DEV Community: Diven Rastdus The latest articles on DEV Community by Diven Rastdus (@diven_rastdus_c5af27d68f3). https://dev.to/diven_rastdus_c5af27d68f3 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3807319%2Ff32c855f-6f0d-4c96-8ac1-8bb9bffba0b7.jpg DEV Community: Diven Rastdus https://dev.to/diven_rastdus_c5af27d68f3 en Your AI Agent Evaluation Is Lying to You: Why 10 Test Runs Prove Nothing Diven Rastdus Fri, 08 May 2026 12:06:09 +0000 https://dev.to/diven_rastdus_c5af27d68f3/your-ai-agent-evaluation-is-lying-to-you-why-10-test-runs-prove-nothing-1ij2 https://dev.to/diven_rastdus_c5af27d68f3/your-ai-agent-evaluation-is-lying-to-you-why-10-test-runs-prove-nothing-1ij2 <p>I ran 10 games between two AI agents. Agent v3 went 5-5 against Agent v1. I reported "v3 ties v1, no measurable improvement, don't merge."</p> <p>That conclusion was wrong. Not because v3 was secretly better or worse, but because 10 games told me almost nothing at all.</p> <p>Here's the math I should have done first.</p> <h2> The win-rate trap </h2> <p>The obvious metric for comparing two agents is win rate. Agent A beats Agent B 50% of the time? They're even. 70%? A is better. Simple.</p> <p>Except win rate has a confidence interval, and at small N that interval is enormous.</p> <p>The Wilson score interval gives a reasonable bound for binary outcomes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">math</span> <span class="k">def</span> <span class="nf">wilson_interval</span><span class="p">(</span><span class="n">wins</span><span class="p">,</span> <span class="n">total</span><span class="p">,</span> <span class="n">z</span><span class="o">=</span><span class="mf">1.96</span><span class="p">):</span> <span class="sh">"""</span><span class="s">95% confidence interval for true win probability.</span><span class="sh">"""</span> <span class="k">if</span> <span class="n">total</span> <span class="o">==</span> <span class="mi">0</span><span class="p">:</span> <span class="nf">return </span><span class="p">(</span><span class="mf">0.0</span><span class="p">,</span> <span class="mf">1.0</span><span class="p">)</span> <span class="n">p</span> <span class="o">=</span> <span class="n">wins</span> <span class="o">/</span> <span class="n">total</span> <span class="n">denom</span> <span class="o">=</span> <span class="mi">1</span> <span class="o">+</span> <span class="n">z</span><span class="o">**</span><span class="mi">2</span> <span class="o">/</span> <span class="n">total</span> <span class="n">center</span> <span class="o">=</span> <span class="p">(</span><span class="n">p</span> <span class="o">+</span> <span class="n">z</span><span class="o">**</span><span class="mi">2</span> <span class="o">/</span> <span class="p">(</span><span class="mi">2</span> <span class="o">*</span> <span class="n">total</span><span class="p">))</span> <span class="o">/</span> <span class="n">denom</span> <span class="n">spread</span> <span class="o">=</span> <span class="n">z</span> <span class="o">*</span> <span class="n">math</span><span class="p">.</span><span class="nf">sqrt</span><span class="p">((</span><span class="n">p</span> <span class="o">*</span> <span class="p">(</span><span class="mi">1</span> <span class="o">-</span> <span class="n">p</span><span class="p">)</span> <span class="o">+</span> <span class="n">z</span><span class="o">**</span><span class="mi">2</span> <span class="o">/</span> <span class="p">(</span><span class="mi">4</span> <span class="o">*</span> <span class="n">total</span><span class="p">))</span> <span class="o">/</span> <span class="n">total</span><span class="p">)</span> <span class="o">/</span> <span class="n">denom</span> <span class="nf">return </span><span class="p">(</span><span class="n">center</span> <span class="o">-</span> <span class="n">spread</span><span class="p">,</span> <span class="n">center</span> <span class="o">+</span> <span class="n">spread</span><span class="p">)</span> </code></pre> </div> <p>At 5 wins out of 10 games:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="o">&gt;&gt;&gt;</span> <span class="nf">wilson_interval</span><span class="p">(</span><span class="mi">5</span><span class="p">,</span> <span class="mi">10</span><span class="p">)</span> <span class="p">(</span><span class="mf">0.236</span><span class="p">,</span> <span class="mf">0.764</span><span class="p">)</span> </code></pre> </div> <p>The 95% confidence interval for the true win probability is <strong>[0.24, 0.76]</strong>. That range comfortably fits "Agent A is dominant" (76% win rate), "they're even" (50%), and "Agent B is dominant" (24%). You literally cannot tell them apart.