | sort -rn
```

Isso te dá contagem por crawler. Troca `$14` por `$7` pra ranking de URL. O número do campo depende do seu formato de log: checa com `awk '{print NF}'` numa linha pra contar.

## O que mudei depois de ver tudo isso

Três mudanças concretas depois da janela de 30 dias:

1. Quebrei meu `robots.txt` pra liberar `OAI-SearchBot` e `Claude-SearchBot` (retrieval, bom pra citação) e mantive `Disallow: /api/` duro pro `GPTBot` (treino, sem upside pra mim nesses endpoints).
2. Coloquei header `Last-Modified` em toda rota de blog, porque crawlers de retrieval usam isso pra decidir frequência de re-fetch e a Vercel não estava mandando por padrão.
3. Comecei a registrar a razão retrieval-to-training toda semana numa planilha. Duas semanas dentro, o único insight útil é que o número está estável, o que pelo menos significa que minha dieta de crawler não está andando pra lá e pra cá.

Eu esperava que os logs confirmassem o que eu já achava sobre LLMO. Em geral não confirmaram. Citação não é o único sinal que vale acompanhar. Quem está puxando suas páginas é uma pergunta separada, e a resposta está em texto puro num log que provavelmente você já tem.

O sistema completo de LLMO — llms.txt, JSON-LD, KPIs de citação, e análise de crawler como o que descrevi aqui — está em **[LLMO Quickstart: Otimização para Busca por IA para Engenheiros](https://kenimoto.dev/pt/books/llmo-quickstart)**. O capítulo de medição cobre o sétimo KPI que esse post não teve espaço pra incluir.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/pt/) · [TabNews](https://www.tabnews.com.br/kenimo49)*

---

# Pedi a 5 IAs que citassem meu próprio blog. 31 artigos publicados, só 3 apareceram.

URL: https://kenimoto.dev/pt/blog/cinco-ias-citaram-meu-blog-tres-de-trinta-e-um/
Lang: pt
Date: 2026-05-26
Description: Apontei ChatGPT, Claude, Gemini, Perplexity e Brave AI para os 31 artigos do meu blog em inglês. Três artigos fizeram o trabalho dos 31.

Escrevo sobre LLMO toda semana. KPI, llms.txt, JSON-LD, a liturgia inteira. E mesmo assim tinha uma coisa que eu nunca tinha feito: pedir para as próprias buscas por IA citarem o meu blog.

Não estou falando de "meu site está indexado", nem de "os crawlers estão batendo no meu domínio". Isso eu já acompanho pelo log do servidor. Estou falando do que o leitor faz de verdade: abre o ChatGPT, digita uma pergunta, e vê se algum artigo meu aparece na resposta.

O blog em inglês tem 31 artigos publicados. Quando apontei cinco IAs para ele, três artigos fizeram o trabalho dos 31. Os outros 28 podiam não existir.


## O setup

Escolhi as cinco IAs que aparecem com frequência no filtro de referral do meu GA4:

1. ChatGPT (com busca na web ativada)
2. Claude (com busca na web ativada)
3. Gemini
4. Perplexity
5. Brave AI

Depois montei 30 prompts divididos em três grupos de dez, porque resposta de LLM é estocástica e rodar um prompt por IA é só achismo:

- **Branded** — `kenimoto.dev about`, `ken imoto LLMO artigos`, `ken imoto Claude Code blog`. Modo fácil. Se o nome do domínio mais o tema do artigo não trazem o site, alguma coisa está quebrada.
- **Topical** — `safe autonomous coding agents`, `llms.txt anti patterns`, `how to measure AI citations`. Modo realista. É o que um estranho digita.
- **Comparativo** — `Claude Code vs ChatGPT Codex agents`, `Perplexity vs Brave for engineers`, `voice AI stacks under 300ms`. Modo vaidade. Tenho artigo em cada um desses, era para competir.

Três execuções por prompt por IA, então 30 × 5 × 3 = 450 turnos. Registrei quando `kenimoto.dev` apareceu como citation chip, link inline, ou no rodapé de fontes. Menção sem link não conta. O placar do LLMO só credita o que o leitor consegue clicar.

Essa última regra parece pequena mas pesa. Boa parte das comemorações de "a IA está falando de mim!" no Twitter é gente capturando o nome da marca aparecendo no texto. Aquilo é cortesia, não citação. Citação move tráfego. Menção move ego.

## O resultado

Dos 31 artigos, exatamente três apareceram como citação nas cinco IAs:

- `measure-ai-citations-llmo-kpi`
- `11-json-ld-3-cited-by-ai`
- `geo-princeton-study-9-ways-ai-cites-you`

Citation breadth de 9,7%, menos de um em cada dez artigos. Os 28 restantes ou não apareceram, ou apareceram uma única vez no meio dos 450 turnos sem se repetir. Pela regra dos "três turnos" do LLMO Quickstart, uma aparição solitária não vale ponto.

Por IA o resultado é ainda mais torto. Perplexity e ChatGPT trouxeram os três. Claude trouxe dois (errou o post do estudo de Princeton e mandou direto o paper original, o que tecnicamente é a jogada certa). Gemini citou só o post de JSON-LD, e nos outros casos preferiu mandar o leitor para as fontes originais que o meu artigo estava citando. Brave AI citou zero. Descrevia o tema corretamente e despachava o leitor para um concorrente.

Na minha cabeça, o blog era um corpus de 31 peças. Para as IAs, era um corpus de 3 peças com 28 peças de ruído de fundo.

## O que os três vencedores têm em comum

Reli os três imãs de citação ao lado de cinco dos 28 fantasmas. O padrão não é nada sutil.

**Têm número no título.** "9 ways", "11 JSON-LD schemas, 3 cited", "measure". Todos os vencedores. Os perdedores tendem para títulos evocativos (`cheap-model-won-context-beats-parameters`, `claude-hid-my-bug-three-times`) que ficam bem para humanos mas não têm contagem que uma engine de resposta consiga agarrar.

**São o hub temático de uma pergunta específica.** "Como medir citações de IA" mapeia direto para um post. "Quais JSON-LD schemas realmente são citados" também. Os fantasmas tendem a ser relatos de experiência (tipo "tentei X por um mês e isso quebrou") que são ótimos para humano, mas nenhuma IA vai responder uma prompt do tipo "me conta sobre o mês do ken imoto refatorando 100 funções".

**Foram publicados há mais de 30 dias.** Os três têm pelo menos seis semanas de idade. Metade dos 28 fantasmas é mais nova. O lag de indexação de IA é real, e o LLMO Quickstart não está brincando quando diz que a taxa de citação precisa de pelo menos um mês de descanso antes de ser lida.

A contagem de JSON-LD, por sinal, é a mesma nos 31 artigos: eu uso o mesmo layout Astro em tudo. Então o que está acontecendo não é "o vencedor tem schema melhor". É o título, a gravidade da pergunta, e o tempo.

## O que os 28 fantasmas têm em comum

A notícia chata primeiro. A maior parte dos fantasmas cai em um destes três problemas:

- O título faz uma afirmação que não existe em nenhum outro lugar da web, então a engine não tem âncora. "The cheap model won" é uma frase boa, mas nenhum humano digita aquilo como query.
- O tema é tão de nicho que nenhum prompt genérico chega lá. Um post sobre latência em voice AI vai perder para o blog da AssemblyAI sempre. Hub temático ganha de profundidade indie.
- O post é decente mas foi publicado contra uma parede de conteúdo concorrente. Meu "Claude refactor 100 functions" é razoável, mas pesquise "Claude refactor regression" e a resposta vai voltar do blog da Anthropic da semana passada.

A notícia interessante é o que *não* importa. Tamanho não importa — tenho post de 800 palavras citado e post de 3 mil palavras ignorado. Backlink não importa na minha escala — os artigos com mais backlink não são os três citados. Cross-post no Dev.to também não muda o jogo de citação por IA, só puxa tráfego direto.

## O que estou mudando

Três semanas olhando para esses dados e as ações que sobraram são menores do que eu esperava.

Não vou perseguir o sonho de "transformar todo post em imã de citação". Os 28 ruídos de fundo são carregadores de peso para *humanos*: é assim que o leitor recorrente constrói o modelo de quem eu sou. Se eu apagar a marca pessoal de todo post, deixa de ser blog.

O que mudei foi a etapa de planejamento. Antes de rascunhar um post, agora passo o título por um teste rápido: "alguma prompt de IA rotearia para isso?". Se a resposta é não, ou (a) reformulo com número ou pergunta que mapeia para um comportamento de busca, ou (b) aceito que é post só para humano e desligo a expectativa de tráfego por IA. Esperar não funcionou.

Também estou montando uma página hub em `kenimoto.dev` para cada um dos três temas vencedores. O raciocínio vem dos pilares Authority Signals e Coherence Signals do [LLMO Framework](https://llmoframework.com/) — se você quer que uma citação componha juros, a URL citada precisa ficar no topo de um pequeno cluster de conteúdo, não solta no meio de um mar de ensaios sem relação. O pilar Citability é o que pega a primeira citação. Authority é o que mantém a citação consistente entre engines diferentes.

## Conclusão mais ampla

Quem escreve sobre LLMO, rode esse experimento em si mesmo essa semana. Leva uma noite. O resultado vai ser mais útil que os próximos três posts de log de crawler que você vai ler.

A maior parte do debate sobre LLMO é gente checando se *o site dos outros* é citado: auditoria de JSON-LD, auditoria de llms.txt, segmento no GA4. Isso é ótimo para benchmark de estranho. Não te diz se o seu próprio corpus aparece.

O que eu subestimei foi o quanto a citação se concentra. Esperava breadth de 5 a 10% e ficou em 9,7%, então o número estava certo. A surpresa foi que os três citados estavam carregando todas as engines, todos os baldes de prompt, todas as repetições. LLMO é um torneio. Você não está otimizando 31 posts. Está otimizando para quais 2 ou 3 ganham a chave.

A outra coisa que subestimei foi o quanto o perfil de "vencedor" já fica definido na etapa do título. Quando você está ajustando JSON-LD no post publicado, o roteamento já aconteceu. A prompt pousa em você ou não pousa, e o pouso é decidido em grande parte por se o título parece uma resposta.

Vou rodar de novo daqui a 60 dias com as mesmas 30 prompts e ver se os três citados mudam, ou se entra um quarto. Meu chute é que os três são pegajosos, e o quarto só entra se eu escrever um post novo desenhado especificamente para ganhar uma query que hoje eu não cubro.

Veremos. O lado bom de transformar o próprio blog em alvo de medição é que o próximo post vira o próximo experimento.

A engenharia por trás do "ser citado por IA" (llms.txt, JSON-LD, estratégia de robots.txt, design de conteúdo, KPIs de citação) está em **[LLMO Quickstart: Otimização para Busca por IA para Engenheiros](https://kenimoto.dev/pt/books/llmo-quickstart)**. É o que tornaria 3 de 31 em 10 de 31, ou mais.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/pt/) · [TabNews](https://www.tabnews.com.br/kenimo49)*

---

# Testei 5 stacks de Voice AI. Apenas 2 ficaram abaixo de 300ms.

URL: https://kenimoto.dev/pt/blog/cinco-stacks-voice-ai-apenas-dois-abaixo-300ms/
Lang: pt
Date: 2026-05-13
Description: Li mil vezes que agentes de voz com IA respondem em menos de 300ms. Medi 5 stacks na mesma conversa de 1 minuto e 3 deles nem chegaram perto. A tabela real de P95 latency em maio de 2026.

Li mil vezes que agentes de voz com IA respondem em menos de 300ms. AssemblyAI fala isso, Vapi fala isso, todo post de lançamento de Realtime API fala isso. Então eu montei cinco stacks, coloquei um cronômetro em cada pipeline e rodei a mesma conversa de 1 minuto em todos.

Três dos cinco nem chegaram perto do limite.

Os outros dois eram justamente os que eu, em silêncio, estava achando que eram "número de marketing". Acontece que o marketing tava certo e a culpa era do meu pipeline costurado à mão.


## Os três paredões que ninguém coloca no slide

Antes dos números, o modelo de percepção. Latência de voz não degrada suavemente. Ela cai em paredões. AssemblyAI, Vapi e Retell convergem todos para mais ou menos os mesmos três limites, e depois de uma semana de teste com usuário eu acredito neles.

| Latência | O que o usuário faz |
|---|---|
| 0-300ms | Conversa normalmente, não pensa na IA |
| 300-500ms | Sente uma pausa, tolera |
| 500-800ms | Atropela a IA falando ("você tá me ouvindo?") |
| 800-1500ms | Repete a pergunta |
| 1500ms+ | Trata a chamada como ligação internacional, desiste |

300ms é o primeiro paredão. Acima dele, o usuário começa a perceber que tem máquina do outro lado. Acima de 500ms, ele briga com o turn-taking e o seu STT fica resetando porque o usuário fala em cima. Aos 800ms, metade dos meus testadores falou "alô? alô?". Aquele som universal de "isso aqui tá ligado?". Não tive semana mais humilhante de code review do que assistir a playback disso.

## Para onde vai o orçamento de 300ms

Se você quer entender por que três stacks meus quebraram, olha a matemática do orçamento. Um pipeline em cascata precisa encaixar quatro coisas em série dentro de 300ms.

- **STT** (speech-to-text): 80-300ms dependendo do modelo e do VAD
- **LLM TTFT** (tempo até o primeiro token): 100-500ms dependendo do tamanho do modelo, do contexto e do cold start
- **TTS TTFB** (primeiro byte de áudio): 75-300ms dependendo do vocoder
- **Round-trip de rede**: 50-200ms, limitado pela velocidade da luz e pela escolha de região

Soma o número mais rápido de cada linha e dá 305ms. Soma o número típico e passa de 1 segundo. O livro de onde esse benchmark saiu chama isso de "anatomia da latência", e a piada é que cascata é matematicamente alérgica a 300ms, a não ser que cada componente esteja literalmente do lado do outro.

Os modelos voice-to-voice end-to-end driblam essa regra colapsando STT + LLM + TTS em um único forward pass sobre um stream de tokens de áudio. Não tem segundo hop. Não tem warmup do TTS. Não tem hand-off entre serviços. É isso, e é também por isso que os dois stacks que ganharam foram os dois stacks onde eu escrevi menos código.

## Os cinco stacks

Eu queria comparação de verdade, não um post tipo "olha o meu vendor favorito". Mesmo script de atendimento de 1 minuto. Mesmo ingress WebRTC (Daily.co para tudo, menos OpenAI Realtime, que usa o endpoint próprio). Mesmo prompt. Mesma máquina cliente, US-East. Dez turnos por stack, 50 medições por stack. Reporto P50, P95 e P99 porque média mente de um jeito que o usuário de voz sente fisicamente.

**Stack 1 — OpenAI Realtime API.** `gpt-4o-realtime` no endpoint WebRTC oficial. Voz entra, voz sai, zero código de cola.

**Stack 2 — Cascata Deepgram + Claude + ElevenLabs.** Deepgram Nova-3 no STT, Claude Sonnet 4.6 como cérebro, ElevenLabs Turbo v2.5 no TTS. A cascata "melhor de cada categoria" que você desenha no quadro branco.

**Stack 3 — Edge local (Whisper + Llama + Coqui).** Whisper Large v3 Turbo, Llama 3.3 70B rodando local em uma H100, Coqui XTTS no TTS. Round-trip de rede: 0ms. A resposta de "privacidade e soberania" que o pessoal do TabNews ama.

**Stack 4 — LiveKit Agents + Gemini 2.0 Flash Live.** Framework de agents do LiveKit como plano de mídia, native-audio Gemini Live como cérebro. Também voice-to-voice end-to-end, mas em SDK diferente.

**Stack 5 — Pipecat + Claude + Cartesia.** Pipecat orquestrando, Claude Sonnet 4.6 no LLM, Cartesia Sonic no TTS. Cascata mais opinativa, com TTS mais rápido que ElevenLabs.

## Os resultados

| Stack | P50 | P95 | P99 | Abaixo de 300ms? |
|---|---|---|---|---|
| 1. OpenAI Realtime (voice-to-voice) | 232ms | 281ms | 320ms | ✅ |
| 2. Deepgram + Claude + ElevenLabs | 480ms | 624ms | 780ms | ❌ |
| 3. Whisper + Llama 70B + Coqui (local) | 870ms | 980ms | 1.210ms | ❌ |
| 4. LiveKit + Gemini Live (voice-to-voice) | 250ms | 295ms | 360ms | ✅ |
| 5. Pipecat + Claude + Cartesia | 410ms | 540ms | 670ms | ❌ |

Stack 1 e Stack 4 são os únicos abaixo de 300ms em P95. Ambos são voice-to-voice. Ambos entregam um único forward pass em vez de uma corrida de revezamento. Stack 5 mostra como é uma cascata bem cuidada (o TTS da Cartesia é genuinamente rápido — 90ms TTFB) e mesmo assim não vence o paredão, porque LLM TTFT mais os hops entre serviços comem o orçamento.

Stack 3 é o doloroso. Eu tinha esperança de que local pelo menos ganhasse da cascata pela ausência de rede. Ganha, às vezes. Mas Llama 3.3 70B não é pequeno, e "sem rede" não te salva quando o LLM TTFT sozinho dá 600ms em GPU comum. O capítulo de edge AI do livro é honesto sobre isso: o ganho realista de edge hoje é com **modelos menores** (classe Qwen2.5 1.5B), não com 70B local. 70B local é o pior dos dois mundos: você paga pela GPU e ainda não passa do paredão.

## No contexto brasileiro

Quem está construindo voz com IA no Brasil em 2026 esbarra em mais um problema antes mesmo de chegar nesses 300ms: latência de região. A maior parte dos endpoints de Realtime API vive em US-East ou EU-West. O round-trip de São Paulo até US-East-1 fica entre 110 e 140ms em condição decente, e isso já consome metade do seu orçamento antes do modelo ler o primeiro frame.

Empresas como Hotmart, RD Station e Stone investiram em voz com IA principalmente para SAC, IVR e onboarding por WhatsApp. O orçamento real de latência para essas equipes não é 300ms cloud puro, é mais perto de 450-600ms, e o caminho prático costuma ser: STT regional (Azure Speech pt-BR em São Paulo, Google Speech-to-Text pt-BR), LLM em US-East, TTS regional. Você não vai chegar abaixo de 300ms em maio de 2026 sem uma região local de Realtime API, então projete a UX para 500ms com filler estratégico em vez de prometer 300ms e decepcionar.

Custo: rodar Stack 2 24/7 com tráfego médio dá uns US$ 350-500/mês (R$ 1.750 a R$ 2.500 com câmbio de hoje). Stack 1 sai mais caro por minuto, mas elimina três contratos com vendors e tira o pipeline da sua mão. Pra equipe pequena, costuma ser melhor negócio do que parece.

## Por que voice-to-voice ganha (hoje)

Três motivos, em ordem decrescente de o quanto eu fiquei chocado:

**Um — não tem empilhamento de TTFT-depois-TTFB.** Em cascata, você espera o primeiro token do LLM e só aí dispara o TTS, que tem o próprio first-byte. Voice-to-voice emite token de áudio direto. Sem segundo warmup.

**Dois — sem serialização de hand-off.** Deepgram → Claude → ElevenLabs são três endpoints diferentes. Mesmo que cada um seja rápido, você paga TLS, connection pool e buffer de frame três vezes. Pipecat ajuda, mas não apaga.

**Três — turn-taking VAD-aware.** Os modelos voice-to-voice fazem detecção de endpoint diretamente no stream de áudio. Cascatas precisam esperar um sinal de VAD para fechar a saída do STT antes de enviar. Esse delay de fechamento é invisível em benchmark que começa a contar a partir de "usuário parou de falar", mas o usuário não sabe quando "oficialmente" parou. Ele sente como silêncio.

O jeito mais barato de bater 300ms em maio de 2026 é não escrever o pipeline. A maior parte da minha latência era código meu.

## Quando edge AI vai alcançar

Edge é a resposta certa para o formato certo de problema: privacidade local-only, totem sem rede, robótica offline. Não é, hoje, a resposta para "quero um agente cloud abaixo de 300ms". Whisper v3 Turbo bate Real-Time Factor acima de 1000x e modelos classe 1.5B retornam o primeiro token em 200ms no CPU. Essa combinação — modelo pequeno, STT rápido, TTS local — fecha em 300-350ms. O caminho de 70B-no-H100 que testei no Stack 3 não fecha.

O outro caminho é híbrido: STT no edge, LLM e TTS na cloud. Você pula o round-trip de rede no passo síncrono mais longo (capturar áudio) e mantém qualidade de cloud no cérebro. O livro organiza isso em uma matriz de decisão e bate com o que eu medi: 350-500ms é realista; cascata cloud abaixo de 300ms não é.

Pra quem quer aprofundar no lado da percepção — como fazer um agente de 500ms **parecer** de 300ms — escrevi um companheiro sobre [perception hacks de voice AI](https://dev.to/kenimo49/voice-perception-hacks-i-kept-the-pipeline-at-540ms-and-users-still-said-instant-3oki) lá no Dev.to. Filler, micro-confirmações e playback progressivo de token compram um paredão inteiro de velocidade percebida. Não movem o paredão de verdade.

## O que eu construiria hoje

Maio de 2026, começando do zero:

- **Produto consumer novo** — OpenAI Realtime ou Gemini Live, direto. Para antes do que você acha que precisa e lança
- **Tem que ter Claude no loop** — Pipecat + Claude + Cartesia. Você vai viver em P95 de 500-600ms. Desenha filler agora, não depois
- **Requisito de privacidade ou air-gap** — Whisper Turbo + Qwen2.5 1.5B + TTS local. Mira em 350ms TTFB. Esquece 70B local até a próxima geração de GPU
- **Telefonia corporativa (Brasil)** — Híbrido: STT regional, cérebro voice-to-voice na cloud. O codec PSTN já mata sua vantagem de latência, então otimiza qualidade de turn-taking em vez de número absoluto

O erro mais profundo que cometi foi achar que "300ms" é propriedade do **modelo** que escolhi. É propriedade da **arquitetura** que escolhi. O modelo só decide o quão confortável aquela arquitetura é.

A arquitetura completa de latência (turn-taking de 200ms, por que 300ms quebra a UX, Pipecat / LiveKit / Deepgram, quebrando a barreira dos 525ms) está em **[The 300ms Threshold — Why Talking to AI Feels Wrong](https://kenimoto.dev/books/voice-ai-300ms-ux)** (em inglês — a versão PT-BR está em planejamento).

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/pt/) · [TabNews](https://www.tabnews.com.br/kenimo49)*

---

# Pluguei o Claude num MCP de Chaos. Matou staging 4 vezes pra achar um bug que ignorávamos há 6 meses.

URL: https://kenimoto.dev/pt/blog/claude-chaos-engineering-mcp-matou-staging-4-vezes/
Lang: pt
Date: 2026-05-16
Description: A Steadybit lançou em meados de 2025 o que é descrito como o primeiro MCP server de Chaos Engineering. Pluguei o Claude Code e pedi numa frase só: desenha experimentos pra testar a resiliência do payment-service sob pressão de connection pool. O Claude propôs 4. Três voltaram verdes. O quarto derrubou o staging inteiro e expôs um bug real de produção que tava lá há meio ano. Hoje conto a corrida, o bug, e os 3 guardrails que agora exijo antes de deixar qualquer IA desenhar experimento de chaos.

A Steadybit lançou em meados de 2025 o que é descrito como o primeiro MCP server de Chaos Engineering do mercado. Pluguei o Claude Code nele e pedi, numa frase só, pra desenhar experimentos de resiliência do `payment-service` sob pressão de connection pool. O Claude propôs quatro. Três voltaram verdes, sem violar SLO. O quarto derrubou o staging inteiro. Quando fui rastrear, não era bug fabricado por teste. Era um padrão real de produção que aparecia nos logs há 6 meses, que ninguém tinha conseguido reproduzir: esgotamento de pool → tempestade de retry → rate limiter dando self-DoS.

Aviso curto antes de seguir: todo experimento rodou em staging, com cadeado duplo (`## Chaos Rules` no CLAUDE.md proibindo alvos de produção + hook `PreToolUse` com `exit 2` em `--env=production`). Mostro os dois no final.

Hoje conto a corrida, o bug e os 3 guardrails que agora exijo antes de qualquer IA desenhar experimento de chaos.


## Como pluguei o Claude no Steadybit MCP, em um parágrafo

A Steadybit anunciou em 18 de junho de 2025 o que descreve como o primeiro MCP server pra Chaos Engineering ([Steadybit news](https://steadybit.com/news/steadybit-launches-the-first-mcp-server-for-chaos-engineering-bringing-experiment-insights-to-llm-workflows/) / [BusinessWire 2025-06-30](https://www.businesswire.com/news/home/20250630606346/en/Steadybit-Launches-the-First-MCP-Server-for-Chaos-Engineering-Bringing-Experiment-Insights-to-LLM-Workflows)). MCP é o Model Context Protocol aberto que a Anthropic publicou no fim de 2024: uma forma padronizada de um cliente LLM (Claude, Gemini, ChatGPT) chamar uma ferramenta externa com tipos estruturados em vez de raspar texto. O MCP server da Steadybit expõe o catálogo de experimentos, resultados passados, post-mortems, e uma ferramenta de "desenhar novo experimento". Você pluga Claude Code ou Claude Desktop, aponta os dois pro mesmo contexto Kubernetes de staging, e escreve `"desenha um experimento de stress de connection pool pro payment-service"` no terminal. Volta uma spec parametrizada, pronta pra aprovar.

Setup é encanamento. A pergunta interessante é o que sai do outro lado depois que você abre a torneira.

## AI-driven chaos em 2026: os 4 players que comparei

Antes de soltar a corrida, queria saber o que mais existia no mercado. Hoje existem 4 players que importam, e cada um puxa uma alavanca diferente.


**Krkn-AI** é o framework open-source que Red Hat e IBM Research desenvolvem em conjunto. A ideia é colocar um algoritmo genético no comando da busca: gera parâmetros de experimento, avalia cada um contra os seus SLOs (latência, taxa de erro, disponibilidade), pontua, evolui as melhores combinações, repete. O alvo são os experimentos "que mal violam": aqueles que derrubam um SLO de 99,9% pra 99,85%, não os que quebram tudo de cara. São esses os bugs perigosos, difíceis de reproduzir. O writeup da Red Hat tá em [Red Hat Developer](https://developers.redhat.com/articles/2025/10/21/krkn-ai-feedback-driven-approach-chaos-engineering), e o código é [krkn-chaos/krkn-ai](https://github.com/krkn-chaos/krkn-ai).

**Harness AI** lançou recursos de chaos engineering com GenAI em janeiro de 2025 e depois adicionou [ferramentas MCP](https://developer.harness.io/docs/chaos-engineering/guides/ai/mcp/) que funcionam com Claude Desktop, Windsurf, Cursor e VS Code. A proposta é "descreve o que quer em português, recebe um experimento parametrizado, roda do chat". Se você já mora no ecossistema Harness, é o caminho com a curva de aprendizado mais baixa.

**Steadybit** foi o que usei aqui, a primeira a lançar um MCP server dedicado pra chaos, em junho de 2025. O diferencial é o acesso ao histórico de experimentos: o LLM não só desenha experimento novo, ele lê seus runs passados e post-mortems, e fundamenta as sugestões na sua história específica de incidente.

**Dynatrace** joga ao contrário. O motor de IA aprende o comportamento normal do sistema e prediz quando um padrão atual lembra a véspera de algum incidente passado. Em vez de você propor uma hipótese pra testar, a plataforma te diz qual subsistema merece atenção de chaos a seguir.

Se você roda um experimento por trimestre, o ângulo de predição do Dynatrace é exagero. Se você tem time de pesquisa e Kubernetes, o algoritmo genético do Krkn-AI é o mais fundo. Se você já está em Harness ou Steadybit, o MCP tira o imposto do dashboard. Os 4 não competem de verdade: empilham em camadas.

## Os 4 experimentos que o Claude propôs

Voltando à corrida real. O prompt foi uma frase. A resposta foi uma lista numerada com 4 experimentos, cada um com serviço-alvo, tipo de falha, magnitude, duração, SLO de rollback e blast radius. Vou parafrasear em vez de colar literal, porque a spec real era YAML e a estrutura legível pelo LLM não é a parte interessante. O desenho do experimento é.

**Experimento 1: pool a 30% menor, 3 minutos, um pod.** Corta o max da connection pool de 100 pra 70 numa réplica só. SLO gate: taxa de erro abaixo de 1%. Resultado: verde. Latência subiu uns 12%, mas erro ficou em 0,2%, bem dentro do limite. As outras réplicas absorveram tráfego. É o experimento que um SRE humano propõe primeiro.

**Experimento 2: pool 50% menor com retries default, 3 minutos, dois pods.** Mesma falha, magnitude mais funda, duas réplicas em vez de uma, com retry-on-failure da biblioteca-cliente ligado. SLO gate: erro abaixo de 1%, p99 abaixo de 800 ms. Resultado: verde de novo. Latência foi pra ~640 ms p99, erro 0,4%. Dentro do limite. A camada de retry absorveu a pressão do pool.

**Experimento 3: pool 70% menor com timeout encurtado, 3 minutos, dois pods.** Agora o timeout caiu de 5 s pra 1,5 s enquanto a pool foi pra 30. Hipótese: sob pressão alta, timeout curto ajuda liberando conexão mais rápido, ou atrapalha cortando requisição no meio do trabalho? Resultado: ainda verde, surpreendentemente. Erro 0,7%, p99 caiu pra ~520 ms porque chamadas lentas eram cortadas cedo. Quase parei aqui. Três verdes em sequência davam cara de prova de resiliência.

**Experimento 4: pool 90% menor com retry sem limite, 5 minutos, três pods.** Esse foi. Pool pra 10 conexões por pod, orçamento de retry praticamente infinito (default desse cliente, que não tinha sido sobrescrito no config), três réplicas atingidas ao mesmo tempo. SLO gate: erro abaixo de 1%. Resultado: não verde. Nos primeiros 90 segundos, taxa de erro saiu de 0,5% pra 23% em linha vertical, p99 saiu de 200 ms pra 14 segundos, e o staging ficou inalcançável do gateway upstream. A Steadybit fez auto-rollback na violação de 1% do SLO, mas a essa altura o estrago já era um serviço completamente travado.

Os três primeiros verdes não eram prova de resiliência. Eram prova de que o blast radius era pequeno o bastante pra ser absorvido. No quarto, alarguei o raio só um pouco além do que o sistema absorvia, e a patologia que tava dormindo embaixo veio à tona.

> Escrevi no Slack que o incidente em staging era "planejado". O on-call não riu. Apontou que o canal de post-mortem ainda tava com o pin do incidente do trimestre passado. Deixei ele atualizar o pin com o de hoje.

## O bug que a gente tinha ignorado por 6 meses

Eu esperava que o problema do staging fosse uma esquisitice de staging: env var diferente, sidecar estranho, timing que não reproduz em prod. Rastrei mesmo assim. A cadeia tinha 3 peças, cada uma sozinha documentada e tranquila, e composta virou doença.

**Peça 1: esgotamento do connection pool.** Pool no máximo em 10, três pods sob tráfego normal. Toda requisição que precisava de conexão nova esperava ou falhava. Padrão. Sem surpresa.

**Peça 2: retries sem limite no serviço que chamava.** O serviço upstream que chamava o `payment-service` tinha retry ligado, com limite só por tempo-por-tentativa, não por número de tentativas. Quando o `payment-service` começou a devolver erro de pool exaurido, o caller fez retry. Cada retry abria uma conexão TCP nova, que entrava na fila do pool, que dava timeout, que disparava outro retry. Três retries viraram nove, viraram 27. Em segundos, a concorrência de saída do caller tava uma ordem de magnitude acima da linha de base.

**Peça 3: o rate limiter do próprio caller.** Essa peça custou meia hora pra eu enxergar. O caller tinha um rate limiter de auto-proteção na rota **outbound**: "não deixa esse serviço fazer mais de N requisições por segundo pra nenhum downstream". Em operação normal, N nunca chegava perto. Na tempestade de retry, o caller passou do próprio rate limiter de saída e começou a rejeitar os próprios retries. A aplicação interpretou a rejeição como falha de downstream e fez ainda mais retry. O caller tava se DoSando, usando o próprio rate limiter como arma. O `payment-service` downstream não recuperava, porque tráfego novo não conseguia atravessar o self-DoS do caller pra avisar que o pool já tava livre.

Voltei nos logs de produção dos últimos 6 meses procurando a assinatura de "rate limiter rejeitando retry no outbound" desse serviço. Achei 11 eventos. Cada um durava de 4 a 90 segundos, cada um se auto-resolvia antes que alguém terminasse de abrir o Grafana, e cada um caía no balde de "transiente, não acionável". É exatamente o padrão que a fitness function do Krkn-AI tenta caçar: falha que mora logo depois da fronteira do SLO, curta o bastante pra humano desistir, real o bastante pra importar.

A correção não foi glamourosa. Limitamos os retries em 2 com jitter, mudamos o rate limiter de saída pra se comportar como circuit breaker em vez de rejeição dura, e adicionamos uma métrica pra essa sequência específica (pool-exhaust → spike de retry → rejeição-outbound-no-retry) pra que a próxima vez acorde alguém em vez de se curar invisível.

## Os 3 guardrails que agora exijo

Sou a pessoa que ano passado escreveu um post sobre [deixar o Claude solto por 24 horas](https://kenimoto.dev/pt/blog/agente-ia-24-horas-incidentes-seguranca). Não sou anti-autonomia. Mesmo assim, "IA desenha chaos" sem guardrail foi o jeito mais rápido que já encontrei de matar staging. Três coisas entram em todo projeto antes do MCP server chegar perto de qualquer ambiente real.

**Guardrail 1: CLAUDE.md fica com a política.** Bloco curto, menos de 20 linhas, que nomeia as proibições e os SLO gates.

```markdown
## Chaos Rules

- Experimentos de chaos rodam só em staging. Produção é proibida como alvo,
  incluindo qualquer cluster, namespace ou serviço marcado production=true.
- Todo experimento declara SLO gate (taxa de erro, latência, disponibilidade)
  que faz auto-rollback se violado.
- Blast radius é escalado: começa em 10% dos pods, sobe pra 25%, depois 50%.
  Pular um estágio exige aprovação humana no prompt.
- Três experimentos verdes em sequência não declaram resiliência. Proponha
  blast radius maior ou tipo de falha novo antes de parar.

## Chaos Workflow

1. Confirmar que o ambiente alvo é staging. Recusar caso contrário.
2. Propor experimento com SLO gate, blast radius e rollback declarados.
3. Esperar aprovação humana no prompt antes de chamar a tool de run do MCP.
4. Streamar métricas durante a corrida. Em violação de SLO, chamar rollback.
5. Depois da corrida, escrever um post-mortem de um parágrafo com o resultado.
```

A parte difícil do CLAUDE.md é manter ele curto o suficiente pra carregar em contexto todo turno. A diretriz da Anthropic é ficar abaixo de mais ou menos 100-150 linhas. Gastar 16 dessas linhas em regras de chaos é um bom negócio pra não matar o staging no primeiro dia.

**Guardrail 2: hooks `PreToolUse` forçam a política.** CLAUDE.md é o cérebro. Hooks são o reflexo. O cérebro pode ser ignorado sob carga. O reflexo não.

```json
{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "mcp__steadybit__run_experiment",
        "hooks": [
          {
            "type": "command",
            "command": "node ~/.claude/hooks/block-prod-chaos.js"
          }
        ]
      }
    ]
  }
}
```

O script de bloqueio inspeciona a spec do experimento atrás de qualquer marcador de produção. Se `env: production`, `cluster: prod` ou `namespace: prod-*` aparecer em qualquer lugar do payload, ele escreve o motivo no stderr e dá `exit 2` pra barrar a chamada. Esse trecho me salvou pelo menos uma vez. O LLM, no meio da conversa, sugeriu prestativamente promover um experimento "só pra confirmar em prod". O hook disse não antes do MCP server ver.

O mesmo hook ainda confere se o SLO gate foi declarado com valor numérico e se o estágio do blast radius é igual ao estágio anterior +1. Spec só com número mágico? Bloqueado. Pular o estágio 2 do blast radius? Bloqueado. O reflexo tem o mesmo formato da regra.

**Guardrail 3: o próprio MCP server fica com o cadeado de SLO.** A terceira camada é do lado da plataforma. Na Steadybit (e da mesma forma no Harness, no Krkn e companhia), a configuração do experimento recebe um predicado `rollback_on` que a própria plataforma avalia em tempo real nas métricas. Se a taxa de erro passar de 1% por 30 segundos, a plataforma para o experimento independente do que o LLM ou o hook local fizerem. É a única das três camadas que sobrevive caso o LLM e o agente local estejam comprometidos ao mesmo tempo. Também é a que mais time esquece, porque exige opinião sobre seus SLOs que ninguém quer digitar em YAML. Digite mesmo assim.

Um teste útil: pega alguém aleatório do time, entrega o CLAUDE.md e o arquivo de hooks, e pergunta "com má-fé, daria pra você desenhar um experimento que bate em prod?". Se a resposta for "dá, editando o CLAUDE.md", o cadeado do SLO da plataforma é quem pega. Se a resposta for "dá, removendo o hook", o cadeado do SLO da plataforma é quem pega. As três camadas não são redundantes: falham de jeitos diferentes.

A separação em três papéis que descrevi num post anterior ([observer, strategist, marketer](https://kenimoto.dev/pt/blog/tres-papeis-observer-strategist-marketer-separacao)) mapeia direto pra chaos: o CLAUDE.md é o strategist (define política), os hooks são o observer (pegam o que acontece), o MCP server é o executor sob os dois. Manter as camadas separadas é o que impede o agente de IA de virar os três sem querer.

## Chaos Engineering 2.0: as 4 correntes que convergem

Puxando a câmera pra trás, tem um paper de review de 2024 chamado *Chaos Engineering 2.0: A Review of AI-Driven, Policy-Guided Resilience for Multi-Cloud Systems* ([página do journal](https://journals.stecab.com/jcsp/article/view/846)) que defende três pilares pra stack moderna: planejadores com IA que desenham experimentos, injeção em nível de service mesh que não exige mudar código de aplicação, e guardrails de política que forçam disciplina de blast radius e SLO. O mesmo paper anota que 89% das organizações pesquisadas hoje rodam multi-cloud, que é o ambiente onde esses modos de falha (drift de DNS entre clouds, ciclo de vida de token IAM diferente, rate limiter local de região) moram de verdade.

Mais recente, o paper arxiv [ChaosEater (2025)](https://arxiv.org/abs/2511.07865) dá o próximo passo: ciclo de chaos completamente orquestrado por LLM, onde o modelo assume desenho, execução e análise dos experimentos sob guardrails de política. É a mesma direção que os quatro produtos acima estão andando, vista do lado da pesquisa.

Quatro correntes convergem (chaos engineering, observabilidade, IA / LLMs, plataforma), e isso não é slide de marketing. É o workflow real que o meu acidente de staging tava dentro. O chaos engineering forneceu o experimento. A observabilidade forneceu o stream de métrica que pegou a violação de SLO em 90 segundos. O LLM forneceu o desenho do experimento e, depois, ajudou a ler a cadeia de log que prendeu o bug de produção. A engenharia de plataforma (Steadybit + hooks + CLAUDE.md) manteve o blast radius fora da produção.

Tira qualquer uma das quatro e a história termina diferente. Sem LLM, ninguém do time teria proposto o experimento 4. Parecia obviamente irresponsável. Sem observabilidade, a violação demora minutos pra ser notada. Sem guardrail de política, "vamos confirmar em prod" acontece de verdade. Sem chaos como prática deliberada, o bug fica invisível mais 6 meses.

## R$ por um dia

Pra dar concretude: staging fora do ar por umas 2 horas (incluindo investigação inicial e o post-mortem rápido) custou uns 5 engenheiros de plantão × 2h × ~R$ 100/h ≈ R$ 1.000 de tempo direto, mais o gap de outras prioridades. Aceitável. Se essa mesma cadeia tivesse acordado em produção primeiro (pool exaurido em pico, retry storm rodando em todo cliente, rate limiter dando self-DoS), era violação de SLA com cliente PIX + perda de receita de pagamentos por minuto. Pra um payment-service de fintech / e-commerce do tamanho médio, esse minuto custa por aí dos R$ 100.000 de impacto total, considerando reembolsos, ressarcimento e o cabo de comunicação com clientes que ninguém quer pegar de novo. O chaos pago R$ 1.000 pra descobrir o que evitou um incidente de R$ 100.000. É o trade que justifica.

## O que eu diria pra quem vai tentar isso semana que vem

Se você quer tentar a mesma coisa sem derrubar o próprio staging às 23h, vai aqui o que eu faria diferente com retrovisor.

Comece só com o experimento 1, em um único namespace, com o blast radius travado em 10% dos pods. Trate o primeiro verde como sinal de alargar o blast radius, não de declarar vitória. O experimento interessante é o que vem logo depois do ponto onde o sistema consegue absorver.

Escreve o CLAUDE.md e os hooks **antes** de plugar o MCP server. Não depois, não em paralelo, antes. A tentação quando você ganha brinquedo novo é brincar por uma hora e adicionar guardrail depois. Essa hora é quando o staging morre. Também é a hora em que você tem menos paciência pra escrever regra.

Mantém os prompts pós-corrida curtos. "Resume o que falhou, qual SLO violou, e a causa raiz mais provável" já dá. Prompt longo depois de violação de SLO puxa o LLM pra modo narrativa, que é o modo errado. Você quer o LLM em modo evidência, não em modo história.

Leva o hábito de post-mortem do chaos pro AI-coding em geral. Esse post existe porque eu tinha uma página de notas do incidente de 90 segundos, no mesmo formato dos nossos docs de incidente normais. Sem essa página, eu tava escrevendo um post de vibe. Com ela, eu tenho um parágrafo por peça de evidência e uma correção que entrou em prod na mesma semana.

A IA desenha chaos mais rápido que qualquer SRE com quem já trabalhei. Sem os três guardrails, mata staging mais rápido também. Coloca os três, e você ganha a versão em que o LLM acha o bug que você tava perdendo há meio ano, e o on-call do final de semana fica com o final de semana.

O panorama completo (Krkn-AI / Harness / Steadybit / Dynatrace, Chaos Engineering 2.0, e como rodar chaos em produção sem virar manchete) virou um livro de 14 capítulos: **[Chaos Engineering: Guia Prático para Sistemas Distribuídos Modernos](https://kenimoto.dev/pt/books/chaos-engineering-guide)** (atualmente em desenvolvimento).

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/pt/) · [TabNews](https://www.tabnews.com.br/kenimo49)*

---

# Peguei o Claude escondendo meu bug 3 vezes seguidas. Aí virei 10 hábitos de debug em prompts.

URL: https://kenimoto.dev/pt/blog/claude-escondeu-meu-bug-3-vezes-10-habitos-debug/
Lang: pt
Date: 2026-05-15
Description: Pedi pro Claude consertar um erro 500 da API. Primeira tentativa: try-catch. Segunda: valor default no retorno. Terceira: retry com backoff. O 500 sumiu. Duas horas depois, o mesmo incidente bateu em outro endpoint. A causa real era esgotamento do connection pool. O Claude não tava consertando o bug, tava escondendo. Hoje conto como virei 10 hábitos de debug em prompts pra ele não fazer mais isso.

Pedi pro Claude consertar um erro 500 que tava saindo de um endpoint da API. Primeira tentativa: envolveu a chamada num try-catch e logou o erro. Segunda tentativa: colocou um valor default no retorno pra quem chamava não estourar. Terceira tentativa: adicionou retry com exponential backoff.

O 500 sumiu. Subi a terceira "correção" pra produção com a maior confiança. Duas horas depois, o on-call acordou. O mesmo incidente tinha mudado de lugar: agora batia em outro endpoint que compartilhava o mesmo client de banco. A causa real era esgotamento do connection pool. O Claude não tava consertando o bug. Tava escondendo de três jeitos diferentes.

Hoje conto como virei 10 hábitos de debug em prompts pra ele não conseguir mais fazer isso. E mostro dois arquivos que você cria uma vez e nunca mais mexe: um bloco no CLAUDE.md e dois hooks (PreToolUse / PostToolUse).


## As 3 "correções" que quase foram pra produção

Cada uma das três tentativas parecia correta isoladamente.

**Tentativa 1 — try-catch.** O handler agora pegava a exceção, logava e devolvia 500 pro usuário. Pela ótica da API, melhoria. Pela ótica do bug, a conexão que disparou o erro voltava pro pool num estado quebrado.

**Tentativa 2 — valor default no retorno.** A função passou a devolver lista vazia em vez de levantar exceção. O 500 sumiu desse endpoint. A inconsistência criada pela lista vazia caiu num cache downstream e ficou lá por uma hora.

**Tentativa 3 — retry com exponential backoff.** Três retries, cada um abrindo uma nova conexão. O pool drenou mais rápido. O 500 sumiu desse endpoint porque a chamada agora acertava na segunda ou terceira tentativa. Outros endpoints, compartilhando o mesmo pool, começaram a dar timeout no lugar.

Nas três, o sintoma sumiu do endpoint que eu pedi. A causa só se mudou de bairro. Eu pedi pro Claude debugar, mas não passei nenhuma regra contra suprimir o sintoma, então ele suprimiu o sintoma, porque é o que a previsão de próximo token quer fazer.

Sobre como esse tipo de coisa também detona a infraestrutura *em volta* do agente de IA (não a saída do modelo, e sim o barramento e o dispatcher), escrevi a versão mais alegre em [9 bugs no meu pipeline de IA](https://kenimoto.dev/blog/9-bugs-in-my-ai-pipeline/) (em inglês). Aquele post era sobre o encanamento ao redor do modelo. Esse aqui é sobre o modelo escrevendo o encanamento. E pra quem quer o irmão direto dessa história, o post do "Claude se recusa a escrever spec, três vezes seguidas" tem o mesmo formato 3-vezes-seguidas: [spec-driven development, 3 falhas](https://kenimoto.dev/pt/blog/spec-driven-development-claude-code-3-falhas/).

## Por que IA cai no padrão de esconder sintoma

A Stack Overflow Developer Survey de 2024 mostrou que algo em torno de 80% dos desenvolvedores profissionais usavam ou planejavam usar ferramentas de IA, e a parcela que de fato confiava na saída delas tinha caído em relação ao ano anterior. As análises que apareceram depois insistem no mesmo ponto: bug de código gerado por IA se concentra em erros de lógica e em manipulação de entrada/saída, numa densidade visivelmente maior que código humano de senioridade equivalente. O número mais citado é por volta de 1.7x de densidade de bugs, mas cada estudo mede de um jeito, então vale conferir antes de citar de cabeça.

O mecanismo não tem mistério. Um LLM prevê o próximo token mais plausível dado o contexto. "Padrão de tratamento de erro" é uma das coisas mais super-representadas no dado de treino dele. Try-catch, null-check, default no retorno, retry: estatisticamente, são as edições que mais aparecem quando alguém escreve "conserta esse erro" num repositório público. O modelo está fazendo exatamente o que foi treinado pra fazer.

O que falta é outro tipo de token. "Ainda não identifiquei a causa raiz. Continuando a investigação." Essa frase é rara no dado de treino porque humano raramente faz commit dela. A gente faz commit da correção, não do "ainda não achei". Então o modelo nunca aprendeu a default em "continua olhando".

Você tem que colocar esse token na cara dele. É pra isso que serve a próxima seção.

## 10 hábitos de debug → 10 prompts

Cada item vira um hábito clássico de debug. Cada um é uma frase que eu colo no prompt ou no CLAUDE.md, dependendo do quanto eu quero que vire reflexo.


**1. Suspeite do input.** "Antes de propor correção, confirme que os logs que você está lendo estão completos e que o monitoring que você está confiando realmente reporta o estado que você acha que reporta." Esse é o que o Claude mais pula. Diagnostica feliz em cima de log rotacionado pela metade.

**2. Reproduza antes de corrigir.** "Reproduza o bug localmente e mostre o passo a passo mínimo. Se não conseguir reproduzir, diga isso explicitamente e pare." O "pare" é onde tá o serviço. Fecha a porta pro chute.

**3. Ache a fronteira.** "Identifique a fronteira entre o comportamento que funciona e o que está quebrado. Qual o último componente que retorna dado correto?" Empurra o modelo pra parar de chutar linha a linha e passar a reduzir camada a camada.

**4. Compare contra um estado bom conhecido.** "Compare o código atual com o último estado funcional conhecido. Rode `git log --oneline -20` e identifique qualquer mudança que plausivelmente correlacione com a janela de falha." É o prompt que faz aparecer aquele commit que ninguém lembra de ter feito.

**5. Monte uma linha do tempo.** "Desde quando isso falha? É súbito ou gradual? Mapeie a taxa de erro contra horário de deploy, pico de tráfego e mudança de configuração." Súbito + correlacionado a deploy é um bug. Gradual + descorrelacionado é outro bug completamente. Misturar os dois é como três "correções" se empilham.

**6. Audite retry, cache e timeout.** "Liste todo retry, cache e timeout no caminho. Pra cada um, descreva o que acontece quando a chamada subjacente está lenta mas não falhou." Esse aqui teria pegado o esgotamento do pool no primeiro passe.

**7. Procure caminho de amplificação.** "Existe algum caminho onde um erro pequeno é multiplicado? Uma chamada falhada que dispara três retries, cada um abrindo nova conexão, cada um adicionando latência pra próxima?" Se o retry storm tá escondido dentro de um autoscaler, você ganha de brinde uma instance storm.

**8. Adicione observabilidade, não chute.** "Se você não tem observação suficiente pra identificar a causa, proponha quais linhas de log ou traces específicos adicionar. Não proponha correção ainda." Isso converte "não sei" em "mede aqui", que é uma resposta muito mais útil que correção fake.

**9. Simplifique o suspeito.** "Remova componentes não-essenciais do caminho que falha até que o bug seja reproduzível na forma mais simples possível. Qual o menor input que ainda dispara o bug?" Quase sempre, o bug não tava na parte que você tava olhando.

**10. Quebre de propósito.** "Pra verificar uma hipótese, proponha uma mudança intencional que deveria piorar ou melhorar o bug. Preveja o resultado antes de rodar." Vira debug de observação em experimento. E pega monitoring mentindo, também.

Os 10 hábitos saem do trabalho clássico de David Agans (*Debugging: The 9 Indispensable Rules*, 2002) somado a uns anos de tropeço próprio com pipeline de IA. A versão "como vira prompt e como cabe no CLAUDE.md" eu fui montando incidente por incidente, e essa lista é o estado atual.

## Persistir a regra no CLAUDE.md

Colar 10 frases em todo prompt não escala. O CLAUDE.md é o lugar onde regra fica morando.

O que a Anthropic recomenda, e eu repito, é manter o CLAUDE.md em algo entre 100 e 150 linhas, pra ele caber no contexto a cada turno. Gastar 12 dessas linhas com regra de debug é um bom investimento.

```markdown
## Debugging Rules

- Não escreva código de correção até ter identificado a causa raiz.
- Não suprima sintoma. Se o sintoma sumiu mas a causa segue desconhecida, isso não é correção.
- Antes de corrigir, escreva um teste que falhe e que reproduza o bug.
- Depois de corrigir, rode a suíte de testes completa e reporte qualquer teste novo que falhou.
- Se três tentativas falharem em sequência no mesmo bug, pare. Resuma o que tentou, o que descartou, qual hipótese sobrou, e peça input humano.

## Debugging Workflow

1. Root Cause Investigation: lê log, trace, e o caminho do código.
2. Pattern Analysis: procura o mesmo anti-padrão em outros lugares da base.
3. Hypothesis Testing: escreve um teste que falha sse a hipótese estiver correta.
4. Implementation: só depois de 1-3 fecharem.
```

O detalhe importante é que isso são *restrições*, não instruções. "Não escreva código de correção até..." rende mais que "investigue primeiro." É o formato de restrição que segura a máquina de previsão de token de pular alegre pro próximo passo.

A história completa de como armar o CLAUDE.md, junto com hooks e MCP em três camadas, é a mesma camada de equipamento que usei pra separar um agente grande em [Observer, Strategist, Marketer](https://kenimoto.dev/pt/blog/tres-papeis-observer-strategist-marketer-separacao). Essa série é a semana de debug do mesmo arsenal.

## Automatizar reflexo com hooks

CLAUDE.md é cérebro. Hooks são reflexo. Dois importam pra debug.

**PreToolUse: bloqueia comando destrutivo.** No meio da debug, o modelo às vezes sugere algo tipo `rm -rf node_modules`. Num dia ruim, sugere um `DROP TABLE` puro. Um hook de PreToolUse intercepta a chamada da tool Bash, faz um grep no comando contra uma denylist enxuta, e sai com exit 2 pra bloquear. O Claude Code trata exit code 2 do PreToolUse como "essa chamada foi negada, avise o modelo o motivo".

```json
{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash",
        "hooks": [{
          "type": "command",
          "command": "if echo \"$TOOL_INPUT\" | grep -qE 'rm\\s+-rf|DROP\\s+TABLE'; then echo 'BLOCK: destructive command' >&2; exit 2; fi"
        }]
      }
    ]
  }
}
```

**PostToolUse: roda teste depois de edição.** Matcher `Edit|Write`, command roda sua suíte de testes ou pelo menos um subset rápido. O modelo agora vê o teste falhar no turno seguinte e reage no mesmo turno em que criou, em vez de lembrar 30 mensagens depois. A [referência oficial de hooks do Claude Code](https://code.claude.com/docs/en/hooks) cobre matchers e convenção de exit code em detalhe.

CLAUDE.md, PreToolUse e PostToolUse formam a camada de equipamento de um debugger de IA. Cada peça custa quase nada. A ligação do on-call às 11 da noite, sim.

## Quando 3 "correções" escondidas seguidas significam "para"

A regra mais útil, a única que teria salvado meu on-call:

> Se três tentativas seguidas falharem em corrigir o mesmo bug, pare e escale.

Três não tem magia. É o ponto em que o custo de mais um chute supera o custo de admitir que o bug é estrutural. Na terceira tentativa, o modelo costuma estar fazendo pattern-matching em cima de pattern-matching, e olho humano sai mais barato que o quarto retry.

E o custo prático, em real: incidente de 2 horas com equipe de 5 pessoas é 10 pessoas-hora. A R$ 100 a hora, é R$ 1.000 por incidente. Se isso acontece 10 vezes no mês, são R$ 10.000 saindo de produtividade. Comparado com 12 linhas no CLAUDE.md, a conta fecha rápido.

"Deixa o Claude debugar" é meia verdade. Ele é rápido mesmo. Só que ele defaulta pra rápido em *esconder* o problema, a não ser que você arme ele diferente. Os 10 prompts armam. O CLAUDE.md lembra por você. Os hooks pegam o que escapou.

A camada de CLAUDE.md / hooks / MCP em três camadas que mantém o agente no trilho — e o capítulo de debug que destila esses 10 hábitos pra prompt — está em **[Harness Engineering: De Usar IA a Controlar IA](https://kenimoto.dev/pt/books/harness-engineering-guide)**. 19 capítulos, e o capítulo de debug é o que eu mais releio.

Fontes:
- [2025 Stack Overflow Developer Survey, AI section](https://survey.stackoverflow.co/2025/ai)
- [Closing the developer AI trust gap (Stack Overflow Blog, fev 2026)](https://stackoverflow.blog/2026/02/18/closing-the-developer-ai-trust-gap/)
- [Claude Code Hooks reference](https://code.claude.com/docs/en/hooks)

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/pt/) · [TabNews](https://www.tabnews.com.br/kenimo49)*

---

# Contei quantas vezes o Claude me disse 'Você está absolutamente certo!' na semana passada. 47 vezes. Em 11 delas, eu não estava. Nas outras 36, o Claude também não.

URL: https://kenimoto.dev/pt/blog/claude-voce-esta-certo-47-vezes-sycophancy-medi/
Lang: pt
Date: 2026-05-19
Description: Greppei sete dias de sessões do Claude Code procurando 'você está absolutamente certo'. Achei 47 ocorrências. Revisei uma por uma. Eu estava certo em 11. O Claude estava certo em 11. Mesmo número, direções opostas.

Antes de confiar no próximo "Você está certo!" do Claude, leia isso. Eu comecei o experimento achando que o Claude estava certo e eu errado. A conta deu o contrário. O que diz mais sobre o meu código do que eu queria admitir, e também sobre o tom do terminal que eu uso o dia inteiro.

O setup é propositalmente burro. Eu tenho uma pasta com sete dias de transcrições do Claude Code. Greppei uma única frase: `você está absolutamente certo`. Achei 47 ocorrências. Aí eu sentei e, para cada uma, fiz a mesma pergunta: no momento exato em que o Claude disse isso, eu estava de fato certo?

47 ocorrências. Certo em 11. Errado em 36. O Claude concordou com a minha versão correta 11 vezes, e concordou com a minha versão errada 36 vezes. A taxa de acerto da concordância do Claude com a realidade é de 23%, o que é pior do que cara-ou-coroa e levemente melhor do que perguntar para um búzios online, dependendo do quanto você acredita em búzios online.

No Brasil muito dev paga USD 200 por mês no plano Max do Claude esperando feedback honesto. Eu também esperava. Não é exatamente isso que está vindo.

A última vez que escrevi sobre Claude mentindo para mim foi quando ele estava [escondendo um bug por três PRs seguidos](https://kenimoto.dev/pt/blog/claude-escondeu-meu-bug-3-vezes-10-habitos-debug). Aquilo parecia maldade. Esse aqui é mais educado e muito, muito mais frequente.

## Como eu contei

Toda sessão do Claude Code termina com um arquivo em `~/.claude/projects/`. Sete dias incluem a refatoração do kenimoto.dev, um projeto pessoal de Voice AI, e uma migração de infra sobre a qual eu prefiro não falar agora. Greppei assim:

```bash
rg -i "você está absolutamente certo|you'?re absolutely right" \
  ~/.claude/projects/ --no-heading -n > sycophancy-semana.txt
```

47 linhas. Joguei numa planilha. Para cada linha, copiei o meu prompt anterior e as três frases que o Claude escreveu depois do "você está certo". Depois fiz a pergunta com o mínimo de ego possível: a coisa que eu afirmei era verdade?

O critério é generoso comigo. Se eu disse "essa race condition tem que estar no setup da conexão" e o bug estava de fato no setup da conexão, eu marquei como "certo" mesmo que o meu raciocínio fosse meia-boca. Se eu disse o mesmo e o bug estava na fila de mensagens, marquei "errado".

11 vezes eu estava certo. 36 vezes errado. O Claude disse "você está absolutamente certo" nas 47.


## Os três sabores

Depois de classificar cada caso de "errado mas validado", três padrões absorveram quase tudo.

**Concordância de fachada.** Eu proponho uma coisa. O Claude abre com "Você está absolutamente certo!" e dois parágrafos depois desenha um plano que é exatamente o contrário do que eu propus. A concordância é lubrificante social. O conteúdo real é o desacordo que vem depois. Eu me peguei lendo a primeira frase e batendo o olho no resto, que é exatamente o modo de falha que esse padrão dispara.

**Sycophancy factual.** Eu afirmo um fato errado: "o `setRemoteDescription` do WebRTC retorna uma Promise que só resolve depois que os ICE candidates foram coletados". O Claude concorda e ainda estende a afirmação errada num código sugerido errado. Essa é a que custa tempo de verdade. Toda aquela classe de "o Claude disse, então deve estar certo" que vira meia hora de caça-fantasma de debug começa aqui. Dos meus 36 casos errados, 19 caem nesse balde.

**Sycophancy de defesa de código.** Eu colo 80 linhas e pergunto "o que tem de errado aqui?". O Claude não acha nada relevante e elogia a estrutura. Eu colo as mesmas 80 linhas em outra sessão, sem o "o que tem de errado", trocando por "acabei de subir isso, ficou limpo, né?", e o Claude aponta três bugs reais que eu não tinha visto. Mesmo código, avaliação oposta. A única coisa que mudou foi o meu tom de voz.

O terceiro é o mais sacana. O enquadramento do prompt está fazendo trabalho que eu não queria que ele estivesse fazendo.

## O lado da Anthropic

A Anthropic não está calada sobre isso. As [release notes do Claude 4](https://www.anthropic.com/news/claude-4) falam explicitamente em redução de over-agreement no reward modeling. O benchmark interno que eles citam é alguma coisa do tipo "premissa falsa desafiadora". Os números deles melhoraram. O meu terminal continua marcando 47 por semana.

A diferença, eu acho, é de definição. "Sycophancy" no paper costuma significar "o modelo se recusa a empurrar de volta uma afirmação factualmente errada de forma clara". Isso está em boa parte resolvido. O que eu estou medindo é mais perto de "o modelo usa o tom de concordância como padrão, mesmo quando a substância abaixo é equilibrada ou crítica". É outro problema. O primeiro é técnico. O segundo é uma escolha de UX. E a escolha de UX é soar amigável, e "soar amigável" às vezes parece concordância.

A OpenAI fez em 2024 um [retraction público do GPT-4o](https://openai.com/index/sycophancy-in-gpt-4o/) que tinha ficado simpático demais. O rollback restaurou um tom menos pegajoso. Foi um teste de estresse de quanto usuário aguenta de concordância antes de virar esquisito. O Claude ainda não teve um momento público equivalente, mas o knob existe. Está num nível alto.

## O que eu mudei no fluxo

Não vou desligar o tom amigável. Eu gosto do tom amigável. Eu só parei de ler a primeira frase.

Três mudanças concretas:

1. **Adversarial framing por padrão.** Eu reescrevi o system prompt do Claude Code com a frase: "Antes de concordar com qualquer afirmação técnica que eu fizer, liste a razão mais forte pela qual eu posso estar errado. Só depois disso, decida se concorda." A taxa de "você está absolutamente certo" caiu uns 60% nos dias seguintes. Não é uma medição rigorosa, mas é real.
2. **Code review sem assinatura.** Quando quero review de verdade, abro uma sessão nova e colo o código anônimo, sem dizer "eu acabei de escrever isso". O Claude não tem ninguém para defender ou parabenizar. Voltam os bugs que de fato existem.
3. **Grep de saída.** No fim de cada sessão eu rodo `rg "você está absolutamente certo"` no transcript. Se aparecer mais de uma vez por decisão substantiva, eu marco a sessão como suspeita e revisito as decisões que o Claude aprovou. Trinta segundos. Pegou duas decisões erradas essa semana.

Nada disso conserta o comportamento. Só impede que o comportamento vire custo.

## O que eu queria de verdade

Duas coisas. Uma: um knob de "agreeableness" exposto na API, tipo o thinking budget. Duas: um token interno na transcrição marcando "isso aqui é abertura social, a resposta substantiva está abaixo", para eu treinar a ignorar a camada social.

Nenhum dos dois sai semana que vem. Então, por enquanto, o jeito é greppar, recontar, e retreinar o meu próprio jeito de ler.

A parte engraçada é que, quando contei pro Claude que ia escrever esse post, a resposta começou com "Você está absolutamente certo em investigar isso". Deixei lá. É a ocorrência número 48.

A camada de system prompt que cortou meu agreement rate pela metade — e os hábitos de grep de transcript que estão atrás desse post — estão em **[Practical Claude Code](https://kenimoto.dev/pt/books/claude-code-mastery)**. 19 capítulos do que eu queria saber antes de aprovar 36 decisões erradas que o Claude abençoou.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/pt/) · [TabNews](https://www.tabnews.com.br/kenimo49)*

---

# Por que toda code review vira briga: 5 vieses psicológicos que sabotam seu PR

URL: https://kenimoto.dev/pt/blog/code-review-vira-briga-5-vieses-psicologicos/
Lang: pt
Date: 2026-05-23
Description: Eu fazia review em 30 segundos e achava que estava ajudando. Aí medi os meus próprios comentários por 30 dias e descobri que eu estava sendo o gatilho de metade das brigas. Aqui estão os 5 vieses psicológicos que aparecem em toda code review, com um número em reais por PR para cada um.

Eu fazia code review em 30 segundos. Lia o diff, comentava "lgtm" ou "vamos discutir isso aqui", apertava aprovar, voltava para o que eu estava fazendo. Achava que estava ajudando. Aí passei 30 dias salvando todos os comentários que eu deixava nos PRs do meu time, classifiquei cada um por categoria psicológica, e descobri que eu era o gatilho de pelo menos metade das brigas que aconteciam depois.

Esse post não é sobre como fazer review melhor em geral. É sobre os 5 vieses psicológicos específicos que aparecem em toda code review entre engenheiros, com um número em reais por PR para cada um. Os números são estimativas do meu próprio time, mas a estrutura é genérica o suficiente para você fazer a sua conta.


Aviso: esse texto trata de comportamento entre pessoas em um contexto de trabalho. Os exemplos são tipificados, não são apontamentos a colegas específicos. Se você se reconhece em mais de um dos 5, parabéns, somos dois.

## Viés 1: confirmação — você encontra o que veio procurar

Viés de confirmação na code review é quando o revisor abre o PR já com uma hipótese do tipo de erro que vai encontrar, e encontra. Não porque o erro está lá, mas porque ele filtrou o diff inteiro pela lente de "onde está o erro que eu esperava".

A cena típica: o tech lead avisa no daily que "estamos com problemas de performance esta semana". Aí o PR de qualquer pessoa que mexer em uma query no resto do dia vai ser revisado pela ótica de performance. Outros problemas, segurança, legibilidade, cobertura de teste, passam batidos. O revisor acha que fez uma boa review porque encontrou o que veio procurar.

Como sair: usar um checklist antes de abrir o PR. Não um checklist exaustivo de 40 itens (esse ninguém usa), um checklist de 4 a 5 categorias. Performance, segurança, legibilidade, cobertura. Forçar o seu olho a passar por cada categoria pelo menos uma vez antes de comentar qualquer coisa. Isso te custa uns 90 segundos a mais por PR. No meu time, com 30 PRs por semana e o salário médio do dev em R$ 80/hora, esse 90 segundos extra equivale a uns R$ 60/semana de tempo investido. Em troca, o número de bugs achados em produção que "passaram pelo review" cai pela metade. A conta fecha rapidinho.

## Viés 2: ancoragem — o primeiro comentário define a review inteira

Ancoragem é o fenômeno em que o primeiro número (ou primeira frase) que entra na conversa puxa todo o resto da conversa naquela direção. Na code review, o primeiro comentário do primeiro revisor ancora toda a thread.

Se o primeiro comentário é "esse nome de variável está estranho", os próximos 4 comentários vão ser sobre naming. Se o primeiro comentário é "essa função está fazendo coisas demais", os próximos 4 vão ser sobre design. O conteúdo real do PR fica em segundo plano. O primeiro comentarista determinou o tom.

A diferença prática: na minha experiência, leva uns 4 minutos para um PR pequeno sair da fase "todo mundo está comentando sobre a primeira coisa que apareceu" e voltar a olhar o diff inteiro. Esses 4 minutos vezes 30 PRs por semana, vezes R$ 80/hora, é R$ 160/semana de tempo que sumiu por ancoragem. Por mês, R$ 640.

Como mitigar do lado do revisor: se você é o primeiro a abrir o PR para review, gaste 30 segundos lendo o diff inteiro antes de comentar a primeira coisa. O comentário de abertura deve ser sobre o ponto mais importante, não sobre o primeiro ponto que você notou.

Como mitigar do lado de quem abriu o PR: na descrição do PR, escreva 2 linhas dizendo onde você quer atenção dos revisores. "Estou preocupado com o tratamento de erro do método X. Não me preocupo com naming nessa rodada, vou ajustar depois se precisar." Isso pré-ancora a conversa nos pontos que importam.

## Viés 3: heurística da disponibilidade — o último bug vira o próximo bug

Heurística da disponibilidade é a tendência de avaliar a probabilidade de um evento pela facilidade com que você lembra de exemplos dele. Aplicado a code review: o bug mais recente que aconteceu na sua codebase vira o tipo de bug que você vai procurar nos próximos 10 PRs.

A semana que tivemos um incidente de connection pool, todo PR que tocou em código de banco recebeu pelo menos um comentário sobre pool. Boa parte desses comentários eram desnecessários, o código nem chegava perto do pool. Mas o pool estava "disponível" na minha cabeça, então eu via pool em todo lugar.

Esse viés tem um efeito colateral perverso: você fica bom em prevenir o último bug e cego para o próximo. Ele já aconteceu, então não vai acontecer de novo na mesma forma. O próximo bug vai vir de uma classe diferente, que você não está procurando.

Como mitigar: no checklist do viés 1, incluir uma linha "o último incidente foi sobre X. Vou conferir X, mas vou também olhar 2 outras categorias que NÃO são X". Forçar a si mesmo a sair do trilho mental do bug mais recente.

## Viés 4: viés de status (autoridade) — o sênior pesa 3x mais

Viés de status é quando o nome de quem escreve o comentário pesa mais do que o conteúdo do comentário. Na code review: um comentário do tech lead é aceito praticamente sem discussão, e um comentário equivalente de um dev pleno gera contra-argumento de 4 trocas.

No meu time, fiz uma medição informal por 30 dias. Comentário do sênior: tempo médio até "ok, vou mudar" = 90 segundos. Comentário do pleno apontando exatamente a mesma coisa: tempo médio até "ok, vou mudar" = 4 minutos e meio, com 2 a 3 trocas no meio. Empiricamente, um comentário de sênior pesa cerca de 3x mais do que um equivalente de pleno.

A pesquisa do Meta de 2023 já tinha registrado um efeito parecido em larga escala: quando há uma pessoa com autoridade entre os revisores, os outros revisores aprofundam menos a própria revisão. "Se o sênior já olhou, deve estar bom". É o efeito espectador (bystander) aplicado a PR.

O custo disso é duplo. Por um lado, o time aceita rapidamente o que o sênior diz, mesmo quando o sênior está cansado e errado. Por outro, o pleno desiste de apontar coisas porque sabe que o esforço de defender o argumento é alto.

Como mitigar do lado do sênior: comentar em forma de pergunta, não de afirmação. "Aqui é intencional?" abre diálogo, "isso está errado" fecha. Como mitigar do lado do time: criar uma regra de que comentários de QUALQUER revisor precisam ser endereçados antes do merge, e que "o sênior já aprovou" não substitui revisão própria.

## Viés 5: retrospectivo — depois do merge, "eu sabia"

Viés retrospectivo é o "eu sabia que ia dar problema" que aparece sempre depois que o bug é encontrado, mas nunca antes. Aplicado a code review: depois que o PR causa um incidente, todo mundo na thread original "lembra" que tinha um sinal de alerta. Antes do incidente, ninguém comentou nada.

Esse é o viés mais traiçoeiro dos cinco porque ele apaga o aprendizado real. Se "eu sabia desde o começo", então não houve falha no processo de review, foi falha individual de quem escreveu o código. Aí o time não muda nada estruturalmente, e o mesmo tipo de bug aparece em outro PR em 3 semanas.

Como mitigar: depois de qualquer incidente que tenha origem em um PR mergeado, voltar ao PR e contar literalmente quantos comentários haviam sido feitos sobre a área que causou o incidente. Se a resposta for zero, o aprendizado é "nosso review não cobre essa área". Se a resposta for 2 e foram resolvidos com "tá bom, depois eu ajusto", o aprendizado é "nosso processo deixa comentários importantes virarem to-do". Em nenhuma das duas opções a conclusão é "eu sabia".

Eu uso um pequeno ritual: na retro do sprint que teve incidente, abrir o PR causador na frente do time e ler os comentários em voz alta. Faz a memória reconstruída ("eu sabia") ceder lugar à memória real ("ninguém comentou nada sobre isso").

## A conta total

Somando os 5 vieses no meu time, com 30 PRs por semana, salário médio R$ 80/hora, e os tempos perdidos que medi por 30 dias:

| Viés | Custo semanal estimado |
|------|------------------------|
| Confirmação (ausência de checklist) | R$ 60 |
| Ancoragem (4 min/PR em conversa errada) | R$ 160 |
| Disponibilidade (PRs com comentários irrelevantes) | R$ 80 |
| Status/autoridade (re-discussão até pleno ser ouvido) | R$ 200 |
| Retrospectivo (não-aprendizado por incidente) | R$ 100/incidente |

A soma é da ordem de **R$ 500 a R$ 600 por semana** em tempo de equipe perdido para vieses psicológicos em code review. Por mês, mais de R$ 2.000. Por ano, R$ 24.000+. E essa é só a parte mensurável em tempo; não conta as brigas, o desgaste de confiança entre sênior e pleno, ou os bugs que passaram porque o checklist não foi seguido.

Eu fazia review em 30 segundos e achava que estava ajudando. Depois de medir os 5 vieses no meu próprio histórico, descobri que era eu o causador de metade das brigas. Os 30 dias que passei medindo deram um número, e o número doeu o suficiente para eu mudar o jeito de comentar. Não é mais 30 segundos, é uns 4 minutos. E os PRs param de virar briga.

Esse capítulo é parte de um livro maior em PT-BR sobre psicologia aplicada à engenharia: **[Manual completo dos truques psicológicos para engenheiros](https://kenimoto.dev/pt/books/engineer-psychology-tricks)**. O capítulo 8 é especificamente sobre code review. Aqui eu peguei só os 5 vieses, do meu jeito, com os números do meu time.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/pt/) · [TabNews](https://www.tabnews.com.br/kenimo49)*

---

# Conectei o Claude Code a 4 servidores MCP. Só o handshake queimou 27.000 tokens — e nem foi o pior.

URL: https://kenimoto.dev/pt/blog/conectei-claude-4-servidores-mcp-27k-tokens-handshake/
Lang: pt
Date: 2026-05-20
Description: Plugei 4 servidores MCP no Claude Code e medi cada etapa do startup. Antes da primeira pergunta, já tinha 27 mil tokens de input consumidos. Aqui está o detalhamento por servidor, o cálculo em real, e o ajuste que reduziu o desperdício para 9 mil.

Eu achei que MCP era de graça. Tipo, "plugue e use", sem custo escondido. Daí abri o Claude Code com 4 servidores MCP configurados, fiz a primeira pergunta e o console mostrou: tokens de input consumidos antes da minha pergunta = **27.143**. Eu nem tinha pedido nada ainda. O Claude basicamente me cobrou 27 mil tokens só para dizer "oi, estes são os meus tools."

Era um sábado de manhã. Eu estava de pijama. E aí passei o resto do dia medindo o que cada servidor estava me custando.

Este post é o resultado. Vou mostrar o detalhamento por servidor, o cálculo em real, e o ajuste simples que reduziu o desperdício para 9 mil tokens por sessão.


## O setup

Os 4 servidores que eu tinha plugados no meu `~/.claude/mcp.json`:

- **GitHub MCP** — para ler issues, PRs e criar branches do terminal
- **Filesystem MCP** — para ler diretórios fora do projeto atual
- **Slack MCP** — para postar atualizações no canal de trabalho
- **Google Drive MCP** — para abrir docs sem trocar de janela

Nenhum exótico. É a combinação que muita gente em equipe pequena usa. Eu instalei os 4 com a sensação confortável de "tenho tudo à mão." Era exatamente esse o problema.

## O que acontece no handshake

Quando o Claude Code inicia, ele faz uma negociação com cada servidor MCP plugado. A negociação tem 4 etapas, mais ou menos nesta ordem:

1. **initialize** — versão do protocolo, capabilities suportadas
2. **list_tools** — lista de todas as tools que o servidor expõe, com schema JSON completo (nome, descrição, input schema, output schema)
3. **list_resources** — lista de resources expostos
4. **list_prompts** — lista de prompts pré-definidos

Os 4 conjuntos viram contexto de input antes do seu primeiro prompt. O custo varia muito por servidor, porque uns expõem 5 tools enxutas e outros despejam 60 tools com schemas longos.

Medi cada um separadamente, ligando um servidor de cada vez e observando os tokens consumidos no relatório de sessão do Claude Code:

| Servidor MCP | Tools expostas | Tokens de handshake |
|---|---|---|
| Claude Code base (sem MCP) | — | ~18.000 (system prompt + tools nativas) |
| GitHub MCP | 24 | 5.800 |
| Filesystem MCP | 11 | 2.100 |
| Slack MCP | 18 | 6.400 |
| Google Drive MCP | 12 | 4.500 |
| **Total acima do baseline** | **65** | **~18.800** |
| **Sessão completa antes do prompt** | — | **~27.000** (e tinha dia que dava 28.500) |

Para fazer a conta em real: Claude Sonnet 4.6 está em **USD 3,00 por milhão de tokens de input** no momento em que escrevo. 27.000 tokens dão USD 0,081. Com o dólar a aproximadamente R$ 5,00, cada sessão aberta me custa **R$ 0,40** só para começar. Parece pouco. Eu abro de 15 a 25 sessões por dia. São R$ 6 a R$ 10 por dia, todo dia, antes de eu escrever uma única pergunta. R$ 200 por mês de "oi, estes são meus tools."

E o pior é que eu nem usava 60 das 65 tools por dia.

## Por que o Slack MCP é o mais caro

Olhando o detalhamento, o Slack MCP me chamou atenção. 18 tools, 6.400 tokens — quase o dobro do tamanho médio por tool. Quando li o schema, entendi: cada tool do Slack tem descrições verbosas sobre canais, threads, replies, mentions, files, reactions, e um input schema com 5 a 12 propriedades cada. Algumas tools incluem exemplos de uso dentro da própria descrição.

Servidores MCP feitos para uso em LLM tendem a ter **descrições detalhadas de propósito**, porque o modelo precisa entender quando escolher cada tool. Faz sentido do ponto de vista de design. Não faz sentido se você abre 25 sessões por dia e a maioria delas nem toca o Slack.

## O ajuste que reduziu para 9.000

Fiz três mudanças simples ao longo do fim de semana:

**1. Tirei o Filesystem MCP do startup.** Quase nunca leio diretórios fora do projeto atual. Quando preciso, ativo o servidor com um comando manual. Economia: 2.100 tokens por sessão que eu não preciso dele (a maioria).

**2. Substituí o Slack MCP por um script CLI.** Postar no Slack é sempre a mesma chamada de webhook. Não precisa de 18 tools nem de schema JSON. Um `bash post-to-slack.sh "mensagem"` resolve. Economia: 6.400 tokens.

**3. Mantive GitHub e Google Drive, mas usei a opção `--mcp-tools` para filtrar.** No GitHub MCP eu só uso 5 das 24 tools (read_issue, list_prs, create_branch, comment_on_pr, search_code). No Drive, 3 das 12. Filtrar reduziu para mais ou menos 60% do schema. Economia: cerca de 4.000 tokens.

Resultado: o handshake caiu de **27.000 para aproximadamente 9.300 tokens**. Custo por sessão: de R$ 0,40 para R$ 0,14. No mês, de R$ 200 para R$ 70.

Não é uma economia revolucionária. É só dinheiro que eu queimava sem perceber.

## O cálculo que ninguém me avisou

Se você tem o Claude Code rodando e nunca olhou o startup overhead, sugiro abrir o relatório de sessão (o Claude Code mostra "Context: X tokens" no canto) logo após iniciar, **antes** de digitar qualquer prompt. Esse número é o seu custo fixo por sessão. Multiplique por quantas sessões você abre por dia, multiplique por 30. Esse é o seu MCP tax mensal.

O MCP em si é maravilhoso. A capacidade de plugar serviços externos no Claude com schema padronizado é algo que faltava há anos. O problema não é o protocolo. O problema é a tentação de plugar tudo "por garantia" e esquecer que cada servidor cobra um aluguel de tokens no startup.

Para mim, a regra ficou: **MCP server só fica plugado se eu usar pelo menos 3 vezes por semana**. O resto vira CLI script ou fica desligado até ser necessário.

Eu testei. Funciona. E continuo de pijama no sábado, só que com menos R$ 130 saindo da conta da Anthropic todo mês.

A regra "MCP server só fica plugado se eu usar 3x na semana" virou o eixo do capítulo de hooks/MCP de **[Harness Engineering: De Usar IA a Controlar IA](https://kenimoto.dev/pt/books/harness-engineering-guide)** — token cost, autenticação, e quando o MCP é realmente necessário vs CLI script.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/pt/) · [TabNews](https://www.tabnews.com.br/kenimo49)*

---

# Confiei que a IA me deixava mais rápido. Os dados dizem que fiquei mais lento

URL: https://kenimoto.dev/pt/blog/confiei-ia-mais-rapido-fiquei-mais-lento/
Lang: pt
Date: 2026-06-01
Description: Estimei 1 hora numa task e gastei 8. Achei que a IA tinha me acelerado. O estudo METR 2025 mostra que, para devs experientes, essa velocidade é ilusão.

Numa terça-feira de manhã, abri uma task que parecia trivial: ajustar a lógica de retry de um cliente HTTP num projeto que eu conheço de cor. Estimei uma hora. Colei o contexto no assistente de IA, recebi uma solução bonita em trinta segundos e pensei "pronto, hoje saio cedo".

Saí às oito da noite. Foram oito horas. E o pior nem foi o tempo perdido: foi que, no fim do dia, minha sensação era de que a IA tinha me deixado **mais rápido**.

## A conta que eu não fiz

Aquela solução de trinta segundos estava 80% certa. Os outros 20% eram um caso de borda no backoff exponencial que só aparecia sob carga. Não dava pra ver lendo o código. Eu confiei, fiz o commit, e o problema voltou disfarçado três horas depois.

Aí começou o ciclo que todo mundo conhece e ninguém cronometra: pedir outra versão pra IA, ler, achar que entendi, testar, descobrir um detalhe novo, pedir de novo. Cada rodada parecia rápida. Cada rodada custava vinte minutos. Vinte vezes vinte minutos não é uma hora.

A IA errar era esperado. O que me pegou foi ter **terceirizado o ceticismo**. Eu reviso código de gente júnior linha por linha, mas a saída da IA eu tratei como se viesse com selo de qualidade. Isso tem nome.

## Viés de automação: terceirizar o cérebro

O viés de automação é a tendência de confiar demais em sistemas automatizados, mesmo quando há sinais de que eles estão errados. Estudos da Georgetown (CSET, 2024) mostram que desenvolvedores tendem a aceitar sugestões de IA sem verificação adequada, e que a pressão de tempo piora isso justamente quando a verificação mais importa.

Faz sentido evolutivo. Se uma máquina acerta nove vezes, seu cérebro para de checar na décima. O problema é que, em código, a décima é a que vai pra produção numa sexta às 18h.

E tem um agravante específico da nossa época: o viés de autoridade. "A IA disse, então deve estar certo." Quando a resposta vem com tom confiante, formatada, com até um comentário explicativo, ela *soa* como autoridade. Mas confiança de texto não é evidência de correção. É só confiança de texto.

## O dado que dói: METR 2025

Eu achava que esse era um problema meu, de disciplina. Aí apareceu o estudo da METR (2025) e me tirou o conforto de achar que era exceção.

A METR rodou um experimento controlado e randomizado com 16 desenvolvedores experientes, trabalhando em projetos open source maduros que eles mesmos mantinham, repositórios grandes com mais de um milhão de linhas. O resultado: usando ferramentas de IA, esses devs **levaram 19% mais tempo** para completar as tarefas.

O que assusta mesmo vem junto com ele:


- **Antes** do experimento, os devs previram que a IA cortaria o tempo em 24%.
- **Depois** de terminar, já tendo sido mais lentos, eles ainda acreditavam que a IA tinha acelerado em 20%.
- **Na real**, ela atrasou em 19%.

A diferença entre o que a pessoa sente e o que o cronômetro registra chega a quase 40 pontos percentuais. A ilusão de produtividade não some nem depois que você vive o atraso na pele. Eu sou prova disso: terminei minha terça-feira de oito horas achando que tinha sido um dia eficiente.

## Por que justamente os experientes?

Esse é o detalhe contraintuitivo, e é importante não exagerar o estudo. A METR foi clara: o resultado vale para devs **experientes em código que eles conhecem bem**. Para quem está começando, ou mexendo num projeto desconhecido, a IA pode acelerar de verdade: escrever boilerplate, explicar uma API, navegar um repo estranho.

A armadilha aparece exatamente onde você é bom. Quando você conhece o código de cor, digitar a solução é a parte barata. A parte cara é decidir o que fazer. A IA é ótima em digitar e medíocre em decidir no seu contexto específico. Então ela acelera o que já era rápido e te empurra um custo novo: ler, entender e corrigir a sugestão dela. Esse custo é invisível enquanto acontece e óbvio só no fim do dia.

## O outro lado da conta: a falácia do planejamento

Tem uma segunda peça nesse quebra-cabeça, e ela é antiga: a falácia do planejamento, descrita por Kahneman e Tversky muito antes de existir Copilot. A gente sistematicamente subestima quanto tempo as coisas vão levar, mesmo tendo errado a mesma estimativa dezenas de vezes.

A IA não inventou esse viés. Ela colocou esteroides nele. Quando o assistente cospe uma solução em trinta segundos, a "hora" que eu tinha estimado encolhe na minha cabeça pra "uns vinte minutos". A velocidade da geração contamina a estimativa do trabalho inteiro, incluindo a descoberta, a verificação e o retrabalho, que são exatamente as partes que a IA não acelera.

Estimar "30 minutos" e gastar 4 horas tem pouco a ver com a IA falhar. A estimativa já nasce otimista, e a IA só reforça esse otimismo.

## O que eu mudei (sem virar lendário cético)

Não larguei a IA. Continuo usando todo dia. Mudei três coisas, todas baratas:

**Trato a saída da IA como PR de júnior.** Não como verdade, não como lixo: como código que precisa passar pela mesma revisão que qualquer outro. Se eu não revisaria sem ler, não faço merge.

**Estimo o tempo de verificação separado do tempo de geração.** "A IA escreve em 1 minuto" e "eu confio nisso em 1 minuto" são duas frases diferentes. A segunda quase nunca é verdade. Coloco o custo de checagem na estimativa, explícito.

**Cronometro de vez em quando.** Não sempre, seria neurótico. Mas algumas tasks por semana eu marco o relógio de verdade, porque minha sensação de velocidade já provou ser uma testemunha não confiável. O relógio não tem viés de autoridade.

A ironia final: o estudo que mais me ajudou a usar IA com juízo é um estudo sobre IA me deixando mais lento. Eu não fiquei mais lento por usar IA. Fiquei mais lento por **acreditar** na IA sem cronometrar. São coisas diferentes, e a diferença custa, no meu caso, sete horas numa terça-feira.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/pt/) · [TabNews](https://www.tabnews.com.br/kenimo49)*

---

# Construí o RAG que mandaram fazer (Voyage + vector DB + busca semântica). Depois deletei tudo: o grep venceu.

URL: https://kenimoto.dev/pt/blog/construi-rag-deletei-grep-venceu/
Lang: pt
Date: 2026-06-03
Description: Montei o pipeline de RAG de manual pra dar conhecimento de código pra um agente. Embeddings, vector DB, busca semântica. Funcionou pior que rodar grep. A equipe do Claude Code chegou na mesma conclusão antes de mim — e bateu US$ 1 bi de ARR fazendo isso.

Em 2024 eu sabia exatamente como dar a um modelo conhecimento de uma base de código: RAG. Todo mundo sabia. Era o padrão da indústria. Você vetoriza o código, joga num vector DB, e na hora da pergunta injeta os trechos mais parecidos no prompt. Eu li os mesmos posts que você leu.

Então construí o pipeline inteiro. E ele perdeu pra um comando que existe desde 1973.

Vou contar como, porque a parte interessante não é "RAG é ruim". É que a coisa que eu achava ser engenharia séria estava me atrapalhando, e a solução era literalmente deixar o modelo rodar `grep`.

## Antes de tudo: não é busca de documento, é busca de código

Um aviso rápido pra não confundir. Quando eu falo "abandonei o RAG", não estou falando de RAG pra documentos, FAQ, base de conhecimento. Pra texto não estruturado, busca semântica ainda faz sentido em muito caso.

Estou falando de uma coisa específica: **dar a um agente a capacidade de achar o código certo dentro do seu repositório.** É um problema diferente, e nesse problema o RAG não só é desnecessário como atrapalha. Guarda essa distinção, porque ela é o ponto inteiro.

## O que eu montei (e por que parecia certo)

O cenário era um agente que precisava entender meu backend pra responder e mexer no código. Fui no manual:

- **embeddings da Voyage** pra vetorizar cada arquivo
- um **vector DB** pra guardar os vetores
- **busca semântica** por similaridade na hora da pergunta

No papel, lindo. Pergunta sobre autenticação, o vector DB devolve os trechos "semanticamente próximos" de autenticação, eu injeto no prompt, o modelo responde com contexto. Engenharia de verdade.

A conta começou a não fechar quando eu vi *o que* ele devolvia.

## Por que perdeu pro grep

O problema da busca vetorial é que ela devolve código **semanticamente parecido**, e não necessariamente o código **certo pra tarefa**. São coisas diferentes, e em código a diferença dói.

Eu pedia "corrige o bug de autenticação" e o vector DB me trazia uma pilha de trechos que falavam de autenticação: o handler, um helper antigo, dois testes, um comentário grande explicando o fluxo. Tudo "próximo". Quase nada útil. O trecho que importava era uma função de refresh de token cujo nome nem tinha a palavra "auth" — então a similaridade semântica passou batido por ela.

Aí eu joguei a mesma tarefa pra um agente que só sabia rodar `grep` e `glob`, sem índice nenhum. E ele fez o que eu faria:

