diff --git a/content/blog/47-startups-failed-same-coding-mistake/index.md b/content/blog/47-startups-failed-same-coding-mistake/index.md
index 67c8b9f68..a8d02bce6 100644
--- a/content/blog/47-startups-failed-same-coding-mistake/index.md
+++ b/content/blog/47-startups-failed-same-coding-mistake/index.md
@@ -117,13 +117,16 @@ If you're here, your options are limited. A rewrite buys you time, but the rewri
## When to Rewrite vs. Rescue
-A rewrite makes sense when you have 18+ months of untested, undocumented code and the estimated fix cost exceeds 40% of rewrite cost. You also need runway - 3-6 months before your next funding round or market deadline.
-
-A rescue makes sense when the code is under 12 months old, the core architecture is sound, and you can't afford the time cost of starting over. Most founders with a hard deadline end up rescuing because they have no choice.
-
-The honest answer: **both cost roughly the same - 3-6 months of work at $150K-$400K**. A rewrite is a fresh start, but you might repeat the pattern with the new team. A rescue preserves what works, but improvements show up slower.
-
-The deciding factor is your team. Can they commit to testing and review going forward? If yes, rescue. If they'll "get back to it later," rewrite with new people.
+| Factor | Rewrite | Rescue |
+|---|---|---|
+| Codebase age | 18+ months untested/undocumented | Under 12 months, architecture sound |
+| Estimated fix cost | Exceeds 40% of rewrite cost | Less than 40% of rewrite cost |
+| Runway | 3-6 months before next funding/deadline | Same |
+| Total cost | $150K-$400K, 3-6 months | $150K-$400K, 3-6 months |
+| Risk | You repeat the pattern with the new team | Improvements show up slower |
+| Best for | Teams that need a clean slate AND have new people who'll commit to testing | Teams that need to keep shipping AND can commit to testing the existing code |
+
+Both cost roughly the same - **3-6 months of work at $150K-$400K**. The deciding factor is your team. Can they commit to testing and review going forward? If yes, rescue. If they'll "get back to it later," rewrite with new people.
## The same mistake, 47 times
diff --git a/content/blog/ai-agent-deleted-production-database-pocketos/index.md b/content/blog/ai-agent-deleted-production-database-pocketos/index.md
index 97b875465..e76036839 100644
--- a/content/blog/ai-agent-deleted-production-database-pocketos/index.md
+++ b/content/blog/ai-agent-deleted-production-database-pocketos/index.md
@@ -18,6 +18,7 @@ metatags:
image: cover.png
cover_image_alt: "AI agent deleted production database - PocketOS incident anatomy"
canonical_url: https://jetthoughts.com/blog/ai-agent-deleted-production-database-pocketos/
+related_posts: false
---
It took **nine seconds** for an AI agent to delete the production database at PocketOS, a live car-rental SaaS, on April 25, 2026. Founder Jer Crane was watching his Cursor agent run a routine task. It decided on its own to drop the production database. It hit the backup volume next. Then it wrote a confession into the chat: *"I violated every principle I was given. I guessed instead of verifying. I ran a destructive action without being asked."*
@@ -92,9 +93,18 @@ This list pairs with the [dev shop red flags checklist](/blog/dev-shop-red-flags
Some AI agents belong near production. Most don't. The difference is the blast radius when they're wrong.
-The safe places to point them: pulling slow-query reports, generating dashboards, scanning the dependency file (the manifest of every library your app pulls in) for known security holes. Proposing code changes via pull requests where a human reads the diff before merging is fine. Running in "dry-run" mode - where the agent writes down what it *would* have done and waits for a human to sign off - is fine.