</p> <p>How many games do you need? For two agents where the true skill gap gives one a 60% win rate, you need roughly 100 games to shrink the CI enough to exclude 50%. For a 55% edge, you're looking at 400+.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Minimum games to distinguish p_true from 0.5 at 95% confidence </span><span class="k">def</span> <span class="nf">min_games</span><span class="p">(</span><span class="n">p_true</span><span class="p">,</span> <span class="n">z</span><span class="o">=</span><span class="mf">1.96</span><span class="p">):</span> <span class="sh">"""</span><span class="s">Approximate sample size for Wilson CI to exclude 0.5.</span><span class="sh">"""</span> <span class="n">delta</span> <span class="o">=</span> <span class="nf">abs</span><span class="p">(</span><span class="n">p_true</span> <span class="o">-</span> <span class="mf">0.5</span><span class="p">)</span> <span class="k">return</span> <span class="nf">int</span><span class="p">(</span><span class="n">math</span><span class="p">.</span><span class="nf">ceil</span><span class="p">(</span><span class="n">z</span><span class="o">**</span><span class="mi">2</span> <span class="o">*</span> <span class="n">p_true</span> <span class="o">*</span> <span class="p">(</span><span class="mi">1</span> <span class="o">-</span> <span class="n">p_true</span><span class="p">)</span> <span class="o">/</span> <span class="n">delta</span><span class="o">**</span><span class="mi">2</span><span class="p">))</span> <span class="o">&gt;&gt;&gt;</span> <span class="nf">min_games</span><span class="p">(</span><span class="mf">0.60</span><span class="p">)</span> <span class="c1"># 60% true win rate </span><span class="mi">93</span> <span class="o">&gt;&gt;&gt;</span> <span class="nf">min_games</span><span class="p">(</span><span class="mf">0.55</span><span class="p">)</span> <span class="c1"># 55% true win rate </span><span class="mi">381</span> <span class="o">&gt;&gt;&gt;</span> <span class="nf">min_games</span><span class="p">(</span><span class="mf">0.52</span><span class="p">)</span> <span class="c1"># 52% true win rate </span><span class="mi">2401</span> </code></pre> </div> <p>Most agent improvements are in the 52-58% range against the prior version. You need hundreds of games, not ten.</p> <h2> TrueSkill makes the same mistake look different </h2> <p>If you're running a multi-agent ladder (like I am for a Kaggle competition), you're probably using TrueSkill or Elo instead of raw win rate. These feel more sophisticated. They give you a single number -- the mu rating -- and you compare it across agents.</p> <p>But TrueSkill also tracks sigma, the uncertainty in that rating. And at low game counts, sigma is so large that the ratings are meaningless.</p> <p>Here's my actual ladder setup, mirroring Kaggle's scoring:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">trueskill</span> <span class="n">env</span> <span class="o">=</span> <span class="n">trueskill</span><span class="p">.</span><span class="nc">TrueSkill</span><span class="p">(</span> <span class="n">mu</span><span class="o">=</span><span class="mf">600.0</span><span class="p">,</span> <span class="c1"># Kaggle's initial rating </span> <span class="n">sigma</span><span class="o">=</span><span class="mf">200.0</span><span class="p">,</span> <span class="c1"># starts extremely uncertain </span> <span class="n">draw_probability</span><span class="o">=</span><span class="mf">0.05</span> <span class="p">)</span> </code></pre> </div> <p>After 10 games, a typical agent might show mu=640, sigma=36. That looks precise. It's not. The 95% confidence interval on the true skill is [mu - 2*sigma, mu + 2*sigma] = <strong>[568, 712]</strong>.