<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: AsiaOstrich</title>
    <description>The latest articles on DEV Community by AsiaOstrich (@asiaostrich).</description>
    <link>https://dev.to/asiaostrich</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3975421%2F277bef48-d7d0-4815-b9f6-7512a713c0da.png</url>
      <title>DEV Community: AsiaOstrich</title>
      <link>https://dev.to/asiaostrich</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/asiaostrich"/>
    <language>en</language>
    <item>
      <title>Our graph database was abandoned upstream — here's the 6-line migration (EngramGraph 0.3.0)</title>
      <dc:creator>AsiaOstrich</dc:creator>
      <pubDate>Wed, 24 Jun 2026 12:00:26 +0000</pubDate>
      <link>https://dev.to/asiaostrich/our-graph-database-was-abandoned-upstream-heres-the-6-line-migration-engramgraph-030-5h1p</link>
      <guid>https://dev.to/asiaostrich/our-graph-database-was-abandoned-upstream-heres-the-6-line-migration-engramgraph-030-5h1p</guid>
      <description>&lt;p&gt;In October 2025, Kùzu Inc. archived KuzuDB — the embedded graph database — with a one-line note: "Kuzu is working on something new." The npm package was deprecated, and its transitive dependencies (&lt;code&gt;tar@6.2.1&lt;/code&gt;, &lt;code&gt;npmlog&lt;/code&gt;, &lt;code&gt;gauge&lt;/code&gt;) carried 5 high-severity vulnerabilities with no fix coming.&lt;/p&gt;

&lt;p&gt;EngramGraph runs on an embedded graph database. That database was Kuzu.&lt;/p&gt;

&lt;p&gt;EngramGraph 0.3.0 is the migration release — and the migration turned out to be far cheaper than expected. Here's why, and what we learned.&lt;/p&gt;

&lt;h2&gt;
  
  
  The fix: ryugraph
&lt;/h2&gt;

&lt;p&gt;The community responded to KuzuDB's abandonment with several forks. We evaluated them and picked &lt;a href="https://github.com/predictable-labs/ryugraph" rel="noopener noreferrer"&gt;ryugraph&lt;/a&gt; (Predictable Labs):&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;MIT licensed&lt;/strong&gt;, actively maintained, published on npm&lt;/li&gt;
&lt;li&gt;Designed as a &lt;strong&gt;drop-in Kuzu replacement&lt;/strong&gt; — and in our experience, it actually is&lt;/li&gt;
&lt;li&gt;Same storage format lineage: existing &lt;code&gt;.engram/graph.db&lt;/code&gt; files keep working&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The core API — &lt;code&gt;prepare()&lt;/code&gt;, &lt;code&gt;execute()&lt;/code&gt;, &lt;code&gt;query()&lt;/code&gt;, &lt;code&gt;getAll()&lt;/code&gt; — is signature-identical to kuzu. Our entire test suite (69 tests) passed on the first run after the swap.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why the migration was 6 lines
&lt;/h2&gt;

&lt;p&gt;One architectural decision from day one paid for itself here: &lt;strong&gt;every raw database call goes through a single thin wrapper&lt;/strong&gt; (&lt;code&gt;GraphConnection&lt;/code&gt;, ~80 lines). The other 20+ call sites in the codebase only ever see the wrapper.&lt;/p&gt;

&lt;p&gt;So the migration was:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;code&gt;package.json&lt;/code&gt;: &lt;code&gt;kuzu&lt;/code&gt; → &lt;code&gt;ryugraph&lt;/code&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;code&gt;connection.ts&lt;/code&gt;: one import line&lt;/li&gt;
&lt;li&gt;Two type-only imports (&lt;code&gt;KuzuValue&lt;/code&gt; → &lt;code&gt;RyuValue&lt;/code&gt;)&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;That's it. If your project wraps its native dependencies behind one interface, an upstream abandonment becomes an afternoon, not a quarter.&lt;/p&gt;

&lt;h2&gt;
  
  
  The leftover CVEs (and the override trick)
&lt;/h2&gt;

&lt;p&gt;Swapping kuzu killed the deprecated-toolchain CVEs, but ryugraph itself pins &lt;code&gt;cmake-js@^7.3.0&lt;/code&gt;, whose &lt;code&gt;tar@6.2.1&lt;/code&gt; carries known path-traversal CVEs. The fix exists upstream (&lt;code&gt;cmake-js@8&lt;/code&gt; uses a patched tar) — ryugraph just hasn't bumped yet.&lt;/p&gt;

