Paul Welty, PhD AI, WORK, AND STAYING HUMAN

Work log — 2026-04-01

What shipped today

A small but important hardening fix landed today. The /api/learn and /api/weekly routes were both missing top-level try/catch blocks, meaning any unhandled promise rejection would crash the request with a bare 500 and no useful error information. Both routes now catch and log the underlying error via console.error, return a structured {error: "..."} response with status 500, and won’t silently swallow failures. This closes out the last known unguarded route-level error handling gap flagged in the recent scout sweep.

This session was light on volume but continues the steady CI/hardening work that’s been the theme of the past week — closing the scout-identified gaps methodically before turning attention to new features.

Completed

  • #233 — Wrap learn and weekly routes in try/catch (error handling for unhandled rejections)

Release progress

  • March 2026 milestone is still open but empty (0 issues attached). It’s a vestigial open milestone — no blocking issues. Can be closed manually if desired.

Carry-over

  • #235 (ready-for-dev) — Validate config PATCH updates against allowlist
  • #234 (ready-for-dev) — Add loading.tsx and error.tsx boundaries for app routes
  • #237 (ready-for-prep) — Reduce redundant Supabase client creation in serve route
  • #86 (backlog) — Replace in-memory rate limiter with persistent solution for production
  • #101 (blocked) — Branded transactional emails (blocked on email template work)

Risks

  • Rate limiter (#86) is still in-memory. Fine for dev/low-traffic, will fail silently under multi-instance Vercel deployment. Should be elevated before any meaningful traffic.

Flags and watch-outs

  • supabase/.gitignore, supabase/config.toml, and web/.gitignore remain untracked — these are local config files, not code. They’ve been sitting untracked for multiple sessions. Worth deciding whether to .gitignore them or commit them.
  • The March 2026 milestone has 0 issues attached but is still open. It was never populated — safe to close.

Next session

  1. Pick up #235 (validate config PATCH against allowlist) — it’s ready-for-dev and a clean, self-contained security improvement
  2. Pick up #234 (loading.tsx + error.tsx boundaries) — also ready-for-dev, improves app resilience
  3. Consider closing the empty March 2026 milestone
  4. Decide fate of the three untracked supabase/web config files
Featured writing

Why customer tools are organized wrong

This article reveals a fundamental flaw in how customer support tools are designed—organizing by interaction type instead of by customer—and explains why this fragmentation wastes time and obscures the full picture you need to help users effectively.

Infrastructure shapes thought

The tools you build determine what kinds of thinking become possible. On infrastructure, friction, and building deliberately for thought rather than just throughput.

Server-side dashboard architecture: Why moving data fetching off the browser changes everything

How choosing server-side rendering solved security, CORS, and credential management problems I didn't know I had.

Books

The work of being available now

A book on AI, judgment, and staying human at work.

The practice of work in progress

Practical essays on how work actually gets done.

Recent writing

Delegation without comprehension is just prayer

The organizations that survive won't be the ones that automated the most. They'll be the ones that figured out what to stop delegating.

The case for corporate amnesia

Most organizations worship institutional memory. But what if the thing they're preserving is mostly decay?

Your design philosophy is already written

Builders who work across multiple projects leave fingerprints everywhere. The same mind solves the same problem differently in every domain — and usually doesn't notice. You need someone to read it back to you.

View all writing →