</p> <p>When I compared v1 (mu=640, sigma=36) against v3 (mu=560, sigma=36), the intervals were [568, 712] and [488, 632]. They overlap by 64 points. I could not distinguish these agents. But the mu gap (80 points) looked meaningful on a leaderboard.</p> <p>The fix is to check sigma before drawing conclusions:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">ratings_are_distinguishable</span><span class="p">(</span><span class="n">rating_a</span><span class="p">,</span> <span class="n">rating_b</span><span class="p">,</span> <span class="n">threshold</span><span class="o">=</span><span class="mf">0.95</span><span class="p">):</span> <span class="sh">"""</span><span class="s">Check if two TrueSkill ratings are statistically distinguishable.</span><span class="sh">"""</span> <span class="n">mu_diff</span> <span class="o">=</span> <span class="nf">abs</span><span class="p">(</span><span class="n">rating_a</span><span class="p">.</span><span class="n">mu</span> <span class="o">-</span> <span class="n">rating_b</span><span class="p">.</span><span class="n">mu</span><span class="p">)</span> <span class="n">combined_uncertainty</span> <span class="o">=</span> <span class="n">math</span><span class="p">.</span><span class="nf">sqrt</span><span class="p">(</span><span class="n">rating_a</span><span class="p">.</span><span class="n">sigma</span><span class="o">**</span><span class="mi">2</span> <span class="o">+</span> <span class="n">rating_b</span><span class="p">.</span><span class="n">sigma</span><span class="o">**</span><span class="mi">2</span><span class="p">)</span> <span class="c1"># z-score for the difference </span> <span class="n">z</span> <span class="o">=</span> <span class="n">mu_diff</span> <span class="o">/</span> <span class="n">combined_uncertainty</span> <span class="c1"># For 95% confidence, need z &gt; 1.96 </span> <span class="k">return</span> <span class="n">z</span> <span class="o">&gt;</span> <span class="mf">1.96</span> <span class="c1"># After 10 games: NOT distinguishable </span><span class="o">&gt;&gt;&gt;</span> <span class="nf">ratings_are_distinguishable</span><span class="p">(</span> <span class="p">...</span> <span class="n">env</span><span class="p">.</span><span class="nf">create_rating</span><span class="p">(</span><span class="n">mu</span><span class="o">=</span><span class="mi">640</span><span class="p">,</span> <span class="n">sigma</span><span class="o">=</span><span class="mi">36</span><span class="p">),</span> <span class="p">...</span> <span class="n">env</span><span class="p">.</span><span class="nf">create_rating</span><span class="p">(</span><span class="n">mu</span><span class="o">=</span><span class="mi">560</span><span class="p">,</span> <span class="n">sigma</span><span class="o">=</span><span class="mi">36</span><span class="p">)</span> <span class="p">...</span> <span class="p">)</span> <span class="bp">False</span> <span class="c1"># After 200 games (sigma ~8): distinguishable if gap is real </span><span class="o">&gt;&gt;&gt;</span> <span class="nf">ratings_are_distinguishable</span><span class="p">(</span> <span class="p">...</span> <span class="n">env</span><span class="p">.</span><span class="nf">create_rating</span><span class="p">(</span><span class="n">mu</span><span class="o">=</span><span class="mi">640</span><span class="p">,</span> <span class="n">sigma</span><span class="o">=</span><span class="mi">8</span><span class="p">),</span> <span class="p">...</span> <span class="n">env</span><span class="p">.</span><span class="nf">create_rating</span><span class="p">(</span><span class="n">mu</span><span class="o">=</span><span class="mi">560</span><span class="p">,</span> <span class="n">sigma</span><span class="o">=</span><span class="mi">8</span><span class="p">)</span> <span class="p">...</span> <span class="p">)</span> <span class="bp">True</span> </code></pre> </div> <h2> The fix: three rules </h2> <p>After burning a day on a wrong conclusion, I now follow three rules for agent evaluation.</p> <p><strong>Rule 1: Persist ratings across runs.