fibon design log (English)

fibon design log (English) https://fibon.stepbyday.com/en/ fibon — the design log of an auditable white-box personal-assistant agent project en Chapter 1: Why I'm Building My Own AI Assistant https://fibon.stepbyday.com/en/chapters/01-fibonacci/ https://fibon.stepbyday.com/en/chapters/01-fibonacci/ A seed planted the moment ChatGPT exploded — and why I didn't start building until 2026 Tue, 16 Jun 2026 00:00:00 GMT Chapter 2: Is One AI Not Enough? https://fibon.stepbyday.com/en/chapters/02-butler-and-assistants/ https://fibon.stepbyday.com/en/chapters/02-butler-and-assistants/ Why fibon splits the Butler from the Assistants, and why the rules of delegation must be hard-coded instead of merely "asking" the AI nicely Tue, 16 Jun 2026 00:00:00 GMT Field Note: Zombie Caches and Stolen Keys: A Teardown of Two Runaway AI Bills https://fibon.stepbyday.com/en/notes/2026-06-gemini-cache-billing/ https://fibon.stepbyday.com/en/notes/2026-06-gemini-cache-billing/ Reverse-engineering how Google's billing system broke from the shape of a BigQuery export — and an honest audit of which defenses fibon has built, and which one is still missing Fri, 12 Jun 2026 00:00:00 GMT Field Note: Runaway Sub-Agents: The June 2 Claude Outage and the Lesson of the Infinite Loop https://fibon.stepbyday.com/en/notes/2026-06-claude-outage/ https://fibon.stepbyday.com/en/notes/2026-06-claude-outage/ A bug that made sub-agents multiply exponentially knocked Claude out for nearly six hours. fibon's delegation-round cap and multi-vendor design are built for exactly this kind of runaway — but one piece I haven't built either. Fri, 12 Jun 2026 00:00:00 GMT Field Note: The Attack That Waits: When AI's 'Memory' Becomes the Attack Surface https://fibon.stepbyday.com/en/notes/2026-06-memory-poisoning/ https://fibon.stepbyday.com/en/notes/2026-06-memory-poisoning/ OWASP put memory poisoning in its 2026 agentic top ten; a single poisoned webpage can make an agent misfire weeks later. fibon sells memory as a core feature — this cut lands right on the vital spot. Fri, 12 Jun 2026 00:00:00 GMT Field Note: The Lobster's Bill: When an AI Agent's 'Token-Eating Monster' Meets the Abandonment Wave https://fibon.stepbyday.com/en/notes/2026-06-openclaw-token-economics/ https://fibon.stepbyday.com/en/notes/2026-06-openclaw-token-economics/ OpenClaw drove the whole world to "raise a lobster" — then the same crowd abandoned it because $150/day in token fees made it unaffordable. The economics of that craze is exactly fibon's core thesis. Fri, 12 Jun 2026 00:00:00 GMT Field Note: 12% of the Marketplace Was Poison: The ClawHub Supply-Chain Attack https://fibon.stepbyday.com/en/notes/2026-06-clawhub-supply-chain/ https://fibon.stepbyday.com/en/notes/2026-06-clawhub-supply-chain/ OpenClaw's skill marketplace was seeded with over a thousand malicious add-ons — using no 0-day at all. A teardown, and a test of whether fibon's three-gate skill import actually holds. Fri, 12 Jun 2026 00:00:00 GMT Field Note: Tools as Attack Surface: 2026's MCP Vulnerability Cascade and 'Tool Poisoning' https://fibon.stepbyday.com/en/notes/2026-06-mcp-vulnerabilities/ https://fibon.stepbyday.com/en/notes/2026-06-mcp-vulnerabilities/ From three CVEs in Anthropic's own Git MCP to a STDIO design flaw that exposed 7,000 servers — MCP turned "connecting external tools" into a new supply-chain battlefield. How much can fibon's trust tiering and tool-hash verification stop? Fri, 12 Jun 2026 00:00:00 GMT