Velacria Research and Field Notes

AI operations need operating memory

Julien Le Nestour — Wed, 15 Apr 2026 00:00:00 GMT

Most AI demos are impressive once.

Operational AI has to be useful repeatedly.

That means the hard part is not only prompting. It is operating memory: instructions, examples, edge cases, tool permissions, evaluation criteria, client context, known failure modes, and a way to improve the workflow after each run.

Skills, MCPs, agents, and workflow harnesses are interesting because they can turn judgment into reusable operating infrastructure.

Without that layer, the model is just improvising again.

AI search still starts with SEO foundations

Julien Le Nestour — Wed, 15 Apr 2026 00:00:00 GMT

AI optimization is not a magic new channel detached from SEO.

If a model cannot understand what an entity is, what it is known for, what evidence supports it, and how it relates to adjacent concepts, it is unlikely to recommend it reliably.

That means boring foundations still matter: crawlable pages, clear topic ownership, structured data, internal links, consistent naming, useful explanations, and enough public evidence for systems to connect the dots.

The interface changes. The need for clarity does not.

Compliance is an architecture problem

Julien Le Nestour — Wed, 15 Apr 2026 00:00:00 GMT

The weak version of privacy work is treating compliance as a brake.

The useful version is treating it as an architecture constraint.

What data should be collected? Which platform should receive it? Under what consent state? At what granularity? From browser, server, CRM, or warehouse? With which matching fields? For which business objective?

Those questions are technical, legal, and commercial at the same time. If they are answered separately, the result is either risky tracking or compliant underperformance.

Good tracking architecture has to make those tradeoffs explicit.

CRO starts before the test

Julien Le Nestour — Wed, 15 Apr 2026 00:00:00 GMT

A/B testing is often treated as the beginning of CRO.

It is usually the middle.

Before the test, there is a behavioral question: what is making this decision harder than it needs to be? Is the user uncertain, overloaded, unconvinced, distracted, or blocked by the wrong kind of friction?

The test matters. But if the hypothesis is shallow, the test only gives a precise answer to an uninteresting question.

Nobody owns the tracking stack

Julien Le Nestour — Wed, 15 Apr 2026 00:00:00 GMT

Most companies do not have one tracking stack.

They have layers: old agency work, new agency work, campaign pixels, GTM changes, CMP settings, Meta and Google defaults, a bit of server-side tagging, and a few urgent fixes that nobody documented.

The uncomfortable part is not that this is messy. It is that nobody can usually say, with confidence, what is live, why it exists, who owns it, and whether it still matches the current business model.

That is why an outside-in scan is useful. It does not replace a proper audit. It creates the first shared object: here is what a public observer can see. Now marketing, legal, analytics, and agencies can talk about the same evidence.

Broken GA4 Tracking: The Real Cost of Missing Conversions

Julien Le Nestour — Fri, 02 Jan 2026 00:00:00 GMT

Most GA4 implementations I audit are missing conversions. Not a few. Fifteen to forty percent.

That's not a tracking bug. That's a measurement crisis that makes every marketing decision suspect.

The Symptoms

You'll recognize these:

- Meta reports 50 conversions, GA4 shows 22
- Google Ads shows a 3.2x ROAS that doesn't match revenue
- Attribution models disagree by 2x or more
- Your CFO asks why marketing metrics don't match finance

The instinct is to blame "platform discrepancies." It's rarely that simple.

The Real Causes

Consent-blocked events

GA4 doesn't fire if consent is denied or incomplete. But your platform pixels might still trigger (incorrectly). Or neither fires correctly. You're comparing broken data to different broken data.

Client-side fragility

Browser tracking loses events to:
- Ad blockers (15-30% of technical audiences)
- Safari ITP (7-day cookie expiry, then gone)
- Network errors and page abandonment
- Single-page app navigation bugs

Event schema drift

Your developers shipped a change that renamed `purchase` to `order_complete`. Or removed the `value` parameter. Or sends it as a string instead of a number. GA4 silently accepts it. Your conversion counts silently drop.

Container timing issues

GTM fires after the user navigates away. Or before the dataLayer populates. Or twice because someone duplicated a trigger. These aren't rare edge cases—they're the default state of most implementations.

The Financial Impact

Do the math:

- $100k/month ad spend
- 30% conversion under-reporting
- Platform algorithms optimize against incomplete data
- You're bidding on the wrong signals

Conservative estimate: 10-20% of ad spend wasted on misoptimization. That's $10-20k/month.

For larger spends, the numbers get ugly fast.

The Fix

1. Server-side tracking foundation. Client events deduplicate with server events. You capture what browsers miss.

2. Event validation pipeline. Real-time checks that your events match the expected schema. Alerts when they don't.

3. Platform-source reconciliation. Regular audits comparing platform data, GA4, and backend systems. Discrepancies flagged, not ignored.