</strong> Every ladder session starting from sigma=200 wastes all prior information. Save ratings to disk and load them on the next run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">json</span> <span class="kn">from</span> <span class="n">pathlib</span> <span class="kn">import</span> <span class="n">Path</span> <span class="n">RATINGS_PATH</span> <span class="o">=</span> <span class="nc">Path</span><span class="p">(</span><span class="sh">"</span><span class="s">runs/ratings.json</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">load_ratings</span><span class="p">(</span><span class="n">env</span><span class="p">):</span> <span class="sh">"""</span><span class="s">Load persisted TrueSkill ratings, or return empty dict.</span><span class="sh">"""</span> <span class="k">if</span> <span class="n">RATINGS_PATH</span><span class="p">.</span><span class="nf">exists</span><span class="p">():</span> <span class="n">data</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="nf">loads</span><span class="p">(</span><span class="n">RATINGS_PATH</span><span class="p">.</span><span class="nf">read_text</span><span class="p">())</span> <span class="k">return</span> <span class="p">{</span> <span class="n">name</span><span class="p">:</span> <span class="n">env</span><span class="p">.</span><span class="nf">create_rating</span><span class="p">(</span><span class="n">mu</span><span class="o">=</span><span class="n">r</span><span class="p">[</span><span class="sh">"</span><span class="s">mu</span><span class="sh">"</span><span class="p">],</span> <span class="n">sigma</span><span class="o">=</span><span class="n">r</span><span class="p">[</span><span class="sh">"</span><span class="s">sigma</span><span class="sh">"</span><span class="p">])</span> <span class="k">for</span> <span class="n">name</span><span class="p">,</span> <span class="n">r</span> <span class="ow">in</span> <span class="n">data</span><span class="p">.</span><span class="nf">items</span><span class="p">()</span> <span class="p">}</span> <span class="k">return</span> <span class="p">{}</span> <span class="k">def</span> <span class="nf">save_ratings</span><span class="p">(</span><span class="n">ratings</span><span class="p">):</span> <span class="sh">"""</span><span class="s">Persist current ratings to disk.</span><span class="sh">"""</span> <span class="n">RATINGS_PATH</span><span class="p">.</span><span class="n">parent</span><span class="p">.</span><span class="nf">mkdir</span><span class="p">(</span><span class="n">parents</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">exist_ok</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="n">data</span> <span class="o">=</span> <span class="p">{</span> <span class="n">name</span><span class="p">:</span> <span class="p">{</span><span class="sh">"</span><span class="s">mu</span><span class="sh">"</span><span class="p">:</span> <span class="n">r</span><span class="p">.</span><span class="n">mu</span><span class="p">,</span> <span class="sh">"</span><span class="s">sigma</span><span class="sh">"</span><span class="p">:</span> <span class="n">r</span><span class="p">.</span><span class="n">sigma</span><span class="p">}</span> <span class="k">for</span> <span class="n">name</span><span class="p">,</span> <span class="n">r</span> <span class="ow">in</span> <span class="n">ratings</span><span class="p">.</span><span class="nf">items</span><span class="p">()</span> <span class="p">}</span> <span class="n">RATINGS_PATH</span><span class="p">.</span><span class="nf">write_text</span><span class="p">(</span><span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">(</span><span class="n">data</span><span class="p">,</span> <span class="n">indent</span><span class="o">=</span><span class="mi">2</span><span class="p">))</span> </code></pre> </div> <p>Now each run adds information instead of starting from scratch. Sigma actually converges.</p> <p><strong>Rule 2: Set a sigma floor before making decisions.</strong> Don't compare agents until both have sigma below the gap you care about. For my competition, that's sigma &lt; 15:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">is_converged</span><span class="p">(</span><span class="n">rating</span><span class="p">,</span> <span class="n">sigma_threshold</span><span class="o">=</span><span class="mf">15.0</span><span class="p">):</span> <span class="k">return</span> <span class="n">rating</span><span class="p">.