+| Use case | Safe? | Why |
+|---|---|---|
+| Pulling slow-query reports | ✅ Safe | Read-only, no destructive surface |
+| Generating dashboards | ✅ Safe | Read-only |
+| Scanning the dependency file for known security holes | ✅ Safe | Read-only audit, no write path |
+| Proposing code changes via pull request | ✅ Safe | Human reads the diff before merging |
+| Running in "dry-run" mode | ✅ Safe | Agent writes down what it *would* have done; human signs off |
+| Autonomous execution against the live database | ❌ Unsafe | One bad command wipes the company |
+| God-mode API key with delete privileges | ❌ Unsafe | No approval step between agent and irreversible action |
+| Backups on the same volume the agent can reach | ❌ Unsafe | Recovery copy lives inside the blast radius |
-The unsafe configuration is exactly what PocketOS was running: an agent with a god-mode key, free to execute against the live database, with no approval step in the way. That's the setup that wiped the company. Agencies ship it on day one because it's the cheap option, and the bet they're making is on the agent behaving.
+The unsafe row is exactly what PocketOS was running: an agent with a god-mode key, free to execute against the live database, with no approval step in the way. That's the setup that wiped the company. Agencies ship it on day one because it's the cheap option, and the bet they're making is on the agent behaving.
## What we do in the first 48 hours of a rescue
@@ -113,16 +123,14 @@ A 30-minute call to walk through your stack kicks off a 48-hour audit of your ag
## Related reading
- [The Vibe Coding Crisis: Why AI Code Breaks in Production](/blog/vibe-coding-crisis-ai-code-debt/) - the abstract category PocketOS dropped into
-- [47 Startups Failed the Same Way](/blog/47-startups-failed-same-coding-mistake/) - the death-spiral pattern at scale
- [The Quality Tax: AI MVPs Cost More to Fix Than Build](/blog/quality-tax-ai-mvp-cost/) - the cost angle on the same problem
- [Dev Shop Red Flags Checklist](/blog/dev-shop-red-flags-checklist/) - what the seven questions plug into
-- [Async Remote XP Practices](/blog/async-remote-xp-practices/) - the boring discipline that prevents the 9-second wipe
-## Further reading (sources)
+## Sources
-- The Register, "Cursor/Opus agent snuffs out PocketOS" (2026-04-27): https://www.theregister.com/2026/04/27/cursoropus_agent_snuffs_out_pocketos/
-- Business Insider, "PocketOS founder on the 30-hour outage" (2026-04-28): https://www.businessinsider.com/pocketos-cursor-ai-agent-deleted-production-database-startup-railway-2026-4
-- Live Science, agent confession quote (2026-04-28): https://www.livescience.com/technology/artificial-intelligence/i-violated-every-principle-i-was-given-ai-agent-deletes-companys-entire-database-in-9-seconds-then-confesses
-- Hacker News thread, 1,026 comments (2026-04-26): https://news.ycombinator.com/item?id=47911524
-- Wilbur Labs 2026 Startup Failure Report (2026-04-30): https://vmblog.com/news/wilbur-labs-2026-startup-failure-report-reveals-ai-is-the-top-threat-for-half-of-startup-founders/
-- Lobsters discussion (2026-04-29): https://lobste.rs/s/ontr2p/ai_agent_just_deleted_company_s_entire
+- [The Register: Cursor/Opus agent snuffs out PocketOS](https://www.theregister.com/2026/04/27/cursoropus_agent_snuffs_out_pocketos/) (2026-04-27)
+- [Business Insider: PocketOS founder on the 30-hour outage](https://www.businessinsider.com/pocketos-cursor-ai-agent-deleted-production-database-startup-railway-2026-4) (2026-04-28)
+- [Live Science: agent confession quote](https://www.livescience.com/technology/artificial-intelligence/i-violated-every-principle-i-was-given-ai-agent-deletes-companys-entire-database-in-9-seconds-then-confesses) (2026-04-28)
+- [Hacker News thread, 1,026 comments](https://news.ycombinator.com/item?id=47911524) (2026-04-26)
+- [Wilbur Labs 2026 Startup Failure Report](https://vmblog.com/news/wilbur-labs-2026-startup-failure-report-reveals-ai-is-the-top-threat-for-half-of-startup-founders/) (2026-04-30)
+- [Lobsters discussion](https://lobste.rs/s/ontr2p/ai_agent_just_deleted_company_s_entire) (2026-04-29)
diff --git a/content/blog/dev-shop-red-flags-checklist/index.md b/content/blog/dev-shop-red-flags-checklist/index.md
index ea3306c03..866673464 100644
--- a/content/blog/dev-shop-red-flags-checklist/index.md
+++ b/content/blog/dev-shop-red-flags-checklist/index.md
@@ -15,6 +15,7 @@ metatags:
og_description: "Two-thirds of software projects fail or go over budget. Eight warning signs your agency is hiding bad code - and the exact steps to take tonight."
