Long-form writing on multi-agent AI, medical AI governance, HIPAA-aware architecture, and cloud-native systems. Most posts grow out of work on Bodh — an open-source Go implementation of Microsoft's MARA pattern tuned for medical sequential diagnosis.
The patterns that worked, the traps we fell into, and what we'd do differently.
What worked, what was hard, and what we'd do differently. Real numbers: 18 agents, 90 days, 5 governance policies, 4 provider swaps.
The philosophy, trade-offs, and what we learned converting 18+ agents in 3 months.
The philosophy, trade-offs, and what we learned converting 18+ agents in 3 months. Provider abstraction as the foundation for portable agents.
What HIPAA looks like when you express it as Go interfaces — governance policies, append-only audit at DB GRANTs, PHI redaction at the logger seam, and HITL as the §3060 CDS carve-out criterion 4.
PostgreSQL row-level security as HIPAA defence in depth. Why fail-open application filtering isn't enough, and how 'append-only at DB GRANTs' carries more of the §164.312(b) burden than people realise.
How a single sprint of specialty-rule work — guided by a benchmark that wasn't afraid to print embarrassing numbers — turned a 'demo respiratory differential' into a five-condition rule-based diagnostic engine.
Enough to reconstruct, never enough to leak. The audit event schema problem under §164.312(b), and how to solve it without conflating the audit sink with the PHI sink.
Running agents on Cloud Run, exposing via A2A, and wiring into production systems.
Cloud Run deployments, agent-to-agent communication, load balancing, and production observability.
How to instrument agents for observability, error handling, and audit logging.
Callbacks to middleware: composable decorators for audit, retry, token enforcement, and OpenTelemetry integration.
How to port ADK's model hard-codes to MAF's provider factory pattern.
Zero-code provider swaps: Ollama (dev), OpenAI (staging), Azure Foundry (prod). Same agents, different models.
How to port tools, add policy enforcement, and integrate OPA.
From ADK functions to MAF governed tools. Adding policy enforcement, DLP, approval gates, and OPA integration.
How conversation threads replace session state; how to track token usage across agent chains.
Sessions to threads: porting multi-turn state from ADK to MAF. Token budgeting, long-term memory, and conversation audit trails.
How to port ADK's orchestration callbacks to MAF builders without losing control.
How to port ADK's orchestration callbacks to MAF builders without losing control. The executor pattern: you own the loop.
How to instrument multi-agent systems with OpenTelemetry, propagate trace context across an in-memory bus, and build a layered evaluation pipeline — from real-time policy gates to async LLM-as-judge to SLO-based trust scoring. Everything I learned building Genie.
Google's GKE AI infrastructure docs list ~40 integrations. Here's a field map of which ones actually matter when the workload is a HIPAA-aware multi-agent medical AI, and where the gaps sit.
How a 200-line Go handler turns an audit log and an eval store into a regulator-friendly answer to
Request → N-eyes approve → window-of-time → automatic expiry, with every transition written to a hash-chained audit log. The package that closes Gap #1 from the PCSE map.
Why HL7 v2 — a 50-year-old pipe-delimited protocol — still drives most US hospital ADT integrations in 2026, and what a clean Go parser looks like in ~300 lines.
Studying for the IAPP AI Governance Professional credential? Here's an open-source Go codebase that demonstrates ~70% of the body of knowledge in working code.