Work log: Polymathic — March 20, 2026

What shipped today

A scout sweep found five grindable issues across security, error handling, mobile layout, email templates, and social meta tags. All five were executed and shipped in a single session.

The biggest addition was a Content-Security-Policy header for Cloudflare Pages (_headers), built from a full audit of every external resource loaded across the site — Google Analytics, Cloudflare Turnstile, Brevo forms, Google Fonts, and Cloudinary media. The CSP locks down script, style, font, image, media, connect, and frame sources while keeping all existing functionality working. Alongside that, newsletter-send.sh got proper error handling: the Brevo scheduled-campaign check is now wrapped in try/except, the shell validates campaign IDs are numeric before proceeding, and API failures surface clearly instead of silently passing bad data downstream.

On the frontend, the newsletter signup form’s email input was overflowing its container on mobile due to a hardcoded width: 300px — replaced with Tailwind responsive classes. The newsletter email template got {{ with }} guards on the preheader and footer contact fields so missing optional params don’t render as blank tags. And og:locale was added to the social meta partial for proper Open Graph locale signaling.

A new essay was published — “Your project management tool was made for a non-human (AI) factory, not for you” — arguing that every project management tool descends from Taylor’s Scientific Management and fails at knowledge work. Newsletter edition 16 was staged from this essay and scheduled for Tuesday March 24 at 11am ET via Brevo campaign 32.

Completed

• #182 — Add Content-Security-Policy header to _headers
• #183 — Validate campaign ID after Brevo API response in newsletter-send.sh
• #184 — Fix newsletter form email input overflow on mobile
• #185 — Add guards to newsletter email template for optional params
• #186 — Add og:locale meta tag to social meta partial
• Newsletter edition 16 staged and scheduled (campaign 32, March 24)

Release progress

• April 2026: 2/3 closed (1 open: #8 product blog syndicated content)

Carry-over

• #112 — Blog dates accuracy (needs-clarification, still no human reply)
• Check Brevo delivery stats for newsletter editions 13-15
• Update Brevo sender name to “Philosopher at Large”

Risks

• The Edit tool was blocked by a missing security plugin hook (security_reminder_hook.py). All edits done via sed through Bash. If this persists, it will continue to slow sessions.

Flags and watch-outs

• CSP header is now live. If new external resources are added (new analytics, CDN, embeds), they’ll be blocked until added to the CSP directive in static/_headers.
• Newsletter 16 is scheduled for Tuesday March 24 at 11am ET. The subject was corrected after initial scheduling to match the full post title including “(AI)” and “not for you”.

Next session

• Confirm newsletter 16 delivery after March 24
• Check Brevo delivery stats for editions 13-15
• Update Brevo sender name to “Philosopher at Large”
• #112 — Check for reply on blog dates accuracy issue
• #8 — Product blog syndicated content is the last April 2026 milestone issue — consider prepping
• Investigate the broken security_reminder_hook.py plugin — clear cache or reinstall