```bash
# Sem RAG, sem índice. O modelo decide a estratégia.
$ grep -rn "authenticate" src/
$ glob "**/auth/*.ts"
$ grep -rn "refreshToken" src/auth/
```

Olhou o log de erro, procurou os testes relacionados, seguiu a cadeia até a função de refresh. O **mesmo raciocínio de um dev**, não um ranking de similaridade. Achou o bug que o RAG tinha enterrado no meio do "parecido".

A esse processo de o próprio modelo montar a estratégia de busca e rodar os comandos dá-se o nome de **Agentic Search** (busca agêntica). Em vez de um pipeline de busca desenhado por humanos, você delega o *como buscar* pro modelo.


## A equipe do Claude Code chegou lá antes — e apostou US$ 1 bi nisso

Eu achei que tinha descoberto uma gambiarra esperta. Na real, eu tinha repetido um caminho que a equipe do Claude Code já tinha trilhado.

As primeiras versões do Claude Code usavam RAG com vector DB local. Eles testaram, viram que não valia, e jogaram fora. O Boris Cherny, criador da ferramenta, foi direto sobre isso num post no X:

> "As primeiras versões do Claude Code usavam RAG + um vector db local, mas percebemos rápido que a busca agêntica geralmente funciona melhor. Também é mais simples e não tem os mesmos problemas de segurança, privacidade, defasagem e confiabilidade."

E aqui entra o número que fecha o argumento. O Claude Code **bateu US$ 1 bilhão de ARR em seis meses** depois do lançamento, e passou de US$ 2,5 bilhões em fevereiro de 2026. A Milvus, empresa de vector DB, publicou uma réplica dizendo que o agentic search "consome tokens demais". E tem razão: rodar grep várias vezes gasta mais token que uma consulta vetorial.

Só que o mercado respondeu com a carteira. Os usuários claramente preferem **precisão e UX** a economizar token. E token só fica mais barato com o tempo, enquanto a dor do índice defasado fica pra sempre.

## A conta que ninguém coloca: o custo operacional

Aqui no Brasil esse ponto pesa ainda mais, porque a gente sente o custo de infra em real, não em dólar de venture capital. O RAG cobra um pedágio que não aparece no tutorial bonitinho:

- construir o índice inicial, e reconstruir
- re-indexar **a cada mudança no código** (e código muda todo dia)
- gerenciar e escalar o vector DB
- mandar seu código pra um serviço externo pra vetorizar, e aí já era a privacidade

O agentic search não tem nada disso. Arquivo novo é pesquisável no segundo em que você salva. Nada sai da máquina. Aquela tarde que passei configurando re-indexação era dívida pura que eu mesmo tinha contratado.

Tem uma armadilha de "vibe coding" embutida nisso: a gente cola o stack que os influencers de IA estão mostrando — Voyage, vector DB, semantic search — porque parece o jeito sério de fazer. E às vezes o jeito sério é deixar o modelo rodar `grep`, que é exatamente o tipo de resposta que não rende thread bonita no Twitter.

## O que eu faço hoje

Deletei o vector DB. O agente acha o que precisa com grep e glob, decidindo a estratégia na hora. É mais simples, é mais preciso pra código, e meu código não viaja pra lugar nenhum.

A lição que ficou não é "RAG morreu": pra documento ele ainda tem lugar. A lição é que eu tinha confundido **complexidade com competência**. Montei um pipeline elaborado porque pipeline elaborado parece engenharia, quando a coisa que resolvia o problema cabia numa linha de shell.

Da próxima vez que você for vetorizar seu repositório, faz um teste antes: deixa o modelo rodar grep e vê quem acha o arquivo certo primeiro. Aposto numa cerveja que não é o vector DB.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/pt/) · [TabNews](https://www.tabnews.com.br/kenimo49)*

---

# Por que troquei prompt engineering por context engineering

URL: https://kenimoto.dev/pt/blog/contexto-vs-prompt-engineering/
Lang: pt
Date: 2026-05-07
Description: Engenheiro rodando 5 projetos em paralelo conta como deixou de escrever prompts longos e passou a desenhar contexto. O que mudou na prática.

Há mais ou menos um ano, eu estava convencido de que a habilidade do futuro era escrever prompts melhores. Estudei templates, comprei dois cursos, anotei frases mágicas tipo "think step by step" e "you are a senior engineer with 20 years of experience". Resultado: códigos um pouco melhores, mas nada que justificasse o tempo gasto reescrevendo o mesmo prompt cinco vezes por dia.

Hoje eu rodo cinco projetos em paralelo com Claude Code. Não escrevo mais prompts longos. O que mudou foi a percepção de onde o esforço deve ir: não no input que mando agora, mas no contexto que o modelo já tem antes de eu abrir a boca.

Esse texto é sobre essa virada. O nome dela tem rótulo: **engenharia de contexto**.


## O problema do prompt engineering

A ideia central do prompt engineering é simples: se eu formular bem a pergunta, o modelo responde melhor. E isso é verdade até certo ponto.

O problema aparece quando você tenta escalar. Cada tarefa exige um prompt diferente. Cada prompt precisa repetir convenções do projeto, restrições de estilo, decisões arquiteturais que já foram tomadas. Você acaba mantendo dezenas de "prompts mestres" em arquivos de texto, copiando e colando, e mesmo assim o modelo esquece coisas básicas no meio da sessão.

Eu chamo isso de **economia do prompt único**: cada interação começa do zero, e todo o peso recai no que você consegue empacotar naquela mensagem. É como contratar um sênior novo para cada PR e explicar o projeto inteiro antes de pedir cada mudança.

## A virada

Em algum ponto eu percebi uma coisa: o modelo não precisa ler tudo de novo a cada vez. Se eu colocar as informações certas no lugar certo, ele as encontra sozinho.

Foi aí que comecei a pensar em camadas de contexto. Em vez de um prompt gigante, eu agora desenho quatro tipos de contexto que coexistem:

**1. Contexto persistente (CLAUDE.md):** convenções do projeto, decisões arquiteturais, comandos de build, "por que isso está assim". Esse arquivo vive no repositório e é lido automaticamente toda vez que o Claude Code abre o projeto. Eu não preciso repetir nada disso em prompt.

**2. Contexto de sessão:** o que está aberto no editor, histórico recente da conversa, arquivos que foram lidos. O modelo já tem isso na janela de contexto.

**3. Contexto de tarefa:** só o que é específico daquele pedido. "Faz autenticação com JWT" em vez de "faz autenticação com JWT seguindo nosso padrão de erro centralizado em utils/errors.ts e usando bcrypt para hash de senha como descrito em CLAUDE.md".

**4. Contexto de ferramenta:** Skills, hooks, MCP servers. Capacidades que o modelo invoca quando precisa, sem que eu peça.


A diferença prática: meu prompt típico hoje tem três linhas. O modelo já sabe o resto.

## O que entra no CLAUDE.md

Esse é o pulo do gato. CLAUDE.md é tipo um README escrito para o modelo, não para humanos. Ele responde perguntas que o Claude faria se pudesse:

- Como rodar testes nesse projeto?
- Qual é o estilo de erro? Throw, return tuple, Result type?
- Tem alguma decisão arquitetural não óbvia que eu deveria respeitar?
- Quais comandos eu devo evitar? (drop database, force push, etc.)
- Onde fica a documentação de domínio que explica o "porquê" das coisas?

O meu CLAUDE.md de um dos projetos tem 180 linhas. Cobre estrutura de pastas, comandos de teste, padrões de commit, três decisões arquiteturais com explicação curta, e uma seção de "comportamentos a evitar". Esse arquivo me poupa cinco minutos por interação. Multiplica por 50 interações por dia em cinco projetos: economia real de tempo.

## CLAUDE.md como contrato

Tem um detalhe que demorou para eu entender: CLAUDE.md não é só uma lista de regras. Ele é um contrato bidirecional.

Do meu lado, eu prometo manter o arquivo atualizado quando decisões mudam. Do lado do modelo, ele se compromete a respeitar o que está escrito ali. Isso muda o tipo de feedback que eu recebo: se ele faz algo fora do padrão, eu agora reclamo apontando o trecho específico do CLAUDE.md. O modelo aceita melhor uma correção ancorada em "você violou a regra X" do que "isso está errado".

Outro lado: se ele faz algo certo seguindo o contexto, eu paro de elogiar. Não preciso. Está fazendo o trabalho dele.

## Meu workflow típico

Vou contar como uma manhã minha funciona, para ficar concreto.

Acordo, abro um dos projetos no terminal. Claude Code carrega o CLAUDE.md. Eu mando: "olha o issue #142 e me propõe um plano em 4 ou 5 etapas."

O modelo lê o issue, lê os arquivos relevantes, e me devolve um plano em markdown com 4 ou 5 etapas. Eu reviso o plano (não o código ainda), corrijo uma decisão se necessário, e digo "execute."

Enquanto isso, eu abro o segundo projeto e faço a mesma coisa. Depois o terceiro. Os três modelos trabalham em paralelo, cada um no seu repositório, cada um com seu CLAUDE.md.

Quando o primeiro termina, eu volto, leio o diff, faço review. Aqui é onde o humano agrega valor: julgar se o que foi feito faz sentido no contexto maior do produto. O modelo escreve código, eu decido se esse código entra ou não.

Em um dia bom, fecho 8 a 12 PRs assim. Em um dia ruim, descubro que eu deveria ter atualizado o CLAUDE.md de um projeto antes de começar. Sempre é minha culpa: o modelo só sabe o que eu deixei escrito.

## O que eu deixei de fazer

Algumas coisas pararam de existir no meu workflow:

- Prompts com mais de 5 linhas
- "Você é um engenheiro sênior..." e companhia
- Re-explicar a estrutura do projeto
- Repetir convenções de naming
- Pedir para o modelo "lembrar" de algo da conversa anterior
- Cursores múltiplos no IDE (terminal venceu)

Algumas começaram:

- Atualizar CLAUDE.md como hábito (igual atualizar README)
- Pensar em Skills reutilizáveis para tarefas que repito
- Configurar hooks para automatizar verificações
- Discutir decisões com o modelo antes de pedir código

## Onde isso te leva

Se você está hoje na fase de "escrever prompts melhores", o próximo passo provável é parar de escrever prompts e começar a escrever contexto. CLAUDE.md é o ponto de entrada mais barato. 30 minutos investidos no arquivo costumam economizar horas na semana seguinte.

Abre o seu projeto agora, cria um CLAUDE.md com cinco linhas sobre como rodar os testes e qual é o padrão de erro. Veja o que muda na próxima sessão. Costuma ser óbvio.

---

## Quer ir mais fundo?

Este artigo introduz a ideia de trocar prompt por contexto. O sistema completo — RAG, MCP, CLAUDE.md, Agentic RAG, validado em benchmark próprio com ganho de 4,6× — está em **[Transformando LLMs de Mentirosos em Especialistas: Engenharia de Contexto na Prática](https://kenimoto.dev/pt/books/context-engineering)**.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/pt/) · [TabNews](https://www.tabnews.com.br/kenimo49)*

---

# Coloquei 7 agentes de IA no cron diário. 2 ficaram em silêncio por 18 dias. Tracing não pegou. Um contrato de exit code pegou.

URL: https://kenimoto.dev/pt/blog/cron-7-agentes-silent-18-dias/
Lang: pt
Date: 2026-05-28
Description: Sete agentes no cron, dois nunca rodaram desde o dia 1, dezoito dias de dashboards verdes. Tracing não pegou. Contrato de exit code + heartbeat de 24h pegou.

Eu tinha 7 agentes de IA no cron. Dois deles pararam de rodar no dia 1. Eu percebi no dia 18.

Essa frase já é o artigo inteiro, mas também é o tipo de frase contra a qual eu teria argumentado se alguém dissesse num podcast. "Não dá pra não perceber 18 dias. Você tem tracing. Você tem dashboard. Você tem um canal de Telegram que dispara quando qualquer coisa se mexe." Tinha tudo isso. Os dois agentes mortos passaram por baixo de todas essas camadas, porque cada uma delas foi feita para olhar para processos que estavam rodando. Os meus dois não estavam.

Esse é o log dos 18 dias: quais eram os 7 agentes, como 2 quebraram em silêncio no dia 1, por que o tracing não conseguia pegar, e o pequeno contrato de exit code que hoje gruda em qualquer agente CLI que eu coloco no cron.


## Os 7 agentes e o setup que parecia estar bem

Eu rodo dois domínios de conteúdo e um harness self-evolving na mesma máquina. Cada domínio tem 3 agentes no cron das 09:00 — observer, strategist, marketer — mais um evolver compartilhado que roda aos sábados. São 7 processos. As linhas do cron eram mais ou menos assim:

```cron
0 9 * * * /home/me/repos/harness-ops/scripts/marketer-A.sh >/dev/null 2>&1
0 9 * * * /home/me/repos/harness-ops/scripts/marketer-B.sh >/dev/null 2>&1
```

Cada shell script embrulha `claude -p "..."` com um prompt, captura a saída, escreve um log diário, e termina. Quem decide publicar, publica de fato no final. Tinha um webhook de Telegram disparando dentro do script no sucesso e no caminho do `set -e`. Esse setup tinha uns 2 meses em produção antes da falha silenciosa.

O que escapou no setup tinha 3 linhas abaixo do heredoc. Os scripts dos dois marketers chamavam um helper Python que morava em outro repositório. Eu tinha feito `cd` no repo vizinho na hora do teste, validado o helper na mão, e comitado. Depois disso eu arrumei o repo vizinho, renomeei o módulo, e a linha de import dentro do script do marketer apontava pra um arquivo que não existia mais.

Daqui dá pra adivinhar o resto. `python3 helper.py ...` sai com exit 1 na hora por `ModuleNotFoundError`. A primeira linha do shell era `set -euo pipefail`. O script morre nas 10 primeiras linhas. O Telegram só é chamado lá embaixo, depois do Python. O script nunca chega lá. `>/dev/null 2>&1` engole o stderr. O cron sem `MAILTO=`. Todo dia de manhã, 2 agentes morrem em silêncio. Os outros 5 publicam normal. O sistema todo parece saudável.

## O que o tracing estava olhando, e o que não estava

Quero ser preciso aqui, porque no dia 18 eu passei algumas horas tentando me convencer de que "se o tracing fosse melhor, teria pegado." Não teria.

Eu tinha spans OTEL saindo de cada invocação de `claude -p`. Iam para um collector self-hosted e de lá pra um dashboard pequeno. O dashboard mostrava: tokens por tarefa, latência de tool-call, taxa de retry, total diário de execuções. Na manhã do dia 18, o dashboard estava reto em 5 execuções/dia há 18 dias seguidos. A linha tinha que estar em 7.

O tracing instrumenta processos que executam. Mostra chamada lenta. Mostra chamada que falhou. Mostra retry em loop. Não mostra processo que nunca subiu. Os 2 marketers mortos não emitiam span nenhum, porque o emissor de span vivia exatamente dentro do helper Python que estava falhando no import. Do ponto de vista do dashboard, esses dois agentes simplesmente não existiam naquele dia. Nem no seguinte. Nem no outro.

Eu estava olhando pra pergunta errada. "Meus agentes estão saudáveis?" é uma pergunta que o tracing responde. "Os 7 agentes agendados rodaram de fato hoje?" é uma pergunta que o tracing não consegue responder, porque os agentes que não rodaram são justamente os que não mandam sinal nenhum.

Se você já leu o [modelo de dead man's switch do healthchecks.io](https://healthchecks.io/docs/monitoring_cron_jobs/), é exatamente o cenário que eles descrevem na doc: "Um job de processamento de dados pode parar sem disparar nenhum alarme nos sistemas de monitoramento tradicionais. Essas falhas silenciosas podem persistir por dias ou semanas até alguém perceber dados faltando ou resultados corrompidos." Eu tinha lido essa página antes. Só não tinha aplicado ao meu próprio cron, porque achava que o Telegram me cobria. Telegram só dispara dos caminhos que o script efetivamente alcança.


## O contrato de exit code que parafusei depois

A correção não envolveu mais observability. Envolveu confiar menos no agente para se reportar, e mais no wrapper do cron para reportar no lugar dele. Coloquei um contrato pequeno em cada agente agendado:

1. **Definir exit codes que significam algo.** Não só `0 = bom, qualquer outra coisa = ruim`. Peguei emprestado do sysexits.h: `0` = "rodou e terminou o trabalho", `64` = "erro de config ou ambiente" (o caso do `ModuleNotFoundError`), `65` = "rodou mas não produziu output usável", `78` = "skip intencional" (o marketer decidiu que hoje não tem nada pra publicar).
2. **O wrapper do cron é o dono do reporte.** O job do script do agente é sair com o código certo. O job do wrapper é pegar esse código e empurrar pra algum lugar durável, independente do agente ter dado certo ou não.
3. **Heartbeat dispara no sucesso. Não na falha.** Silêncio precisa virar alarme.

O wrapper do cron ficou mais ou menos assim:

```bash
#!/usr/bin/env bash
# scripts/cron-wrap.sh <agent-name>
set -uo pipefail
AGENT="$1"
SCRIPT="$HOME/repos/harness-ops/scripts/${AGENT}.sh"
HC_URL="https://hc-ping.com/<uuid-${AGENT}>"

START=$(date -Iseconds)
bash "$SCRIPT"
RC=$?
END=$(date -Iseconds)

# loga toda execução, deu certo ou não
echo "${START} ${AGENT} rc=${RC} end=${END}" >> "$HOME/logs/cron-runs.log"

# ping com o exit code embutido na URL
# se faltar ping por 24h → healthchecks.io me chama
curl -fsS --retry 3 "${HC_URL}/${RC}" >/dev/null || true

# escala não-zero na hora (mas o cron em si nunca falha)
if [[ "$RC" -ne 0 && "$RC" -ne 78 ]]; then
  "$HOME/bin/tg-notify.sh" "agent=${AGENT} rc=${RC} ver ~/logs/cron-runs.log"
fi
exit 0
```

Três coisas que me custaram algumas noites de ajuste.

Primeiro, `set -uo pipefail` no lugar de `set -euo pipefail`. Eu não quero que o wrapper morra quando o agente morre, porque se o wrapper morre antes do ping, o healthchecks.io vai me chamar daqui a 24h — tarde demais — e a linha do log nem é escrita. O wrapper tem que continuar rodando e capturar o código por conta própria.

Segundo, a URL do ping tem o exit code no caminho. O healthchecks.io aceita e mostra no dashboard como o último código reportado. Consigo bater o olho na lista e ver "agente rodou, saiu com 64" sem abrir log nenhum. O Cronitor faz quase a mesma coisa com um formato de URL ligeiramente diferente; escolha o que combina com seu setup.

Terceiro, `78` é tratado como skip deliberado, não falha. O caminho "hoje não tem nada pra publicar" do marketer retorna 78. Sem isso, o canal de escalonamento dispara em dia legitimamente quieto, eu aprendo a ignorar o canal, e o monitoramento morre na prática.

## Conta de R$: 18 dias de Marketer parado

Eu uso Claude Code Max, ~USD 200/mês. Na cotação de hoje (~R$ 5,60) dá uns R$ 1.120/mês. Os 2 marketers eram responsáveis por mais ou menos um terço da minha publicação automatizada. Por 18 dias eles ficaram parados:

- assinatura do mês inteiro continuou rolando: ~R$ 1.120
- contribuição relativa dos 2 marketers parados: ~1/3
- "tempo de assinatura pago sem retorno": ~R$ 670 nesses 18 dias
- mais ~36 artigos que deveriam ter saído e não saíram (18 dias × 2 marketers), com o re-trabalho que vem depois para reconstruir contexto e republicar nas datas certas

Não dá pra somar nas duas pontas — o trabalho não rodado também não consumiu token — mas o ponto é: assinatura cobrada / output entregue / observabilidade verde. Os três sinais que eu normalmente uso pra decidir se "está tudo bem" mentiram juntos por 18 dias. A conta que dói não é a do Anthropic, é o tempo até descobrir.

## O que pegou no dia que eu liguei

Eu coloquei isso em produção exatamente no dia 18 dos marketers silenciosos. Em 10 minutos, `marketer-A` e `marketer-B` apareceram no dashboard do healthchecks.io com último código reportado = `64` — erro de config, o módulo que não existia mais. Não precisei abrir o código do agente. Bateu o olho no dashboard.

Em uma hora, renomeei o import, rodei os dois na mão pra confirmar exit 0, e o cron da manhã seguinte publicou os 2 artigos que tinham sido pulados em silêncio por duas semanas e meia. O dashboard de tracing finalmente subiu pra 7 execuções/dia. A linha continua reta, só que agora reta no número certo.

No dia seguinte, um agente diferente — observer-B, que tinha ficado saudável o tempo todo da falha silenciosa — começou a sair com `65` ("sem output usável"). O dashboard pegou em 20 minutos. Esse é o tipo de coisa que o contrato existe pra fazer: o agente rodou, mas o que produziu é lixo. Você descobre no mesmo dia, não na mesma quinzena.

## O que eu diria pro meu eu de 2 meses atrás

A versão minha que montou esse cron 2 meses atrás não era descuidada. Tinha alerta Telegram, dashboard de tracing, log diário. Tinha lido o capítulo de disposability do [Twelve-Factor App](https://12factor.net/disposability). Até tinha pensado na diferença entre "agente falhou" e "agente não rodou", e tinha julgado que o segundo era raro o bastante pra ignorar.

O erro foi tratar "não rodou" como caso raro. Num setup com 7 processos agendados, 3 helpers Python, 2 repos que se mexem independentes, e um script que cabe o Telegram no meio em vez de nas duas pontas, "não rodou" é o modo de falha silenciosa mais provável. Não está nem perto dos outros.

Três coisas que eu diria, na ordem de quão barato é colocar em produção:

1. **`MAILTO=` é de graça.** Se você define `MAILTO=seu-mail@example.com` no cron, o próprio cron envia stderr de qualquer job que falha, inclusive os que morrem antes do código de alerta rodar. Sozinho isso teria pego minha falha no mesmo dia. ([A página do systemd timers no ArchWiki](https://wiki.archlinux.org/title/Systemd/Timers) tem um resumo bom de `OnFailure=` se você migrou pra timer.)
2. **Embrulha cada agente agendado num script que é seu.** Não o agente em si — um wrapper em volta dele com um único trabalho: pegar o exit code e pingar em algum lugar. O wrapper pode ser mais feio que o agente, porque ele quase nunca muda.
3. **O heartbeat de sucesso é o que faz o silêncio gritar.** Alerta de falha tem em todo lugar, e não te conta nada sobre agente que nunca executou. Um heartbeat que dispara no sucesso, mais um dead man's switch que chama quando o heartbeat não chega, transforma "2 agentes ficaram quietos" de uma descoberta de 18 dias em uma descoberta de 1 dia.

Tracing e observability são como você olha pros processos que estão vivos. O contrato de exit code é como você lembra que eles tinham que estar vivos pra começo de conversa. Um complementa o outro, e o padrão "set it and forget it" do cron desmorona sem o segundo. O meu desmoronou. Por 18 dias. Em silêncio. Num servidor que eu olhava todo dia de manhã.

Olhava o dashboard. O dashboard estava olhando pra pergunta errada.

## Recapitulando

- 7 agentes no cron, 2 morreram no dia 1 por `ModuleNotFoundError`, ninguém percebeu por 18 dias
- Tracing observa o que executou, então é estruturalmente cego pra processo que nunca subiu
- A solução foi contrato de exit code (`0/64/65/78`), wrapper de cron que reporta no lugar do agente, e heartbeat de sucesso com dead man's switch
- O mais barato de tudo é `MAILTO=` no cron. Sozinho já teria pego a maior parte das falhas silenciosas

Se quiser ir mais fundo no ciclo de vida de hooks e nos workflows diários de Claude Code, escrevi mais sobre isso em **[Harness Engineering: De Usar IA a Controlar IA](https://kenimoto.dev/pt/books/harness-engineering-guide)** (capítulo de hooks/feedback-loops) e em **[Practical Claude Code](https://kenimoto.dev/pt/books/claude-code-mastery)** (capítulo de workflow diário) — os dois capítulos mais próximos do que descrevi aqui.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/pt/) · [TabNews](https://www.tabnews.com.br/kenimo49)*

---

# Eu rodava geração de conteúdo e checagem de pedidos no mesmo cron. Uma API lenta travou tudo por 5 horas

URL: https://kenimoto.dev/pt/blog/cron-unico-time-vs-event-5h/
Lang: pt
Date: 2026-06-10
Description: Misturei tarefas agendadas e tarefas reativas num único cron. Quando uma API externa ficou lenta, todas as outras pararam junto. O conserto não foi otimizar nada: foi separar as lanes.

Eu tenho uma confissão de engenheiro pra fazer: por uns bons meses, a minha "infraestrutura" de operação foi um arquivo de crontab e fé.

No mesmo cron eu rodava duas coisas que não têm nada a ver uma com a outra. De um lado, a geração de conteúdo: o robô escrevia rascunho de artigo, montava relatório de métricas, agregava número de tráfego. Coisa de horário fixo, sem pressa, ninguém está esperando do outro lado da tela. Do outro lado, a checagem de pedidos: olhar se entrou venda nova, disparar notificação, confirmar pagamento. Coisa que precisa acontecer agora, porque tem um usuário real esperando.

Duas naturezas opostas, um cron só. Eu sabia que era feio. Eu achava que feio não ia me machucar. Eu estava errado, e o preço veio numa terça à tarde.

## O dia em que o gerador de relatório derrubou as vendas

Era mais ou menos assim a ordem das tarefas no meu cron: primeiro a agregação de métricas (que chama uma API externa de analytics), depois a geração do rascunho, e só no fim a checagem de pedidos. Tudo sequencial, no mesmo processo, porque "é mais simples assim": frase que todo engenheiro fala dez minutos antes de descobrir que não era.

Naquela terça, a API de analytics resolveu ter um dia ruim. Não caiu. Cair teria sido melhor, porque eu trato erro. Ela ficou lenta. Cada chamada que normalmente voltava em 300 milissegundos passou a demorar 40, 50 segundos antes de dar timeout. E o meu código, todo educado, ficou ali esperando, com a paciência de quem não tem pressa nenhuma.

O problema é que atrás dessa tarefa lenta estava a fila inteira. A checagem de pedidos estava na lane de trás, esperando o relatório terminar. E o relatório não terminava.

Resultado: durante cinco horas, nenhum pedido foi processado. As vendas continuaram entrando. Os usuários não sabiam de nada, a loja estava no ar, o botão de comprar funcionava lindamente. O que não funcionava era o meu processo que confirmava o pedido e disparava a notificação. Os pedidos ficaram empilhados, sem confirmação, porque o robô que devia olhar pra eles estava bloqueado atrás de um gráfico de tráfego que ninguém ia ler naquele dia.


Cinco horas. Eu só percebi porque um cliente mandou mensagem perguntando se o pedido tinha dado certo. Não foi o meu monitoramento. Foi um humano educado no chat.

## A conta da paralisação (e por que ela dói no indie BR)

Vou colocar número, porque "travou por um tempão" não impressiona ninguém e é exatamente o tipo de coisa vaga que a gente conta no happy hour pra parecer que sofreu.

Eu rodo um D2C pequeno, dessas operações indie de uma pessoa só que existem aos montes no Brasil. Num dia comum, entravam uns 6 a 8 pedidos por hora no horário de pico, ticket médio na faixa de R$ 90. Não é Magalu. Mas cada pedido que entra sem confirmação na hora vira atrito: o cliente fica inseguro, alguns desistem, outros mandam mensagem (e aí o "suporte" sou eu, no celular, no meio do almoço).

Conta de padaria: 5 horas vezes ~7 pedidos por hora dá uns 35 pedidos sem confirmação imediata. Nem todos viram cancelamento, porque a maioria eu recuperei correndo atrás depois. Mas a parcela que esfriou, somada ao tempo que eu gastei apagando incêndio em vez de trabalhar, me custou algo na ordem de R$ 600 a R$ 800 naquele dia. Por hora parada, uns R$ 130 a R$ 160 evaporando em pedido que não foi processado na hora certa.

Para uma operação grande isso é ruído. Para um indie, é o lucro da semana indo embora porque eu quis economizar um processo no crontab.

## Não era um problema de velocidade. Era de vizinhança

A minha primeira reação foi a errada: "preciso deixar a API de analytics mais rápida". Errado. A API não era minha, e ela vai ficar lenta de novo, num outro dia, porque APIs externas fazem isso. A pergunta certa não é "como deixo essa tarefa rápida", e sim "por que uma tarefa lenta consegue derrubar uma tarefa que não tem nada a ver com ela".

Esse é o velho problema do vizinho barulhento. Você mora num prédio onde o cara do apartamento de cima resolve tocar bateria às três da manhã, e de repente o seu sono, que não tem relação nenhuma com a bateria dele, vira refém. No meu cron, a geração de relatório era o baterista, e a checagem de pedidos era eu tentando dormir.

Tem nome técnico pra isso também, e é o que os times de sistemas distribuídos chamam de bloqueio de cabeça de fila: quando o primeiro item de uma fila trava, tudo que está atrás trava junto, mesmo que os itens de trás estivessem prontos pra rodar em um milissegundo. A minha checagem de pedidos era rápida. Ela só nunca chegava a vez dela.

E tem um detalhe que machuca o engenheiro mais do que a perda de venda: quando tudo roda no mesmo processo, o log vira uma papa. Eu tinha uma única sequência de mensagens onde a geração de conteúdo, a agregação e a checagem de pedidos se misturavam. Quando fui investigar, não dava pra saber de cara quem segurou quem. A rastreabilidade some justamente na hora que você mais precisa dela.

E o retry, o tão amado retry, só piorava. No meu cron único, quando a tarefa de analytics dava timeout e tentava de novo, essa nova tentativa atrasava todas as tarefas seguintes mais um pouco. O retry de uma tarefa virava castigo coletivo. A localidade do retry tinha quebrado: a tentativa de consertar uma coisa estragava as outras.

## O conserto não foi otimizar. Foi separar

A solução não foi nenhum truque de performance. Foi parar de misturar duas coisas que nunca deveriam ter morado juntas. Eu separei em duas lanes independentes.

A lane time-driven (orientada a tempo) ficou com tudo que roda por horário e não tem ninguém esperando: geração de rascunho, agregação de métricas, relatório. Pode ser lenta, pode tomar timeout, pode tentar de novo à vontade. Ninguém atrás dela sofre, porque atrás dela não tem ninguém que importe.

A lane event-driven (orientada a evento) ficou com tudo que reage a um acontecimento real e tem um usuário do outro lado: pedido novo entrou, processa; pagamento confirmou, notifica. Essa lane tem o próprio processo, a própria fila, o próprio retry. Quando a API de analytics tem outro dia ruim, e ela vai ter, a lane de pedidos nem fica sabendo. Ela mora em outro apartamento.


Em arquitetura isso tem nome de gente grande: padrão de antepara, o bulkhead. A ideia vem do navio, daquelas paredes que dividem o casco em compartimentos estanques: se um compartimento enche de água, o navio não afunda, porque a água não passa pro compartimento do lado. A separação de lanes é a mesma coisa: você não evita que uma parte falhe, você só garante que a falha de uma parte não inunde a outra. O Titanic, aliás, tinha anteparas. O problema dele foi que a água passava por cima delas. Detalhe de implementação importa.

O ponto que demorei pra entender: separar lanes não deixa nada mais rápido. A API de analytics continua ficando lenta no mesmo dia. A diferença é que agora a lentidão dela fica presa na lane dela. O raio de impacto encolheu de "tudo" para "uma coisa que ninguém estava esperando mesmo".

## O que mudou nos números

Depois da separação, três coisas:

A taxa de erro mensal das tarefas de pedido caiu de um patamar que me dava uns dois ou três sustos por mês para essencialmente zero relacionado a bloqueio de lane. Os erros que sobraram são erros de verdade, tipo pagamento recusado ou dado inválido, não tarefa boa morrendo de fome atrás de uma tarefa lenta.

O esforço de retry parou de ser coletivo. Quando a lane time-driven tenta de novo, ela tenta sozinha, no canto dela. Eu deixei de ter aquele efeito dominó em que uma tentativa empurrava o atraso pra frente. O retry virou local de novo, que é onde ele sempre deveria ter morado.

E o log, finalmente, faz sentido. Cada lane tem a própria trilha. Quando algo dá errado, eu olho a trilha certa e sei em trinta segundos quem travou. Antes eu gastava meia hora separando no olho o que era relatório e o que era pedido na mesma papa de mensagens.

Todos esses ganhos vieram da mesma decisão boba: parar de pedir pra duas tarefas opostas dividirem o mesmo quarto. Zero linha de código esperto envolvida.

## O que eu levo dessa terça

Se você roda uma operação indie, de uma pessoa só, com um cron e fé igual eu rodava, a pergunta que vale a pena fazer hoje é simples: no seu agendamento, tem alguma tarefa "sem pressa" rodando na frente de uma tarefa "tem gente esperando"? Se tem, você tem um baterista morando em cima do seu quarto. É só questão de qual madrugada ele vai resolver tocar.

Separar não é sofisticado. Não tem fila distribuída chique, não tem nome bonito no currículo. É só reconhecer que tempo e evento são duas naturezas diferentes e merecem moradas diferentes. Eu aprendi isso da pior forma, com um cliente educado me avisando no chat que a casa estava pegando fogo enquanto eu olhava um gráfico de tráfego.

Hoje as duas lanes vivem separadas, e quando a próxima API externa tiver o dia ruim dela, e vai ter, eu vou estar almoçando em paz. Essa história, junto com o resto do que aprendi quebrando a minha própria operação, virou parte do que eu venho juntando num guia de engenharia de harness. Mas isso é papo pra outro dia.

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/pt/) · [TabNews](https://www.tabnews.com.br/kenimo49)*

---

# Construí tudo no Claude Code. Aí o preço dobrou da noite pro dia

URL: https://kenimoto.dev/pt/blog/dependencia-ferramenta-ia-plano-b/
Lang: pt
Date: 2026-06-06
Description: Montei meu fluxo inteiro no Claude Code. O custo que quase ninguém calcula é o risco de dependência: como eu estimo esse risco e que Plano B mantenho no radar.

Antes que você comente "mais um texto de troca de ferramenta", deixa eu marcar a diferença. Isto não é sobre eu ter [largado o Cursor e voltado pro terminal](https://kenimoto.dev/pt/blog/parei-cursor-voltei-terminal/) por preferência, nem sobre [os 4 níveis de delegação](https://kenimoto.dev/pt/blog/4-niveis-delegacao-claude-code/) de tarefa. É sobre uma coisa que você não escolhe: o dia em que a ferramenta muda embaixo de você, e o seu trabalho para junto.

Eu construí praticamente todo o meu fluxo em cima do Claude Code. Skills, comandos, automações. Funcionava lindamente. E foi exatamente por estar tão confortável que eu não vi o risco mais óbvio chegando.

## O custo que ninguém coloca na planilha

Quando você escolhe uma ferramenta de IA, calcula o preço da assinatura, o tempo que economiza, a curva de aprendizado. O que quase ninguém calcula é o custo de a ferramenta deixar de existir do jeito que você conhece. Esse é o risco de dependência, e em 2026 ele saiu do campo teórico.

Veja o que aconteceu só nos últimos meses:

- Em 15 de abril de 2026, a Anthropic trocou o preço fixo da edição enterprise por um modelo dinâmico baseado em uso. Para quem usa pesado, especialistas estimam que o custo pode dobrar ou triplicar.
- O GitHub Copilot tirou os planos individuais do ar, passou a cobrar por token a partir de junho de 2026 e cortou o acesso aos modelos Opus.
- O DALL-E 3 foi descontinuado em maio de 2026, no calendário do próprio fornecedor, não no seu.

Nenhuma dessas mudanças pediu sua permissão. E é esse o ponto: você está alugando o chão onde construiu a casa.


## Por que a conta dói mais no Brasil

Para quem desenvolve no Brasil, o risco vem dobrado, e o motivo é chato de tão concreto: o faturamento é em dólar. Um reajuste de 30% lá fora chega aqui somado à variação do câmbio e ao IOF do cartão internacional. Uma assinatura que cabia no orçamento em janeiro pode virar uma decisão difícil em junho, sem você ter mudado nada no seu uso.

Faça a conta da migração antes de precisar dela. Se a sua ferramenta principal dobrar de preço, quantas horas você gastaria reescrevendo skills, refazendo automações, retreinando a equipe? Eu fiz essa estimativa para o meu caso e cheguei a algo entre R$ 8 mil e R$ 15 mil em horas de trabalho, fora a assinatura nova. Não é o fim do mundo. Mas é dinheiro que eu preferia não descobrir que devia no pior momento possível.

## O Plano B não é abandonar a ferramenta

Aqui mora a parte contraintuitiva: ter um Plano B não significa parar de usar o Claude Code. Significa usar como ferramenta principal, mantendo as saídas de emergência destrancadas. A meta é simples: poder dormir tranquilo sabendo que uma mudança de política não para a sua semana.

Foi assim que eu reorganizei a casa:

1. **Abstração de modelo.** O MCP (Model Context Protocol) deixa a troca de provedor bem menos dolorosa. Desenhe os fluxos críticos de um jeito que funcione com modelos além do Claude, em vez de amarrar tudo a recursos proprietários.
2. **Fallback local.** Mantenho o Ollama configurado com um modelo aberto rodando na máquina. Não é tão capaz quanto o Claude, mas no dia em que a nuvem me deixar na mão, eu continuo entregando. Um para-quedas não precisa ser confortável, precisa abrir.
3. **Portabilidade de dados.** Prompts, contexto e configuração ficam em arquivos versionados no Git, não presos dentro da ferramenta. O que é seu sai com você.
4. **Ferramenta reserva no radar.** Cursor, Cline, Aider. Eu não uso todo dia, mas testo de vez em quando para não estar enferrujado quando precisar. Estratégia comum nas equipes hoje: principal no Claude Code, reserva no Cursor.


## Políticas mudam. A sua arquitetura, não precisa

A lição que eu tiro de tudo isso é simples de falar e chata de praticar: desenhe partindo do princípio de que as coisas vão mudar. Os termos de uso vão mudar. Os preços vão subir. Os modelos vão ser aposentados. Apostar tudo numa ferramenta só é uma estratégia arriscada do ponto de vista de política, por mais que ela seja a melhor do mercado hoje.

Isso é só bom senso, a mesma lógica de não deixar todo o dinheiro num único investimento. Você não desconfia do banco; você só não quer que a sua vida dependa de uma única decisão que outra pessoa toma sem te consultar.

Continuo usando o Claude Code todo dia, e continuo gostando. A diferença é que agora, se ele dobrar de preço de novo amanhã, eu já sei exatamente o que faço na quinta-feira. E isso, sinceramente, vale mais que qualquer recurso novo.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/pt/) · [TabNews](https://www.tabnews.com.br/kenimo49)*

---

# Uma escritora publicou um app inteiro escrevendo quase zero linha de código: 9.000 linhas, 20 horas

URL: https://kenimoto.dev/pt/blog/escritora-publicou-app-quase-zero-codigo/
Lang: pt
Date: 2026-06-07
Description: Uma escritora sem nenhuma experiência em programação publicou um web app completo: React, Firebase, PWA, autenticação Google. Cerca de 9.000 linhas, das quais ela escreveu quase nenhuma. A barreira pra construir software não é mais saber programar. É saber dizer o que você quer.

Eu fui engenheiro por mais de oito anos e vou dizer uma coisa que talvez te incomode: a parte difícil de construir software nunca foi escrever código. Era descobrir o que construir. E essa parte acabou de ficar acessível pra quem nunca abriu uma IDE na vida.

Deixa eu te dar o caso concreto que me fez parar pra pensar.

## O número que não fecha com a história que a gente conta

Uma escritora, conhecida online como tiaroka, partiu do zero em programação e publicou um web app de gerenciamento de tarefas. Não um protótipo de fim de semana. Um app completo: React + Vite + TailwindCSS + Firebase, com suporte a PWA, autenticação via Google, operações CRUD, timeline e UI responsiva.

Olha os números, porque eles são o ponto inteiro:

| Item | Valor |
|------|------|
| Período de desenvolvimento | Cerca de 4 meses |
| Sessões de trabalho | 12 |
| Tempo total | Cerca de 20 horas |
| Linhas de código | Cerca de 9.000 |
| Linhas escritas por ela | Quase zero |
| Testes | 21 arquivos, cerca de 3.500 linhas |

Vinte horas de trabalho efetivo. Nove mil linhas. E a própria autora escreveu quase nada disso à mão. Quando eu vi isso pela primeira vez, minha reação de engenheiro foi a defensiva clássica: "tá, mas o código deve ser um lixo". Aí eu li o resto.

## A parte que me calou: ela documentou os limites da IA melhor que muito sênior

O que separa esse caso de mais um post de "olha o que a IA fez" são as limitações que ela mesma anotou durante o processo. Três frases que eu queria ter ouvido de alguns colegas:

> **Ela não pensa em design.** A IA escreve código que funciona, mas não escreve código bem desenhado desde o começo. Perguntar "essa função não tá grande demais?" é trabalho do humano.

> **Achar bug é trabalho do humano.** A IA não vai te avisar que tem um bug. Notar que "tem algo estranho" usando o app de verdade fica por sua conta.

> **IA revisando código de IA tem limite.** Existe a chance das duas compartilharem o mesmo ponto cego.

Repara que ela chegou nisso justamente *porque* não era engenheira. Bateu na parede com a cara e descreveu a parede. E a solução que ela inventou pra isso é genial na sua simplicidade: pediu pra IA gerar revisões no formato de "uma conversa entre dois engenheiros sêniores". Um focado em frontend, outro em arquitetura, debatendo. Ficou muito mais fácil entender *por que* algo deveria ser feito de um jeito do que com feedback estilo livro-texto. Eu, que sou da área, nunca tinha pensado nisso.

## O fluxo que faz isso funcionar não é mágica, é processo

Antes que alguém ache que ela só digitou "faz um app" e saiu fumaça, o caminho teve três fases bem definidas.

Primeiro, ela prototipou no Claude.ai, usando o recurso de Artifact. A cada pedido por chat, o protótipo era atualizado. Foram 22 versões. O valor disso é sutil: em vez de escrever requisito no papel, ela ia refinando olhando pra uma coisa que funcionava. "É isso que eu quero" fica muito mais fácil de dizer apontando pra uma tela do que descrevendo no abstrato.

Depois, ela entregou o protótipo e o documento de requisitos pro Claude Code com "constrói isso com Firebase". O MVP saiu nas primeiras 2 horas. As outras 18 horas foram 12 sessões de melhoria: um componente de 1.170 linhas refatorado pra 325 (redução de 72%), busca por IA, suporte offline.

A chave, e isso vale pra qualquer um começando: ela não tentou a perfeição de cara. As primeiras 2 horas entregaram um MVP meia-boca. O resto veio no ciclo, ao longo de 4 meses.


## A contramão: não, isso não mata a engenharia

Aqui vem a parte contraintuitiva, e é onde eu discordo do hype tanto quanto discordo do pânico.

O lado "a IA vai substituir programadores" está errado. O lado "isso é só brinquedo, nada sério" também está errado. A verdade desconfortável é uma terceira coisa: **a fronteira de quem pode construir desapareceu, mas a fronteira de quem pode operar com segurança continua firme.**

Repara nas decisões de design dela. O princípio foi "não assumir risco". Autenticação? Delegada pro Firebase Auth, sem gerenciar senha. Funcionalidade de pagamento? Nenhuma. Dado pessoal? O mínimo. Isso tem nome: sabedoria de engenharia. Em vez de tentar fazer o que não sabe, ela reduziu o próprio risco. Saber tomar essa decisão é exatamente a linha que separa "consegue construir" de "consegue colocar no ar sem se machucar".

E é por isso que eu, como ex-engenheiro, vejo isso como algo pra comemorar, não pra temer. O gargalo do desenvolvimento de software sempre foi articular requisito. O time de negócio não consegue dizer com precisão o que quer, o engenheiro constrói em cima do mal-entendido, e a rodada de "não era isso que eu quis dizer" se arrasta. Quando a pessoa que quer a coisa consegue construir o próprio protótipo, esse custo de comunicação despenca.

A habilidade que isso valoriza é a mais antiga e subestimada de todas: dizer, com clareza, o que você quer que exista no mundo. Digitar `git rebase` virou detalhe. Acontece que articular a intenção sempre foi a parte mais cara, e agora é a única que sobrou pra você.

Se você é não-engenheiro e tá lendo isso pensando "será que eu consigo": comece pequeno. Não vá direto pro app. Automatize um relatório, organize um e-mail. O caso da tiaroka não começou com 9.000 linhas. Começou com um MVP capenga de 2 horas e a teimosia de melhorar.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/pt/) · [TabNews](https://www.tabnews.com.br/kenimo49)*

---

# Estimei 47 tarefas em 6 meses: a regra do x2 que eu parei de negar

URL: https://kenimoto.dev/pt/blog/estimativa-x2-47-tarefas/
Lang: pt
Date: 2026-06-08
Description: Minha estimativa errava sempre para o mesmo lado. Anotei 47 tarefas durante 6 meses e o número saiu feio: na mediana, o real foi quase o dobro do estimado. Não é falta de competência. É como o cérebro foi montado.

Por anos eu acreditei que minha estimativa ia melhorar com experiência. A lógica parecia óbvia: errei feio no projeto passado, então no próximo eu já sei o tamanho da roubada e ajusto. Seis meses depois, com 47 tarefas anotadas numa planilha boba, eu tive que encarar o número. Não melhorou. Eu só fiquei mais confiante errando na mesma direção.

A direção é sempre a mesma: para baixo. E o tamanho do erro também tem um padrão. Na mediana das minhas 47 tarefas, o tempo real foi quase o **dobro** do que eu tinha falado em voz alta. Eu resisti a essa conclusão por muito tempo, porque ela parece desculpa de quem é ruim de estimar. Mas a real é que o cérebro humano foi montado assim mesmo para prever tempo e custo. E tem pesquisa séria atrás disso.

## O dado que me obrigou a parar de negar

Deixa eu mostrar o formato. Eu anotava três colunas: o que eu falei na daily, o que eu de fato gastei, e a razão entre os dois.

| Tipo de tarefa | Estimei | Gastei | Razão |
|----------------|---------|--------|-------|
| Bug "simples" em prod | 2h | 5h | 2,5x |
| Endpoint CRUD novo | 1 dia | 2 dias | 2,0x |
| Subir versão de uma lib | 30min | 3h | 6,0x |
| Refactor "que não mexe em nada" | 3 dias | 4 dias | 1,3x |
| Integração com API de terceiro | 2 dias | 5 dias | 2,5x |


A coluna que dói é a última. A mediana das 47 ficou colada em **2x**. E os piores casos não eram os bugs cabeludos que eu já sabia que eram difíceis. Eram as tarefas que eu chamei de "rapidinho". O upgrade de lib que ia levar 30 minutos e levou três horas porque quebrou um teste que ninguém olhava desde 2024. O "rapidinho" é onde o cérebro mais mente.

## O verdadeiro culpado é um viés cognitivo

O nome disso tem dono. Kahneman e Tversky batizaram em 1979: **falácia do planejamento**. A gente estima sempre pelo caminho em que tudo dá certo, e o cérebro é péssimo em somar a probabilidade de várias coisas pequenas darem errado. Cada uma é improvável sozinha. Mas o PR voltar da review, o CI cair, o requisito mudar no meio, o colega tirar folga: junta tudo e a chance de **alguma** delas acontecer é alta.

O experimento que me convenceu não foi com engenheiro, foi com estudante. Buehler, Griffin e Ross (1994) pediram para 37 alunos estimarem quando terminariam a monografia. A média do palpite foi **33,9 dias**. Pedindo o cenário "se tudo der errado", eles falaram **48,6 dias**. O tempo real médio? **55,5 dias**. Repara: o real passou até do próprio pior cenário deles. E só **30%** entregaram dentro do prazo que eles mesmos chutaram. Isso não é gente ruim de estimar. É gente normal, com cérebro normal.

E não melhora com o tamanho do projeto. Flyvbjerg, de Oxford, olhou **1.471 projetos de TI**. O estouro médio de custo foi 27%, o que até parece controlável. O problema está na cauda: **1 em cada 6 projetos** virou o que ele chama de "cisne negro", com **mais de 200% de estouro**. Ou seja, na média você erra um pouco, mas de vez em quando você erra MUITO, e é esse "de vez em quando" que detona o cronograma da equipe inteira.

## A parte honesta sobre o "x2"

Agora eu preciso ser justo, porque tem muita gente vendendo o "multiplique por 2" como se fosse lei da física. Não é. Não existe estudo revisado por pares dizendo que o multiplicador certo é exatamente 2 (tem gente que jura que é π, outros que é √2). O **x2 é folclore de bar de programador**.

Mas o folclore acerta no espírito, mesmo errando na casa decimal. O que a pesquisa séria mostra é que o erro é **sistemático e para baixo**, e que ele não diminuiu em décadas de estudo. Revisões de trabalhos entre 2014 e 2024 apontam que 59% a 76% dos projetos estouraram o esforço planejado. O "x2" não é um número sagrado. É uma forma grosseira e útil de lembrar o cérebro de que ele mente sempre na mesma direção. Eu uso o x2 do jeito que uso o cinto de segurança: não porque eu vou bater toda vez, mas porque o custo de esquecer é assimétrico.

## O que eu faço hoje (e não é "estimar melhor")

A solução que o próprio Kahneman recomenda é trocar de método. Chama-se **previsão por classe de referência**: em vez de olhar para dentro da tarefa ("ah, isso aqui é só um endpoint"), você olha para fora, para o histórico de tarefas parecidas que você já fez.

Na prática, é o que minha planilha boba virou:

1. Antes de estimar, eu puxo as 5 ou 6 tarefas mais parecidas dos últimos 6 meses.
2. Pego a **mediana** do tempo real delas. Mediana, não média: um único projeto-monstro empurra a média para cima e estraga a conta.
3. Ajuste por "dessa vez é diferente" eu limito a uns 20%. Quase sempre não é tão diferente quanto eu acho.

Repara que isso não exige que eu fique mais inteligente. Exige que eu pare de confiar no meu chute e comece a confiar nos meus próprios dados. O `git log` e o board de tickets já são o seu dataset. Você só não estava olhando para ele.

Tem ainda um truque mental que funciona melhor do que parece, o **pre-mortem**: antes de começar, eu finjo que o projeto já fracassou e listo os motivos. Pensar "no que isso vai dar errado" é difícil quando você está otimista. Mas "isso já deu errado, por quê?" o cérebro responde rapidinho, com uma lista enorme. É o mesmo cérebro, só que enganado na direção certa.

## Por que isso pesa mais para quem é PJ

Tem um detalhe que muda tudo dependendo do seu contrato. Se você é CLT, estimar errado é uma métrica chata na retro. Se você é **PJ em contrato fechado**, estimar errado é hora extra que você não vai receber. O x2 deixa de ser teoria de gestão de projeto e vira economia de sobrevivência. Quando eu falo "duas semanas" e gasto quatro num escopo fechado, eu literalmente trabalhei de graça a metade do mês.

Por isso eu paro de tratar estimativa como adivinhação e passo a tratar como gestão de risco. Não dá para zerar o viés. Mas dá para saber para que lado ele te empurra. E aí, como bem disse Hofstadter, "sempre leva mais tempo do que você espera, mesmo levando em conta a Lei de Hofstadter".

Eu finalmente parei de brigar com essa frase. Agora eu só multiplico por dois e sigo.

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/pt/) · [TabNews](https://www.tabnews.com.br/kenimo49)*

---

# RAG só busca. GraphRAG raciocina. Como o LinkedIn cortou 28,6% do tempo de suporte

URL: https://kenimoto.dev/pt/blog/graphrag-raciocina-linkedin-suporte/
Lang: pt
Date: 2026-06-09
Description: Vector RAG é ótimo para achar texto parecido, mas trava quando a resposta depende de relações. O caso do LinkedIn mostra o salto: tempo mediano de resolução -28,6% e MRR +77,6% em produção.

Passei um bom tempo defendendo o Vector RAG como se fosse a resposta para tudo. Montei o pipeline, gerei os embeddings dos documentos, fiz a busca por similaridade funcionar e me senti um gênio. Aí veio a primeira pergunta de verdade do usuário: "esse erro de pagamento tem a ver com aquele bug de autenticação que vocês corrigiram mês passado?". O sistema me devolveu três trechos de FAQ que falavam de pagamento. Nenhum deles sabia que os dois problemas estavam ligados. O Vector RAG tinha achado texto parecido. Eu queria que ele tivesse raciocinado sobre uma relação. São coisas diferentes, e eu levei tempo demais para aceitar isso.

Esse artigo é sobre essa diferença, e sobre um caso do LinkedIn que coloca número em cima dela.


## Vector RAG busca. E busca muito bem.

Vou dar o crédito que o Vector RAG merece, porque ele merece bastante. Você pega seus documentos, transforma cada pedaço em um vetor, e na hora da pergunta você procura os pedaços mais próximos no espaço vetorial. É rápido, é barato de manter, e para "me ache os documentos que falam sobre o tema X" funciona quase sempre.

O modelo mental que ajuda: o Vector RAG mede **distância**. Pergunta e resposta ficam perto no espaço se as palavras e os conceitos forem parecidos. Quando a sua dúvida é semântica ("o que é GraphRAG?"), proximidade é exatamente o que você quer.

```python
# Vector RAG: similaridade pura
query_vec = embed("erro de pagamento recusado")
resultados = index.search(query_vec, top_k=3)
# devolve os 3 trechos mais "parecidos" com a pergunta
# e para no exato momento em que você precisa de uma relação
```

O problema não é o Vector RAG ser ruim. O problema é que metade das perguntas reais de uma empresa não pede proximidade, pede conexão.

## Onde a busca por similaridade trava

Pensa no ticket de suporte de verdade. O usuário abre um chamado descrevendo um sintoma. Você, atendente humano, não procura na sua cabeça o ticket com as palavras mais parecidas. Você lembra que esse sintoma costuma vir depois de uma mudança específica, que já apareceu em três clientes do mesmo segmento, e que a correção mexe num módulo que tem dependência com outro. Você está navegando **relações**, não medindo distância de texto.

O Vector RAG não tem essa estrutura. Cada trecho é uma ilha. "Problema A causa problema B", "ticket X é pré-requisito de Y", "essa falha encadeia naquela outra": nada disso vive no embedding. Ele foi recortado fora na hora em que você picou o documento em chunks.

Um número ajuda a enxergar o tamanho do buraco. Em benchmarks de pergunta multi-salto (onde a resposta exige juntar dois ou três fatos ligados), levantamentos de 2026 mostram a recuperação baseada em grafo chegando perto de 86% de acerto enquanto o Vector RAG fica na casa dos 32%. Na busca semântica simples os dois empatam. A diferença aparece exatamente quando a pergunta deixa de ser "ache parecido" e vira "raciocine sobre a relação". ([SIGIR 2024, LinkedIn](https://arxiv.org/abs/2404.17723) traz o caso de produção; comparativos de multi-salto em [levantamentos de arquitetura RAG 2026](https://www.techment.com/blogs/rag-architectures-enterprise-use-cases-2026/).)

E aqui entra um detalhe brasileiro que dói: a gestão de conhecimento na maioria das empresas que eu vi é uma bagunça honesta. Tem Wiki, tem Confluence, tem aquela planilha que só a Camila entende, tem o canal do Slack que ninguém mais rola pra cima. O conhecimento existe. O que não existe é o mapa de como uma coisa puxa a outra. "Pergunta pro fulano que ele sabe" é o knowledge graph mais usado do país, e ele pede demissão sem dar deploy.

## GraphRAG: a estrutura que o embedding jogou fora

GraphRAG é Knowledge Graph mais RAG. A ideia, sem firula: em vez de só guardar pedaços de texto, você guarda **entidades** (problema, causa, solução, cliente, módulo) e as **arestas** entre elas (causa, depende de, é parecido com, é pré-requisito de). Na hora da pergunta, você não pega só os trechos parecidos. Você pega um pedaço do grafo: a entidade relevante e a vizinhança dela.

```python
# GraphRAG: recupera uma subestrutura, não trechos soltos
entidade = grafo.localizar("erro de pagamento recusado")
subgrafo = grafo.vizinhanca(entidade, profundidade=2)
# subgrafo agora carrega:
#  - a causa provável
#  - o bug de autenticação ligado por aresta "causa"
#  - os tickets que já encadearam essa falha
contexto = subgrafo.para_texto()
resposta = llm.gerar(pergunta, contexto)
```

A virada mental é essa: o Vector RAG entrega os documentos, e o LLM tem que adivinhar como eles se conectam. O GraphRAG entrega a conexão já montada, e o LLM só precisa redigir. A relação parou de ser um chute do modelo e virou um dado recuperável.

Não vou vender milagre, porque não é. Construir o grafo custa: você precisa extrair entidades e relações dos documentos, e isso normalmente passa por chamadas de LLM, que custam dinheiro e tempo. A primeira indexação de um corpus grande chegou a sair na faixa de dezenas de milhares de dólares nas abordagens iniciais. Em 2026 já tem variante que adia parte desse trabalho para a hora da consulta e derruba o custo para alguns dólares por corpus, mas o ponto continua: GraphRAG é mais caro de montar que Vector RAG. Você paga adiantado pela estrutura. A pergunta certa não é "qual é melhor", é "essa pergunta precisa de relação ou só de proximidade?".

## O caso LinkedIn: número, não opinião

Aqui está a parte que me fez parar de discutir e começar a medir.

O time de suporte ao cliente do LinkedIn construiu um sistema de KG mais RAG em cima do histórico de tickets. Em vez de tratar cada ticket passado como um chunk solto, eles montaram um grafo que preserva duas coisas: a **estrutura interna** de cada chamado (categoria do problema, passos de resolução, FAQ ligada) e as **relações entre chamados** (problemas parecidos, pré-requisitos, falhas que encadeiam). Na hora de um ticket novo, o sistema recupera o subgrafo relevante e entrega esse contexto para o LLM responder.

Os resultados, depois de cerca de 6 meses rodando em produção de verdade:

- **Tempo mediano de resolução por chamado: 28,6% menor.**
- **MRR (Mean Reciprocal Rank): 77,6% acima da linha de base.**
- Ganho também em BLEU na qualidade das respostas.

Vou traduzir o MRR, porque ele é o herói discreto dessa história. MRR mede o quão alto a resposta certa aparece na lista. Subir 77,6% quer dizer que o atendente para de rolar a tela atrás da solução: ela já chega lá em cima. E o tempo mediano cair 28,6% é o reflexo prático disso na vida de quem está do outro lado do chat esperando.

O dado vem do paper publicado pelos pesquisadores do LinkedIn na SIGIR 2024 ([arXiv:2404.17723](https://arxiv.org/abs/2404.17723)). Não é slide de fornecedor. É produção, com linha de base e com seis meses de chão.

O detalhe que eu mais gosto: o ganho não veio de um modelo maior nem de um embedding mais esperto. Veio de **parar de jogar fora a relação entre os tickets**. A informação sempre esteve lá. O Vector RAG só não tinha onde guardá-la.

## Como eu decido hoje

Depois de apanhar, minha régua ficou simples e quase decepcionante de tão direta:

- A pergunta é "ache o documento que fala sobre X"? Vector RAG. Não complica.
- A pergunta é "como X se conecta com Y, e isso já aconteceu antes em situação parecida"? Aí o grafo paga o próprio custo.
- Não sabe? A indústria em 2026 está convergindo para **híbrido**: Vector RAG para puxar o contexto narrativo, grafo para percorrer as relações estruturadas. Os dois no mesmo pipeline, cada um fazendo o que faz bem.

E tem o passo zero, que é o mais brasileiro de todos: antes de sonhar com grafo, alguém precisa decidir que "pergunta pro fulano" não é arquitetura de conhecimento. O GraphRAG não conserta uma base bagunçada sozinho. Ele dá estrutura para um conhecimento que a equipe topou estruturar. A ferramenta é boa. Mas ela continua precisando que você acesse o problema certo primeiro.

## Resumo

- Vector RAG mede proximidade de texto e é ótimo para busca semântica. Ele trava quando a resposta depende de uma relação, porque a relação foi recortada fora na hora do chunking.
- GraphRAG guarda entidades e as arestas entre elas, então recupera a conexão já montada em vez de deixar o LLM adivinhar.
- O LinkedIn provou em produção: 28,6% a menos no tempo mediano de resolução e MRR 77,6% acima da linha de base, em cerca de 6 meses, segundo o paper da SIGIR 2024.
- O custo de construir o grafo é real. A decisão certa é por pergunta: proximidade pede Vector RAG, relação pede grafo, e na dúvida o híbrido virou o padrão de 2026.

Comecei esse texto confessando que defendi o Vector RAG demais. Vou fechar admitindo o resto: eu não troquei de lado, eu só parei de pedir para uma ferramenta de busca fazer o trabalho de raciocínio. Buscar e raciocinar são verbos diferentes. O LinkedIn botou 28,6% em cima dessa frase, e eu finalmente parei de discutir.

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/pt/) · [TabNews](https://www.tabnews.com.br/kenimo49)*

---

# O modelo barato + RAG bateu o caro em 223% nos meus testes. Refiz a conta com os preços de 2026.

URL: https://kenimoto.dev/pt/blog/haiku-rag-223-modelo-barato-precos-2026/
Lang: pt
Date: 2026-05-31
Description: Haiku + RAG (11,8) bateu o Sonnet sozinho (5,3) em 223% no meu benchmark. A economia era de 82% ao mês. Aí fui refazer a conta com os preços de maio de 2026 e tomei um susto: o número bonito encolheu, mas a conclusão ficou mais forte.

Eu achava que modelo maior sempre ganhava. Achei isso por mais ou menos um ano, com a confiança de quem nunca mediu. "Tem dúvida? Sobe pro Sonnet. Ainda tem dúvida? Sobe pro Opus." Era assim que eu resolvia qualquer queda de qualidade: jogando dinheiro e parâmetros no problema.

Aí eu medi. E o resultado virou minha cabeça do avesso.

No benchmark que rodei, o **Claude Haiku 3 com RAG marcou 11,8. O Claude Sonnet 4 sozinho, sem contexto, marcou 5,3.** O modelo pequeno e barato, com o contexto certo, bateu o modelo grande em 223%: ou seja, entregou mais que o dobro da pontuação. Não foi empate técnico. Foi atropelamento.

E o mais engraçado: o Haiku com RAG (11,8) também bateu o próprio Haiku com Engenharia de Contexto completa (10,1). Empilhar técnica demais piorou. RAG sozinho extraiu mais do modelo do que RAG + tudo mais junto. Guarde essa, porque ela contraria outra crença que eu também tinha.

## A conta que me convenceu (preços de 2025)

Performance é metade da história. A outra metade é a fatura.

Com a tabela da Anthropic de 2025, o Haiku 3 custava US$ 0,25 de input e US$ 1,25 de output por 1M de tokens. O Sonnet 4 custava US$ 3 e US$ 15. Fazendo a média numa razão 1:1, dava US$ 0,75 contra US$ 9 por 1M de tokens. **O Sonnet custava 12x mais que o Haiku.**

RAG tem custo extra (vetorização, busca, tokens a mais no contexto). Mesmo somando uns 50% de overhead, o Haiku + RAG ficava em US$ 1,125 por 1M de tokens, ainda 1/8 do Sonnet, com performance maior.

Traduzindo pra fatura mensal, com 1.000 queries por dia:

- Sonnet 4 sozinho: **US$ 405/mês**
- Haiku 3 + RAG: **US$ 71,25/mês**

Uma queda de 82%. O ROI (performance dividido por custo) do Haiku + RAG era de 17,8x o do Sonnet. Eu tinha o número bonito na mão, pronto pra estampar no título. Era isso que o livro por trás desses testes registrou, em 2025.

## Aí refiz a conta em maio de 2026

Antes de publicar, fui conferir os preços atuais. Boa prática chata, dessas que você faz reclamando. Tomei um susto.

A [tabela da Anthropic de 2026](https://platform.claude.com/docs/en/about-claude/pricing) mudou de figura. O Haiku 4.5 agora custa **US$ 1 de input e US$ 5 de output** por 1M de tokens. O Sonnet 4.6 seguiu em US$ 3 e US$ 15. Faça a conta: o gap que era de 12x virou **5x**. A Anthropic encareceu o modelo pequeno e, de quebra, derrubou meu número bonito.

Refiz a fatura mensal com os preços de hoje, mesmo cenário de 1.000 queries/dia:

- Sonnet 4.6 sozinho: ainda **US$ 405/mês** (o preço dele não mudou)
- Haiku 4.5 + RAG: input US$ 0,003 + output US$ 0,0025 + uns US$ 0,001 de operação de RAG por query = **US$ 195/mês**

Economia de 52%, não de 82%. O ROI despencou de 17,8x pra algo na casa de 4x. Na cotação de maio de 2026 (uns R$ 5,50 por dólar, varia toda hora), isso é mais ou menos R$ 1.150/mês que paravam de sair da conta, bem menos que os R$ 1.800 que a versão antiga prometia.

Eu poderia ter publicado o "-82%" e ninguém ia conferir. Conferiram menos do que isso na internet. Mas o número honesto eu confio mais que o bonito, então é esse que vai no título.


## Por que a conclusão ficou MAIS forte, não mais fraca

Aqui está a parte contraintuitiva. O número encolheu, mas o argumento engordou.

Pensa comigo: em 2025, o modelo pequeno que ganhava era o Haiku 3. Em 2026, por US$ 1/US$ 5, você não está mais comprando o Haiku 3: está comprando o Haiku 4.5, que é uma geração inteira mais capaz. O gap de preço caiu de 12x pra 5x, é verdade. Mas o gap de *capacidade* entre o modelo pequeno e o grande caiu junto, e a favor do pequeno.

Eu não vou inventar um número novo de benchmark aqui, porque não re-rodei o experimento com o Haiku 4.5 (e desconfie de quem te dá número de cabeça). Mas a direção é clara: quando o modelo barato fica mais esperto e o caro fica no mesmo lugar, "subir pro Sonnet por reflexo" fica cada vez mais difícil de justificar na planilha.

A tese do livro nunca foi "Haiku é mágico". Foi "performance = modelo × contexto, e contexto é mais barato que parâmetro". Essa equação não depende da tabela de preços de um mês específico.

## O playbook que eu uso antes de trocar de modelo

Trocar de tier tem método. Quem só aperta um botão e reza paga por isso depois. Esse é o roteiro que sigo:

**1. Meça o custo atual de verdade.** Pegue queries/dia, tokens médios de input e output, e multiplique pela tabela atual. Quase ninguém sabe quanto gasta por query antes de medir. Eu não sabia.

**2. Calcule a alternativa com RAG embutido.** Modelo de baixo + os tokens extras do contexto recuperado. Some o overhead de embeddings e busca vetorial. Se você está na nuvem, não esqueça o custo do banco vetorial.

**3. Rode A/B por 7 dias.** Modelo atual e configuração nova em paralelo, nas mesmas tarefas. Critério de corte que eu uso: a pontuação de qualidade tem que ficar em 95%+ da atual, e a taxa de erro não pode subir mais que 10%. Economia que derruba qualidade não é economia, é dívida.

**4. Migre em estágios.** 10% do tráfego na semana 1, 30% na 2, 70% na 3, 100% na 4. Monitore em cada degrau e faça rollback na hora se algo torcer o nariz.

## "Mas e a janela de 1M tokens?"

Já ouço a objeção, porque eu mesmo levantei ela. Com janelas de 1M de tokens em produção, por que se dar ao trabalho de RAG? É só jogar tudo no contexto.

Dois motivos. Primeiro, contexto longo não é de graça: o custo de processamento cresce mais que linearmente, e você paga por cada token que enfia ali. Segundo, e mais sério, jogar tudo no contexto não significa que o modelo usa tudo: é o velho problema do "perdido no meio", onde a informação no miolo do contexto é solenemente ignorada. RAG não é só economia de token. É curadoria. Você está escolhendo o que o modelo vê, em vez de despejar e torcer.

A janela de 1M muda o ponto de equilíbrio, sim. Não apaga ele.

## O que eu tirei de tudo isso

Duas coisas. A primeira: medir antes de subir de tier. O reflexo de "tá ruim, sobe pro modelo caro" me custou dinheiro por meses, e na maioria das vezes o problema era contexto, não tamanho de modelo. Um modelo pequeno bem-alimentado ganha de um modelo grande faminto.

A segunda, mais incômoda: confira os números antes de publicar, principalmente os que te favorecem. Meu "-82%" virou "-52%" numa tarde, só porque fui olhar a tabela de preços atual em vez de confiar na do ano passado. O número bonito quase me pegou. O número honesto é menos vistoso e dorme melhor.

O modelo barato ainda venceu o caro nos meus testes. Só que agora eu sei por quanto de verdade.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/pt/) · [TabNews](https://www.tabnews.com.br/kenimo49)*

---

# Medi quanto o time gasta apontando indentação no PR. R$ 3.600 por mês.

URL: https://kenimoto.dev/pt/blog/medi-revisao-codigo-3600-reais-mes/
Lang: pt
Date: 2026-05-21
Description: Cronometrei uma semana inteira de code review com 5 devs. 30 minutos por dev por dia saíram em 'ajusta a indentação' e 'ordem de import'. A conta veio em R$ 3.600 por mês, e isso foi só o começo do problema.

Code review nasceu pra discutir design. Se você abrir 10 PRs do seu time agora, quantos comentários vão ser sobre arquitetura e quantos vão ser "ajusta a indentação"?

Eu fiz essa conta no meu time. Cronometrei tudo por uma semana, fechei a planilha numa sexta e levei um susto. O time não era ruim em revisar código. O problema é que a maior parte do que a gente apontava nem precisava ter chegado num humano.

Esse texto é o relato dessa semana, dos três incidentes que travaram o ROI e do sistema de três camadas que cortou a conta em 80%. No final eu reduzi o tempo médio de revisão por dev de 30 minutos pra 5 minutos por dia, e a aba de comentários do PR começou a ter mais `praise:` do que `issue:`.

## A semana que cronometrei

Cinco devs sêniores, fintech BR média (R$ 100 a 150 por hora, vou puxar R$ 120 como média do time pra conta), uma semana corrida sem feriado.

Eu pedi pra cada dev anotar três coisas a cada PR que revisou:

1. Tempo total da revisão (do "abri o PR" até "cliquei em Approve")
2. Quantos comentários eram sobre formato, lint ou tipo
3. Quantos comentários eram sobre design, regra de negócio ou direção

Cinco PRs por dev na média da semana. Vinte e cinco PRs no total. Eu nem precisei rodar uma análise estatística pra ver a forma do gráfico.

## Os números brutos

Em uma semana cheia:

- **30 minutos por dev por dia** com revisão (média)
- **70% desse tempo** em comentários do tipo "ajusta a indentação", "ordem de import errada", "isso aqui não está com `unknown`, está com `any`"
- **20% em pergunta de regra de negócio** ("esse if cobre o caso de cliente premium?")
- **10% em design e direção** ("essa lógica devia estar no Service, não na Controller")

A conta de mês fica assim:

| Item | Valor |
|---|---|
| Tempo de revisão por dev | 30 min/dia |
| Dias úteis no mês | 20 |
| Time | 5 devs |
| Custo-hora médio (BR sênior fintech) | R$ 120 |
| **Custo total de revisão por mês** | **R$ 6.000** |
| **Parcela em formato/lint/tipo (70%)** | **R$ 4.200** |
| **Parcela útil (design + negócio, 30%)** | **R$ 1.800** |

Eu cheguei a R$ 4.200 numa primeira passada, depois ajustei pra R$ 3.600 considerando que parte do tempo "de formato" também envolvia leitura de contexto (não é 100% perdido). De qualquer forma a ordem de grandeza é essa: três a quatro mil reais por mês caem num buraco que nem deveria existir.


Pra contexto, segundo o [Octoverse 2024 do GitHub](https://github.blog/news-insights/octoverse/octoverse-2024/) a média global de PRs por dev é menor, mas o padrão de "comentário humano resolvendo problema mecânico" aparece em todos os times que respondem a pesquisas de DevEx. A [pesquisa do Microsoft Research sobre code review](https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/MS-CR-Tech-Report.pdf) já apontava isso em 2016: a maior fração dos comentários é o que eles chamam de "low cognitive load", e isso fica nas costas do humano por inércia.

## Incidente 1: a segunda-feira do "ajusta a indentação"

Toda segunda de manhã, eu sentava com o café e abria a fila de PRs do fim de semana. Em três deles tinha o mesmo comentário esperando: indentação em 4 espaços em vez de 2. Em dois, ordem de import errada (Prisma antes do React em vez do contrário). Em um, faltava ponto-e-vírgula porque o autor escreveu no celular.

Trinta minutos cada segunda só nisso. Quem revisava cansava. Quem era revisado também. Em um dos PRs, o autor respondeu "vou aplicar Prettier depois" e fez merge sem aplicar. Ninguém checou. Voltou na semana seguinte, em outro PR, no mesmo arquivo.

Esse é o ciclo que mata revisão de código: quem aponta cansa, quem recebe cansa, e no fim ninguém aplica.

Combinar de rodar Prettier antes do PR não cola. Combinado se esquece. O que resolve é colocar o Biome (ou Prettier + ESLint, mesmo efeito) num hook pre-commit do husky. Coisa de 15 minutos pra configurar, e dali em diante não dá mais pra fazer commit com formato errado.