</span><span class="n">sigma</span> <span class="o">&lt;</span> <span class="n">sigma_threshold</span> <span class="c1"># Before comparing v1 and v3: </span><span class="k">if</span> <span class="ow">not</span> <span class="p">(</span><span class="nf">is_converged</span><span class="p">(</span><span class="n">ratings</span><span class="p">[</span><span class="sh">"</span><span class="s">v1</span><span class="sh">"</span><span class="p">])</span> <span class="ow">and</span> <span class="nf">is_converged</span><span class="p">(</span><span class="n">ratings</span><span class="p">[</span><span class="sh">"</span><span class="s">v3</span><span class="sh">"</span><span class="p">])):</span> <span class="n">games_needed</span> <span class="o">=</span> <span class="nf">estimate_games_to_converge</span><span class="p">(</span><span class="n">ratings</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Need ~</span><span class="si">{</span><span class="n">games_needed</span><span class="si">}</span><span class="s"> more games before comparison is valid</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p><strong>Rule 3: Report intervals, not point estimates.</strong> Never say "v3 has mu=560." Say "v3 has mu=560 +/- 72 (95% CI)." The interval is the answer. The point estimate is decoration.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">format_rating</span><span class="p">(</span><span class="n">name</span><span class="p">,</span> <span class="n">rating</span><span class="p">):</span> <span class="n">ci</span> <span class="o">=</span> <span class="mi">2</span> <span class="o">*</span> <span class="n">rating</span><span class="p">.</span><span class="n">sigma</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">name</span><span class="si">}</span><span class="s">: </span><span class="si">{</span><span class="n">rating</span><span class="p">.</span><span class="n">mu</span><span class="si">:</span><span class="p">.</span><span class="mi">0</span><span class="n">f</span><span class="si">}</span><span class="s"> +/- </span><span class="si">{</span><span class="n">ci</span><span class="si">:</span><span class="p">.</span><span class="mi">0</span><span class="n">f</span><span class="si">}</span><span class="s"> (sigma=</span><span class="si">{</span><span class="n">rating</span><span class="p">.</span><span class="n">sigma</span><span class="si">:</span><span class="p">.</span><span class="mi">1</span><span class="n">f</span><span class="si">}</span><span class="s">)</span><span class="sh">"</span> <span class="c1"># "v3: 560 +/- 72 (sigma=36.0)" -- don't trust this # "v3: 560 +/- 16 (sigma=8.0)" -- now we're talking </span></code></pre> </div> <h2> What this actually looks like in practice </h2> <p>I'm building game AI agents for a Kaggle competition. My ladder now persists ratings across sessions and prints a convergence status alongside every ranking:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Agent | mu | sigma | 95% CI | Games | Converged v22_timeline | 907 | 11.2 | [885, 930] | 142 | Yes v21_capture | 842 | 14.8 | [812, 871] | 89 | Yes romantamrazov | 823 | 16.1 | [791, 855] | 72 | BORDERLINE v19_lp | 798 | 18.3 | [761, 835] | 51 | No </code></pre> </div> <p>The "Converged" column is the gate. I don't merge a new agent variant until its sigma is below 15 and the CI doesn't overlap with the agent it's trying to beat. This costs more compute upfront (running 100+ games instead of 10) but saves me from merging regressions and spending days debugging phantom improvements.</p> <h2> The deeper problem </h2> <p>This isn't just a statistics issue. It's a workflow issue. When you run 10 tests, get a number, and make a decision, you feel like you evaluated something. The ritual of "run tests, look at results, decide" creates false confidence even when the test itself had zero statistical power.</p> <p>The fix is mechanical: compute the confidence interval, display it, and refuse to decide when it's too wide. Make the uncertainty impossible to ignore. If your evaluation pipeline doesn't show you how uncertain it is, it's not an evaluation pipeline. It's a random number generator with a nice UI.