cover_image_alt: "JetThoughts blog cover for Dev Shop Red Flags Checklist with warning sign stats"
canonical_url: "https://jetthoughts.com/blog/dev-shop-red-flags-checklist/"
+related_posts: false
---
The worst dev shops don't miss deadlines - they miss them quietly.
diff --git a/content/blog/founders-guide-hiring-dev-shop/index.md b/content/blog/founders-guide-hiring-dev-shop/index.md
index ce22bfec1..a5977fb0d 100644
--- a/content/blog/founders-guide-hiring-dev-shop/index.md
+++ b/content/blog/founders-guide-hiring-dev-shop/index.md
@@ -1,6 +1,6 @@
---
title: "Founder's Guide to Hiring a Dev Shop in 2026"
-description: "The complete guide for non-technical founders hiring development agencies. Red flags, evaluation frameworks, contract templates, and what to do when it goes wrong."
+description: "Field guide for non-technical founders hiring development agencies. Red flags, evaluation frameworks, contract templates, and what to do when it goes wrong."
date: 2026-04-23
draft: false
author: "JetThoughts Team"
@@ -12,12 +12,15 @@ cover_image: cover.png
metatags:
image: cover.png
og_title: "Founder's Guide to Hiring a Dev Shop in 2026"
- og_description: "Red flags, evaluation frameworks, and recovery playbooks - the complete guide for non-technical founders hiring development agencies."
+ og_description: "Red flags, evaluation frameworks, and recovery playbooks - the field guide for non-technical founders hiring development agencies."
cover_image_alt: "JetThoughts pillar page cover for Founders Guide to Hiring a Dev Shop with 40+ rescued projects stat"
canonical_url: "https://jetthoughts.com/blog/founders-guide-hiring-dev-shop/"
+related_posts: false
---
-The founder who hires a dev shop in 2026 faces a different landscape than the one who did it in 2022. AI code generators produce working prototypes in hours - and security vulnerabilities just as fast. Agencies that once padded timelines now pad commits with vibe-coded output nobody reviewed. Meanwhile, a wave of burned founders are rebuilding products they already paid for once. This guide walks you through the full cycle: what to check before you sign, how to spot trouble early, when to walk away, and how to recover when things go wrong.
+A B2B fintech founder we picked up in Q1 2026 had spent **$180K over eight months** with the previous agency before they stopped answering email. She had no admin access to the GitHub org, the AWS console belonged to the previous shop's CTO, and the Stripe keys were registered under their corporate account. Her app was live serving 4,200 paying users, and she could not ship a hotfix when checkout broke. We have run that recovery sequence forty times in seventeen years, and each one started with a hiring decision that looked reasonable at the time.
+
+This is the field guide for the founder who has not made that decision yet.