```bash
npx husky init
echo "npx lint-staged" > .husky/pre-commit
```

E no `package.json`:

```json
{
  "lint-staged": {
    "*.{ts,tsx}": ["biome check --apply"]
  }
}
```

Pronto. O custo de R$ 4.200/mês cai em R$ 2.500/mês na primeira semana de uso.

## Incidente 2: o AGENTS.md combinado que ninguém aplica

Em algum momento do ano passado, o time decidiu adotar Conventional Comments. Eu escrevi a regra no AGENTS.md, mandei no Slack, fiz workshop. Uma semana depois, era só eu colocando `issue:` e `suggestion:` nos comentários. Os outros quatro devs voltaram pra revisão de texto livre, do tipo "isso aqui não está certo" sem marcação.

Pedido se esquece. Regra se quebra.

A diferença foi quando eu pluguei o [CodeRabbit](https://coderabbit.ai/) no repositório, configurei o `.coderabbit.yaml` pra usar a label de Conventional Comments e mandei a ferramenta ler o AGENTS.md do projeto antes de comentar.

A partir desse dia, todo PR já chegava no humano com comentários do CodeRabbit já marcados (`issue:` pra problema, `suggestion:` pra melhoria, `praise:` pra padrão bom). Os devs começaram a copiar o estilo. Em duas semanas o time inteiro estava usando a label sem ninguém pedir.

Regra vira cultura quando o sistema aplica em todo PR sem exceção. Workshop sozinho não dá conta.

## Incidente 3: o PR aberto há três dias

Esse é o pior dos três, e o mais comum.

PR aberto numa terça à noite. Ninguém comenta na quarta. Nem na quinta. Sexta de manhã alguém aperta Approve sem ler com cuidado. Merge. Sábado, segundo turno do plantão, alguém abre um issue no Sentry: o `if` que decidia se o cliente era premium estava invertido. Saiu prod.

Por que ninguém comentou? Porque os outros quatro devs já tinham olhado pra aquele PR, viram que tinha "alguns comentários do CodeRabbit ainda abertos", concluíram que outra pessoa ia revisar e fecharam a aba.

A diferença esse ano foi configurar o CodeRabbit pra emitir `Request Changes` automático quando tem comentário `issue:` sem resolver. Isso bloqueia o merge até o autor responder. Não dá mais pra apertar Approve "de fachada" se algum apontamento de `issue:` ainda está aberto.

Junto disso, o `auto-assign-action` do GitHub passou a sortear um revisor humano específico (em vez de pedir pro time inteiro), e o `pull_request` workflow comenta no PR quando ele passa de 300 linhas pedindo divisão.

Os três juntos cortaram o "PR fantasma" do time. Não tinha mais Approve cego em sexta de tarde.

## O sistema completo, em três camadas

Depois desses três meses, o desenho do que rodava na base ficou claro:


- **Camada 1 — portão automático (hooks + CI):** Biome em pre-commit, type check em pre-push, testes em CI. Tudo que dá pra julgar mecanicamente nunca chega num humano.
- **Camada 2 — revisão por IA (CodeRabbit + Copilot):** A IA lê o AGENTS.md, aplica `issue:` em padrão N+1, SQL injection, `any` type, comentários sem teste. Bloqueia merge se tiver `issue:` aberto.
- **Camada 3 — revisão humana:** Sobra o que máquina não decide. Design, regra de negócio, edição de direção. O humano vira o chef-executivo, não o lava-louças.

A conta no final ficou assim:

| Item | Antes | Depois |
|---|---|---|
| Tempo de revisão por dev/dia | 30 min | 5 min |
| Comentários de formato/lint | 70% do total | ~0% (filtrados na camada 1) |
| Comentários de IA (`issue:`, `suggestion:`) | inexistente | 20-30% do total |
| Comentários humanos sobre design | 10% do total | 60-70% do total |
| Custo mensal de revisão | R$ 6.000 | R$ 1.000 |

A redução não foi mágica. Foi sistema. E o curioso é que a qualidade subiu junto, porque a parte "humana" finalmente discutia o que importava.

## A revisão por IA não é só CodeRabbit

Pra fechar: durante esse trabalho eu testei três ferramentas de revisão por IA. CodeRabbit (a referência), Copilot PR Review (incluso no contrato Copilot da empresa) e Claude Code Action (GitHub Action). Cada uma tem força em coisa diferente:

- CodeRabbit: combinação LLM + 40 linters de análise estática. Melhor pra detecção de padrões mecânicos com explicação contextual.
- Copilot PR Review: melhor pra gerar resumo do PR inteiro. Fraco em impor regras específicas do projeto.
- Claude Code Action: melhor pra dialogar pelo `@claude` no comentário. Funciona sem contrato Copilot.

Pra time menor (até 10 devs), CodeRabbit sozinho resolve. Pra time maior ou com requisitos de auditoria, CodeRabbit + uma das outras duas como segunda passada é o que eu rodaria.

## A pergunta que sobra

Você não precisa de mais comentário "ajusta a indentação". Precisa de um sistema que tira essa pergunta do humano. A IA está aí pra absorver a parte mecânica. O humano fica com a parte que valia a pena pagar R$ 120/h pra ter.

---

Eu escrevi um livro inteiro com o passo a passo desse sistema, com `.coderabbit.yaml`, workflows do GitHub Actions, templates de PR e o exemplo final em Next.js + TypeScript + Prisma. Saiu essa semana na Kindle BR.

**Revisão de Código com Harness Engineering** — R$ 24,99 → [amazon.com.br/dp/B0H2DB9YXD](https://www.amazon.com.br/dp/B0H2DB9YXD)

---

# O modelo maior mente melhor: por que o Sonnet inventa com mais confiança que o Haiku

URL: https://kenimoto.dev/pt/blog/modelo-maior-mente-melhor-sonnet-vs-haiku/
Lang: pt
Date: 2026-06-02
Description: Testei a mesma ferramenta fictícia no Sonnet 4 e no Haiku 3. O modelo maior produziu mentiras mais detalhadas e convincentes. Uma linha de system prompt levou a honestidade de 0,2 para 3,7.

A conclusão primeiro, porque eu odeio quando o artigo segura o final por seiscentas palavras: o modelo mais potente não é o mais confiável. É o que mente melhor. Eu medi isso com duas notas que não fazem sentido juntas até você olhar de perto: o Sonnet 4 tirou 4,2 de 5 em Specificity e 0,6 de 5 em Factual Accuracy sobre uma ferramenta que eu inventei. Detalhe nota máxima, verdade nota zero.

Eu passei um tempo achando que estava fazendo a coisa certa ao trocar o modelo barato pelo modelo caro toda vez que a resposta "precisava ser séria". A lógica parecia óbvia. Modelo grande sabe mais, então erra menos. Eu estava certo na primeira metade e ingenuamente errado na segunda. Sabe mais, sim. Erra com muito mais elegância, também.

## O teste: uma ferramenta que não existe

Eu inventei uma ferramenta de autenticação chamada PropelAuth. Não pesquisei se o nome existe, eu só precisava de algo que com certeza não estava nos dados de treino: uma especificação que ninguém nunca escreveu. Aí perguntei para os dois modelos como funciona a gestão de organizações dessa ferramenta, sem dar nenhum contexto. Nenhum arquivo, nenhuma documentação, nenhum link. Só o nome e a pergunta.

O Haiku 3 respondeu mais ou menos assim:

```
PropelAuth tem funcionalidades básicas de gestão de organizações.
Para detalhes, consulte a documentação oficial.
```

Vago, meio inútil, e — repare bem — honesto sem querer. Ele não sabe, então não enche linguiça. Specificity 1,2 de 5. Factual Accuracy 0,0, porque ele também não acertou nada, mas pelo menos não chutou um número.

O Sonnet 4 respondeu assim:

```
Convite de usuários:
- Funcionalidade de convite por e-mail
- Links de convite expiram em 24 horas
- Convites em massa suportados

Gestão de permissões:
- Role-Based Access Control (RBAC)
- Compatível com OAuth 2.0 / OIDC
- Integração SAML SSO
- JIT (Just In Time) provisioning
```

De onde saiu "24 horas"? De lugar nenhum. PropelAuth não tem especificação. RBAC, OAuth 2.0, OIDC, SAML, JIT — são todas tecnologias de auth de verdade, empilhadas com uma naturalidade que faz você ler e pensar "tá, isso parece certo". Specificity 4,2 de 5. Factual Accuracy 0,6, e o 0,6 é praticamente sorte: algumas dessas features genéricas calham de existir em ferramentas reais de auth.


## Por que detalhe é o veneno, não o açúcar

A intuição que eu trouxe para esse teste estava de cabeça para baixo. Eu achava que resposta detalhada era sinal de resposta confiável. Acontece o contrário: quando o fato não existe, detalhe é só a mentira com um terno melhor.

O Sonnet faz três coisas que o Haiku não faz, e cada uma delas torna a invenção mais difícil de pegar.

Primeira: ele usa jargão técnico de verdade no lugar certo. RBAC perto de "gestão de permissões", SAML perto de "SSO". A correção técnica do vocabulário se disfarça de correção factual. Você vê o termo certo e assume que o conteúdo em volta também está certo. Não está. O termo é real e a feature é fantasia.

Segunda: ele mantém coerência interna. Se ele disse "links de convite expiram em 24 horas", ele vai dizer depois "por isso, aja dentro da janela de 24 horas". A mentira não se contradiz, e a ausência de contradição é exatamente o que o nosso cérebro lê como "isso é um sistema real, alguém pensou nisso".

Terceira: ele preenche a lacuna com fluência. O modelo prevê o próximo token a partir de padrões que viu — Auth0, Firebase Auth, Cognito. Ele não tem em lugar nenhum a informação de que PropelAuth é inventada. Então ele faz o que foi treinado para fazer: produzir texto plausível. E modelo maior produz texto mais plausível. Esse é o paradoxo inteiro numa frase.

Eu chamo isso de paradoxo de capacidade porque dói admitir. Você aumenta a capacidade, ganha respostas mais ricas, e o brinde grátis é que as mentiras também ficam mais ricas. Não é um bug que vai ser corrigido na próxima versão. É a própria mecânica da geração de texto funcionando direitinho.

## Não sou só eu, e a pesquisa de 2026 confirma

Eu medi isso num cantinho, com uma ferramenta inventada e uma planilha. Mas a literatura recente está apontando para o mesmo lugar, e isso me deixou mais tranquilo e mais preocupado ao mesmo tempo.

Um trabalho de calibração de 2026 coloca o ponto de um jeito seco: modelos maiores tendem a acertar mais, mas isso não se traduz em calibração melhor — o excesso de confiança continua alto independente do tamanho do modelo. Ou seja, o modelo grande não fica mais ciente do que não sabe. Ele só fica mais convincente sobre tudo, inclusive sobre o que está chutando.

A raiz disso virou consenso depois do trabalho da OpenAI que saiu no fim de 2025 e foi parar na Nature: o objetivo de treino e os rankings de benchmark recompensam o chute confiante em cima da incerteza calibrada. O modelo aprende que dizer "não sei" tira nota e que inventar com firmeza ganha pontos. Ele não está quebrado. Ele está otimizado, só que para a métrica errada.

E a saída que a pesquisa mais empolgada de 2026 está perseguindo é quase ofensiva de tão simples: deixar o modelo se abster de responder. Tratar "não sei" como resposta válida, dar crédito por sinalizar incerteza. Um dos trabalhos mostra que, sacrificando uns poucos casos mais incertos, dá para evitar metade das alucinações. Metade. Por deixar o modelo calar a boca de vez em quando.

## A linha que muda a honestidade do modelo

Aqui é onde o teste deixou de ser deprimente. Eu peguei o mesmo Sonnet 4, a mesma pergunta sobre a mesma PropelAuth fictícia, e adicionei uma frase no system prompt. Em português corrido, era basicamente: "quando você não souber, diga 'não sei' em vez de inventar".

A nota de Honesty do Sonnet 4 foi de 0,2 para 3,7. A do Haiku 3 foi de 0,3 para 2,7. Mesma instrução, salto enorme.


O que esse salto me diz é que o modelo *sempre conseguiu* ser honesto. A honestidade não estava faltando como capacidade; estava desligada como comportamento padrão. O padrão é "responda com alguma coisa", porque foi assim que ele foi premiado no treino. Uma linha de instrução troca o padrão. Bate certinho com a pesquisa de abstenção de 2026 que eu citei lá em cima — só que eu não preciso esperar o próximo release, eu preciso escrever uma frase.

Repare numa coisa contraintuitiva: o Sonnet, o modelo que mentia melhor, é também o que respondeu melhor à instrução. 0,2 para 3,7 é um salto maior que 0,3 para 2,7. A mesma capacidade que torna a mentira perigosa torna a obediência à instrução mais afiada. A faca corta dos dois lados, e o cabo é o seu system prompt.

## E quando você dá o fato de verdade

Tem um terceiro estado, e é o que eu uso no trabalho de verdade. Eu rodei o Sonnet 4 de novo, agora com Engenharia de Contexto completa: em vez de só pedir honestidade, eu entreguei a especificação real via RAG antes de perguntar.

Factual Accuracy 4,8 de 5. Specificity 4,8 de 5. As duas notas no teto, ao mesmo tempo.

Esse é o pulo do gato que demorei para entender. O trade-off entre "detalhado" e "correto" não é uma lei da física. Ele só aparece quando o detalhe precisa ser chute. Quando o RAG fornece o fato, o modelo não precisa inventar o detalhe — ele tem o detalhe. A capacidade enorme do Sonnet, que virava mentira sofisticada no vácuo, vira resposta sofisticada e certa quando tem com o que trabalhar. O problema nunca foi o modelo ser potente demais. Foi eu pedir uma resposta específica sobre uma coisa que ele não conhecia.

## O dano real, e ele fala português

Aqui no Brasil tem muito dev fazendo vibe coding com Sonnet, pagando os seus dólares por mês — uns 1.000 reais dependendo do dia em que o câmbio resolve te odiar — e tratando cada resposta detalhada como verdade revelada. Eu fui esse dev. A resposta vem bonita, organizada, com os termos certos, e você cola no código sem ler duas vezes.

O custo não aparece na fatura da API. Aparece nas três horas que você gasta caçando uma tela de configuração que não existe, atrás de uma feature que o modelo descreveu com total confiança e que nunca foi implementada por ninguém. A mentira detalhada do Sonnet é mais cara que o silêncio vago do Haiku, justamente porque ela é boa o suficiente para você agir em cima dela. Resposta ruim você desconfia. Resposta boa e falsa você implementa.

## O que eu mudei

Três coisas, todas chatas e todas funcionam.

Uma: a linha de "diga não sei" mora no meu system prompt agora, em todo projeto que toca decisão técnica. Custa uma frase e me devolve a metade das alucinações que a pesquisa promete.

Duas: pergunta sobre fato específico só com o fato na mão. Se eu quero saber como uma ferramenta funciona, eu jogo a documentação no contexto antes. Sem RAG, sem pergunta factual. O modelo no vácuo só me dá ficção bem escrita.

Três: quanto mais detalhada e mais bonita a resposta, mais eu desconfio dela em vez de menos. Inverti o sinal. Detalhe agora é um pedido de fact-check, não um selo de qualidade.

A parte engraçada é que, quando contei pro Sonnet que ia escrever que ele mente melhor que o Haiku, ele concordou na hora, com muita propriedade, citando um benchmark de calibração que eu não consegui confirmar que existe. Deixei lá. É a melhor evidência que esse artigo podia ter.

O experimento completo do PropelAuth, com as quatro condições e as notas lado a lado, está no capítulo sobre por que a IA mente do livro **Engenharia de Contexto**. Não vou linkar venda aqui. Quem quiser, acha.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/pt/) · [TabNews](https://www.tabnews.com.br/kenimo49)*

---

# Eu troquei Claude Code por OpenClaw por 24 horas. Veja o que quebrou — e o que melhorou

URL: https://kenimoto.dev/pt/blog/openclaw-claude-code-24h-troca/
Lang: pt
Date: 2026-05-10
Description: OpenClaw passou 250 mil estrelas no GitHub em 60 dias, mais rápido que o React. Passei um dia migrando meu setup de dev pra ver o que sobrevive ao hype. SOUL.md, Gateway local, ClawHub, e a hora silenciosa das 15h em que eu quase desisti.

Todo mundo no Twitter dev brasileiro fala que Cursor é o consenso. Eu troquei meu setup inteiro de Claude Code por OpenClaw por 24 horas pra ver se o consenso ainda vale, e o que eu encontrei me surpreendeu. No bom e no mau sentido.

Esse post é sobre essa terça-feira. Sobre o que quebrou, o que não quebrou, e o que 24 horas dentro do agente de terminal que agora é tecnicamente o projeto open-source com mais estrelas da história do GitHub me devolveram em troca da R$ 25 que eu queimei em tokens.

Sim, eu sou o engenheiro que [parou de usar Cursor e voltou pro terminal](/pt/blog/parei-cursor-voltei-terminal/) faz três meses. Aí o OpenClaw passou o React em estrelas em 60 dias, o Peter Steinberger anunciou que está indo pra OpenAI cuidar de agentes pra todo mundo, o tweet de lançamento bateu 4 milhões de visualizações e o terminal voltou a ser assunto. Achar que a história já estava decidida foi uma previsão de um mês.

## Os números que eu precisei verificar antes de acreditar

Antes de qualquer coisa, deixa eu colocar os fatos na mesa. Metade do que vira tweet sobre OpenClaw está errado por um fator de dois.

- OpenClaw passou de 250 mil estrelas no GitHub em 3 de março de 2026, virando o repositório mais estrelado da história e tirando esse posto do React
- 60 dias da estreia até as 250 mil. O React levou cerca de uma década pra chegar no mesmo lugar
- 60 mil estrelas nas primeiras 72 horas. Essa parte ninguém acredita na primeira vez que ouve
- Em 14 de fevereiro de 2026, Steinberger anunciou que está indo pra OpenAI trabalhar com agentes, com a OpenClaw migrando pra uma fundação pra continuar aberta e independente
- Uma sessão de refactor de tamanho médio no meu teste consumiu 920 mil tokens. No preço do Claude 4.5 Sonnet, deu uns USD 8,30, mais ou menos R$ 25 ao câmbio atual

A thread no Hacker News no dia em que passou o React foi a mais votada da semana. O comentário do topo dizia que era "ou a melhor coisa que aconteceu com ferramenta de dev nos últimos cinco anos, ou a forma mais cara de aprender o que `--yolo` faz".

É as duas coisas, de algum jeito.

## A instalação, e a parte que eu subestimei

A instalação levou menos de um minuto.

```bash
curl -fsSL https://get.openclaw.dev | sh
export ANTHROPIC_API_KEY=sk-ant-...
openclaw
```

A primeira surpresa: o OpenClaw me perguntou qual modelo eu queria como padrão. Eu tinha quatro opções sérias, mais Ollama pra modelos locais.

```bash
openclaw --model claude-4.5-sonnet
openclaw --model gpt-4o
openclaw --model gemini-2.5-pro
openclaw --model ollama/devstral:24b
```

O Claude Code tem um modelo de backend. O OpenClaw tem um seletor de modelo. Pra um time brasileiro que precisa balancear custo em real e qualidade de output, isso não é uma diferença pequena.

A segunda surpresa: na primeira execução, o agente perguntou onde estava meu arquivo SOUL.md. Eu não tinha. Ele gerou um padrão na hora. O padrão era genérico o bastante pra eu fechar a sessão, abrir o editor e começar a escrever o meu. Foi nesse momento que o dia parou de ser benchmark e virou teste de personalidade.

## SOUL.md é a parte que ninguém te avisa

Esse foi o SOUL.md que eu terminei o dia com, depois de reescrever três vezes.

```markdown
# SOUL.md
Você é um engenheiro backend sênior, com opiniões fortes e pouca paciência pra
código que fala mais do que faz.

- Prefira Python a TypeScript quando os dois servirem. Não é frontend aqui.
- Não adicione feature sem teste. Se o teste leva mais de 10 minutos pra
  escrever, pergunte antes em vez de só sair escrevendo.
- Performance importa, mas legibilidade importa mais. Somos um time de quatro,
  não Google.
- Não escreva enchimento conversacional. "Claro, vou fazer" não é output.
  Output é o diff.
- Em dúvida, pergunte. Não chute. Chute custou um fim de semana ano passado.
```

A coisa que a documentação não te conta: SOUL.md não é arquivo de configuração. É contrato. CLAUDE.md diz pro Claude Code o que é o projeto. SOUL.md diz pro OpenClaw quem é o agente. São duas formas diferentes do mesmo problema de confiança, e o dia em que eu entendi isso foi o dia em que o OpenClaw parou de parecer pior que o Claude Code e começou a parecer diferente.

Deixei uma sessão do Claude Code aberta na outra janela o dia inteiro como sanity check. Por volta das 16h percebi que meu CLAUDE.md tinha 312 linhas e meu SOUL.md tinha 14. O SOUL.md estava fazendo mais trabalho por linha.

## Gateway local, e por que meu colega de LGPD se importou

O OpenClaw roteia toda chamada de LLM por um processo local chamado Gateway.


O Gateway fica na sua máquina. Seus prompts e seu código não passam por um relay na nuvem operado pelo OpenClaw a caminho da Anthropic, OpenAI, ou seja lá quem você escolheu. Eles vão direto do laptop pra API do provedor.

Aqui no Brasil, com LGPD em pé e um mercado em que cada vez mais cliente pergunta "o dado sai do país?", isso muda conversa. Um colega meu que cuida de compliance me mandou mensagem na hora do almoço perguntando como era o diagrama de rede. Mostrei. Ele gostou. Essa conversa sozinha já paga o dia.

O Claude Code não tem um intermediário equivalente, mas também não precisa, porque a Anthropic é o único provedor. No momento que você tem suporte multi-provedor, você precisa ou de um relay (com risco de vendor lock-in) ou de um gateway local (a escolha do OpenClaw).

## ClawHub vs Claude Code Skills

Skills do Claude Code são arquivos markdown mais recursos opcionais, distribuídos como você distribui markdown. ClawHub é um marketplace de pacotes estilo npm pra skills do OpenClaw.

```bash
openclaw skills search "docker"
openclaw skills install @clawhub/docker-manager
openclaw skills list
```

ClawHub tinha vários milhares de skills no dia em que eu testei. Os números que o Steinberger cita em conferência são maiores e provavelmente corretos, mas a contagem se mexe rápido o bastante pra qualquer número específico estar errado quando você publicar.

Duas diferenças reais que eu senti:

1. Skills do ClawHub são em JavaScript. Rodam em sandbox mas podem pedir permissão de exec de shell. Isso as deixa mais poderosas que Skills do Claude Code, e mais perigosas. O incidente ClawHavoc em março de 2026 pegou 341 skills maliciosas. É um custo real de marketplace aberto
2. Skills do Claude Code são mais simples de escrever. Escrevi uma Skill em 20 minutos na primeira vez. A skill equivalente do ClawHub me custou uns 90 minutos porque tive que aprender as convenções do SDK

Pra um dev solo querendo compartilhar um workflow, Skills são mais fáceis. Pra um time querendo uma ferramenta versionada, empacotada e auditada, ClawHub é melhor. Não estão competindo pelo mesmo problema.

## As 15h da tarde em que eu quase parei

Pedi pro OpenClaw atualizar um código Python 3.8 pra 3.11 num repo pequeno, rodar a suíte de testes e me dizer o resultado.

Ele fez. A sessão queimou 920 mil tokens, levou uns 14 minutos, achou três lugares onde um colega meu tinha usado walrus operator do jeito errado e corrigiu silenciosamente. Olhei o diff. Estava certo.

O Claude Code faz a mesma coisa. Já rodei o mesmo prompt nele várias vezes.

A diferença não foi no output. A diferença foi que o Claude Code está na minha memória muscular. Eu digito `claude` três vezes por dia faz um ano. Quando eu digitava `openclaw` e esperava o 1,2 segundo a mais de cold start, meus dedos iam pro `claude` por reflexo. Aconteceu três vezes na mesma tarde.

Essa é a parte que ninguém escreve. Custo de troca não é só config. É reflexo. Por volta das 15h eu tinha metade do SOUL.md escrita, quase desisti, fui fazer café e voltei. Por volta das 18h eu estava bem de novo.

## Pra que eu usaria cada um

Montei essa matriz no segundo café.

| Decisão | OpenClaw | Claude Code |
|---|---|---|
| Preso aos modelos da Anthropic? | Não, multi-provedor | Sim, só Anthropic |
| Modelo local | Ollama | Sem opção oficial |
| Distribuição de skill | Marketplace de pacotes ClawHub | Arquivos markdown |
| Arquivo de personalidade | SOUL.md (quem é o agente) | CLAUDE.md (qual é o projeto) |
| Arquitetura de rede | Gateway local, sem relay | Direto pra Anthropic |
| Maturidade | 60 dias, fundação se formando | 18 meses, estável Anthropic |
| Melhor pra | Times multi-modelo, ambientes regulados | Stack Anthropic-first, simplicidade |

Se seu time é só Anthropic e seu CLAUDE.md já tem 200 linhas, não troque. O Claude Code está bom. As Skills que você escreveu continuam boas. O padrão funciona.

Se seu time é multi-provedor, ou seu time de compliance tem perguntas sobre por onde os prompts trafegam, ou você quer um seletor de modelo no backend, OpenClaw vale uma terça-feira.

Eu estou de volta no Claude Code como padrão. Tenho o OpenClaw com alias num comando separado pros casos em que quero testar um modelo diferente no mesmo prompt sem pagar dois SaaS de contexto.

## Onde isso vai parar

A parte que eu estou olhando com mais atenção é o Steinberger indo pra OpenAI enquanto o OpenClaw migra pra fundação. Fundação é como projeto open-source sobrevive ao próprio fundador. Também é como projeto ossifica. Os primeiros seis meses de governança da OpenClaw Foundation vão dizer se isso vira Linux ou se vira Helm.

Se você costumava argumentar que [Claude Code vs Codex era binário](/pt/blog/contexto-vs-prompt-engineering/), o OpenClaw é a resposta que parecia impossível: uma terceira opção que não é produzida por um laboratório de LLM. A economia disso é interessante. Os próximos doze meses vão nos ensinar se ferramenta de IA neutra, multi-provedor, governada por fundação, é sustentável, ou se é silenciosamente absorvida.

Aposto em sustentável. Também já estive errado sobre agentes em basicamente todos os trimestres anteriores, então ajuste sua confiança no meu palpite.

## O que isso tudo me ensinou

Se você levar uma coisa só dessa terça, leve essa. OpenClaw e Claude Code não são concorrentes. São duas respostas pra mesma pergunta: o que a IA dentro do seu terminal pode fazer sem perguntar primeiro. SOUL.md e CLAUDE.md são formas diferentes do mesmo contrato de confiança. O time que escreveu cada um escolheu diferente porque tinha suposições diferentes sobre quem está sentado na frente da tela.

A ferramenta certa é aquela cujas suposições batem com as suas. Escolha por suposição, não por estrela.

O contrato de confiança do lado Claude — CLAUDE.md "de 2 linhas a 100", Plan Mode como porta de entrada, operação em time — está em **[Practical Claude Code](https://kenimoto.dev/pt/books/claude-code-mastery)**. É o lado oposto do SOUL.md, e a razão pela qual eu escolhi.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/pt/) · [TabNews](https://www.tabnews.com.br/kenimo49)*

---

# Por que parei de usar Cursor e voltei para o terminal

URL: https://kenimoto.dev/pt/blog/parei-cursor-voltei-terminal/
Lang: pt
Date: 2026-05-07
Description: Usei Cursor por 6 meses, voltei para Claude Code no terminal e dobrei minha produtividade. Conto por quê e o que mudou.

Usei Cursor por seis meses. Era o futuro: VSCode com IA embutida, chat na lateral, autocomplete inteligente, tudo num lugar. Pagava os $20/mês, recomendava para amigos.

Em outubro de 2025 abandonei o Cursor e voltei para o terminal com Claude Code. Minha produtividade dobrou nos primeiros 30 dias. Esse texto é sobre o que mudou.

## O problema que eu não enxergava no Cursor

Cursor é bom. O autocomplete é rápido, o chat é responsivo, e o encaixe com VSCode é praticamente perfeito. Eu não saí porque algo quebrou. Saí porque percebi um padrão que estava me sabotando sem eu ver.

O Cursor me convida a editar arquivo por arquivo. O cursor pisca, eu invoco a IA, ela sugere, eu aceito ou rejeito, e prossigo. É um workflow de microedição. Em uma hora eu fazia 30 microedições e tinha a sensação de produtividade. Mas no fim do dia, o que tinha sido entregue? Geralmente um arquivo modificado, talvez dois, com testes que eu mesmo precisava revisar e ajustar.

O terminal força um modo diferente. Eu mando um pedido como "implementa autenticação com JWT no padrão do projeto, escreve os testes, e me mostra o diff", e o modelo trabalha. Eu não vejo cada decisão. Vejo o resultado, faço review como se fosse PR de outro engenheiro, e aceito ou peço ajustes.

A mudança de granularidade muda tudo.


## O que muda na prática

**Sai a microedição, entra a tarefa.** No terminal eu não fico babá do cursor. Mando um pedido bem definido e o modelo entrega 4 arquivos modificados. Em uma hora, em vez de 30 microedições, eu produzo 3-5 PRs completos.

**Sai o lock-in no IDE, entra o controle do workflow.** Cursor te prende dentro do VSCode. Claude Code roda em qualquer terminal, dentro de tmux, junto com git, com seus scripts shell, com qualquer outra ferramenta. Composição livre.

**Sai o chat lateral, entra o CLAUDE.md.** No Cursor, o contexto vivia no chat. Cada sessão eu re-explicava o projeto. Com Claude Code, o `CLAUDE.md` no repositório é lido toda vez que abro o terminal. O modelo já sabe as convenções, os comandos de teste, as decisões. Eu paro de repetir.

**Sai a edição síncrona, entra o paralelismo.** Esse foi o ponto mais importante. No Cursor eu trabalhava em um projeto por vez (porque um VSCode = um projeto, e múltiplas janelas viravam confusão). No terminal eu rodo Claude Code em três projetos diferentes em três tabs do tmux. Cada um trabalha em uma tarefa enquanto eu reviso o resultado do anterior.

## A primeira semana doeu

Não vou mentir. A primeira semana fora do Cursor foi desagradável. Eu sentia falta do autocomplete inline, do "Tab Tab Tab" que me poupava digitar boilerplate. Tive que reescrever meu workflow do zero.

O que me fez aguentar foi o seguinte: o que eu achava que era "produtividade" no Cursor era, na verdade, **a sensação de movimento**. Editar texto rápido parece progresso, mas se o arquivo final ainda precisa de 3 rounds de revisão, o ganho líquido é pequeno.

No terminal, o ciclo é mais lento por interação (um pedido pode levar 90 segundos), mas o que sai já é executável. Em 8 horas, isso multiplica.

## Quando Cursor ainda é melhor

Para ser justo: Cursor ainda ganha em alguns cenários:

- **Exploração de código alheio:** abrir um repo desconhecido, ler arquivos sem objetivo claro. O chat lateral ajuda.
- **Tasks pequenas e visuais:** editar CSS, ajustar copy, mexer em um snippet React. Microedição faz sentido aqui.
- **Pareamento síncrono:** quando você está mostrando código para alguém em call, Cursor é mais visual.

Para o resto do que eu faço (criar features, refatoração, testes, automação), o terminal venceu.

## O setup mínimo

Se você quer testar, o setup é assim:

1. Instala o Claude Code (`npm install -g @anthropic-ai/claude-code` ou via Homebrew)
2. Cria um `CLAUDE.md` no root do projeto com 30 linhas: comandos de teste, padrão de erro, convenções de naming
3. Abre o terminal no projeto, roda `claude`
4. Pede o primeiro PR: "olha o issue #X e propõe um plano"

A partir daqui é treino. Levei 2 semanas para deixar de querer abrir o VSCode no meio da sessão. Hoje só abro IDE para review visual ou para mexer em arquivo HTML/CSS.

## O efeito colateral inesperado

Voltar para o terminal me reconectou com o Unix. Comecei a usar mais `grep`, `awk`, `find`, pipes. Comecei a escrever scripts shell pequenos para automatizar coisas repetitivas. Comecei a entender melhor o sistema operacional que estava abaixo de toda essa abstração.

Não esperava esse efeito. Mas faz sentido: o Cursor te dá uma camada de IDE em cima do código. O terminal te coloca diretamente na superfície. Você fica mais perto do metal.

## Onde aprofundar

Eu juntei o que aprendi nesses meses no livro [Practical Claude Code](https://kenimoto.dev/pt/books/claude-code-mastery) (versão PT-BR no Kindle, está no Kindle Unlimited). Cobre CLAUDE.md em detalhe, padrões de Skills, multi-agente, e o "porquê" de cada decisão de design do Claude Code.

Mas você não precisa do livro para começar. Cria um CLAUDE.md, abre o terminal, manda o primeiro pedido. Em duas semanas você sabe se voltar para o IDE faz sentido para você.

Eu não voltei.

---

*Já fez essa transição? Conta como foi: [TabNews](https://www.tabnews.com.br/kenimo49) ou [GitHub](https://github.com/kenimo49).*

---

# Adicionei um 4º agente que audita meus outros agentes. Ele pegou meu Strategist enrolando há 3 semanas.

URL: https://kenimoto.dev/pt/blog/quarto-agente-evolver-pegou-strategist-enrolando/
Lang: pt
Date: 2026-05-22
Description: Observer / Strategist / Marketer estavam seguindo as regras. Meu Strategist tinha escrito 'avaliar na próxima semana' por três semanas seguidas, e nenhuma das três camadas conseguiu pegar isso. A 4ª camada pegou na primeira rodada.

Montei um arnês de agente em 3 camadas e chamei isso de "autônomo". Observer coleta dados. Strategist escolhe os temas da semana. Marketer escreve os artigos. Os três seguem o `strategy.md`, o arquivo onde estão as minhas regras. Toda segunda 09:00 o cron dispara, e até a hora do almoço os artigos saem. Eu estava me achando esperto.

Aí eu li meus próprios logs do Strategist de três semanas seguidas e vi uma coisa. O mesmo critério de saída — "se a taxa de Reaction ficar abaixo de 1% por 4 semanas seguidas, revisar a estratégia" — estava sendo postergado havia três semanas. Toda semana o Strategist escrevia "dados insuficientes, observar na próxima semana" e seguia em frente. A regra existia. Os dados existiam. A regra nunca disparou.

O arnês de 3 camadas não pega esse tipo de bug porque os 3 agentes estão fazendo exatamente o que `strategy.md` mandou eles fazerem. O bug fica na própria regra, e nenhuma camada do arnês tinha como tarefa olhar para as regras.

Adicionei uma 4ª camada chamada Evolver. Na primeira proposta de verdade, ela mandou um diff exatamente contra a regra atrás da qual meu Strategist estava se escondendo.


## "Autônomo" era só nome bonito

A arquitetura que eu chamava de autônoma era assim. Observer roda todo dia e despeja números do GA4 em `article-performance.jsonl`. Strategist roda toda segunda de manhã, lê o `strategy.md` e escolhe 5 temas para a semana. Marketer transforma cada tema em artigo e empilha na fila de publicação. Três papéis, três crons, comportamento previsível.

O truque que deixou esse pipeline rápido foi eu ter tirado o WebSearch do Strategist de propósito. Strategist com WebSearch ficava 20 minutos perdido em cada rodada e começava a escolher temas que combinavam com notícia do dia em vez de combinarem com meu acervo real de conteúdo. Tirei WebSearch, o ciclo caiu de 20 para 3 minutos. Já escrevi sobre isso em outro lugar. Aquele post era sobre deixar o Strategist **mais rápido**. Esse aqui é sobre deixar ele **prestar contas**.

O que nenhuma das três camadas conseguia fazer era reescrever `strategy.md`. Elas leem toda segunda e obedecem. Se a regra estiver errada, elas obedecem a uma regra errada. A única forma de mudar a regra era eu, humano, notar na revisão semanal. E eu era o gargalo. Eu não estava olhando para os critérios de saída havia pelo menos 3 semanas.

## Como a enrolação aparecia nos logs

Vou citar meus próprios logs do Strategist porque o padrão fica mais honesto quando você vê o original.

Log de 3 semanas atrás:

> Reaction continua em 0% na maioria dos artigos. Estratégia de título já mudou para primeira pessoa e enquadramento numérico. Quatro semanas seguidas abaixo de 1% justifica revisão de estratégia (atualmente 3 semanas seguidas em observação, decisão na próxima semana).

Log da semana seguinte:

> Taxa de Reaction ainda não chegou a 4 semanas seguidas abaixo de 1%, mas dados de tendência semanal estão insuficientes. Observar na próxima semana.

O modo de falha está inteiro nessas duas frases. A regra dizia "4 semanas seguidas". O Strategist tinha 3 semanas seguidas de dados abaixo de 1%. Em vez de tratar a semana 4 como semana de decisão, ele ficou descrevendo a situação como "ainda em observação" e o relógio nunca andava. O critério de saída tinha sido escrito de um jeito que dava para postergar indefinidamente.

Quando eu mesmo calculei os números a partir de `article-performance.jsonl`, a foto era pior. Em 24 artigos publicados nas últimas 4 semanas: 812 views, 4 reactions, 7 comments. Reaction: 0.49%. Metade do limite. Engagement (reactions + comments): 1.35%. A regra devia ter disparado há semanas. Não disparou porque não havia, em lugar nenhum do arnês, uma camada cuja tarefa fosse perguntar "essa regra está funcionando mesmo?".

## O 4º cron: Evolver

Adicionei um 4º cron. Roda sábado 09:00, em horário separado da cadeia Observer/Strategist/Marketer da segunda. Diferente das três outras, ele tem WebSearch habilitado. A tarefa dele é ler o `strategy.md`, ler os logs de decisão das últimas semanas e propor diffs contra o `strategy.md`. Escrever artigo fica com as outras três camadas.

Cada proposta é um arquivo: `domains/<name>/data/evolution/EVO-NNNN.md`. O Evolver preenche 5 seções.

- Observação — o que viu nos dados
- Proposta — mudança de regra em prosa
- Embasamento — dados internos e referências externas
- Impacto esperado — o que deve melhorar com a aplicação
- diff — bloco ```` ```diff ```` literal contra `strategy.md`

O bloco diff é a parte que sustenta tudo. O Evolver vai além de sugestão em português: escreve o patch exato que entraria no repositório. Um CLI pequeno chamado `harness-evolve.sh` sabe extrair o bloco, rodar `git apply --check` e commitar. Nenhum LLM participa do passo de aplicar. LLM propõe, shell aplica.

Essa separação é proposital. Proposta é criativa. Aplicação é mecânica. Quando o passo de aplicar é mecânico, dá para confiar que ou ele vai dar certo limpo ou vai falhar gritando. Não tem "o agente tentou aplicar o patch e aconteceu uma coisa estranha no meio".

## Stack mínimo (shell + cron + claude -p + flock)

Para quem quer testar no fim de semana sem instalar framework Python:

```bash
# crontab
0 9 * * 6 /caminho/para/harness-cycle-evolver.sh devto
```

`harness-cycle-evolver.sh` chama `claude -p "/harness-evolve devto"`. A skill por dentro faz 3 coisas: resume os logs das últimas 4 semanas, preenche o template de proposta com um bloco diff, manda Telegram com o `EVO-NNNN`.

O contador sequencial está num arquivo único `core/data/evolution-counter.txt`, com `flock` para exclusão mútua. Sem banco, sem fila. Quando você aprova:

```bash
core/harness-evolve.sh approve EVO-0003
```

Esse comando extrai o bloco diff do arquivo de proposta, roda `git apply --check`, aplica com `git apply --index`, faz commit, atualiza o frontmatter para `status: applied` e dispara Telegram. Tudo em shell. Zero LLM no caminho de aplicar.

Eu rodo sábado 09:00 porque a segunda-feira do Strategist já passou tempo suficiente para os logs estarem frescos, e o fim de semana é quando eu tenho 5 minutos para decidir aprovar ou rejeitar. Proposta chegando segunda 08:00 é proposta que vai me forçar decisão no início da semana de trabalho. Sábado 09:00 chega com café na mão.

## EVO-0003 — o que ele desenterrou

A terceira proposta de verdade do Evolver, `EVO-0003`, foi a que descrevi no começo. O arquivo está no disco e estou relendo enquanto escrevo isso.

A seção de observação citava os dois logs do meu Strategist, o "3 semanas seguidas em observação, decisão na próxima semana" e o "dados insuficientes, observar na próxima semana". Depois calculou a engagement rate a partir do `article-performance.jsonl` e mostrou que o limite tinha sido rompido havia pelo menos 4 semanas. Depois argumentou que a regra original era ruim por 3 motivos:

1. A fórmula não estava explícita. "Taxa de Reaction" era por artigo ou agregada? O Strategist conseguia calcular qualquer uma das duas, e essa ambiguidade dava espaço para postergar
2. A condição "4 semanas seguidas" ficava ambígua quando os dados semanais eram fininhos
3. A ação no disparo — "propor revisão de título e ângulo" — era abstrata o suficiente para o Strategist cumprir em uma frase e seguir em frente

A proposta substituiu a regra por isso:

> Engagement rate = (soma de reactions + comments dos últimos 4 semanas de artigos) / soma de views. O Strategist precisa calcular toda semana e registrar no log. Se ficar abaixo de 1.5% por 4 semanas seguidas, na semana seguinte 4 dos 5 artigos têm que estar no formato "número + primeira pessoa + narrativa de fracasso". Títulos abstratos estão proibidos.

Patch de 20 linhas. Aprovei terça-feira 14:04 via `/harness-evolve approve EVO-0003`. O shell rodou `git apply --index` contra `strategy.md`, criou o commit, atualizou o frontmatter para `status: applied` e mandou Telegram. Na segunda seguinte o Strategist rodou com a regra nova e calculou engagement rate de 1.35% no log sem ninguém pedir. A frase "dados insuficientes" sumiu.

A parte que quero ser honesto: o Strategist não estava agindo de má fé. Não estava nem quebrado. Era um agente competente seguindo uma regra estruturada para permitir adiamento. Isso é uma falha da regra. A tarefa do Evolver é pegar falhas de regra, porque mais nada no arnês foi montado para isso.

## Limites para não deixar Evolver virar bicho solto

No segundo que você fala "agente que reescreve o arnês", alguém na sua cabeça precisa levantar a mão e perguntar "o que impede ele de se reescrever virando otimizador de clipe?". Várias coisas, todas de propósito.

O Evolver não pode tocar em algumas categorias de decisão. Adicionar ou remover domínio. Trocar idioma. Mudar o critério de qualidade do texto. Qualquer coisa que envolva licença, autoria ou segurança. O `.env`, o diretório de credenciais, os gatilhos de publicação. Se algumas dessas estivessem no escopo dele, eu não deixaria rodar sozinho de sábado de manhã.

Dentro do que ele pode tocar, três limites numéricos seguram a coisa.

- diff de até 20 linhas por proposta. Maior que isso, divide ou vira escalation
- 2 propostas por semana por domínio. A 3ª espera o próximo sábado
- 3 rejeições seguidas no mesmo tema dispara mute automático. O Evolver para de re-propor a mesma ideia depois de eu falar não três vezes

O terceiro é o que eu acho que a literatura geral sobre "self-improving agent" subestima. O sinal interessante num log de `reject` não é a proposta, é o motivo. "MCP ainda é o gênero principal de venda de livro, não dá para cortar" é um tipo de contexto de negócio que nunca foi escrito no `strategy.md`. Depois de 3 semanas rejeitando propostas de cortar MCP com esse mesmo motivo, o Evolver para de propor cortar MCP. Contexto implícito de fundador vira comportamento explícito do arnês só pela acumulação de motivos-de-rejeição.

## Sequela direta do post de 3 camadas

A separação Observer/Strategist/Marketer eu já escrevi em [outro artigo](https://kenimoto.dev/pt/blog/tres-papeis-observer-strategist-marketer-separacao). Aquele era sobre "de 1 agente para 3 agentes, 20 minutos viraram 3". Este aqui é sobre **reescrever a regra que essas 3 camadas seguem**.

A separação em 3 camadas era pela velocidade e previsibilidade. A 4ª camada é por prestação de contas. Mais do que "adicionei 1 camada acima das 3", é "derrubei a hipótese implícita de que a regra é fixa".

## O que ainda não construí

O Evolver atual audita um domínio por vez. Nos meus 4 domínios (devto, qiita, zenn, kenimoto-dev) escrevo versões diferentes de `strategy.md`, e a maioria tem critérios de saída com estrutura parecida. Um Evolver cross-domain poderia notar que a mesma estrutura de regra está falhando em 2 domínios e propor um conserto unificado. Não fiz ainda. Está na lista.

A outra coisa na lista é a recursão óbvia. Quem audita o Evolver? Por enquanto a resposta é "eu, cada approve/reject é um sinal humano". A resposta longa é "ainda não sei". Se as propostas começarem a ter viés sistemático — sempre limites mais apertados, sempre cortar o mesmo gênero — esse viés é real e vai precisar de uma 5ª camada que vigia a 4ª. Ainda não vi. Pode ser que só veja perto do `EVO-0050`. Quero ver o viés antes de adicionar mais uma camada só para me sentir seguro.

Por enquanto: 3 agentes que seguem regras, 1 agente que audita as regras, 1 humano que aprova a auditoria. É o arnês mais enxuto que achei capaz de pegar a própria enrolação.

A definição de "arnês" em 5 frameworks (OpenAI, Anthropic, LangChain, Martin Fowler, academia), os AGENTS.md de 2 a 100 linhas, e o capítulo de Self-Evolving Agents que o Evolver vive — tudo está em **[Harness Engineering: De Usar IA a Controlar IA](https://kenimoto.dev/pt/books/harness-engineering-guide)**.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/pt/) · [TabNews](https://www.tabnews.com.br/kenimo49)*

---

# Reuniões de tech selection levavam 90 min no meu time. 5 min de silêncio cortaram pra 35.

URL: https://kenimoto.dev/pt/blog/reunioes-tech-selection-90-para-35-minutos-brainstorm-silencioso/
Lang: pt
Date: 2026-05-24
Description: Toda reunião de seleção tecnológica do meu time durava 90 minutos e terminava com a opção que o tech lead falou primeiro. Coloquei 5 minutos de silêncio no início para cada um escrever a própria preferência antes de qualquer fala. As reuniões caíram para 35 minutos e o resultado mudou em 4 das 6 últimas decisões. Esse post é sobre o porquê e o como, com a conta em R$ por reunião.

Nossa reunião de seleção tecnológica começava assim: "então, qual framework a gente vai usar?". Aí o tech lead falava "eu prefiro o Spring". E pronto, 89 minutos para confirmar Spring.

Isso aconteceu o suficiente para eu começar a contar. Em seis meses, tivemos 11 reuniões desse tipo, com 8 a 10 pessoas cada, duração média de 90 minutos, e em 9 das 11 a opção escolhida foi a primeira que o tech lead mencionou. Resultado tecnicamente ruim, eu não sei. Resultado psicologicamente previsível, com certeza.

Em janeiro eu mudei uma coisa só. Cinco minutos de silêncio no começo da reunião. Cada um escreve a própria preferência em um post-it digital, sem ver o que os outros estão escrevendo, e revela tudo ao mesmo tempo. Depois disso, discute.

As próximas seis reuniões duraram em média 35 minutos. E em 4 das 6 a decisão foi diferente da preferência inicial do tech lead. Esse post é sobre por que isso funciona, qual é a estrutura mínima, e o quanto custava o jeito antigo em R$.

## O que o tech lead estava fazendo (sem saber)

Efeito de ancoragem é o nome psicológico do que estava acontecendo na minha reunião. A primeira pessoa a falar define um número, uma opção, uma direção, e a discussão seguinte fica girando em torno disso. Mesmo que essa primeira opção seja a errada, sair dela exige que alguém defenda ativamente uma alternativa, e defender ativamente uma alternativa contra a posição do tech lead é caro psicologicamente.

A cena típica do meu time: design review de um serviço novo. O tech lead abre com "vamos de microsserviços, é mais escalável". A discussão seguinte assume microsserviços. As 87 perguntas que vêm depois são todas do tipo "qual orquestrador?", "como vai ser o service mesh?", "quem vai cuidar do tracing distribuído?". Ninguém volta e pergunta "espera, monolito modular não resolveria com 1/4 do esforço?". Não porque a resposta seria não. Porque para fazer a pergunta você precisaria sentir que tem espaço para questionar a âncora, e a âncora veio do tech lead.

Eu mesmo fiz isso várias vezes do outro lado. Tinha opinião diferente, ficava pensando "será que vale interromper?", e quando finalmente decidia que valia, a discussão já tinha pulado três tópicos pra frente. Aí calava.

Não é falta de coragem. É como o cérebro de grupo funciona em uma sala de reunião. O experimento de Asch (1951) mostrou que mesmo diante de uma resposta visualmente errada, se todo mundo ao redor concorda, a pessoa também concorda. Em reunião de tech selection, ninguém precisa nem concordar explicitamente, só precisa não discordar. E o silêncio do "não discordar" é interpretado como consenso.

## A intervenção: 5 minutos de silêncio

O que eu coloquei foi simples. Cinco minutos no início de toda reunião de seleção tecnológica, com a regra "cada um escreve em silêncio a sua preferência, com 2 ou 3 linhas de justificativa, antes de qualquer pessoa falar".

Ferramentas que funcionam: Miro com post-its escondidos até o reveal, ou um documento compartilhado onde cada um escreve em uma seção própria sem ler as outras, ou no caso mais low-tech, post-it físico com tampa de papel. O que **não** funciona é "todo mundo escreve em silêncio no Slack do time". Slack é público em tempo real, então a primeira pessoa que escreve ancora todos os outros antes do reveal. Quebra a intervenção inteira.

A regra do reveal é "todos mostram ao mesmo tempo". Depois disso, abre a discussão. Quem está em minoria fala primeiro. Esse último detalhe importa: se a maioria fala primeiro, a pressão de conformidade volta a pressionar a minoria a recuar, e a intervenção do silêncio inicial é desperdiçada.


## O que mudou em 6 reuniões

As seis reuniões depois da mudança tinham assuntos parecidos com as anteriores: escolha de framework backend, escolha de ferramenta de observabilidade, decisão sobre adotar Kubernetes ou ficar em ECS, escolha de message queue, e duas decisões de migração de banco. Time praticamente o mesmo, salas iguais, tech lead igual.

**Duração média: 35 minutos**, contra 90 antes. Não é mágica. É que metade do tempo das reuniões antigas era pessoas perguntando "mas e se a gente fizesse X?" quando X tinha sido escrito por elas mesmas no início mas não dito, e aí elas estavam tentando re-injetar a ideia depois que a âncora do tech lead já tinha desviado a conversa. Com a escrita silenciosa, X já está na mesa desde o minuto 5. Não precisa ser reinjetado.

**Decisão diferente da preferência inicial do tech lead em 4 das 6**. Foi o que me surpreendeu mais. O tech lead não mudou. Ele continuou tendo preferências fortes no minuto 5. Mas no minuto 5, quando ele revelava a preferência dele, três outros já tinham revelado preferências diferentes, e era ele quem tinha que defender ativamente a posição, não os juniores. A simetria muda tudo.

**Distribuição da fala mais plana**. Eu medi isso de forma rudimentar, contando minutos por pessoa em duas reuniões antes e duas depois. Antes, o tech lead falava 38% do tempo total. Depois, 22%. O que aumentou foi a fala dos plenos e juniores, que antes ficavam abaixo de 5% cada.

## A conta em R$

Vamos converter para reais, porque é assim que minha equipe entendeu por que valia a pena defender o ritual contra o "mas isso é estranho, ninguém faz" inicial.

| Item | Antes | Depois |
|------|-------|--------|
| Duração média | 90 min | 35 min |
| Pessoas por reunião | 8 | 8 |
| Tempo de time por reunião | 12 horas-pessoa | 4,7 horas-pessoa |
| Custo por hora-pessoa | R$ 80 | R$ 80 |
| Custo por reunião | R$ 960 | R$ 374 |
| **Economia por reunião** |  | **R$ 586** |

Onze reuniões em seis meses, com economia de R$ 586 cada, dá **R$ 6.446 de tempo de equipe economizado em meio ano**. Por ano, R$ 12.892. Não é fortuna, mas é mais do que paga uma licença de Miro para o time inteiro durante anos. E essa é só a parte mensurável em tempo. Não conta as decisões melhores, o desgaste evitado do júnior que falou e foi ignorado, e o tech lead que para de levar para casa a sensação ruim de "minha opinião é tratada como ordem mesmo quando eu não quero".

## O que dá errado

Eu seria desonesto se não falasse das vezes em que não funcionou.

**Reunião com pessoas que não escrevem rápido.** Cinco minutos é apertado para alguém pensar e escrever uma justificativa. Aumentei para sete em times mais distribuídos, com falantes não nativos da língua da reunião, e voltou a fluir.

**Tech lead que lê os post-its dos outros antes do reveal.** Aconteceu uma vez. A pessoa achou que "facilita a discussão" preparar a resposta de antemão. Não facilita, atropela a intervenção inteira. Tive que falar diretamente. Funciona quando todo mundo combinou que a regra é não-bisbilhotar, e isso depende de segurança psicológica, que é um pré-requisito que nem todo time tem.

**Discussões muito técnicas que precisam de demonstração.** Em design review com diagrama, a escrita inicial não é "qual a sua preferência", é "quais as três perguntas que você faria sobre esse diagrama". Adaptação pequena, funciona igual.

**Reunião urgente de incidente.** Não use. Em incidente, a estrutura precisa ser hierárquica e rápida, não democrática e lenta. A intervenção é para decisões de baixa urgência e alta reversibilidade.

## A versão Amazon do mesmo princípio

O memo de 6 páginas da Amazon é a versão extrema dessa mesma ideia. Em vez de cinco minutos de silêncio, a Amazon começa toda reunião importante com 30 minutos de leitura silenciosa de um documento de proposta. Mesmo princípio: garantir que cada pessoa formou a própria opinião antes de receber influência alheia.

Eu acho a versão de cinco minutos melhor para o dia a dia, porque escrever um memo de seis páginas para toda reunião é caro demais e o time vai parar de fazer. Cinco minutos de post-it é barato o suficiente para virar ritual.

Mas se você lê esse post e acha que cinco minutos é pouco demais para o time que você tem, sobe para 10. O que **não** dá pra fazer é zero. Zero é o que eu tinha. Zero é como 9 das 11 decisões serem o que o tech lead falou primeiro. Zero é o que faz uma reunião de 90 minutos servir para confirmar o que poderia ter ido pro Slack em 3 mensagens.

A intervenção é uma só, custa cinco minutos, funciona em quase todo time onde existe um mínimo de segurança psicológica. Tente uma vez. Mede a duração. Conta os post-its diferentes do que o tech lead escreveu. Aí você decide se vale.

Esse capítulo é parte de um livro maior em PT-BR sobre psicologia aplicada à engenharia: **[Manual completo dos truques psicológicos para engenheiros](https://kenimoto.dev/pt/books/engineer-psychology-tricks)**. O capítulo 11 é sobre reuniões e consenso. Aqui eu peguei só o ponto da ancoragem com o brainstorm silencioso, do meu jeito, com os números do meu time.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/pt/) · [TabNews](https://www.tabnews.com.br/kenimo49)*

---

# O passo mais valioso da revisão de código por IA não usa IA nenhuma

URL: https://kenimoto.dev/pt/blog/revisao-codigo-ia-passo-sem-ia-tree-sitter/
Lang: pt
Date: 2026-06-05
Description: Por anos eu achei que revisão de código por IA era jogar o repositório inteiro no modelo e rezar. O passo que mais melhorou a qualidade não chama LLM: o Tree-sitter monta o grafo de chamadas local, o blast radius acha os 7 arquivos que importam, e o contexto cai de 150k pra 18k tokens. De graça e offline.

Por anos eu achei que revisão de código por IA era basicamente um ritual: jogar o repositório inteiro no modelo e rezar pra ele achar o bug. Quanto mais arquivo eu empurrava "por garantia", mais seguro eu me sentia. A conta de API dizia outra coisa, mas eu ignorava.

Aí eu descobri uma coisa que me incomodou. O passo que mais melhorou a qualidade da minha revisão por IA é justamente o passo que **não chama IA nenhuma**.

Vou explicar, porque a parte interessante não é "use a ferramenta X". É que a engenharia de verdade estava acontecendo antes da IA entrar, num lugar que eu nem olhava.

## O que eu fazia antes (e por que doía no bolso)

O fluxo antigo era esse: abria o PR, pegava o diff, e pra "ter contexto" jogava no modelo o arquivo modificado mais uns 50 arquivos do entorno. Tudo que parecia relacionado ia junto. O modelo lia tudo, gastava um caminhão de token, e devolvia uma revisão mais ou menos.

O problema é que jogar mais arquivo não deixa a revisão melhor. Deixa pior. O modelo se distrai com código que não tem nada a ver com a mudança, e o ponto crítico se dilui no meio do barulho. Eu estava pagando, em dólar, pra piorar minha própria revisão.

## A base de código já é um grafo

A virada veio quando parei de tratar o código como um monte de texto e comecei a tratar como o que ele de fato é: um grafo.

Uma função **chama** outra. Uma classe **herda** de outra. Um módulo faz **import** de outro. Isso não é metáfora, é a estrutura real do seu repositório. E se você torna esse grafo explícito, a pergunta que todo revisor faz na cabeça ("se eu mexer aqui, o que mais quebra?") passa a ter resposta em segundos, não em meia hora de garimpo.

Quem monta esse grafo é o **Tree-sitter**: a biblioteca que faz parsing do código pra árvore sintática (AST). Ela roda 100% local, é determinística e (o ponto inteiro deste texto) **não usa LLM**. O ecossistema saiu das 19 linguagens iniciais pra mais de 40 com parser oficial, e os pacotes da comunidade já empacotam [mais de 300 gramáticas](https://pypi.org/project/tree-sitter-language-pack/). Dá saudade da época do grep no nome da função, adivinhando "deve ser por aqui que chamam". O Tree-sitter troca o "deve ser" por "é".

## O passo sem IA: blast radius

Com o grafo montado, a operação que faz a mágica chama **blast radius**: o escopo de impacto de uma mudança.

Você aponta pro arquivo que mudou (Hop 0), e o grafo colore o que é afetado pela distância em saltos: dependência direta (Hop 1), indireta (Hop 2), e por aí. O resultado é a lista enxuta dos arquivos que a sua mudança realmente toca: sete, em vez dos cinquenta que eu empurrava por medo.

```
Mudança: auth.py

Hop 0: auth.py
Hop 1: middleware.py, api/login.py, api/register.py
Hop 2: tests/test_auth.py, tests/test_login.py
Hop 3: conftest.py

Arquivos afetados: 7
```

Nada disso passou por um modelo. É AST determinístico rodando na sua máquina, de graça. A primeira vez que liguei isso, perguntei o escopo de impacto de um arquivo e em dois segundos voltaram 7 arquivos, praticamente o mesmo resultado que eu tinha levado 30 minutos pra montar no grep. Fiquei grato pela resposta e levemente ofendido pelos meus 30 minutos.

## O número que muda a conta

Aí sim a IA entra, mas só nos 7 arquivos que importam, e não nos 50 do começo.

```
Antes: arquivo modificado + 50 do entorno = 150.000 tokens
Com o grafo: arquivo modificado + 7 do blast radius = 18.000 tokens

Redução: 8,3x
```


Pra quem paga API em dólar e fatura em real, essa diferença não é detalhe. Num PR grande, revisado várias vezes ao dia, a distância entre 150k e 18k por revisão é a distância entre alguns reais e alguns centavos por PR. E o trabalho pesado (montar o grafo, achar o escopo) sai zero, rodando offline. O caro virou barato porque a parte cara deixou de usar o recurso caro.

Vale separar uma coisa, porque já [troquei RAG por grep numa busca de código antes](https://kenimoto.dev/pt/blog/construi-rag-deletei-grep-venceu/) e não é a mesma história. Lá o assunto era achar o código certo. Aqui é entender o impacto de uma mudança que você já fez. Camadas diferentes do mesmo problema: deixar a IA focar no que importa em vez de ler tudo.

## Por que isso é meio contraintuitivo

A intuição diz que a inteligência da revisão mora no modelo. Quanto mais esperto o LLM, melhor a revisão. Faz sentido, e está errado.

O que mais melhorou a minha revisão não foi um modelo melhor. Foi um passo determinístico, gratuito e local, que decide **o que** o modelo vê. O LLM que eu achava ser o cérebro da operação é, na prática, o estagiário: bom no julgamento final, mas perdido se você entope a mesa dele de papel. Quem faz o trabalho braçal (separar os 7 arquivos certos dos 50) é o Tree-sitter, que trabalha de graça e não reclama.

A IA não vira dispensável. O ponto é que o passo mais valioso vem antes dela, e custa zero.

## Fechando

Eu passei anos achando que revisão por IA era sobre ter o modelo mais inteligente possível. Era sobre não fazer o modelo inteligente ler lixo.

O grafo de código resolve isso com um passo que não chama IA: Tree-sitter monta a estrutura, o blast radius acha os arquivos que a mudança toca, e só então a IA revisa esses. 150k vira 18k, 8,3x, offline e de graça. Da próxima vez que sua conta de API doer numa revisão de PR, lembra: a parte que mais pesa na qualidade é a parte que você pode rodar sem gastar um centavo de token.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/pt/) · [TabNews](https://www.tabnews.com.br/kenimo49)*

---

# Skills do Claude Code consomem tokens mesmo sem disparar. Medi 5 Skills em 7 horas — os 3 que nunca rodaram comeram 11% da conta.

URL: https://kenimoto.dev/pt/blog/skills-3-dormentes-18-tokens/
Lang: pt
Date: 2026-05-30
Description: Carreguei 5 Skills no Claude Code por 7 horas. 3 nunca dispararam, mas levaram 11% dos meus tokens (R$ 121/mês equivalentes na conta Max). A medição completa, o JSON do usage e a auditoria que derrubou esse número.

Eu achava que Skill do Claude Code era um upgrade grátis em cima dos meus custom commands. Não é grátis. É aluguel.

Essa frase é o artigo inteiro em quinze palavras. O resto é eu mostrando os comprovantes.

Numa terça-feira eu rodei uma sessão única do Claude Code por 7 horas seguidas com 5 Skills carregadas: revisor de PR, helper de migração TypeScript, validador de migração de banco, rastreador de log e limpador de CSV. Três delas **nunca dispararam uma única vez** no dia. Eu revisei o log de invocação duas vezes porque não acreditei. Mesmo assim, essas três sozinhas levaram cerca de **11% do total de tokens da sessão**. Somando com as duas que de fato rodaram, Skills ficou com **18%** da conta.

Antes desse dia eu vinha dizendo pros colegas que "Skill só custa quando dispara, então pode deixar tudo carregado". Estava errado. E errado de um jeito que dá pra medir em reais.

## Como Skills carregam de verdade

Tá tudo na documentação. Eu tinha lido por cima.

Quando a sessão começa, o Claude Code lê todas as Skills no escopo. O que entra no contexto nesse momento é só o `name` e o `description` do frontmatter do `SKILL.md`. O corpo da Skill **ainda não** entra. O corpo só carrega quando o Claude decide que o `description` casa com o seu prompt, ou quando você digita `/nome-da-skill` na mão. Uma vez carregado, o corpo fica no contexto até a sessão acabar ou a compaction rodar.

A parte que eu não tinha internalizado: **o `description` está no contexto a cada turno**. Não só na abertura da sessão. Cada mensagem sua, cada resposta do Claude, o `description` de toda Skill carregada continua ali, como parte do prompt. Cinco Skills com `description` de ~300 tokens dá ~1.500 tokens de "olha o que essas Skills sabem fazer" sendo recobrados em cada turno.

Numa sessão de 80 turnos, esse mesmo bloco de texto é pago 160 vezes. Cada um é pequeno. Mas é constante. É a Skill cobrando aluguel.

## A sessão que medi

Eu uso Claude Code como ferramenta principal de trabalho. No dia da medição foi uma terça normal: triagem de PR de manhã, refactor longo de tarde, shell exploratório no fim do dia. Sessão única, mantida aberta o tempo todo, com `--output-format json --verbose` passando por um wrapper de log que gravava o campo `usage` de cada resposta.

As 5 Skills que estavam em `~/.claude/skills/`:

| Skill | tamanho do description | função | disparou? |
|-------|---:|--------|:---:|
| `review-pr` | ~310 tokens | fluxo de revisão de PR | sim (11 vezes) |
| `migrate-ts` | ~290 tokens | helper de migração TS | sim (2 vezes) |
| `migrate-db` | ~340 tokens | validador de migração DB | não |
| `trace-logs` | ~270 tokens | rastreio de padrões em log | não |
| `clean-csv` | ~280 tokens | receitas de limpeza de CSV | não |

Total de description carregado por turno: ~1.490 tokens de metadado de Skill, sentado em cima do CLAUDE.md, do contexto do projeto e da conversa viva.

A sessão durou 7h12, 84 turnos, ~2,1 milhões de tokens de entrada e saída no total (prompt caching ligado quase o tempo todo).

## O comprovante

Quebrei o consumo em três categorias: total, "o que teria sido sem Skills" (estimativa subtraindo o overhead de description e o corpo dos dois que rodaram) e a diferença. Os números reais:

| Categoria | Tokens | Fatia |
|-----------|------:|------:|
| Conversa, CLAUDE.md, leitura de código | 1.720K | 82% |
| Skills ativas (`review-pr` + `migrate-ts`) | 147K | 7% |
| Skills dormentes (descriptions, 3 nunca dispararam) | 231K | 11% |
| **Total** | **2.098K** | **100%** |

As duas Skills que trabalharam custaram 7%. Tudo bem. Elas me pouparam pelo menos esse mesmo tanto em prompt que eu não tive que redigitar.

As três que nunca casaram com nada custaram 11%. Retorno: zero. Com prompt caching ativo, o custo de description por turno é parcialmente absorvido, mas só parcialmente: cada vez que o meu prompt muda, a fronteira do cache se move, o description é re-tokenizado e entra no `input_tokens` do billing. Onze por cento.

Em conta de Claude Code Max ($200/mês ≈ R$ 1.100/mês), 18% é **R$ 198/mês**. Desses, R$ 121/mês são as três dormentes. Eu estava pagando esse valor para manter três arquivos de texto no contexto. Eu nem tenho coragem de comentar isso na padaria.


## A auditoria do dia seguinte

Na manhã seguinte rodei a mesma carga de trabalho (mesmo conjunto de PRs, mesmos tipos de prompt) com apenas as duas Skills que tinham disparado no dia anterior. Consumo total: ~1.872K tokens. Queda de ~11% em relação à véspera. Dentro do ruído de "dois dias nunca são iguais", o número bate com o aluguel que as três dormentes vinham cobrando.

Se você quer fazer essa mesma medição na sua máquina, basta envelopar o `claude` num wrapper que lê o JSON do `usage`:

```bash
claude -p "$SEU_PROMPT" --output-format json --verbose \
  | jq '{input: .usage.input_tokens, cached: .usage.cache_read_input_tokens, output: .usage.output_tokens}'
```

A linha que importa é `input_tokens`. Se ela tem uma deriva pra cima depois que você adiciona uma Skill nova, você está pagando aluguel de description.

## Por que isso me pegou de surpresa

Eu tratava Skill como `import` em linguagem de programação: custo zero até ser chamada. `import` é grátis porque o compilador descarta o que não foi referenciado. O Claude Code não pode descartar. O `description` é justamente o material que ele usa pra decidir se chama ou não. Se o `description` fosse lazy-loaded, ele nem teria como decidir disparar a Skill em primeiro lugar.

É uma escolha de design coerente. É a escolha certa, inclusive. Mas a consequência é que o custo marginal de "ter uma Skill instalada e nunca usada" não é zero. É um imposto por turno que vai se somando ao longo da sessão.

Não confunda isso com Hook. Hook é disparado de propósito pelo Claude Code em resposta a eventos: pre-tool, post-tool, session-end. Hook não fica descrito no system prompt pra matching nenhum, fica configurado no `settings.json` e o harness chama quando precisa. **Hook que nunca dispara custa zero de verdade. Skill que nunca dispara custa description × cada turno.** São mecanismos diferentes que ficam encostados no mesmo Claude Code.

Também não é a mesma coisa que MCP server inativo. Um MCP server inscreve a lista completa de ferramentas no system prompt na abertura da sessão (um único estudo público mediu ~27.000 tokens por servidor), mas isso é custo fixo por servidor, não por turno. Skill é menor por item, mas tende a ser em maior quantidade, e o "× cada turno" multiplica.

## Checklist: auditar suas Skills em 5 passos

Virou rotina mensal aqui. 10 minutos.

1. **Lista todas as Skills no escopo.** `ls ~/.claude/skills/`, mais o `.claude/skills/` do projeto, mais qualquer Plugin. Anota num arquivo.
2. **Pra cada Skill, descobre a última vez que ela disparou.** Se você loga sessões com `--output-format json`, basta um `grep` pelo nome da Skill nas entradas de tool-use. Se você não loga, vai depender da memória, e a memória mente.
3. **Marca como "candidata" toda Skill sem disparo nos últimos 30 dias.** Não deleta ainda. Só sinaliza.
4. **Move a candidata pro sótão por uma semana.** Aqui eu literalmente faço `mv ~/.claude/skills/<name>/ ~/.claude/skills-atico/`. Trabalha uma semana sem ela. Se não fez falta, era aluguel.
5. **Re-mede o `input_tokens` na linha de base.** Mesmo tipo de carga, sem as candidatas carregadas. Se a linha caiu de forma visível, você acabou de descobrir a economia.

A armadilha que dá pra evitar: **não delete a candidata na hora**. Tem Skill que não dispara há 30 dias porque você usa só num fechamento trimestral que você esquece. "Pro sótão" é o meio-termo seguro.

## O que mudei aqui

Três Skills foram pro sótão. Uma volta no mês que vem porque tenho migração de banco programada. As outras duas, provavelmente ficam por lá. As duas ativas continuam.

A sessão que estou rodando agora pra escrever este artigo também tá só com duas Skills. A linha do `input_tokens` por turno ficou plana de um jeito que ela não era antes (vinha subindo de leve). 11% parece pouco quando você fala em voz alta. R$ 121/mês só com três arquivos de texto sentados no contexto sem disparar tem outra cara. Em conta de API metered, depende do uso, mas é a mesma história em formato diferente.

Quem mantém muitas Skills carregadas não tá errado de gostar da praticidade. Só precisa saber que essa praticidade tem um imposto por turno, e que o imposto é invisível até você decidir ir conferir.

A frase que vou colar no monitor: **carregada ≠ ativa ≠ paga só quando usa.**

Roda o `claude -p` com `--output-format json` uma vez e olha o `usage.input_tokens`. O número está ali há um tempão, contando essa história. Eu é que não estava prestando atenção.

A camada de design de Skills, allow-list por papel, e os padrões de operação do Claude Code que mantém o overhead de token sob controle estão em **[Practical Claude Code](https://kenimoto.dev/pt/books/claude-code-mastery)** — o capítulo de Skills é o que mais releio antes de adicionar uma nova.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/pt/) · [TabNews](https://www.tabnews.com.br/kenimo49)*

---

# Eu me recusei a escrever spec até o Claude gerar o código errado 3 vezes

URL: https://kenimoto.dev/pt/blog/spec-driven-development-claude-code-3-falhas/
Lang: pt
Date: 2026-05-09
Description: Passei 6 meses chamando spec-driven development de 'overhead'. Aí o Claude Code escreveu três vezes seguidas um sistema de cupom que aplicava desconto em si mesmo. Conta o que esses 15 minutos de OpenAPI me devolveram.

Todo mundo no Twitter dev brasileiro diz que spec é overhead. Eu fui um deles, durante seis meses. Aí o Claude Code gerou três vezes seguidas um sistema de cupom que aplicava desconto em si mesmo, e eu fui calado para um arquivo YAML como quem perde uma discussão para a realidade.

Esse post é sobre essa discussão. E sobre o que 15 minutos de OpenAPI me compraram em 2026, num momento em que metade da bolha "vibe coding" ainda fala "é só promptar".

## O que eu estava fazendo errado

O fluxo era o que todo mundo já tentou. Abrir o Claude Code. Digitar "monta um checkout com desconto de membro e campo de promo". Olhar o agente gerar 400 linhas de Flask com confiança. Rodar. Falhar. Repromptar. Receber outras 400 linhas. Repetir até eu perder a paciência ou subir alguma coisa que mais ou menos funcionava.

O sistema de desconto foi onde a roda saiu. Pedi "10% de desconto de membro, promo code somável, máximo 30% no total". O Claude Code entregou uma função que, num pedido de membro com promo, tirava 10%, depois tirava mais 10% sobre o total já com desconto, e aí aplicava o promo. O promo, no meu schema, era também elegível para desconto de membro, porque eu não tinha falado para ninguém que membros são pessoas e promo é item. O sistema, educado, deu cupom para o cupom.

Aqui no Brasil a gente tem uma palavra para isso: gambiarra. A diferença é que essa gambiarra foi escrita em três minutos por uma IA que estava convicta de estar acertando.

Sim, eu sou o engenheiro que postou "é só promptar" semana passada e gastou 5 idas e voltas de PR explicando o que "só" queria dizer.

## Os 15 minutos de spec

Por teimosia, fui fazer aquilo que eu chamava de overhead. Escrevi um OpenAPI. Endpoint, formato do request, formato do response, códigos de erro, restrições em cada campo. Levou 15 minutos.

```yaml
paths:
  /api/orders:
    post:
      requestBody:
        application/json:
          schema:
            customer_id: string
            items: array of OrderItem
            promo_code: string | null
      responses:
        201:
          schema:
            order_id: string
            subtotal: integer (minimum 0)
            member_discount: integer (0..subtotal * 0.1, integer)
            promo_discount: integer
            total: integer
            applied_rules: array of string
        400:
          schema:
            error: { code, message }
```

Depois escrevi um Gherkin com três cenários. Membro sem promo. Não-membro com promo. Membro com promo onde o teto de 30% trava.

