·2 min read
Context is king
The highest-leverage thing you can do with AI coding tools isn't writing better prompts. It's giving them better context.
ai-toolsworkflowproductivity
Luka Golubovic
Software engineer in Belgrade. I work across backend systems and web delivery, and most of my attention lately goes to application security, not as a separate phase, but as part of how the code gets written.
I spend a lot of time thinking about the distance between software that works and software that's hard to misuse. This site is where I write about that, and where I keep the projects that came out of it.
Writing
All postsProjects
All projectsBuilt to figure out what breaks when WebSocket traffic has to live across multiple servers. Go backend, React frontend, Redis pub/sub for cross-instance messaging, a custom load balancer, and the whole thing runs in containers.
Security focus: Trust boundaries between services: which component gets to trust which messages, connections, and identities. WebSocket session constraints, separated responsibilities, container isolation.
ReactGoWebSocketRedis Pub/SubDocker
Project aeon: local-first assistant platform
An assistant platform where your data never leaves your machine. Vector search over local documents, a local LLM runtime through Ollama, and clean boundaries between the API, vector store, and UI.
Security focus: Making the privacy guarantees real instead of aspirational. All data flows stay local by default, service boundaries are enforced, and runtime configuration is locked down.
FastAPIChromaDBVue 3TypeScriptNaive UIOllama
A desktop credential manager in JavaFX. Master-password gated, locally stored, with architecture documentation written alongside the code. Built to actually implement auth flows and persistence instead of just reading about them.
Security focus: Treating credential storage seriously from the start. Hashed master password, constrained data model, gated access. No shortcuts on the things that matter most in a password manager.
JavaFXMySQLJsoupJUnit