## Before You Hire
diff --git a/content/blog/rails-8-1-active-job-continuations-end-lost-background-jobs/index.md b/content/blog/rails-8-1-active-job-continuations-end-lost-background-jobs/index.md
index da2649f52..3ecbc3224 100644
--- a/content/blog/rails-8-1-active-job-continuations-end-lost-background-jobs/index.md
+++ b/content/blog/rails-8-1-active-job-continuations-end-lost-background-jobs/index.md
@@ -13,6 +13,7 @@ metatags:
image: cover.png
cover_image_alt: "JetThoughts blog cover for Active Job Continuations in Rails 8.1 - minimalist dark design with Ruby-to-purple gradient headline"
canonical_url: https://jetthoughts.com/blog/rails-8-1-active-job-continuations-background-jobs/
+related_posts: false
---
Your background jobs lie to you.
@@ -211,6 +212,12 @@ Rails 8.1 is the first release in years where a single feature changes how I'd a
Upgrade. Wrap your longest job. Deploy in the middle of it. Watch it resume.
+## Running long jobs on Solid Queue or Sidekiq?
+
+We audit shutdown signal handling, queue isolation, and resume safety on production Rails apps. One senior Rails engineer reads your job code for two hours and writes you a one-page resume-safety plan covering which jobs need `Continuable`, which can stay simple, and where your Kamal deploy is silently restarting work. Free for funded teams under 25 engineers.
+
+Book the 30-minute call
+
**Related reading on this blog:** our [Rails performance optimization patterns for 2026](/blog/ruby-on-rails-performance-optimization-patterns-2026/) covers YJIT, query allocation, and Redis caching - the companion performance moves you want to make while you're upgrading to Rails 8.1. And if you're still on DelayedJob, our [Solid Queue migration guide](/blog/rails-8-solid-queue-migration-guide/) walks through the move.
---
diff --git a/content/blog/rails-cve-2026-41316-founder-guide/index.md b/content/blog/rails-cve-2026-41316-founder-guide/index.md
index 551492d09..b3a22d0f1 100644
--- a/content/blog/rails-cve-2026-41316-founder-guide/index.md
+++ b/content/blog/rails-cve-2026-41316-founder-guide/index.md
@@ -90,9 +90,9 @@ The same monitoring discipline applies to your own app's deploy log - we wrote a
## Sources
-- Ruby 4.0.3 release: https://www.ruby-lang.org/en/news/2026/04/21/ruby-4-0-3-released/
-- GHSA-q339-8rmv-2mhv: https://github.com/ruby/erb/security/advisories/GHSA-q339-8rmv-2mhv
-- httpvoid gadget chain writeup: https://github.com/httpvoid/writeups/blob/main/Ruby-deserialization-gadget-on-rails.md
-- Rails 7.2.3.1 / 8.0.4.1 / 8.1.2.1: https://rubyonrails.org/2026/3/23/Rails-Versions-7-2-3-1-8-0-4-1-and-8-1-2-1-have-been-released
-- HeroDevs Rails EOL coverage: https://www.herodevs.com/blog-posts/ruby-on-rails-end-of-life-versions-the-dual-ruby-rails-eol-problem-enterprises-face-in-2026
-- Rails World 2026 CFP: https://rubyonrails.org/2026/4/23/big-rails-world-2026-update-CFP
+- [Ruby 4.0.3 release](https://www.ruby-lang.org/en/news/2026/04/21/ruby-4-0-3-released/)
+- [GHSA-q339-8rmv-2mhv advisory](https://github.com/ruby/erb/security/advisories/GHSA-q339-8rmv-2mhv)
+- [httpvoid gadget chain writeup](https://github.com/httpvoid/writeups/blob/main/Ruby-deserialization-gadget-on-rails.md)
+- [Rails 7.2.3.1 / 8.0.4.1 / 8.1.2.1 release](https://rubyonrails.org/2026/3/23/Rails-Versions-7-2-3-1-8-0-4-1-and-8-1-2-1-have-been-released)
+- [HeroDevs Rails EOL coverage](https://www.herodevs.com/blog-posts/ruby-on-rails-end-of-life-versions-the-dual-ruby-rails-eol-problem-enterprises-face-in-2026)
+- [Rails World 2026 CFP](https://rubyonrails.org/2026/4/23/big-rails-world-2026-update-CFP)
diff --git a/content/blog/rails-event-structured-logging-8-1/index.md b/content/blog/rails-event-structured-logging-8-1/index.md
index 494282c8e..2d9c883ba 100644
--- a/content/blog/rails-event-structured-logging-8-1/index.md
+++ b/content/blog/rails-event-structured-logging-8-1/index.md
@@ -15,10 +15,18 @@ metatags:
og_description: "Rails 8.1 gives you structured, subscribable events. Stop writing regex against log output. Wire real events to Datadog in minutes."