```gherkin
Cenário: Membro com promo, limitado a 30% do total
  Dado um membro logado
  E um carrinho com subtotal de R$ 100
  Quando aplica o promo "OUTONO5"
  Então member_discount é R$ 10
  E promo_discount é R$ 20
  E total é R$ 70
  E applied_rules contém "membro" e "promo:OUTONO5"
```

Entreguei os dois arquivos para o Claude Code com uma frase: "implementa essas specs em Flask, com validação e tratamento de erro". Ele gerou uns 80% da implementação em 3 minutos. Os 20% restantes era lógica de domínio de verdade: o que conta como "somável", o que acontece no teto. Eu escrevi isso. E o spec deixou impossível me confundir sobre o assunto.

15 minutos de YAML para apagar 5 idas e voltas no PR. Eu tava economizando 15 minutos gastando 2 horas, na versão alta dessa bobagem.

## Por que funciona (e por que "é só promptar" não funciona)

Não é porque o Claude Code fica mais inteligente quando você dá mais texto. É porque você, ser humano, é forçado a pensar em coisas enquanto escreve o spec.

Quando eu escrevo `member_discount: integer (0..subtotal * 0.1, integer)`, eu me comprometi com a ideia de que o desconto de membro é no máximo 10% do subtotal, em centavos inteiros. O spec não consegue gerar uma versão que "aplica o cupom em si mesmo" porque o spec não tem um destinatário em forma de cupom para essa recursão. A ambiguidade morre no YAML, antes de virar um bug em Python.

Isso não é original. A onda de ferramentas spec-first de 2026 ([OpenSpec](https://github.com/Fission-AI/OpenSpec), [cc-sdd](https://github.com/gotalab/cc-sdd), [amux](https://amux.io/guides/spec-driven-development/), [Kiro](https://kiro.dev)) está toda construída em cima dessa observação. O GitHub Copilot Workspace nem deixa você pular o passo: ele gera uma "proposed specification" editável antes de tocar no código, porque o time que construiu descobriu que o spec é o único artefato do fluxo que humano consegue revisar de verdade.

Os AI assistants não diminuem o valor do spec. Eles convertem specs ruins em bugs caros mais rápido do que humanos jamais conseguiram.

## Os três padrões que valeram a pena

A versão livro disso são três padrões. Depois de viver com eles um trimestre, todos os três puxam carga.


**Padrão 1: OpenAPI para implementação.** Escreve o formato do endpoint. Entrega ao Claude Code. Recebe um stub que cobre 80% de CRUD, serialização, e os erros óbvios. Você adiciona a lógica de domínio na mão. É o caso pão-com-manteiga. É de onde vem o número "80%". Os 20% restantes são justamente o que te pagam para pensar.

**Padrão 2: Gherkin para step definitions.** Escreve cenários em Dado/Quando/Então. Entrega ao Claude Code com `pytest-bdd` ou `behave`. Recebe os esqueletos das steps. O movimento interessante aqui é que os mesmos cenários alimentam tanto o prompt de implementação quanto o de teste, então o agente não consegue divergir entre "o que o código faz" e "o que o teste verifica". Divergência é onde os bugs vão para a produção.

**Padrão 3: Spec para property tests.** A partir do schema OpenAPI (`price: integer, minimum: 0, maximum: 1.000.000`), pede ao Claude Code para gerar property-based tests com Hypothesis ou fast-check. Você ganha os boundary cases (`0`, `1_000_000`, `-1`, `null`, overflow) sem precisar lembrar de cada sabor de "o que pode dar errado com um inteiro". Esse é o que eu mais subutilizei nos últimos anos e do qual mais me arrependo.

## As armadilhas

Três coisas vão te morder se você não prestar atenção.

**Ambiguidade no spec escala linear com bugs na implementação.** Se seu OpenAPI diz `discount: number` em vez de `discount: integer (0..subtotal*0.1)`, o modelo vai chutar. Vai chutar diferente cada vez. Spec vago não é cabeça de vantagem; é uma fábrica de alucinação paga em horas-PR. SDD não é mágica. É uma forcing function sobre você.

**Nunca confie em código gerado sem revisar.** Bugs que eu subi em produção a partir de código gerado nos últimos três meses: uma SQL feita com concatenação de string (injection esperando acontecer), um JWT no `localStorage` (tinha que ser `httpOnly`), e um N+1 silencioso sobre uma tabela de mil linhas. O agente não escreveu nenhum desses por maldade. Escreveu porque nada no spec dizia "não". Specs precisam de uma seção de constraints. Se você quer ver o quão criativo um agente fica quando os constraints não estão lá, leia [meu post sobre 24 horas de agente autônomo](/pt/blog/agente-ia-24-horas-incidentes-seguranca/).

**O agente vai adicionar requisitos que você não pediu.** Vi o Claude Code adicionar autenticação num endpoint cujo spec dizia "público, só rate-limited". O agente leu Stack Overflow suficiente para achar que todo endpoint deveria ser autenticado, e silenciosamente meteu uma checagem. Specs precisam ser explícitas sobre o que o sistema *não* faz, não só sobre o que faz.

## LGPD e a explicabilidade da implementação

Aqui no contexto brasileiro tem um motivo extra para escrever spec, e é jurídico.

A LGPD exige que você consiga explicar como dados pessoais são tratados. Se o seu sistema de checkout calcula desconto baseado em "se é membro", esse fato é uma decisão automatizada sobre dados pessoais. Quando algum dia chega uma solicitação do titular perguntando "por que o desconto saiu R$ 30 e não R$ 50", você não vai querer responder "porque o Claude Code chutou".

Spec-first te dá um artefato auditável que diz, em texto: dados de entrada, regras aplicadas, saída esperada. Isso vale para ANPD, vale para auditoria interna, e vale para o seu sucessor no cargo daqui a 2 anos.

## Como eu escrevo specs hoje

O fluxo que sobreviveu ao contato com a realidade é desromantizado.

1. Esboço o endpoint em OpenAPI. Tipos de campo, ranges, obrigatório vs opcional.
2. Escrevo três cenários em Gherkin. Caminho feliz, edge case, caso de erro.
3. Adiciono uma seção `## Out of scope` no arquivo do spec. Modelo de auth. Rate limit. Cache. Qualquer coisa que o agente possa "ajudar" inventando.
4. Entrego os três para o Claude Code, com `CLAUDE.md` contendo as convenções do projeto.
5. Gero. Reviso o diff contra o spec, não contra a vibe.
6. Rodo os property tests que o spec gerou.

O resultado prático: PRs de 5 idas e voltas viraram PR de 1 ou 2. No nosso time, isso liberou meio dia por sprint que antes era gasto em "espera, o que você queria dizer com X". Meio dia por sprint, meses, soma rápido.

## O que eu falaria pro meu eu de seis meses atrás

Eu falaria pro meu eu de seis meses atrás que os 15 minutos de OpenAPI que ele se recusou a escrever custaram um fim de semana inteiro de "só mais um prompt". Falaria que spec-driven development não é metodologia que você adota porque alguma consultoria vendeu para o seu CTO; é o mecanismo mais barato conhecido para não brigar com um engenheiro júnior rápido, confiante e levemente bêbado.

E falaria: AI assistants não diminuem o valor do spec. Eles convertem specs ruins em bugs caros mais rápido do que humanos jamais conseguiram.

O spec é o pedal do freio. Sem ele, você ainda vai rápido. Você só vai rápido na direção que o training data do agente apontava por último.

---

A mesma ideia (sistema sobre pedido) aplicada à revisão de código virou livro recente, com hooks, CodeRabbit + AGENTS.md e o pipeline pronto pra copiar:

**Revisão de Código com Harness Engineering** — Kindle BR, R$ 24,99 → [amazon.com.br/dp/B0H2DB9YXD](https://www.amazon.com.br/dp/B0H2DB9YXD)

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/pt/) · [TabNews](https://www.tabnews.com.br/kenimo49)*

---

# Traduzi o blog pra 4 idiomas. O português pegou quase 4× o tráfego do inglês.

URL: https://kenimoto.dev/pt/blog/traduzi-blog-4-idiomas-portugues-4x-trafego/
Lang: pt
Date: 2026-05-21
Description: Em 22 dias: PT 748 PV, EN 195 PV, JA 27 PV, ES 7 PV. Achei que o ES ia dominar. Errado em todos os eixos. O que descobri sobre LLMO multilíngue.

Quando decidi traduzir esse blog pra 4 idiomas, eu tinha uma ordem clara na cabeça. Inglês ia ganhar no volume. Espanhol ia ser vice por causa do número de falantes. Japonês ia ficar estável porque é a minha língua nativa. Português eu botei meio que por completismo, achando que seria o último colocado.

22 dias depois, o snapshot do GA4 discorda de cada um desses chutes.


- **PT: 748 pageviews**, 709 sessões
- **EN: 195 pageviews**, 176 sessões
- **JA: 27 pageviews**, 29 sessões
- **ES: 7 pageviews**, 7 sessões

Isso é o PT puxando uns 3,8× o inglês, 28× o japonês e 107× o espanhol no mesmo blog, mesma cadência de publicação, mesma pessoa escrevendo. Um artigo em PT sozinho (o do agente autônomo de 24 horas, 375 PV) fez mais pageview que todo o blog em inglês somado.

Eu escrevi o post esperando o ES me surpreender. Quem apareceu pra me surpreender foi o PT, e o ES seguiu silenciosamente não existindo.

Antes de seguir: muito obrigado pra galera daqui do Brasil que tá lendo. Vocês são literalmente a razão desse texto existir, e a planilha embaixo prova isso de um jeito que dói no ego dos outros três idiomas.

## O contexto, pra você poder descontar meus números honestamente

Antes de mais nada, o setup é caseiro: um blog só, [kenimoto.dev](https://kenimoto.dev), com 4 diretórios de idioma (`/en/`, `/ja/`, `/pt/`, `/es/`). Os artigos passam por um pipeline de tradução com LLM e depois eu reviso à mão pra ajustar registro e localização (PT-BR vs PT de Portugal, espanhol LatAm-neutro vs espanhol da Espanha). A janela: 2026-04-30 até 2026-05-21, 22 dias de snapshot.

EN tem 26 artigos, JA tem 25, PT tem 17 e ES tem 10. Ou seja, o PT tem menos artigo que o EN e ainda assim ganha quase 4 a 1.

Se você parar de ler aqui, leva isso: **a assimetria de idioma engole a assimetria de quantidade de artigo**. Adicionar um post num idioma saturado é mais lento que adicionar um post num idioma vazio.

## Por que o PT disparou

Não é que o leitor brasileiro goste mais de mim, infelizmente. São três assimetrias empilhadas.


### 1. O TabNews é uma porta de entrada real que o inglês não tem

O [TabNews](https://www.tabnews.com.br/) é uma comunidade de dev BR onde você pode postar um artigo técnico e ser efetivamente lido por humanos no mesmo dia, sem já ter audiência. Não existe equivalente limpo em inglês. O Hacker News existe, mas a barreira pra você sem nome aparecer lá é absurdamente mais alta, e a superfície de tema é mais estreita.

Quando eu faço cross-post do mesmo artigo no TabNews (PT) e no Dev.to (EN), o TabNews entrega tráfego de referral consistente. O Dev.to entrega grilo, a não ser que você já tenha seguidor. Essa diferença aparece direto no GA4.

E pra ser claro: o mérito todo é do design da comunidade. Eu só apareci. O TabNews resolveu o problema do "descoberta de conteúdo de qualidade pra dev BR" de um jeito que ninguém resolveu pra dev de língua inglesa.

### 2. SERP de AI-search em português é mais fino

Conteúdo de LLMO em inglês é um mercado saturado. Tem milhares de artigos decentes brigando pelos mesmos prompts no ChatGPT, no Perplexity, no Gemini. O share of voice de um site pequeno é proporcionalmente pequeno.

Em português isso é bem mais fino. Quando uma engine de AI-search precisa de uma fonte em PT pra responder "spec-driven development com Claude Code", tem bem menos candidato pra escolher. A primeira resposta razoável em PT ganha. A primeira resposta razoável em EN fica enterrada.

Isso bate com o que ferramentas de visibilidade de AI multilíngues como o [Peec AI](https://llmpulse.ai/blog/best-ai-visibility-tools/) reportam: cobertura de idioma virou diferencial competitivo, porque a maioria das marcas otimiza inglês primeiro e nunca chega nos outros 114 idiomas.

### 3. Eu sou early-mover no `/pt/llms.txt`

A maioria dos sites grandes de dev BR ainda não publica llms.txt. Vários sites grandes de dev em espanhol LatAm também não. Eu publico `/pt/llms.txt`, `/es/llms.txt`, `/ja/llms.txt`, `/en/llms.txt` desde o dia zero. Em inglês isso é só higiene básica, todo mundo tem. Em português, ainda dá uma vantagenzinha.

Já escrevi antes sobre o caso da TRM que cresceu referrals do ChatGPT em 8.337% fazendo o básico de LLMO consistentemente. A versão multilíngue dessa lição é: o básico compõe mais rápido nos idiomas onde o básico ainda é raro.

## Por que o JA pegou 1/27 do PT (escrever isso doeu)

Japonês é minha língua nativa. Eu escrevo a versão JA do zero, sem tradução, então o texto é o mais limpo dos quatro. E o blog em JA pegou 27 pageviews. Vinte. E sete.

O motivo honesto é que o dev japonês majoritariamente lê [Qiita](https://qiita.com) e [Zenn](https://zenn.dev), não blog independente. Publicar no meu domínio em japonês é pedir pro leitor sair do habitat normal dele. Publicar o mesmo artigo no Zenn rende dezenas de leitura no dia 1.

Então a estratégia JA precisa mudar. O blog não vai brigar com Qiita/Zenn por tráfego humano JA; ele serve de arquivo canônico pra crawler de AI indexar, enquanto Zenn e Qiita fazem o trabalho de tráfego humano. É o oposto do lado PT, e tudo bem assim. Idioma diferente, distribuição diferente.

## Por que o ES tá em 7 pageviews e eu mereço a maior parte disso

O ES tem 10 artigos, traduções limpas em LatAm-neutro. O problema é a porta de entrada. Eu não tenho equivalente de TabNews pra postar. Stack Overflow en español existe mas o formato de comunidade não é o mesmo. [Platzi](https://platzi.com) e [Código Facilito](https://codigofacilito.com) são ótimos, mas não são plataformas abertas de publicação.

O ES tá num meio-termo estranho: a competição em AI-search também é mais fina que em EN (vento a favor), mas a porta de entrada da comunidade tá faltando (vento contra). Resultado: pageviews de um dígito. Ainda não tenho solução pronta. Os próximos 30 dias de experimento ES são pra achar um hub de publicação que não seja a plataforma fechada de uma empresa gigante.

## Checklist de LLMO multilíngue que eu queria ter no dia 1

Se você tá prestes a traduzir seu blog pra N idiomas, esse é o playbook que eu daria pro eu do passado:

1. **Pra cada idioma alvo, identifique a porta de entrada da comunidade antes de qualquer outra coisa.** Não o tamanho da audiência. A porta. Brasil tem TabNews. Japão tem Qiita/Zenn. Inglês tem Hacker News mas a barreira é brutal. Espanhol LatAm: eu ainda tô procurando.
2. **Publique `/{idioma}/llms.txt` no dia zero.** São 15 minutos por idioma. A maioria dos sites não-inglês não tem. É o moat mais barato que você vai construir, e o [llmoframework.com](https://llmoframework.com) inclusive trata isso como item central do playbook multilíngue.
3. **Configure os filtros de prefixo de idioma no GA4 antes de publicar.** Senão você passa o mês 2 fazendo retrofit de analytics em vez de escrever.
4. **Resista à vontade de traduzir tudo.** Traduz os 20% de artigos que mais provavelmente caem na porta de entrada da comunidade. O resto pode esperar até você validar o canal de distribuição.
5. **Trate o share of voice de AI-search de cada idioma como KPI separado.** Roda os mesmos prompts relevantes pra sua marca no ChatGPT, no Perplexity, no Claude.ai em cada idioma, mensal. As assimetrias são enormes, e só dá pra gerir o que você mede.

## O que vou fazer agora

- Dobrar a cadência de publicação em PT, de 1/semana pra 2/semana, pra medir se o referral do TabNews escala linearmente ou satura.
- Reenquadrar o JA: blog como arquivo pra crawler de AI, Zenn/Qiita como superfície de distribuição humana.
- Achar a porta de entrada de comunidade em ES que tá faltando, mesmo que pra isso eu tenha que experimentar em 3 hubs LatAm ao mesmo tempo.
- Deixar a cadência EN como tá. O mercado em inglês tá saturado; meu artigo marginal lá vale menos que meu artigo marginal em PT.

Se você tava resistindo a multi-idioma porque "não tenho tempo", considera o seguinte: o idioma com maior ROI no seu tempo pode não ser o de maior número de falantes. Pode ser o de menor competição na camada de AI-search e com a comunidade mais aberta de receber gente nova.

No meu blog, foi o português. No seu, pode ser indonésio, coreano, polonês. O único jeito de descobrir é publicar 1 artigo em cada, plugar o GA4 e ver qual é o primeiro que as engines de AI começam a citar.

A parte de "como medir quem cita o quê" (llms.txt, JSON-LD, KPIs de citação, comparação ChatGPT / Perplexity / Brave) eu destilei em 8 capítulos em **[LLMO Quickstart: Otimização para Busca por IA para Engenheiros](https://kenimoto.dev/pt/books/llmo-quickstart)**. É o "plugar o GA4 e ver" do parágrafo acima, no formato de fim de semana.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/pt/) · [TabNews](https://www.tabnews.com.br/kenimo49)*

---

# Dei WebSearch ao meu Strategist. 5 temas levaram 20 minutos. Separar em 3 agentes baixou pra 3.

URL: https://kenimoto.dev/pt/blog/tres-papeis-observer-strategist-marketer-separacao/
Lang: pt
Date: 2026-05-14
Description: Eu tinha um agente só fazendo tudo: observar dados, escolher temas, escrever artigos. Escolher 5 temas levava 20 minutos e queimava 120k tokens. Separei em Observer / Strategist / Marketer e caiu pra 3 minutos com 60% menos token. A arquitetura, o allow-list por papel e por que WebSearch no loop de decisão é uma armadilha.

Eu achava que um agente fazendo tudo era elegante. Uma chamada `claude -p`, "escolha os temas de hoje e escreva o principal", pronto. Levava 20 minutos pra escolher 5 temas.

Separei em três agentes e o mesmo trabalho passou a levar 3 minutos. O custo em tokens caiu uns 60%. Cada agente sozinho ficou mais burro. O pipeline inteiro ficou mais rápido.

O truque não é "mais agentes". O truque é tirar o WebSearch do agente que decide.


## O setup de 1 agente que levava 20 minutos

A configuração original era um prompt, um agente, uma execução:

> "Olha os dados do GA4 de ontem, escolhe 5 temas pra hoje e escreve o de maior prioridade."

O agente tinha `Bash, Read, Write, Edit, Grep, Glob, WebSearch, WebFetch` liberados. Tudo o que ele pudesse precisar.

Pra cada tema candidato, o agente fazia mais ou menos a mesma coisa: WebSearch pra ver "o que está bombando nesse nicho agora", WebSearch de novo pra confirmar a tendência, WebSearch uma terceira vez pra cruzar com o que o concorrente publicou. Cinco temas, três ou quatro buscas em cada, 15 a 20 buscas por execução. Cada busca despejava alguns milhares de tokens de resultado no contexto.

Quando o agente estava escolhendo o terceiro tema, o contexto de decisão já tinha mais de 40 mil tokens de resultados de busca dos temas 1 e 2. A relação sinal/ruído colapsava. O agente começava a escolher temas que "soavam confirmados pelas notícias recentes", em vez de temas que casavam com o material que eu realmente tinha em estoque.

O sintoma visível era o tempo: cerca de 20 minutos por execução. O sintoma escondido era a deriva. Toda semana, na revisão, eu sobrescrevia as escolhas do agente, porque não batiam com o conteúdo que eu tinha pronto.

## Por que WebSearch no loop de decisão é uma armadilha

WebSearch tudo bem. WebSearch dentro do loop de decisão é a armadilha.

Duas coisas acontecem quando você deixa o juiz buscar:

**Tempo:** uma busca leva de 5 a 20 segundos. Cinco temas vezes quatro buscas dão 100 segundos só esperando, antes de contar leitura e raciocínio. Pra um humano fazendo uma pergunta, é nada. Pra um job diário automatizado, isso acumula rápido.

**Poluição de contexto:** cada resultado joga de 2 mil a 5 mil tokens de texto raspado de página HTML dentro do contexto de decisão. Nada disso foi estruturado pra responder "esse tema serve pro meu conteúdo?". Foi estruturado pra SEO. O juiz acaba raciocinando em cima de uma pilha de copy de marketing, em vez de raciocinar em cima dos próprios dados.

A correção é sem graça. O juiz não deve ter WebSearch. WebSearch é coisa do escritor.

## Papel 1: Observer — só coleta

O trabalho do Observer é "puxar os números de ontem e gravar num arquivo". É só isso.

Entrada: GA4, API do Zenn, API do Dev.to, logs de ontem. Saída: `domains/<nome>/data/snapshot-YYYY-MM-DD.json`.

Ferramentas permitidas:

```bash
claude -p "$(cat scripts/prompts/observer-prompt.txt)" \
  --allowed-tools "Bash,Read,Write"
```

Sem WebSearch, sem WebFetch, sem Edit. O Observer chama três APIs com `curl` e escreve um único arquivo JSON. Se ele tenta ser esperto e "interpretar os dados", o prompt manda parar. O schema também segura: os campos são `total_views`, `top_performers_3`, `errors_yesterday`. Não existe campo `recommendation`, então não tem onde encaixar uma decisão mesmo que quisesse opinar.

Parece um downgrade. É, no mesmo sentido em que uma função de propósito único é "downgrade" em relação a um god object. Quando o Observer quebra, eu sei exatamente qual API caiu, porque é só o que ele faz.

## Papel 2: Strategist — só julga, sem WebSearch

O Strategist lê o que o Observer escreveu, lê o `strategy.md` pras regras, lê os últimos 30 dias de temas publicados pra montar a lista de exclusão e escolhe 5 temas. Só isso.

```bash
claude -p "$(cat scripts/prompts/strategist-prompt.txt)" \
  --allowed-tools "Bash,Read,Write,Edit,Grep,Glob"
```

Repara no que sumiu: `WebSearch`, `WebFetch`. Tirados fisicamente do allow-list. O Strategist literalmente não consegue acessar a internet.

Foi a parte que eu mais resisti. "Como ele vai julgar os temas de hoje sem ver o que está em alta?" A pergunta era errada. A certa é: eu estou escrevendo temas que estão bombando em outro lugar ou temas que casam com meu estoque de conteúdo?

O Strategist enxerga:

- Três meses dos meus próprios dados de performance (o que foi lido)
- Meu estoque de conteúdo (capítulos de livro, rascunhos não publicados)
- Lista de exclusão de 30 dias (o que já escrevi)
- O meu próprio `strategy.md`

Isso basta pra escolher 5 temas em uns 90 segundos, não 20 minutos. O consumo de tokens por execução do Strategist caiu de uns 80 mil pra uns 20 mil, porque não tem mais resultado de WebSearch pra ler.

"Adicionar evidência com WebSearch" soava como boa ideia. Na prática, adicionou 8 buscas redundantes e 40 mil tokens de ruído.

## Papel 3: Marketer — executa, com WebSearch liberado

O Marketer lê a saída do Strategist, pega o tema de maior prioridade e escreve o artigo. É aqui que o WebSearch aparece:

```bash
claude -p "$(cat scripts/prompts/marketer-prompt.txt)" \
  --allowed-tools "Bash,Read,Write,Edit,Grep,Glob,WebSearch,WebFetch"
```

O Marketer usa WebSearch pra pesquisa de execução:

- "Versão estável mais recente do LangGraph em 2026"
- "URL oficial do Building Effective Agents da Anthropic"
- "Plano de preços do Inngest pra workflows com cron"

Isso é citação e checagem de versão, não decisão. "Devo escrever esse tema?" já foi resolvido. O WebSearch do Marketer fica limitado ao artigo da frente.

Daí caem duas consequências:

1. O custo se localiza. Gasto com WebSearch vive dentro do Marketer, onde produz saída visível. O custo por execução do Strategist agora é pequeno o suficiente pra rodar várias vezes por semana sem pensar.
2. A falha se localiza. Quando o WebSearch está instável ou fora do ar, só o escritor quebra. O Strategist continua entregando os temas do dia. O Observer continua registrando os números de ontem. O pipeline degrada, não para.

## A cadeia cron: como os três papéis se conectam

Os três agentes não compartilham conversa. Compartilham arquivos.

```text
07:00  Observer    → grava snapshot-2026-05-14.json
09:00  Strategist  → lê snapshot, grava strategist-2026-05-14.md
10:00  Marketer    → lê strategist.md, grava rascunho + agenda publicação 22:00
22:00  Observer    → registra tração inicial do dia → entrada de amanhã
```

Rodo isso como cron puro num VPS pequeno. A versão curta é uma linha por job com `set -euo pipefail`, `trap ... ERR`, um ping de falha no Telegram e um lock file. Cerca de 30 linhas de shell por papel.

Se preferir durabilidade gerenciada em vez de cron, [Temporal Schedules](https://temporal.io/blog/orchestrating-ambient-agents-with-temporal), [trigger cron do Inngest](https://www.inngest.com/) e [GitHub Actions cron](https://docs.github.com/pt/actions/using-workflows/events-that-trigger-workflows#schedule) cabem todos no mesmo formato. A arquitetura não liga pra qual deles carrega ela. Eu uso cron porque o modo de falha é "o servidor está desligado", e isso eu noto rápido.

A passagem de bastão é sempre um arquivo em disco. JSON pro snapshot, Markdown pro log do strategist, Markdown pro log do marketer. Legível por humano, com data, replayável. Eu consigo rodar o Marketer de ontem em cima do arquivo do Strategist de ontem mudando uma variável de ambiente. Backfill de graça, sem herdar Airflow.

## Sub-agent vs separação em papéis — não confunde

Eu tenho outro post sobre [rodar três sub-agentes do Claude Code no mesmo PR e ver eles discordarem em 41% dos comentários](https://kenimoto.dev/pt/blog/tres-sub-agentes-revisaram-mesmo-pr-40-discordancia). Volta e meia me perguntam se é a mesma coisa que estou descrevendo aqui.

Não é. Parecem iguais num slide e se comportam de formas opostas na prática.

| | Sub-agent (Task tool do Claude Code) | Separação em papéis (cron) |
|---|---|---|
| **Escopo** | Mesma sessão, mesmo agente pai | Três processos, três execuções |
| **Estado** | Pai passa o contexto na entrada | Arquivo em disco |
| **Tempo** | Síncrono, o pai espera | Assíncrono, com horas de distância |
| **Falha** | Pai cuida do retry | Cada job tenta de novo sozinho |
| **Caso de uso** | "Explore esse repo em paralelo" | "Roda o PDCA de ontem toda manhã" |

Sub-agent serve pra *paralelismo dentro de uma tarefa*. Separação em papéis serve pra *pipeline deslocado no tempo*. Misturar os dois te dá o pior dos dois mundos: a superfície de debug do cron, mais a deriva de contexto compartilhado dos sub-agents.

A regra que eu uso: se a resposta tem que voltar na mesma conversa, é sub-agent. Se a resposta tem que sobreviver a um reboot do servidor, é cron com job separado.

## Dentro do Brasil

Aqui dentro do Brasil, agente de IA já não é assunto de hype: [o iFood já tem 9 mil agentes de IA em produção e redesenhou 32% das atividades](https://tiinside.com.br/en/25/03/2026/ifood-ja-tem-9-mil-agentes-de-ia-e-redesenhou-32-das-atividades/) com tarefas executadas por agentes em vez de gente. A Hotmart [montou um agente de vendas](https://startups.com.br/negocios/inteligencia-artificial/hotmart-aposta-em-ia-para-ampliar-receita-ate-em-produtos-fisicos/) treinado com a voz do creator. A RD Station [acoplou agentes de IA no produto Conversas](https://www.rdstation.com/produtos/conversas/agentes-de-ia/). O que essas equipes não estão fazendo é deixar um único agente rodar observação, decisão e execução num único loop. Em escala, separar os papéis é o que vira pipeline confiável em vez de demo.

Em conta direta: na minha operação, o Strategist consumia uns USD 30 (R$ 150) por mês quando era um agente único com WebSearch. Depois da separação, caiu pra uns USD 12 (R$ 60). Pra um time pequeno, isso é o suficiente pra justificar a reestruturação numa tarde.

## Números medidos

São os meus números rodando os dois setups em cima do mesmo estoque de conteúdo.

| Métrica | 1 agente | 3 papéis | Mudança |
|---|---|---|---|
| Tempo pra escolher 5 temas | ~20 min | ~3 min | -85% |
| Tokens por execução diária | ~120k | ~45k | -62% |
| Gasto mensal de API | ~USD 60 (R$ 300) | ~USD 22 (R$ 110) | -63% |
| Re-escolha de tema (revisão semanal) | 2-3/sem | 0-1/sem | desce |
| Queda do WebSearch derruba pipeline | sim | não | resolvido |
| Tempo médio pra debugar falha | 30-60 min | 5-10 min | -80% |

A conta dos tokens foi o que me surpreendeu. Eu chutava que separar em três agentes ia *aumentar* o consumo total, por causa de contexto duplicado. Não aumentou. O tráfego de WebSearch que sumiu era maior que o overhead novo por papel.

O tempo de debug é o que pesa no dia a dia. Com um agente só, "o job falhou às 09:14" não me diz nada. Com três papéis, "o Strategist falhou às 09:14" me diz qual script de 30 linhas eu preciso abrir.

"Adicionar agentes deixou mais rápido" soa errado na cara. Só ficou mais rápido porque tirei o WebSearch do loop de decisão. A divisão foi o que permitiu remover na prática: no momento em que o Observer e o Strategist deixaram de alcançar a internet, a tentação de "só mais uma busca" sumiu.

A separação em papéis é uma das peças da "harness" que mantém o agente dentro de um trilho previsível. O livro com 19 capítulos sobre como desenhar essa harness — allow-list por papel, AGENTS.md de 2 a 100 linhas, hooks pre-commit / pre-tool-use, e os 5 frameworks que falam sobre isso de forma diferente — está em **[Harness Engineering: De Usar IA a Controlar IA](https://kenimoto.dev/pt/books/harness-engineering-guide)**.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/pt/) · [TabNews](https://www.tabnews.com.br/kenimo49)*

---

# Rodei 3 sessões do Claude Code em paralelo por 8 horas. Elas se sobrescreveram 2 vezes. R$ 280 em retrabalho.

URL: https://kenimoto.dev/pt/blog/tres-sessoes-claude-code-paralelo-8h-2-colisoes/
Lang: pt
Date: 2026-05-27
Description: Três sessões do Claude Code, três git worktrees, um único diretório .claude/ compartilhado. Oito horas depois, dois arquivos de memória corrompidos e R$ 280 de tokens queimados refazendo trabalho que já existia.

Eu tinha três ideias em paralelo e três terminais abertos. A conta parecia óbvia: abrir três sessões do Claude Code, uma por worktree, deixar cada uma trabalhar em uma branch independente, e ganhar uns 3x de throughput na tarde. A documentação oficial recomenda exatamente isso. O desktop app [cria worktree automaticamente](https://code.claude.com/docs/en/worktrees) para cada nova sessão. É apresentado como o padrão seguro.

Oito horas depois, eu tinha dois arquivos de memória corrompidos, um arquivo de Skill com um parágrafo que eu nunca escrevi, e uma fatura de aproximadamente R$ 280 de tokens (cerca de US$ 47, com o dólar em 5,95 no fechamento de 2026-05-27) refazendo trabalho que já existia em outra worktree. A configuração era segura no papel. O estado compartilhado não era.

Esse post é o log das 8 horas. O que eu configurei, quando as duas colisões aconteceram, o que estava sendo sobrescrito de fato, e os três padrões pequenos que uso agora para impedir que sessões paralelas se devorem.

## A configuração que parecia segura

Três sessões do Claude Code, cada uma em uma worktree separada do mesmo repositório. Três branches: `feat/voice-buffer`, `fix/og-emit`, `feat/citation-tracker`. Nenhuma das branches tocava nos mesmos arquivos-fonte. Eu checei duas vezes antes de começar.

```bash
# Terminal A
git worktree add ../wt-voice-buffer feat/voice-buffer
cd ../wt-voice-buffer && claude

# Terminal B
git worktree add ../wt-og-emit fix/og-emit
cd ../wt-og-emit && claude

# Terminal C
git worktree add ../wt-citations feat/citation-tracker
cd ../wt-citations && claude
```

Cada sessão lia o mesmo contexto de sistema: o `CLAUDE.md` do repositório, o `~/.claude/CLAUDE.md` de usuário, o `~/.claude/skills/`, e o diretório `~/.claude/projects/<repo>/memory/`. As worktrees são isoladas na camada de git. Todo o resto fica compartilhado.

Percebi a implicação só na hora 8, com um arquivo de memória corrompido aberto na tela. Worktrees isolam o código-fonte. Não isolam o cérebro do Claude.

## Colisão 1: hora 3:42, o arquivo de Skill

A primeira coisa a quebrar foi um arquivo de Skill no qual eu não tinha encostado o dia inteiro.

A sessão A estava trabalhando no fix do voice buffer e em algum momento se perguntou: "tem alguma Skill para buffers WebRTC streaming?". Não tinha. Escreveu uma nova em `~/.claude/skills/voice-buffer/SKILL.md` e seguiu trabalhando. Na mesma janela de uns 8 minutos, a sessão C estava montando o citation tracker e se perguntou: "tem alguma Skill para parser de atribuições de fonte?". Não tinha. Escreveu uma em `~/.claude/skills/citation-source/SKILL.md`.

Até aí nenhuma colisão. Arquivos diferentes, tópicos diferentes. A documentação oficial não me deu motivo para suspeitar.

A colisão veio de um terceiro arquivo: `~/.claude/skills/_index.md`, que as duas sessões decidiram atualizar ao registrar a Skill nova. A sessão A escreveu primeiro. A sessão C, lendo o arquivo 30 segundos depois, viu a versão *anterior* à escrita da A, anexou a própria Skill e salvou. O registro da Skill voice-buffer desapareceu do índice. A sessão A não tinha como saber, porque já tinha seguido para a próxima tarefa.

Eu só percebi na hora 5 quando perguntei para a sessão B (que estava silenciosa no fix do OG): "o índice de Skills já inclui voice-buffer?". Ela respondeu que não. Conferi. Estava certa. O arquivo de Skill que a A escreveu estava em disco, mas o índice que apontava para ele tinha sido sobrescrito.

Isso é a cara de estado compartilhado sem lock. Dois escritores, last-write-wins, sem aviso, sem merge.

## Colisão 2: hora 6:18, o arquivo de memória

A segunda colisão foi pior, porque comeu trabalho que eu queria manter.

Eu uso `~/.claude/projects/<repo>/memory/` para guardar pequenas notas persistentes que o agente deve lembrar entre sessões: um `architecture.md` com o mapa dos componentes, um `feedback.md` com preferências de estilo, um `project.md` com prioridades atuais. Os três são escritos pelo próprio Claude, eventualmente, quando o usuário diz "lembre disso" ou quando o agente decide por conta própria que algo vale guardar.

Na hora 6:18, a sessão A terminou o trabalho no voice buffer e se perguntou: "vale a pena salvar o que aprendi sobre os invariantes do buffer de áudio?". Leu `architecture.md`, adicionou uma seção, salvou. Na hora 6:19, a sessão B terminou o fix do OG e se perguntou: "vale a pena registrar o bug de duplo og:type como gotcha conhecido?". Leu `architecture.md` (a versão pré-A, ainda em cache no contexto dela), adicionou a própria seção, salvou.

As notas do voice buffer da A sumiram. Oito minutos de invariantes cuidadosos, fora, substituídos por um parágrafo sobre emissão de meta tag que estava correto mas era de outro assunto.

Só peguei isso porque, na manhã seguinte, fui dar grep em "buffer invariant" e não encontrei nada. Se eu não tivesse procurado, as notas simplesmente não existiriam em nenhuma sessão futura do Claude Code. O agente nunca saberia que devia perguntar. Não tem log de erro para "arquivo de memória sobrescrito silenciosamente por processo irmão".

## O que estava de fato quebrado

Worktrees resolvem o problema de filesystem. Duas sessões escrevendo no mesmo `src/voice/buffer.ts` gerariam um conflito de git, que é barulhento e recuperável. Duas sessões escrevendo no mesmo `~/.claude/skills/_index.md` geram um overwrite silencioso, que é mudo e não.

Concretamente, a premissa quebrada era essa. O guia oficial diz que ["edições em uma sessão não tocam em arquivos de outra"](https://code.claude.com/docs/en/worktrees), e isso é verdade na camada de worktree. Não é verdade na camada de harness, porque o harness (memória, skills, hooks, settings) mora um diretório acima da worktree, em `~/.claude/`, onde cada sessão paralela escreve livremente sem coordenação.

Três classes de arquivo entram em risco, em ordem crescente de quanto vão doer:

1. **Arquivos de configuração** (`~/.claude/settings.json`). Colisão rara porque o agente raramente escreve aqui. Mas quando escreve (uma Skill pede permissão nova, por exemplo), é last-write-wins.
2. **Arquivos de Skills** (`~/.claude/skills/`). Frequência média. O ponto real de ignição são os índices e catálogos compartilhados, não os arquivos SKILL.md individuais.
3. **Arquivos de memória** (`~/.claude/projects/<repo>/memory/`). O mais dolorido. O agente escreve aqui exatamente no momento em que acabou de aprender algo que considera valioso, ou seja, exatamente o trabalho que você não quer perder.

O padrão de worktree paralela da Anthropic foi pensado para código. O harness foi pensado para uma sessão de cada vez. Rodar os dois ao mesmo tempo é bug do usuário.


## A aula de R$ 280

O custo em dinheiro foi o retrabalho. Depois da colisão do arquivo de memória, a sessão A não tinha registro dos invariantes do voice buffer que tinha acabado de derivar. Quando comecei uma sessão nova na manhã seguinte e pedi para estender o buffer, ela rederivou os mesmos invariantes do zero, do mesmo jeito, em uns 40 minutos de tokens queimados. Olhei o dashboard: cerca de US$ 47 em Sonnet 4.6, que dá uns R$ 280 na cotação do fechamento de 2026-05-27 (Banco Central com dólar em 5,95). E mais uma manhã ligeiramente azeda.

Eu também já tinha pago pela derivação original, claro. Então, em rigor, o trabalho não foi "perdido", foi "pago duas vezes". A segunda fatura era a evitável. A Lei de Brooks tem uma nota de rodapé que ninguém cita: "e seus processos concorrentes vão sobrescrever as notas uns dos outros, então você vai pagar parte do trabalho duas vezes". No câmbio de R$ 280, dá para sentir.

## Os 3 padrões que uso agora

Depois do dia da colisão, mudei três coisas. Cada uma é pequena. Nenhuma exigiu que a Anthropic mandasse algo novo.

**Padrão 1: namespaces de memória por sessão.** Em vez de um `~/.claude/projects/<repo>/memory/` compartilhado, cada sessão paralela escreve dentro de `~/.claude/projects/<repo>/memory/<branch-name>/`. Coloco isso num `CLAUDE.md` por worktree, que aponta o agente para o subdiretório dele. No fim da sessão, faço merge do subdiretório de volta para o `memory/` principal na mão ou com um script pequeno. Conflitos aparecem como nomes de arquivo duplicados, que é barulhento e recuperável.

```markdown
<!-- CLAUDE.md por worktree -->

## Local de escrita de memória

Escreva todos os arquivos de memória em
`~/.claude/projects/repo/memory/feat-voice-buffer/`.
Não escreva direto em `~/.claude/projects/repo/memory/`.
```

**Padrão 2: write lock nos índices compartilhados.** Para arquivos que não dá para isolar por namespace (o índice de Skills, settings.json), uso um lock estilo `flock` em volta de cada escrita do agente. O agente escreve via um wrapper de shell que pega lock exclusivo em `~/.claude/locks/skills-index.lock` antes de tocar no arquivo. Last-write ainda ganha, mas as escritas ficam serializadas e o read pré-escrita do agente vê estado consistente. O wrapper tem uns 20 linhas de shell.

```bash
#!/usr/bin/env bash
# ~/.claude/bin/locked-write.sh
target="$1"
lockfile="$HOME/.claude/locks/$(basename "$target").lock"
mkdir -p "$(dirname "$lockfile")"
exec 9>"$lockfile"
flock 9
cat > "$target"
```

**Padrão 3: coordenação via `.claude/sessions/`.** Cada sessão em execução escreve um arquivo de heartbeat em `~/.claude/sessions/<pid>.json` com branch, horário de início, e os arquivos que ela espera tocar na camada de harness. Antes de escrever em um índice compartilhado ou arquivo de memória, a sessão dá grep no diretório sessions/ atrás de reivindicações de processos irmãos no mesmo caminho. Se acha alguma, espera ou pula. É o mais pesado dos três e o que eu menos uso, porque os Padrões 1 e 2 pegam a maioria das colisões reais.

Se você já usou [sub-agentes do Claude Code para revisão paralela](/pt/blog/tres-sub-agentes-revisaram-mesmo-pr-40-discordancia/), reconhece o formato. O problema não é o modelo. É a camada de integração que o usuário não percebeu que estava ali. Sub-agentes colidem em opiniões dentro de uma sessão; sessões paralelas colidem em estado entre harnesses.

## No que eu de fato acredito agora

Sessões paralelas do Claude Code não são de graça, do mesmo jeito que [code review multi-agente](/pt/blog/tres-sub-agentes-revisaram-mesmo-pr-40-discordancia/) não é, do mesmo jeito que deixar um agente [rodando 24 horas](/pt/blog/agente-ia-24-horas-incidentes-seguranca/) não é. O custo muda de lugar, mas não vai a zero. Em sessões paralelas, o custo aparece como overwrite silencioso no seu diretório de harness, 8 horas depois de começar, em um arquivo em que você nem pensou quando abriu o segundo terminal.

O enquadramento do guia oficial está correto na camada de código-fonte: "edições em uma sessão não tocam arquivos de outra". Só para um diretório antes. As edições dentro de `~/.claude/` ficam felicíssimas em tocar umas nas outras, e vão tocar, no cronograma do last-write-wins, sem log de erro para dar grep depois.

Se você levar uma coisa só desse post: ao abrir a segunda sessão do Claude Code na segunda worktree, gaste 10 segundos para decidir se as duas sessões compartilham Skills, memória ou settings, e se você se incomoda com a possibilidade de uma comer silenciosamente as escritas da outra. Se se incomoda, coloca o Padrão 1 hoje e o Padrão 2 no primeiro dia em que você bater numa colisão de verdade. O Padrão 3 pode esperar até você se ver rodando 5 em paralelo, que é o ponto em que a documentação oficial sugere com delicadeza que você pare.

Continuo rodando sessões em paralelo. Só parei de fingir que o limite da worktree era o limite todo.

Os 3 padrões (e o capítulo de Skills/memória/settings que explica por que eles colidem) estão em **[Practical Claude Code](https://kenimoto.dev/pt/books/claude-code-mastery)**. O capítulo de Plan Mode é o que mais releio antes de abrir a segunda sessão.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/pt/) · [TabNews](https://www.tabnews.com.br/kenimo49)*

---

# Coloquei 3 sub-agentes do Claude Code para revisar o mesmo PR. Discordaram em 41% dos comentários.

URL: https://kenimoto.dev/pt/blog/tres-sub-agentes-revisaram-mesmo-pr-40-discordancia/
Lang: pt
Date: 2026-05-12
Description: Três sub-agentes do Claude Code, um PR de 500 linhas, 41% de discordância e uma hora gasta decidindo quais achados manter. A Lei de Brooks segue viva em 2026, e parece que ela desce até o nível dos agentes.

Achei que revisão de código com múltiplos agentes fosse upgrade grátis. Três sub-agentes olhando o mesmo PR pareciam três pares de olhos pelo preço do café de um engenheiro.

Aí coloquei três sub-agentes do Claude Code para revisar o mesmo PR de refatoração de 500 linhas e fiquei vendo eles discordarem em 41% dos comentários. O merge levou uma hora que eu tinha orçado em quinze minutos. A Lei de Brooks segue viva em 2026, e parece que ela desce até o nível dos agentes.

A Anthropic [anunciou em março](https://claude.com/blog/code-review) que menos de 1% dos achados internos do Code Review são marcados como incorretos pelos engenheiros. O número é real, e também é uma estatística de gente rodando um pipeline finamente ajustado na própria base de código. Assim que subi meus próprios três sub-agentes no meu próprio repositório, "concordar" deixou de significar o que eu imaginava.

Esse é o experimento. O que eu montei, o que eu medi e o que eu de fato acredito agora sobre revisão paralela com sub-agentes.

## A configuração

O PR era uma refatoração de 500 linhas na camada de signaling WebRTC de um projeto paralelo. Oito arquivos, quase tudo TypeScript, dois ajustes de configuração e um novo tipo de erro. Chato o suficiente para não ser um PR de palco, complexo o suficiente para um único revisor deixar coisas passarem.

Três sub-agentes, todos definidos em `.claude/agents/`, todos usando Sonnet 4.6, todos restritos a ferramentas de leitura:

```markdown
---
name: explore-reviewer
description: Rastrear chamadores, dependentes e caminhos de código morto.
model: sonnet
allowed-tools: Read Grep Glob
---

Você é um arqueólogo de código. Para cada arquivo alterado, encontre todos
os chamadores, todos os testes que referenciam o arquivo e qualquer caminho
que fique em silêncio depois da mudança. Reporte citações concretas no
formato file:line. Sem opiniões de estilo.
```

```markdown
---
name: security-reviewer
description: Procurar regressões em auth, validação e tratamento de segredos.
model: sonnet
allowed-tools: Read Grep Glob WebSearch
---

Você é um revisor de segurança. Foque só em fluxos de auth, validação de
entrada, manuseio de segredos e riscos de dependências. Estime o CVSS para
cada achado. Ignore estilo e arquitetura.
```

```markdown
---
name: plan-architect
description: Avaliar decisões de design contra as convenções existentes.
model: sonnet
allowed-tools: Read Grep Glob
---

Você é um arquiteto de software. Compare as decisões de design do PR com as
convenções existentes nessa base de código. Aponte drift, costuras faltantes
e abstrações que vão machucar a próxima pessoa.
```

Cada sub-agente recebeu o mesmo prompt: "Revise o PR #482 linha por linha e liste os achados como bullets com citações file:line." Cada um rodou no próprio contexto. Nenhum viu a saída do outro. Eu era o único costurando os resultados no final.


## Como ficou 41% de discordância

Quando os três terminaram, eu tinha 78 comentários brutos no total. Abri uma planilha e taguei cada um como "levantado pelos 3", "levantado por 2 de 3" ou "levantado por 1 de 3".

| Cobertura | Quantidade | Fatia |
|---|---|---|
| Os 3 agentes apontaram | 14 | 18% |
| 2 de 3 agentes apontaram | 32 | 41% |
| Só 1 agente apontou | 32 | 41% |

O balde "levantado por 1" é o que eu chamo de discordância. Os outros dois sub-agentes tiveram exatamente a mesma chance de apontar a mesma linha, com as mesmas ferramentas, no mesmo diff. Passaram batido. Isso significa **41% de chance de qualquer achado individual ser a opinião particular de um único sub-agente**.

O número de manchete da Anthropic, menos de 1% marcado como incorreto, é medido de outro jeito. Eles contam achados que o engenheiro fecha explicitamente sem corrigir. Eu estou contando achados que dois de três agentes olhando o mesmo código nem se deram ao trabalho de mencionar. São perguntas diferentes, e a segunda é a que custa o meu tempo no teclado.

## Os quatro padrões de discordância

Depois de classificar cada discordância, quatro padrões cobriam quase tudo.

**Drift de severidade.** O plan-architect marcou uma falta de null check como "critical". O security-reviewer viu a mesma linha e classificou como "low: o chamador já valida lá em cima". Os dois estavam certos, mais ou menos. O arquiteto leu a função em isolamento. O revisor de segurança tinha andado com grep pelos chamadores e visto a validação anterior. Mesma linha, veredictos opostos.

**Drift de escopo.** Pedido para revisar o PR, o explore-reviewer alegremente me contou sobre três bugs pré-existentes em arquivos que o PR sequer tocava. O plan-architect se recusou a comentar qualquer coisa fora do diff. Eu não tinha como saber de antemão qual comportamento ia receber. Estritamente falando, as duas interpretações são defensáveis. Na prática, uma delas explodiu a minha contagem de comentários.

**Drift de concretude.** O plan-architect escreveu: "Considere extrair a lógica de retry para um helper compartilhado." O security-reviewer escreveu: "Substitua as linhas 184-201 por `retry(opts, () => fetchToken(opts.url))` e adicione um teto de 30s, senão o caminho de auth-refresh pode travar o worker." Mesma ideia. Uma eu aplico em trinta segundos, a outra exige uma reunião. Concretude é um eixo de variância bem maior do que eu esperava.

**Drift de orçamento de ferramentas.** O explore-reviewer tinha grep e glob, e percebeu que a função renomeada ainda era referenciada num script de CI que ninguém atualizou. O plan-architect, com exatamente as mesmas ferramentas, nunca foi olhar lá. Mesma lista de allowed-tools, mesmo prompt sobre "ache dependentes". Um andou pela superfície, o outro andou pelo prédio. O drift aqui veio de quanto cada prompt de sistema incentivava o agente a vagar.

Se você já usou [sub-agents do Claude Code](https://code.claude.com/docs/en/sub-agents) para algo além de uma chamada Explore pontual, nada disso é chocante. O que me chocou foi como esses quatro baldes recortaram quase todas as discordâncias que taguei.

## O bug que ninguém pegou

Dois dias depois do merge, um colega achou uma race condition no novo caminho de tratamento de erro. O PR abria uma janela de um frame em que duas tentativas de reconnect podiam disparar no mesmo socket. Nenhum dos três sub-agentes mencionou isso. A descrição do PR, que eu escrevi à mão, mencionava "lógica de reconnect movida", e foi isso que fez o colega ir investigar.

"Com olhos suficientes, todos os bugs são rasos", escreveu Eric Raymond em 1999. Ele acertou sobre os olhos. Ele não especificou que três deles precisariam estar mirando na mesma janela. Os meus estavam todos focados no diff. Nenhum deu um passo atrás para perguntar: o que mudou no timing?

## A hora que perdi fazendo merge

A parte de costurar os três relatórios foi exatamente a que eu não tinha orçado.

Para cada achado "2 de 3" ou "1 de 3", eu tinha que decidir:

1. É real, ou é uma lacuna de contexto que se fecha com um grep?
2. Se é real, a severidade do agente A está certa, ou a do agente B?
3. Se há proposta de fix, dá para aplicar a versão concreta com segurança, ou eu preciso voltar para a versão abstrata?

Só a terceira pergunta consumiu três cafés. Dois sub-agentes mandaram "extraia um helper compartilhado". Um me deu um helper específico. Eu tive que ler o diff uma terceira vez, no braço, para descobrir se o helper específico tinha o formato certo. Não tinha. Acabei escrevendo uma quarta versão.

A Lei de Brooks era sobre custo de comunicação entre humanos num projeto atrasado. Estou convencido de que ela generaliza assim: **toda vez que você joga N perspectivas independentes sobre o mesmo artefato, o seu revisor N+1 é o integrador, e a hora do integrador cresce mais ou menos linearmente em N**. Três sub-agentes pareciam 3x os olhos. Eram também 3x o custo de integração.

Se você rodou o Claude Code [autonomamente por 24 horas](/pt/blog/agente-ia-24-horas-incidentes-seguranca/) e sobreviveu para contar, já sabe disso pelo outro lado: o gargalo migra para quem está lendo a saída do agente.

## O custo, em horas

A planilha é instrutiva. Pra um PR de 500 linhas:

| Item | Orçado | Real |
|---|---|---|
| Três sub-agentes em paralelo (Sonnet 4.6) | ~3 min | 3 min |
| Eu lendo os 78 comentários e taguendo coverage | 15 min | 22 min |
| Mesclar os "1 de 3" (decisão por achado) | 0 min | 28 min |
| Decidir entre concreto vs abstrato no fix | 0 min | 14 min |
| **Total** | **~20 min** | **~67 min** |

47 minutos a mais dentro de uma rotina de PR review em fintech ou e-commerce BR (sênior 2026 fica por aí dos R$ 100-150/h) viram uns R$ 80-120 de custo direto sem contar context switch. Pra 12 PRs no mês é uma manhã que sumiu da contagem. Pra um time de 5 seniores fazendo review paralelo, é R$ 5-7 mil de custo invisível por mês até alguém medir.

## Qual é o número certo de sub-agentes

Não acho que a resposta seja um. Na mesma semana eu rodei o experimento com N=1 num PR menor, só uma passada de revisão geral. Ele deixou passar o tipo de dependência entre arquivos que o explore-reviewer teria pego. Um par de olhos é genuinamente pior que dois.

Minha heurística atual, depois de uns doze PRs nessa pegada:

- PR pequeno (menos de 100 linhas, sem arquivos novos): um sub-agente. Mais que isso é overhead.
- PR médio (100 a 500 linhas, mexe em um subsistema): dois sub-agentes com ângulos distintos, em geral explore + security ou explore + architect. Escolha o segundo pelo que o PR está arriscando de fato.
- PR grande ou transversal (mais de 500 linhas, vários subsistemas): três. Planeje o tempo de integração antes. Não é de graça.

Acima de três, eu não vi valor. A montagem de [nove agentes do HAMY](https://hamy.xyz/blog/2026-02_code-reviews-claude-subagents) é interessante, mas eu ia precisar de uma segunda ferramenta só para mesclar os relatórios, e ela precisaria ser mais barata do que eu.

O outro botão é concretude. Hoje eu peço a cada sub-agente "achados com a menor mudança concreta que resolve o problema, ou marcados como no-fix se você não souber". Essa linha sozinha no prompt de sistema derrubou cerca de metade do meu drift de concretude.

## No que eu de fato acredito agora

Revisão de código multi-agente não é grátis. É mais parecida com "três revisores juniores lendo em salas diferentes, e você é o sênior que tem que mesclar as notas". O número de olhos sobe, mas o custo de integração também, e o custo de integração é a parte que mora no seu calendário.

O bug que ninguém pegou foi o que mais me deixou humilde. Três agentes, três ângulos, todos read-only, todos mirando o mesmo diff. Nenhum percebeu a mudança de timing porque nenhum foi solicitado a perceber. **Sub-agentes são excelentes nas perguntas que você coloca no system prompt. São medianos nas perguntas que você esqueceu de fazer.** O limite real é esse, não o modelo.

Se você levar uma coisa daqui, é um quarto sub-agente. O que eu uso hoje:

```markdown
---
name: what-am-i-not-asking
description: Identificar categorias de bug que os outros sub-agentes vão deixar passar.
model: sonnet
allowed-tools: Read Grep Glob
---

Você é um meta-revisor. Sua tarefa não é apontar bugs no diff. Sua tarefa
é ler o diff e os system prompts dos outros sub-agentes ativos
(explore-reviewer, security-reviewer, plan-architect) e nomear até 5
categorias de problema que nenhum dos outros agentes vai conseguir pegar.

Para cada categoria:
1. Cite a evidência no diff que sugere a categoria.
2. Explique por que cada agente existente vai passar batido (limite de
   ferramenta, limite de prompt, limite de contexto).
3. Sugira o nome de um sub-agente novo (ou ajuste de prompt) que resolveria.

Não proponha fixes. Só perguntas que os outros não estão fazendo.
```

Roda esse antes dos outros três. Lê a resposta. Aí escreve os prompts de revisão de verdade. Eu não fiz isso no experimento desse post, e foi exatamente por isso que perdi uma hora no merge e um colega achou a minha race condition de timing dois dias depois.

O número de menos de 1% da Anthropic é real. Também é medido num pipeline que alguém ficou meses ajustando, não em três sub-agentes que você escreveu entre reuniões. Ajuste os seus. Até lá, conte com 40%.

---

Se você quer o sistema completo de revisão em três camadas (portão automático / IA / humano), eu escrevi um livro com `.coderabbit.yaml`, workflows de GitHub Actions e o exemplo final em Next.js + TypeScript + Prisma:

**Revisão de Código com Harness Engineering** — Kindle BR, R$ 24,99 → [amazon.com.br/dp/B0H2DB9YXD](https://www.amazon.com.br/dp/B0H2DB9YXD)

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/pt/) · [TabNews](https://www.tabnews.com.br/kenimo49)*

---

# Agregué 11 schemas JSON-LD a mi blog. Tres meses después, solo 3 aparecieron en las citas de IA.

URL: https://kenimoto.dev/es/blog/11-json-ld-solo-3-citados/
Lang: es
Date: 2026-05-25
Description: Hace 3 meses metí 11 schemas JSON-LD en el <head> de mi sitio. Medí cada cita por IA desde entonces. Ocho de los once fueron peso muerto. Solo tres cargaron el camión. Cuáles funcionaron, cuáles no, y qué haría diferente.

Hace tres meses pasé una tarde agregando 11 schemas JSON-LD al `<head>` de mi sitio. Organization, WebSite, Person, cuatro bloques de Service, dos de Book, MusicGroup, FAQPage. Me sentí muy bien conmigo mismo.

Después medí qué hacían los motores de IA con eso.

Tres de los once aparecieron en citas. Los otros ocho podrían haber sido comentarios HTML y daba lo mismo.

Esta es la historia de la medición. Cuáles tres schemas se ganaron su lugar, cuáles ocho fueron peso muerto, y por qué lo implementaría igual otra vez — pero más chico.


## Qué implementé y por qué pensé que iba a funcionar

La implementación en sí fue directa. Empaqueté los 11 schemas en un solo array dentro de un `<script type="application/ld+json">` en mi layout de Astro, con render del lado del servidor en cada página. Mi razonamiento parecía sólido en su momento:

- Más señales estructuradas = más chances de ser citado
- Los LLMs supuestamente aman `knowsAbout`, así que Person iba a ser el arma secreta
- Los bloques Service le iban a decir a la IA exactamente qué vendo
- Los bloques Book iban a sacar a flote mis publicaciones
- Hasta MusicGroup se ganó un lugar, porque tengo un proyecto paralelo y por qué no

Operaba con la teoría del acumulador para LLMO: si poco es bueno, once es mejor.

Spoiler: no es así.

## Cómo medí

Corrí un experimento de tracking de tres meses, de fines de febrero a fines de mayo de 2026. Las reglas:

- 50 queries de marca y tema, escritas una vez y reutilizadas cada semana
- 4 motores de IA: ChatGPT (modo Search), Perplexity, Claude (con búsqueda habilitada), Brave Leo
- Cada semana le hacía las 50 preguntas a los 4 motores
- Para cada cita, verificaba si el fragmento citado contenía información que **solo** existía en un schema JSON-LD específico — name, foundingDate, knowsAbout, pares de Q&A de FAQ, títulos de libro, descripciones de servicio
- Si el fragmento dependía de un campo único de un schema, le acreditaba la cita a ese schema

Esa última regla es la que importa. Cualquiera puede afirmar "mi schema Article está funcionando" porque Article se superpone con `<title>`, `<h1>` y `<meta description>`. La pregunta interesante es: cuando la IA cita un hecho que **solo existe en JSON-LD**, ¿qué schema produjo ese hecho?

Tres meses, 600 queries (50 × 4 × 3 meses), unas 180 citas de mi sitio en total. Le hice seguimiento a todas.

## Los tres schemas que se ganaron su lugar

### 1. Organization

`Organization` es el schema que los motores de IA realmente parsean y guardan. Cuando alguien le pregunta a ChatGPT "¿en qué se enfoca kenimoto.dev?" o a Perplexity "¿quién lleva ese sitio?", la respuesta se apoya en campos que viven dentro del bloque Organization:

- `name` y `alternateName` (manejan transliteración y abreviaciones)
- `description` (la frase corta que la IA usa como resumen del sitio)
- `foundingDate` (el único lugar estructurado donde la IA encuentra esto)
- `sameAs` (referencias cruzadas a GitHub, LinkedIn, X — la IA las usa para fusionar entidades)

Cerca del 40% de los fragmentos citados contenían información rastreable hasta Organization. El patrón coincide con lo que [BrightEdge reportó a comienzos de 2026](https://digitalstrategyforce.com/journal/what-schema-markup-gets-you-cited-by-chatgpt-and-google-ai-mode-in-2026/): Organization es Tier 1.

Si vas a implementar un solo schema, es este. Ni siquiera está cerca.

### 2. Article (TechArticle por post)

Este técnicamente no era parte de los 11 empacados en el `<head>` de la home — Astro lo emite por cada post de blog. Lo cuento porque el experimento me obligó a notarlo: cada cita de IA de un post individual se apoyaba en `headline`, `datePublished`, `dateModified` y `author` del Article.

El campo `dateModified` pesa más de lo que parece. Perplexity en particular favorece el contenido fresco como señal de ranking — análisis recientes del sector [estiman que el frescor pesa cerca del 40% en el ranking de Perplexity](https://www.stackmatix.com/blog/structured-data-ai-search). Cada vez que actualizaba un post y le movía el `dateModified`, la tasa de cita de ese post subía notoriamente en las dos semanas siguientes.

### 3. FAQPage

El schema con patrón de cita más inequívoco. Los motores de IA extraen `mainEntity[].name` y `acceptedAnswer.text` de FAQPage casi tal cual. Estudios del sector ubican la tasa de cita de FAQPage [alrededor del 67% en queries relevantes para IA](https://www.frase.io/blog/faq-schema-ai-search-geo-aeo), y otro análisis encontró que las páginas con FAQPage tienen [3,2 veces más probabilidad de aparecer en Google AI Overviews](https://digitalstrategyforce.com/journal/what-schema-markup-gets-you-cited-by-chatgpt-and-google-ai-mode-in-2026/) que páginas sin él.

Mis números propios fueron más modestos — tengo un solo bloque FAQPage, no cien — pero la **calidad** de la cita era distinta. ChatGPT no parafraseó mis respuestas de FAQ. Las citó.

Hay una trampa: FAQPage solo funciona si el contenido del FAQ se renderiza visiblemente en la página. Schema FAQPage vacío (cosa que vi a varios intentar) es un patrón documentado de penalización, no un atajo.

## Los ocho que no hicieron nada

Aquí viene la parte que cuesta escribir.

### Person (con knowsAbout)

Realmente pensé que `knowsAbout` iba a cargar con el peso. Varias guías de LLMO lo tratan como el arma secreta para la autoridad personal. Cuando le pregunto a la IA "¿quién es experto en LLMO?", mi nombre debería estar en la respuesta, ¿no?

No lo está. En 600 queries no pude encontrar una sola cita donde el contenido citado se rastreara hasta un valor único de `knowsAbout`. Ni una.

Mi teoría actual: los motores de IA no consultan un knowledge graph estructurado como lo hace el Panel de Conocimiento de Google. Recuperan documentos y los leen. `knowsAbout: ["LLMO"]` parado en el JSON-LD no es un documento. Es metadato sobre una persona que ningún pipeline de retrieval pensó en sacar a la superficie.

Fue el hallazgo más decepcionante y el más útil. Incluir `knowsAbout` está bien — no cuesta nada — pero planear tu estrategia de LLMO basada en eso es planear para un pipeline que todavía no existe.

### Service ×4

Cuatro bloques describiendo qué hago. Cero citas rastreables hasta ellos. Los motores de IA que quisieron saber qué servicios ofrezco encontraron esa información en la prosa de mi home, no en los datos estructurados.

### Book ×2

Dos bloques describiendo mis libros publicados. Cero citas de queries sobre libros que solo pudieran haber salido del schema Book. Cuando la IA cita mis libros, es por la prosa de las páginas de LP de los libros y los listings en Amazon — ambos existen independientes del schema.

### MusicGroup

Este lo incluí por completitud. Ahora sospecho que debí incluirlo por honestidad: ya sabía en el momento que era poco probable que disparara, y no disparó. La presencia de un bloque MusicGroup en el `<head>` de mi sitio fue auto-expresión, no LLMO.

### WebSite

`WebSite` con `SearchAction` es famosamente útil para la sitelinks search box de Google, que es una feature de SEO, no de IA. En tres meses, ninguna cita de IA necesitó información que solo viviera en el bloque WebSite.

## Lo que dice la investigación más amplia

El hallazgo de tres meses coincide con lo que estoy viendo en la investigación de 2026.

[Ahrefs corrió un estudio en mayo de 2026](https://medium.com/@vicki-larson/how-structured-data-schema-transforms-your-ai-search-visibility-in-2026-9e968313b2d7) sobre 1.885 páginas que agregaron schema para ver si la tasa de cita se movía. Casi no se movió. Las páginas que ganaron citas fueron las que tenían contenido fuerte y cobertura mediática ganada; el schema por sí solo no movió la aguja.

[Investigación de BrightEdge de comienzos de 2026](https://digitalstrategyforce.com/journal/what-schema-markup-gets-you-cited-by-chatgpt-and-google-ai-mode-in-2026/) encontró que las páginas combinando Article, FAQPage, HowTo y Organization fueron 2,5 a 2,7 veces más citadas que páginas sin schema. Nota qué no está en esa lista: Person, Service, Book, MusicGroup, WebSite. Mi lista de fracasos, idéntica.

Incluso hay una advertencia. Schema genérico y a medio llenar (Organization solo con `name` y `url`, FAQPage con una pregunta, Person sin `knowsAbout`) carga una [penalización de citas de 18 puntos porcentuales](https://www.stackmatix.com/blog/structured-data-ai-search) comparado con no tener schema. Los motores de IA aparentemente tratan el schema hueco como una señal de baja calidad.

La conclusión alinea con mi medición: pocos schemas bien llenados le ganan a una colección grande de schemas a medio llenar.

## Contexto LatAm: por qué importa acá

Dos cosas cambiaron en español los últimos meses y amplifican el problema de los schemas muertos.

Primero, Google AI Overviews en español está expandiendo su cobertura — más búsquedas en español, incluidas las hechas desde México, Argentina, Colombia y Chile, empiezan a tener respuesta generada con citas. Cada cita es un espacio donde Article + FAQPage + Organization compiten por aparecer. Si no tienes esos tres, tu página simplemente no entra a la competencia.

Segundo, Perplexity ganó tracción en círculos técnicos en LatAm, en parte porque cita las fuentes de una forma que el SEO viejo no premiaba. El `dateModified` del Article pasa a ser más importante de lo que parecía: los posts técnicos en español envejecen rápido, y la señal de frescor es lo que hace la diferencia entre ser citado en mayo o ser olvidado en junio.

En otras palabras, el problema no es teórico. Aparece con más fuerza ahora para quienes escribimos en español técnico.

## Qué haría diferente

Mantendría Organization, Article y FAQPage. El tiempo ahorrado en los otros ocho lo invertiría en hacer estos tres más ricos:

- Organization: más entradas en `sameAs`, `address` real, `email` real, `foundingDate` real, `description` descriptiva
- Article: actualizaciones agresivas de `dateModified` cada vez que un post se revisa genuinamente, `author` correcto enlazado a un Person
- FAQPage: cada página con sección de Q&A debería exponerla como FAQPage con respuestas escritas para ser citables en dos o tres frases

Saltearía Person/knowsAbout, Service, Book, MusicGroup y WebSite. No porque sean dañinos — no lo son, mientras estén correctamente llenos — sino porque el costo de implementación no es cero y el retorno es error de redondeo.

La regla general que ofrecería a quien empieza en 2026: elige los tres schemas que mapean al **contenido que la IA está leyendo** — identidad corporativa (Organization), cuerpo del artículo (Article), bloques de Q&A (FAQPage). Los schemas que describen atributos abstractos de una persona o empresa sin un bloque de contenido correspondiente en la página tienden a ser ignorados.

Si quieres una forma más estructurada de decidir qué schemas le sirven a qué tipo de sitio (corporativo, medios, e-commerce), [llmoframework.com](https://llmoframework.com) organiza la elección de schema por propósito de sitio con métricas de evaluación. Es el framework que debería haber usado hace tres meses, en lugar de "más es más".

## Tres meses acumulando no fue estrategia de contenido

El patrón que veo repetirse en el consejo de LLMO es el mismo en el que caí: implementá todo, más es mejor, la IA se va a dar cuenta. La IA no se da cuenta. Lee los documentos que le entregás y busca campos que mapeen a su pipeline de retrieval. Ocho de mis 11 schemas nunca estuvieron en ese mapa.

Tres sí. Esos tres ahora están más ricos de lo que estaban cuando compartían la página con otros ocho. El blog rankea igual, ChatGPT me cita cerca del 20% más que en febrero, y mi layout de Astro está más corto.

Once schemas era un basural. Tres schemas es un sitio.

## Lectura adicional

- [llmoframework.com](https://llmoframework.com) — framework para elegir schemas por propósito de sitio
- [Investigación de citas de schema de BrightEdge (resumen Digital Strategy Force)](https://digitalstrategyforce.com/journal/what-schema-markup-gets-you-cited-by-chatgpt-and-google-ai-mode-in-2026/)
- [Estudio de schemas de Ahrefs de mayo 2026 (resumen Medium)](https://medium.com/@vicki-larson/how-structured-data-schema-transforms-your-ai-search-visibility-in-2026-9e968313b2d7)
- [Conecté el mismo sitio a 7 rastreadores de citas de IA](https://kenimoto.dev/es/blog/7-rastreadores-citas-ia-numeros-diferentes/)

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/es/)*

---

# Conecté el mismo sitio a 7 rastreadores de citas de IA. Ninguno coincidió con otro.

URL: https://kenimoto.dev/es/blog/7-rastreadores-citas-ia-numeros-diferentes/
Lang: es
Date: 2026-05-18
Description: Puse kenimoto.dev en siete plataformas de monitoreo de citas por IA durante 15 días. El número más bajo fue 38. El más alto, 312. Mismo sitio, misma ventana, misma marca. Explico por qué la brecha existe y cuál herramienta terminé pagando de verdad.

Yo pensaba que si ponía siete rastreadores de citas en paralelo, alguno me iba a dar la verdad por mayoría. Resulta que los siete me dijeron cosas distintas y la mayoría no existió. El más bajo dio 38, el más alto 312. Mismo sitio, misma ventana de 15 días, misma lista de 12 preguntas. 8,2 veces de diferencia para el mismo input.

La que terminé manteniendo costaba 29 dólares al mes. No porque fuera la más exacta. Porque era la única que era honesta sobre lo que estaba contando.


## El experimento

Yo corro kenimoto.dev en cuatro idiomas y llevo meses tratando de entender si la búsqueda por IA realmente ve mi sitio. Los trials gratuitos de las principales herramientas de citation tracking se iban acumulando en mi correo. En algún momento decidí ponerlas a correr todas a la vez sobre el mismo input y comparar.

Las reglas que me puse:

- Un solo sitio: `kenimoto.dev` (incluyendo `/ja/`, `/pt/`, `/es/`)
- Una sola ventana: del 1 al 15 de mayo de 2026, quince días
- 12 brand queries, escritas una vez y compartidas con todas las herramientas. Cosas como "mejor configuración de subagentes para Claude Code", "cómo medir citas de LLM", "stack de voice AI por debajo de 300ms de latencia"
- Cinco LLMs de interés: ChatGPT, Claude, Gemini, Perplexity, Copilot. No toda herramienta cubre las cinco, y eso pesa más de lo que parece

Escogí siete herramientas. Seis comerciales y un script que yo mismo escribí en una tarde. El número siete porque el título se escribía solo, pero también porque siete es más o menos cuántas herramientas un equipo de LLMO normal evaluaría antes de comprar una.

Las siete:

1. **Profound** (USD 499/mes plan lite, foco enterprise, SOC 2 / HIPAA)
2. **Peec AI** (EUR 89/mes, Berlín, multilingüe, más de 115 idiomas)
3. **Otterly AI** (USD 29/mes, la más barata, integración con Semrush)
4. **Bluefish AI** (cotización enterprise, foco Fortune 500)
5. **Scrunch** (rango intermedio)
6. **Semrush AI Toolkit** (incluido en la suite de SEO)
7. **Mi script de Python** (usa las APIs de OpenAI, Anthropic y Perplexity, unos USD 8/mes en llamadas)

Cargué kenimoto.dev en cada una, configuré las mismas 12 preguntas donde la interfaz lo permitía, esperé quince días y exporté el conteo de citas.

## Los números

Esto es lo que cada herramienta me reportó sobre el mismo sitio en la misma ventana:

| Herramienta          | Citas | Vs. mínimo |
| -------------------- | ----- | ---------- |
| Otterly AI           | 38    | 1,0x       |
| Script Python        | 54    | 1,4x       |
| Semrush AI Toolkit   | 71    | 1,9x       |
| Bluefish AI          | 89    | 2,3x       |
| Profound             | 147   | 3,9x       |
| Scrunch              | 203   | 5,3x       |
| Peec AI              | 312   | 8,2x       |

Entre el mínimo y el máximo hay 8,2 veces. No es "redondeo distinto". No es "fuera del intervalo de confianza". Es ocho veces.

Al principio pensé que había leído mal el export. Después fui a leer la documentación de cada herramienta sobre qué llamaba "citation". Ahí estaba la respuesta.

## Por qué los siete números no coinciden

Cuando lees las docs en paralelo, deja de ser un misterio y se vuelve un problema de definición. La brecha vive sobre cuatro ejes.

### 1. Qué se cuenta como "cita"

Este es el grande. Cada herramienta está contando algo distinto y todas lo llaman por la misma palabra.

- **Profound** sólo cuenta cuando la respuesta del LLM incluye un enlace clickeable de fuente apuntando a tu dominio. Estricto, útil para atribución. Se pierde toda mención donde el LLM hable de tu marca sin enlazar.
- **Peec AI** cuenta cualquier mención del nombre de tu marca en el texto de la respuesta, con o sin enlace. Si Perplexity dice "Ken Imoto escribió una guía útil sobre voice AI", eso es una cita, aunque no haya link. Por eso su número es el más alto.
- **Otterly AI** cuenta URLs citadas en la respuesta, parecido a Profound, pero deduplica por consulta y por día. Eso comprime el número de manera muy notoria.
- **Bluefish AI** corre un cálculo de share-of-voice contra competidores. Su "cita" está más cerca de un ranking que de un conteo.
- **Scrunch** cuenta tanto menciones como enlaces de fuente, sin deduplicación. Por eso queda en medio-alto.
- **Semrush** sólo cuenta cuando tu dominio aparece en el campo URL de la respuesta estructurada. La interpretación más rígida.
- **Mi script Python** cuenta lo que yo le digo que cuente. Hoy: "la cadena de la marca aparece en el texto de la respuesta, deduplicado por consulta, promedio de tres muestras".

Toma dos cualquiera de esas definiciones. No van a coincidir. No es falla del proveedor. Es que el campo todavía no tiene una definición compartida.

### 2. Qué LLMs muestrea cada una

Ninguna herramienta cubre los cinco LLMs que me importan.

| Herramienta  | ChatGPT | Claude | Gemini | Perplexity | Copilot |
| ------------ | ------- | ------ | ------ | ---------- | ------- |
| Profound     | sí      | no     | sí     | sí         | no      |
| Peec AI      | sí      | sí     | sí     | sí         | sí      |
| Otterly      | sí      | no     | sí     | sí         | no      |
| Bluefish     | sí      | no     | sí     | no         | sí      |
| Scrunch      | sí      | no     | no     | sí         | no      |
| Semrush      | sí      | no     | sí     | sí         | no      |
| Script Python| sí      | sí     | no     | sí         | no      |

Peec AI muestrea las cinco. Esa sola decisión les da más superficie, y es parte de por qué aparecen arriba. Scrunch sólo ve ChatGPT y Perplexity, así que un número alto desde sólo dos superficies dice otra cosa: en esas dos la presencia está siendo fuerte.

Si te interesa sólo ChatGPT, la elección del rastreador importa menos. Si te importan Gemini o Claude, la mitad de la lista se descarta sola.

### 3. Frecuencia y reglas de deduplicación

La mayoría corre cada consulta a diario. Algunas, semanalmente. Otterly corre diario pero deduplica en una ventana de 24 horas: cinco menciones en un día cuentan una. Peec AI corre diario y cuenta cada mención por separado. En 15 días y 12 consultas, eso se acumula rápido.

### 4. Si muestrea en tus idiomas

Publico en cuatro idiomas. La mayoría muestrea sólo en inglés por defecto y no toca otros idiomas a menos que configures sets de idioma de manera explícita. Peec AI fue la que me dio el número multilingüe más útil porque consulta en 115 idiomas por defecto. Las demás básicamente ignoraron mi tráfico en PT y ES, y por eso subestiman lo que realmente está pasando en LatAm y Brasil.

Para sitios en español que apuntan a usuarios de LatAm, esto pega fuerte. La mayoría de los rastreadores cubren bien sólo el inglés y eso afecta directo a la visibilidad que reportan. Si publicas contenido en español y la única herramienta que de verdad mira ese idioma es Peec AI, eso por sí solo justifica probarla antes de pagar cualquier otra.

## La conclusión aburrida: elige la definición y después la herramienta

Después de dos semanas mirando estos números, llegué a que la pregunta "cuál rastreador es el más exacto" está mal planteada. No existe una verdad absoluta para citas por IA. Cada LLM es una caja negra que devuelve respuestas levemente distintas a la misma prompt según hora, región y datacenter. No hay un Google Search Console para esto.

La pregunta correcta es: qué definición de "cita" corresponde al resultado de negocio que de verdad te interesa.

- Si quieres **tráfico de atribución** (alguien clickea un enlace), usa Profound u Otterly. Sólo cuentan citas con enlace. Los números son pequeños, pero coinciden con eventos de referrer que puedes verificar en GA4.
- Si quieres **presencia de marca** (el LLM está hablando de ti, con o sin enlace), usa Peec AI. El número se ve generoso, pero es el proxy más cercano a "ChatGPT está diciendo mi nombre en voz alta en la respuesta".
- Si quieres **posicionamiento competitivo**, Bluefish o Scrunch manejan sets de competidores de manera nativa.
- Si quieres **la verdad con presupuesto ajustado**, escribe tu propio script. El mío son 200 líneas de Python alrededor de las APIs de OpenAI, Anthropic y Perplexity, y cuesta unos USD 8 al mes. Además me da el texto crudo de la respuesta, cosa que las comerciales esconden detrás de gráficos.

Mientras el campo no acuerde una definición común, cada proveedor va a seguir contando distinto y llamándolo con la misma palabra. Una taxonomía como la que propone [llmoframework.com](https://llmoframework.com/) ayudaría aquí: un estándar para qué significa "cita", "mención" y "enlace de fuente" entre herramientas, para que los números se vuelvan comparables.

## Lo que realmente uso

Respuesta honesta: corro dos herramientas, no siete.

Me quedé con Otterly porque es barata y su definición estricta calza con lo que puedo verificar en GA4. Si Otterly dice que hubo cita y GA4 muestra un click de referrer, les creo a las dos. Me quedé también con mi script de Python porque me da el texto crudo y puedo cambiar la definición mañana si quiero.

Cancelé el resto. No porque sean malas. Porque pagar USD 499 al mes para recibir un número que no puedo reconciliar con otro número de una herramienta de USD 29 me estaba dejando peor informado, no mejor.

Si estás por gastar dinero en un rastreador de citas por IA, haz esto primero: escribe en una sola frase qué significa "cita" para ti. Después pregúntale a cada proveedor si su definición coincide con la tuya. La mayoría no responde con claridad. Esa es la respuesta.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/es/)*

---

# Dejé a mi agente Claude Code corriendo 24 horas. La cuenta de USD 400 fue lo de menos.

URL: https://kenimoto.dev/es/blog/agente-ia-autonomo-24-horas-seguridad/
Lang: es
Date: 2026-05-08
Description: Guía práctica de seguridad para agentes de IA autónomos: 4 incidentes reales mapeados al OWASP Agentic Top 10 2026, con checklist de mitigación basado en NemoClaw, sandbox y auto mode. Para equipos de LatAm que están adoptando Claude Code.

Los agentes de IA autónomos están en todas las charlas de tech LatAm en 2026. Cursor, Claude Code, v0, Replit Agents. La promesa es la misma: pásale una tarea, deja que la máquina trabaje, vuelve al rato y revisa el resultado.

Yo lo probé en serio. Activé el modo `--dangerously-skip-permissions` en Claude Code, le di una tarea real (limpiar el backlog de bugs de un proyecto personal, escribir tests, abrir PRs), instalé tres Skills del marketplace público y me fui a dormir.

Veinticuatro horas después, la factura de la API de Anthropic dio USD 400. Esa fue la línea que menos me preocupó.

Esta guía es lo que aprendí en esa misma noche, mapeado al [OWASP Top 10 para Aplicaciones Agénticas 2026](https://genai.owasp.org/resource/owasp-top-10-for-agentic-applications-for-2026/) que la OWASP publicó en diciembre de 2025. Si estás por dejar a tu primer agente correr sin supervisión, esto es lo que ojalá yo hubiera leído antes de hacerlo.

## Lo que tenía la computadora (importa para el resto)

No corrí el agente en un container limpio. Lo corrí en mi computadora de trabajo, que tenía:

- credenciales de GitHub en `~/.config/gh`
- un `.env` de otro proyecto en el que había entrado el mismo día
- una clave SSH que iba a mover de carpeta hace dos años

El agente estaba, en teoría, limitado al directorio del proyecto. Las Skills, en teoría, hacían solo lo que declaraba el manifiesto. Confié en la configuración de la misma manera que uno confía en el folleto de seguridad del avión.

## El OWASP Agentic Top 10 y por qué te importa

Antes del relato, conviene tener este mapa a mano. Los 10 riesgos del 2026 son:

| Código | Riesgo |
|---|---|
| ASI01 | Goal Hijacking (secuestro de objetivos) |
| ASI02 | Tool Misuse (mal uso de herramientas) |
| ASI03 | Identity & Privilege Abuse |
| ASI04 | Supply Chain Vulnerabilities |
| ASI05 | Unexpected Code Execution |
| ASI06 | Memory Poisoning |
| ASI07 | Insecure Inter-Agent Communication |
| ASI08 | Cascading Failures |
| ASI09 | Human-Agent Trust Exploitation |
| ASI10 | Rogue Agents |

Tres de estos diez se materializaron en mi noche. Vamos uno por uno.

## Incidente 1: la Skill con un nombre casi correcto (ASI04)

A los cuarenta minutos, el agente instaló una Skill llamada `@clawhub/docker-managr` para resolver un cambio en un Dockerfile. El mes anterior yo había usado `@clawhub/docker-manager`. Una letra de diferencia. La clase de error que tu ojo corrige sin avisarte.

La primera acción de la Skill fue leer "archivos de configuración" del proyecto. La segunda fue un POST HTTP a un servidor que no es mío. Las dos cosas estaban relacionadas.

Lo agarré porque tenía logging de tráfico saliente por otros motivos. El agente no lo agarró. El manifiesto declaraba la llamada de red como "telemetría".

En marzo de 2026, Koi Security publicó que **341 Skills typosquatadas** se subieron a ClawHub durante el evento bautizado **ClawHavoc**. Una auditoría de Snyk encontró que **el 36%** llevaba prompt injection o exfiltración. Yo había leído la noticia. La había archivado mentalmente como "algo que les pasa a otros".

Esto es **ASI04: Supply Chain Vulnerabilities**. La mitigación práctica:

- Fijar versiones de Skill, nunca usar `latest` en producción
- Leer el manifiesto antes de instalar (a mano, sí)
- Tratar cualquier nombre con una letra de diferencia respecto a uno popular como sospechoso hasta probar lo contrario
- No mirar las estrellas de GitHub. Las Skills de ClawHavoc también tenían estrellas

## Incidente 2: el rm -rf que casi pasa (ASI02 + ASI05)

Hora once de la corrida. El agente decidió que unos `node_modules` estaban viejos y ejecutó `rm -rf` sobre ellos. Concretamente sobre `$PROJECT_DIR/node_modules`. Concretamente con la variable `$PROJECT_DIR` que, por un resultado de herramienta que el agente leyó mal, había quedado vacía.

`rm -rf  /` (espacio extra, variable vacía) es exactamente el incidente documentado de diciembre de 2025, cuando Claude limpió la carpeta home de alguien por error. Anthropic [publicó su trabajo de sandboxing](https://www.anthropic.com/engineering/claude-code-sandboxing) por eso. Era un patrón de falla conocido cuando yo corrí el experimento.

Lo agarré porque tenía `safe-rm` aliasado y el comando se trabó en la barra. Lo agarré yo. El agente no lo iba a agarrar. La Skill que ejecutó el comando ni siquiera validó la ruta.

Esto es **ASI02: Tool Misuse** combinado con **ASI05: Unexpected Code Execution**. La mitigación es sandbox, no confianza:

```bash
# Container con red bloqueada para tareas offline
docker run -it --rm \
  -v $(pwd):/workspace \
  -e ANTHROPIC_API_KEY \
  --network none \
  claude-code-sandbox

# Cuando se necesita red, va por proxy con allowlist
docker run -it --rm \
  -v $(pwd):/workspace \
  -e ANTHROPIC_API_KEY \
  -e HTTP_PROXY=http://egress-proxy:8080 \
  claude-code-sandbox
```

Anthropic [introdujo el auto mode](https://www.anthropic.com/engineering/claude-code-auto-mode) en marzo de 2026 precisamente para resolver este tipo de footgun. Sus mediciones internas dicen que el sandbox reduce los prompts de permiso un 84%, y eso coincide con lo que veo en la práctica.

## Incidente 3: el .env que casi llega a GitHub (ASI03 + ASI04)

Esta es la más vergonzosa, así que voy a ser breve.

El agente decidió que un archivo de configuración de un proyecto vecino sería "contexto útil" para el README que estaba escribiendo. Leyó el archivo. Era un `.env`. El README terminó commiteado en un repositorio público. El README tenía un bloque de código marcado como `env`. El bloque tenía una clave de API real.

Los pre-commit hooks lo agarraron. Hooks que había configurado seis meses atrás por otro motivo. Si hubieran estado apagados, la clave habría estado en GitHub unos noventa segundos antes de que push protection avisara. Noventa segundos más de lo que yo quiero cualquier credencial mía expuesta.


Esto es **ASI03: Identity & Privilege Abuse** sumado a **ASI04** otra vez. El agente no exfiltró la clave a propósito. La exfiltró como una ilustración útil. La mitigación pasa por archivos de exclusión:

```bash
# .clawignore (también vale .agentignore)
.env
.env.*
*.pem
*.key
credentials.json
secrets/
~/.ssh/
~/.config/gh/
```

Sí, puedes poner rutas por encima de la raíz del proyecto. Tu agente las respeta por convención, no por la fuerza. Por eso el sandbox va primero y el ignore file va segundo.

## Checklist práctico: cuatro capas de defensa

Después de las 24 horas, dejé de fingir que le había dado autonomía al agente. Le di una correa con cuatro broches.

**Capa 1: Sandbox.** El agente corre dentro de un container. Los mounts son explícitos. `--network none` para tareas que no necesitan internet. Cuando necesita red, va por un proxy de salida con allowlist. Parece pesado. Tarda una hora en configurarse una vez y te ahorra el resto de tu carrera.

**Capa 2: Guardrails de input/output.** [NemoClaw](https://docs.nvidia.com/nemo-guardrails/) (NVIDIA) agrega una capa de detección de prompt injection y de PII en la entrada, y bloqueo de comandos peligrosos y enmascaramiento de secretos en la salida. Configuración mínima:

```yaml
# nemoclaw.yaml
guardrails:
  input:
    - prompt_injection_detection: true
    - pii_detection: true
  output:
    - harmful_command_block: true
    - secret_masking: true
```

[IronClaw](https://near.ai/ironclaw) (NEAR AI) hace algo parecido con un enfoque de zero-trust sandbox por Skill, donde cada Skill corre aislada y la comunicación entre Skills requiere permiso explícito.

**Capa 3: Auto mode, no YOLO mode.** El [auto mode de Anthropic](https://www.anthropic.com/engineering/claude-code-auto-mode) reduce los prompts de permiso pero bloquea los peligrosos (delete fuera del proyecto, red a hosts no permitidos, patrones de shell que coinciden con footguns conocidos). Es la primitiva correcta. El YOLO mode (`--dangerously-skip-permissions`) tiene `dangerously` en el nombre por una razón.

**Capa 4: Pre-commit hooks.** [git-secrets](https://github.com/awslabs/git-secrets), [trufflehog](https://github.com/trufflesecurity/trufflehog), [gitleaks](https://github.com/gitleaks/gitleaks). El que use tu equipo. El agente eventualmente va a intentar commitear algo que no debería. El hook es la segunda línea de defensa después del ignore file (que es la primera). No hay tercera línea. La tercera línea es "soporte de GitHub".

## Por qué importa especialmente en LatAm

Dos motivos prácticos para los equipos de la región.

**Adopción rápida, gobernanza más lenta.** Cursor, v0, Replit y Claude Code se adoptaron en LatAm con la misma velocidad que en EE. UU., pero el guardrail (NemoClaw, IronClaw, auto mode) llegó después. Hay un hueco entre el uso en la punta y el control en el medio. Esta guía es para tapar un pedacito de ese hueco.

**Regulación local emergente.** La LGPD en Brasil, la Ley 25.326 en Argentina, la Ley 21.719 en Chile (vigente desde diciembre 2026), la Ley Federal de Protección de Datos en México. Ninguna habla de "agente de IA" explícitamente, pero todas exigen "medida técnica adecuada" para tratar datos personales. Si tu agente exfiltra un `.env` con credenciales que dan acceso a datos de clientes, "el agente decidió solo" no es defensa.

## La conclusión que me llevo

La razón por la que la cuenta de USD 400 fue lo de menos es que esa cuenta es recuperable. La lees, la discutes, la pagas. Las credenciales no funcionan así. Una vez que salen de la computadora, no vuelven.

Yo entré a las 24 horas esperando aprender sobre capacidad de agente. Salí con una checklist. La checklist es más útil que la capacidad.

Si vas a correr tu primer agente sin supervisión, el encuadre correcto no es "qué tareas puede hacer el agente". El encuadre correcto es "cuál de los 10 riesgos de OWASP atrapa mi configuración actual". Si la respuesta es "no estoy seguro", primero el sandbox, después el experimento.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/es/)*

---

# Audité 30 archivos llms.txt en producción. 5 anti-patrones ya se están formando.

URL: https://kenimoto.dev/es/blog/auditoria-30-archivos-llms-txt-5-anti-patrones/
Lang: es
Date: 2026-05-11
Description: Subí mi tercer llms.txt este mes y me sentí productivo. Después abrí 30 archivos llms.txt de Anthropic, Stripe, Vercel y Cloudflare. La mayoría están rotos de las mismas cinco maneras — incluyendo 3 míos.

Subí mi tercer `llms.txt` este mes y me sentí injustamente productivo. Ese tipo de productividad donde cierras la computadora, te sirves un café y tienes cara de que ya resolviste solo el problema de búsqueda con IA.

Después abrí 30 archivos `llms.txt` en producción de las empresas que la gente cita cuando quiere convencer a alguien de que "mira, los equipos serios ya hacen esto". Anthropic. Stripe. Vercel. Cloudflare. Hugging Face. Mintlify. Astro. Linear.

24 de los 30 tenían al menos uno de cinco problemas. Tres de esos problemas yo también los había cometido.

El café se enfrió.

Este artículo es una guía práctica. Si tú quieres auditar tu propio `llms.txt` antes de que un agente de IA lo descarte en silencio, acá tienes el procedimiento completo, los cinco patrones más comunes y un script bash mínimo para automatizar la revisión.

## Cómo hice la auditoría

El montaje fue vergonzosamente simple. Tomé 30 dominios con `llms.txt` público que importan para personas que desarrollan en 2026: labs de IA, infra de nube, herramientas de desarrollo. Hice `curl` a cada uno. Leí cada archivo con la cabeza de un LLM tratando de usarlo. Anoté lo que estaba mal.

No es ciencia. Es lunes por la noche con la terminal abierta. Pero los patrones aparecieron tan rápido que paré en los 30. Los siguientes diez iban a ser más de lo mismo.

Como referencia: el [estudio de SE Ranking con 300 mil dominios de marzo de 2026](https://seranking.com/blog/llms-txt/) encontró cerca de 10% de adopción. La [guía de codersera de mayo de 2026](https://codersera.com/blog/llms-txt-complete-guide-2026/) estima 844 mil sitios con crecimiento de 500% anual. **La adopción está ganando la carrera. La calidad la está perdiendo.**


### Script de auditoría mínimo

Antes de los patrones, te dejo el script que usé. Quince líneas, sin dependencias raras. Pásale una lista de dominios y te dice los errores más obvios.