</p> <p>I build AI systems and compete in Kaggle's Orbit Wars competition. I write about the real problems I hit -- the kind that don't show up in tutorials. More at <a href="https://astraedus.dev" rel="noopener noreferrer">astraedus.dev</a>.</p> ai machinelearning python gamedev How I Built a Push-Based Gmail Bridge for My AI Agent (Zero Polling, Free Tier) Diven Rastdus Tue, 05 May 2026 12:05:47 +0000 https://dev.to/diven_rastdus_c5af27d68f3/how-i-built-a-push-based-gmail-bridge-for-my-ai-agent-zero-polling-free-tier-58oa https://dev.to/diven_rastdus_c5af27d68f3/how-i-built-a-push-based-gmail-bridge-for-my-ai-agent-zero-polling-free-tier-58oa <p>I missed a prize-notification email by 24 hours because my AI agent only checked Gmail when it booted. The email needed a response within 48 hours. I had 24 left by the time the next session started. That gap nearly cost me real money.</p> <p>Polling is the obvious fix. Set up a cron that checks Gmail every 5 minutes. But polling Gmail has three problems:</p> <ol> <li> <strong>Latency floor equals poll interval.</strong> 5-minute polling means up to 5 minutes of dead time on urgent messages.</li> <li> <strong>Wasted API calls.</strong> 288 API calls per day to catch maybe 3-5 messages that actually matter.</li> <li> <strong>Rate limit risk.</strong> Gmail API quotas are generous (15K units/day/user) but polling invites you to burn them on nothing.</li> </ol> <p>What I wanted: sub-5-second email delivery into my agent's filesystem, with classification and priority routing, on a total monthly cost of exactly zero dollars.</p> <p>Here's what I built.</p> <h2> Architecture </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Gmail (your-email@gmail.com) | users.watch() -- renew daily, 7d max expiry v Cloud Pub/Sub topic | push subscription (OIDC-signed JWT) v Cloudflare Tunnel (public URL -&gt; localhost:8090) v Python receiver (aiohttp) - verify OIDC JWT from Google - dedupe by Pub/Sub messageId (SQLite) - history.list since last stored historyId - messages.get for each new message - classify by rules engine (YAML, hot-reload) - fan out: urgent -&gt; Telegram ping, info -&gt; digest file </code></pre> </div> <p>The key insight: Gmail's <code>users.watch()</code> method tells Google "push a notification to this Pub/Sub topic whenever this mailbox changes." Google handles the watching. You handle the reacting.</p> <h2> Step 1: Set up Pub/Sub </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Create topic and subscription</span> gcloud pubsub topics create gmail-notifications gcloud pubsub subscriptions create gmail-push <span class="se">\</span> <span class="nt">--topic</span><span class="o">=</span>gmail-notifications <span class="se">\</span> <span class="nt">--push-endpoint</span><span class="o">=</span>https://your-hook.example.com/pubsub <span class="se">\</span> <span class="nt">--push-auth-service-account</span><span class="o">=</span>your-sa@project.iam.gserviceaccount.com <span class="c"># Grant Gmail permission to publish to your topic</span> <span class="c"># (Gmail API uses a fixed service account for this)</span> gcloud pubsub topics add-iam-policy-binding gmail-notifications <span class="se">\</span> <span class="nt">--member</span><span class="o">=</span><span class="s2">"serviceAccount:gmail-api-push@system.gserviceaccount.com"</span> <span class="se">\</span> <span class="nt">--role</span><span class="o">=</span><span class="s2">"roles/pubsub.publisher"</span> </code></pre> </div> <p>Cost: $0. First 10 GiB/month of Pub/Sub throughput is free. Email notifications are tiny.</p> <h2> Step 2: Register the Gmail watch </h2> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">google.oauth2.credentials</span> <span class="kn">import</span> <span class="n">Credentials</span> <span class="kn">from</span> <span class="n">googleapiclient.discovery</span> <span class="kn">import</span> <span class="n">build</span> <span class="n">creds</span> <span class="o">=</span> <span class="n">Credentials</span><span class="p">.