&lt;p&gt;npm &lt;code&gt;overrides&lt;/code&gt; to the rescue:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight json"&gt;&lt;code&gt;&lt;span class="nl"&gt;"overrides"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nl"&gt;"cmake-js"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"^8.0.0"&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;code&gt;npm audit&lt;/code&gt;: &lt;strong&gt;5 high → 0&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;One caveat worth knowing: &lt;strong&gt;npm overrides don't propagate to downstream consumers&lt;/strong&gt;. If you depend on &lt;code&gt;engramgraph&lt;/code&gt; (or anything that depends on ryugraph), add the same override to your own &lt;code&gt;package.json&lt;/code&gt; until ryugraph bumps cmake-js upstream.&lt;/p&gt;

&lt;h2&gt;
  
  
  Upgrading
&lt;/h2&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;npm &lt;span class="nb"&gt;install &lt;/span&gt;engramgraph@0.3.0
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;One breaking change: the &lt;code&gt;KuzuValue&lt;/code&gt; type is now &lt;code&gt;RyuValue&lt;/code&gt;. If you imported it, update the import — everything else is unchanged.&lt;/p&gt;

&lt;p&gt;MIT · Node ≥ 22 · github.com/AsiaOstrich/EngramGraph&lt;/p&gt;

</description>
      <category>database</category>
      <category>javascript</category>
      <category>opensource</category>
      <category>security</category>
    </item>
    <item>
      <title>Make spec ↔ test ↔ code ↔ doc drift visible: `/sdd analyze` in UDS 5.17.0</title>
      <dc:creator>AsiaOstrich</dc:creator>
      <pubDate>Wed, 24 Jun 2026 01:10:29 +0000</pubDate>
      <link>https://dev.to/asiaostrich/make-spec-test-code-doc-drift-visible-sdd-analyze-in-uds-5170-2kli</link>
      <guid>https://dev.to/asiaostrich/make-spec-test-code-doc-drift-visible-sdd-analyze-in-uds-5170-2kli</guid>
      <description>&lt;p&gt;Spec-driven development has a quiet failure mode: your specs, tests, &lt;code&gt;.feature&lt;/code&gt; files, source, and user docs all start aligned — and then drift apart. A test loses its spec. An acceptance criterion never gets a test. A spec is marked &lt;em&gt;done&lt;/em&gt; but was never implemented. Nobody notices until it surfaces in review or production.&lt;/p&gt;

&lt;p&gt;Universal Dev Standards (UDS) — a language- and framework-agnostic toolkit of dev standards + AI-native workflows (&lt;code&gt;npm i -g universal-dev-standards&lt;/code&gt;) — makes that consistency &lt;strong&gt;executable&lt;/strong&gt; in 5.17.0.&lt;/p&gt;

&lt;h2&gt;
  
  
  &lt;code&gt;/sdd analyze&lt;/code&gt; — one command, 7 drift signals
&lt;/h2&gt;

&lt;p&gt;&lt;code&gt;/sdd analyze&lt;/code&gt; (XSPEC-262) scans your spec-driven artifacts and reports seven kinds of cross-artifact drift:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Orphan test&lt;/strong&gt; — a test with no spec behind it&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Uncovered AC&lt;/strong&gt; — an acceptance criterion with no test&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;&lt;code&gt;not_implemented&lt;/code&gt;&lt;/strong&gt; — a spec marked done but absent in code&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Cross-spec conflict&lt;/strong&gt; — two specs that contradict each other&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Orphan &lt;code&gt;.feature&lt;/code&gt;&lt;/strong&gt; — a feature file with no owning spec&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;AC-without-scenario&lt;/strong&gt; — an AC that no BDD scenario exercises&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;user-guide ↔ E2E drift&lt;/strong&gt; — docs and end-to-end tests out of sync&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;It's backed by &lt;code&gt;scripts/sdd-analyze.ts&lt;/code&gt; with 12 bats tests, and it fulfils XSPEC-260 R5 (extending the test-derivation chain all the way to user docs).&lt;/p&gt;

&lt;h2&gt;
  
  
  Two smaller additions
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;EARS notation (XSPEC-263)&lt;/strong&gt; — EARS is now an &lt;em&gt;optional&lt;/em&gt; AC format (&lt;code&gt;ears&lt;/code&gt; field in the schema). Given-When-Then remains the preferred default; EARS is there when a requirement reads more naturally as "When , the system shall ".&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Structured Bugfix Spec Template (XSPEC-264)&lt;/strong&gt; — the sdd-guide now splits into a decision tree plus a dedicated template for bugfix specs, so a fix gets the same traceability as a feature.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Adopting it
&lt;/h2&gt;

&lt;p&gt;Everything in 5.17.0 is &lt;strong&gt;additive and backward compatible&lt;/strong&gt; — no migration.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;npm i &lt;span class="nt"&gt;-g&lt;/span&gt; universal-dev-standards
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;If you already run spec-driven development, &lt;code&gt;/sdd analyze&lt;/code&gt; is the cheapest way to find out how much your artifacts have quietly drifted.&lt;/p&gt;