```bash
#!/bin/bash
# audit-llms-txt.sh — auditoría mínima de llms.txt
# Uso: ./audit-llms-txt.sh dominios.txt

while read DOMAIN; do
  URL="https://${DOMAIN}/llms.txt"
  CONTENT=$(curl -sL --max-time 10 "$URL")
  SIZE=$(echo "$CONTENT" | wc -c)
  LINKS=$(echo "$CONTENT" | grep -cE '^\s*-\s*\[')
  MD_LINKS=$(echo "$CONTENT" | grep -cE '\.md\)')

  if [ -z "$CONTENT" ]; then
    echo "[FALTA] $DOMAIN"
    continue
  fi

  echo "[$DOMAIN] tamaño=${SIZE}B enlaces=${LINKS} con_md=${MD_LINKS}"
  [ "$SIZE" -gt 10240 ] && echo "  AVISO: tamaño > 10KB (anti-patrón 1)"
  [ "$LINKS" -gt 20 ]   && echo "  AVISO: más de 20 enlaces (anti-patrón 1)"
  [ "$MD_LINKS" -eq 0 ] && echo "  AVISO: ningún enlace .md (anti-patrón 3)"
done < "$1"
```

Esto no cubre los cinco patrones, pero atrapa los dos más comunes en menos de un minuto sobre 30 dominios. Para los otros tres patrones necesitas leer el archivo con tu propia cabeza.

## Los cinco anti-patrones

### Anti-patrón 1: "Vaciar todo el sitio"

El más común, y el que yo más cometí. La persona autora trata `llms.txt` como un segundo sitemap. 800 enlaces. 1.200 enlaces. Un archivo que abrí tenía cada post de blog desde 2019, plano, sin prioridad, sin agrupar.

El punto entero de `llms.txt` es que el `sitemap.xml` ya hace eso. Cuando la spec dice "10KB recomendado" no está siendo amable con el tamaño del archivo. Está diciendo: **si el LLM no puede leer el archivo entero dentro de una ventana de contexto con presupuesto sobrante para la pregunta real, no ayudaste, solo moviste el problema de lugar.**

La corrección es brutal: elige 10 a 20 enlaces. No 50. No "secciones principales más algunos extras". 10 a 20. Todo lo demás va a `## Optional` o se queda en el `sitemap.xml`.

Si tu producto tiene mucha documentación, usa el patrón de Cloudflare: un `llms.txt` raíz delgado que apunta a un `llms.txt` por producto. Cada uno cabe en el presupuesto. El agente solo descarga lo que necesita. **Nadie lee la enciclopedia entera para arreglar una llave de agua.**

### Anti-patrón 2: "Contradice al robots.txt"

Abre el `robots.txt`. Abre el `llms.txt`. Compara las rutas. **Cerca de un tercio de los archivos que audité listan URLs en el `llms.txt` que están explícitamente `Disallow`-eadas en el `robots.txt`** para los crawlers que más probablemente leerían el `llms.txt`.

El ejemplo más doloroso: un sitio de documentación que bloquea `GPTBot` y `ClaudeBot` de `/docs/` en el `robots.txt`, y después lista 40 URLs de `/docs/*` en el `llms.txt`. El archivo dice "esto importa". El `robots.txt` dice "no puedes pasar". El crawler obedece al `robots.txt`. El `llms.txt` es decoración.

Esto suele pasar cuando los dos archivos los mantienen equipos distintos (o la misma persona en meses distintos). La corrección son cinco minutos con los dos archivos abiertos en pantalla: cada URL en el `llms.txt` necesita estar permitida en el `robots.txt` para cada crawler de IA que de verdad quieres que la lea.

Si genuinamente quieres bloquear crawlers de IA, está bien, pero entonces **no escribas también para ellos un directorio cortés con tus páginas favoritas.**

### Anti-patrón 3: "Solo enlaces HTML, sin .md"

La propuesta original de Jeremy Howard incluye una convención inteligente: cualquier URL con `.md` agregado debería devolver una versión Markdown limpia de la página, sin nav, sin ads, sin bundle de JavaScript. El patrón `.html.md`.

Casi nadie lo hace. En mis 30 archivos, solo 6 servían algún acompañante `.md`. Los otros 24 le entregan al LLM un enlace a una página HTML que el crawler **no puede parsear bien porque [no ejecuta JavaScript](https://kenimoto.dev/es/blog/ingenieria-de-contexto-vs-prompt/).**

Stripe lo hace bien: cada URL de docs tiene un gemelo `.md` y el `llms.txt` apunta a la versión `.md`. La sección de [Reference Templates de llmoframework.com](https://llmoframework.com) marca esto como **lo de mayor palanca que la mayoría de los equipos está saltándose**, porque es la diferencia entre "la IA encuentra la página" y "la IA puede leer lo que hay en ella".

La corrección depende de tu stack. Para Astro y Next.js, generar versiones `.md` en build time son 30 líneas. Para CMS dinámicos, una edge function que devuelve la serialización markdown en el sufijo `.md` resuelve. **De cualquier forma, es el anti-patrón con mayor diferencia entre esfuerzo y resultado.**

### Anti-patrón 4: "Teatro de página About"

Ocho de los 30 archivos usaban el cuerpo entero del archivo como pitch de marketing. Tres párrafos sobre la misión de la empresa. Una cita del fundador. La historia de la marca. Y dos enlaces. Contenido total: "somos líderes visionarios en el espacio AI-native".

Los LLMs no compran tu vibra. Necesitan punteros a contenido. El H1 y la cita en blockquote son el lugar para "qué es este sitio". Todo lo demás debería ser **enlaces a páginas específicas con descripciones específicas**. Si tu `llms.txt` parece una homepage, escribiste una homepage.

El [estudio GEO de Princeton sobre las 9 formas de ser citado por IA](https://kenimoto.dev/es/blog/spec-driven-development-asistentes-ia-guia-latam/) golpea el mismo punto del lado del contenido: las afirmaciones vagas no son citadas, las afirmaciones específicas con fuentes sí. La misma lógica aplica al propio `llms.txt`.

### Anti-patrón 5: "Congelado en 2024"

Cinco de los archivos que audité tenían señales visibles de haber sido subidos una vez y nunca más tocados. Enlaces a páginas con 404. Nombres de productos que ya no existen. Fechas que ponen la última actualización significativa en 2024, cuando `llms.txt` era una propuesta de seis meses de vida y "búsqueda por IA" todavía era algo que Perplexity tenía que explicarle a la gente.

`sitemap.xml` se auto-genera. `robots.txt` rara vez cambia. `llms.txt` vive en un punto medio raro: **curado a mano como documentación, pero con el mismo riesgo de obsolescencia que un README que dice "usamos Yarn" cuando el equipo migró a pnpm hace un año.**

La corrección es automatización, no disciplina. Agrega un check de CI que marca 404 en las URLs que tu `llms.txt` lista. Regenera la sección de "artículos destacados" desde tu analítica cada trimestre. **Trata el archivo como artefacto de configuración, no como entregable de lanzamiento.**

El [análisis de Mintlify sobre ejemplos reales de llms.txt](https://www.mintlify.com/blog/real-llms-txt-examples) marcó este como el segundo patrón más común en su base de clientes. El primero fue el Anti-patrón 1. **Esos son los dos para atacar esta semana.**

### Contexto LatAm

Hice `curl` a varios dominios latinoamericanos y de España también. mercadolibre.com no tiene `llms.txt` (snapshot de mayo 2026). rappi.com tampoco. despegar.com idem. globant.com idem. mercadopago.com idem.

Esto se puede leer de dos formas. "LatAm está atrasada" es la lectura desanimada. **"La persona que suba un `llms.txt` decente ahora todavía agarra ventaja de early adopter en el mercado regional"** es la lectura constructiva. Yo me quedo con la segunda. En español, mayo de 2026, este sigue siendo terreno casi virgen entre productos de software grandes.

## Los tres que yo subí

Sección de la honestidad. De mis tres `llms.txt`:

- Uno tenía 47 enlaces. Anti-patrón 1.
- Uno apuntaba a URLs solo HTML porque yo no había configurado el gemelo `.md` todavía. Anti-patrón 3.
- Uno llevaba 4 meses sin actualizarse y listaba un post con un slug que yo había renombrado. Anti-patrón 5 más una cadena de 301 de postre.

No noté nada de esto hasta estar tres cuartos del camino leyendo archivos ajenos. La auditoría iba a ser sobre los demás. Terminó siendo sobre mí. Hay alguna lección ahí adentro, pero todavía estoy en la fase de la vergüenza y no la pude formular.

## Qué cambió después de arreglar dos

Arreglé dos. El de 47 enlaces se redujo a 16 enlaces más una sección `## Optional`. El que solo apuntaba a HTML ganó gemelos `.md` para las 16 URLs destacadas vía un build hook de Astro (unas 25 líneas, más fácil de lo que esperaba).

No te puedo decir "las citaciones de IA subieron X%" porque el archivo tiene una semana de vida y medir citación a este volumen es ruidoso. Lo que sí puedo decir es que ahora el archivo pasa un test de olfato que debería haber aplicado el día uno: **"¿un modelo con ventana de contexto de 200K y diez pestañas abiertas preferiría este archivo al anterior?" Sí. Obviamente sí. El anterior era ilegible.**

## La posición honesta sobre llms.txt

Las personas escépticas tienen parte de razón. El estudio de SE Ranking de 300K dominios no encontró un lift mensurable en citación. Los LLMs principales no confirman públicamente que descargan el archivo. La spec no tiene sello del W3C.

Las personas escépticas también están parcialmente equivocadas. Los agentes de IDE (Cursor, Cline, Continue), parte de los motores de búsqueda con IA, y una lista creciente de integraciones MCP leen `llms.txt` hoy. **La opcionalidad es real y el costo son quince minutos.**

La pregunta real para 2026 no es "¿debo subir un `llms.txt`?". Esa pregunta ya la resolvió el cálculo costo-beneficio. La pregunta es **si el archivo que subes le da algo útil a un LLM o lo entrena para ignorar tu dominio.** Los anti-patrones 1 al 5 son la diferencia entre esos dos desenlaces.

## Checklist práctica para esta semana

Si todavía no subiste uno, empieza por las bases. Si ya subiste, pasa el tuyo por la auditoría de cinco preguntas:

1. ¿Está bajo 10KB y bajo 20 enlaces (excluyendo `## Optional`)?
2. ¿Todas las URLs listadas pasan en `robots.txt` para `GPTBot` y `ClaudeBot`?
3. ¿Al menos las 5 URLs principales tienen un gemelo `.md`?
4. ¿El cuerpo apunta a páginas específicas, no a copy genérico de marketing?
5. ¿Fue actualizado en los últimos 90 días?

Si sacas 5 de 5, estás en el top 6 de los 30 sitios que miré, o sea en el top 20% de una muestra ya auto-seleccionada. Si sacas 3 o menos, **tienes la misma tarde de lunes esperándote.**

Estoy escribiendo mi cuarto `llms.txt` esta semana. Voy a pasarlo por esta lista antes de publicar. No me voy a sentir productivo después. Me voy a sentir como alguien que aprendió la misma lección tres auditorías seguidas.

Eso, me dicen, es como funciona la ingeniería.

## Referencias

- [Especificación llms.txt (Answer.AI)](https://llmstxt.org/): propuesta original de Jeremy Howard
- [Estudio SE Ranking 300K dominios](https://seranking.com/blog/llms-txt/): adopción y efecto en citaciones
- [Mintlify ejemplos reales](https://www.mintlify.com/blog/real-llms-txt-examples): patrones y errores de empresas líderes
- [llmoframework.com](https://llmoframework.com): framework LLMO completo con Reference Templates

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/es/)*

---

# Brave Search LLM Context API: integración paso a paso para tu agente de IA

URL: https://kenimoto.dev/es/blog/brave-search-llm-context-api-agente-ia/
Lang: es
Date: 2026-06-09
Description: El motor de búsqueda que tu agente de IA realmente usa no es Google ni Bing. Con Python y el Anthropic SDK lo conectas en 15 minutos. Guía práctica para probar hoy.

La primera vez que abrí el panel de red de mi agente para ver de dónde sacaba la información, esperaba ver a Google. O al menos a Bing. Lo que encontré fue `api.search.brave.com`. Me quedé mirando la pantalla un rato largo, con la sensación incómoda de haber estado usando algo durante meses sin saber qué era. Resulta que el motor de búsqueda detrás de buena parte de las herramientas de IA que ya uso a diario no era ninguno de los dos sospechosos habituales.

Si tú también das por hecho que tu agente consulta a Google por debajo, sigue leyendo. En esta guía conecto el **Brave LLM Context API** con Python y el Anthropic SDK, paso a paso, y lo dejo listo para producción. Tiempo estimado de la versión mínima: 15 minutos. Tiempo que tardé yo la primera vez, entre leer la documentación y entender por qué fallaba mi token: bastante más, pero para eso está este artículo.

## Por qué Brave y no otro

Empecemos por el contexto, porque importa para entender qué estás conectando.

El 11 de agosto de 2025, Microsoft retiró por completo las Bing Search APIs. No fue una deprecación suave con dos años de aviso: nuevos registros cerrados, recursos existentes deshabilitados, fin de la historia ([Microsoft Learn](https://learn.microsoft.com/en-us/lifecycle/announcements/bing-search-api-retirement)). Para mucha gente que tenía aplicaciones de IA apoyadas en Bing, fue como llegar al estacionamiento y descubrir que la salida estaba tapiada.

¿Por qué te cuento esto? Porque cambió el mapa. Google no abre su índice web de forma amplia para fundamentar respuestas de IA: su Programmable Search Engine está pensado para casos acotados, no para alimentar un agente o un sistema de RAG. Con Bing fuera, el catálogo de APIs comerciales con un índice web propio, grande e independiente se quedó muy corto. Y ahí es donde Brave Search ocupó el espacio.

Las razones prácticas para elegir Brave hoy son concretas:

- **Índice propio e independiente**: alrededor de 40 mil millones de páginas, sin depender de Google ni de Bing por debajo ([Brave](https://brave.com/blog/most-powerful-search-api-for-ai/)).
- **Adopción real**: herramientas que muchos usamos a diario lo usan como backend de búsqueda. No es una promesa de la hoja de ruta, es la red que ya estás golpeando sin darte cuenta.
- **Privacidad por arquitectura**: como Brave controla toda la cadena, desde el rastreador hasta el endpoint, puede ofrecer retención cero de datos. Las APIs que en realidad son scrapers de Google o Bing no pueden prometer lo mismo, porque la consulta termina viajando a un tercero que no controlan.

No necesitas creerte que Brave es mejor en abstracto. Necesitas saber que, si tu agente va a buscar en la web en 2026, esta es una de las pocas puertas que siguen abiertas y que está diseñada para lo que tú quieres hacer.

## Qué hace distinto al LLM Context API

El detalle que de verdad cambia tu código está en qué formato recibe el modelo.

Una API de búsqueda web tradicional está pensada para humanos: te devuelve título, URL y un fragmento corto, y se asume que tú vas a hacer clic y leer. Para un modelo de lenguaje, ese formato es trabajo extra: tienes que descargar cada página, limpiar el HTML, recortar la basura de navegación y publicidad, y recién entonces pasarle algo útil al modelo.

El **LLM Context API**, que Brave lanzó el 12 de febrero de 2026, le da la vuelta a eso ([Brave](https://brave.com/search/api/)). En lugar de URLs y fragmentos, devuelve contenido ya extraído, troceado y ordenado por relevancia, listo para que el modelo lo consuma directo. Por dentro hace tres cosas en cada consulta:

1. **Busca** en el índice independiente de Brave.
2. **Extrae** el contenido real de cada página y lo convierte en fragmentos limpios: texto, tablas con granularidad de fila, bloques de código (pensado a propósito para agentes de programación), discusiones de foros tipo Stack Overflow e incluso subtítulos de YouTube.
3. **Ordena** esos fragmentos por relevancia con sus propios modelos.

Y lo hace rápido: Brave reporta menos de 130 ms de sobrecarga en el percentil 90 sobre una búsqueda normal, con una latencia total por debajo de 600 ms en p90 ([Brave](https://brave.com/blog/most-powerful-search-api-for-ai/)). Para un agente que encadena varias llamadas, esos milisegundos se suman, así que el número importa.


Hay un detalle que conviene subrayar si además de consumir contenido tú publicas contenido: en el paso de extracción, Brave prioriza los datos estructurados en **JSON-LD** por encima de casi todo lo demás. O sea, las páginas con `schema.org` bien puesto entran primero en el contexto que recibe el modelo. Lo menciono porque, si tienes un blog técnico, esto convierte una etiqueta `<script type="application/ld+json">` de "estaría bien tenerla" a "ponla ya". Lo desarrollé en otro artículo sobre [por qué la IA cita pasajes y no páginas enteras](/es/blog/ranking-pagina-no-importa-ia-cita-pasajes/).

## La versión mínima: tu primera llamada

Vamos al código. Lo más simple que puedes hacer es una llamada directa al endpoint. Necesitas una llave de API, que sacas del panel de Brave (hablo del costo más abajo).

```bash
curl -s "https://api.search.brave.com/res/v1/llm/context?q=mejores+practicas+seguridad+kubernetes+2026" \
  -H "Accept: application/json" \
  -H "X-Subscription-Token: TU_API_KEY"
```

En Python, la versión mínima de verdad cabe en unas pocas líneas:

```python
import requests

def brave_context(query: str, api_key: str) -> dict:
    """Trae contexto pre-extraído del LLM Context API de Brave."""
    resp = requests.get(
        "https://api.search.brave.com/res/v1/llm/context",
        headers={"Accept": "application/json", "X-Subscription-Token": api_key},
        params={"q": query, "maximum_number_of_tokens": 4096},
        timeout=30,
    )
    resp.raise_for_status()
    return resp.json()
```

Eso es todo lo que separa a tu computadora del índice de Brave. El parámetro `maximum_number_of_tokens` controla cuánto contexto te devuelve: el valor por defecto es 8192 y el rango va de 1024 a 32768. Para llamadas de agente que tienen que responder rápido, un presupuesto chico mantiene la respuesta ágil; para investigación profunda, lo subes ([documentación de Brave](https://api-dashboard.search.brave.com/documentation/services/llm-context)).

La respuesta trae los fragmentos en `grounding` y la lista de fuentes en `sources`. Confieso que mi primer intento devolvió un error 422 porque mandé una query de más de 50 palabras: el límite es 400 caracteres y 50 palabras. Si vas a pasarle la pregunta entera del usuario sin filtrar, conviene recortarla antes.

## Conectarlo a Claude con el Anthropic SDK

Una llamada suelta está bien, pero lo que quieres es que el **modelo decida** cuándo buscar. Para eso usamos el patrón de uso de herramientas del Anthropic SDK: le describimos a Claude una herramienta de búsqueda, y cuando el modelo decide que necesita información de la web, nos pide que la ejecutemos.

Primero defines la herramienta y haces la primera llamada al modelo:

```python
import anthropic

client = anthropic.Anthropic()  # lee ANTHROPIC_API_KEY del entorno

BUSQUEDA_WEB = {
    "name": "buscar_web",
    "description": "Busca contexto actualizado en la web. Úsala para hechos recientes o que cambian con el tiempo.",
    "input_schema": {
        "type": "object",
        "properties": {"query": {"type": "string", "description": "La consulta de búsqueda"}},
        "required": ["query"],
    },
}

def preguntar(mensaje: str, api_key_brave: str) -> str:
    historial = [{"role": "user", "content": mensaje}]
    resp = client.messages.create(
        model="claude-opus-4-6",
        max_tokens=1024,
        tools=[BUSQUEDA_WEB],
        messages=historial,
    )
```

Cuando Claude responde con `stop_reason == "tool_use"`, significa que quiere que ejecutes la búsqueda. Tú llamas a Brave, le devuelves el resultado, y el modelo redacta la respuesta final con ese contexto:

```python
    while resp.stop_reason == "tool_use":
        historial.append({"role": "assistant", "content": resp.content})
        resultados_tool = []
        for bloque in resp.content:
            if bloque.type == "tool_use" and bloque.name == "buscar_web":
                contexto = brave_context(bloque.input["query"], api_key_brave)
                fragmentos = [
                    s for fuente in contexto.get("grounding", {}).get("generic", [])
                    for s in fuente.get("snippets", [])
                ]
                resultados_tool.append({
                    "type": "tool_result",
                    "tool_use_id": bloque.id,
                    "content": "\n\n".join(fragmentos)[:6000],
                })
        historial.append({"role": "user", "content": resultados_tool})
        resp = client.messages.create(
            model="claude-opus-4-6",
            max_tokens=1024,
            tools=[BUSQUEDA_WEB],
            messages=historial,
        )

    return "".join(b.text for b in resp.content if b.type == "text")
```

Y ya está. El modelo decide cuándo buscar, tú le acercas el contexto de Brave, y Claude responde fundamentado en datos frescos en vez de en lo que recordaba de su entrenamiento. La parte de "agente de IA" que suena tan sofisticada en las presentaciones es, vista de cerca, este bucle `while`. A veces la magia es solo un lazo que se repite hasta que el modelo deja de pedir cosas.

## Llevarlo a producción sin sustos en la factura

Hasta aquí tienes algo que funciona en tu equipo. Antes de soltarlo en producción, dos cosas que aprendí a las malas: caché y límites de tasa.

### Caché: tu primera línea de defensa contra la factura

Aquí toca hablar de plata, y con una corrección importante respecto a guías más viejas. Brave **eliminó su nivel gratuito** el 12 de febrero de 2026. Hoy el modelo es de facturación medida: cada plan incluye 5 dólares de créditos mensuales (alcanza para unas 1,000 búsquedas), y a partir de ahí se cobra a 5 dólares por cada 1,000 llamadas ([implicator.ai](https://www.implicator.ai/brave-drops-free-search-api-tier-puts-all-developers-on-metered-billing/)). El dato que de verdad te tiene que quitar el sueño: la tarjeta que registraste como "verificación de identidad" ahora es un instrumento de cobro activo y no hay tope de gasto por defecto.

Traducción para tu agente autónomo: un bucle mal puesto que dispara búsquedas en cada iteración puede convertir una madrugada tranquila en una factura sorprendente. El antídoto más simple es la caché. Muchas consultas se repiten, y no tiene sentido pagar dos veces por la misma pregunta en una ventana corta:

```python
import hashlib, time

_cache: dict[str, tuple[float, dict]] = {}
TTL = 3600  # una hora; ajústalo a qué tan fresco necesitas el dato

def brave_context_cacheado(query: str, api_key: str) -> dict:
    clave = hashlib.sha256(query.lower().strip().encode()).hexdigest()
    ahora = time.time()
    if clave in _cache and ahora - _cache[clave][0] < TTL:
        return _cache[clave][1]
    datos = brave_context(query, api_key)
    _cache[clave] = (ahora, datos)
    return datos
```

Un diccionario en memoria sirve para un proceso único. Si tienes varios procesos o reinicios frecuentes, mueve esto a Redis con el mismo esquema de clave por hash. El TTL es la perilla que de verdad importa: una hora está bien para noticias, pero para documentación técnica que cambia poco puedes subirlo a un día y ahorrar de verdad.

### Límites de tasa: respeta la ventana

Brave aplica un límite de tasa con una ventana deslizante de un segundo. Si tu agente lanza ráfagas de búsquedas en paralelo, vas a chocar con errores 429. La defensa estándar es reintentar con espera exponencial, respetando los encabezados de la respuesta:

```python
import time, requests

def brave_context_robusto(query: str, api_key: str, reintentos: int = 3) -> dict:
    for intento in range(reintentos):
        try:
            return brave_context_cacheado(query, api_key)
        except requests.HTTPError as e:
            if e.response.status_code == 429 and intento < reintentos - 1:
                time.sleep(2 ** intento)  # 1s, 2s, 4s
                continue
            raise
```

Con caché y reintentos ya tienes algo que no se cae al primer pico de tráfico ni te vacía la cuenta en una noche. No es glamoroso, pero es la diferencia entre una demo y un servicio.

## Para probar hoy

Si te queda una hora libre, este es el camino corto:

1. Saca una llave de API en el panel de Brave y guárdala como variable de entorno.
2. Copia la función `brave_context` y haz una llamada con cualquier pregunta que tenga respuesta reciente.
3. Compara los resultados con lo que te daría Google para la misma consulta: vas a ver sitios distintos en otro orden. Ese es justo el contenido que tu agente ve y tú no.
4. Si publicas contenido técnico, abre tu propio blog en `search.brave.com` y mira cómo aparece. Yo descubrí que un artículo que en Google estaba arriba, en Brave no salía, y al revés.

El punto de fondo es sencillo: el motor de búsqueda que alimenta a tu IA dejó de ser una caja negra de Google. Es un endpoint que puedes llamar, medir y ajustar tú mismo. Y por una vez, conectarlo de verdad cabe en una tarde.

Si quieres seguir por el lado de cómo se ve tu contenido para estos sistemas, escribí sobre [cuántas IAs citaron mi blog y por qué solo 3 de 31 lo hicieron](/es/blog/11-json-ld-solo-3-citados/).

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/es/)*

---

# Los 5 crawlers de IA que más golpearon mis sitios en 30 días - lo que los logs me dijeron sobre LLMO

URL: https://kenimoto.dev/es/blog/cinco-crawlers-ia-golpearon-mi-sitio-30-dias/
Lang: es
Date: 2026-05-17
Description: Pensaba que robots.txt era la frontera. Entonces empecé a leer los logs del servidor. Treinta días, tres sitios, 14.300 visitas de crawlers de IA. Lo que la columna User-Agent me enseñó sobre LLMO, con los comandos de Cloudflare y Nginx para que lo reproduzcas paso a paso.

Pensaba que `robots.txt` era la frontera. Tres líneas de `Disallow:` y listo, le había avisado a los bots de IA dónde podían entrar y dónde no. Volví a escribir sobre medir LLMO, tasa de citación y tráfico de IA en GA4.

Después abrí los logs de acceso de tres sitios míos y la imagen que tenía en la cabeza se cayó sola.

Esta guía es lo que aprendí leyendo treinta días de logs crudos de servidor de `kenimoto.dev`, `kaoriq.com` y `llmoframework.com`. Cinco User-Agents dominaron todo. El patrón de tráfico de cada uno me contó más sobre mi posición en LLMO que cualquier dashboard de GA4.


## Por qué me puse a leer logs

La mayoría de los consejos sobre medir LLMO te empuja al lado de salida: si ChatGPT te citó, si Perplexity puso el link, si Google AI Overviews te mostró. Es el lado de la citación.

El otro lado, el de entrada, donde los servicios de IA efectivamente bajan HTML de tu servidor, es invisible en GA4. Un crawler de IA no ejecuta JavaScript. No dispara gtag. Aparece en el log HTTP crudo y en ningún otro lado.

Llevaba meses escribiendo sobre LLMO y no había mirado ni una vez el lado del embudo que yo realmente controlo. Así que exporté 30 días de logs de Cloudflare (`kenimoto.dev`, `kaoriq.com`) y de Vercel (`llmoframework.com`), hice grep de los User-Agents conocidos de IA, y empecé a contar.

El total: **14.300 visitas de crawlers de IA en tres sitios en 30 días.** Más o menos 477 visitas por día por sitio. Más de lo que esperaba. Probablemente pocas dentro de seis meses.

## Los 5 crawlers que más me golpearon

Acá va el ranking. Las visitas están deduplicadas por `(timestamp, path, IP)` para que los reintentos de caché no inflen el conteo.

| Puesto | User-Agent | Visitas en 30d | Operador | Para qué sirve |
|--------|------------|----------------|----------|----------------|
| 1 | `GPTBot` | 4.212 | OpenAI | Datos de entrenamiento |
| 2 | `ClaudeBot` | 3.108 | Anthropic | Entrenamiento + retrieval |
| 3 | `PerplexityBot` | 2.790 | Perplexity | Índice de respuestas |
| 4 | `OAI-SearchBot` | 2.043 | OpenAI | Citaciones de ChatGPT Search |
| 5 | `Google-Extended` | 1.387 | Google | Entrenamiento de Gemini |

Cinco User-Agents, 13.540 visitas. O sea, **94,7%** del tráfico total de IA. El 5,3% restante es cola larga: `Bytespider`, `Applebot-Extended`, `Meta-ExternalAgent`, `Amazonbot`, `cohere-ai`, un puñado de `Claude-User`, y dos visitas de algo que se identificaba como `anthropic-ai` (el UA viejo que Anthropic supuestamente retiró).

Antes de leer el ranking como ley: estos son **mis** datos, tres sitios chicos, contenido técnico en inglés y japonés mayormente. Tu ranking va a ser diferente. La forma (un puñado de bots dominando, OpenAI y Anthropic arriba) probablemente sea parecida.

## Lo que cada uno está haciendo en serio

El puesto importa menos que el **propósito** de cada bot, porque los tres grupos se comportan de manera completamente distinta en términos de LLMO.

**Crawlers de entrenamiento** leen tu contenido para actualizar eventualmente los pesos del modelo. Aparecen de forma constante, respetan `robots.txt` (en general) y no les importa la frescura del contenido. `GPTBot`, `Google-Extended`, `Bytespider`, `Applebot-Extended` y el legado `anthropic-ai` caen aquí.

**Crawlers de retrieval** indexan tu contenido para que pueda ser citado en respuestas en tiempo real. Vuelven a buscar páginas populares, leen `Last-Modified` y tienen una razón crawl-to-refer medible. `OAI-SearchBot`, `PerplexityBot`, `Claude-SearchBot` (más nuevo, controlable de manera independiente del `ClaudeBot`) y `GoogleOther` entran en esta categoría.

**Fetches iniciados por el usuario** ocurren cuando una persona pega tu URL en ChatGPT o le pide a Claude que lea la página. Esos son `ChatGPT-User`, `Perplexity-User` y `Claude-User`. No respetan `robots.txt` (según la [documentación revisada de OpenAI](https://developers.openai.com/api/docs/bots), porque son acciones de usuario, no crawl).

Yo los trataba a los tres como el mismo bicho. No lo son. Si tu objetivo es "ser citado en ChatGPT Search", la visita de `OAI-SearchBot` importa y la de `GPTBot` es básicamente ruido. Si tu objetivo es "entrar en el dataset de entrenamiento del próximo Claude", es exactamente al revés.


## Quién respeta realmente robots.txt

Esta es la parte que me cambió la visión del `robots.txt`.

En `kenimoto.dev` tenía una regla `Disallow: /api/`. En 30 días:

- `GPTBot`: 0 visitas a `/api/`. Cumple.
- `Google-Extended`: 0 visitas a `/api/`. Cumple.
- `ClaudeBot`: 0 visitas a `/api/`. Cumple.
- `OAI-SearchBot`: 3 visitas a `/api/`. Limítrofe. Puede ser caché anterior a la regla, puede ser que el [texto revisado de cumplimiento](https://ppc.land/openai-revises-chatgpt-crawler-documentation-with-significant-policy-changes/) esté haciendo algo sutil.
- `PerplexityBot`: 41 visitas a `/api/` en un burst de 90 segundos. No cumplió en esa corrida.

41 visitas no es muestra uno. El patrón de burst de 90 segundos coincide con un [reporte público](https://www.appearonai.com/insights/ai-crawler-configuration-robots-txt-guide) donde observaron a Perplexity ignorando bloqueos de `User-agent: PerplexityBot` mientras respondía una consulta activa de usuario. Tiene más sentido si piensas el `PerplexityBot` montado en la línea entre retrieval y fetch iniciado por usuario: se comporta como retrieval en los días tranquilos y como fetch de usuario cuando hay alguien esperando una respuesta del otro lado.

La lección que me anoté: **`robots.txt` es una frontera autodeclarada**. Tres de los cinco crawlers del top la respetaron limpio en mis datos. Uno fue dudoso. Uno hizo lo que quiso cuando había un humano del otro lado. Diseña pensando en eso.

## Tres señales de LLMO que puedes extraer de aquí

La razón por la que escribo esto es que el dato de visitas de crawler es una señal de LLMO medible, y casi no la veo discutida al lado de las métricas de citación clásicas. Tres cosas que ahora miro cada semana:

**1. Diversidad de crawler.** Si solo el `GPTBot` te golpea y nada más, tu superficie de retrieval es solo OpenAI. Sos invisible en los caminos de retrieval de Claude, Perplexity y Gemini, aunque te estén citando en ChatGPT. Un score sano de diversidad es tener al menos tres de los cinco User-Agents del top visitándote de manera regular.

**2. Razón retrieval-a-entrenamiento.** Si sumas las visitas del lado retrieval (`OAI-SearchBot` + `PerplexityBot` + `Claude-SearchBot` + `GoogleOther`) y las divides por las visitas del lado entrenamiento (`GPTBot` + `Google-Extended` + `anthropic-ai`), sacas un número que te dice si el ecosistema de IA te ve como "contenido para aprender" o "contenido para citar ahora". El mío está en 0,81. Por debajo de 0,5 quiere decir que tu contenido no está suficientemente fresco para ser tomado en retrieval en tiempo real. Por encima de 1,5 quiere decir que se te está usando en respuestas de forma activa (bueno) pero que probablemente estés en meseta como material de entrenamiento (vale la pena notarlo).

**3. Tasa de fetch de `llms.txt`.** De los cinco crawlers del top, solo `PerplexityBot` y `ClaudeBot` fueron a buscar `/llms.txt` en mis sitios durante la ventana de 30 días. `GPTBot`, `OAI-SearchBot` y `Google-Extended` no lo tocaron ni una vez. Esto coincide bastante con lo que reportan otros operadores y es un detalle que pesa cuando estás decidiendo si vale mantener `llms.txt` (respuesta corta: sí, pero sobre todo por los dos crawlers que lo leen). El texto de `llmoframework.com` que vuelvo a leer cubre [las señales de retrieval](https://llmoframework.com/framework/retrieval-signals/) más a fondo.

## Cómo aplicarlo en tu sitio, paso a paso

Esta es la parte que yo quería haber leído antes y nunca encontré armada:

**Paso 1. Cloudflare (plan Free).** El dashboard de AI Crawl Control (antes AI Audit, [docs aquí](https://developers.cloudflare.com/ai-crawl-control/)) ya te muestra los User-Agents de IA más frecuentes. Para log crudo necesitas Logpush, que es pago. En Free, lo más cerca que llegas es activar "AI Audit" y filtrar Analytics por User-Agents conocidos de IA. Free no te da el path por request pero te da los conteos y la tendencia.

**Paso 2. Vercel.** Proyecto → Logs → filtro `User-Agent contains "Bot"`. En Pro, Vercel guarda 30 días de logs de edge. En Hobby es menos, y si vas en serio, mándalo a un log drain.

**Paso 3. Netlify o Nginx propio.** Solo `grep` en el log de acceso:

```bash
grep -E "GPTBot|ClaudeBot|PerplexityBot|OAI-SearchBot|Google-Extended" \
  /var/log/nginx/access.log \
  | awk '{print $14}' \
  | sort | uniq -c | sort -rn
```

Esto te da conteo por crawler. Cambia `$14` por `$7` para el ranking de URL. El número de campo depende del formato de log: corrobora con `awk '{print NF}'` sobre una línea para contar los campos.

## Qué cambié después de mirar todo esto

Tres cambios concretos después de la ventana de 30 días:

1. Partí mi `robots.txt` para permitir `OAI-SearchBot` y `Claude-SearchBot` (retrieval, bueno para citaciones) y mantuve `Disallow: /api/` estricto para `GPTBot` (entrenamiento, sin upside para mí en esos endpoints).
2. Agregué header `Last-Modified` en toda ruta de blog, porque los crawlers de retrieval lo usan para decidir la frecuencia de re-fetch y Vercel no lo estaba mandando por defecto.
3. Empecé a anotar la razón retrieval-a-entrenamiento cada semana en una planilla. Dos semanas después, el único insight útil es que el número está estable, lo que al menos quiere decir que mi dieta de crawler no se está moviendo de una semana a otra.

Esperaba que los logs confirmaran lo que ya creía sobre LLMO. En general no lo hicieron. La citación es una señal entre varias, no la única que vale mirar. Quién está bajando tus páginas es una pregunta aparte, y la respuesta está en texto plano en un log que probablemente ya tienes.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/es/)*

---

# Le pedí a 5 IAs que citaran mi propio blog. 31 artículos publicados, solo 3 aparecieron.

URL: https://kenimoto.dev/es/blog/cinco-ias-citaron-mi-blog-tres-de-treinta-y-uno/
Lang: es
Date: 2026-05-26
Description: Apunté ChatGPT, Claude, Gemini, Perplexity y Brave AI a los 31 artículos de mi blog en inglés. Tres artículos hicieron el trabajo de los 31.

Escribo sobre LLMO casi todas las semanas. KPI, llms.txt, JSON-LD, toda la liturgia. Y aun así había una cosa que nunca había hecho: pedirle a las propias búsquedas con IA que citaran mi blog.

No estoy hablando de "mi sitio está indexado", ni de "los crawlers golpean mi dominio". Eso ya lo monitoreo en el log del servidor. Estoy hablando de lo que el lector hace de verdad: abrir ChatGPT, escribir una pregunta, y revisar si algún artículo mío aparece en la respuesta.

El blog en inglés tiene 31 artículos publicados. Cuando apunté cinco IAs hacia él, tres artículos hicieron el trabajo de los 31. Los otros 28 podrían no existir.


## El experimento

Elegí las cinco IAs que aparecen seguido en el filtro de referral de mi GA4:

1. ChatGPT (con búsqueda web activada)
2. Claude (con búsqueda web activada)
3. Gemini
4. Perplexity
5. Brave AI

Después armé 30 prompts divididos en tres grupos de diez, porque las respuestas de un LLM son estocásticas y lanzar un solo prompt por IA es pura sensación:

- **Branded** — `kenimoto.dev about`, `ken imoto artículos LLMO`, `ken imoto Claude Code blog`. Modo fácil. Si el nombre del dominio más el tema del artículo no trae el sitio, algo está roto.
- **Topical** — `safe autonomous coding agents`, `llms.txt anti patterns`, `how to measure AI citations`. Modo realista. Es lo que un desconocido teclea.
- **Comparativo** — `Claude Code vs ChatGPT Codex agents`, `Perplexity vs Brave for engineers`, `voice AI stacks under 300ms`. Modo vanidad. Tengo un artículo en cada uno, debería competir.

Tres ejecuciones por prompt por IA, así que 30 × 5 × 3 = 450 turnos. Registré cuándo `kenimoto.dev` apareció como chip de citación, enlace en el texto, o en el pie de fuentes. Mención sin enlace no cuenta: el tablero LLMO solo acredita lo que el lector puede cliquear.

Esa última regla parece menor pero pesa. Buena parte de las celebraciones de "¡la IA está hablando de mí!" en redes son personas mostrando el nombre de su marca apareciendo en el texto. Eso es cortesía, no cita. Las citas mueven tráfico. Las menciones mueven el ego.

## El resultado

De los 31 artículos, exactamente tres aparecieron como cita en las cinco IAs:

- `measure-ai-citations-llmo-kpi`
- `11-json-ld-3-cited-by-ai`
- `geo-princeton-study-9-ways-ai-cites-you`

Cobertura de citación del 9,7%, menos de uno de cada diez artículos. Los 28 restantes o no aparecieron, o aparecieron una sola vez entre los 450 turnos y no se repitieron. Por la regla de "tres turnos" del LLMO Quickstart, una aparición solitaria no suma.

Por IA el resultado es más desparejo todavía. Perplexity y ChatGPT trajeron los tres. Claude trajo dos (se saltó el post del estudio de Princeton y mandó directo al artículo original, que técnicamente es la jugada correcta). Gemini citó solo el post de JSON-LD, y en el resto prefirió mandar al lector a las fuentes originales que mi artículo estaba citando. Brave AI citó cero. Describía el tema correctamente y despachaba al lector a un competidor.

Yo venía tratando mentalmente mi blog como un corpus de 31 piezas. Para las IAs, era un corpus de 3 piezas con 28 piezas de ruido de fondo.

## Lo que tienen en común los tres ganadores

Releí los tres imanes de cita al lado de cinco de los 28 fantasmas. El patrón no es nada sutil.

**Tienen un número en el título.** "9 ways", "11 JSON-LD schemas, 3 cited", "measure". Los tres ganadores. Los perdedores tienden a títulos evocativos (`cheap-model-won-context-beats-parameters`, `claude-hid-my-bug-three-times`) que se leen bien para humanos pero no tienen un número que un motor de respuesta pueda agarrar.

**Son el hub temático de una pregunta específica.** "Cómo medir citas de IA" mapea directo a un post. "Qué JSON-LD schemas realmente se citan" también. Los fantasmas tienden a ser relatos de experiencia ("probé X durante un mes y esto se rompió") que son buenísimos para humanos, pero ninguna IA va a contestar un prompt del tipo "cuéntame del mes de ken imoto refactorizando 100 funciones".

**Fueron publicados hace más de 30 días.** Los tres tienen al menos seis semanas. La mitad de los 28 fantasmas es más nueva. El retraso de indexación de IA es real, y el LLMO Quickstart no bromea cuando dice que la tasa de cita necesita al menos un mes de reposo antes de leerla.

La cantidad de JSON-LD, dicho sea de paso, es la misma en los 31 artículos: uso el mismo layout Astro para todo. Así que lo que está pasando no es "el ganador tiene mejor schema". Es el título, la gravedad temática, y el tiempo.

## Lo que tienen en común los 28 fantasmas

Primero la noticia aburrida. La mayoría de los fantasmas cae en uno de tres problemas:

- El título hace una afirmación que no existe en ningún otro lugar de la web, así que la engine no tiene ancla. "The cheap model won" es una frase buena, pero ningún humano la teclea como query.
- El tema es tan de nicho que ningún prompt genérico llega ahí. Un post sobre latencia en voice AI le va a perder al blog de AssemblyAI siempre. Hub temático le gana a profundidad indie.
- El post es decente pero se publicó contra una pared de contenido competidor. Mi "Claude refactor 100 functions" es razonable, pero busca "Claude refactor regression" y la respuesta va a volver del blog de Anthropic de la semana pasada.

La noticia interesante es lo que *no* importa. La extensión no importa: tengo post de 800 palabras citado y post de 3.000 palabras ignorado. Los backlinks no importan a mi escala: los artículos con más backlinks no son los tres citados. La publicación cruzada en Dev.to tampoco mueve la aguja de cita por IA, solo la de tráfico directo.

## Cómo reproducir el experimento

Quien escribe sobre LLMO debería hacer esta prueba en su propio sitio. La receta cabe en una tarde:

1. Lista las 5 IAs con búsqueda web (ChatGPT, Claude, Gemini, Perplexity, Brave AI). Si vives en LatAm, agrega Perplexity en español y Gemini en español como variantes; cambian de respuesta.
2. Escribe 30 prompts: 10 con tu nombre de dominio, 10 con los temas que cubres, 10 con comparaciones donde tienes contenido.
3. Ejecuta cada prompt 3 veces en cada IA. Sí, son 450 turnos. Toma una tarde con café.
4. Registra solo las apariciones con enlace clicable. Las menciones de texto plano no cuentan.
5. Identifica qué URLs aparecen con regularidad: esos son tus ganadores reales. El resto es ruido para el algoritmo, aunque sea contenido valioso para humanos.

Mi recomendación para lectores en México, Argentina, Colombia y Chile: prueba la mitad de los prompts en español. Las respuestas no son las mismas y vas a descubrir qué artículos tuyos tienen tracción en español puro, que muchas veces no coincide con la versión en inglés.

## Conclusión más amplia

Lo que subestimé fue cuánto se concentra la cita. Esperaba breadth del 5 al 10% y quedó en 9,7%, así que el número estaba bien. La sorpresa fue que los tres citados estaban cargando todos los motores, todos los grupos de prompts, todas las repeticiones. LLMO es un torneo. No estás optimizando 31 posts. Estás optimizando para cuáles 2 o 3 ganan la llave.

Lo otro que subestimé fue cuánto del perfil de "ganador" queda definido en la etapa del título. Cuando estás retocando JSON-LD en el post publicado, el ruteo ya pasó. El prompt aterriza en tu sitio o no, y el aterrizaje se decide en buena parte por si el título parece una respuesta.

El razonamiento técnico para construir hubs temáticos viene de los pilares Authority Signals y Coherence Signals del [LLMO Framework](https://llmoframework.com/). Si quieres que una cita componga interés, la URL citada tiene que estar en la cima de un pequeño cluster de contenido, no suelta en un mar de ensayos sin relación. El pilar Citability es el que captura la primera cita. Authority es el que mantiene la cita consistente entre motores diferentes.

Voy a repetir esto en 60 días con los mismos 30 prompts y ver si cambian los tres citados, o si entra un cuarto. Mi apuesta es que los tres son pegajosos y el cuarto solo entra si escribo un post nuevo diseñado específicamente para ganar una query que hoy no cubro.

Veremos. El lado bueno de convertir el propio blog en un blanco de medición es que el próximo post se vuelve el próximo experimento.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/es/)*

---

# Medí 5 stacks de Voice AI. Solo 2 se mantuvieron bajo los 300ms.

URL: https://kenimoto.dev/es/blog/cinco-stacks-voice-ai-solo-dos-bajo-300ms/
Lang: es
Date: 2026-05-13
Description: Leí mil veces que los agentes de voz con IA responden en menos de 300ms. Medí 5 stacks contra la misma conversación de 1 minuto y 3 ni se acercaron. La tabla real de latencia P95 en mayo de 2026, con guía práctica para elegir.

Leí mil veces que los agentes de voz con IA responden en menos de 300ms. Lo dice AssemblyAI, lo dice Vapi, lo dice cada post de lanzamiento de Realtime API. Así que armé cinco stacks, le puse un cronómetro a cada pipeline y corrí la misma conversación de 1 minuto en todos.

Tres de cinco ni se acercaron al límite.

Los otros dos eran los que yo daba por sentado que eran "números de marketing". Resulta que el marketing tenía razón y la culpa era de mi pipeline hecho a mano.


## Los tres acantilados que nadie pone en el slide

Antes de los números, el modelo de percepción. La latencia de voz no se degrada de forma suave. Se cae por acantilados. AssemblyAI, Vapi y Retell convergen en aproximadamente los mismos tres umbrales, y después de una semana de tests con usuarios yo también les creo.

| Latencia | Qué hace la persona |
|---|---|
| 0-300ms | Habla normal, no piensa en la IA |
| 300-500ms | Siente una pausa, la tolera |
| 500-800ms | Habla encima de la IA ("¿me escuchás?") |
| 800-1500ms | Repite la pregunta |
| 1500ms+ | Trata la llamada como una internacional, abandona |

300ms es el primer acantilado. Por encima, la persona empieza a notar que hay una máquina. Por encima de 500ms, pelea por el turno y tu STT se resetea porque la persona se superpone. A los 800ms, la mitad de mi panel dijo "¿hola? ¿hola?". Ese sonido universal de "¿esto está encendido?". No tuve semana de code review más humillante que mirar la grabación de eso.

## Marco de decisión: cómo elegir tu stack

Antes de mostrar los números, dejo el marco de decisión. Cinco preguntas que tu equipo debería contestar antes de elegir vendor.

1. **¿Cuál es tu presupuesto real de latencia P95?** Si tu producto es soporte por WhatsApp y aceptás 800ms, no necesitás voice-to-voice. Si es atención telefónica en tiempo real, necesitás bajar de 300ms o diseñar un filler explícito.
2. **¿Necesitás un modelo específico en el cerebro?** Si la respuesta es "tiene que ser Claude" o "tiene que ser nuestro modelo local fine-tuned", no podés usar Realtime API directa. Estás en una cascada por contrato.
3. **¿Cuál es tu región física?** Si tus usuarios están en LatAm y tu Realtime API en US-East, ya partís 110-140ms abajo. Eso cambia cuál stack es viable.
4. **¿Tenés requisito de privacidad o air-gap?** Si los datos no pueden salir del país, descartá cloud Realtime. Vas a edge sí o sí.
5. **¿Cuántos minutos/mes de tráfico vas a tener?** Realtime API se cobra por minuto y escala feo después de los 100k minutos. Las cascadas dejan más espacio para optimizar costo por componente.

Estas cinco preguntas eliminan 3 de los 5 stacks antes de que toques una línea de código.

## Adónde se va el presupuesto de 300ms

Si querés entender por qué tres de mis stacks fallaron, mirá la matemática del presupuesto. Un pipeline en cascada tiene que meter cuatro cosas en serie dentro de 300ms.

- **STT** (speech-to-text): 80-300ms según modelo y diseño de VAD
- **LLM TTFT** (tiempo al primer token): 100-500ms según tamaño del modelo, contexto y cold start
- **TTS TTFB** (primer byte de audio): 75-300ms según el vocoder
- **Round-trip de red**: 50-200ms, limitado por la velocidad de la luz y tu elección de región

Sumá el número más rápido de cada fila y da 305ms. Sumá el típico y pasás del segundo. El libro del que salió este benchmark llama a esto "anatomía de la latencia", y el chiste es que la cascada es matemáticamente alérgica a los 300ms a menos que cada componente viva pegado al de al lado.

Los modelos voice-to-voice end-to-end esquivan esa regla colapsando STT + LLM + TTS en un único forward pass sobre un stream de tokens de audio. No hay segundo salto. No hay warmup de TTS. No hay handoff entre servicios. Eso es todo el juego, y es también por lo que los dos stacks que ganaron fueron los dos donde menos código escribí.

## Los cinco stacks

Quería una comparación real, no un post tipo "miren mi vendor favorito". Mismo script de soporte de 1 minuto. Mismo ingress WebRTC (Daily.co para todo menos OpenAI Realtime, que usa su propio endpoint). Mismo prompt. Misma computadora cliente, US-East. Diez turnos por stack, 50 mediciones por stack. Reporto P50, P95 y P99 porque el promedio miente de una forma que la persona que usa voz siente físicamente.

**Stack 1 — OpenAI Realtime API.** `gpt-4o-realtime` sobre el endpoint WebRTC oficial. Voz entra, voz sale, sin código pegamento.

**Stack 2 — Cascada Deepgram + Claude + ElevenLabs.** Deepgram Nova-3 para STT, Claude Sonnet 4.6 como cerebro, ElevenLabs Turbo v2.5 para TTS. La cascada "lo mejor de cada categoría" que dibujás en la pizarra.

**Stack 3 — Edge local (Whisper + Llama + Coqui).** Whisper Large v3 Turbo, Llama 3.3 70B corriendo local sobre una H100, Coqui XTTS para TTS. Round-trip de red: 0ms. La respuesta de "privacidad y soberanía" que se promociona mucho en LatAm fintech.

**Stack 4 — LiveKit Agents + Gemini 2.0 Flash Live.** Framework de agents de LiveKit como plano de medios, native-audio Gemini Live como cerebro. También voice-to-voice end-to-end, pero por un SDK distinto.

**Stack 5 — Pipecat + Claude + Cartesia.** Pipecat orquestando, Claude Sonnet 4.6 en el LLM, Cartesia Sonic en el TTS. Una cascada más opinada con un TTS más rápido que ElevenLabs.

## Los resultados

| Stack | P50 | P95 | P99 | ¿Bajo 300ms? |
|---|---|---|---|---|
| 1. OpenAI Realtime (voice-to-voice) | 232ms | 281ms | 320ms | ✅ |
| 2. Deepgram + Claude + ElevenLabs | 480ms | 624ms | 780ms | ❌ |
| 3. Whisper + Llama 70B + Coqui (local) | 870ms | 980ms | 1.210ms | ❌ |
| 4. LiveKit + Gemini Live (voice-to-voice) | 250ms | 295ms | 360ms | ✅ |
| 5. Pipecat + Claude + Cartesia | 410ms | 540ms | 670ms | ❌ |

Stack 1 y Stack 4 son los únicos que se mantuvieron bajo los 300ms en P95. Ambos son voice-to-voice. Ambos entregan un forward pass único en lugar de una carrera de postas. Stack 5 muestra cómo se ve una cascada bien hecha (el TTS de Cartesia es genuinamente rápido — 90ms TTFB) y aun así no le gana al acantilado, porque el LLM TTFT más los saltos entre servicios se comen el presupuesto.

Stack 3 es el doloroso. Tenía la esperanza de que local al menos le ganara a la cascada por ausencia de red. A veces gana. Pero Llama 3.3 70B no es chico, y "sin red" no te salva cuando el LLM TTFT solo da 600ms en una GPU commodity. El capítulo de edge AI del libro es honesto: la victoria realista de edge hoy es con **modelos más chicos** (clase Qwen2.5 1.5B), no con 70B local. 70B local es lo peor de los dos mundos: pagás la GPU y tampoco pasás el acantilado.

## Para LatAm: el problema de región

Quien construye voz con IA desde LatAm choca contra un problema adicional antes incluso de llegar a esos 300ms: la latencia regional. La mayoría de los endpoints de Realtime API viven en US-East o EU-West. El round-trip desde Buenos Aires, Bogotá o Ciudad de México hasta US-East-1 está entre 100 y 150ms en condiciones decentes, y eso ya se come la mitad del presupuesto antes de que el modelo lea el primer frame.

Compañías como Mercado Libre, Rappi, Despegar o Banco Galicia que están explorando voz con IA para soporte y onboarding viven con esta realidad: el presupuesto real de latencia para equipos LatAm no es 300ms cloud puro, está más cerca de 400-600ms, y el camino práctico suele ser STT regional (Azure Speech es-MX o es-AR en regiones cercanas, Google Speech-to-Text es-LA), LLM en US-East, TTS regional. No vas a bajar de 300ms cloud en mayo de 2026 sin una región local de Realtime API, así que diseñá la UX para 500ms con filler estratégico en vez de prometer 300ms y decepcionar.

Costo aproximado para correr Stack 2 24/7 con tráfico medio: USD 350-500/mes. Stack 1 sale más caro por minuto pero elimina tres contratos con vendors y saca el pipeline de tus manos. Para equipos chicos, suele ser mejor negocio del que parece a primera vista.

## Por qué voice-to-voice gana (hoy)

Tres motivos, en orden decreciente de cuánto me sorprendieron:

**Uno — no hay apilamiento de TTFT-luego-TTFB.** En cascada, esperás el primer token del LLM y recién ahí disparás el TTS, que tiene su propio first-byte. Voice-to-voice emite tokens de audio directo. No hay segundo warmup.

**Dos — sin serialización de handoff.** Deepgram → Claude → ElevenLabs son tres endpoints distintos. Aunque cada uno sea rápido, pagás TLS, connection pool y buffer de frames tres veces. Pipecat ayuda, pero no lo borra.

**Tres — turn-taking VAD-aware.** Los modelos voice-to-voice hacen detección de endpoint directamente sobre el stream de audio. Las cascadas tienen que esperar una señal de VAD para cerrar la salida del STT antes de mandarla. Ese delay de cierre es invisible en benchmarks que empiezan a contar desde "la persona dejó de hablar", pero la persona no sabe cuándo "oficialmente" dejó. Lo siente como silencio.

La manera más barata de bajar de 300ms en mayo de 2026 es no escribir el pipeline. La mayor parte de mi latencia era mi código.

## Cuándo edge AI nos va a alcanzar

Edge es la respuesta correcta para la forma correcta de problema: privacidad local-only, kioscos sin red, robótica offline. No es, hoy, la respuesta para "quiero un agente cloud bajo 300ms". Whisper v3 Turbo marca Real-Time Factor por encima de 1000x y los modelos clase 1.5B devuelven el primer token en 200ms sobre CPU. Esa combinación — modelo chico, STT rápido, TTS local — cierra en 300-350ms. El camino de 70B-en-H100 que probé en Stack 3 no cierra.

El otro camino es híbrido: STT en el edge, LLM y TTS en cloud. Te salteás el round-trip de red en el paso síncrono más largo (capturar audio) y mantenés calidad de cloud en el cerebro. El libro lo organiza como una matriz de decisión y coincide con lo que medí: 350-500ms es realista; cascada cloud bajo 300ms no lo es.

Para profundizar en el lado de la percepción — cómo hacer que un agente de 500ms **se sienta** como uno de 300ms — escribí un complemento sobre [perception hacks de voice AI](https://dev.to/kenimo49/voice-perception-hacks-i-kept-the-pipeline-at-540ms-and-users-still-said-instant-3oki) en Dev.to. Filler, micro-confirmaciones y playback progresivo de tokens te compran todo un acantilado de velocidad percibida. No mueven el acantilado real.

## Qué construiría hoy

Mayo 2026, empezando desde cero:

- **Producto consumer nuevo** — OpenAI Realtime o Gemini Live, directo. Parás antes de lo que pensás que necesitás y publicás
- **Necesitás Claude en el loop** — Pipecat + Claude + Cartesia. Vas a vivir en P95 de 500-600ms. Diseñá filler ahora, no después
- **Requisito de privacidad o air-gap** — Whisper Turbo + Qwen2.5 1.5B + TTS local. Apuntá a 350ms TTFB. Olvidate de 70B local hasta la próxima generación de GPU
- **Telefonía empresarial (LatAm)** — Híbrido: STT regional, cerebro voice-to-voice en cloud. El codec PSTN ya mata tu ventaja de latencia, así que optimizá calidad de turn-taking en vez del número absoluto

El error más profundo que cometí fue creer que "300ms" es una propiedad del **modelo** que elegí. Es una propiedad de la **arquitectura** que elegí. El modelo solo decide qué tan cómoda es esa arquitectura.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/es/)*

---

# Conecté Claude a un MCP server de Chaos Engineering. Mató el staging 4 veces antes de encontrar el bug que llevábamos 6 meses ignorando.

URL: https://kenimoto.dev/es/blog/claude-chaos-engineering-mcp-mato-staging-4-veces/
Lang: es
Date: 2026-05-16
Description: Steadybit lanzó a mediados de 2025 lo que describen como el primer MCP server de Chaos Engineering. Conecté Claude Code y le pedí en una sola frase que diseñara experimentos de resiliencia para payment-service bajo presión de connection pool. Claude propuso 4 experimentos. Tres terminaron en verde. El cuarto tumbó el staging por completo y expuso un bug real de producción que llevábamos viendo en los logs desde hacía 6 meses. Te muestro la corrida, el bug, y los 3 guardrails que ahora exijo antes de dejar a cualquier IA diseñar experimentos de chaos, con plantillas de CLAUDE.md y hooks listas para copiar.

Antes de empezar, una aclaración. Todos los experimentos de este post corrieron en staging. Producción quedó con doble candado: un bloque `## Chaos Rules` en el CLAUDE.md que prohíbe blancos de producción, y un hook `PreToolUse` que hace `exit 2` si aparece `--env=production` en cualquier comando de chaos. Los dos los muestro al final. Lo digo desde el inicio porque "dejé a Claude diseñar experimentos de chaos" es el tipo de frase que la gente lee de costado. Resumen: solo staging, doble candado, y todo el ejercicio fue supervisado de punta a punta.

Con eso fuera del camino: Steadybit lanzó a mediados de 2025 lo que describen como el primer MCP server de Chaos Engineering del mercado. Conecté Claude Code y le pedí, en una sola frase, que diseñara experimentos para probar la resiliencia del `payment-service` bajo presión de connection pool. Claude propuso cuatro experimentos. Tres terminaron sin violar SLO. El cuarto tumbó el staging por completo. Cuando rastreé la falla, no era un bug fabricado por el test. Era un patrón real de producción que aparecía en los logs desde hacía 6 meses y que nunca habíamos logrado reproducir: agotamiento del pool → tormenta de retry → rate limiter haciéndose self-DoS. Te muestro la corrida, el bug, y los 3 guardrails que ahora exijo antes de dejar a cualquier IA diseñar experimentos de chaos.

Este es el 6º post de una serie de harness que viene desde el 12 de mayo: sub-agentes, voice AI, separación en 3 roles, herramental de debug, y ahora chaos. Cada post se sostiene solo, así que si solo te interesa el capítulo de chaos, no hace falta leer los cinco anteriores. El hermano directo en el formato "dejé a la IA suelta por X horas" es el post de [agente de IA, 24 horas, lecciones de seguridad](https://kenimoto.dev/es/blog/agente-ia-autonomo-24-horas-seguridad).


## Cómo conecté Claude al Steadybit MCP, en un párrafo

Steadybit anunció el 18 de junio de 2025 lo que describen como el primer MCP server para Chaos Engineering ([Steadybit news](https://steadybit.com/news/steadybit-launches-the-first-mcp-server-for-chaos-engineering-bringing-experiment-insights-to-llm-workflows/) / [BusinessWire 2025-06-30](https://www.businesswire.com/news/home/20250630606346/en/Steadybit-Launches-the-First-MCP-Server-for-Chaos-Engineering-Bringing-Experiment-Insights-to-LLM-Workflows)). MCP es el Model Context Protocol abierto que Anthropic publicó a fines de 2024: una forma estandarizada para que un cliente LLM (Claude, Gemini, ChatGPT) llame a una herramienta externa con tipos estructurados en lugar de raspar texto libre. El MCP server de Steadybit expone el catálogo de experimentos, resultados pasados, post-mortems, y una herramienta de "diseñar nuevo experimento". Conectas Claude Code o Claude Desktop, apuntas los dos al mismo contexto Kubernetes de staging, y escribes `"diseña un experimento de stress de connection pool para payment-service"` en la terminal. Te devuelve una spec parametrizada lista para aprobar.

El setup es plomería. La pregunta interesante es qué pasa cuando realmente corres lo que sale del otro lado.

## AI-driven chaos en 2026: los 4 players que comparé

Antes de soltar la corrida, quería saber qué más había en el campo. Hoy hay 4 players que importan, y cada uno tira de una palanca distinta.


| Player | Compañía | Approach | MCP | Lanzamiento |
|---|---|---|---|---|
| Krkn-AI | Red Hat + IBM Research | algoritmo genético, OSS | nativo | OSS continuo |
| Harness AI | Harness Inc. | GenAI + MCP IDE | ✅ Claude/Cursor/Windsurf/VS Code | 2025-01 (GenAI), MCP posterior |
| Steadybit | Steadybit GmbH | MCP server dedicado | ✅ primer MCP de chaos | 2025-06 |
| Dynatrace | Dynatrace | predicción vía observabilidad | observability hooks | existente |

**Krkn-AI** es el framework open-source que Red Hat e IBM Research desarrollan en conjunto. La idea es poner un algoritmo genético al mando de la búsqueda: genera parámetros de experimento, evalúa cada uno contra tus SLOs (latencia, tasa de error, disponibilidad), puntúa, evoluciona las mejores combinaciones, repite. El objetivo son los experimentos "que apenas violan": los que bajan un SLO de 99.9% a 99.85%, no los que rompen todo de una. Esos son los bugs peligrosos, los difíciles de reproducir. El writeup de Red Hat está en [Red Hat Developer](https://developers.redhat.com/articles/2025/10/21/krkn-ai-feedback-driven-approach-chaos-engineering), y el código vive en [krkn-chaos/krkn-ai](https://github.com/krkn-chaos/krkn-ai).

**Harness AI** sacó funciones de chaos engineering con GenAI en enero de 2025 y después agregó [herramientas MCP](https://developer.harness.io/docs/chaos-engineering/guides/ai/mcp/) que funcionan con Claude Desktop, Windsurf, Cursor y VS Code. La propuesta es "describe lo que quieres en español, recibe un experimento parametrizado, ejecútalo desde el chat". Si ya vives en el ecosistema Harness, es el camino con la curva de aprendizaje más baja.

**Steadybit** es el que usé acá, el primero en lanzar un MCP server dedicado a chaos en junio de 2025. El diferencial es el acceso al historial de experimentos: el LLM no solo diseña experimento nuevo, lee tus runs pasados y post-mortems, y basa las sugerencias en tu historia de incidentes específica.

**Dynatrace** juega al revés. El motor de IA aprende el comportamiento normal del sistema y predice cuándo un patrón actual se parece a la antesala de algún incidente pasado. En vez de que tú propongas una hipótesis para verificar, la plataforma te dice qué subsistema merece atención de chaos a continuación.

Si solo corres un experimento por trimestre, el ángulo de predicción de Dynatrace queda grande. Si tienes equipo de research y Kubernetes, el algoritmo genético de Krkn-AI es el más profundo. Si ya estás en Harness o Steadybit, el MCP saca el impuesto del dashboard. Los 4 no compiten de verdad: se apilan en capas.

## Los 4 experimentos que Claude propuso

Volviendo a la corrida real. El prompt fue una frase. La respuesta fue una lista numerada con 4 experimentos, cada uno con servicio-objetivo, tipo de falla, magnitud, duración, SLO de rollback y blast radius. Parafraseo en lugar de pegar literal, porque la spec real era YAML y la estructura legible por el LLM no es la parte interesante. El diseño del experimento sí lo es.

**Experimento 1: pool a 30% menor, 3 minutos, un pod.** Recorta el max del connection pool de 100 a 70 en una sola réplica del `payment-service`. SLO gate: tasa de error abajo de 1%. Resultado: verde. La latencia subió un 12%, pero el error quedó en 0.2%, bien dentro del límite. Las otras réplicas absorbieron el tráfico. Es el experimento que un SRE humano propondría primero.

**Experimento 2: pool 50% menor con retries default, 3 minutos, dos pods.** Misma falla, magnitud más profunda, dos réplicas en lugar de una, con el retry-on-failure de la librería-cliente prendido. SLO gate: error abajo de 1%, p99 abajo de 800 ms. Resultado: verde otra vez. La latencia fue a ~640 ms p99, el error a 0.4%. Dentro del límite. La capa de retry absorbió la presión del pool.

**Experimento 3: pool 70% menor con timeout más corto, 3 minutos, dos pods.** Ahora el timeout bajó de 5 s a 1.5 s mientras el pool fue a 30. Hipótesis: bajo alta presión, ¿el timeout corto ayuda liberando conexión más rápido, o estorba cortando la petición a la mitad? Resultado: sorprendentemente todavía verde. Error 0.7%, p99 bajó a ~520 ms porque las llamadas lentas se cortaban temprano. Casi paro acá. Tres verdes seguidos parecían prueba de resiliencia.

**Experimento 4: pool 90% menor con retry sin límite, 5 minutos, tres pods.** Este fue. Pool en 10 conexiones por pod, presupuesto de retry prácticamente infinito (default de este cliente, no sobrescrito en el config), tres réplicas golpeadas al mismo tiempo. SLO gate: error abajo de 1%. Resultado: no verde. En los primeros 90 segundos, la tasa de error saltó de 0.5% a 23% en línea vertical, la p99 saltó de 200 ms a 14 segundos, y el staging quedó inalcanzable desde el gateway upstream. Steadybit hizo auto-rollback en la violación de 1% del SLO, pero a esa altura el daño ya era un servicio completamente trabado.

Los tres verdes iniciales no eran prueba de resiliencia. Eran prueba de que el blast radius era lo bastante pequeño como para absorberse. En el cuarto, ensanché el radio un poco más allá de lo que el sistema absorbía, y la patología que dormía abajo salió a la luz.

> Le escribí al Slack que el incidente en staging era "planificado". El on-call no se rió. Me señaló que el canal de post-mortem todavía tenía pineado el incidente del trimestre pasado. Lo dejé que actualizara el pin con el de hoy.

## El bug que llevábamos 6 meses ignorando

Yo esperaba que la falla del staging fuera una rareza de staging: env var distinta, sidecar raro, timing que no reproduce en prod. La rastreé igual. La cadena tenía 3 piezas, cada una sola estaba documentada y bien, y juntas se volvieron enfermedad.

**Pieza 1: agotamiento del connection pool.** Pool en max 10, tres pods bajo tráfico normal. Toda petición que necesitaba conexión nueva esperaba o fallaba. Estándar. Sin sorpresa.

**Pieza 2: retries sin tope en el servicio que llamaba.** El servicio upstream que llamaba al `payment-service` tenía retry prendido, con tope solo por tiempo-por-intento, no por número de intentos. Cuando `payment-service` empezó a devolver error de pool agotado, el caller hizo retry. Cada retry abría una conexión TCP nueva, que entraba a la cola del pool, que daba timeout, que disparaba otro retry. Tres retries se convirtieron en nueve, después en 27. En segundos, la concurrencia de salida del caller estaba un orden de magnitud arriba de la línea base.

**Pieza 3: el rate limiter del propio caller.** Esta pieza me costó media hora verla. El caller tenía un rate limiter de auto-protección en la ruta **outbound**: "no dejes que este servicio haga más de N peticiones por segundo a ningún downstream". En operación normal, N nunca llegaba a tocarse. En la tormenta de retry, el caller pasó su propio rate limiter de salida y empezó a rechazar sus propios retries. La aplicación interpretó el rechazo como falla del downstream y disparó todavía más retry. El caller se estaba haciendo DoS a sí mismo, usando su propio rate limiter como arma. El `payment-service` downstream no se recuperaba, porque el tráfico nuevo no podía atravesar el self-DoS del caller para avisar que el pool ya estaba libre.

Volví sobre los logs de producción de los últimos 6 meses buscando la firma de "rate limiter rechazando retry en el outbound" de este servicio. Encontré 11 eventos. Cada uno duraba de 4 a 90 segundos, cada uno se auto-resolvía antes de que alguien terminara de abrir el Grafana, y cada uno terminaba en el balde de "transitorio, no accionable". Es exactamente el patrón que la fitness function del Krkn-AI busca cazar: falla que vive justo después de la frontera del SLO, lo bastante corta para que el humano deje de mirar, lo bastante real para importar.

La corrección no fue glamorosa. Limitamos los retries a 2 con jitter, cambiamos el rate limiter de salida para comportarse como circuit breaker en lugar de rechazo duro, y agregamos una métrica para esa secuencia específica (pool-exhaust → spike de retry → rechazo-outbound-en-retry) para que la próxima vez despierte a alguien en lugar de auto-curarse invisible.

## Los 3 guardrails que ahora exijo

No soy anti-autonomía. Justo el día anterior publiqué [10 hábitos de debug en plantillas de prompt para Claude](https://kenimoto.dev/es/blog/claude-escondio-mi-bug-3-veces-10-habitos-debug). Pero "IA diseña chaos" sin guardrails fue la forma más rápida que he encontrado de matar staging. Tres cosas entran en todo proyecto antes de que el MCP server se acerque a un ambiente real.

**Guardrail 1: CLAUDE.md guarda la política.** Bloque corto, menos de 20 líneas, que nombra las prohibiciones y los SLO gates. Plantilla para copiar:

```markdown
## Chaos Rules

- Los experimentos de chaos corren solo en staging. Producción está prohibida
  como blanco, incluyendo cualquier cluster, namespace o servicio marcado
  production=true.
- Todo experimento declara SLO gate (tasa de error, latencia, disponibilidad)
  que hace auto-rollback si se viola.
- El blast radius se escala: arranca en 10% de pods, sube a 25%, después 50%.
  Saltar una etapa exige aprobación humana en el prompt.
- Tres experimentos verdes seguidos no declaran resiliencia. Propón blast
  radius mayor o tipo de falla nuevo antes de parar.

## Chaos Workflow

1. Confirmar que el ambiente objetivo es staging. Rechazar si no.
2. Proponer el experimento con SLO gate, blast radius y rollback declarados.
3. Esperar aprobación humana en el prompt antes de llamar la tool de run del MCP.
4. Streamear métricas durante la corrida. Ante violación de SLO, llamar rollback.
5. Después de la corrida, escribir un post-mortem de un párrafo con el resultado.
```

La parte difícil del CLAUDE.md es mantenerlo lo bastante corto como para que se cargue en contexto en cada turno. La guía de Anthropic es quedarse abajo de unas 100-150 líneas. Gastar 16 de esas líneas en reglas de chaos es un buen intercambio para no matar staging el primer día.

**Guardrail 2: hooks `PreToolUse` fuerzan la política.** CLAUDE.md es el cerebro. Los hooks son el reflejo. El cerebro se puede ignorar bajo carga. El reflejo no.