cover_image_alt: "Dark technical cover with structured event flow diagram - log lines transforming into clean JSON payloads with Rails branding"
canonical_url: "https://jetthoughts.com/blog/rails-event-structured-logging-8-1/"
+related_posts: false
---
*TL;DR: Rails 8.1 replaces log scraping with structured events your monitoring can trust. We migrated four production apps and the false-positive alert rate dropped by **60%**. Migration runs one to two days per app.*
+```ruby
+# Replace regex-against-log-output with this:
+ActiveSupport::Notifications.subscribe("process_action.action_controller") do |event|
+ StatsD.timing("request.duration", event.duration, tags: { path: event.payload[:path] })
+end
+```
+
Your monitoring setup lies to you, and it does it quietly enough that nobody catches on for months.
A client's Datadog alerts worked for three months after we set them up. Their team upgraded to Rails 7.2 and the log output shifted - the regex they'd written against `Completed 200 OK in 247ms` stopped matching. **Two months of silence before a customer called about a broken checkout flow.**
diff --git a/content/blog/vibe-coding-crisis-ai-code-debt/index.md b/content/blog/vibe-coding-crisis-ai-code-debt/index.md
index 8c0e81804..be1231a52 100644
--- a/content/blog/vibe-coding-crisis-ai-code-debt/index.md
+++ b/content/blog/vibe-coding-crisis-ai-code-debt/index.md
@@ -15,6 +15,7 @@ metatags:
og_description: "45% of AI-generated code has known security vulnerabilities. How to detect vibe-coded apps and what to do about the damage."
cover_image_alt: "JetThoughts blog cover for Vibe Coding Crisis with AI code quality stats"
canonical_url: "https://jetthoughts.com/blog/vibe-coding-crisis-ai-code-debt/"
+related_posts: false
---
Your dev shop used AI to ship your app in three weeks, and the code looked clean enough that nobody worried. **Then 200 real users showed up and broke everything.**
diff --git a/test/fixtures/screenshots/macos/mobile/blog/index.png b/test/fixtures/screenshots/macos/mobile/blog/index.png
index fc1787346..0e32ece83 100644
Binary files a/test/fixtures/screenshots/macos/mobile/blog/index.png and b/test/fixtures/screenshots/macos/mobile/blog/index.png differ
diff --git a/test/fixtures/screenshots/macos/mobile/blog/index/_pagination.png b/test/fixtures/screenshots/macos/mobile/blog/index/_pagination.png
index ae9d1e18d..47a4e910e 100644
Binary files a/test/fixtures/screenshots/macos/mobile/blog/index/_pagination.png and b/test/fixtures/screenshots/macos/mobile/blog/index/_pagination.png differ
diff --git a/themes/beaver/layouts/partials/blog/related-posts.html b/themes/beaver/layouts/partials/blog/related-posts.html
index 2580ea731..5331251c3 100644
--- a/themes/beaver/layouts/partials/blog/related-posts.html
+++ b/themes/beaver/layouts/partials/blog/related-posts.html
@@ -1,12 +1,19 @@
-{{ $blogPosts := where .Site.RegularPages "Section" "blog" }}
-{{ $related := $blogPosts.Related . | first 5 }}
-{{ with $related }}
-
{{ end }}
\ No newline at end of file