&lt;p&gt;github.com/AsiaOstrich/universal-dev-standards&lt;/p&gt;

</description>
      <category>news</category>
      <category>productivity</category>
      <category>testing</category>
      <category>tooling</category>
    </item>
    <item>
      <title>A hyped memory paper dropped. We didn't adopt it — and that was the point.</title>
      <dc:creator>AsiaOstrich</dc:creator>
      <pubDate>Mon, 15 Jun 2026 12:00:25 +0000</pubDate>
      <link>https://dev.to/asiaostrich/a-hyped-memory-paper-dropped-we-didnt-adopt-it-and-that-was-the-point-4de2</link>
      <guid>https://dev.to/asiaostrich/a-hyped-memory-paper-dropped-we-didnt-adopt-it-and-that-was-the-point-4de2</guid>
      <description>&lt;p&gt;Our daily scout surfaces AI-tooling papers every morning. Most weeks the disciplined answer to a shiny new architecture is "no" — and &lt;em&gt;why&lt;/em&gt; you say no is where the engineering judgment lives. Here's one worked example.&lt;/p&gt;

&lt;p&gt;In May 2026, &lt;strong&gt;SAGE: A Self-Evolving Agentic Graph-Memory Engine&lt;/strong&gt; (&lt;a href="https://arxiv.org/abs/2605.12061" rel="noopener noreferrer"&gt;arXiv:2605.12061&lt;/a&gt;) made the rounds. The pitch is genuinely good: turn graph memory from a passive retrieval middleware into a &lt;em&gt;dynamic long-term substrate&lt;/em&gt;, via two coupled components — a &lt;strong&gt;Memory Writer&lt;/strong&gt; that incrementally builds the graph from interaction history, and a &lt;strong&gt;Memory Reader&lt;/strong&gt; that retrieves &lt;em&gt;and feeds back&lt;/em&gt; to the writer. That reader→writer feedback loop is the self-evolution engine. The paper reports strong multi-hop QA results, best after two self-evolution rounds.&lt;/p&gt;

&lt;p&gt;The reflex that paper triggers in most teams: &lt;em&gt;new SOTA memory architecture — let's rebuild on it.&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;We did the opposite. We opened our own design doc first.&lt;/p&gt;

&lt;h2&gt;
  
  
  We already had it
&lt;/h2&gt;

&lt;p&gt;EngramGraph (our open-source code + knowledge-graph memory engine) already specifies a &lt;strong&gt;SAGE Evolution Loop&lt;/strong&gt;:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;a &lt;strong&gt;Writer&lt;/strong&gt; that updates node confidence in the graph from &lt;em&gt;feedback events&lt;/em&gt; — test pass/fail, human corrections, spec-status changes;&lt;/li&gt;
&lt;li&gt;a &lt;strong&gt;Reader&lt;/strong&gt; that returns high-confidence nodes first on query, and feeds that signal back to the Writer.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Line that up against the paper:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;SAGE paper&lt;/th&gt;
&lt;th&gt;EngramGraph (existing design)&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Memory Writer, incremental build&lt;/td&gt;
&lt;td&gt;Writer: feedback event → update node confidence / edges&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Memory Reader, retrieve + feed back&lt;/td&gt;
&lt;td&gt;Reader: high-confidence-first → feeds back to Writer&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Downstream feedback drives evolution&lt;/td&gt;
&lt;td&gt;Signals: test pass/fail, human fix, spec-status change&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;&lt;strong&gt;Architecturally isomorphic.&lt;/strong&gt; Adopting the paper's architecture wholesale would have added roughly nothing — except a rewrite, a migration, and the risk that comes with both.&lt;/p&gt;

&lt;h2&gt;
  
  
  So we borrowed the rigor, not the architecture
&lt;/h2&gt;

&lt;p&gt;A paper that &lt;em&gt;matches&lt;/em&gt; your design is still valuable — just not as a blueprint. It's valuable as &lt;strong&gt;backing and method&lt;/strong&gt;. We extracted exactly the three things our design was actually missing:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Formalization&lt;/strong&gt; — academic grounding for &lt;em&gt;why&lt;/em&gt; a reader-writer feedback loop beats static-graph retrieval. Useful when you have to defend a design, not just ship it.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;A validation method&lt;/strong&gt; — the paper's benchmark thinking inspired a code-graph &lt;em&gt;memory-quality yardstick&lt;/em&gt;, which moves our loop from "designed" to "measurably verified." This is the real prize: a way to prove the thing works, not just assert it.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Iteration-rounds design&lt;/strong&gt; — the paper's "best after two self-evolution rounds" gave us a convergence-rounds definition our loop simply didn't have.&lt;/li&gt;
&lt;/ol&gt;