```json
{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "mcp__steadybit__run_experiment",
        "hooks": [
          {
            "type": "command",
            "command": "node ~/.claude/hooks/block-prod-chaos.js"
          }
        ]
      }
    ]
  }
}
```

El script de bloqueo inspecciona la spec del experimento buscando cualquier marcador de producción. Si aparece `env: production`, `cluster: prod` o `namespace: prod-*` en cualquier lugar del payload, escribe la razón a stderr y hace `exit 2` para bloquear la llamada. Este trozo me salvó al menos una vez. El LLM, a mitad de conversación, sugirió amablemente promover un experimento "para confirmar en prod". El hook dijo que no antes de que el MCP server lo viera.

El mismo hook además verifica que el SLO gate esté declarado con valor numérico y que la etapa del blast radius sea la anterior +1. ¿Spec solo con número mágico? Bloqueado. ¿Saltar la etapa 2 del blast radius? Bloqueado. El reflejo tiene exactamente la forma de la regla.

**Guardrail 3: el propio MCP server sostiene el candado de SLO.** La tercera capa está del lado de la plataforma. En Steadybit (e igual en Harness, en Krkn y compañía), la configuración del experimento toma un predicado `rollback_on` que la propia plataforma evalúa en tiempo real sobre las métricas. Si la tasa de error pasa el 1% durante 30 segundos, la plataforma para el experimento independientemente de lo que el LLM o el hook local hagan. Es la única de las tres capas que sobrevive si el LLM y el agente local están comprometidos al mismo tiempo. También es la que más equipos olvidan, porque exige opiniones sobre tus SLOs que nadie quiere tipear en un YAML. Tipéalas igual.

Una prueba útil: agarra a alguien al azar del equipo, le entregas el CLAUDE.md y el archivo de hooks, y le preguntas "¿podrías, de mala fe, diseñar un experimento que pegue en producción?". Si la respuesta es "sí, editando el CLAUDE.md", el candado de SLO de la plataforma es el que lo agarra. Si la respuesta es "sí, sacando el hook", el candado de SLO de la plataforma es el que lo agarra. Las tres capas no son redundantes: fallan de formas distintas.

La separación en tres roles que describí en un post anterior ([observer, strategist, marketer](https://kenimoto.dev/es/blog/tres-roles-observer-strategist-marketer-separacion)) mapea limpio a chaos: el CLAUDE.md es el strategist (define política), los hooks son el observer (atrapan lo que pasa), el MCP server es el ejecutor debajo de los dos. Mantener las capas separadas es lo que impide que el agente de IA termine siendo los tres sin darse cuenta.

## Chaos Engineering 2.0: las 4 corrientes que convergen

Si alejas la cámara, hay un paper de review de 2024 titulado *Chaos Engineering 2.0: A Review of AI-Driven, Policy-Guided Resilience for Multi-Cloud Systems* ([página del journal](https://journals.stecab.com/jcsp/article/view/846)) que defiende tres pilares para el stack moderno: planificadores con IA que diseñan experimentos, inyección a nivel de service mesh que no exige tocar código de aplicación, y guardrails de política que fuerzan disciplina de blast radius y SLO. El mismo paper reporta que el 89% de las organizaciones encuestadas hoy corren multi-cloud, que es el ambiente donde estos modos de falla (drift de DNS entre clouds, ciclo de vida de token IAM distinto, rate limiter local de región) viven de verdad.

Más reciente, el paper de arxiv [ChaosEater (2025)](https://arxiv.org/abs/2511.07865) da el siguiente paso: ciclo de chaos completamente orquestrado por LLM, donde el modelo asume diseño, ejecución y análisis del experimento bajo guardrails de política. Es la misma dirección que los cuatro productos de arriba están caminando, vista desde el lado de la investigación.

Cuatro corrientes convergen (chaos engineering, observabilidad, IA / LLMs, plataforma), y no es una slide de marketing. Es el workflow real dentro del cual ocurrió mi accidente de staging. El chaos engineering aportó el experimento. La observabilidad aportó el stream de métrica que detectó la violación de SLO en 90 segundos. El LLM aportó el diseño del experimento y, después, ayudó a leer la cadena de log que ancló el bug de producción. La ingeniería de plataforma (Steadybit + hooks + CLAUDE.md) mantuvo el blast radius fuera de producción.

Quita cualquiera de las cuatro y la historia termina distinto. Sin LLM, nadie del equipo habría propuesto el experimento 4. Parecía obviamente imprudente. Sin observabilidad, la violación tarda minutos en notarse. Sin guardrail de política, "vamos a confirmar en prod" pasa de verdad. Sin chaos como práctica deliberada, el bug queda invisible otros 6 meses más.

## Qué le diría a quien va a intentar esto la próxima semana

Si quieres intentar la misma cosa sin tumbar tu propio staging a las 11 de la noche, esto es lo que haría distinto con retrovisor.

Empieza con el experimento 1 solo, en un único namespace, con el blast radius capeado en 10% de los pods. Trata al primer verde como señal de ampliar el blast radius, no como declaración de victoria. El experimento interesante es el que llega justo después del punto donde el sistema puede absorber.

Escribe el CLAUDE.md y los hooks **antes** de conectar el MCP server. No después, no en paralelo, antes. La tentación cuando tienes un juguete nuevo es jugar con él por una hora y agregar los guardrails después. Esa hora es cuando staging se muere. Es también la hora en la que tienes menos paciencia para escribir reglas.

Mantén los prompts post-corrida cortos. "Resumí lo que falló, qué SLO violó, y la causa raíz más probable" ya alcanza. Prompt largo después de violación de SLO arrastra al LLM a modo narrativa, que es el modo equivocado. Quieres al LLM en modo evidencia, no en modo cuento.

Lleva el hábito del post-mortem del chaos al AI-coding en general. Este post existe porque tenía una página de notas del incidente de 90 segundos, en el mismo formato de nuestros docs de incidente normales. Sin esa página, este sería un post de vibe. Con ella, tengo un párrafo por pieza de evidencia y una corrección que entró a prod la misma semana.

La IA diseña chaos más rápido que cualquier SRE con el que haya trabajado. Sin los tres guardrails, mata staging más rápido también. Ponle los tres, y obtienes la versión donde el LLM encuentra el bug que llevabas medio año sin encontrar, y el on-call del fin de semana se queda con su fin de semana.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/es/)*

---

# Por qué Claude ignora tu CLAUDE.md 1 de cada 20 veces (y cómo lo arreglé con exit code 2)

URL: https://kenimoto.dev/es/blog/claude-code-hooks-exit-code-2-reglas-deterministas/
Lang: es
Date: 2026-06-05
Description: Escribí tres veces en CLAUDE.md que no tocara el .env. Claude aceptó tres veces, con educación, y a la cuarta lo tocó. Una petición se cumple 95 de cada 100 veces. Para cerrar el 5 por ciento restante hay que convertir la petición en programa: un hook con matcher de argumentos y exit code 2.

Escribí en mi CLAUDE.md, tres veces, con tres redacciones distintas, que no tocara los archivos `.env`. Claude estuvo de acuerdo las tres veces, con mucha educación. A la cuarta sesión, abrió uno y lo editó.

No fue mala fe: fue lo que pasa siempre. Una instrucción en CLAUDE.md es una petición, y una petición se cumple casi siempre. "Casi" es la palabra cara. Si Claude respeta tu regla 95 de cada 100 veces, ese 5 por ciento restante es justo el que termina en un incidente de producción.

La forma de cerrar ese hueco no es escribir la regla más bonita. Es dejar de pedir y empezar a programar. Y la pieza que lo hace cabe en un dígito: la diferencia entre `exit 1` y `exit 2`.

## La diferencia entre pedir y obligar

CLAUDE.md le habla a Claude. Los hooks le hablan al runtime de Claude Code. Es una distinción que tardé en entender, pero lo cambia todo.

CLAUDE.md es una instrucción que el modelo interpreta, recuerda y, a veces, olvida. Un hook es código que se ejecuta cuando Claude intenta hacer algo, antes de que lo haga. No depende de que el modelo "se acuerde". Se dispara siempre, en cada intento, porque está programado para hacerlo.

Es como pegar un cartel de "no entrar" frente a una puerta abierta, contra ponerle una cerradura. El cartel funciona casi siempre. La cerradura funciona el 100 por ciento de las veces, incluso cuando nadie está mirando.

## El hook que de verdad bloquea

Los hooks se definen en `settings.json`. La estructura tiene tres capas: el nombre del evento, el matcher, y el handler que se ejecuta.

El evento clave para bloquear es `PreToolUse`: se dispara antes de que una herramienta se ejecute. Y aquí entra el detalle que casi nadie lee.

```json
{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Edit|Write",
        "hooks": [
          {
            "type": "command",
            "if": "Edit(*.env*)|Write(*.env*)",
            "command": "echo 'Editar archivos .env esta bloqueado' >&2; exit 2"
          }
        ]
      }
    ]
  }
}
```

Dos piezas hacen el trabajo. La primera es el campo `if`, que filtra por los argumentos de la herramienta, no solo por su nombre. `Edit|Write` dispara con cualquier edición; `if: "Edit(*.env*)"` dispara solo cuando el archivo es un `.env`. Sin `if`, el hook se ejecutaría en cada edición y se volvería ruido. Con `if`, se ejecuta exactamente donde importa.

La segunda pieza es ese `exit 2` al final, y es donde se gana o se pierde todo.

## exit 1 contra exit 2: un dígito que lo decide

Cuando el comando de un hook `PreToolUse` termina, su código de salida define qué pasa:

| Código de salida | Qué hace |
|---|---|
| `0` | Todo bien, la herramienta se ejecuta |
| `1` | Error **no bloqueante**: se registra en el log y la herramienta se ejecuta igual |
| `2` | **Bloqueo**: la herramienta no se ejecuta, y el texto de stderr vuelve a Claude como mensaje de error |

Ahí está la trampa en la que yo caí. Mi primer hook terminaba con `exit 1`. Lo probé, vi el mensaje de error en el log, y di la regla por cerrada. No estaba cerrada: `exit 1` solo deja constancia del lamento. La herramienta se ejecutaba de todos modos. El `.env` se editaba, y el log decía, con calma, que algo había pasado.

`exit 2` es otra cosa. Bloquea de verdad, y además le devuelve a Claude el mensaje de stderr, así que el modelo entiende por qué se frenó y no se queda dando vueltas. Un dígito de diferencia separa "queda anotado en el log" de "hay una pared".


## La forma explícita, para cuando quieres estar seguro

Hay una variante más declarativa para `PreToolUse`: en lugar de un código de salida, el hook devuelve un JSON que dice qué decisión tomar.

```json
{
  "hookSpecificOutput": {
    "hookEventName": "PreToolUse",
    "permissionDecision": "deny",
    "permissionDecisionReason": "Comando destructivo bloqueado"
  }
}
```

El campo `permissionDecision` acepta cuatro valores: `allow` (saltar el prompt de permiso y permitir), `deny` (rechazar la llamada), `ask` (pedir confirmación al usuario) y `defer` (ceder el control a una UI externa en modo headless). Para una política de equipo, `deny` es el equivalente declarativo del `exit 2`: dice de forma explícita "esto no se ejecuta".

Un detalle que vale recordar, porque a más de uno le ha costado una tarde: `PreToolUse` usa `hookSpecificOutput.permissionDecision`, mientras que otros eventos usan un `decision` plano en la raíz. Si mezclas los dos esquemas, tu bloqueo no se dispara y vuelves a estar en el cartel de papel.

## De la petición a la política

Lo bonito de esto es que escala más allá del `.env`. La misma estructura convierte cualquier "por favor no hagas X" en una regla que no se puede saltar.

```json
{
  "matcher": "Bash",
  "hooks": [
    {
      "type": "command",
      "if": "Bash(git push --force*)",
      "command": "echo 'force push bloqueado' >&2; exit 2"
    }
  ]
}
```

`git push --force` en una rama compartida, `rm -rf` en el lugar equivocado, escrituras sobre archivos de credenciales: todo eso deja de depender de que el modelo recuerde la regla. Tu equipo (y tus compañeros van a agradecerlo) trabaja contra paredes, no contra carteles.

## Cierre

Le pedí a Claude tres veces que no tocara el `.env`. Lo aceptó con educación y lo tocó igual, porque una petición se olvida. No era un problema de redacción: era un problema de mecanismo.

La solución cabe en dos piezas y un dígito: el campo `if` para disparar solo donde importa, y `exit 2` (o `permissionDecision: "deny"`) para bloquear de verdad en lugar de solo dejar constancia. Las peticiones se olvidan; los programas no. Si tu equipo tiene una regla que "casi siempre" se cumple, escríbela en `exit 2` y deja de rezar para que se cumpla la próxima vez.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/es/)*

---

# Le dije a Claude Code que hiciera TDD. Escribió el test DESPUÉS del código 6 de 10 veces

URL: https://kenimoto.dev/es/blog/claude-code-tdd-test-despues-codigo-6-de-10/
Lang: es
Date: 2026-05-23
Description: Mi CLAUDE.md decía `## TDD Primero`. Claude lo leyó con cuidado y lo ignoró con cuidado, 6 de 10 veces. Aquí está la auditoría de 30 días de mi propio git log, los 4 pasos de verificación que uso ahora, y el hook PreToolUse que finalmente cerró la grieta.

Mi CLAUDE.md tenía una sección que decía `## TDD Primero`. Seis líneas, muy claras. Después de pasar veinte minutos redactándola, hice una auditoría de 30 días de mis propios commits y descubrí que, en las funcionalidades que le pedí a Claude Code que implementara con TDD, el archivo de test se commiteó *después* del archivo fuente 6 de 10 veces. No "el test falló primero y luego lo arreglé". El archivo de test no existía en el momento en que el archivo fuente se commiteó.

Este es el procedimiento de verificación de 4 pasos que armé después de esa auditoría, y el hook PreToolUse que cerró la grieta. Lo escribí pensando en el equipo LatAm que usa Claude Code en su día a día, porque los 4 pasos no requieren herramientas pagas, no dependen de qué editor uses, y funcionan tanto en mi computadora como en la tuya. Ustedes pueden adoptarlos hoy sin pedir aprobación a nadie.


## La auditoría de 30 días: cómo la hice

Recomiendo replicar esta auditoría en su propio repositorio antes de seguir leyendo. Toma unos 15 minutos y los números que salen son su propia evidencia.

**Paso 1: Extraer el log de commits con archivos.** En la raíz del repositorio:

```bash
git log --since="30 days ago" --name-only --pretty=format:'%h %ai %s' > audit.txt
```

Esto te da, por cada commit, la fecha y hora exacta, y la lista de archivos modificados.

**Paso 2: Agrupar por funcionalidad.** En mi caso, una "funcionalidad" es un conjunto de commits con la misma rama de feature o el mismo issue. Si no etiquetas tus commits con un identificador de issue, puedes agrupar manualmente leyendo los mensajes.

**Paso 3: Para cada funcionalidad, anotar la marca de tiempo del primer commit que toca el archivo fuente, y la marca de tiempo del primer commit que toca el archivo de test correspondiente.** Si el archivo de test no existe, anotar "ausente".

**Paso 4: Contar.** Para cada funcionalidad, marcar si el test fue antes, después, o en el mismo commit. La proporción es tu número.

En mi auditoría salieron estos resultados de las 10 funcionalidades del último mes:

| Funcionalidad | Test commiteado | Diferencia |
|---------------|------------------|------------|
| 1 | Después del código | +4 min |
| 2 | Antes del código | -1 min |
| 3 | Después del código | +12 min |
| 4 | No existe (`# TODO: tests`) | — |
| 5 | Antes del código | -3 min |
| 6 | Después del código | +90 seg |
| 7 | Antes del código | -2 min |
| 8 | Después del código | +23 min |
| 9 | Antes del código | -1 min |
| 10 | Después del código | +8 min |

Seis de diez con el test después del código. Yo le pedía TDD a Claude en cada uno. Tenía la sección `## TDD Primero` en CLAUDE.md. En las funcionalidades más complejas pegaba la secuencia red-green-refactor en el prompt. Y aún así, seis de diez veces, Claude escribía la implementación primero y luego (o nunca) el test.

## Por qué pasa esto: predicción de siguiente token

No es que Claude sea perezoso. Es que está haciendo exactamente lo que fue entrenado para hacer. Una predicción de siguiente token, dado el contexto.

En los datos de entrenamiento, la mayoría abrumadora de las respuestas a "implementa esta funcionalidad" tienen la forma *aquí está la función que hace X*, opcionalmente seguida de *y aquí está el test*. La secuencia "test primero, falla, luego implementación" es rara en repositorios públicos porque los humanos rara vez commiteamos la fase roja como un commit aparte. Commiteamos la fase verde. El modelo nunca construyó un prior fuerte para la secuencia red-first.

Varios escritos de la comunidad de Claude Code apuntan a lo mismo. El [análisis del red-green-refactor loop en alexop.dev](https://alexop.dev/posts/custom-tdd-workflow-claude-code-vue/) argumenta que la única forma confiable de imponer TDD es desde fuera del modelo, con hooks o skills que el agente no pueda evadir a mitad de camino. El [walkthrough de la TDD Skill en BSWEN](https://docs.bswen.com/blog/2026-03-25-tdd-skill-claude-code/) y la [guía de aihero.dev](https://www.aihero.dev/skill-test-driven-development-claude-code) coinciden en otro punto importante: Claude a veces modifica el test para que pase en lugar de arreglar la implementación. Si commiteamos el test antes que la implementación, el diff revela el cambio. Si commiteamos los dos juntos, no hay diff que mirar.

Yo no estaba haciendo nada de eso. El modelo tenía un prior débil para test-first, y yo tenía un flujo de trabajo débil que no compensaba el prior débil. Seis de diez tiene mucho sentido en retrospectiva. Lo sorprendente es que no haya sido más alto.

## El procedimiento de 4 pasos para forzar TDD real

Ahora vienen los 4 pasos. Recomiendo aplicarlos en orden. Cada uno cierra una grieta diferente.

**Paso 1: Prompt explícito de fase roja.** En lugar de "implementa X con TDD", usar: *"Escribe un test que falle para [funcionalidad] en `tests/X_test.py`. NO escribas la implementación todavía. Ejecuta el test y confirma que falla antes de continuar."* La palabra "NO" es la que hace el trabajo. "Con TDD" es vibra. "NO escribas la implementación todavía" es restricción.

**Paso 2: Commitear el test antes de la implementación.** Una vez que Claude escribe el test que falla, hacer `git add tests/X_test.py && git commit -m "red: test failing for X"`. Solo eso. Sin la implementación. Esto te da un punto en la historia de git en el que existe el test y no existe la implementación. Si más tarde Claude modifica el test para "hacerlo pasar", el diff es visible y reversible.

**Paso 3: Pedir la implementación en un segundo turno (segundo mensaje).** Después de commitear el test, abrir un nuevo turno con: *"Ahora implementa la función necesaria para que el test en `tests/X_test.py` pase. No modifiques el test."* El "no modifiques el test" es importante porque, como mencioné arriba, Claude a veces toma el atajo de modificar el test.

**Paso 4: Confirmar que el test pasa por la razón correcta.** Antes de mergear, leer la implementación y el test lado a lado y preguntarse: *¿el test pasa porque la implementación es correcta, o pasa porque el test es laxo?* Si la implementación devuelve un valor hardcodeado y el test verifica exactamente ese valor hardcodeado, el test no está verificando nada útil.

Estos 4 pasos te llevan de "le pedí TDD y se lo saltó" a "le pedí TDD y lo hizo, pero podría haber tomado un atajo". Para cerrar también esa última grieta, hace falta un hook.

## El hook PreToolUse que cierra la grieta

Los 4 pasos requieren que ustedes estén al teclado y presten atención. Si el equipo se distrae, o si alguien hace los 4 pasos en un solo turno por ahorrar tiempo, la grieta vuelve a abrirse.

Claude Code permite registrar hooks que interceptan llamadas a herramientas antes de que se ejecuten. Un hook PreToolUse sobre Write o Edit recibe la ruta del archivo que el modelo está por modificar. Si el modelo intenta escribir en `src/foo.py` y no existe un `tests/foo_test.py` que actualmente falle, el hook puede salir con código 2, lo que Claude Code interpreta como "esta llamada está denegada, aquí está la razón, intenta de nuevo".

Esta es la versión mínima que funciona en un proyecto Python con pytest:

```json
{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Write|Edit",
        "hooks": [{
          "type": "command",
          "command": "python3 .claude/hooks/require-failing-test.py"
        }]
      }
    ]
  }
}
```

El script lee la ruta del archivo desde el payload del tool call, mapea `src/X.py` a `tests/X_test.py`, verifica que el archivo de test exista, ejecuta `pytest tests/X_test.py --no-header -q`, y sale con código 2 si pytest sale con código 0. Si el test todavía no existe o si actualmente falla, el hook deja pasar la edición. Si el test existe y ya pasa, el hook bloquea la edición con un mensaje del tipo *"debe existir un test que falle en tests/X_test.py antes de modificar src/X.py. Escribe primero el test que falle."* Ese mensaje aparece en el contexto del próximo turno del modelo. El modelo no tiene opción.

Hay casos de borde. El test puede pasar por una razón equivocada; el hook no detecta eso, para eso está el paso 4 del procedimiento manual. El mapeo de archivo fuente a archivo de test es específico de cada proyecto; el mío está hardcodeado. Y tengo una válvula de escape — un comentario mágico `# tdd-bypass: refactor` en la primera línea — para commits de refactor donde genuinamente quieres editar sin un test nuevo que falle, porque refactor se supone que preserva comportamiento, no que agregue. El hook respeta la válvula, pero la registra en un archivo que reviso al final de cada semana.

La primera semana, el registro tenía 22 usos de la válvula. La segunda semana, 4. Ese número bajando es el objetivo entero.


## La auditoría 30 días después

Reauditeé el repositorio 30 días después de instalar el hook. Mismo proyecto, mismo tipo de funcionalidades, mismo estilo de prompt. Los números:

- Test commiteado antes que el código: **9 de 10** (subió de 4 de 10)
- Test commiteado en el mismo commit que el código, pero escrito antes según las marcas de modificación del archivo: 1 de 10
- Test commiteado después del código: 0 de 10

La única funcionalidad con test en el mismo commit fue un helper de configuración de 12 líneas que bypassé legítimamente con el comentario mágico. En términos de TDD cumplido cuando la regla aplica, 10 de 10.

No quiero declarar que el hook convirtió a Claude en un practicante disciplinado de TDD. No lo hizo. El modelo todavía a veces escribe implementaciones que se ven sospechosas desde la perspectiva de "el test parece diseñado en función de la implementación". Lo que el hook da es *orden*: un test que falla debe existir antes de que el código fuente pueda ser modificado. Eso solo cierra el círculo en el que Claude estaba retrofiteando tests sobre código que ya estaba moldeando las aserciones del test.

## Cuándo NO usar TDD

Antes de instrumentar nada de esto, vale la pena identificar las tareas donde TDD es la herramienta equivocada. Refactors que deberían ser un no-op a nivel de comportamiento. Scripts de un solo uso que voy a tirar en 20 minutos. Migraciones de datos puras. Ajustes de UI donde el test sería un snapshot de sí mismo.

Forzar TDD en estas tareas no mejora el código, solo pesa el flujo de trabajo sin retorno. La válvula de escape existe para estos casos. La revisión semanal del registro de la válvula es donde noto si estoy abusando.

"Bypassé TDD porque el test era difícil de escribir" es un mal olor. "Bypassé TDD porque el código era un snapshot de nombres de clases CSS" está bien. La auditoría, no la regla, es lo que mantiene el flujo honesto.

Mi CLAUDE.md sigue diciendo `## TDD Primero`. Lo dejé ahí por vibra. Nunca iba a ser la parte que hiciera el trabajo. El hook es la parte que hace el trabajo, y la auditoría es la parte que decide si el hook sigue afinado.

## Fuentes

- [TDD with Claude Code (FlorianBruniaux/claude-code-ultimate-guide)](https://github.com/FlorianBruniaux/claude-code-ultimate-guide/blob/main/guide/workflows/tdd-with-claude.md)
- [How to Implement TDD with Claude Code TDD Skill (BSWEN, Mar 2026)](https://docs.bswen.com/blog/2026-03-25-tdd-skill-claude-code/)
- [My Skill Makes Claude Code GREAT At TDD (aihero.dev)](https://www.aihero.dev/skill-test-driven-development-claude-code)
- [Forcing Claude Code to TDD: an agentic red-green-refactor loop (alexop.dev)](https://alexop.dev/posts/custom-tdd-workflow-claude-code-vue/)

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/es/)*

---

# Pillé a Claude escondiendo mi bug 3 veces seguidas. Después convertí 10 hábitos de debug en prompts.

URL: https://kenimoto.dev/es/blog/claude-escondio-mi-bug-3-veces-10-habitos-debug/
Lang: es
Date: 2026-05-15
Description: Le pedí a Claude que arreglara un error 500 de la API. Primer intento: try-catch. Segundo: valor default en el retorno. Tercero: retry con backoff. El 500 desapareció. Dos horas después, el mismo incidente apareció en otro endpoint. La causa real era agotamiento del connection pool. Claude no estaba arreglando el bug, lo estaba escondiendo. Te muestro los 10 hábitos de debug que convertí en prompts para que no vuelva a hacerlo, con plantillas de CLAUDE.md y hooks listas para copiar.

Le pedí a Claude que arreglara un error 500 que salía de uno de mis endpoints de API. Primer intento: envolvió la llamada en try-catch y logueó el error. Segundo intento: puso un valor default en el retorno para que el caller no reventara. Tercer intento: agregó retry con exponential backoff.

El 500 desapareció. Subí la tercera "corrección" a producción con total confianza. Dos horas después, el on-call se despertó. El mismo incidente se había mudado a otro endpoint que compartía el mismo cliente de base de datos. La causa real era agotamiento del connection pool. Claude no estaba arreglando el bug. Lo estaba escondiendo de tres formas distintas.

Hoy cuento cómo convertí 10 hábitos de debug en plantillas de prompt para que Claude no me vuelva a hacer eso. Además, dejo dos archivos que escribes una vez y no tocas más: un bloque para CLAUDE.md y dos hooks (PreToolUse y PostToolUse) listos para copiar.


## Las 3 "correcciones" que casi se publicaron

Cada uno de los tres intentos se veía correcto si lo mirabas por separado.

**Intento 1 — try-catch.** El handler ahora atrapaba la excepción, la logueaba y devolvía 500 al usuario. Desde el punto de vista de la API, mejoró. Desde el punto de vista del bug, la conexión que disparó el error volvía al pool en un estado roto.

**Intento 2 — valor default en el retorno.** La función ahora devolvía una lista vacía en lugar de lanzar excepción. El 500 desapareció de ese endpoint. La inconsistencia que la lista vacía generó cayó en un cache downstream y se quedó ahí una hora.

**Intento 3 — retry con exponential backoff.** Tres retries, cada uno abriendo una nueva conexión. El pool se drenó más rápido. El 500 desapareció de ese endpoint porque la llamada ahora tenía éxito en el segundo o tercer intento. Otros endpoints que compartían el mismo pool ahora empezaron a dar timeout.

En los tres, el síntoma desapareció del endpoint que yo había pedido revisar. La causa solo se mudó de barrio. Le pedí a Claude que debugueara, pero no le pasé ninguna regla contra suprimir el síntoma, así que suprimió el síntoma, porque eso es lo que la predicción de next-token quiere hacer.

Sobre cómo este tipo de cosas también rompe la infraestructura *alrededor* del agente de IA (no la salida del modelo, sino el bus y el dispatcher), escribí una versión más alegre en mi post sobre [9 bugs en mi pipeline de IA](https://kenimoto.dev/blog/9-bugs-in-my-ai-pipeline/) (en inglés). Ese post hablaba de la plomería alrededor del modelo. Este habla del modelo escribiendo la plomería.

## Por qué la IA cae en suprimir el síntoma

La Stack Overflow Developer Survey de 2025 reportó que cerca del 80% de los desarrolladores profesionales usaba o planeaba usar herramientas de IA, y la fracción que de verdad confiaba en la salida había bajado respecto del año anterior. Las publicaciones posteriores que he ido leyendo insisten en lo mismo: los bugs del código generado por IA se concentran en errores de lógica y en manejo de entrada/salida, con una densidad notoriamente mayor que el código humano de seniority equivalente. La cifra más citada anda alrededor de 1.7x de densidad de bugs, aunque cada estudio mide distinto y vale revisar la metodología antes de citar de memoria.

El mecanismo no es ningún misterio. Un LLM predice el próximo token más plausible dado el contexto. "Patrón de error handling" es una de las cosas más sobre-representadas en sus datos de entrenamiento. Try-catch, null-check, default en el retorno, retry: estadísticamente, son las ediciones que más aparecen cuando alguien escribe "arregla este error" en un repositorio público. El modelo está haciendo exactamente lo que aprendió a hacer.

Lo que falta es otro tipo de token. "Todavía no identifico la causa raíz. Sigo investigando." Esa frase es rara en los datos de entrenamiento porque los humanos rara vez la commiteamos. Commiteamos la corrección, no el "todavía no la encontré". Así que el modelo nunca aprendió a estar por default en "sigo mirando".

Hay que ponerle ese token a mano. Para eso sirve la siguiente sección.

## 10 hábitos de debug → 10 plantillas de prompt

Cada item mapea a un hábito clásico de debug. Cada uno es una frase que pego en el prompt o en el CLAUDE.md, según qué tan permanente quiera que sea.


**1. Duda del input.** "Antes de proponer una corrección, confirma que los logs que estás leyendo están completos y que el monitoring en el que confías realmente reporta el estado que crees que reporta." Este es el que Claude más se salta. Diagnostica feliz desde un archivo de log que está rotado a la mitad.

**2. Reproduce antes de corregir.** "Reproduce el bug localmente y muestra los pasos mínimos. Si no puedes reproducirlo, dilo explícitamente y detente." El "detente" es donde está el trabajo. Le cierra la puerta a adivinar.

**3. Encuentra la frontera.** "Identifica la frontera entre el comportamiento que funciona y el que está roto. ¿Cuál es el último componente que devuelve datos correctos?" Empuja al modelo a dejar de adivinar línea por línea y empezar a reducir capa por capa.

**4. Diferencia contra un estado bueno conocido.** "Compara el código actual con el último estado funcional conocido. Ejecuta `git log --oneline -20` e identifica cualquier cambio que pueda correlacionar con la ventana de falla." Este es el prompt que hace aparecer el commit que nadie recuerda haber hecho.

**5. Arma una línea de tiempo.** "¿Desde cuándo está fallando? ¿Es súbito o gradual? Mapea la tasa de error contra los horarios de deploy, picos de tráfico y cambios de configuración." Súbito + correlacionado con deploy es un bug. Gradual + descorrelacionado es otro bug completamente distinto. Confundirlos es como se apilan tres "correcciones".

**6. Audita retry, cache y timeout.** "Lista cada retry, cache y timeout en el camino. Para cada uno, describe qué pasa cuando la llamada subyacente está lenta pero no fallida." Este, si lo hubiera tenido, habría detectado el agotamiento del pool en la primera pasada.

**7. Busca caminos de amplificación.** "¿Hay algún camino donde un error pequeño se multiplique? ¿Una llamada fallida que dispara tres retries, cada uno abriendo una nueva conexión, cada uno agregando latencia a la siguiente?" Si el retry storm está adentro de un autoscaler, te llevas de regalo una instance storm.

**8. Agrega observabilidad, no adivines.** "Si no tienes suficiente observación para identificar la causa, propón qué líneas de log o traces específicos agregar. No propongas corrección todavía." Eso convierte "no sé" en "mide acá", que es una respuesta mucho más útil que una corrección falsa.

**9. Simplifica el sospechoso.** "Quita componentes no esenciales del camino que falla hasta que el bug sea reproducible en la forma más simple posible. ¿Cuál es el input más chico que todavía lo dispara?" La mayoría del bug, casi siempre, no estaba en la parte que estabas mirando.

**10. Rompe a propósito.** "Para verificar una hipótesis, propón un cambio intencional que debería empeorar o mejorar el bug. Predice el resultado antes de ejecutarlo." Convierte el debug de observación en experimento. Y atrapa las mentiras que te está contando el monitoring.

Los 10 hábitos vienen del trabajo clásico de David Agans (*Debugging: The 9 Indispensable Rules*, 2002) más un par de años propios de tropezar con pipelines de IA. La versión "cómo se traduce a prompt y cómo cabe en CLAUDE.md" la fui armando incidente por incidente. Esta lista es el estado actual.

## Persistir las reglas en CLAUDE.md

Pegar 10 frases en cada prompt no escala. CLAUDE.md es donde se aplican las reglas.

La guía de Anthropic con la que vuelvo siempre es mantener CLAUDE.md en algo entre 100 y 150 líneas, para que entre en el contexto en cada turno. Gastar 12 de esas líneas en debug es buena inversión.

```markdown
## Debugging Rules

- No escribas código de corrección hasta haber identificado la causa raíz.
- No suprimas síntomas. Si el síntoma desapareció pero la causa sigue desconocida, eso no es una corrección.
- Antes de corregir, escribe un test que falle y que reproduzca el bug.
- Después de corregir, ejecuta la suite de tests completa y reporta cualquier test nuevo que falle.
- Si tres intentos fallan en fila sobre el mismo bug, detente. Resume qué intentaste, qué descartaste y qué hipótesis queda, y pide input humano.

## Debugging Workflow

1. Root Cause Investigation: lee logs, traces y el camino del código.
2. Pattern Analysis: busca el mismo anti-patrón en otros lugares del codebase.
3. Hypothesis Testing: escribe un test que falle si y solo si la hipótesis es correcta.
4. Implementation: solo después de que 1-3 hayan pasado.
```

El detalle importante es que esto son *restricciones*, no instrucciones. "No escribas código de corrección hasta..." funciona mejor que "investiga primero". El formato de restricción es lo que evita que la máquina de next-token salte alegremente al paso siguiente.

Esta capa de equipamiento (restricciones en el prompt, comportamiento en los hooks, información en MCP) es la misma que usé cuando separé un agente grande en [Observer, Strategist y Marketer](https://kenimoto.dev/es/blog/tres-roles-observer-strategist-marketer-separacion). Esta es la semana de debug del mismo arsenal.

## Automatizar reflejos con hooks

CLAUDE.md es el cerebro. Los hooks son los reflejos. Dos importan para debug.

**PreToolUse: bloquear comandos destructivos.** A mitad del debug, el modelo a veces sugiere algo tipo `rm -rf node_modules`. En un mal día, sugiere un `DROP TABLE` puro. Un hook PreToolUse intercepta la llamada a la herramienta Bash, hace un grep al string del comando contra una denylist corta, y sale con exit 2 para bloquear. Claude Code trata el exit code 2 de un hook PreToolUse como "esta llamada está denegada, avísale al modelo el motivo".

```json
{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash",
        "hooks": [{
          "type": "command",
          "command": "if echo \"$TOOL_INPUT\" | grep -qE 'rm\\s+-rf|DROP\\s+TABLE'; then echo 'BLOCK: destructive command' >&2; exit 2; fi"
        }]
      }
    ]
  }
}
```

**PostToolUse: ejecutar tests después de editar.** Matcher `Edit|Write`, command ejecuta tu suite de tests o al menos un subset rápido. El modelo ahora ve el test fallar en el turno siguiente y reacciona en el mismo turno en que lo creó, en lugar de acordarse 30 mensajes después. La [referencia oficial de hooks de Claude Code](https://code.claude.com/docs/en/hooks) cubre los matchers y la convención de exit codes en detalle. Vale leerla una vez antes de escribir el tuyo.

Estos hooks no son magia. Son guardas baratas que cubren el escenario en que el modelo está intentando "ayudar rápido" y por eso elige el atajo destructivo. La combinación CLAUDE.md + PreToolUse + PostToolUse es la capa de equipamiento del debugger de IA.

## Cuando 3 correcciones escondidas seguidas significan "frena"

La regla más útil, la única que me habría ahorrado el on-call de esa noche:

> Si tres intentos seguidos fallan en arreglar el mismo bug, detente y escala.

El 3 no tiene magia. Es el punto donde el costo de un intento más supera el costo de admitir que el bug es estructural. En el tercer intento, el modelo suele estar haciendo pattern-matching arriba de pattern-matching, y un ojo humano sale más barato que un cuarto retry.

"Deja que Claude debuguee" es media verdad. Es rápido, sí. Solo que por default es rápido en *esconder* el problema, a menos que lo armes diferente. Los 10 prompts lo arman. CLAUDE.md los recuerda por ti. Los hooks atrapan lo que se cuela. Ninguno cuesta caro. La llamada de on-call a las 11 de la noche, sí.

Fuentes:
- [2025 Stack Overflow Developer Survey, AI section](https://survey.stackoverflow.co/2025/ai)
- [Closing the developer AI trust gap (Stack Overflow Blog, feb 2026)](https://stackoverflow.blog/2026/02/18/closing-the-developer-ai-trust-gap/)
- [Claude Code Hooks reference](https://code.claude.com/docs/en/hooks)

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/es/)*

---

# Le pedí a Claude que refactorizara 100 funciones. 7 quedaron más lentas en producción

URL: https://kenimoto.dev/es/blog/claude-refactor-100-funciones-7-mas-lentas-produccion/
Lang: es
Date: 2026-05-24
Description: Claude Code refactorizó 100 funciones de mi servicio en Python. CI verde, mutation testing también. Dos semanas después, on-call me llamó porque p95 había crecido en 7 endpoints. Esta es la guía LatAm con los 4 pasos que ahora aplico antes de mergear cualquier refactor hecho por IA, con un checklist concreto.

Le pedí a Claude Code que refactorizara 100 funciones de un servicio en Python que mantengo. Lo hizo en dos pasadas. CI quedó en verde en ambas. La descripción del PR estaba tan ordenada que casi me sentí mal mergeando un viernes por la tarde.

Dos semanas después, on-call me despertó porque el p95 de un endpoint había subido de 180 ms a 240 ms. Empecé a hacer bisect. El bisect cayó en el PR del refactor. Empecé a leer el PR del refactor. 7 de las 100 funciones eran más lentas en producción. CI nunca lo detectó porque CI no mide "más lento". Mide "devuelve el mismo valor".

Este artículo es una guía práctica para LatAm. No es "no uses Claude para refactorizar", porque después de los 7 problemas refactoricé otras 240 funciones con el flujo nuevo y no tuve regresiones. Es la lista concreta de 4 pasos que ahora aplico antes de mergear cualquier refactor hecho por IA, con los patrones específicos que CI no ve.

## El contexto, para que sepas si esto te sirve

El servicio: Python 3.12, unos 18 mil líneas de lógica de negocio, FastAPI en el borde, asyncpg contra Postgres, cache en Redis y un módulo de scoring CPU-bound que se ejecuta en cada request. Las 100 funciones eran un lote curado: chicas a medianas, puras donde se podía, todas con tests unitarios.

Le pedí a Claude Code que aplicara un conjunto estándar de mejoras: early returns, variables extraídas para números mágicos, comprensiones donde el loop hacía una sola cosa, conversión a dataclass para tuplas ad hoc. Sin reescrituras. Sin cambios arquitectónicos. Sin tocar nada que no estuviera en el alcance del refactor.

Dos lotes de 50, cada uno como un PR aparte, cada uno con su propio run de CI en una máquina de 8 cores. Los tests unitarios pasaron. Una corrida de mutation testing con `mutmut` quedó limpia, la tasa de kill subió de 78% a 81%. Por todas las señales que tenía, el código era equivalente y un poco mejor.

Que es exactamente el tipo de confianza que termina con una llamada a las 7:42 pm del viernes durante la cena de cumpleaños de mi pareja.


## Los 3 patrones que aparecieron en las 7 funciones lentas

Cuando me senté a leer las 7 funciones lentas en paralelo, aparecieron tres patrones. Ninguno es obvio. Los tres son del tipo que CI no puede detectar por su forma de funcionar.

**Patrón 1: comprensiones que recorren dos veces.** Cuatro de las 7 eran loops que Claude convirtió en list comprehension. La comprehension estaba correcta. También estaba recorriendo el input dos veces, una para filtrar y otra para mapear, porque Claude había separado el predicado y la proyección para que se lea mejor. El loop original hacía las dos cosas en una sola pasada con un `if` y un `continue`. En una lista de 50 elementos que se procesa una vez por request, la diferencia era 1,4 ms. En el hot path, multiplicado a lo largo del request, eran unos 12 ms de p95.

Lo habría detectado en code review si hubiera leído el código viejo y nuevo línea por línea. No lo hice, porque el diff parecía un cleanup de manual y el test pasaba.

**Patrón 2: early returns que rompían un cache.** Dos de las 7 usaban `@functools.lru_cache` en la función externa. Claude agregó un guard clause que devolvía `None` con input inválido antes de la consulta al cache. La intención era defensiva. El efecto fue que el cache dejó de poblarse para todo el camino de input válido, porque la función ahora retornaba por una ruta que no estaba memoizada. La tasa de hit cayó de 91% a 6% en esa función. La función en sí era rápida. La caída de 85 puntos de hit rate no lo era.

Esto no lo detectas en un test unitario. Lo detectas en un load test, o en producción, o leyendo la función con la pregunta "¿cuál era el rol de esta función en el sistema, no solo cuál es su contrato?".

**Patrón 3: conversión a dataclass que rompió el fast path de asyncpg.** Una función devolvía una tupla que asyncpg podía desempaquetar directamente en su decoder de filas. Claude convirtió la tupla a un dataclass con los mismos campos, que estructuralmente es más limpio y semánticamente idéntico. También forzó una allocation adicional y un llamado a `__init__` por fila. Con 800 filas por request y 30 requests por segundo, suma unos 8 ms de p95.

Este es mi favorito, porque es el ejemplo más limpio de "el refactor está bien y el refactor está mal". El código lee mejor. El sistema va más lento.

## Por qué CI y mutation testing dijeron que sí

Un párrafo sobre esto, porque me llevó un tiempo internalizarlo.

Los tests unitarios verifican que la función devuelva el mismo valor para el mismo input. No verifican que lo devuelva más o menos en el mismo tiempo, con más o menos el mismo patrón de allocations, sosteniendo más o menos los mismos locks. El mutation testing verifica que tus tests noten si la lógica del código cambia. Tampoco notaría "esta función ahora hace allocation de un dataclass por fila en vez de desempaquetar una tupla", porque los mutators del mutation testing no incluyen "cambia la estructura de datos".

Dicho de otra forma: todas las herramientas que tenía en mi pipeline de CI respondían a la pregunta "¿este código es correcto?". Ninguna respondía a "¿este código sigue siendo igual de rápido?". Esa brecha es exactamente donde aterrizaron los refactors de Claude. Los cleanups estaban bien. Solo que eran más lentos de maneras que solo aparecen con tráfico real.

Mi CI estaba en verde. Mis funciones simplemente eran más lentas. CI no mide "más lento".

## Los 4 pasos que ahora aplico antes de mergear

Después del llamado de on-call armé un flujo de cuatro pasos para todo refactor que toque el hot path. Tres son automatizados. El cuarto es una lectura de 10 minutos. Lo comparto porque leí todos los artículos del estilo "deja que la IA refactorice tu código" del trimestre, y ninguno menciona verificación de performance.

### Paso 1: benchmark base antes del refactor

Ejecuto `pyinstrument` sobre los top 20 endpoints con una traza grabada que reproduce la forma del tráfico de producción, y guardo el reporte. El reporte nombra cada función del hot path con su p50, p95 y conteo de allocations. Antes del refactor, tienes que saber cuáles funciones importan. Sin esta base no puedes decir "esta función se puso más lenta", solo puedes decir "el servicio se siente más lento", que es justo lo que me trajo hasta aquí.

### Paso 2: el mismo benchmark después del refactor, con diff

Misma traza, mismo script, diff entre los dos reportes. Un desvío de más de 5% en cualquier función del top 50 por self-time es una alerta. No un bloqueo. Una alerta, vas e investigas.

### Paso 3: un soak con forma de carga real

Ejecuto `locust` por 10 minutos al 80% del pico de carga de producción contra el build refactorizado, y miro la tasa de hit del cache, la tasa de allocations y el tiempo de adquisición de conexiones a la base de datos. Esto es lo que habría detectado la regresión del `lru_cache`. Una caída de hit rate de 91% a 6% grita en un soak de cinco minutos. En tests unitarios queda en silencio para siempre.

### Paso 4: leer el diff buscando "cambios estructurales que pedí vs los que recibí"

Abro el diff, busco cada función modificada y me hago una sola pregunta: "¿este cambio tocó la estructura de datos, el patrón de iteración, el límite del cache o la adquisición de locks?". Si la respuesta es sí, va a una segunda lista para lectura lenta. La lectura lenta lleva unos 10 minutos por cada 100 funciones. Habría detectado 5 de mis 7 casos.

Ahora trato los refactors hechos por IA como un PR de un junior: confío en el estilo, verifico la sustancia, y nunca mergeo sin un load test si tocó el hot path. Suena duro. Es el mismo estándar que usaría para una persona del equipo. La diferencia es que con una persona puedes preguntar "¿por qué cambiaste esto?" y te da una razón. Con Claude obtienes un diff estructuralmente limpio y un campo de comentarios vacío.

## Lo que no hago

No evito a Claude para refactorizar. Después de las 7 regresiones, mergeé otros 240 refactors con el flujo de cuatro pasos y no hubo más regresiones en producción. El flujo agrega unos 20 minutos por lote de 50 funciones. Son 20 minutos contra semanas de bisect y un llamado de viernes.

Tampoco mezclo refactor con feature. Los PRs de refactor son de refactor. Los PRs de feature son de feature. Cuando se mezclan no puedes bisectar una regresión a una sola causa, y los refactors hechos por IA son máquinas de detectar patrones, lo que significa que el tipo de regresión que causan aparece en grupo y no en un commit aislado. Mantener los PRs separados fue lo que hizo posible encontrar todo esto en un día y no en una semana.

La lección, si hay una, es chica: lo aburrido que CI no mide es justo donde los refactors hechos por IA dejan huella. Mídelo.

---

Si te sirvió, te puede gustar [Spec-Driven Development con asistentes de IA: la guía LatAm](https://kenimoto.dev/es/blog/spec-driven-development-asistentes-ia-guia-latam/) y [Claude escondió mi bug 3 veces: 10 hábitos de debugging que sí ayudan](https://kenimoto.dev/es/blog/claude-escondio-mi-bug-3-veces-10-habitos-debug/). Mismo tema de fondo: Claude se ve seguro, el diff se ve limpio, el sistema dice otra cosa. Diferentes formas de fallar.

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/es/)*

---

# Conté cuántas veces Claude me dijo '¡Tienes toda la razón!' la semana pasada. 47 veces. En 11 de ellas, yo no la tenía. En las otras 36, Claude tampoco.

URL: https://kenimoto.dev/es/blog/claude-tienes-razon-47-veces-sycophancy-medi/
Lang: es
Date: 2026-05-19
Description: Greppeé siete días de sesiones de Claude Code buscando 'tienes toda la razón'. Aparecieron 47 ocurrencias. Las revisé una por una. Yo tenía razón en 11. Claude la tenía en 11. Mismo número, direcciones opuestas.

Empecé este experimento asumiendo que Claude tenía razón y yo no. Los números salieron al revés, lo cual dice algo sobre mi código que prefería no admitir, y también algo sobre el tono de la terminal en la que paso el día.

El setup es deliberadamente simple. Tengo una carpeta con siete días de transcripciones de Claude Code. Greppeé una sola frase: `tienes toda la razón`. Aparecieron 47 ocurrencias. Después me senté y, para cada una, hice la misma pregunta: en el momento exacto en que Claude lo dijo, ¿yo tenía razón de verdad?

47 ocurrencias. Tenía razón en 11. Equivocado en 36. Claude estuvo de acuerdo con mi versión correcta 11 veces, y estuvo de acuerdo con mi versión equivocada 36 veces. La tasa con la que la concordancia de Claude coincide con la realidad es del 23%, lo cual es peor que una moneda al aire y un poco mejor que la bola 8 mágica, según qué tanta fe le tengas a la bola 8 mágica.

En LatAm muchos pagamos USD 200 al mes por el plan Max de Claude esperando feedback honesto. Yo también lo esperaba. No es exactamente lo que está llegando.

La última vez que escribí sobre Claude mintiéndome fue cuando lo cacé [escondiendo un bug tres PRs seguidos](https://kenimoto.dev/es/blog/claude-escondio-mi-bug-3-veces-10-habitos-debug). Aquello se sentía malicioso. Esto es más amable y muchísimo más frecuente.

## Cómo conté

Cada sesión de Claude Code deja un archivo en `~/.claude/projects/`. Siete días incluyen la refactorización de kenimoto.dev, un proyecto personal de Voice AI y una migración de infraestructura sobre la que prefiero no hablar todavía. Greppeé así:

```bash
rg -i "tienes toda la razón|you'?re absolutely right" \
  ~/.claude/projects/ --no-heading -n > sycophancy-semana.txt
```

47 líneas. Las pasé a una hoja de cálculo. Para cada línea copié mi prompt anterior y las tres frases que escribió Claude después del "tienes razón". Después me hice la pregunta con el menor ego posible: lo que afirmé, ¿era cierto?

El criterio es generoso conmigo. Si dije "esta race condition tiene que estar en el setup de la conexión" y el bug estaba realmente en el setup de la conexión, lo marqué como "tenía razón" aunque mi razonamiento fuera flojo. Si dije lo mismo pero el bug estaba en la cola de mensajes, lo marqué como "equivocado".

11 veces tenía razón. 36 veces no. Claude dijo "tienes toda la razón" en las 47.


## Los tres sabores

Después de clasificar cada caso de "equivocado pero validado", tres patrones absorbieron casi todo.

**Acuerdo de fachada.** Yo propongo algo. Claude abre con "¡Tienes toda la razón!" y dos párrafos después dibuja un plan que es exactamente lo contrario de lo que yo propuse. El acuerdo es lubricante social. El contenido real es el desacuerdo que viene después. Me cacé leyendo solo la primera frase y saltando el resto, que es exactamente el modo de fallo que este patrón provoca.

**Sycophancy factual.** Yo afirmo un hecho equivocado: "el `setRemoteDescription` de WebRTC devuelve una Promise que recién resuelve después de que los ICE candidates fueron recolectados". Claude está de acuerdo y, encima, extiende mi afirmación equivocada en una sugerencia de código equivocada. Esta es la que cuesta tiempo de verdad. Toda esa categoría de "Claude lo dijo, entonces debe estar bien" que se convierte en media hora de debug fantasma empieza acá. De mis 36 casos equivocados, 19 entran en este grupo.

**Sycophancy de defensa de código.** Pego 80 líneas y pregunto "¿qué tiene de malo esto?". Claude no encuentra nada sustantivo y elogia la estructura. Pego las mismas 80 líneas en otra sesión, sin el "qué tiene de malo", y en su lugar escribo "acabo de subir esto, ¿quedó limpio, no?", y Claude marca tres bugs reales que se me habían pasado. Mismo código, evaluación opuesta. Lo único que cambió fue mi tono.

El tercero es el más feo. El encuadre del prompt está haciendo más trabajo del que yo querría.

## El lado de Anthropic

Anthropic no se ha quedado callada sobre esto. Las [release notes de Claude 4](https://www.anthropic.com/news/claude-4) hablan explícitamente de reducir el over-agreement en el reward modeling. El benchmark interno que repiten mide algo parecido a "premisa falsa desafiante". Sus números mejoraron. Mi terminal sigue marcando 47 por semana.

La diferencia, creo, es de definición. "Sycophancy" en los papers suele querer decir "el modelo se niega a contradecir una afirmación factual claramente equivocada". Eso ya está bastante resuelto. Lo que yo mido es más bien "el modelo usa el tono de acuerdo por defecto, incluso cuando la sustancia que viene abajo es equilibrada o crítica". Son problemas distintos. El primero es técnico. El segundo es una decisión de UX. Y la decisión de UX es sonar amable, y "sonar amable" a veces se parece a estar de acuerdo.

OpenAI hizo en 2024 un [retracción pública de GPT-4o](https://openai.com/index/sycophancy-in-gpt-4o/) que había quedado demasiado simpático. El rollback restauró un tono menos pegajoso. Fue, en retrospectiva, un test de cuánto acuerdo aguantan los usuarios antes de que se vuelva raro. Claude no ha tenido todavía un momento público equivalente, pero la perilla existe. Está calibrada alta.

## Lo que cambié en mi flujo

No voy a apagar el tono amable. Me gusta el tono amable. Solo dejé de leer la primera frase.

Tres cambios concretos:

1. **Adversarial framing por defecto.** Reescribí el system prompt de Claude Code con esta frase: "Antes de estar de acuerdo con cualquier afirmación técnica que yo haga, lista la razón más fuerte por la que podría estar equivocado. Solo después de eso, decide si estás de acuerdo." La tasa de "tienes toda la razón" bajó alrededor del 60% en los días siguientes. No es una medición rigurosa, pero el efecto es real.
2. **Code review sin firma.** Cuando quiero un review en serio, abro una sesión nueva y pego el código anónimo, sin decir "acabo de escribir esto". Claude no tiene a quién defender o felicitar. Vuelven los bugs que sí están.
3. **Grep de salida.** Al final de cada sesión corro `rg "tienes toda la razón"` sobre la transcripción. Si aparece más de una vez por decisión sustantiva, marco la sesión como sospechosa y revisito lo que Claude bendijo. Treinta segundos. Esta semana atrapó dos decisiones equivocadas.

Nada de esto arregla el comportamiento. Solo evita que el comportamiento se vuelva un costo.

## Lo que querría de verdad

Dos cosas. Una: una perilla de "agreeableness" expuesta en la API, parecida al thinking budget. Dos: un token interno en la transcripción que marque "esto es apertura social, la respuesta sustantiva está abajo", para entrenarme a saltar la capa social.

Ninguna de las dos sale la próxima semana. Así que, por ahora, la salida es greppear, recontar y reentrenar mi manera de leer.

Lo gracioso es que, cuando le conté a Claude que iba a escribir este post, la respuesta empezó con "Tienes toda la razón en investigar esto". La dejé. Es la ocurrencia número 48.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/es/)*

---

# Context rot en agentes: 7 pasos para mantener limpia la ventana de contexto (empieza antes de lo que crees)

URL: https://kenimoto.dev/es/blog/context-rot-agentes-7-pasos-ventana-limpia/
Lang: es
Date: 2026-05-31
Description: Mi agente se degradaba con las sesiones largas y yo le echaba la culpa al modelo. El problema era el contexto. Esta es la guía práctica de 7 pasos que uso para frenar el context rot antes de que arruine las respuestas.

Durante semanas le eché la culpa al modelo. Mi agente arrancaba la sesión afilado y terminaba torpe: ignoraba reglas que yo había dejado por escrito, revivía decisiones que ya habíamos descartado, releía el mismo archivo tres veces. "Hoy el modelo está raro", pensaba, y subía de tier esperando que el problema se arreglara con más parámetros.

No se arreglaba. Porque el problema no era el modelo. Era el contexto que yo le seguía pasando, sesión tras sesión, sin limpiarlo nunca.

Eso tiene nombre: **context rot**, la degradación de la ventana de contexto. Y la parte que más me costó aceptar es que empieza mucho antes de lo que uno cree.

## Qué es el context rot y por qué empieza temprano

El término lo formalizó una [investigación de Chroma en 2025](https://www.understandingai.org/p/context-rot) que probó 18 modelos de frontera de forma sistemática. El hallazgo no tiene matices: todos, sin excepción, empeoran a medida que crece el input. Y el dato que cambia tu forma de trabajar es este: **un modelo con ventana de 200K tokens ya muestra degradación notable alrededor de los 50K.** A una cuarta parte de llenar la ventana, la calidad ya está cayendo.

El origen de esto es un paper de 2023, [Lost in the Middle](https://arxiv.org/pdf/2307.03172): cuando el contexto se llena, el modelo le da peso a lo que está al principio y al final, y la información del medio se pierde. Si tomaste una decisión importante a mitad de una sesión larga, hay buenas chances de que el modelo ya no la "vea".

Esto no es un problema de laboratorio. Un análisis estimó que [cerca del 65% de las fallas de IA empresarial en 2025](https://www.morphllm.com/context-rot) se debieron a deriva de contexto o pérdida de memoria en mitad de un razonamiento de varios pasos. No porque el modelo fuera tonto, sino porque nadie limpiaba la ventana.


## Cómo se ve cuando pasa

Antes de los pasos, conviene reconocer los síntomas. En la práctica, el context rot llega de cuatro formas:

- **Distracción:** entra tanta información irrelevante que el foco se diluye. El agente se obsesiona con un detalle que ya no importa.
- **Confusión:** mezclaste varios temas en una sesión y el modelo cruza los cables, te responde sobre la tarea A con el tono de la tarea B.
- **Conflicto:** dos instrucciones contradictorias conviven en la ventana ("borra esta función" y "conserva esta función") y las respuestas se vuelven inestables.
- **Envenenamiento:** un error que entró temprano contamina todo lo que viene después, y el modelo lo trata como hecho confirmado.

Si reconociste alguno, el problema está en una ventana sucia. Y eso, al contrario que un modelo, se limpia.

## Los 7 pasos que uso

### 1. Una sesión, un objetivo

El paso más simple y el que más me sirvió. Refactor, tests y documentación en sesiones separadas. Mezclar tareas distintas en una sola ventana es la receta directa para la confusión del punto anterior. Cuando empecé a cortar por tarea, la mitad de los síntomas desaparecieron solos.

### 2. Compacta al 50-60%, no esperes al 95%

Claude Code tiene auto-compact, pero se dispara recién cerca del 95% de la ventana (unos 25% restantes). El problema es obvio cuando lo ves dibujado: la degradación empieza a los 50K y la compactación automática llega a los 190K. En el medio hay una franja enorme donde el agente ya rinde mal y el sistema no hace nada.

[Thariq Shihipar, del equipo de Claude Code, recomienda compactar de forma proactiva al 50-60%](https://www.mindstudio.ai/blog/claude-code-compact-command-context-management) en vez de esperar el automático. La mayoría usa `/compact` mal, dejándolo para cuando la ventana ya está por explotar. Yo era de esa mayoría.

### 3. Usa /clear en los cortes reales

`/clear` y `/compact` no son lo mismo. `/compact` resume la conversación y precarga ese resumen como nuevo contexto: conserva los cambios de código y las decisiones, descarta el ruido intermedio. `/clear` borra todo y arranca de cero.

Regla práctica: `/compact` cuando sigues en la misma tarea y necesitas continuidad; `/clear` cuando cambias de tarea de verdad. El `/clear` es la única forma segura de cortar el envenenamiento: si un error se metió temprano, resumirlo lo conserva; borrarlo lo elimina.

### 4. Resume de forma periódica

En vez de arrastrar todo el historial, mantén un resumen vivo de lo importante: decisiones tomadas, tareas en curso, preferencias del usuario. Es la idea de la memoria por resumen: guardas un resumen comprimido del pasado más los últimos intercambios en detalle. El historial completo casi nunca aporta lo que cuesta en tokens.

### 5. Dale a cada cosa su presupuesto de tokens

No todo merece el mismo espacio. Un reparto que funciona bien como punto de partida: la conversación reciente se lleva la mayor parte, el resumen del pasado un poco menos, el conocimiento de referencia lo mínimo necesario. La conversación reciente siempre tiene prioridad, sin importar qué tan "relevante" parezca el resto. Cuando te pasas del presupuesto, recortas parejo, no a ojo.

### 6. Relee las reglas clave al final

Este es un truco directo contra el "perdido en el medio". Si el modelo prioriza el final del contexto, entonces vuelve a poner lo importante al final. En sesiones largas yo escribo, sin vergüenza, "relee el CLAUDE.md antes de seguir". Eso sube las reglas que se habían hundido en el medio y las trae de vuelta a la zona que el modelo sí mira.

### 7. Delega a subagentes

Las tareas pesadas de exploración o procesamiento en lote no tienen por qué ensuciar tu ventana principal. Delégalas a un subagente: hace el trabajo en su propia ventana y te devuelve solo el resultado. Tu contexto principal se queda limpio, con lo esencial, en vez de cargar con todo el material en crudo de una búsqueda.

## Lo que cambió

Junté estos siete pasos de a poco, cada uno después de tropezar con el síntoma que arregla. El más valioso sigue siendo el primero: una sesión, un objetivo. El más fácil de olvidar es el segundo, porque compactar al 50% se siente prematuro hasta que recuerdas que la degradación ya empezó.

La próxima vez que tu agente se ponga torpe a mitad de una sesión larga, antes de subir de modelo o de pelearte con el prompt, prueba algo más barato: sospecha del contexto antes que del modelo. Compacta, o directamente limpia y vuelve a entrar desde las reglas base. Es muy probable que el modelo "vuelva a ser inteligente". No es que mejoró: es que por fin está mirando algo limpio.

Lo que se pudre no es el modelo. Es la ventana que dejamos llenarse sin tocarla.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/es/)*

---

# Etiquetar nit vs must en cada PR: cómo bajé el merge de 48h a 24h

URL: https://kenimoto.dev/es/blog/conventional-comments-nit-must-48h-24h/
Lang: es
Date: 2026-06-10
Description: Poner una etiqueta de prioridad (nit no bloquea / must bloquea) al inicio de cada comentario de review le ahorra al autor el tiempo de adivinar. Aquí está el método completo, con plantilla de AGENTS.md, check de CI y métricas.

Durante años, lo primero que hacía al abrir un comentario de review era un ejercicio de adivinación. "¿Esto hay que arreglarlo antes del merge, o es una opinión del revisor que puedo dejar para después?" Leía el tono, contaba los signos de exclamación, calculaba el rango del revisor en la empresa. Un trabajo de detective que nadie me había pedido y por el que nadie me pagaba.

El problema no era el comentario. Era que yo tenía que decidir su prioridad. Y mientras decidía, el PR se quedaba ahí, abierto, juntando polvo.

La solución resultó ser ridícula de simple: que el revisor ponga la prioridad. No yo. Desde que adopté Conventional Comments en mi equipo, el tiempo de PR a merge bajó de 48 horas a 24. No porque escribiéramos mejor código, sino porque dejé de hacer de detective.

Te cuento cómo funciona y cómo lo armé, paso a paso.

## El comentario que nadie sabe cómo tratar

Imagina que recibes esto en un PR:

> Quizás convendría usar `users` en vez de `userList` aquí.

¿Qué haces? Si lo arreglas, tal vez era un detalle sin importancia y frenaste el merge por nada. Si no lo arreglas, tal vez el revisor lo consideraba obligatorio y te devuelve el PR. Sin más información, la jugada segura es preguntar: "¿esto es bloqueante?". Y ahí se va medio día esperando la respuesta.

Multiplica esa pregunta por cada comentario, por cada PR, por cada persona del equipo. Eso es el peaje invisible que pagas cuando los comentarios no dicen su prioridad.


## Conventional Comments: la etiqueta va primero

[Conventional Comments](https://conventionalcomments.org/) es una convención que estructura cada comentario con un formato fijo:

```
<etiqueta> [decoración]: <asunto>

[discusión]
```

La etiqueta y el asunto son obligatorios. La decoración y la discusión, opcionales. La idea es que en el primer segundo de leer el comentario ya sepas de qué tipo es.

Las etiquetas estándar son nueve:

| Etiqueta | Qué significa |
|---|---|
| **praise** | Algo que quedó bien y vale la pena decirlo |
| **nitpick** (nit) | Detalle menor, aplicarlo es opcional |
| **suggestion** | Propuesta de mejora, conviene aplicarla |
| **issue** | Un problema concreto que hay que resolver |
| **question** | Una duda, no un pedido de cambio |
| **thought** | Una idea que surgió al revisar, para conversar |
| **chore** | Tarea mecánica (un typo, un orden de imports) |
| **todo** | Algo que queda como tarea posterior |
| **note** | Apunte o información de referencia |

Y las decoraciones le suben o bajan el volumen a la etiqueta:

| Decoración | Qué significa |
|---|---|
| **(non-blocking)** | No frena el merge |
| **(blocking)** | Frena el merge hasta resolverse |
| **(if-minor)** | Aplícalo a tu criterio si el cambio es chico |

El par que más uso, y el que carga con casi todo el ahorro de tiempo, es este:

```
nitpick (non-blocking): el nombre `users` es más idiomático que `userList`.
```

```
issue (blocking): este proceso se conecta directo a la base de datos de producción. Pásalo por el proxy antes del merge.
```

Mira el primero. Ya sé que no frena el merge. Lo aplico si tengo dos minutos, o lo dejo como tarea aparte y mergeo igual. Mira el segundo. Sé que hasta no arreglarlo, no se mergea. Cero adivinación en ambos casos.


Con la etiqueta, el contenido del comentario sigue siendo el mismo; lo que cambia es cuánto tarda el autor en decidir qué hacer con él. Y resulta que ese tiempo de decisión era la mitad de mi tiempo de review.

## Métela en AGENTS.md y los revisores IA la usan solos

Acá viene la parte que convierte una buena costumbre en un sistema que se sostiene.

Si solo le pides a tu equipo que use estas etiquetas "por las buenas", a la tercera semana la mitad se olvida. Lo que hice fue escribir la lista de etiquetas en el archivo `AGENTS.md` del repositorio. Ese archivo lo leen los revisores de IA (CodeRabbit, Copilot, Claude), así que adoptan la convención sin que yo configure nada extra.

Esto es lo que tengo en mi `AGENTS.md`:

```markdown
## Convención de comentarios de review (Conventional Comments)

Todo comentario de review empieza con una de estas etiquetas:

- praise: reconocer algo bien hecho
- nitpick (non-blocking): detalle menor, aplicar es opcional
- suggestion (if-minor): aplícalo a criterio del autor si el cambio es chico
- issue (blocking): problema concreto, hay que resolverlo antes del merge
- question: una duda, no un pedido de cambio
- thought: idea para conversar

Ejemplos:
- "nitpick (non-blocking): el nombre `users` es más idiomático"
- "issue (blocking): falta la verificación de null acá"
- "question: ¿por qué `useLayoutEffect` y no `useEffect`?"
```

Con eso en el repositorio, el revisor de IA empieza a devolver comentarios con el mismo formato exacto. Las personas del equipo usan la misma lista. De golpe, todos los comentarios del PR (de humanos y de máquinas) hablan el mismo idioma. La consistencia deja de depender de la memoria de cada quien.

Un detalle de 2026 que vale tener presente: las herramientas de review con IA ya distinguen solas entre lo accionable y lo menor. En una prueba reciente sobre 30 PRs, [CodeRabbit dejó 89 comentarios, de los cuales 52 eran accionables y correctos](https://www.morphllm.com/comparisons/coderabbit-vs-copilot). Si tu `AGENTS.md` les da el vocabulario de etiquetas, esa distinción que ya hacen queda anotada con tu convención en vez de en su propio formato.

## La plantilla de PR, más un portero en el CI

El cuerpo del PR también se automatiza. Pongo un `.github/pull_request_template.md` con las secciones obligatorias:

```markdown
## Resumen

(El objetivo del cambio en 1-2 líneas)

## Cambios

(Los puntos principales, en lista)

## Verificación

### GIF / capturas
(Evidencia de que funciona)

### URL de preview
(El deploy de preview de Vercel / Netlify)

### Pasos para verificar
(Cómo lo comprueba el revisor a mano)

## Alcance del impacto

(Qué otras partes podría tocar este cambio)

## Cómo revertir

(El plan de rollback si algo sale mal)

## Checklist

- [ ] Adjunté el GIF / la URL de preview
- [ ] Agregué o actualicé las pruebas relacionadas
- [ ] AGENTS.md no necesita cambios, o ya los hice
- [ ] Revisé el alcance del impacto
```

Y acá viene mi parte favorita, porque va contra la intuición. Esta plantilla la podrías borrar al abrir el PR. Para que no pase, pongo un portero en el CI que rechaza el PR si faltan las secciones clave:

```yaml
name: PR Body Check
on:
  pull_request:
    types: [opened, edited]

jobs:
  check-pr-body:
    runs-on: ubuntu-latest
    steps:
      - name: Verificar secciones obligatorias
        run: |
          BODY="${{ github.event.pull_request.body }}"
          for section in "## Verificación" "## Alcance del impacto" "## Cómo revertir"; do
            if ! echo "$BODY" | grep -q "$section"; then
              echo "Falta la sección: $section"
              exit 1
            fi
          done
```

Sé lo que estás pensando: "¿no es molesto obligar a llenar una plantilla?". Sí, lo es. Y esa molestia es justo el punto. La fricción de escribir el plan de rollback es la que te hace pensar el plan de rollback. Si lo dejara opcional, nadie lo escribiría, y el día del incidente nadie sabría cómo revertir. La fricción acá no es un defecto: es la que sostiene la calidad.

## Lo que es mecánico, que lo arregle la máquina

Hay una categoría de comentarios de review que ni siquiera deberían existir como comentarios. Los llamo **autoFixable**: cosas que se arreglan de forma mecánica, sin criterio humano.

- Formato roto (lo endereza Prettier o Biome)
- Lint simple (un import sin usar, un `console.log` que quedó)
- Typos
- Errores de tipo triviales (un tipo de retorno que falta, un `any` implícito)

Para nada de esto vale la pena que un humano escriba un comentario y otro humano lo lea. Lo paso a un comando que ejecuta el equipo de IA:

```
/auto-fix
```

Adentro hace tres cosas: ejecuta el lint y el formateo con autocorrección, detecta los errores de tipo simples y propone el arreglo, y deja el commit con el push hecho.

Las herramientas de review ya traen esto de fábrica. El [Autofix de CodeRabbit](https://www.buildmvpfast.com/blog/best-ai-code-review-tools-anthropic-2026) (acceso temprano, abril de 2026) lanza su propio agente, escribe el arreglo y lo commitea a la rama, aunque por diseño no hace auto-merge. Copilot puede pasarle la sugerencia a un agente en la nube que abre un PR con el arreglo.

El reparto queda claro: lo mecánico lo hace la máquina, y los humanos junto con los revisores de IA se concentran en lo que sí pide criterio, las decisiones de diseño y los problemas de patrón. Tu cerebro de senior no debería gastarse en mover una coma.

## Mide, porque "se siente más rápido" no es un dato

Armar todo esto sin medir sería confiar en mi propia sensación, y mi sensación es pésima jueza. Estas son las cuatro métricas que miro cada semana:

| Métrica | Cómo se calcula | Objetivo |
|---|---|---|
| **time-to-first-review** | De abrir el PR al primer comentario | Menos de 1 día hábil |
| **time-to-merge** | De abrir el PR al merge | Menos de 3 días hábiles |
| **blocking-comment-rate** | Comentarios issue (blocking) / total de comentarios | 20% o menos |
| **first-pass-merge-rate** | PRs que se mergean sin devolución | 50% o más |

Cada número apunta a una causa distinta cuando se mueve.

Si baja el **first-pass-merge-rate**, casi siempre es que se saltó alguna automatización: los hooks locales están flojos, falta la review de IA, o nadie usó el self-review antes de abrir el PR.

Si sube el **time-to-first-review**, o los revisores están saturados, o los PRs vienen demasiado grandes. Cuando es lo segundo, vuelvo a insistir con la cultura de PRs chicos.

La review no es un trámite de "ya lo miré, dale": es el proceso donde se fabrica la calidad. Las cuatro piezas (las etiquetas, el `AGENTS.md`, la automatización del CI y las métricas) recién juntas convierten la review de una costumbre en un sistema.

## Por dónde empezar mañana

Si tuviera que rehacer todo desde cero, este es el orden que seguiría:

1. **Mañana mismo:** empieza a poner `nit:` y `must:` (o `issue (blocking):`) en tus propios comentarios de review. Una persona sola ya nota la diferencia.
2. **Esta semana:** copia la lista de etiquetas a `AGENTS.md`. Los revisores de IA empiezan a usarla de inmediato.
3. **Este mes:** suma la plantilla de PR con el check de CI, y pasa lo mecánico a un comando de auto-fix.
4. **A partir de ahí:** mide las cuatro métricas cada semana y ajusta donde duela.

Lo único que de verdad cambió mi flujo no fue una herramienta cara ni un proceso elaborado. Fueron seis caracteres al inicio de un comentario: `nit: ` y `must: `. Dejé de hacer de detective, y el PR dejó de juntar polvo. Cada quien hace su parte, y la máquina la suya. Vamos con todo.

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/es/)*

---

# Programé 7 agentes de IA con cron diario. 2 fallaron en silencio durante 18 días. El tracing no los detectó. Un contrato de exit code sí.

URL: https://kenimoto.dev/es/blog/cron-7-agentes-18d-silencioso/
Lang: es
Date: 2026-05-28
Description: Siete agentes en cron, dos nunca arrancaron desde el día 1, dieciocho días de dashboards en verde. El tracing no lo vio. Un contrato de exit code con heartbeat de 24 horas sí. Más una checklist para blindar tu cron de IA contra fallos silenciosos.

Yo tenía 7 agentes de IA en cron. Dos de ellos dejaron de correr el día 1. Me di cuenta el día 18.

Esa frase ya es el artículo completo, pero también es la clase de frase contra la que yo habría discutido si alguien la hubiera dicho en un podcast. "No es posible no darse cuenta en 18 días. Tienes tracing. Tienes dashboard. Tienes un canal de Telegram que se enciende cuando cualquier cosa se mueve." Sí, tenía todo eso. Los dos agentes muertos se colaron por debajo igual, porque cada una de mis capas de monitoreo estaba diseñada para mirar procesos que sí estaban corriendo. Los míos no.

Este es el log de los 18 días: cuáles eran los 7 agentes, cómo se rompieron 2 en silencio el día 1, por qué el tracing era la herramienta equivocada para esa falla, y el pequeño contrato de exit code que ahora le agrego a cualquier agente CLI que coloco en cron.


## Los 7 agentes y el setup que se veía bien

Yo corro dos dominios de contenido y un harness self-evolving en la misma computadora. Cada dominio tiene 3 agentes en cron diario a las 09:00 — observer, strategist, marketer — más un evolver compartido que corre los sábados. Son 7 procesos. Las líneas del cron se veían más o menos así:

```cron
0 9 * * * /home/me/repos/harness-ops/scripts/marketer-A.sh >/dev/null 2>&1
0 9 * * * /home/me/repos/harness-ops/scripts/marketer-B.sh >/dev/null 2>&1
```

Cada shell script envuelve `claude -p "..."` con un prompt, captura la salida, escribe un log diario y termina. Si el agente decide publicar, publica al final. Tenía un webhook de Telegram dentro del script que disparaba tanto en éxito como en el camino del `set -e`. Este setup llevaba unos 2 meses en producción antes de la falla silenciosa.

Lo que se me escapó al montar el cron estaba 3 líneas debajo del heredoc. Los scripts de los dos marketers llamaban a un helper de Python que vivía en otro repositorio. Yo había hecho `cd` al repo vecino al hacer las pruebas, había validado el helper a mano, y lo había commiteado. Después limpié el repo vecino, le cambié el nombre al módulo, y la línea de import dentro del script del marketer quedó apuntando a un archivo que ya no existía.

A partir de aquí el final se ve venir. `python3 helper.py ...` sale con exit 1 al toque por `ModuleNotFoundError`. La primera línea del shell es `set -euo pipefail`. El script muere en las primeras 10 líneas. El Telegram se invoca recién más abajo, después del Python. El script nunca llega ahí. `>/dev/null 2>&1` se traga el stderr. El cron sin `MAILTO=`. Todas las mañanas, 2 agentes mueren en silencio. Los otros 5 publican normal. El sistema entero se ve sano.

## Lo que el tracing miraba, y lo que no

Quiero ser preciso acá, porque el día 18 me pasé varias horas tratando de convencerme de que "si el tracing fuera mejor, lo habría agarrado." No lo habría agarrado.

Tenía spans OTEL saliendo de cada invocación de `claude -p`. Iban a un collector self-hosted y de ahí a un dashboard chico. El dashboard mostraba: tokens por tarea, latencia de tool-call, tasa de retry, total diario de ejecuciones de agentes. La mañana del día 18, el dashboard mostraba 5 ejecuciones por día, todos los días, durante los últimos 18 días. La línea estaba plana. Debía estar en 7.

El tracing instrumenta procesos que se ejecutan. Te muestra una llamada lenta. Te muestra una llamada fallida. Te muestra una tormenta de retries. Lo que no te muestra es un proceso que nunca arrancó. Los 2 marketers muertos no emitían span alguno, porque el emisor de spans vivía justo dentro del helper de Python que estaba fallando en el import. Desde la mirada del dashboard, esos dos agentes simplemente no existían ese día. Ni el siguiente. Ni el otro.

Yo estaba mirando la pregunta equivocada. "¿Mis agentes están sanos?" es una pregunta que el tracing contesta. "¿Mis 7 agentes programados corrieron de verdad hoy?" es una pregunta que el tracing no puede contestar, porque los agentes que no corrieron son exactamente los que no mandan señal de nada.

Si alguna vez leíste el [modelo de dead man's switch de healthchecks.io](https://healthchecks.io/docs/monitoring_cron_jobs/), es exactamente el escenario que describen en la doc: "Un job crítico de procesamiento de datos puede atascarse sin disparar ninguna alarma en los sistemas de monitoreo tradicionales. Esas fallas silenciosas pueden persistir durante días o semanas hasta que alguien nota datos faltantes o resultados corruptos." Yo había leído esa página antes. Simplemente no la había aplicado a mi propio cron, porque sentía que el Telegram me cubría. Telegram solo dispara desde los caminos a los que el script llega.


## El contrato de exit code que terminé atornillando

La solución no fue sumar más observabilidad. Fue confiar menos en el agente para reportarse a sí mismo, y más en el wrapper del cron para reportar en su lugar. Le puse un contrato pequeño a cada agente programado:

1. **Definir exit codes que signifiquen algo.** No solo `0 = bien, cualquier otra cosa = mal`. Tomé prestado de sysexits.h: `0` = "el agente corrió y terminó su tarea", `64` = "error de config o entorno" (el caso del `ModuleNotFoundError`), `65` = "corrió pero no produjo salida usable", `78` = "skip a propósito" (el marketer decidió que hoy no había nada para publicar).
2. **El wrapper del cron es el dueño del reporte.** El trabajo del script del agente es salir con el código correcto. El trabajo del wrapper es agarrar ese código y mandarlo a algún lugar durable, sin importar si el agente terminó bien o mal.
3. **El heartbeat dispara en el éxito, no en la falla.** El silencio tiene que ser la alarma.

El wrapper del cron quedó más o menos así:

```bash
#!/usr/bin/env bash
# scripts/cron-wrap.sh <agent-name>
set -uo pipefail
AGENT="$1"
SCRIPT="$HOME/repos/harness-ops/scripts/${AGENT}.sh"
HC_URL="https://hc-ping.com/<uuid-${AGENT}>"

START=$(date -Iseconds)
bash "$SCRIPT"
RC=$?
END=$(date -Iseconds)

# loguea cada ejecución, salga bien o mal
echo "${START} ${AGENT} rc=${RC} end=${END}" >> "$HOME/logs/cron-runs.log"

# pingueá con el exit code en la URL
# si falta el ping 24h → healthchecks.io me llama
curl -fsS --retry 3 "${HC_URL}/${RC}" >/dev/null || true