4. Consent-mode implementation. Proper modeling, proper signals, proper recovery of unobservable conversions.

None of this is optional anymore. The browsers are hostile. The regulations are tightening. The platforms are demanding better signals.

The question isn't whether you can afford to fix this. It's whether you can afford not to.

Server-Side GTM: Why It Is No Longer Optional

Julien Le Nestour — Mon, 15 Dec 2025 00:00:00 GMT

Let me be direct: if you're still running 100% client-side tracking, you're operating on borrowed time.

I'm not saying this because server-side is trendy. I'm saying it because the browsers have made their position clear, and the trajectory is unmistakable.

What's Actually Happening

Safari and Firefox already limit client-side cookies to 7 days (Safari) or block third-party cookies entirely (Firefox). Chrome's third-party cookie deprecation keeps getting delayed, but the writing is on the wall.

When that happens—and it will—client-side tracking loses:

- Reliable user identification across sessions
- Accurate attribution windows beyond a week
- Most cross-device journey data
- Campaign measurement for anything but same-session conversions

Why Server-Side Changes This

Server-side tracking doesn't magically bypass consent or privacy rules. That's not the point.

The point is reliability and control:

1. First-party context. Your server sets the cookie, from your domain. Browser restrictions that target third parties don't apply.

2. Data enrichment. Match client events with backend data before sending to platforms. Get the revenue figure right. Include the order ID. Send the actual LTV.

3. Platform integration. Server-to-server connections (Meta CAPI, Google Ads API) trust your data more than browser pixels. They give you better match rates and signal quality.

4. Consent orchestration. One place to enforce rules about what gets sent where, based on what the user actually consented to.

The Common Objections

"It's too complex." It's more complex than pasting a script tag, yes. But so is any infrastructure that actually works.

"We don't have engineering resources." You have resources to fix broken attribution every quarter. You just call it "agencies" and "analytics consultants."

"We'll lose data in the migration." You're already losing data. At least this is intentional.

The Minimum Viable Implementation

Start here:

1. Google Cloud Run container with GTM server-side
2. First-party subdomain (sst.yoursite.com)
3. Client-side container fires to your server endpoint
4. Server container forwards to GA4 and one platform (start with your biggest spend)
5. Deduplication logic to avoid double-counting

Cost: $50-200/month infrastructure. Weekend of engineering time if you know what you're doing.

The hard part isn't the technology. It's reorganizing how you think about data collection.

Stop waiting for permission. The client-side era is ending whether you're ready or not.

Consent Mode V2: What Changed and What Marketers Need To Do

Julien Le Nestour — Fri, 28 Nov 2025 00:00:00 GMT

Google announced Consent Mode v2 requirements. The marketing internet panicked. Vendors sent urgent emails. Agencies scheduled "emergency" calls.

Let me separate signal from noise.

What Actually Changed

Two new signals are now required for EEA/UK traffic if you want to use Google's advertising features:

- `ad_user_data`: Permission to send user data to Google for ads
- `ad_personalization`: Permission to use data for personalized ads

These join the existing signals:
- `analytics_storage`: GA4 cookies
- `ad_storage`: Google Ads cookies

If you don't pass these new signals, Google won't process your EEA/UK conversion data for remarketing or audience building.

What Didn't Change

- Google still offers behavioral modeling for conversions when consent is denied
- You still need a proper CMP (Consent Management Platform)
- The technical implementation is the same (gtag consent commands)
- Server-side tracking still works the same way

What You Actually Need to Do

If you already have Consent Mode v1 working:

1. Update your CMP configuration to map to the new signals
2. Test that the signals fire correctly (denied vs granted)
3. Verify in Google Ads that you're compliant before the deadline

If you don't have Consent Mode at all:

1. Implement a CMP that integrates with Google's consent framework
2. Configure it to send all four consent signals
3. Consider advanced consent mode for behavioral modeling
4. Test thoroughly before deploying

If you're using server-side GTM:

1. Ensure consent signals pass through to your server container
2. Server-side tags should respect consent state
3. Platform APIs (CAPI, etc.) should only receive data with appropriate consent

The Vendor Noise

Half the emails you're getting are vendors trying to sell you things you don't need. Be skeptical of:

- "AI-powered consent recovery" (usually just aggressive dark patterns)
- "Zero-impact compliance" (nothing is zero-impact)
- "Guaranteed conversion modeling" (Google controls the modeling, not vendors)

The Real Timeline

Google's deadline is the deadline. After that, non-compliant setups lose access to advertising features for EEA/UK audiences.

If that's a meaningful portion of your traffic, prioritize this. If you're US-only with minimal EU visitors, it's less urgent but still worth doing properly.

Either way, treat this as an excuse to audit your entire consent setup. Most implementations I see have issues beyond the v2 signals.