&lt;h2&gt;
  
  
  The honest caveat (this is the part that matters)
&lt;/h2&gt;

&lt;p&gt;Here's the line we drew, in writing, before borrowing anything:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;The paper's benchmarks are multi-hop QA, Natural Questions, LongMemEval, HaluMem — &lt;strong&gt;none of which is a code-graph scenario&lt;/strong&gt;. The absolute numbers do not transfer.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;So we explicitly &lt;strong&gt;refuse to port the paper's numbers&lt;/strong&gt; into our domain. Every threshold in our borrow record is a &lt;em&gt;relative&lt;/em&gt; comparison — confidence-weighted reader vs. our own static-MERGE baseline — not "the paper got 91.6, so we should too." Cargo-culting a benchmark from dialogue memory into a code graph is exactly how you manufacture fiction and call it a result.&lt;/p&gt;

&lt;p&gt;We also wrote down what we deliberately &lt;strong&gt;did not&lt;/strong&gt; take: the paper's agent-dialogue-memory scenario doesn't fit a code graph, so its scenario-specific mechanics stay on the shelf.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why log a "no" at all
&lt;/h2&gt;

&lt;p&gt;Because a tech radar isn't a list of things you adopted. It's a record of &lt;em&gt;judgment&lt;/em&gt;. We filed SAGE as &lt;strong&gt;Trial&lt;/strong&gt;, scoped to relative validation, with the non-adoptions named. Six months from now, that record tells us — and anyone reading — not just &lt;em&gt;what&lt;/em&gt; we believed, but &lt;em&gt;how carefully&lt;/em&gt; we believed it.&lt;/p&gt;

&lt;p&gt;Half of staying current is reading everything. The other half is the discipline to take only the part that's actually load-bearing for &lt;em&gt;your&lt;/em&gt; problem.&lt;/p&gt;

&lt;p&gt;The decision record (DEC-078) and the design (XSPEC-237) are part of how we work in the open. EngramGraph itself is MIT, Node ≥ 22, no LLM required.&lt;/p&gt;

&lt;p&gt;→ github.com/AsiaOstrich/EngramGraph&lt;/p&gt;

</description>
      <category>agents</category>
      <category>ai</category>
      <category>machinelearning</category>
      <category>rag</category>
    </item>
    <item>
      <title>Introducing UDS — one playbook of dev standards your AI assistant actually follows</title>
      <dc:creator>AsiaOstrich</dc:creator>
      <pubDate>Tue, 09 Jun 2026 13:23:16 +0000</pubDate>
      <link>https://dev.to/asiaostrich/introducing-uds-one-playbook-of-dev-standards-your-ai-assistant-actually-follows-347n</link>
      <guid>https://dev.to/asiaostrich/introducing-uds-one-playbook-of-dev-standards-your-ai-assistant-actually-follows-347n</guid>
      <description>&lt;p&gt;Every team has "standards" — a wiki page nobody reads, a linter config, tribal knowledge. The moment you switch stacks, start a new repo, or hand work to an AI assistant, consistency resets to zero.&lt;/p&gt;

&lt;p&gt;Universal Dev Standards (UDS) is an attempt to fix that: a language- and framework-agnostic set of development standards plus AI-native workflows, installable in one command.&lt;/p&gt;

&lt;h2&gt;
  
  
  What it is
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;50+ standards (commits, testing, ADRs, security, API design, …) written to be language- and framework-agnostic.&lt;/li&gt;
&lt;li&gt;50+ skills / slash commands that turn those standards into actions: /discover, /sdd (spec-driven dev), /reverse (legacy code), /commit, /tdd, /security, and more.&lt;/li&gt;
&lt;li&gt;AI-native: it's built to drive AI coding tools (like Claude Code), so your assistant follows the same reviewable standards you would.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Try it
&lt;/h2&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;npm i -g universal-dev-standards
cd your-project
uds init
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;

&lt;p&gt;&lt;code&gt;uds init&lt;/code&gt; wires the standards into your AI tool's config. Then, in your editor:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;code&gt;/discover&lt;/code&gt; to understand an unfamiliar codebase&lt;/li&gt;
&lt;li&gt;
&lt;code&gt;/sdd&lt;/code&gt; to build a feature from specs&lt;/li&gt;
&lt;li&gt;
&lt;code&gt;/commit&lt;/code&gt; for a clean, conventional commit&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;MIT + CC BY 4.0, open source. Repo and docs: github.com/AsiaOstrich/universal-dev-standards&lt;/p&gt;

&lt;p&gt;Feedback welcome — especially what standards or workflows you'd want next.&lt;/p&gt;

</description>
      <category>opensource</category>
      <category>devtools</category>
      <category>ai</category>
      <category>productivity</category>
    </item>
  </channel>
</rss>