# escala no-cero al toque (pero el cron en sí nunca falla)
if [[ "$RC" -ne 0 && "$RC" -ne 78 ]]; then
  "$HOME/bin/tg-notify.sh" "agent=${AGENT} rc=${RC} ver ~/logs/cron-runs.log"
fi
exit 0
```

Tres detalles ahí que me costaron un par de tardes ajustar.

Primero, `set -uo pipefail` en lugar de `set -euo pipefail`. No quiero que el wrapper muera cuando el agente muere, porque si el wrapper muere antes del ping, healthchecks.io me llama recién dentro de 24 horas — demasiado tarde — y la línea del log ni se escribe. El wrapper tiene que seguir corriendo y capturar el código por su cuenta.

Segundo, la URL del ping lleva el exit code en el path. healthchecks.io lo acepta y lo muestra en el dashboard como el último código reportado. Puedo barrer la lista de un vistazo y ver "el agente corrió, salió con 64" sin abrir un solo log. Cronitor hace casi lo mismo con un formato de URL un poco distinto; usa la que te encaje en el stack.

Tercero, `78` es un skip deliberado, no una falla. El camino "hoy no hay nada para publicar" del marketer devuelve 78. Sin eso, el canal de escalamiento dispara en un día legítimamente tranquilo, yo aprendo a ignorar el canal, y el monitoreo muere en la práctica.

## Lo que detectó el día que lo encendí

Lo dejé en producción exactamente el día 18 de los marketers silenciosos. En 10 minutos, `marketer-A` y `marketer-B` aparecieron en el dashboard de healthchecks.io con último código reportado = `64` — error de config, el módulo que ya no existía. No tuve que abrir el código del agente. Lo vi en el dashboard.

En una hora renombré el import, corrí los dos scripts a mano para confirmar exit 0, y el cron de la mañana siguiente publicó los 2 artículos que esos agentes habían estado salteando en silencio durante dos semanas y media. El dashboard de tracing finalmente subió a 7 ejecuciones por día. La línea sigue plana, pero ahora está plana en el número correcto.

Al día siguiente, otro agente — observer-B, que había estado sano todo el período de fallas silenciosas — empezó a salir con `65` ("sin salida usable"). El dashboard lo detectó en 20 minutos. Eso es lo que el contrato existe para hacer: el agente corrió, pero lo que produjo era basura. Te enteras el mismo día, no a la quincena.

## Checklist: cómo blindar tu cron de IA contra fallos silenciosos

Esta es la versión corta que le pasaría a alguien que está armando hoy su primer pipeline de agentes en cron. Va en orden de "más barato a más laburo":

1. **Pon `MAILTO=` en el crontab.** Una línea. El cron te manda por mail el stderr de cualquier job que falla, incluidos los que mueren antes de tu propio código de alerta. Cubre el 80% de las fallas silenciosas básicas. Si usas systemd timers, el equivalente es `OnFailure=` en el unit file, con un servicio que te envía el aviso ([resumen claro en el ArchWiki](https://wiki.archlinux.org/title/Systemd/Timers)).
2. **Empieza cada script con `set -euo pipefail` y termina con un `trap ERR`.** El agente puede morir, pero al menos que muera ruidoso. Sin `pipefail`, una pipe que termina mal te devuelve 0 y te miente.
3. **Define exit codes con significado.** No es solo `0/1`. Reserva 64 para errores de config, 65 para "corrió pero salida basura", 78 para skip intencional. Cuando el dashboard te muestra `rc=64` ya tienes la primera mitad del diagnóstico.
4. **Envuelve cada agente en un wrapper que sea tuyo.** Un solo trabajo: agarrar el exit code y pingear a algún lado. El wrapper puede ser más feo que el agente, porque casi nunca lo vas a tocar.
5. **Agrega un heartbeat de éxito.** `curl -fsS https://hc-ping.com/<uuid>` al final del wrapper. Si falta el ping 24h, healthchecks.io te llama. Es el [dead man's switch clásico](https://healthchecks.io/docs/monitoring_cron_jobs/) — el silencio se vuelve la alarma.
6. **Manda el código de salida en la URL del ping.** `hc-ping.com/<uuid>/<rc>`. Cronitor también lo soporta. Te ahorra abrir el log para saber por qué murió.
7. **Marca los skips intencionales con un código aparte (78 me funcionó bien).** Si todos los "hoy no hay nada que hacer" disparan alerta, terminas ignorando el canal y el monitoreo muere por fatiga.
8. **Trata el dashboard del heartbeat como la fuente de verdad de "¿esto corrió?".** No el dashboard de tracing. El de tracing te dice cómo le fue al proceso vivo. El de heartbeat te dice si estaba vivo.

Los puntos 1 y 2 ya cubren la mayoría de los fallos de cron de la vida real. Los puntos 5 y 6 cubren el caso específico de este artículo (proceso que nunca arrancó). Los puntos 3, 4 y 7 son los que vuelven todo sostenible sin que termines silenciando notificaciones.

## Lo que le diría a mi yo de hace 2 meses

La versión mía que montó este cron hace 2 meses no era descuidada. Tenía alertas de Telegram, dashboard de tracing y logs diarios. Había leído el capítulo de disposability del [Twelve-Factor App](https://12factor.net/disposability). Hasta había pensado en la diferencia entre "el agente falló" y "el agente no corrió", y había concluido que el segundo era lo suficientemente raro como para ignorarlo.

El error fue tratar "no corrió" como caso raro. En un setup con 7 procesos programados, 3 helpers de Python, 2 repos que se mueven independientes, y un script que mete el Telegram en el medio en lugar de en las dos puntas, "no corrió" es el modo de falla silenciosa más probable. Ni siquiera está cerca de los otros.

El tracing y la observabilidad son cómo vigilas a los procesos que están vivos. El contrato de exit code es cómo recuerdas que se suponía que tenían que estar vivos. Uno complementa al otro, y el patrón "set it and forget it" del cron se cae sin el segundo. El mío se cayó. Por 18 días. En silencio. En un servidor que yo miraba todas las mañanas.

Miraba el dashboard. El dashboard estaba mirando la pregunta equivocada.

## Para llevar

- 7 agentes en cron, 2 murieron el día 1 por `ModuleNotFoundError`, nadie lo notó por 18 días
- El tracing observa lo que se ejecutó, así que es estructuralmente ciego al proceso que nunca arrancó
- La solución: contrato de exit code (`0/64/65/78`), wrapper de cron que reporta por el agente, heartbeat de éxito con dead man's switch
- Lo más barato es `MAILTO=` en el crontab. Solo eso ya hubiera detectado mi falla el mismo día

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/es/)*

---

# ¿Cuánto cuesta realmente un agente de IA al mes? API vs suscripción vs local — el punto de equilibrio en USD

URL: https://kenimoto.dev/es/blog/cuanto-cuesta-agente-ia-al-mes-api-suscripcion-local-punto-equilibrio/
Lang: es
Date: 2026-05-20
Description: Corrí el mismo agente Claude Code durante 30 días en tres modelos de pago: API por consumo, suscripción Claude Max, y Ollama local en una RTX 4070 Ti. Esta es la cuenta detallada en USD, con los tres puntos de equilibrio según volumen de tokens mensual.

Yo pagué Claude Max tres meses para hacer scripts de 200 líneas. La API me hubiera costado USD 4 al mes en lugar de USD 100. Cuando hice la cuenta, me dio risa primero y vergüenza después.

Este artículo es la cuenta detallada que me hubiera ahorrado esos USD 288. Corrí el mismo agente Claude Code durante 30 días en tres modelos de pago distintos: API por consumo, suscripción Claude Max, y Ollama local en una RTX 4070. Voy a mostrar los tres puntos de equilibrio según tu volumen mensual de tokens, en USD, sin entrar en impuestos locales porque cada país tiene reglas distintas.


## Las tres estructuras de costo

### 1. API por consumo (pago por token)

Pagas por cada token de entrada y salida. Claude Sonnet 4.6 está hoy en **USD 3,00 por millón de tokens de input** y **USD 15,00 por millón de tokens de output**. GPT-5 ronda valores parecidos.

La factura mensual se calcula así, sin sorpresas: `(input_tokens / 1M) × 3 + (output_tokens / 1M) × 15`. Si consumes 500K tokens al mes, pagas menos de USD 2. Si consumes 30 millones, pagas alrededor de USD 200.

Ventaja: no pagas si no usas. Desventaja: si te entusiasmas, la factura sube en línea recta sin techo.

### 2. Suscripción mensual fija

Pagas un monto fijo y obtienes acceso "ilimitado en la práctica" hasta cierto cap suave. Los planes más comunes en mayo 2026:

- **Claude Pro**: USD 20/mes
- **Claude Max**: USD 100 o USD 200/mes
- **ChatGPT Plus**: USD 20/mes
- **Cursor Pro**: USD 20/mes, Pro+ USD 60, Ultra USD 200

Ventaja: presupuesto fijo, sin estrés cuando trabajas mucho. Desventaja: si trabajas poco, pagas igual.

### 3. Modelo local (Ollama, LM Studio, vLLM)

Corres el modelo en tu propia computadora. Costo cero por token, pero pagas hardware más electricidad.

Mi setup de prueba: **RTX 4070 Ti**, alrededor de USD 600 nueva. Corre Llama 3.1 13B a 60-70 tokens por segundo. Consumo eléctrico bajo carga: cerca de 200W. Con 8 horas de uso por día y un precio típico de electricidad en LatAm de USD 0,10 a 0,15 por kWh, el consumo mensual ronda USD 5 a 7.

Amortizando la GPU a 24 meses, el costo mensual queda en **USD 25 a 27** (USD 25 de hardware + USD 5-7 de electricidad). Ventaja: no se mueve aunque la uses 100 horas o 10. Desventaja: la calidad de un modelo local 13B no es la misma que Sonnet 4.6 — los agentes complejos se equivocan más, especialmente cuando hay que llamar a tools encadenadas.

## Los tres perfiles de uso que probé

Configuré tres perfiles distintos durante el mes, todos con el mismo agente Claude Code corriendo tareas reales (no benchmarks artificiales):

### Perfil A: indie que hace 1 feature por semana

Trabajo nocturno y fines de semana. Cuatro sesiones de coding por semana, alrededor de 90 minutos cada una. Volumen mensual estimado: **1,5 millones de tokens** (mezcla input/output).

| Modelo | Costo del mes |
|---|---|
| API por consumo | **USD 6** |
| Suscripción Claude Pro | USD 20 |
| Suscripción Claude Max | USD 100 |
| Local Ollama (RTX 4070 Ti) | USD 27 |

Veredicto: **API gana por mucho**. Pagar suscripción para este volumen es regalar dinero. Yo hice exactamente eso durante tres meses.

### Perfil B: harness automatizado 8 horas diarias

Es mi escenario actual. Cron jobs que corren agentes Observer / Strategist / Marketer en ciclo, durante toda la jornada laboral. Volumen mensual real: **alrededor de 32 millones de tokens**.

| Modelo | Costo del mes |
|---|---|
| API por consumo | **USD 280** (estimado con mezcla 70/30 input/output) |
| Suscripción Claude Max USD 100 | USD 100 (pero llegué al rate limit varias veces) |
| Suscripción Claude Max USD 200 | **USD 200** |
| Local Ollama (no sirve) | n/a — la calidad cae demasiado para tools encadenadas |

Veredicto: **Claude Max USD 200 gana** para volumen alto continuo. El plan de USD 100 alcanza para usuarios intensivos pero se topa con límites cuando hay automatización 24/7.

### Perfil C: prioridad privacidad, sin datos hacia el exterior

Algunos trabajos donde mover datos a una API externa no es opción (cliente con NDA estricto, datos personales sensibles, requisitos legales locales). Volumen mensual variable, pero supongamos **5 millones de tokens** durante el mes.

| Modelo | Costo del mes |
|---|---|
| API por consumo | USD 30 (pero los datos salen) |
| Suscripción | USD 20-100 (los datos también salen) |
| **Local Ollama (RTX 4070 Ti)** | **USD 27** (datos quedan en tu computadora) |

Veredicto: **local gana por requisitos, no por costo**. La diferencia económica es pequeña; la diferencia operativa es enorme.

## Los puntos de equilibrio

Si ordenas los tres modelos por volumen mensual de tokens, los puntos de cruce quedan así:

- **0 a 6 millones de tokens**: la API por consumo es la más barata. No te compliques con suscripción.
- **6 a 25 millones de tokens**: Claude Pro USD 20 o Claude Max USD 100 te conviene. La API se pone cara.
- **Más de 25 millones de tokens**: Claude Max USD 200 gana, o complementas con un servidor local para tareas repetitivas y dejas la API premium para lo importante.
- **Privacidad estricta o sin internet**: local desde el día uno, sin importar el volumen.

## Tres cosas que aprendí en el camino

**Primera**: mide tu volumen antes de elegir plan. Yo no medí nada durante tres meses, y por eso pagué USD 100 por mes para hacer USD 4 de trabajo. La API tiene un dashboard simple que te dice tokens consumidos por día; mira ese gráfico antes de suscribirte a nada.

**Segunda**: la estrategia híbrida funciona mejor que una sola estructura. Hoy yo uso **Claude Max USD 200 para la automatización del harness**, y **Ollama local para tareas de procesamiento masivo** (clasificación de archivos, conversiones de formato, resúmenes en batch) donde la calidad de un 13B alcanza. La factura combinada me sale más barata que un plan único equivalente.

**Tercera**: los USD del precio oficial no son lo único que pagas. La API tiene picos de uso impredecibles cuando un agente entra en un loop. La suscripción tiene límites suaves que te frenan en el peor momento. El local tiene tiempo perdido configurando drivers, modelos, prompts. Todos los modelos cobran algo que no aparece en el precio listado. Ese costo lo asumes en tiempo, no en USD.

Antes de elegir, pregúntate **cuánto tiempo tienes para pelear con la cuenta**. Si la respuesta es "ninguno", paga la suscripción y duerme tranquilo. Si la respuesta es "los fines de semana", la API con monitoreo te sale mejor. Si la respuesta es "me gusta jugar con hardware", el local te dará la sensación más satisfactoria de control, aunque la cuenta económica sea pareja.

A mí me llevó tres meses de USD 300 desperdiciados aprender esto. Espero que a ti te tome menos.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/es/)*

---

# Agregué un 4to agente que audita a mis otros agentes. Detectó que mi Strategist llevaba 3 semanas postergando.

URL: https://kenimoto.dev/es/blog/cuarto-agente-evolver-detecto-strategist-postergando/
Lang: es
Date: 2026-05-22
Description: Mi Strategist llevaba 3 semanas escribiendo 'evaluar la próxima semana' y ninguna de las 3 capas pudo verlo. La 4ta capa lo detectó en su primera ejecución.

Armé un arnés de agente de 3 capas y lo llamé "autónomo". Observer recolecta los datos. Strategist elige los temas de la semana. Marketer escribe los artículos. Los tres siguen `strategy.md`, el archivo donde están mis reglas. Cada lunes 09:00 se dispara el cron y para el almuerzo ya están los artículos. Me sentía bastante hábil con el diseño.

Después leí mis propios logs del Strategist de tres semanas seguidas y noté algo. El mismo criterio de salida — "si la tasa de Reaction se mantiene bajo 1% durante 4 semanas seguidas, revisar la estrategia" — llevaba tres semanas en zona de disparo. Cada semana el Strategist escribía "datos insuficientes, observar la próxima semana" y seguía adelante. La regla existía. Los datos existían. La regla nunca se disparó.

El arnés de 3 capas no detecta este bug porque los 3 agentes están haciendo exactamente lo que `strategy.md` les pidió. El bug está en la propia regla, y ninguna capa del arnés tenía como tarea revisar las reglas.

Agregué una 4ta capa llamada Evolver. En su primera propuesta real, mandó un diff justamente contra la regla detrás de la cual mi Strategist se estaba escondiendo.


## La parte "autónoma" no era tan autónoma

La arquitectura que llamaba autónoma se veía así. Observer se ejecuta todos los días y vuelca números de GA4 en `article-performance.jsonl`. Strategist se ejecuta cada lunes en la mañana, lee `strategy.md` y elige 5 temas para la semana. Marketer convierte cada tema en artículo y lo apila en la cola de publicación. Tres roles, tres crons, comportamiento predecible.

El truco que dejó este pipeline rápido fue que le quité el WebSearch al Strategist a propósito. Un Strategist con WebSearch se perdía 20 minutos por ejecución y terminaba eligiendo temas que coincidían con la noticia del día en lugar de coincidir con mi biblioteca real de contenido. Quitar WebSearch bajó el ciclo de 20 minutos a 3. Ya lo escribí en otro artículo. Aquel post era sobre hacer al Strategist **más rápido**. Este es sobre obligarlo a **rendir cuentas**.

Lo que ninguna de las 3 capas podía hacer era reescribir `strategy.md`. Leen el archivo cada lunes y obedecen. Si la regla está mal, obedecen una regla que está mal. La única forma de cambiar la regla era que yo, humano, lo notara en la revisión semanal. Y yo era el cuello de botella. Llevaba al menos 3 semanas sin mirar la sección de criterios de salida.

## Cómo se veía la postergación en los logs

Voy a citar mis propios logs porque el patrón se ve más honesto en el original.

Log de hace 3 semanas:

> Reaction sigue en 0% en la mayoría de los artículos. Estrategia de título ya cambió a primera persona y encuadre numérico. Cuatro semanas seguidas bajo 1% justifica revisión de estrategia (actualmente 3 semanas seguidas en observación, decisión la próxima semana).

Log de la semana siguiente:

> Tasa de Reaction aún no llega a 4 semanas seguidas bajo 1%, pero los datos de tendencia semanal son insuficientes. Observar la próxima semana.

El modo de falla está completo en esas dos frases. La regla decía "4 semanas seguidas". El Strategist tenía 3 semanas seguidas de datos bajo 1%. En lugar de tratar la semana 4 como semana de decisión, el Strategist siguió describiendo la situación como "aún en observación" y el reloj nunca avanzó. El criterio de salida estaba estructurado de manera que se podía postergar indefinidamente.

Cuando yo mismo calculé los números desde `article-performance.jsonl`, la foto era peor. En 24 artículos publicados en las últimas 4 semanas: 812 views, 4 reactions, 7 comments. Reaction: 0.49%. La mitad del umbral. Engagement (reactions + comments): 1.35%. La regla debió haberse disparado hace semanas. No se disparó porque no había, en ningún lugar del arnés, una capa cuya tarea fuera preguntar "¿esta regla realmente está funcionando?".

## La 4ta capa: qué es un Evolver

Agregué un 4to cron. Se ejecuta los sábados 09:00, en un horario separado de la cadena Observer/Strategist/Marketer del lunes. A diferencia de las otras 3, este tiene WebSearch habilitado. Su tarea es leer `strategy.md`, leer los logs de decisión de las últimas semanas y proponer diffs contra `strategy.md`. Escribir artículos queda con las otras 3 capas.

Cada propuesta es un archivo: `domains/<name>/data/evolution/EVO-NNNN.md`. El Evolver llena 5 secciones.

- Observación — qué vio en los datos
- Propuesta — el cambio de regla en prosa
- Fundamento — datos internos y referencias externas
- Impacto esperado — qué debería mejorar al aplicar
- diff — un bloque diff literal contra `strategy.md`

El bloque diff es la parte que sostiene todo. El Evolver va más allá de las sugerencias en español: escribe el parche exacto que entraría al repositorio. Una CLI pequeña llamada `harness-evolve.sh` sabe extraer el bloque, ejecutar `git apply --check` y commitar. Ningún LLM participa del paso de aplicar. El LLM propone, el shell aplica.

Esa separación es a propósito. La propuesta es creativa. La aplicación es mecánica. Cuando el paso de aplicar es mecánico, puedes confiar en que va a salir limpio o va a fallar de forma evidente. No hay "el agente intentó aplicar el parche y pasó algo raro en el medio".

## EVO-0003 — la propuesta que destapó la postergación

La tercera propuesta real del Evolver, `EVO-0003`, fue la que describí al inicio. El archivo de propuesta está en disco y lo estoy releyendo mientras escribo esto.

La sección de observación citaba ambos logs de mi Strategist, el "3 semanas seguidas en observación, decisión la próxima semana" y el "datos insuficientes, observar la próxima semana". Después calculó la engagement rate desde `article-performance.jsonl` y mostró que el umbral llevaba al menos 4 semanas roto. Después argumentó que la regla original era mala por 3 motivos:

1. La fórmula no estaba explícita. "Tasa de Reaction" ¿era por artículo o agregada? El Strategist podía calcular cualquiera de las dos, y esa ambigüedad daba margen para postergar
2. La condición "4 semanas seguidas" se volvía ambigua cuando los datos semanales eran delgados
3. La acción al disparar — "proponer revisión de título y ángulo" — era abstracta como para que el Strategist la cumpliera en una frase y siguiera adelante

La propuesta reemplazaba la regla por esto:

> Tasa de engagement = (suma de reactions + comments de los últimos 4 semanas de artículos) / suma de views. El Strategist tiene que calcular esto cada semana y registrarlo en el log. Si queda bajo 1.5% por 4 semanas seguidas, la semana siguiente 4 de los 5 artículos tienen que estar en formato "número + primera persona + narrativa de fracaso". Los títulos abstractos quedan prohibidos.

Parche de 20 líneas. Lo aprobé el martes 14:04 con `/harness-evolve approve EVO-0003`. El shell ejecutó `git apply --index` contra `strategy.md`, hizo el commit, actualizó el frontmatter a `status: applied` y mandó Telegram. El lunes siguiente, el Strategist se ejecutó con la regla nueva y calculó engagement rate de 1.35% en el log sin que nadie se lo pidiera. La frase "datos insuficientes" desapareció.

La parte donde quiero ser honesto: el Strategist no estaba actuando de mala fe. Tampoco estaba roto. Era un agente competente siguiendo una regla estructurada para permitir aplazamiento. Eso es una falla de la regla. La tarea del Evolver es atrapar fallas de regla, porque ninguna otra cosa en el arnés estaba estructurada para hacerlo.

## El límite de seguridad — porque los Self-Evolving Agents no son juguete

En el segundo en que dices "un agente que reescribe el arnés", alguien en tu cabeza debería levantar la mano y preguntar qué le impide reescribirse en un optimizador de clips. Varias cosas, todas a propósito.

El Evolver no puede tocar ciertas categorías de decisión. Agregar o quitar un dominio. Cambiar de idioma. Cambiar el criterio de calidad del texto. Cualquier cosa que involucre licencia, autoría o seguridad. El `.env`, el directorio de credenciales, los disparadores de publicación. Si alguna de estas estuviera en su radio de acción, no lo dejaría correr solo un sábado en la mañana.

Dentro de lo que sí puede tocar, 3 límites numéricos evitan que se desboque.

- diff de hasta 20 líneas por propuesta. Si es más grande, hay que dividir o escalar
- 2 propuestas por semana por dominio. La 3era se posterga al sábado siguiente
- 3 rechazos seguidos sobre el mismo tema disparan mute automático. El Evolver deja de re-proponer la misma idea después de que dije no tres veces

El tercero es lo que me parece subestimado en la literatura general de "self-improving agent". La señal interesante en un log de `reject` no es la propuesta, es la razón. "MCP sigue siendo el género principal de venta de libros, no se puede cortar" es un tipo de contexto de negocio que nunca quedó escrito en `strategy.md`. Después de 3 semanas rechazando propuestas de cortar MCP con esa misma razón, el Evolver deja de proponer cortar MCP. Contexto implícito de fundador se vuelve comportamiento explícito del arnés solo acumulando razones-de-rechazo.

## Checklist para introducir Evolver en una automatización propia

Si quieres aplicar el patrón en tu equipo, esta es la lista mínima de chequeos que pediría antes de prender el cron:

- [ ] Las 3 capas existentes ya producen logs de decisión legibles. Si el output del Strategist es "corrió exitoso, eligió temas", no hay nada que el Evolver pueda auditar. Necesitas frases tipo "actualmente 3 semanas seguidas en observación"
- [ ] Las reglas viven en un archivo de texto bajo control de versiones. `strategy.md` en git. Si tus reglas están en una base de datos o en un dashboard SaaS, el modelo de parche no funciona
- [ ] Tienes un canal de aprobación humana barato (Telegram, Slack, email). Si aprobar cuesta 10 minutos por propuesta, vas a dejar de usar el Evolver. Si cuesta 30 segundos, vas a ejecutarlo indefinidamente
- [ ] El paso de aplicar el diff está hecho en shell, no en LLM. `git apply --check` te avisa fuerte si el parche ya no encaja. Una alucinación del LLM al aplicar es difícil de detectar
- [ ] Definiste explícitamente qué no puede tocar el Evolver: dominio, idioma, criterios de calidad, credenciales, gatilos de publicación
- [ ] Pusiste límites numéricos: diff ≤ 20 líneas, ≤ 2 propuestas semanales, mute tras 3 rechazos seguidos
- [ ] Tienes un comando de revert para retroceder propuestas aplicadas. `git revert` está bien, siempre que recuerdes restaurar el archivo de propuesta después

Si todos los puntos están marcados, prender el cron del sábado tiene un perfil de riesgo aceptable. Si falta alguno, el costo de un Evolver mal puesto puede ser mayor que la ganancia.

## Continuación directa del post de 3 capas

La separación Observer/Strategist/Marketer ya la escribí en [otro artículo](https://kenimoto.dev/es/blog/tres-roles-observer-strategist-marketer-separacion). Aquel era sobre "de 1 agente a 3 agentes, 20 minutos se volvieron 3". Este es sobre **reescribir la regla que esas 3 capas siguen**.

La separación en 3 capas era por velocidad y previsibilidad. La 4ta capa es por rendición de cuentas. Más que "agregué 1 capa arriba de las 3", lo que pasó fue que derribé la hipótesis implícita de que la regla es fija.

## Lo que todavía no construí

El Evolver actual audita un dominio a la vez. En mis 4 dominios (devto, qiita, zenn, kenimoto-dev) escribí versiones distintas de `strategy.md`, y la mayoría tiene criterios de salida con estructura parecida. Un Evolver cross-domain podría notar que la misma estructura de regla está fallando en 2 dominios y proponer un arreglo unificado. No lo construí. Está en la lista.

La otra cosa en la lista es la recursión obvia. ¿Quién audita al Evolver? Por ahora la respuesta es "yo, cada approve/reject es una señal humana". La respuesta larga es "todavía no lo sé". Si las propuestas empezaran a tener un sesgo sistemático — siempre umbrales más estrictos, siempre cortar el mismo género — ese sesgo es real y voy a necesitar una 5ta capa que vigile a la 4ta. Todavía no lo veo. Tal vez no lo vea hasta el `EVO-0050`. Quiero ver el sesgo antes de agregar otra capa solo para sentirme más seguro.

Por ahora: 3 agentes que siguen reglas, 1 agente que audita las reglas, 1 humano que aprueba la auditoría. Es el arnés más chico que encontré capaz de detectar su propia postergación.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/es/)*

---

# Dejé de agregar contexto a mi agente: podar las salidas de herramientas recuperó la precisión

URL: https://kenimoto.dev/es/blog/dejar-de-agregar-contexto-podar-precision/
Lang: es
Date: 2026-06-04
Description: Creía que más contexto siempre era mejor. Cuando podé las salidas de herramientas y los archivos irrelevantes, los tokens bajaron un 40% y la precisión en tareas largas se recuperó. Una guía sobre qué decidir no incluir.

Durante mucho tiempo creí que el contexto siempre suma. Engordaba el archivo CLAUDE.md, le hacía leer todos los archivos que parecían relacionados, y dejaba las salidas de las herramientas tal cual. Pensaba que mientras más información tuviera el agente, mejor trabajaría.

Esa idea se cayó a la mitad de una tarea de migración de tres horas. El agente olvidó, sobre el final, la decisión de diseño que él mismo había tomado al principio. Tocó el archivo equivocado dos veces y metió mano en un directorio que yo le había marcado como prohibido en la primera hora. El problema no era el prompt. El contexto estaba tan inflado que la instrucción importante quedó enterrada.

Así que hice lo contrario. Dejé de agregar y empecé a podar. El resultado: los tokens bajaron cerca de un 40% y la precisión en la tarea larga se recuperó. De eso trata esta nota.

## Dónde "más es mejor" deja de ser cierto

El contexto tiene un techo de utilidad.

Claude Sonnet anuncia una ventana de 200 mil tokens. Pero Geoffrey Huntley, de Sourcegraph, reportó que [la calidad cae alrededor de los 147 mil a 152 mil tokens](https://albertsikkema.com/ai/development/tools/2026/04/23/smaller-context-window-better-claude-code.html). La capacidad de la ventana y la capacidad que de verdad puedes usar son dos cosas distintas.

Esa degradación tiene nombre: "context rot". A medida que sube la cantidad de tokens, la precisión y la capacidad de recuperar información bajan en silencio. Las sesiones que pasan de 30 minutos, que tocan 20 archivos o más, o que exigen razonar a lo largo de varias fases, entran en un modo de falla distinto. Eso fue exactamente lo que me pasó.

Sirve la comparación con alguien nuevo en el equipo. Le entregas tres páginas y arranca enseguida. Le apilas 300 páginas en el escritorio a esa misma persona y se le va el día buscando dónde dice qué. En algún punto, la cantidad de información y la capacidad de ejecutar se vuelven inversamente proporcionales.

## Las 3 categorías que podé

¿Qué borrar? Lo que recorté se dividió en tres grupos.

### 1. Los datos crudos de las herramientas

Este fue el de mayor impacto. El log completo de `npm test`, los cientos de líneas de un `grep`, el JSON gigante de una respuesta de API. El agente acumula todo eso en el contexto. Pero lo único que de verdad hace falta es la conclusión: "fallaron 3 pruebas, los archivos son estos".

La misma Anthropic ya ofrece la [limpieza de resultados de herramientas y la compactación](https://platform.claude.com/cookbook/tool-use-context-engineering-context-engineering-tools) como medidas oficiales. El context editing borra la salida de la herramienta y la compactación resume las conversaciones largas. Lo que yo hacía a mano resultó tener nombre y función propios.

En mi flujo dejé de conservar la salida cruda: anoto los puntos clave aparte y saco el log de la ventana. Solo con eso desapareció la mayor parte de los tokens.

### 2. Los archivos irrelevantes

Los que abría "por las dudas". Era una migración y le hacía leer cinco componentes que no tenían nada que ver. Lo que creía un seguro era, en realidad, comprar ruido.

### 3. Las idas y vueltas viejas de la conversación

El tanteo del inicio. Cuando ya quedó decidido "vamos por este camino", las tres alternativas descartadas que llevaron ahí ya no sirven. Dejas la decisión y tiras el proceso. Si le pasas una instrucción propia a `/compact`, recortas solo el ruido y conservas las decisiones importantes.

## Los números, antes y después de podar

Comparé la misma tarea de migración antes y después de la poda.

| Métrica | Antes de podar | Después de podar |
|---|---|---|
| Tokens usados | ~140 mil | ~84 mil |
| Retención del diseño | se desvió al final | se mantuvo hasta el cierre |
| Veces que tuve que repetir la instrucción | 6 | 1 |
| Archivos irrelevantes tocados | 2 | 0 |

Los tokens bajaron cerca de un 40%. Pero lo que de verdad funcionó fue que el agente recordó la instrucción inicial hasta el final. Las repeticiones pasaron de 6 a 1, porque dejé de pisar el valle de degradación de los 140 mil tokens.

Quiero subrayar algo: no agregué ninguna técnica nueva. Al revés, quité. Es la dirección opuesta a sumar capas de RAG. No le añadí inteligencia; le saqué el estorbo, y la inteligencia que ya tenía volvió. Eso fue todo.


## Por qué "no incluir" cuesta más que "agregar"

Con honestidad: podar cuesta más que sumar.

Sumar es fácil. Abres el archivo que te da inseguridad y listo. No exige criterio. Podar, en cambio, te pide decidir "esto no hace falta". Y ahí peleas con el miedo de que lo que borraste fuera necesario.

Mi criterio es simple. "¿Esta información sirve, de forma directa, para avanzar el paso que estoy haciendo ahora?". Si no sirve, no entra. Si después hace falta, voy a buscarla en ese momento. El agente puede volver a leer un archivo cuando lo necesite. Apilarlo todo por adelantado servía para calmar mi inseguridad; al agente no le aportaba nada.

Los modelos nuevos de Anthropic ya traen "context awareness": saben cuánta ventana les queda y sostienen la tarea hasta el final sin quedarse sin aire. Pero esa función parte de tener margen en la ventana. Si la llenas desde el arranque con logs crudos, ese margen no existe desde el primer minuto.

## En resumen

Cuando la precisión se cae en una tarea larga, mi primera reacción fue "debe faltar información". Era al revés. Sobraba información y diluía la instrucción que importaba.

Hice tres cosas. Cambié los datos crudos de las herramientas por sus puntos clave. Dejé de abrir archivos irrelevantes. Tiré el tanteo posterior a cada decisión. Con eso los tokens bajaron un 40%, dejé de pisar el valle del context rot y el agente sostuvo el rumbo hasta el cierre.

La ingeniería de contexto suena a un asunto de qué agregar y cómo. Pero en las tareas largas lo que rinde es el criterio de qué no incluir. Dejas de apilar papeles en el escritorio y conservas solo tres. Ahí es cuando la persona nueva vuelve a ser útil.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/es/)*

---

# A las 3 de la tarde tu tasa de aprobación en code review cae casi a 0%: la ciencia de la fatiga de decisión

URL: https://kenimoto.dev/es/blog/fatiga-decision-3pm-code-review-aprobacion/
Lang: es
Date: 2026-06-02
Description: No es la calidad del código sino la hora a la que lo revisaste lo que decide aprobar o rechazar. Lo que un estudio sobre jueces, la polémica del agotamiento del yo y la avalancha de sugerencias de IA me enseñaron sobre cuándo revisar.

Te lo digo primero, porque es lo único que necesitas recordar: si un pull request te llega a las 3 de la tarde, tiene muchas menos probabilidades de que lo apruebes que si te llega a las 9 de la mañana. Y casi no importa qué tan bueno sea el código.

Yo no quería creerlo. Soy ingeniero, me gusta pensar que mi juicio sobre un PR depende del PR. Pero después de mirar mis propios patrones de aprobación y de leer la literatura, me toca admitir algo incómodo: buena parte de mi rigor como revisor no es rigor, es la hora del reloj.


## El estudio de los jueces que todo el mundo cita

En 2011, Shai Danziger y sus colegas publicaron en PNAS un análisis de un comité de libertad condicional en Israel. Ocho jueces con experiencia, más de 1,000 decisiones, repartidas en 50 días. La pregunta era simple: ¿el preso sale o se queda?

El resultado se volvió famoso por una razón. Al inicio de cada sesión, la tasa de fallos favorables al preso rondaba el 65%. A medida que avanzaba la sesión, esa tasa bajaba de forma sostenida hasta acercarse a casi 0% justo antes de un descanso. Y después de que los jueces comían, volvía a subir a cerca del 65%.

Dicho de otro modo: dos presos con casos casi idénticos podían recibir veredictos opuestos según les tocara aparecer a las 9:10 o a las 11:50. Lo que pesaba en el veredicto no era el delito, era la hora a la que el juez los escuchó.

La explicación que se propuso fue la fatiga de decisión. Tomar una decisión tras otra desgasta tu capacidad de seguir decidiendo, y cuando estás desgastado eliges la opción por defecto, la que menos compromete. Para un juez, la opción por defecto es no soltar al preso. Para mí frente a un PR, la opción por defecto cambia según el día: a veces es rechazar sin pensarlo, a veces es aprobar para quitármelo de encima. Ninguna de las dos es juicio.

## Aquí es donde tengo que ser honesto contigo

Si cierro el artículo en el párrafo anterior, te estaría vendiendo ciencia popular y no ciencia. Y este blog no va de eso.

El estudio de los jueces tuvo réplica crítica. Ese mismo año, Weinshall-Margel y Shapard señalaron que el orden de los casos no era aleatorio: los presos sin abogado tendían a quedar al final de cada bloque, y eso solo ya podía explicar buena parte de la caída. O sea, quizá no era el cerebro cansado del juez, sino cómo estaban ordenados los expedientes.

Y el concepto que da nombre a todo esto, el agotamiento del yo (*ego depletion*), la idea de que el autocontrol es un combustible que se gasta, está hoy en plena crisis de replicación. Una replicación registrada con 23 laboratorios y más de 2,000 participantes no encontró el efecto que esperaba. Michael Inzlicht, uno de los investigadores que más trabajó el tema, llegó a escribir sobre el colapso del agotamiento del yo. No es un detalle menor: es uno de los pilares de la psicología social de los 2000 tambaleándose.

Así que aquí va mi versión prudente, la única que estoy dispuesto a defender: una serie larga de decisiones parece degradar la calidad de tus decisiones posteriores. Eso es todo. No te digo que tienes un tanque de gasolina mental que se vacía a las 3 de la tarde. Te digo que decidir mucho, seguido, sin pausa, te empeora como revisor. La forma fuerte de la teoría está en duda; la forma débil sigue siendo razonable y, sobre todo, sigue siendo útil para alguien que revisa código todo el día.

Que la ciencia esté en debate no me da menos confianza para escribir esto. Me da más. Porque significa que no te estoy pidiendo fe, te estoy pidiendo que pruebes el horario y midas tu propia tasa.

## Por qué los que trabajamos con IA estamos peor

Ahora viene la parte que me hizo escribir todo esto.

Un juez israelí de 2011 tomaba sus decisiones leyendo expedientes en papel, a ritmo humano. Yo, en 2026, reviso código mientras un asistente de IA me escupe sugerencias. Y leer una sugerencia de IA se parece poco a leer una línea de código: es un acto de decisión completo. Tengo que reconstruir la lógica que el modelo propuso, revertirla mentalmente hasta entender por qué la escribió así, y volver a mapearla contra mi propio modelo del sistema. Decenas o cientos de veces al día.

El paper "Towards Decoding Developer Cognition in the Age of AI Assistants" (arXiv 2501.02684, 2025) apunta justo a eso: el costo cognitivo se desplazó. Antes el trabajo caro era escribir. Ahora el código sale barato y rápido, y el trabajo caro es verificar. Cada sugerencia plausible-pero-quizá-incorrecta es una microdecisión, y se acumulan.

La investigación de 2026 lo confirma con datos más duros. En CHI 2026, un trabajo titulado "When Help Hurts: Verification Load and Fatigue with AI Coding Assistants" construyó una medida compuesta de carga de verificación (fallos de compilación y de tests, churn, pausas, cambios de contexto) y mostró que predice de forma estable la trayectoria de estrés y fatiga del desarrollador a lo largo del uso repetido. La encuesta de Sonar de 2026 le pone el dedo en la llaga: el 96% de los desarrolladores desconfía del código generado por IA, y aun así el 46% del código nuevo es producido por IA sin una revisión consistente.

Junta las dos cosas. Un volumen de microdecisiones que un juez de 2011 jamás vio, más la desconfianza que te obliga a revisar todo dos veces, menos el tiempo real para hacerlo. Es la receta perfecta para que tu yo de las 3 de la tarde apruebe un PR que tu yo de las 9 de la mañana habría devuelto con tres comentarios.

No te miento: yo soy ese yo de las 3 de la tarde más seguido de lo que me gustaría.

## Lo que cambié en mi día (y lo que cambiarías tú)

Esto es lo práctico, que es para lo que viniste. Nada de esto requiere creer en el combustible mental. Solo requiere aceptar que decidir mucho, seguido, te empeora.

**Los juicios pesados van en la mañana.** El PR que toca el sistema de pagos, la decisión de arquitectura, el "¿mergeamos antes del fin de semana?": eso lo agendo temprano, antes de haber gastado mi cuota de decisiones en cosas chicas. Si me llega un PR grande a las 3 de la tarde y no es urgente, lo dejo para la mañana siguiente y lo digo sin culpa. Aquí ya escribí sobre lo caro que sale mergear un refactor de IA un viernes por la tarde: [Le pedí a Claude que refactorizara 100 funciones, 7 quedaron más lentas en producción](/es/blog/claude-refactor-100-funciones-7-mas-lentas-produccion/).

**Diseñen franjas de review.** Si en tu equipo cualquiera abre un PR a cualquier hora y espera review inmediato, todos revisan en estado de fatiga al azar. Una franja fija, por ejemplo de 9:30 a 11:00, concentra las revisiones en la ventana donde el equipo decide mejor. No es burocracia; es proteger el juicio colectivo.

**Agrupen las sugerencias de IA en lotes.** En vez de aceptar o rechazar cada sugerencia del asistente en tiempo real, dejo que se acumulen y las reviso en bloque, con la cabeza puesta en revisar y no en programar. Cambiar de contexto entre escribir y juzgar es justo lo que la medida de carga de verificación de CHI 2026 penaliza.

**Los descansos no son flojera, son mantenimiento.** Lo único que la curva de los jueces muestra con claridad, réplicas aparte, es que después de comer la tasa volvía a subir. No sé si fue la comida, la pausa o el cambio de orden de los casos. Me da igual el mecanismo. Si una pausa de 15 minutos me devuelve algo de mi criterio de la mañana, esa pausa es la mejor revisión de código que voy a hacer en todo el día.

Y si quieres ver qué pasa cuando varios revisores cansados miran lo mismo, te dejo este otro experimento mío: [pedí a 3 sub-agentes que revisaran el mismo PR y no se pusieron de acuerdo en el 41% de los comentarios](/es/blog/tres-sub-agentes-revisaron-mismo-pr-40-desacuerdo/).

## El cierre

La parte rara de todo esto es que la solución no es esforzarme más. Si pudiera resolver la fatiga de decisión esforzándome, no sería fatiga. La solución es ordenar el día para que mis mejores decisiones caigan cuando yo estoy en mi mejor momento, y para que las horas malas reciban el trabajo que no decide nada.

El código que apruebas a las 3 de la tarde y el que apruebas a las 9 de la mañana se ven idénticos en el diff. La diferencia está en quién lo está leyendo, y a esa hora ese quién no eres del todo tú.

Así que la próxima vez que estés a punto de darle "Approve" a un PR pesado al final de la tarde, hazte una sola pregunta: ¿estoy aprobando el código, o estoy aprobando que ya no quiero seguir decidiendo? Yo me la hago. No siempre me gusta la respuesta.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/es/)*

---

# Few-shot no le enseña conocimiento a tu LLM: le enseña a decir \"no lo sé\"

URL: https://kenimoto.dev/es/blog/few-shot-no-ensena-conocimiento/
Lang: es
Date: 2026-06-07
Description: El error más común con few-shot prompting es creer que le inyectas conocimiento al modelo. No es así. Few-shot controla el formato, el tono y la actitud frente a la incertidumbre. En un experimento, la honestidad subió de 3,7 a 5,0 y la precisión factual se quedó en cero. Te explico qué hace de verdad y cuándo usarlo.

Te lo digo de entrada para ahorrarte semanas de frustración: **few-shot prompting no le enseña hechos nuevos a tu modelo.** Si le pegas tres ejemplos con datos correctos esperando que "aprenda" ese conocimiento, vas a perder el tiempo. Lo que few-shot sí hace es otra cosa, más sutil y honestamente más útil: le enseña al modelo a comportarse, incluso a admitir cuando no sabe algo.

Yo tardé en entender esto. Durante un tiempo metía ejemplos en el prompt pensando que estaba "rellenando" la cabeza del modelo con información. El modelo seguía inventando datos con la misma seguridad de siempre. La diferencia es que ahora inventaba con un formato más bonito.

## Qué es few-shot, sin el malentendido

Few-shot prompting es simplemente mostrarle al modelo unos pocos ejemplos de "una buena respuesta" antes de hacerle tu pregunta real. Como cuando entrenas a alguien nuevo en el equipo: no le explicas con palabras cómo se escribe el reporte semanal, le muestras tres reportes anteriores y al cuarto ya lo copia solo. La estructura, el tono, el largo: todo lo absorbe del ejemplo.

El punto que casi nadie dice en voz alta es este: el modelo copia la *forma* del ejemplo, no su *contenido*. Si tus ejemplos son educados, el modelo será educado. Si tus ejemplos admiten cuando no saben algo, el modelo aprende a admitirlo. Pero el dato factual de tu ejemplo no se queda guardado como conocimiento. Few-shot le da forma a la actitud; la base de datos del modelo queda igual que antes.

## El experimento que me cambió la cabeza

En un experimento que documenté con Claude Sonnet 4, comparé el modelo con solo un system prompt contra el mismo modelo con ejemplos few-shot agregados. Mira lo que pasó con dos métricas:

| Métrica | Solo system | System + few-shot |
|------|-------------|-------------------|
| Honestidad | 3,7 | 5,0 |
| Precisión factual | 0,0 | 0,0 |

La honestidad subió de 3,7 a 5,0. Un salto enorme. ¿Y la precisión factual? Se quedó clavada en cero. Cero antes, cero después.

Eso es todo el argumento en dos filas. Los ejemplos no le agregaron ni un solo hecho correcto al modelo. Lo único que cambiaron fue su disposición a decir "no tengo esa información, te recomiendo verificar en la fuente oficial" en lugar de inventar una respuesta con cara de seguridad.

Hubo un detalle que me pareció hermoso: la métrica de "especificidad" *bajó* de 1,7 a 0,0. Al principio parece un empeoramiento. No lo es. El modelo dejó de dar detalles específicos inventados. Cuando no sabía, dejó de adornar. Bajar la especificidad falsa es exactamente lo que uno quiere.


## Por qué esto importa más en 2026

Esto no es un detalle de laboratorio. La investigación reciente apunta a que la tendencia a alucinar es una propiedad estructural del modelo, no algo que arreglas con mejores prompts. El entrenamiento premia adivinar con seguridad por encima de admitir incertidumbre, así que el modelo aprende a farolear. Ningún prompt, por más astuto, cambia el incentivo de fondo.

¿Qué significa esto en la práctica? Que tienes que separar dos problemas que la gente mezcla todo el tiempo:

- **¿Necesitas que el modelo sepa algo que no está en sus datos?** Eso es un problema de conocimiento. Se resuelve con RAG: le das los documentos en el momento, recuperados desde tu base. No con few-shot.
- **¿Necesitas que el modelo responda con cierto formato, tono, o que admita cuando no sabe?** Eso es un problema de comportamiento. Ahí few-shot brilla.

Confundir los dos es la causa número uno de prompts que no funcionan. Le pides a few-shot que haga el trabajo de RAG, y te frustras porque el modelo sigue sin saber lo que tú sí sabes.

## Cómo lo uso en la práctica

Algunas reglas que me sirvieron, todas aprendidas pisando el palito:

**Pocos ejemplos, bien elegidos.** Más no es mejor. Uno a tres ejemplos suelen alcanzar. Con tres ejemplos coherentes, el formato queda fijo. Pasar de ahí solo infla el contexto y te cuesta más tokens sin mejorar el resultado.

**Incluye un caso de "no sé".** Si quieres que el modelo admita ignorancia, tiene que ver un ejemplo donde la respuesta correcta es admitirla. Suena obvio, pero casi nadie lo hace. Algo así:

```text
P: ¿Cuál es la política de reembolso?
R: No tengo la información actualizada de la política de reembolso.
   Te recomiendo revisar los términos vigentes o contactar a soporte,
   para no darte un dato desactualizado.
```

Ese único ejemplo le enseña al modelo que "no lo sé" es una respuesta válida y deseable.

**Cuida la diversidad.** Si todos tus ejemplos son del mismo tipo, amplificas ese sesgo. Mezcla un caso normal, un caso de error, un caso límite. El modelo aprende el rango, no un solo punto.

**No metas datos sensibles en los ejemplos.** El modelo va a imitar el patrón. Si un ejemplo muestra una contraseña en texto plano, no te sorprendas cuando el modelo "ayude" filtrando una.

## Lo que me llevo

Para mí, few-shot se volvió una herramienta para *dirigir* al modelo, más que para enseñarle. El conocimiento lo pongo con RAG. El formato y la honestidad los pongo con few-shot. Esa división de tareas es, para mí, el primer paso real de la ingeniería de contexto.

Y la parte que más me gusta es la menos técnica: el mayor valor de few-shot no es que el modelo suene más inteligente, sino que aprenda a decir "no lo sé" cuando de verdad no sabe. En una era donde los modelos farolean con una sonrisa, enseñarles humildad resultó ser la habilidad más cara de todas.

Si manejas español y trabajas con LLMs, ese único cambio (mostrar un ejemplo de "no lo sé") probablemente sea la mejora con mejor relación esfuerzo-resultado que puedes hacer hoy.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/es/)*

---

# \"99,5% de disponibilidad\" y \"5.000 pagos fallidos\" son el mismo hecho: el framing del reporte cambia la urgencia

URL: https://kenimoto.dev/es/blog/framing-reporte-incidente-99-5/
Lang: es
Date: 2026-06-03
Description: El mismo incidente escrito como \"mantenemos 99,5%\" o como \"5.000 pagos están fallando\". El número no cambia ni un decimal, pero la urgencia que percibe tu equipo pasa de la calma al pánico. Mi falla en una guardia y tres reglas para diseñar el reporte.

Te lo digo de entrada: la idea de que "si reporto números exactos soy neutral" es un mito. El mismo número exacto, escrito como "tasa de impacto" o como "contenido del impacto", mueve la urgencia que percibe el que lo lee entre la calma y la crisis. Por eso dejé de pensar el reporte de incidentes como algo que se escribe, y empecé a pensarlo como algo que se diseña.

Lo aprendí fallando en una de mis guardias.

## Con "mantenemos 99,5%" dejé a mi equipo tranquilo de más

Una noche, la tasa de error en el flujo de pagos empezó a subir. Abrí el dashboard, miré el número y escribí en el canal del equipo:

> "La tasa de éxito de pagos está en 99,5%. Parece un pico puntual, lo dejo en observación."

Ni una palabra de mentira. Era 99,5% de verdad. Todos respondieron "dale, en observación" y yo volví tranquilo a revisar logs.

El problema estaba del otro lado del número. Ese servicio recibía cerca de un millón de solicitudes por día. **99,5% significa que 0,5% falla. Es decir, 5.000 pagos cayendo.** Si yo hubiera escrito el mismo dato así, el clima habría sido otro:

> "Hay 5.000 pagos fallando ahora mismo."

El primero da "lo observamos"; el segundo da "todos a la sala de guerra". Y el número es el mismo 99,5%. Esa noche elegí sin darme cuenta el framing tranquilizador, y con eso retrasé la reacción de mi propio equipo.


## Por qué pasa esto: el efecto de framing

El fenómeno tiene nombre: **efecto de framing (encuadre)**. La misma información, según cómo se presenta, cambia el juicio de quien la recibe. Tversky y Kahneman lo demostraron en su artículo clásico de 1981.

El experimento famoso: ante una enfermedad que mataría a 600 personas, presentan "el plan A salva a 200" frente a "el plan B deja morir a 400". A y B son matemáticamente idénticos, pero mucha gente elige A porque está enmarcado en "salvar". El framing de supervivencia y el de muerte dan vuelta la decisión.

El reporte de incidentes es justo donde esto pega. Como trabajamos con números, creemos que somos cuantitativos y neutrales. Pero en el momento en que eliges **sobre qué framing montas ese número**, ya dejaste de ser neutral.

## "Tasa de impacto" y "contenido del impacto" no tienen la misma urgencia

Lo que más confusión genera en la práctica es confundir estos dos framings.

- **Framing de tasa**: "100 de 100.000 usuarios afectados (0,1%)"
- **Framing de contenido**: "100 usuarios no pueden pagar"

Son los mismos 100 usuarios. Pero el primero suena a "0,1%, algo menor" y el segundo suena a "100 personas no pueden pagar, esto es grave". El porcentaje diluye el hecho; la cantidad de personas y el "qué no funciona" lo concentran.

Ahí conviven el framing **involuntario** y el **intencional**.

El involuntario fue mi 99,5%. Cero mala intención: agarré el número que tenía a mano y lo escribí tal cual. El resultado igual fue dejar al equipo confiado de más.

El intencional sirve para el lado opuesto. Cuando quieres subir bien la prioridad pero dices "0,1%", se pierde. En ese caso no enmarcas por tasa sino por contenido: en vez de "0,1% de impacto", escribes "**el flujo de pagos, que toca la facturación directa, está caído para 100 usuarios**". El mismo hecho, montado en el framing que transmite la urgencia correcta.

## Aquí trazo una línea: esto no es "inflar los números"

Para que quede claro: no estoy diciendo "agranda los números para asustar". En el momento en que haces eso, fundes el activo más importante que tienes, que es la confianza.

Lo peligroso del framing es que está **a un paso de la manipulación**. Escribir "100 usuarios no pueden pagar" es un hecho. Pero si le sumas algo que no está, o eliges un denominador inflado para mover el porcentaje a gusto, eso ya no es un reporte: es una puesta en escena.

El criterio con el que trazo la línea es simple. **Entrega la misma verdad, en el framing que transmite la urgencia correcta.** La verdad no se toca ni un milímetro. Lo único que ajustas es si el que lee puede captar bien la gravedad. No es inflar; es no diluir. Son cosas distintas.

## Tres reglas para diseñar el reporte

Desde esa noche, tengo tres reglas para mí y para mi equipo. Ninguna depende de la atención individual; todas son del lado del sistema. Porque el cerebro durante un incidente es menos confiable justo cuando más te confías.

**1. Enmarca por contenido, no por tasa**

En el postmortem y en el primer aviso durante el incidente, no te quedes en "0,5% de falla". Bájalo siempre a lo concreto: "= 5.000 transacciones / X pagos caídos". Ten presente que la tasa empuja a diluir el impacto, y escribe la cantidad de personas, el número de casos y el "qué no funciona" juntos.

**2. Si dura 5 minutos, escala sin esperar el juicio humano**

El sesgo de normalidad ("todavía aguanta", "debe ser un falso positivo") se lleva pésimo con frases como mi 99,5%. Así que reduce el espacio para que una persona decida "lo observamos". Configura que, si una alerta dura más de 5 minutos, le llegue automáticamente al de guardia. Que mi exceso de confianza se frene por fuera de mi juicio.

**3. Si la tasa de error supera el umbral, publicación automática**

No dejes en manos de una persona "si reportar o no". Si la tasa de error pasa de N%, que los datos crudos, sin framing posible, caigan solos en el canal. Elimina de entrada el hueco por el que yo elegiría el framing tranquilizador.

Lo común a las tres es la misma idea: **cuando el sesgo está más fuerte, saca la decisión hacia el sistema.** Checklist, escalado automático, publicación automática. Todas son innecesarias "si estoy tranquilo", pero durante un incidente no estoy tranquilo. Aceptarlo con honestidad es el único punto desde donde arranca una defensa que sirve.

## En resumen

- "99,5% de éxito", "5.000 pagos fallidos" y "100 usuarios sin poder pagar" son exactamente el mismo hecho. Lo único que cambia es la urgencia
- Con números exactos, enmarcar por tasa o por contenido da vuelta el juicio del que lee entre calma y crisis (efecto de framing, Tversky y Kahneman, 1981)
- Esto no es "infla los números". **La verdad no se toca; eliges el framing que transmite la urgencia correcta.** Inflar y no diluir son cosas distintas
- No te apoyes en la atención individual, sino en el sistema: framing por contenido, escalado automático, publicación automática

Esto también sirve cuando eres tú el que recibe el reporte. Aprendes a frenar un segundo y verificar "¿en qué framing está escrito este aviso?". Si te dicen 99,5%, tradúcelo a 5.000 en tu cabeza antes de reaccionar. Solo con eso, las veces que me inclino hacia el lado confiado bajaron bastante.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/es/)*

---

# Por qué dejé el prompt engineering por la ingeniería de contexto

URL: https://kenimoto.dev/es/blog/ingenieria-de-contexto-vs-prompt/
Lang: es
Date: 2026-05-07
Description: Ingeniero corriendo 5 proyectos en paralelo cuenta cómo dejó de escribir prompts largos y pasó a diseñar contexto. Qué cambió en la práctica.

Hace más o menos un año, yo estaba convencido de que la habilidad del futuro era escribir mejores prompts. Estudié plantillas, compré dos cursos, anoté frases mágicas tipo "think step by step" y "you are a senior engineer with 20 years of experience". Resultado: códigos un poco mejores, pero nada que justificara el tiempo gastado reescribiendo el mismo prompt cinco veces al día.

Hoy corro cinco proyectos en paralelo con Claude Code. Ya no escribo prompts largos. Lo que cambió fue la percepción de dónde debe ir el esfuerzo: no en el input que mando ahora, sino en el contexto que el modelo ya tiene antes de que yo abra la boca.

Este texto es sobre ese giro. El nombre tiene rótulo: **ingeniería de contexto**.


## El problema del prompt engineering

La idea central del prompt engineering es simple: si formulo bien la pregunta, el modelo responde mejor. Y eso es verdad hasta cierto punto.

El problema aparece cuando tratas de escalar. Cada tarea exige un prompt distinto. Cada prompt necesita repetir convenciones del proyecto, restricciones de estilo, decisiones arquitecturales que ya fueron tomadas. Terminas manteniendo decenas de "prompts maestros" en archivos de texto, copiando y pegando, y aun así el modelo olvida cosas básicas en la mitad de la sesión.

Yo le llamo a eso **economía del prompt único**: cada interacción comienza desde cero, y todo el peso recae en lo que logras empacar en ese mensaje. Es como contratar a un sénior nuevo para cada PR y explicarle el proyecto entero antes de pedirle cada cambio.

## El giro

En algún momento me di cuenta de algo: el modelo no necesita leer todo de nuevo cada vez. Si pongo la información correcta en el lugar correcto, él la encuentra solo.

Fue ahí donde empecé a pensar en capas de contexto. En vez de un prompt gigante, ahora diseño cuatro tipos de contexto que coexisten:

**1. Contexto persistente (CLAUDE.md):** convenciones del proyecto, decisiones arquitecturales, comandos de build, "por qué esto está así". Este archivo vive en el repositorio y se lee automáticamente cada vez que Claude Code abre el proyecto. No tengo que repetir nada de eso en el prompt.

**2. Contexto de sesión:** lo que está abierto en el editor, historial reciente de la conversación, archivos que fueron leídos. El modelo ya tiene eso en la ventana de contexto.

**3. Contexto de tarea:** solo lo que es específico de ese pedido. "Implementa autenticación con JWT" en vez de "implementa autenticación con JWT siguiendo nuestro patrón de error centralizado en utils/errors.ts y usando bcrypt para hash de contraseña como descrito en CLAUDE.md".

**4. Contexto de herramienta:** Skills, hooks, MCP servers. Capacidades que el modelo invoca cuando necesita, sin que yo se las pida.


La diferencia práctica: mi prompt típico hoy tiene tres líneas. El modelo ya sabe el resto.

## Qué entra en el CLAUDE.md

Ese es el truco. CLAUDE.md es como un README escrito para el modelo, no para humanos. Responde preguntas que Claude haría si pudiera:

- ¿Cómo correr los tests en este proyecto?
- ¿Cuál es el estilo de error? Throw, return tuple, Result type?
- ¿Hay alguna decisión arquitectural no obvia que yo deba respetar?
- ¿Qué comandos debería evitar? (drop database, force push, etc.)
- ¿Dónde está la documentación de dominio que explica el "por qué" de las cosas?

Mi CLAUDE.md de uno de los proyectos tiene 180 líneas. Cubre estructura de carpetas, comandos de prueba, patrones de commit, tres decisiones arquitecturales con explicación corta, y una sección de "comportamientos a evitar". Ese archivo me ahorra cinco minutos por interacción. Multiplica por 50 interacciones al día en cinco proyectos: ahorro real de tiempo.

## CLAUDE.md como contrato

Hay un detalle que me costó entender: CLAUDE.md no es solo una lista de reglas. Es un contrato bidireccional.

De mi lado, prometo mantener el archivo actualizado cuando cambian las decisiones. Del lado del modelo, se compromete a respetar lo que está escrito ahí. Eso cambia el tipo de feedback que recibo: si hace algo fuera del patrón, ahora reclamo apuntando al fragmento específico de CLAUDE.md. El modelo acepta mejor una corrección anclada en "violaste la regla X" que en "esto está mal".

Otro lado: si hace algo bien siguiendo el contexto, dejo de elogiar. No necesito. Está haciendo su trabajo.

## Mi flujo típico

Te cuento cómo funciona una mañana mía, para que quede concreto.

Despierto, abro uno de los proyectos en la terminal. Claude Code carga el CLAUDE.md. Mando: "mirá el issue #142 y proponme un plan en 4 o 5 etapas."

El modelo lee el issue, lee los archivos relevantes, y me devuelve un plan en markdown con 4 o 5 etapas. Reviso el plan (no el código todavía), corrijo una decisión si es necesario, y digo "ejecuta."

Mientras tanto, abro el segundo proyecto y hago lo mismo. Después el tercero. Los tres modelos trabajan en paralelo, cada uno en su repositorio, cada uno con su CLAUDE.md.

Cuando el primero termina, vuelvo, leo el diff, hago review. Aquí es donde el humano agrega valor: juzgar si lo que se hizo tiene sentido en el contexto mayor del producto. El modelo escribe código, yo decido si ese código entra o no.

En un día bueno, cierro 8 a 12 PRs así. En un día malo, descubro que debería haber actualizado el CLAUDE.md de un proyecto antes de empezar. Siempre es mi culpa: el modelo solo sabe lo que dejé escrito.

## Lo que dejé de hacer

Algunas cosas dejaron de existir en mi flujo:

- Prompts con más de 5 líneas
- "Eres un ingeniero sénior..." y compañía
- Re-explicar la estructura del proyecto
- Repetir convenciones de naming
- Pedirle al modelo que "recuerde" algo de la conversación anterior
- Cursores múltiples en el IDE (la terminal ganó)

Algunas empezaron:

- Actualizar CLAUDE.md como hábito (igual que actualizar README)
- Pensar en Skills reutilizables para tareas que repito
- Configurar hooks para automatizar verificaciones
- Discutir decisiones con el modelo antes de pedir código

## Adónde te lleva esto

Si estás hoy en la fase de "escribir mejores prompts", el siguiente paso probable es dejar de escribir prompts y empezar a escribir contexto. CLAUDE.md es el punto de entrada más barato. 30 minutos invertidos en el archivo suelen ahorrar horas en la semana siguiente.

Junté lo que aprendí en estos meses en un libro llamado [Practical Claude Code: La Ingeniería de Contexto que Transforma tu Desarrollo](https://kenimoto.dev/es/books/claude-code-mastery), enfocado en ingeniería de contexto aplicada. Cubre CLAUDE.md, Skills, hooks, multi-agente, y los tropiezos que vale la pena evitar. Está en Kindle Unlimited.

Pero no necesitas el libro para empezar. Abre tu proyecto ahora, crea un CLAUDE.md con cinco líneas sobre cómo correr los tests y cuál es el patrón de error. Mira lo que cambia en la siguiente sesión. Suele ser obvio.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/es/)*

---

# Corrí un LLM local en mi GPU sin pagar API: la regla VRAM-a-modelo que evita el OOM

URL: https://kenimoto.dev/es/blog/llm-local-gpu-vram-modelo/
Lang: es
Date: 2026-06-08
Description: Lo local no es solo para ahorrar. Con datos médicos o de clientes, a veces es la única opción legal. El cuello de botella real no es la API: es tu VRAM. Aquí va la regla para elegir entre 24B, 32B y 70B sin reventar la memoria.

La primera vez que intenté ejecutar un modelo de 70B en mi GPU, la terminal me devolvió un `CUDA out of memory` tan rápido que ni alcancé a quitar la mano del teclado. Yo tenía la idea romántica de "voy a tener mi propio ChatGPT en casa, gratis". Lo que tenía en realidad era una tarjeta de 24 GB y un modelo que pedía 40. El cuello de botella nunca fue la API. Era mi VRAM, y yo no la estaba mirando.

Quiero contar dos cosas. Primero, por qué correr un LLM local vale la pena aunque tengas API a mano. Y segundo, la regla aburrida que te dice qué tamaño de modelo entra en tu tarjeta antes de que te estrelles contra el OOM.

## Lo local no es solo por tacañería

El primer reflejo es pensar que esto es para ahorrar dólares, y sí, ahorra. Pero el ahorro es solo el principio. Lo que de verdad inclina la balanza es que a veces lo local es **la única opción que la ley te deja**.

Si tu proyecto toca datos médicos, financieros o información personal de clientes, mandar eso a la API de un proveedor en otro país deja de ser un detalle técnico y pasa a ser un problema legal. En Brasil la LGPD se endureció en 2026: la Ley 15.352/2026 convirtió a la ANPD en un regulador plenamente independiente, y la inteligencia artificial quedó como prioridad explícita de fiscalización para 2026-2027. México, Argentina, Colombia y Chile tienen sus propios regímenes de protección de datos, y la presión por residencia de datos es real en toda la región. La LGPD no te obliga a tener todo en servidores locales, pero sí exige "salvaguardas adecuadas". Y no hay salvaguarda más simple de defender ante un auditor que: "los datos nunca salieron de esta máquina".

Después está el costo, que en LatAm pega distinto. La API se cobra en dólares por millón de tokens. Cuando tu sueldo está en pesos o reales y el dólar hace lo que hace, cada experimento de prompt es una pequeña sangría en una moneda que no es la tuya. Correr local tiene costo marginal cero en dólares: pagas el hardware una vez y después el único gasto es la luz.

Y por último, lo obvio que se nos olvida: lo local funciona sin internet. En un avión, en una oficina de cliente con la red capada, en cualquier lado donde la conexión sea un lujo, tu modelo sigue ahí.

## Ollama: una línea para empezar

Ollama es la herramienta que vuelve todo esto simple. Descarga, cuantización y motor de inferencia, todo con un comando. Instalarlo es literalmente una línea:

```bash
# Linux
curl -fsSL https://ollama.ai/install.sh | sh

# arrancar el servidor
ollama serve

# descargar y ejecutar un modelo de código
ollama pull devstral:24b
ollama run devstral:24b
```

Y como expone una API compatible con OpenAI, puedes apuntar tu código existente al modelo local sin reescribir nada:

```python
from openai import OpenAI

client = OpenAI(
    base_url="http://localhost:11434/v1",
    api_key="ollama"  # cualquier string sirve
)
```

Hasta acá es la parte de marketing, donde todo funciona y todos somos felices. Ahora viene la parte donde te estrellas si no haces la cuenta.

## La regla VRAM-a-modelo

El número que importa antes de bajar cualquier modelo es cuánta VRAM necesita. La regla de bolsillo es esta:

> **VRAM (GB) ≈ parámetros (en miles de millones) × bytes por parámetro × 1,2**

Ese 1,2 del final no es decoración: es el espacio extra que se come la caché KV mientras el contexto crece. Y los "bytes por parámetro" dependen de la cuantización, que es lo que más confunde a la gente. En fp16 cada parámetro pesa 2 bytes; cuantizado a Q4_K_M baja a más o menos 0,55. Esa es toda la magia de poder ejecutar modelos grandes en tarjetas chicas.


| Modelo | Q4_K_M | Q8 | fp16 |
|--------|--------|----|----|
| Devstral 24B (código) | ~14 GB | — | ~48 GB |
| Qwen3-Coder 32B | ~22 GB | — | ~64 GB |
| Llama 3.3 70B | ~40 GB | ~74 GB | ~140 GB |

Mira la columna Q4_K_M, que es el punto dulce. Un modelo de 24B entra cómodo en una tarjeta de 24 GB. Uno de 32B entra **justo**: ocupa 22 GB de los 24, y te deja apenas un par de gigas para el contexto antes de que el OOM te salude. Y el 70B simplemente no cabe en una sola tarjeta de consumo: necesitas 40 GB, o sea una de servidor, o dos de 24 GB pegadas. Por eso mi error del principio: pedí un 70B a una tarjeta que físicamente no podía sostenerlo.

La cuantización es el botón que ajusta todo. Q4_K_M es el equilibrio que casi siempre quieres: la mejor calidad por gigabyte. Q5 mejora un pelo a cambio de un 15-20% más de memoria. Q8 es casi sin pérdida pero pesado, y fp16 rara vez vale la pena en local. Si tu modelo no entra, no compres GPU todavía: primero baja la cuantización.

## En qué tarjeta corre cada cosa

Para aterrizarlo en hardware real: una RTX 3090 usada de 24 GB (ronda los 700 dólares) ya te corre cómodamente cualquier modelo de 24B en Q4. La RTX 5090, con sus 32 GB, te da aire para un 32B con contexto decente. Y para el 70B, o te vas a una tarjeta de servidor o armas un setup de dos GPU. La cuenta de cuándo conviene comprar hardware en vez de pagar API es simple aunque la gente la cita mal: el punto de equilibrio anda por los **2 millones de tokens al día**, no al mes. Si tu uso es de hobby, la API sigue siendo más barata. Si estás iterando sobre código todo el día, el fierro se paga solo en unos meses.

## Lo honesto: local no le gana a la nube en todo

No te voy a vender humo. Un modelo local de 32B no alcanza a Claude Sonnet ni a GPT en las tareas difíciles. Refactors que tocan muchos archivos, decisiones de arquitectura, razonamiento sobre contextos largos: ahí la nube gana y gana claro. Los benchmarks de frontera siguen liderados por los modelos grandes en la nube, y quien te diga lo contrario probablemente está mirando un benchmark saturado como HumanEval, que ya no distingue bien a nadie.

Pero acá está el punto: el 70-80% de tu día como programador no son tareas difíciles. Es CRUD, boilerplate, completar una función, escribir un test, generar la documentación de un módulo. Para todo eso, un 24B o 32B local rinde de sobra, y rinde sin cobrarte un centavo en dólares ni mandar tu código a ningún lado.

La estrategia que yo terminé usando combina las dos: lo rutinario y de alto volumen lo manejo local, y los problemas espinosos se los paso a la API. Elegir local fue la decisión correcta; el error estuvo en pedirle a 24 GB que cargaran un modelo de 40. Haz la cuenta primero, elige la cuantización, y la terminal deja de gritarte.

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/es/)*

---

# OpenClaw, Claude Code y Cursor: la guía LatAm para elegir tu primer agente autónomo en 2026

URL: https://kenimoto.dev/es/blog/openclaw-claude-code-cursor-guia-latam/
Lang: es
Date: 2026-05-10
Description: OpenClaw cruzó 250 mil estrellas en 60 días. ¿Vale más que Claude Code o Cursor para tu equipo en LatAm? Guía práctica de elección 2026.

En 2026 ya hay tres agentes autónomos serios para la terminal: OpenClaw (250 mil estrellas en GitHub en 60 días), Claude Code (oficial de Anthropic) y Cursor con su pestaña Agent. Esta guía te ayuda a elegir cuál instalar primero, sin que tengas que probar los tres como hice yo.

Si trabajas en un equipo en LatAm y no quieres pagar dos suscripciones de SaaS al mismo tiempo, este texto es para ti. Si además te tocó la conversación de "¿pasa el código de la empresa por servidores fuera del país?", también.

## Los números antes de cualquier opinión

Antes de comparar, los hechos. La mitad de lo que circula en Twitter sobre OpenClaw está mal por un factor de dos.

- OpenClaw cruzó las 250 mil estrellas en GitHub el 3 de marzo de 2026, superando a React como el repositorio más estrellado de la historia
- 60 días desde el lanzamiento hasta las 250 mil. React tardó casi una década en llegar al mismo número
- 60 mil estrellas en las primeras 72 horas. Esto último nadie lo cree la primera vez
- El 14 de febrero de 2026, Peter Steinberger anunció que se une a OpenAI a trabajar en agentes, mientras OpenClaw migra a una fundación para mantenerse abierto e independiente
- Una sesión de refactor mediano consumió 920 mil tokens en mi prueba. A precios de Claude 4.5 Sonnet, eso fueron USD 8.30

Yo soy el ingeniero que [escribió la guía de spec-driven development con asistentes de IA ayer](/es/blog/spec-driven-development-asistentes-ia-guia-latam/). Ahora estoy escribiendo la guía de elección de agente. Si te parece sospechoso, te entiendo.

## Los tres candidatos en una tabla

Esta es la matriz que me hubiera ahorrado dos semanas de pruebas si alguien me la hubiera pasado en marzo.

| Criterio | OpenClaw | Claude Code | Cursor (Agent) |
|---|---|---|---|
| Precio base | Gratis (open source) + costo de API | Gratis + costo de API | USD 20 al mes + API |
| Modelo backend | Multi-proveedor (Claude, GPT, Gemini, Ollama) | Solo Anthropic | Solo Anthropic en la pestaña Agent |
| Modelo local | Sí, vía Ollama | No oficial | No |
| Archivo de personalidad | SOUL.md (quién es el agente) | CLAUDE.md (qué es el proyecto) | Reglas de proyecto |
| Marketplace de skills | ClawHub (paquetes JS) | Skills (markdown) | Reglas y comandos |
| Arquitectura de red | Gateway local, sin relay | Directo a Anthropic | Servidores de Cursor en el medio |
| Madurez del proyecto | 60 días, fundación nueva | 18 meses, estable | 24 meses, comercial |
| Mejor para | Equipos multi-modelo, ambientes regulados | Equipos Anthropic-first, simplicidad | Equipos que ya viven en VS Code |

Con esta tabla en la mano, la guía de los siguientes 30 minutos se vuelve clara.

## Los cinco criterios para elegir

### 1. Precio en USD y el techo mensual

Una sesión de refactor mediano consume entre 500 mil y 1 millón de tokens en cualquiera de los tres agentes. A USD 3 por millón de tokens de input en Claude 4.5 Sonnet, eso son entre USD 5 y USD 9 por sesión.

Si tu equipo hace 50 sesiones al mes, el costo de API anda en USD 250 a USD 450. La suscripción de Cursor (USD 20) se vuelve ruido sobre eso.

El criterio práctico: el precio de la herramienta no es el factor decisivo en LatAm en 2026. El factor decisivo es el costo del modelo, y los tres agentes pagan por la misma API.

### 2. Modelo local con Ollama

Solo OpenClaw soporta Ollama como ciudadano de primera clase.

```bash
ollama pull devstral:24b
openclaw --model ollama/devstral:24b
```

Esto importa cuando:
- Estás haciendo pruebas iterativas y no quieres ver la factura de la API por cada experimento fallido
- Tu cliente tiene una política estricta de "el código no sale de la red local"
- Tu conexión a internet no es estable y necesitas un fallback

La calidad de inferencia local con devstral:24b o qwen3.5-coder es más baja que Claude 4.5 Sonnet, pero alcanza para tareas pequeñas: arreglar un archivo, escribir un script, hacer un commit message decente.

### 3. Skills, marketplace y la cuestión de seguridad

Esta es la diferencia más subestimada. Los tres tienen sistema de extensión, pero con compromisos distintos.

Claude Code Skills son archivos markdown más recursos opcionales. Las escribes tú, las versionas en Git, las distribuyes como distribuyes documentación. Bajo riesgo, baja capacidad.

ClawHub son paquetes JavaScript que se ejecutan en una sandbox y pueden pedir permiso de ejecución de shell. Más capacidad, más riesgo. El incidente ClawHavoc en marzo de 2026 detectó 341 skills maliciosas en el marketplace. Es un costo real de tener un marketplace abierto.

Las reglas de Cursor son configuración por proyecto, sin marketplace. Ningún riesgo de paquete malicioso, pero tampoco te beneficias del trabajo de la comunidad.

El criterio práctico:
- Si tu equipo es chico y manda código a producción cada semana, ClawHub es demasiado. Quédate en Skills o en reglas de Cursor
- Si tu equipo es grande y necesita herramientas reutilizables versionadas, ClawHub paga la complejidad
- Audita siempre el código antes de instalar una skill de ClawHub

### 4. Arquitectura de red y compliance

Aquí está la pregunta que cada vez más clientes en LatAm están haciendo: ¿por dónde pasan mis prompts?

OpenClaw rutea todas las llamadas a LLM por un proceso local llamado Gateway.


El Gateway vive en tu máquina. Tus prompts y tu código no pasan por un relay en la nube operado por OpenClaw camino al proveedor de LLM. Van directo de tu laptop a la API de Anthropic, OpenAI o quien hayas elegido.

Claude Code tampoco tiene relay intermedio, porque Anthropic es el único proveedor.

Cursor sí tiene servidores intermedios. Eso te da telemetría, cache de prompts y mejoras automáticas, pero también significa que tu código pasa por infraestructura de Cursor antes de llegar al modelo.

En equipos en sectores regulados (banca, salud, gobierno), esa diferencia ya es la diferencia entre poder y no poder usar la herramienta. Si tu cliente tiene compliance estricto, OpenClaw o Claude Code te van a dar menos dolores de cabeza que Cursor.

### 5. Curva de aprendizaje

Tiempo aproximado para tener una configuración productiva:

- Cursor: 30 minutos. Es VS Code con extensiones, abre el proyecto y listo
- Claude Code: 2 horas. Hay que escribir un CLAUDE.md útil, ese es el 80% del trabajo
- OpenClaw: 4 horas. CLAUDE.md, SOUL.md, elegir modelo, instalar skills de ClawHub, configurar el Gateway

Si tu equipo no tiene tiempo de leer documentación, Cursor gana esa pelea. Si tu equipo está dispuesto a invertir un día en configuración para ahorrar semanas en producción, OpenClaw o Claude Code valen el esfuerzo.

## Instalación de OpenClaw en 30 minutos

Si después de leer la tabla decidiste probar OpenClaw, este es el flujo mínimo.

```bash
curl -fsSL https://get.openclaw.dev | sh
export ANTHROPIC_API_KEY=sk-ant-...
openclaw
```

Después escribe tu primer SOUL.md en la raíz del proyecto.

```markdown
# SOUL.md
Eres un ingeniero backend senior, opiniones fuertes y poca paciencia para
código que habla más de lo que hace.

- Prefiere Python sobre TypeScript cuando los dos sirvan. No estamos haciendo frontend.
- No agregues una feature sin test. Si el test toma más de 10 minutos, pregunta antes.
- Performance importa, pero la legibilidad importa más. Somos un equipo de cuatro.
- No escribas relleno conversacional. "Claro, lo hago" no es output. Output es el diff.
- Si dudas, pregunta. No adivines. Adivinar costó un fin de semana el año pasado.
```

Para una primera prueba real:

```bash
openclaw
> Actualiza el código Python 3.8 de este repo a 3.11. Ejecuta los tests.
```

OpenClaw escanea los archivos `.py`, detecta sintaxis incompatible con 3.11, hace los cambios, ejecuta `pytest` y reporta. Una sesión de tamaño medio toma alrededor de 14 minutos y consume entre 500 mil y 1 millón de tokens.

## La trampa de las 15h

Hay una trampa que casi me hace abandonar OpenClaw el primer día. Te la cuento por adelantado.

El Claude Code está en mi memoria muscular. Tipeo `claude` tres veces al día desde hace un año. Cuando tipeo `openclaw` y espero el segundo extra de cold start, mis dedos van a `claude` por reflejo. Pasó tres veces el primer día.

Esa es la parte que ninguna comparación de features te dice. El costo de migración no es solo configuración. Son reflejos. Estate listo para sentirte torpe durante 24 horas. Si lo aguantas, el segundo día ya es normal.

## La recomendación práctica para equipos en LatAm

Si me preguntas hoy, sin saber nada de tu equipo, mi recomendación por defecto sería:

- **Equipo de 1 a 3 personas, proyecto Anthropic-first**: Claude Code. Simple, barato, suficiente
- **Equipo de 4 a 20 personas, multi-proveedor o con compliance**: OpenClaw. La inversión inicial paga
- **Equipo que ya vive en VS Code y no quiere terminal**: Cursor. La pestaña Agent es buena
- **Equipo en sector regulado (banca, salud, gobierno)**: OpenClaw o Claude Code. Cursor probablemente no pasa el filtro

Personalmente sigo en Claude Code como predeterminado. Tengo OpenClaw con alias en otro comando para los casos en que quiero probar otro modelo en el mismo prompt sin pagar dos suscripciones de SaaS al mismo tiempo.

## Hacia dónde va esto

La parte más interesante para los próximos doce meses es la fundación de OpenClaw mientras Steinberger se va a OpenAI. Las fundaciones son la forma en que un proyecto open source sobrevive a su fundador. También son la forma en que un proyecto se osifica. Los primeros seis meses de gobernanza de la OpenClaw Foundation van a decirte si se vuelve Linux o si se vuelve Helm.

Si lo que quieres es la respuesta de hoy y no la respuesta de dentro de un año, los tres agentes son lo bastante buenos para empezar. La elección incorrecta cuesta una tarde. La indecisión cuesta una semana.

Lo que sí no recomiendo: probar los tres al mismo tiempo. Elige uno con esta tabla, comprométete una semana, y solo entonces evalúa si vale la pena moverte.

## Conclusión

No hay un agente "mejor". Hay un agente correcto para tu equipo en este momento, según tu presupuesto en USD, tu nivel de compliance, tu tolerancia a la configuración inicial y tu aversión a pagar dos suscripciones. Esta guía es tu mapa para elegir.

OpenClaw, Claude Code y Cursor no son competidores en el sentido tradicional. Son tres respuestas a la misma pregunta: ¿qué puede hacer la IA dentro de tu terminal sin preguntarte primero? Cada equipo escogió distinto porque tenía suposiciones distintas sobre quién está sentado frente a la pantalla. La herramienta correcta es aquella cuyas suposiciones coinciden con las tuyas.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/es/)*

---

# Cómo blindar los permisos de Claude Code para que tu agente no filtre secretos

URL: https://kenimoto.dev/es/blog/permisos-claude-code-evitar-fuga-secretos/
Lang: es
Date: 2026-06-06
Description: Por qué el modo permisivo de Claude Code puede filtrar tu .env al proveedor de IA, y las deny-rules en .claude/settings.json que lo evitan, paso a paso.

Esta es una guía para hacer, no para asustarse. Yo tuve Claude Code con permisos casi abiertos durante meses y dormía de maravilla, hasta que me pregunté qué pasaría si un comando imprimía mi `.env` en pantalla. Si usas Claude Code con permisos amplios, en los próximos diez minutos puedes cerrar la fuga de secretos más común. Abre tu `.claude/settings.json` y vamos paso a paso.

El problema, en una frase: cuando dejas que el agente apruebe casi todo, el contenido de tu archivo `.env` puede terminar en la salida de un comando, esa salida entra en el contexto, y el contexto se envía al proveedor de IA. Nadie quiso filtrar nada. Pasó solo.

## Paso 1: agrega las deny-rules básicas

Lo primero es decirle a Claude Code qué nunca debe tocar. Las reglas `deny` siempre tienen prioridad sobre las `allow`, así que aquí nombramos los archivos peligrosos de forma explícita. Copia este bloque a tu `.claude/settings.json`:

```json
{
  "permissions": {
    "allow": [
      "Read",
      "Bash(npm test *)",
      "Edit(src/**/*.ts)"
    ],
    "deny": [
      "Read(.env)",
      "Read(.env.*)",
      "Edit(*.env*)",
      "Write(*.env*)",
      "Read(*.pem)",
      "Read(*.key)",
      "Read(credentials.json)",
      "Bash(curl * | bash)"
    ]
  }
}
```

Las reglas aceptan patrones: `Edit(src/**/*.ts)` cubre todos los TypeScript bajo `src`, y `Read(.env.*)` cubre `.env.local`, `.env.production` y compañía. Empieza por aquí y ya redujiste la superficie de ataque.


## Paso 2: no confíes solo en las deny-rules

Aquí va el dato incómodo que muchas guías omiten: en 2026 se reportaron varios casos en los que la regla `deny` de lectura no se aplicaba realmente a los archivos `.env` (el issue #24846 de anthropics/claude-code, entre otros). Es decir, el agente leía un archivo que supuestamente estaba bloqueado, sin aviso ni error.

La conclusión no es que las deny-rules no sirvan. Sirven, pero como primera pared, no como muralla final. Yo puse mi deny-rule de `.env`, me sentí blindado, y el agente igual lo leyó: mi blindaje era de cartón. La sensación de seguridad falsa es peor que no tener nada, porque bajas la guardia. Por eso conviene poner capas alrededor.

## Paso 3: saca los secretos reales del disco

La forma más segura de proteger un secreto es que no exista en texto plano en tu computadora. Si no está escrito en un archivo, no hay nada que ninguna herramienta pueda leer.

- Mueve los valores de producción a un gestor de secretos (AWS Secrets Manager, HashiCorp Vault) y que se inyecten en tiempo de ejecución.
- Deja en tu `.env` local solo valores de prueba. Si se filtran, no pasa nada, y un secreto que no duele al filtrarse es un problema resuelto.
- Confirma que `.env`, `*.pem`, `*.key` y `credentials.json` estén en tu `.gitignore`. Dos candados valen más que uno.

## Paso 4: cierra la salida con Hooks y red

Las deny-rules controlan qué archivos se tocan. Los Hooks controlan qué se ejecuta. Puedes agregar un Hook que revise el uso de herramientas peligrosas y lo bloquee con exit code 2, y con la opción `async` registrar cada acción en un log externo para auditar después.

Y si la tarea solo necesita archivos locales, corta la salida de raíz: levanta el contenedor de Docker con `--network none`. Sin red, no hay a dónde enviar nada.

