Rebuilding My Resume with Claude: 36 Iterations, ATS + Recruiter Scoring, and the Final PDF
36 resume iterations in two hours. Claude codes, I judge the render, dual ATS + recruiter scoring at every pass. What the iterative loop really changes.
Lessons learned, problems and solutions
36 resume iterations in two hours. Claude codes, I judge the render, dual ATS + recruiter scoring at every pass. What the iterative loop really changes.
You put everything in your CLAUDE.md because "more context = better". How I cut 52% of a production CLAUDE.md after a security audit, and why the agent codes better with less.
The pre-pentest audit in successive passes. How to verify findings before panicking, and how to select which probes become permanent regression tests.
The event-XOR-error invariant on command handlers. How to inform the caller of a business outcome without breaking the event/error separation, and why audit logging must be atomic.
tls.Config.VerifyConnection only runs at handshake. A client on keep-alive after revocation keeps serving. Double-gate pattern and CRL hot-reload with monotonic check.
A single TLS port serving three hosts via SNI with different ClientAuth levels. Plus the session cert binding pattern to block cookie replay attacks.
Synchronizer token server-side vs double-submit cookie: when the latter fails, why middleware wire-order matters, and how to handle JS non-form requests.
First N failures are silent, then exponential backoff capped at 15 min. Why the status code must never distinguish locked vs wrong creds, and how to reset properly.
If your login responds in 1ms for unknown users and 50ms for known ones, you have an oracle. The fix is 3 lines. The trap that breaks it 6 months later is just one config change.
A PKCS#12 encrypted with AES-256, imported successfully by certutil, but ECDSA unusable in Edge. The CryptoAPI vs CNG routing trap and the MS KSP attribute fix.