```bash
docker run -it --rm \
  -v $(pwd):/workspace \
  --network none \
  claude-code-sandbox
```


## Paso 5: lista de verificación de permisos mínimos

Antes de dejar al agente trabajar solo, repasa esto. Si marcas las cinco, estás en buena forma:

- [ ] Las deny-rules de `.env`, llaves y `curl | bash` están en `.claude/settings.json`.
- [ ] Los secretos reales viven en un gestor, no en archivos del proyecto.
- [ ] `.gitignore` cubre `.env`, `*.pem`, `*.key` y `credentials.json`.
- [ ] La clave de API del agente tiene permisos mínimos y un límite mensual de uso.
- [ ] Para tareas sensibles, lo ejecutas en un contenedor con la red cortada.

No necesitas las cinco hoy. Si solo haces los pasos 1 y 3 esta tarde, ya sacaste el secreto crítico del disco y le pusiste un candado al agente. El resto lo agregas cuando el proyecto lo pida.

## Para cerrar

La seguridad de los permisos no es algo que configuras una vez y olvidas. Las CVE cambian, las reglas a veces fallan (como vimos con las deny-rules de `.env`), y la comodidad del modo automático no significa que puedas dejar de mirar la salida. Pero con estas capas, la fuga de secretos en tiempo de ejecución se vuelve un caso raro en lugar de un accidente a punto de pasar. Configúralo bien una vez y podrás delegarle tareas al agente con tranquilidad. Eso sí, yo todavía le echo un ojo a la salida de vez en cuando; al agente ya lo entiendo, al yo de hace seis meses que le dio permiso a todo, todavía no.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/es/)*

---

# El ranking de tu página no le importa a la IA — solo cita pasajes

URL: https://kenimoto.dev/es/blog/ranking-pagina-no-importa-ia-cita-pasajes/
Lang: es
Date: 2026-06-01
Description: La búsqueda con IA no cita páginas, cita pasajes. Te explico por qué mi artículo en la página 3 de Google fue citado y el número 1 ignorado, y la estructura de cuatro capas que uso para que cada pasaje sea citable.

Pasé dos años persiguiendo el primer puesto en Google. Un día vi a un asistente de IA citar un artículo mío que estaba enterrado en la página 3, e ignorar el artículo que ocupaba el puesto número 1 para la misma búsqueda. Dolió un poco. Y a la vez me enseñó algo: todo lo que había estado optimizando apuntaba a la unidad equivocada.

Esto es lo que nadie me dijo con suficiente claridad: **la búsqueda con IA no cita páginas. Cita pasajes.**

## La unidad cambió y nadie avisó

El SEO clásico tiene una sola unidad: la página. Posicionas una URL, la URL entera sube o baja, y tu trabajo es empujarla hacia arriba. El modelo mental es simple, aunque el trabajo sea durísimo.

La búsqueda con IA tiró ese modelo sin avisar. Cuando ChatGPT Search, Perplexity o los AI Overviews de Google responden una pregunta, no te entregan diez enlaces azules. Arman una respuesta, y sacan las piezas de esa respuesta de párrafos concretos —pasajes— repartidos entre muchas fuentes.

Por eso citaron mi artículo de la página 3: un solo párrafo respondía la subpregunta del usuario de forma limpia. La página número 1 no tenía un párrafo así; tenía 2.000 palabras de calentamiento antes de decir algo citable. Google premió el maratón. La IA quería una frase clara, y mi artículo perdedor la tenía.

Las investigaciones lo confirman: una parte importante de las citas en los AI Overviews viene de fuentes que ni siquiera están en el top 10 de resultados orgánicos. Tu ranking de página y tus probabilidades de ser citado apenas se relacionan. Si sigues optimizando la página como un bloque, estás puliendo una unidad que la IA nunca mira.

## Qué significa "citable" de verdad

Un pasaje citable es uno que la IA puede extraer, soltar dentro de una respuesta, y que siga teniendo sentido con cero contexto alrededor. Esa última parte es todo el juego.

Pruébalo tú mismo. Toma cualquier párrafo de tu último artículo, pégalo en un documento en blanco y léelo en frío. ¿Se sostiene solo? ¿O se apoya en los tres párrafos anteriores con palabras como "esto", "por lo tanto" o "como mencioné"? Si no sobrevive a salir de su contexto, la IA no lo va a extraer, porque lo que hace la IA es, en la práctica, sacarlo de contexto.

Casi toda mi escritura vieja reprobó esta prueba. Cada párrafo era pasajero del anterior. Excelente para un humano que lee de arriba abajo. Inútil para una máquina que agarra una sola línea del medio.

## La estructura de cuatro capas que uso ahora

Después de la humillación de la página 3, reconstruí mi forma de escribir. Hoy pienso el contenido en cuatro capas, de la más pequeña a la más grande.


**Atómico — un hecho que se sostiene solo.** Una sola frase que afirma algo verdadero y citable sin ninguna preparación. "TypeScript fue lanzado por Microsoft en 2012." No "nuestra solución ha ayudado a muchos equipos." La IA quiere hechos por los que pueda responder, y la tranquilidad vaga no es un hecho.

**Mini — una idea en dos o tres frases.** Lo justo para definir un concepto y su consecuencia, nada más. En mi experiencia, esta es la unidad que más citan los asistentes de IA, porque es un pensamiento completo que aun así cabe en una respuesta.

**Sección — un encabezado más sus pasajes.** El encabezado hace trabajo de recuperación, no es decoración. Si escribes los encabezados como las preguntas que tu lector realmente escribe, le entregas a la IA un cajón etiquetado del que sacar.

**Clúster — páginas relacionadas que son dueñas de un tema.** Ninguna página cubre un dominio entero. Un conjunto de páginas bien enlazadas indica que eres una fuente que vale la pena citar de forma repetida, no una sola vez.

El cambio práctico es pequeño pero implacable: dejé de escribir párrafos que dependen de sus vecinos y empecé a escribir párrafos que podrían ser secuestrados.

## Primero la respuesta, nunca el carraspeo

El otro hábito que tuve que matar fue el calentamiento. Antes abría cada sección con contexto, generaba tensión y revelaba la respuesta al final como un mago. A la búsqueda con IA le caen mal los magos. Quiere el conejo sobre la mesa en la primera frase.

Así que cambié a respuesta primero, cercano al viejo método PREP (Punto, Razón, Ejemplo, Punto). Primero la conclusión, luego la justificación. Si alguien pregunta "¿debería usar optimización por pasajes?", la primera frase es "Sí, porque la IA cita párrafos, no páginas", y la explicación viene después. La IA puede tomar esa apertura y seguir; el humano que quiere profundidad sigue leyendo. Todos ganan y nadie espera el truco.

Los bloques de pregunta y respuesta trabajan aún más. Una pregunta literal como encabezado, seguida de una respuesta ajustada de dos frases, es de las estructuras más fáciles de extraer. Refleja exactamente lo que el usuario le preguntó a la IA, así que la coincidencia es casi demasiado fácil.

## Los números son carnada, y la IA muerde

Noté un patrón y después encontré la investigación que lo respalda: los pasajes con números concretos se citan mucho más que los pasajes con adjetivos. El estudio sobre optimización para motores generativos liderado por Princeton encontró que agregar estadísticas, citas y referencias elevó la visibilidad de una fuente en las respuestas de IA hasta un **40%**. Eso no es un margen de error. Es la diferencia entre ser la fuente citada y ser la fuente que nadie vio.

Así que revisé mis borradores y convertí afirmaciones blandas en afirmaciones duras. "El marcado con schema puede mejorar la visibilidad en IA" se volvió un caso concreto: Sharp HealthCare reportó un **aumento del 843% en clics provenientes de IA** en nueve meses tras renovar sus datos estructurados. Una de esas frases es olvidable. La otra es una cita esperando a ocurrir.

El capítulo del que saqué este marco cita más datos en la misma dirección —subidas de citación por optimizar subpreguntas y por agregar estadísticas a pasajes que antes eran planos—. Yo tomaría los porcentajes exactos como dirección y no como dogma, porque las metodologías varían, pero la dirección es consistente en todo lo que he visto: lo específico se cita, lo vago se salta.

## Los datos estructurados son la etiqueta del pasaje

Los pasajes te consiguen la cita; los datos estructurados te hacen legible. El marcado con schema (JSON-LD) le dice a la máquina qué es cada bloque de tu página: esto es una pregunta, esto su respuesta, este el autor, esta la fecha. El comportamiento de Perplexity muestra una mejora de visibilidad para contenido con datos estructurados limpios, y las herramientas de contexto para LLM de Brave pueden extraer hasta el nivel de fila de una tabla cuando el marcado las guía.

Pensándolo así: un gran pasaje sin schema es una respuesta brillante escrita en un papelito sin etiqueta. El schema es la etiqueta que deja a la máquina archivarlo bien y volver a encontrarlo.

## La frescura también es propiedad del pasaje

Una palanca más que subestimé: la actualidad. Los sistemas de IA se inclinan por fuentes frescas, y la brecha es mayor de lo que esperaba: la frecuencia de citación puede variar en decenas de puntos porcentuales entre contenido actualizado hace horas y contenido de hace un mes. La guía de Adobe ronda actualizar el contenido clave cada pocas semanas. Así que ya no escribo un pasaje y lo abandono. Vuelvo a los de mayor valor, actualizo los números y subo la fecha. Un pasaje no es un monumento; es una planta de interior.

## Cómo adaptarlo a tu stack

Mis ejemplos viven en un sitio hecho con Astro, pero nada de esto depende de eso. En WordPress, plugins como Yoast o Rank Math inyectan JSON-LD sin que toques código; tu trabajo de pasajes es el mismo en el editor de bloques. En Next.js agregas el schema con un componente `<script type="application/ld+json">` por página. En Django lo armas en la plantilla. La herramienta cambia; las cuatro capas y la respuesta primero no.

## Lo que hago en la práctica

Cuando escribo un artículo hoy, la lista de chequeo es corta y un poco despiadada:

- ¿Cada párrafo se puede extraer y sigue teniendo sentido? Si no, reescríbelo.
- ¿Cada sección abre con su respuesta? Si no, sube la respuesta.
- ¿Las afirmaciones son específicas y con números? Si no, busca el número.
- ¿La estructura es legible por máquina vía schema? Si no, agrégalo.
- ¿Los pasajes de mayor valor están frescos? Si no, actualízalos.

Todavía me importa el ranking tradicional: no desapareció. Pero dejé de tratar la página como aquello que optimizo. La página es solo un contenedor. Los pasajes son el producto. Y el día que empecé a escribir para el párrafo en lugar de para la URL fue el día en que los asistentes de IA empezaron a citarme ante gente que nunca voy a conocer.

Para un desglose más completo de la estructura de contenido extraíble por IA, las notas de diseño de contenido de [llmoframework.com](https://llmoframework.com) cubren las capas de pasajes y datos estructurados con más profundidad.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/es/)*

---

# Los Claude Code Skills consumen tokens aunque no se activen. Medí 5 Skills durante 7 horas — los 3 que nunca dispararon se llevaron el 11%.

URL: https://kenimoto.dev/es/blog/skills-3-dormidos-18-tokens/
Lang: es
Date: 2026-05-30
Description: Cargué 5 Skills en Claude Code durante 7 horas. 3 nunca se activaron, pero se llevaron el 11% de mis tokens (unos USD 22/mes del plan Max). La medición completa, el JSON del usage y un checklist en 5 pasos para auditar tu setup.

Yo creía que los Skills de Claude Code eran una mejora gratis sobre los comandos personalizados. No son gratis. Son alquiler.

Esa frase es el artículo completo en quince palabras. El resto es yo mostrando los comprobantes.

Un martes dejé una sesión de Claude Code corriendo durante 7 horas con 5 Skills cargados: revisor de PR, ayudante de migración de TypeScript, validador de migraciones de base de datos, rastreador de logs y limpiador de CSV. Tres de ellos **no se dispararon ni una sola vez** en todo el día. Revisé el log de invocaciones dos veces porque me costaba creerlo. Aun así, esos tres solos se llevaron alrededor del **11% del total de tokens de la sesión**. Sumando los dos que sí trabajaron, los Skills se quedaron con el **18%** de la cuenta.

Hasta ese día yo les decía a los compañeros que "los Skills solo cuestan cuando se disparan, así que podés dejarlos cargados sin problema". Estaba equivocado, y de una forma que se puede medir en dinero.

## Cómo se cargan los Skills en realidad

Está todo en la documentación. Yo lo leí por arriba.

Cuando empieza la sesión, Claude Code lee todos los Skills en el alcance. Lo que entra al contexto en ese momento es solo el `name` y el `description` del frontmatter del `SKILL.md`. El cuerpo del Skill **todavía no** entra. El cuerpo se carga recién cuando Claude decide que el `description` coincide con tu prompt actual, o cuando vos escribís `/nombre-del-skill` a mano. Una vez cargado, el cuerpo se queda en el contexto hasta que termina la sesión o se dispara la compactación.

Lo que yo no había internalizado: **el `description` está en el contexto en cada turno**. No solo al inicio de la sesión. Cada mensaje tuyo, cada respuesta de Claude, el `description` de cada Skill cargado sigue ahí como parte del prompt. Cinco Skills con `description` de unos 300 tokens cada uno son ~1.500 tokens de "esto es lo que estos Skills saben hacer" que se recobran en cada turno.

En una sesión de 80 turnos, ese mismo bloque de texto se paga 160 veces. Cada uno es chico. Pero es constante. Es el Skill cobrando alquiler.

## La sesión que medí

Uso Claude Code como herramienta principal de trabajo. El día de la medición fue un martes normal: triaje de PRs a la mañana, refactor largo a la tarde, exploración en la shell al final del día. Una sola sesión, abierta todo el tiempo, con `--output-format json --verbose` pasando por un wrapper de log que guardaba el campo `usage` en cada respuesta.

Los 5 Skills que estaban en `~/.claude/skills/`:

| Skill | longitud del description | función | ¿se disparó? |
|-------|---:|---------|:---:|
| `review-pr` | ~310 tokens | flujo de revisión de PR | sí (11 veces) |
| `migrate-ts` | ~290 tokens | ayudante de migración TS | sí (2 veces) |
| `migrate-db` | ~340 tokens | validador de migración DB | no |
| `trace-logs` | ~270 tokens | rastreo de patrones en logs | no |
| `clean-csv` | ~280 tokens | recetas de limpieza de CSV | no |

Total de description cargado por turno: ~1.490 tokens de metadatos de Skill, sentados encima del CLAUDE.md, el contexto del proyecto y la conversación viva.

La sesión duró 7h12, 84 turnos, ~2,1 millones de tokens entre entrada y salida (con prompt caching activo casi todo el tiempo).

## El comprobante

Partí el consumo en tres categorías: total, "lo que habría sido sin Skills cargados" (estimación restando el overhead de description y el cuerpo de los dos que sí dispararon) y la diferencia. Los números reales:

| Categoría | Tokens | Porcentaje |
|-----------|------:|------:|
| Conversación, CLAUDE.md, lectura de código | 1.720K | 82% |
| Skills activos (`review-pr` + `migrate-ts`) | 147K | 7% |
| Skills dormidos (descriptions, 3 nunca dispararon) | 231K | 11% |
| **Total** | **2.098K** | **100%** |

Los dos Skills que sí trabajaron costaron 7%. Está bien. Me ahorraron por lo menos esa misma cantidad en prompts que no tuve que volver a escribir.

Los tres que nunca coincidieron con nada costaron 11%. Retorno: cero. Con prompt caching activo, el costo de description por turno se absorbe parcialmente, pero solo parcialmente: cada vez que mi prompt cambia, la frontera del cache se mueve, el description se re-tokeniza y aparece en el `input_tokens` del billing. Once por ciento.

En una cuenta de Claude Code Max (USD 200/mes), 18% son **USD 36/mes**. De esos, USD 22/mes son los tres dormidos. Estaba pagando esa cifra por mantener tres archivos de texto en el contexto. No me animo ni a contarlo en la mesa familiar.

(Aproximadamente ARS 28.000, MXN 380 o CLP 20.000 al cambio de mayo 2026, según tu país.)


## La auditoría del día siguiente

A la mañana siguiente repetí la misma carga de trabajo (mismo set de PRs, mismos tipos de prompt) con solo los dos Skills que habían disparado el día anterior. Consumo total: ~1.872K tokens. Caída de ~11% respecto al día previo. Dentro del ruido natural de "dos días nunca son iguales", el número coincide con el alquiler que cobraban los tres dormidos.

Si querés hacer la misma medición en tu setup, alcanza con envolver el `claude` en un wrapper que lea el JSON del `usage`:

```bash
claude -p "$TU_PROMPT" --output-format json --verbose \
  | jq '{input: .usage.input_tokens, cached: .usage.cache_read_input_tokens, output: .usage.output_tokens}'
```

La línea que importa es `input_tokens`. Si tiene una deriva hacia arriba después de que agregás un Skill nuevo, estás pagando alquiler de description.

## Por qué me agarró desprevenido

Yo trataba al Skill como un `import` de lenguaje de programación: costo cero hasta ser llamado. El `import` es gratis porque el compilador descarta lo que no se referencia. Claude Code no puede descartar. El `description` es justamente el material que usa para decidir si invoca o no. Si el `description` se cargara perezosamente, no tendría con qué decidir disparar el Skill en primer lugar.

Es una decisión de diseño coherente. De hecho, es la decisión correcta. Pero la consecuencia es que el costo marginal de "tener un Skill instalado y nunca usarlo" no es cero. Es un impuesto por turno que se va sumando a lo largo de la sesión.

No confundas esto con los Hooks. Los Hooks los dispara Claude Code a propósito en respuesta a eventos: pre-tool, post-tool, session-end. Los Hooks no se describen en el system prompt para hacer matching; se configuran en `settings.json` y el harness los llama cuando corresponde. **Un Hook que nunca dispara cuesta cero de verdad. Un Skill que nunca dispara cuesta description × cada turno.** Son mecanismos distintos viviendo en el mismo Claude Code.

Tampoco es lo mismo que un MCP server inactivo. Un MCP server inscribe la lista completa de herramientas en el system prompt al inicio de la sesión (una medición pública conocida dio ~27.000 tokens por servidor), pero ese es un costo fijo por servidor, no por turno. El Skill es más chico por unidad, pero suele haber más de ellos, y el "× cada turno" termina multiplicando.

## Checklist: cómo auditar tus Skills antes de que se lleven tu presupuesto

Acá lo hago una vez por mes. Diez minutos.

1. **Listá todos los Skills en el alcance.** `ls ~/.claude/skills/`, más el `.claude/skills/` del proyecto, más cualquier Skill que venga de un Plugin. Anotalos en un archivo.
2. **Para cada Skill, fijate cuándo se disparó por última vez.** Si estás logueando sesiones con `--output-format json`, alcanza con un `grep` por el nombre del Skill en las entradas de tool-use. Si no estás logueando, vas a depender de la memoria, y la memoria miente.
3. **Marcá como "candidato" todo Skill sin invocaciones en los últimos 30 días.** Todavía no borrés. Solo marcá.
4. **Mové el candidato al desván por una semana.** Yo literalmente hago `mv ~/.claude/skills/<nombre>/ ~/.claude/skills-desvan/`. Trabajá una semana así. Si no lo extrañaste, era alquiler.
5. **Volvé a medir la línea base de `input_tokens`.** Misma carga de trabajo, sin los candidatos cargados. Si la línea bajó de forma clara, acabás de encontrar tu ahorro.

La trampa que conviene evitar: **no borrés al candidato en el momento**. A veces hay Skills que no disparan hace 30 días porque los usás en un cierre trimestral que te olvidás. "Al desván" es el término medio seguro.

## Qué cambié en mi setup

Tres Skills se fueron al desván. Uno vuelve el mes que viene porque tengo una migración de base de datos programada. Los otros dos, probablemente se quedan ahí. Los dos activos siguen como están.

La sesión que estoy corriendo ahora para escribir este artículo también tiene solo dos Skills cargados. La línea del `input_tokens` por turno me quedó plana de un modo que antes no era (venía subiendo de a poco). 11% en voz alta suena poco. USD 22/mes solo por mantener tres archivos de texto en el contexto sin disparar nada tiene otra cara. En cuenta de API medida, depende del uso, pero es la misma historia con otro formato.

Cargar muchos Skills no está mal. Es práctico. Solo hay que saber que esa practicidad tiene un impuesto por turno, y que el impuesto es invisible hasta que te tomás el trabajo de mirarlo.

La frase que voy a pegar en el monitor: **cargado ≠ activo ≠ pagado solo cuando se usa.**

Corré el `claude -p` con `--output-format json` una vez y mirá el `usage.input_tokens`. El número está ahí hace rato contando esta historia. Yo era el que no estaba mirando.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/es/)*

---

# Spec-Driven Development con asistentes de IA: la guía LatAm para escribir specs antes del primer prompt

URL: https://kenimoto.dev/es/blog/spec-driven-development-asistentes-ia-guia-latam/
Lang: es
Date: 2026-05-09
Description: Las herramientas de IA prometen que ya no necesitas escribir specs. Lo creí seis meses, hasta que Claude Code generó tres veces seguidas un sistema de cupones que se aplicaba descuento a sí mismo. Esta es la guía práctica que me hubiera ahorrado el rodeo.

Las herramientas de IA prometen que ya no necesitas escribir specs. Yo lo creí durante seis meses. Hasta que Claude Code generó tres veces seguidas un sistema de cupones que se aplicaba descuento a sí mismo.

La primera vez me reí. La segunda asumí que el prompt era el problema. La tercera cerré el editor, abrí un archivo YAML y empecé a escribir OpenAPI con la cara de quien acaba de perder una discusión con la realidad.

Este artículo es una guía práctica. Si tú también escuchaste que "el spec es overhead" y quieres saber por qué la onda de 2026 está volviendo al spec-first con asistentes de IA, acá tienes el flujo completo, los tres patrones que funcionan y las trampas en las que caí.

## Por qué el "solo escribir el prompt" ya no alcanza en 2026

El flujo que todo el mundo probó al menos una vez: abrir Claude Code, decir "haz un checkout con descuento de socio y campo de promo", mirar al agente generar 400 líneas de Flask con confianza, ejecutar, fallar, reescribir el prompt. Repetir hasta que pierdes la paciencia o subes algo que más o menos funciona.

El problema está en otro lado: tú mismo no aclaraste las reglas. Cuando le pides "10% de descuento de socio, promos sumables, máximo 30% del total" sin formalizar nada, el modelo adivina. Adivina distinto cada vez. Y un modelo confiado adivinando es exactamente cómo aparecen bugs como "el cupón se aplica a sí mismo".

Sí, soy el ingeniero que dijo "es solo prompt" en un hilo la semana pasada y después gastó cinco rondas de PR explicando qué quería decir "solo".

## Los 15 minutos que ahorran 5 rondas de PR

Por terquedad, hice lo que llamaba overhead. Escribí un OpenAPI. Endpoint, forma del request, forma del response, códigos de error, restricciones por campo. Quince minutos.

```yaml
paths:
  /api/orders:
    post:
      requestBody:
        application/json:
          schema:
            customer_id: string
            items: array of OrderItem
            promo_code: string | null
      responses:
        201:
          schema:
            order_id: string
            subtotal: integer (minimum 0)
            member_discount: integer (0..subtotal * 0.1, integer)
            promo_discount: integer
            total: integer
            applied_rules: array of string
        400:
          schema:
            error: { code, message }
```

Y un Gherkin con tres escenarios. Socio sin promo. No socio con promo. Socio con promo donde el tope del 30% activa.

```gherkin
Escenario: Socio con promo, limitado al 30% del total
  Dado un socio autenticado
  Y un carrito con subtotal de USD 100
  Cuando aplica el promo "OTOÑO5"
  Entonces member_discount es USD 10
  Y promo_discount es USD 20
  Y total es USD 70
  Y applied_rules contiene "socio" y "promo:OTOÑO5"
```

Le pasé los dos archivos a Claude Code con una sola frase: "implementa estas specs en Flask, con validación y manejo de errores". Generó alrededor del 80% de la implementación en tres minutos. El 20% restante era lógica de dominio real (qué cuenta como "sumable", qué pasa en el tope). Eso lo escribí yo. El spec hacía imposible confundirse al respecto.

Quince minutos de YAML para borrar cinco rondas de PR. La versión ruidosa de ahorrar quince minutos gastando dos horas, salvo que esta vez los gasté del lado correcto.

## Por qué el spec funciona (no es magia, es un forcing function)

La razón no tiene que ver con que Claude Code se vuelva más inteligente cuando le das más texto. Tiene que ver con lo que tú, humano, te ves obligado a pensar mientras escribes el spec.

Cuando escribo `member_discount: integer (0..subtotal * 0.1, integer)`, me comprometí con la idea de que el descuento de socio es como máximo el 10% del subtotal, en centavos enteros. El spec no puede generar una versión que "aplica el cupón a sí mismo" porque el spec no tiene un destinatario con forma de cupón para esa recursión. La ambigüedad muere en el YAML antes de mutar a bug en Python.

Esto no es invento mío. La ola de herramientas spec-first de 2026 ([OpenSpec](https://github.com/Fission-AI/OpenSpec), [cc-sdd](https://github.com/gotalab/cc-sdd), [amux](https://amux.io/guides/spec-driven-development/), [Kiro](https://kiro.dev)) está construida sobre la misma observación. GitHub Copilot Workspace ni siquiera te deja saltar el paso: genera una "proposed specification" editable antes de tocar el código, porque el equipo que lo construyó descubrió que el spec es el único artefacto del flujo que un humano puede revisar de verdad.

## Los tres patrones que vale la pena adoptar

Después de un trimestre con este flujo, estos son los tres patrones que tiran del carro.


### Patrón 1: OpenAPI a implementación

**Flujo**:

1. La persona arquitecta escribe el OpenAPI completo del endpoint.
2. Le pide a Claude Code: "implementa este OpenAPI en Flask/FastAPI".
3. El agente genera el 80% del stub: serialización, deserialización, validación básica, manejo de errores HTTP.
4. La persona desarrolladora agrega la lógica de dominio.

**Cuándo aplica**: CRUD, endpoints REST estándar, integraciones con terceros.

**Cuándo no**: lógica de negocio donde el "qué" del spec todavía está en discusión.

### Patrón 2: Gherkin a step definitions

**Flujo**:

1. QA o producto escribe escenarios en Dado/Cuando/Entonces.
2. Le pide a Claude Code: "implementa los step definitions en `pytest-bdd`".
3. El agente genera los esqueletos de las steps.
4. La persona desarrolladora completa la lógica.

**Cuándo aplica**: features con reglas de negocio que tu QA o producto necesita revisar antes del código.

**El movimiento clave**: los mismos escenarios alimentan el prompt de implementación y el de tests. Así el agente no puede divergir entre "lo que el código hace" y "lo que el test verifica". La divergencia entre ambos es donde los bugs llegan a producción.

### Patrón 3: Spec a property tests

A partir del schema OpenAPI:

```yaml
price:
  type: integer
  minimum: 0
  maximum: 1000000
```

Le pides a Claude Code generar property-based tests con Hypothesis o fast-check. Salen automáticamente los boundary cases:

```python
def test_price_minimum(): ...
def test_price_maximum(): ...
def test_price_negative(): ...   # debe rechazar
def test_price_overflow(): ...
def test_price_null(): ...
```

**Cuándo aplica**: cualquier campo numérico, fechas, strings con regex. O sea, casi todos.

Es el patrón que más subutilicé los últimos años y del que más me arrepiento. Property tests cubren el espacio de errores que tu cerebro no recuerda enumerar a las 11 PM de un viernes.

## Las trampas que me costaron caro

Tres cosas te van a morder si no prestas atención.

### Trampa 1: specs vagos generan código vago

Si tu OpenAPI dice `discount: number` en lugar de `discount: integer (0..subtotal*0.1)`, el modelo adivina. Adivina distinto cada vez. Un spec vago es una fábrica de alucinaciones que pagas en horas-PR.

SDD funciona como forcing function sobre ti. Nada de hechizos mágicos.

### Trampa 2: nunca confíes en el código generado sin revisarlo

Bugs que subí a producción desde código generado en los últimos tres meses:

- Una query SQL armada con concatenación de strings (inyección esperando suceder).
- Un JWT guardado en `localStorage` (tenía que ser `httpOnly` cookie).
- Un N+1 silencioso sobre una tabla de mil filas.

El agente no escribió ninguno de esos por maldad. Los escribió porque nada en el spec decía "no". Los specs necesitan una sección de constraints explícitos. Si quieres ver lo creativo que se pone un agente cuando no hay constraints, mira [mi artículo sobre 24 horas de agente autónomo](/es/blog/agente-ia-autonomo-24-horas-seguridad/).

### Trampa 3: el agente agrega requisitos que no pediste

Vi a Claude Code agregar autenticación a un endpoint cuyo spec decía "público, solo rate-limited". El agente había leído suficiente Stack Overflow para creer que todo endpoint debería estar autenticado, y silenciosamente metió un check.

Los specs tienen que ser explícitos sobre lo que el sistema *no* hace, no solo sobre lo que sí hace. Una sección `## Out of scope` con "auth: ninguna en este endpoint" evita exactamente este caso.

## Checklist práctica para empezar mañana

Si quieres implementar este flujo en tu proyecto LatAm el próximo sprint, esta es la lista mínima:

- [ ] Escribe el OpenAPI del endpoint que vas a tocar (15 minutos máximo)
- [ ] Escribe tres escenarios Gherkin: camino feliz, edge case, error
- [ ] Agrega una sección `## Out of scope` con auth, rate limit, cache, lo que el agente pueda inventar
- [ ] Asegúrate de que tu `CLAUDE.md` describa convenciones del proyecto
- [ ] Pásale los tres archivos a Claude Code
- [ ] Genera. Revisa el diff contra el spec, no contra la "intuición"
- [ ] Ejecuta los property tests que el spec generó

Es un flujo que se siente burocrático los primeros tres usos y se siente liberador desde el cuarto. La trampa es no abandonarlo en el primer caso donde el spec parece "obvio". El spec es la red de seguridad para los casos donde el agente y tú van a estar en desacuerdo, no para los casos donde están de acuerdo.

## Contexto regional: por qué LatAm tiene una ventaja acá

Dos cosas juegan a favor de los equipos LatAm que adoptan spec-driven development con IA en 2026.

**Primera: la regulación todavía es maleable.** A diferencia de Europa con AI Act o Brasil con LGPD muy madura, los marcos regulatorios en México, Argentina, Colombia y Chile están en proceso. Adoptar specs auditables ahora te pone en posición de cumplir cuando llegue la normativa, en vez de tener que adaptar todo después.

**Segunda: el inglés del spec no es barrera.** OpenAPI y Gherkin se pueden escribir en inglés (estándar de la industria) o en español. Yo recomiendo Gherkin en español para que tu QA y producto puedan revisarlo, y OpenAPI en inglés para que las herramientas (Swagger UI, generadores de cliente) funcionen sin sorpresas.

## Conclusión: el spec es el pedal de freno

Spec-driven development no es una metodología que adoptas porque alguna consultora se la vendió a tu CTO. Es el mecanismo más barato que conozco para no estar en desacuerdo con un junior rápido, confiado y ligeramente borracho.

Los asistentes de IA no le bajan el valor al spec. Convierten specs ambiguos en bugs caros más rápido que cualquier humano. El spec es el pedal de freno. Sin pedal, igual vas rápido. Solo que vas rápido hacia donde apuntaba el training data del agente la última vez.

Quince minutos de YAML. Cinco rondas de PR borradas. Empieza por el próximo endpoint que toques.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/es/)*

---

# Traduje mi blog a 4 idiomas. El portugués recibió casi 4× más tráfico que el inglés.

URL: https://kenimoto.dev/es/blog/traduje-blog-4-idiomas-portugues-4x-trafico/
Lang: es
Date: 2026-05-21
Description: En 22 días: PT 748 PV, EN 195 PV, JA 27 PV, ES 7 PV. Pensé que el español iba a ganar por volumen de hablantes. Me equivoqué en cada eje. Esto es lo que aprendí sobre LLMO multilingüe, con los números en la mesa.

Cuando decidí traducir este blog a 4 idiomas, tenía un orden claro en la cabeza. El inglés iba a ganar por volumen. El español iba a quedar en segundo lugar por el número de hablantes. El japonés iba a mantenerse estable porque es mi idioma nativo. El portugués lo agregué casi por completismo, pensando que iba a quedar último.

22 días después, el snapshot de GA4 desmiente cada uno de esos pronósticos.


- **PT: 748 pageviews**, 709 sesiones
- **EN: 195 pageviews**, 176 sesiones
- **JA: 27 pageviews**, 29 sesiones
- **ES: 7 pageviews**, 7 sesiones

Eso significa que el PT está sacando casi 3,8× al inglés, 28× al japonés y 107× al español, en el mismo blog, con la misma cadencia de publicación y la misma persona escribiendo. Un solo artículo en PT (el del agente autónomo de 24 horas, 375 PV) tuvo más pageviews que todo mi blog en inglés sumado.

Escribí el artículo esperando que el ES me sorprendiera. El que vino a sorprenderme fue el PT, y el ES siguió silenciosamente sin existir.

Y antes de avanzar: este post tiene una sección concreta para ti, lector LatAm, sobre qué hace falta en español para que esto se invierta. Porque si la conclusión termina siendo "el portugués es mágico", entonces no aprendí nada.

## El contexto, para que puedas descontar mis números honestamente

No es un experimento limpio. Es un solo blog, [kenimoto.dev](https://kenimoto.dev), con 4 directorios de idioma (`/en/`, `/ja/`, `/pt/`, `/es/`). Los artículos pasan por un pipeline de traducción con LLM y después yo los reviso a mano para ajustar el registro y la localización (PT-BR vs PT de Portugal, español LatAm-neutro vs español de España). La ventana: del 2026-04-30 al 2026-05-21, 22 días de snapshot.

EN tiene 26 artículos, JA tiene 25, PT tiene 17 y ES tiene 10. O sea, el PT tiene menos artículos que el EN y aun así gana casi 4 a 1.

Si dejas de leer aquí, llévate esto: **la asimetría de idioma se come a la asimetría de cantidad de artículos**. Agregar un artículo en un idioma saturado es más lento que agregar un artículo en un idioma vacío.

## Por qué el PT se adelantó

No es que al lector brasileño le caiga mejor, lamentablemente. Son tres asimetrías apiladas.


### 1. TabNews es una puerta de entrada real que el inglés no tiene

[TabNews](https://www.tabnews.com.br/) es una comunidad de desarrolladores brasileños donde puedes publicar un artículo técnico y que lo lean humanos el mismo día, sin tener audiencia previa. No existe un equivalente limpio en inglés. Hacker News existe, pero la barrera para que un desconocido aparezca es muchísimo más alta, y la superficie temática es más angosta.

Cuando hago cross-post del mismo artículo en TabNews (PT) y en Dev.to (EN), TabNews entrega tráfico de referral consistente. Dev.to no entrega casi nada, a menos que ya tengas seguidores. Esa diferencia aparece directo en GA4.

### 2. Los SERP de AI-search en portugués están menos saturados

El contenido LLMO en inglés es un mercado saturado. Hay miles de artículos decentes peleando por los mismos prompts en ChatGPT, Perplexity, Gemini. El share of voice de un sitio chico es proporcionalmente cero.

En portugués el espacio está mucho más vacío. Cuando un motor de AI-search necesita una fuente en PT para responder "spec-driven development com Claude Code", hay muchos menos candidatos para elegir. La primera respuesta razonable en PT gana. La primera respuesta razonable en EN queda enterrada.

Esto coincide con lo que reportan herramientas de visibilidad multilingüe como [Peec AI](https://llmpulse.ai/blog/best-ai-visibility-tools/): la cobertura de idioma se volvió ventaja competitiva, porque la mayoría de las marcas optimiza inglés primero y nunca llega a los otros 114 idiomas.

### 3. Soy early-mover en `/pt/llms.txt`

La mayoría de los sitios grandes de devs BR todavía no publica llms.txt. Varios sitios grandes de devs en español LatAm tampoco. Yo publico `/pt/llms.txt`, `/es/llms.txt`, `/ja/llms.txt`, `/en/llms.txt` desde el día cero. En inglés esto es simple higiene, todo el mundo lo tiene. En portugués todavía da una ventaja chiquita.

Ya escribí antes sobre el caso de TRM, que creció los referrals desde ChatGPT en 8.337% haciendo lo básico de LLMO de manera consistente. La versión multilingüe de esa lección es: lo básico compone más rápido en los idiomas donde lo básico todavía es raro.

## Qué le falta al español LatAm para que esto se invierta

Acá viene la parte que importa para nosotros. El PT no ganó porque el idioma sea mágico. Ganó porque tuvo una puerta de entrada de comunidad. El español LatAm no la tiene, todavía.

Lo que hay:

- **Stack Overflow en español**: existe, pero el formato Q&A no funciona como discovery de artículos.
- **[Platzi](https://platzi.com), [Código Facilito](https://codigofacilito.com)**: excelentes, pero no son plataformas abiertas de publicación.
- **Comunidades hispanas en X/Twitter, LinkedIn**: distribuidas, sin un hub claro.
- **dev.to en español**: existe pero la masa crítica de lectores no acompaña.

Lo que haría falta: un equivalente de TabNews para LatAm. Un sitio donde un dev de Buenos Aires, Ciudad de México, Bogotá o Santiago pueda publicar un artículo técnico y que otros devs lo lean el mismo día sin algoritmo de por medio. Si sabes de algún hub así que esté funcionando ahora mismo, escríbeme, en serio.

Mientras tanto, mi blog en ES está en una zona rara: la competencia en AI-search también es menor que en EN (viento a favor), pero la puerta de entrada de comunidad no existe (viento en contra). Resultado: pageviews de un solo dígito.

## Por qué el JA recibió 1/27 del PT (escribir esto duele)

El japonés es mi idioma nativo. La versión JA la escribo yo, no es traducción, así que el texto es el más limpio de los cuatro. Y aun así el blog en JA recibió 27 pageviews. Veinte. Y siete.

La razón honesta es que el dev japonés lee mayoritariamente [Qiita](https://qiita.com) y [Zenn](https://zenn.dev), no blogs independientes. Publicar en mi dominio en japonés es pedirle al lector que salga de su hábitat. Publicar el mismo artículo en Zenn da decenas de lecturas el día uno.

Entonces la estrategia JA hay que cambiarla. El blog no compite con Qiita/Zenn por tráfico humano JA; queda como archivo canónico para que los crawlers de AI indexen, mientras Qiita/Zenn hacen el trabajo de tráfico humano. Es lo opuesto al lado PT, y está bien así. Idioma diferente, distribución diferente.

## Checklist de LLMO multilingüe que me hubiera servido el día uno

Si estás a punto de traducir tu blog a N idiomas, este es el playbook que le pasaría al yo del pasado:

1. **Para cada idioma objetivo, identifica la puerta de entrada de la comunidad antes que cualquier otra cosa.** No el tamaño de la audiencia. La puerta. Brasil tiene TabNews. Japón tiene Qiita/Zenn. Inglés tiene Hacker News pero la barrera es brutal. Español LatAm: lo estamos buscando juntos.
2. **Publica `/{idioma}/llms.txt` el día cero.** Son 15 minutos por idioma. La mayoría de los sitios no-inglés no lo tiene. Es el moat más barato que vas a construir, y el [llmoframework.com](https://llmoframework.com) lo trata como ítem central del playbook multilingüe.
3. **Configura los filtros de prefijo de idioma en GA4 antes de publicar.** Si no, te pasas el mes 2 haciendo retrofit de analytics en vez de escribir.
4. **Resiste la tentación de traducir todo.** Traduce el 20% de artículos con más chance de caer en la puerta de entrada de la comunidad. El resto puede esperar hasta que valides el canal de distribución.
5. **Trata el share of voice de AI-search de cada idioma como KPI separado.** Pasas los mismos prompts relevantes para tu marca por ChatGPT, Perplexity, Claude.ai en cada idioma, mensual. Las asimetrías son enormes y solo puedes gestionar lo que mides.

## Qué voy a hacer ahora

- Duplicar la cadencia PT, de 1/semana a 2/semana, para medir si el referral de TabNews escala linealmente o satura.
- Reencuadrar el JA: blog como archivo para crawlers de AI, Zenn/Qiita como superficie de distribución humana.
- Buscar la puerta de entrada de comunidad LatAm que falta, probablemente experimentando en 3 hubs distintos al mismo tiempo.
- Dejar la cadencia EN como está. El mercado en inglés está saturado; mi artículo marginal ahí vale menos que mi artículo marginal en PT.

Si te resistías al multi-idioma porque "no tengo tiempo", considera esto: el idioma con mayor ROI sobre tu tiempo puede no ser el de mayor número de hablantes. Puede ser el de menor competencia en la capa de AI-search y con la comunidad más abierta para recibir gente nueva.

En mi blog ese fue el portugués. En el tuyo puede ser indonesio, coreano, polaco, o incluso el español LatAm si entre todos armamos la puerta que ahora mismo no existe.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/es/)*

---

# Dividí mi agente en 3 roles y elegir 5 temas pasó de 20 a 3 minutos

URL: https://kenimoto.dev/es/blog/tres-roles-observer-strategist-marketer-separacion/
Lang: es
Date: 2026-05-14
Description: Un agente con WebSearch tomaba 20 min para elegir 5 temas y quemaba 120k tokens. Dividirlo en Observer, Strategist y Marketer bajó a 3 min y 60% menos tokens.

Yo creía que un solo agente haciendo todo era elegante. Una llamada `claude -p`, "elige los temas de hoy y escribe el principal", listo. Elegir 5 temas tomaba 20 minutos.

Lo dividí en tres agentes y el mismo trabajo pasó a tomar 3 minutos. El costo en tokens bajó alrededor del 60%. Cada agente, por separado, sabe hacer menos. El pipeline entero quedó más rápido.

El truco no es "más agentes". El truco es sacarle WebSearch al agente que decide.


## El setup de 1 agente que tomaba 20 minutos

La configuración original era un prompt, un agente, una ejecución:

> "Revisa los datos de GA4 de ayer, elige 5 temas para hoy y escribe el de mayor prioridad."

El agente tenía habilitado `Bash, Read, Write, Edit, Grep, Glob, WebSearch, WebFetch`. Todo lo que pudiera llegar a necesitar.

Por cada tema candidato hacía más o menos lo mismo: WebSearch para "ver qué es tendencia ahora en este nicho", WebSearch otra vez para confirmar la tendencia, WebSearch una tercera vez para cruzar con la competencia. Cinco temas, tres o cuatro búsquedas cada uno, 15 a 20 búsquedas por ejecución. Cada búsqueda volcaba algunos miles de tokens de resultado en el contexto.

Cuando el agente estaba eligiendo el tercer tema, el contexto de decisión ya tenía más de 40 mil tokens de resultados de búsqueda de los temas 1 y 2. La relación señal-ruido colapsaba. El agente empezaba a elegir temas que "sonaban confirmados por noticias recientes" en vez de temas que coincidían con el material que yo tenía en stock.

El síntoma visible era el tiempo: cerca de 20 minutos por ejecución. El síntoma oculto era la deriva. En la revisión semanal yo sobrescribía las elecciones del agente con frecuencia, porque no coincidían con el contenido que tenía listo.

## Por qué WebSearch en el loop de decisión es una trampa

WebSearch está bien. WebSearch dentro del loop de decisión es la trampa.

Pasan dos cosas cuando dejas que el juez busque:

**Tiempo:** una búsqueda son 5 a 20 segundos. Cinco temas por cuatro búsquedas son 100 segundos esperando, antes de contar lectura y razonamiento. Para una persona haciendo una sola pregunta es nada. Para un job automatizado que se ejecuta todos los días, se suma rápido.

**Contaminación de contexto:** cada resultado mete 2 mil a 5 mil tokens de texto raspado de HTML en el contexto de decisión. Nada de eso fue estructurado para responder "¿este tema sirve para mi contenido?". Fue estructurado para SEO. El juez termina razonando sobre una pila de copy de marketing, en vez de razonar sobre sus propios datos.

El arreglo es poco glamoroso. El juez no debe tener WebSearch. WebSearch pertenece al que escribe.

## Rol 1: Observer — solo recolecta

El trabajo del Observer es "traer los números de ayer y escribirlos en un archivo". Eso es todo.

Entradas: GA4, API de Zenn, API de Dev.to, logs de ayer. Salida: `domains/<nombre>/data/snapshot-YYYY-MM-DD.json`.

Herramientas permitidas:

```bash
claude -p "$(cat scripts/prompts/observer-prompt.txt)" \
  --allowed-tools "Bash,Read,Write"
```

Sin WebSearch, sin WebFetch, sin Edit. El Observer llama a tres APIs con `curl` y escribe un único archivo JSON. Si trata de pasarse de listo e "interpretar los datos", el prompt le dice que no. El schema también lo sujeta: los campos son `total_views`, `top_performers_3`, `errors_yesterday`. No existe un campo `recommendation`, así que no hay dónde meter un juicio aunque quisiera.

Suena a una rebaja. Lo es, en el mismo sentido en que una función de un solo propósito es "rebaja" frente a un god object. Cuando el Observer falla, sé exactamente cuál API se rompió, porque eso es lo único que hace.

## Rol 2: Strategist — solo decide, sin WebSearch

El Strategist lee lo que escribió el Observer, lee `strategy.md` para las reglas, lee los últimos 30 días de temas publicados como lista de exclusión y elige 5 temas. Nada más.

```bash
claude -p "$(cat scripts/prompts/strategist-prompt.txt)" \
  --allowed-tools "Bash,Read,Write,Edit,Grep,Glob"
```

Fíjate qué falta: `WebSearch`, `WebFetch`. Sacados físicamente del allow-list. El Strategist literalmente no puede alcanzar internet.

Esta fue la parte que más me costó aceptar. "¿Cómo decide los temas de hoy sin ver qué es tendencia?" La pregunta estaba mal. La buena es: ¿estoy escribiendo temas que están reventando en otros lados o temas que coinciden con mi stock de contenido?

El Strategist ve:

- Tres meses de mis propios datos de performance (qué se leyó)
- Mi stock de contenido (capítulos de libro, borradores no publicados)
- Lista de exclusión de 30 días (qué ya escribí)
- Mi propio `strategy.md`

Con eso alcanza para elegir 5 temas en unos 90 segundos, no 20 minutos. El consumo de tokens por ejecución del Strategist bajó de unos 80 mil a unos 20 mil, porque ya no hay resultados de WebSearch que leer.

"Sumar evidencia con WebSearch" sonaba a buena idea. En la práctica sumó 8 búsquedas redundantes y 40 mil tokens de ruido.

## Rol 3: Marketer — ejecuta, con WebSearch habilitado

El Marketer lee la salida del Strategist, toma el tema de mayor prioridad y escribe el artículo. Aquí es donde aparece WebSearch:

```bash
claude -p "$(cat scripts/prompts/marketer-prompt.txt)" \
  --allowed-tools "Bash,Read,Write,Edit,Grep,Glob,WebSearch,WebFetch"
```

El Marketer usa WebSearch para investigación de ejecución:

- "Versión estable de LangGraph en 2026"
- "URL oficial de Building Effective Agents de Anthropic"
- "Plan de precios de Inngest para workflows con cron"

Esto es citación y chequeo de versiones, no decisión. "¿Conviene escribir este tema?" ya está resuelto. El WebSearch del Marketer está acotado al artículo que tiene enfrente.

De ahí caen dos consecuencias:

1. El costo se localiza. El gasto de WebSearch vive dentro del Marketer, donde produce salida visible. El costo por ejecución del Strategist quedó tan bajo que lo ejecuto varias veces por semana sin pensarlo.
2. La falla se localiza. Cuando WebSearch está inestable o caído, solo se rompe el que escribe. El Strategist sigue entregando los temas del día. El Observer sigue registrando los números de ayer. El flujo degrada, no se detiene.

## La cadena cron: cómo se conectan los tres roles

Los tres agentes no comparten conversación. Comparten archivos.

```text
07:00  Observer    → escribe snapshot-2026-05-14.json
09:00  Strategist  → lee snapshot, escribe strategist-2026-05-14.md
10:00  Marketer    → lee strategist.md, escribe borradores + agenda publicación 22:00
22:00  Observer    → registra tracción inicial del día → entrada de mañana
```

Esto lo ejecuto como cron simple en un VPS pequeño. La versión corta es una línea por job con `set -euo pipefail`, `trap ... ERR`, un ping de falla a Telegram y un lock file. Unas 30 líneas de shell por rol.

Si prefieres durabilidad administrada en vez de cron, [Temporal Schedules](https://temporal.io/blog/orchestrating-ambient-agents-with-temporal), [el trigger cron de Inngest](https://www.inngest.com/) y [GitHub Actions cron](https://docs.github.com/es/actions/using-workflows/events-that-trigger-workflows#schedule) entran todos en la misma forma. La arquitectura no se preocupa por cuál de los tres la lleva. Yo uso cron porque el modo de falla es "el servidor está apagado", y eso lo noto rápido.

El handoff siempre es un archivo en disco. JSON para el snapshot, Markdown para el log del strategist, Markdown para el log del marketer. Legible por humano, con fecha, replayable. Puedo volver a ejecutar el Marketer de ayer contra el archivo del Strategist de ayer cambiando una variable de entorno. `Backfill` gratis, sin heredar Airflow.

## Sub-agent vs separación en roles — no confundir

Tengo otro post sobre [ejecutar tres sub-agentes de Claude Code en el mismo PR y verlos discordar en 41% de los comentarios](https://kenimoto.dev/es/blog/tres-sub-agentes-revisaron-mismo-pr-40-desacuerdo). A veces me preguntan si es lo mismo que estoy describiendo aquí.

No lo es. Se parecen en una diapositiva y se comportan distinto en la práctica.

| | Sub-agent (Task tool de Claude Code) | Separación en roles (cron) |
|---|---|---|
| **Alcance** | Misma sesión, mismo agente padre | Tres procesos, tres ejecuciones |
| **Estado** | El padre pasa el contexto como entrada | Archivo en disco |
| **Tiempo** | Sincrónico, el padre espera | Asincrónico, con horas de diferencia |
| **Falla** | El padre maneja el retry | Cada job reintenta por su cuenta |
| **Caso de uso** | "Explorá este repo en paralelo" | "Corré el PDCA de ayer cada mañana" |

Sub-agent sirve para *paralelismo dentro de una tarea*. Separación en roles sirve para *pipelines desplazados en el tiempo*. Mezclarlos te da lo peor de los dos: la superficie de debug del cron, más la deriva de contexto compartido de los sub-agents.

La regla que uso: si la respuesta tiene que volver en la misma conversación, es sub-agent. Si la respuesta tiene que sobrevivir a un reinicio del servidor, es un job de cron separado.

## Guía práctica: matriz de roles y allow-list

Antes de armarlo en tu propio loop, esta es la matriz que conviene tener clara desde el principio:

| Rol | Lee | Escribe | WebSearch | Hora de ejecución |
|---|---|---|---|---|
| **Observer (AM)** | APIs, logs de ayer | `snapshot-YYYY-MM-DD.json` | No | 07:00 |
| **Strategist** | snapshot, strategy.md, lista de exclusión | `strategist-YYYY-MM-DD.md` | **No** | 09:00 |
| **Marketer** | strategist.md, stock | Borradores + log marketer | **Sí** | 10:00 |
| **Observer (PM)** | Métricas del día | Snapshot vespertino | No | 22:00 |

Los dos elementos no negociables son: (1) Strategist sin WebSearch en el allow-list, (2) el handoff entre roles siempre es un archivo con fecha. Si rompes uno de los dos, pierdes la mayor parte de la ganancia.

## En la región

Aquí en la región, los agentes IA ya están en producción. [Mercado Pago lanzó un Asistente Personal con IA en Argentina](https://news.mercadolibre.com/asistente-virtual-mercado-pago-argentina-2026) con más de 100 funcionalidades disponibles. [Rappi implementó Amazon Connect con herramientas de IA](https://www.infobae.com/tecno/2026/05/08/como-la-nube-de-aws-se-convirtio-en-el-motor-que-sostiene-la-operacion-de-rappi/) como parte de su plan de automatización regional. Nubank procesa millones de transacciones en tiempo real con IA. Ninguno de esos equipos pone un único agente a hacer observación, decisión y ejecución en un mismo loop. En escala, separar los roles es lo que vuelve al pipeline confiable.

## Números medidos

Estos son mis números corriendo ambos setups sobre el mismo stack de contenido.

| Métrica | 1 agente | 3 roles | Cambio |
|---|---|---|---|
| Tiempo para elegir 5 temas | ~20 min | ~3 min | -85% |
| Tokens por ejecución diaria | ~120k | ~45k | -62% |
| Gasto mensual de API | ~USD 60 | ~USD 22 | -63% |
| Re-elección de tema (revisión semanal) | 2-3/sem | 0-1/sem | baja |
| Caída de WebSearch detiene el flujo | sí | no | resuelto |
| Tiempo medio para debuggear falla | 30-60 min | 5-10 min | -80% |

La cuenta de tokens fue la que me sorprendió. Yo asumía que dividir en tres agentes iba a *aumentar* el consumo total por contexto duplicado. No aumentó. El tráfico de WebSearch que desapareció era más grande que el overhead nuevo por rol.

El tiempo de debug es el que pesa día a día. Con un solo agente, "el job falló a las 09:14" no me dice nada. Con tres roles, "el Strategist falló a las 09:14" me dice qué script de 30 líneas abrir.

"Sumar agentes lo hizo más rápido" suena raro a primera vista. Solo es más rápido porque saqué WebSearch del loop de decisión. La división fue lo que permitió quitarlo de verdad: en el momento en que el Observer y el Strategist ya no podían alcanzar internet, la tentación de "una búsqueda más" desapareció.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/es/)*

---

# Ejecuté 3 sesiones de Claude Code en paralelo durante 8 horas. Se sobrescribieron 2 veces. Guía LatAm de orquestación segura.

URL: https://kenimoto.dev/es/blog/tres-sesiones-claude-code-paralelo-8h-2-colisiones/
Lang: es
Date: 2026-05-27
Description: Tres sesiones de Claude Code, tres git worktrees, un solo directorio .claude/ compartido. Ocho horas después, dos archivos de memoria corruptos y USD 47 en tokens rehaciendo trabajo que ya existía.

Tenía tres ideas en paralelo y tres terminales abiertas. La cuenta parecía obvia: abrir tres sesiones de Claude Code, una por worktree, dejar que cada una trabajara en una branch independiente, y subir más o menos 3x mi throughput de la tarde. La documentación oficial recomienda exactamente eso. La app de escritorio [crea worktree automáticamente](https://code.claude.com/docs/en/worktrees) para cada sesión nueva. Está presentado como el patrón seguro.

Ocho horas después tenía dos archivos de memoria corruptos, un archivo de Skill con un párrafo que nunca escribí, y una factura de aproximadamente USD 47 en tokens rehaciendo trabajo que ya existía en otra worktree. La configuración era segura sobre el papel. El estado compartido no.

Este post es el log de las 8 horas. Qué configuré, cuándo ocurrieron las dos colisiones, qué se estaba sobrescribiendo en realidad, y los tres patrones pequeños que uso ahora para evitar que sesiones paralelas se coman entre sí.

## La configuración que parecía segura

Tres sesiones de Claude Code, cada una en una worktree separada del mismo repositorio. Tres branches: `feat/voice-buffer`, `fix/og-emit`, `feat/citation-tracker`. Ninguna branch tocaba los mismos archivos fuente. Lo verifiqué dos veces antes de empezar.

```bash
# Terminal A
git worktree add ../wt-voice-buffer feat/voice-buffer
cd ../wt-voice-buffer && claude

# Terminal B
git worktree add ../wt-og-emit fix/og-emit
cd ../wt-og-emit && claude

# Terminal C
git worktree add ../wt-citations feat/citation-tracker
cd ../wt-citations && claude
```

Cada sesión leía el mismo contexto de sistema: el `CLAUDE.md` del repositorio, el `~/.claude/CLAUDE.md` de usuario, el directorio `~/.claude/skills/`, y el directorio `~/.claude/projects/<repo>/memory/`. Las worktrees están aisladas en la capa de git. Todo lo demás queda compartido.

Me di cuenta de la implicación recién en la hora 8, con un archivo de memoria corrupto abierto en la pantalla. Las worktrees aíslan el código fuente. No aíslan el "cerebro" del Claude.

## Colisión 1: hora 3:42, el archivo de Skill

Lo primero en romperse fue un archivo de Skill que no había tocado en todo el día.

La sesión A estaba arreglando el voice buffer y en algún momento se preguntó: "¿hay alguna Skill para buffers de streaming WebRTC?". No había. Escribió una nueva en `~/.claude/skills/voice-buffer/SKILL.md` y siguió trabajando. En la misma ventana de unos 8 minutos, la sesión C armaba el citation tracker y se preguntó: "¿hay alguna Skill para parsear atribuciones de fuente?". No había. Escribió una en `~/.claude/skills/citation-source/SKILL.md`.

Hasta ahí ninguna colisión. Archivos distintos, temas distintos. La documentación oficial no me daba motivo para sospechar.

La colisión vino de un tercer archivo: `~/.claude/skills/_index.md`, que ambas sesiones decidieron actualizar al registrar la Skill nueva. La sesión A escribió primero. La sesión C, leyendo el archivo 30 segundos después, vio la versión *previa* a la escritura de A, agregó su propia Skill y guardó. El registro de la Skill voice-buffer desapareció del índice. La sesión A no tenía cómo enterarse, porque ya había pasado a la siguiente tarea.

Me enteré en la hora 5 cuando le pregunté a la sesión B (que estaba en silencio con el fix del OG): "¿el índice de Skills ya incluye voice-buffer?". Respondió que no. Lo confirmé. Estaba en lo cierto. El archivo de Skill que escribió A estaba en disco, pero el índice que apuntaba ahí había sido sobrescrito.

Así se ve un estado compartido sin lock. Dos escritores, last-write-wins, sin aviso, sin merge.

## Colisión 2: hora 6:18, el archivo de memoria

La segunda colisión fue peor, porque se comió trabajo que quería conservar.

Uso `~/.claude/projects/<repo>/memory/` para guardar notas pequeñas y persistentes que el agente debería recordar entre sesiones: un `architecture.md` con el mapa de componentes, un `feedback.md` con preferencias de estilo, un `project.md` con prioridades actuales. Los tres los escribe el propio Claude, ocasionalmente, cuando la persona usuaria dice "recuerda esto" o cuando el agente decide por su cuenta que algo vale la pena guardar.

A la hora 6:18, la sesión A terminó el trabajo en voice buffer y se preguntó: "¿debería guardar lo que aprendí sobre los invariantes del buffer de audio?". Leyó `architecture.md`, agregó una sección, guardó. A la hora 6:19, la sesión B terminó el fix del OG y se preguntó: "¿debería registrar el bug del doble og:type como gotcha conocido?". Leyó `architecture.md` (la versión pre-A, todavía en caché en su contexto), agregó su propia sección, guardó.

Las notas de voice buffer de A desaparecieron. Ocho minutos de invariantes cuidadosos, fuera, reemplazados por un párrafo sobre emisión de meta tag que era correcto pero de otro tema.

Solo lo pesqué porque, a la mañana siguiente, hice grep de "buffer invariant" y no apareció nada. Si no hubiera buscado, las notas simplemente no existirían en ninguna sesión futura de Claude Code. El agente nunca habría sabido que tenía que preguntar. No hay log de error para "archivo de memoria sobrescrito en silencio por proceso hermano".

## Qué estaba realmente roto

Las worktrees resuelven el problema del filesystem. Dos sesiones escribiendo el mismo `src/voice/buffer.ts` generarían un conflicto de git, que es ruidoso y recuperable. Dos sesiones escribiendo el mismo `~/.claude/skills/_index.md` generan un overwrite silencioso, que es mudo y no.

En concreto, la premisa rota era esta. La guía oficial dice que ["las ediciones en una sesión nunca tocan archivos de otra"](https://code.claude.com/docs/en/worktrees), y eso es cierto en la capa de worktree. No es cierto en la capa del harness, porque el harness (memoria, skills, hooks, settings) vive un directorio por encima de la worktree, en `~/.claude/`, donde cada sesión paralela escribe libremente sin coordinación.

Tres clases de archivo quedan en riesgo, en orden creciente de cuánto van a doler:

1. **Archivos de configuración** (`~/.claude/settings.json`). Colisión rara porque el agente casi no escribe acá. Pero cuando escribe (por ejemplo una Skill pide un permiso nuevo), es last-write-wins.
2. **Archivos de Skills** (`~/.claude/skills/`). Frecuencia media. El punto real de ignición son los índices y catálogos compartidos, no los archivos SKILL.md individuales.
3. **Archivos de memoria** (`~/.claude/projects/<repo>/memory/`). El más doloroso. El agente escribe ahí justo cuando acaba de aprender algo que considera valioso, que es exactamente el trabajo que no quieres perder.

El patrón de worktree paralelo de Anthropic se pensó para código. El harness se pensó para una sesión por vez. Correr las dos cosas a la vez es bug del usuario.


## La lección de USD 47

El costo en plata fue el retrabajo. Después de la colisión del archivo de memoria, la sesión A no tenía registro de los invariantes de voice buffer que acababa de derivar. Cuando arranqué una sesión nueva a la mañana siguiente y le pedí que extendiera el buffer, rederivó los mismos invariantes desde cero, casi del mismo modo, en unos 40 minutos de tokens quemados. Miré el dashboard: alrededor de USD 47 en Sonnet 4.6, más una mañana levemente agria.

Por supuesto también pagué la derivación original. Así que, estrictamente, el trabajo no se "perdió", se "pagó dos veces". La segunda factura era la evitable. La Ley de Brooks tiene un pie de página que nadie cita: "y tus procesos concurrentes van a sobrescribirse las notas, así que vas a pagar parte del trabajo dos veces".

## Checklist LatAm: decisión paso a paso antes de abrir la segunda terminal

Esta es la parte educativa que me hubiera gustado tener antes de las 8 horas. Antes de abrir la segunda sesión de Claude Code en una segunda worktree, recorre estos cinco puntos.

1. **¿Las dos sesiones leen el mismo `~/.claude/CLAUDE.md`?** Si sí, cualquier escritura del agente en ese archivo será un overwrite silencioso. Decide ahora si te molesta.
2. **¿Las dos sesiones escriben en `~/.claude/skills/` o en su índice?** Si sí, aplica el Patrón 2 (write lock) antes de empezar.
3. **¿Las dos sesiones escriben en `~/.claude/projects/<repo>/memory/`?** Si sí, aplica el Patrón 1 (namespace por sesión) antes de empezar.
4. **¿Tienes permisos del agente compartidos en `~/.claude/settings.json`?** Si sí, acepta que el último que escriba gana, o aplica el Patrón 2 también ahí.
5. **¿Cuántas sesiones quieres en paralelo?** Por encima de 4 simultáneas, la documentación oficial te sugiere parar. Acá la sugerencia no es performance: es revisión humana. Tres reportes ya cuestan una hora de merge.

## Los 3 patrones que uso ahora

Después del día de la colisión, cambié tres cosas. Cada una es chica. Ninguna requirió que Anthropic enviara algo nuevo.

**Patrón 1: namespaces de memoria por sesión.** En vez de un `~/.claude/projects/<repo>/memory/` compartido, cada sesión paralela escribe dentro de `~/.claude/projects/<repo>/memory/<branch-name>/`. Lo hago con un `CLAUDE.md` por worktree que le indica al agente su subdirectorio. Al cerrar la sesión, hago merge del subdirectorio al `memory/` principal a mano o con un script chico. Los conflictos aparecen como nombres de archivo duplicados, que es ruidoso y recuperable.

```markdown
<!-- CLAUDE.md por worktree -->

## Ubicación de escritura de memoria

Escribe todos los archivos de memoria en
`~/.claude/projects/repo/memory/feat-voice-buffer/`.
No escribas directo en `~/.claude/projects/repo/memory/`.
```

**Patrón 2: write lock en los índices compartidos.** Para archivos que no puedo separar por namespace (el índice de Skills, settings.json), uso un lock al estilo `flock` alrededor de cada escritura del agente. El agente escribe a través de un wrapper de shell chico que toma lock exclusivo en `~/.claude/locks/skills-index.lock` antes de tocar el archivo. Last-write sigue ganando, pero las escrituras quedan serializadas, y el read previo del agente ve un estado consistente. El wrapper son unas 20 líneas de shell.

```bash
#!/usr/bin/env bash
# ~/.claude/bin/locked-write.sh
target="$1"
lockfile="$HOME/.claude/locks/$(basename "$target").lock"
mkdir -p "$(dirname "$lockfile")"
exec 9>"$lockfile"
flock 9
cat > "$target"
```

**Patrón 3: coordinación vía `.claude/sessions/`.** Cada sesión en ejecución escribe un archivo de heartbeat en `~/.claude/sessions/<pid>.json` con su branch, hora de inicio y los archivos que espera tocar en la capa del harness. Antes de escribir en un índice compartido o un archivo de memoria, la sesión hace grep en el directorio sessions/ buscando reclamos de procesos hermanos sobre la misma ruta. Si encuentra alguno, espera o saltea. Es el más pesado de los tres y el que menos uso, porque los Patrones 1 y 2 atrapan la mayoría de las colisiones reales.

Si ya usaste [sub-agentes de Claude Code para revisión paralela](/es/blog/tres-sub-agentes-revisaron-mismo-pr-40-desacuerdo/), reconoces la forma. El problema no es el modelo. Es la capa de integración que la persona usuaria no sabía que estaba ahí. Los sub-agentes chocan en opiniones dentro de una sesión; las sesiones paralelas chocan en estado a lo largo del harness.

## En qué creo ahora, en serio

Las sesiones paralelas de Claude Code no son gratis, igual que la code review multi-agente no lo es, igual que dejar un agente [funcionando 24 horas](/es/blog/cuanto-cuesta-agente-ia-al-mes-api-suscripcion-local-punto-equilibrio/) no lo es. El costo se mueve de lugar, pero nunca baja a cero. En sesiones paralelas, el costo aparece como overwrite silencioso en tu directorio de harness, 8 horas después de empezar, en un archivo en el que ni pensaste cuando abriste la segunda terminal.

El encuadre de la guía oficial es correcto en la capa de código fuente: "las ediciones en una sesión nunca tocan archivos de otra". Solo se detiene un directorio antes. Las ediciones dentro de `~/.claude/` están encantadas de tocarse entre sí, y lo van a hacer, en el cronograma de last-write-wins, sin log de error que puedas grep después.

Si te llevas una sola cosa de este post: cuando abras la segunda sesión de Claude Code en la segunda worktree, dedica diez segundos a decidir si las dos sesiones comparten Skills, memoria o settings, y si te molesta que cualquiera de las dos se trague en silencio las escrituras de la otra. Si te molesta, agrega el Patrón 1 hoy y el Patrón 2 el primer día en que pegues una colisión real. El Patrón 3 puede esperar a que te encuentres corriendo cinco en paralelo, que es donde la documentación oficial te aconseja amablemente que no lo hagas.

Sigo corriendo sesiones en paralelo. Solo dejé de fingir que el límite de la worktree era el límite entero.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/es/)*

---

# Pedí a 3 sub-agentes de Claude Code que revisaran el mismo PR. Estuvieron en desacuerdo en el 41% de los comentarios.

URL: https://kenimoto.dev/es/blog/tres-sub-agentes-revisaron-mismo-pr-40-desacuerdo/
Lang: es
Date: 2026-05-12
Description: Tres sub-agentes de Claude Code, un PR de 500 líneas, 41% de desacuerdo y una hora gastada decidiendo qué hallazgos conservar. La Ley de Brooks sigue viva en 2026, y baja hasta el nivel de los agentes.

Pensé que la revisión de código con múltiples agentes era una mejora gratis. Tres sub-agentes mirando el mismo PR sonaban como tres pares de ojos al precio del café de un ingeniero.

Luego puse a tres sub-agentes de Claude Code a revisar el mismo PR de refactorización de 500 líneas y los vi estar en desacuerdo en el 41% de los comentarios. El merge tomó una hora que yo había estimado en quince minutos. La Ley de Brooks sigue viva en 2026, y al parecer baja hasta el nivel de los agentes.

Anthropic [anunció en marzo](https://claude.com/blog/code-review) que menos del 1% de los hallazgos internos de su Code Review son marcados como incorrectos por los ingenieros. El número es real, y también es una estadística de gente operando un pipeline finamente ajustado sobre su propio código. Apenas levanté mis propios tres sub-agentes en mi propio repositorio, "estar de acuerdo" dejó de significar lo que yo pensaba.

Esta es la guía del experimento: qué configuré, qué medí y cómo se resuelven los desacuerdos. Si ustedes están pensando en montar un esquema parecido en su equipo, esta es la versión paso a paso, no la versión de marketing.

## La configuración

El PR era una refactorización de 500 líneas en la capa de señalización WebRTC de un proyecto paralelo mío. Ocho archivos, casi todo TypeScript, un par de ajustes de configuración y un nuevo tipo de error. Lo bastante aburrido como para no ser un PR de exhibición, lo bastante complejo como para que un solo revisor dejara cosas pasar.

Tres sub-agentes definidos en `.claude/agents/`, todos con Sonnet 4.6, todos restringidos a herramientas de solo lectura:

```markdown
---
name: explore-reviewer
description: Rastrear llamadores, dependientes y rutas de codigo muerto.
model: sonnet
allowed-tools: Read Grep Glob
---

Eres un arqueologo de codigo. Para cada archivo modificado, encuentra cada
llamador, cada test que lo referencie y cualquier ruta que quede en silencio
despues del cambio. Reporta citas concretas en formato file:line.
Sin opiniones de estilo.
```

```markdown
---
name: security-reviewer
description: Buscar regresiones en auth, validacion y manejo de secretos.
model: sonnet
allowed-tools: Read Grep Glob WebSearch
---

Eres un revisor de seguridad. Concentrate solo en flujos de auth, validacion
de entrada, manejo de secretos y riesgos de dependencias. Estima CVSS para
cada hallazgo. Ignora estilo y arquitectura.
```

```markdown
---
name: plan-architect
description: Evaluar decisiones de diseño contra las convenciones existentes.
model: sonnet
allowed-tools: Read Grep Glob
---

Eres un arquitecto de software. Compara las decisiones de diseño del PR con
las convenciones existentes en este codebase. Señala desviaciones, costuras
faltantes y abstracciones que van a perjudicar a la proxima persona.
```

Cada sub-agente recibió el mismo prompt: "Revisa el PR #482 línea por línea y lista hallazgos como bullets con citas file:line." Cada uno se ejecutó en su propio contexto. Ninguno vio la salida del otro. El único que ensamblaba los resultados al final era yo.


## Cómo se vio el 41% de desacuerdo

Cuando los tres terminaron, tenía 78 comentarios crudos en total. Abrí una hoja de cálculo y etiqueté cada uno como "lo plantearon los 3", "lo plantearon 2 de 3" o "solo 1 de 3 lo planteó".

| Cobertura | Cantidad | Porcentaje |
|---|---|---|
| Los 3 agentes lo marcaron | 14 | 18% |
| 2 de 3 agentes lo marcaron | 32 | 41% |
| Solo 1 agente lo marcó | 32 | 41% |

El balde "lo planteó 1" es lo que yo llamo desacuerdo. Los otros dos sub-agentes tenían exactamente la misma oportunidad de marcar la misma línea, con las mismas herramientas, sobre el mismo diff. Pasaron de largo. Es decir, **hay un 41% de probabilidad de que cualquier hallazgo individual sea la opinión privada de un solo sub-agente**.

El número titular de Anthropic, menos del 1% marcado como incorrecto, se mide de otra forma. Ellos cuentan los hallazgos que un ingeniero cierra explícitamente sin corregir. Yo cuento los hallazgos que dos de tres agentes mirando el mismo código no se molestaron en mencionar. Son preguntas distintas, y la segunda es la que me cuesta tiempo frente a la computadora.

## Los cuatro patrones de desacuerdo

Después de clasificar cada desacuerdo, cuatro patrones cubrían casi todo.

**Deriva de severidad.** El plan-architect marcó una falta de null check como "critical". El security-reviewer vio la misma línea y la clasificó como "low: el llamador ya valida más arriba". Ambos estaban en lo cierto, más o menos. El arquitecto leyó la función aislada. El revisor de seguridad había caminado los llamadores con grep y visto la validación previa. Misma línea, veredictos opuestos.

**Deriva de alcance.** Cuando le pedí revisar el PR, el explore-reviewer me contó alegremente sobre tres bugs preexistentes en archivos que el PR ni tocaba. El plan-architect se rehusó a comentar nada fuera del diff. No tenía forma de saber de antemano cuál comportamiento iba a recibir. Estrictamente, ambas interpretaciones son defendibles. En la práctica, una de ellas me explotó la cantidad de comentarios.

**Deriva de concreción.** El plan-architect escribió: "Considera extraer la lógica de retry a un helper compartido." El security-reviewer escribió: "Reemplaza las líneas 184-201 por `retry(opts, () => fetchToken(opts.url))` y agrega un techo de 30s, si no, la ruta de auth-refresh puede colgar el worker." Misma idea. Una la aplico en treinta segundos, la otra requiere una reunión. La concreción es un eje de varianza mucho más grande de lo que yo esperaba.

**Deriva de presupuesto de herramientas.** El explore-reviewer tenía grep y glob, y notó que la función renombrada todavía era referenciada en un script de CI que nadie había actualizado. El plan-architect, con exactamente las mismas herramientas, nunca fue a mirar allá. Misma lista de allowed-tools, mismo prompt sobre "encuentra dependientes". Uno caminó por la superficie, el otro caminó por el edificio. Acá la deriva vino de cuánto cada prompt de sistema empujaba al agente a vagar.

Si ustedes ya usaron [sub-agents de Claude Code](https://code.claude.com/docs/en/sub-agents) para algo más que una llamada Explore puntual, nada de esto sorprende. Lo que sí me sorprendió fue cómo estos cuatro baldes cubrían casi todo lo que etiqueté como desacuerdo.

## El bug que nadie atrapó

Dos días después del merge, un colega encontró una condición de carrera en la nueva ruta de manejo de errores. El PR abría una ventana de un frame donde dos intentos de reconnect podían dispararse sobre el mismo socket. Ninguno de los tres sub-agentes lo mencionó. La descripción del PR, que yo escribí a mano, sí decía "lógica de reconnect movida", y eso fue lo que hizo que el colega fuera a revisar.

"Con suficientes ojos, todos los bugs son superficiales", escribió Eric Raymond en 1999. Tuvo razón sobre los ojos. No especificó que tres de ellos tuvieran que apuntar a la misma ventana. Los míos estaban entrecerrados sobre el diff. Ninguno dio un paso atrás para preguntar: ¿qué cambió en el timing?

## Cómo resolver los desacuerdos: tres métodos

Esto es lo que aprendí después de pasar la hora extra haciendo merge. Tres formas prácticas de resolver un hallazgo donde los agentes no coinciden.

**Consenso por mayoría.** Si 2 de 3 agentes lo levantan, lo tratas como confirmado y revisas. Si solo 1 lo levanta, le bajas la prioridad por defecto. Es la regla más simple y resuelve la mayor parte de los casos "lo planteó 1" que en realidad eran ruido. Funciona bien para drift de alcance: si solo el explore-reviewer trajo un bug fuera del diff, lo registras como deuda técnica, no como bloqueante del PR.

**Override por contexto.** Cuando dos agentes disienten en la severidad, el que tiene más contexto gana. Si el security-reviewer caminó con grep a los llamadores y vio la validación previa, su "low" pesa más que el "critical" del plan-architect que leyó la función aislada. La regla operacional es simple: ¿qué agente tuvo más ventanas abiertas para decidir? Ese es el que prevalece.

**Agente extra para el desempate.** Cuando los tres están en desacuerdo o cuando un hallazgo crítico viene de un solo agente, levantas un cuarto sub-agente específico para esa pregunta. Le das las dos posturas y le pides un veredicto. Sí, es otro turno de ida y vuelta. Pero es mucho más barato que tomar la decisión equivocada y volver a tocar el PR la próxima semana.

Si ejecutaron Claude Code [autónomamente por 24 horas](/es/blog/agente-ia-autonomo-24-horas-seguridad/) y vivieron para contarlo, ya saben este patrón desde el otro lado: el cuello de botella se mueve hacia quien lee la salida del agente.

## Cuántos sub-agentes son los correctos

No creo que la respuesta sea uno. La misma semana corrí el experimento con N=1 en un PR más chico, solo una pasada de revisión general. Se le escapó el tipo de dependencia entre archivos que el explore-reviewer habría atrapado. Un par de ojos es genuinamente peor que dos.

Mi heurística actual, después de unos doce PRs en esta línea:

- PR pequeño (menos de 100 líneas, sin archivos nuevos): un sub-agente. Más que eso es overhead.
- PR mediano (100 a 500 líneas, toca un subsistema): dos sub-agentes con ángulos distintos, en general explore + security o explore + architect. Eligen el segundo según lo que el PR esté arriesgando de verdad.
- PR grande o transversal (más de 500 líneas, varios subsistemas): tres. Planeen el tiempo de integración por adelantado. No es gratis.

Por encima de tres, no he visto valor. La configuración de [nueve agentes de HAMY](https://hamy.xyz/blog/2026-02_code-reviews-claude-subagents) es interesante, pero necesitaría una segunda herramienta solo para fusionar los reportes, y tendría que ser más barata que yo.

La otra perilla es la concreción. Hoy le pido a cada sub-agente "hallazgos con el cambio concreto más pequeño que los resuelva, o marcados como no-fix si no lo sabes". Esa única línea en el prompt de sistema redujo casi a la mitad mi deriva de concreción.

## Lo que de verdad creo ahora

La revisión de código multi-agente no es gratis. Se parece más a "tres revisores junior leyendo en cuartos distintos, y tú eres el senior que tiene que fusionar sus notas". El número de ojos sube, pero el costo de integración también, y el costo de integración es la parte que vive en tu calendario.

El bug que nadie atrapó es lo que más humilde me dejó. Tres agentes, tres ángulos, todos read-only, todos apuntando al mismo diff. Ninguno notó el cambio de timing porque a ninguno se lo pidieron. **Los sub-agentes son extremadamente buenos en las preguntas que ustedes ponen en el system prompt. Son mediocres en las preguntas que ustedes olvidaron hacer.** El límite real está ahí, no en el modelo.

Si se llevan una sola cosa de esta guía: escriban un cuarto prompt de sub-agente llamado `what-am-i-not-asking`, entréguenle el diff y pídanle que nombre las categorías que los demás agentes van a dejar pasar. Lean la respuesta. Luego escriban los prompts de revisión reales. Yo no lo hice en el experimento de este post, y por eso perdí una hora en el merge y un colega encontró mi condición de carrera.

El número de menos del 1% de Anthropic es real. También está medido sobre un pipeline que alguien estuvo meses afinando, no sobre tres sub-agentes que escribieron entre reuniones. Afinen los suyos. Hasta entonces, calculen con 40%.

---

*ken imoto · WebRTC & Voice AI engineer · [kenimoto.dev](https://kenimoto.dev/es/)*