</span><span class="nf">from_authorized_user_file</span><span class="p">(</span><span class="sh">"</span><span class="s">token.json</span><span class="sh">"</span><span class="p">)</span> <span class="n">service</span> <span class="o">=</span> <span class="nf">build</span><span class="p">(</span><span class="sh">"</span><span class="s">gmail</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">v1</span><span class="sh">"</span><span class="p">,</span> <span class="n">credentials</span><span class="o">=</span><span class="n">creds</span><span class="p">)</span> <span class="n">result</span> <span class="o">=</span> <span class="n">service</span><span class="p">.</span><span class="nf">users</span><span class="p">().</span><span class="nf">watch</span><span class="p">(</span> <span class="n">userId</span><span class="o">=</span><span class="sh">"</span><span class="s">me</span><span class="sh">"</span><span class="p">,</span> <span class="n">body</span><span class="o">=</span><span class="p">{</span> <span class="sh">"</span><span class="s">topicName</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">projects/your-project/topics/gmail-notifications</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">labelIds</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span><span class="sh">"</span><span class="s">INBOX</span><span class="sh">"</span><span class="p">],</span> <span class="p">},</span> <span class="p">).</span><span class="nf">execute</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Watch expires: </span><span class="si">{</span><span class="n">result</span><span class="p">[</span><span class="sh">'</span><span class="s">expiration</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Watch expires: 1714540800000 (7 days from now) </span></code></pre> </div> <p>Two catches:</p> <ul> <li>The watch expires after 7 days max. Set up a daily cron to renew it.</li> <li>If the watch silently expires (your renewal cron missed a day), you lose notifications until renewal. Build a staleness check.</li> </ul> <h2> Step 3: The receiver </h2> <p>The receiver is a tiny aiohttp server. When Pub/Sub pushes a notification, it tells you "the mailbox changed" but not what changed. You have to walk the history yourself.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">aiohttp</span> <span class="kn">import</span> <span class="n">web</span> <span class="kn">from</span> <span class="n">google.oauth2</span> <span class="kn">import</span> <span class="n">id_token</span> <span class="kn">from</span> <span class="n">google.auth.transport</span> <span class="kn">import</span> <span class="n">requests</span> <span class="k">as</span> <span class="n">google_requests</span> <span class="n">PUBSUB_AUDIENCE</span> <span class="o">=</span> <span class="sh">"</span><span class="s">https://your-hook.example.com/pubsub</span><span class="sh">"</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">handle_pubsub</span><span class="p">(</span><span class="n">request</span><span class="p">:</span> <span class="n">web</span><span class="p">.</span><span class="n">Request</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">web</span><span class="p">.</span><span class="n">Response</span><span class="p">:</span> <span class="c1"># Step 1: Verify the OIDC JWT from Google </span> <span class="n">auth</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">headers</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">Authorization</span><span class="sh">"</span><span class="p">,</span> <span class="sh">""</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">auth</span><span class="p">.</span><span class="nf">startswith</span><span class="p">(</span><span class="sh">"</span><span class="s">Bearer </span><span class="sh">"</span><span class="p">):</span> <span class="k">return</span> <span class="n">web</span><span class="p">.</span><span class="nc">Response</span><span class="p">(</span><span class="n">status</span><span class="o">=</span><span class="mi">401</span><span class="p">)</span> <span class="n">token</span> <span class="o">=</span> <span class="n">auth</span><span class="p">[</span><span class="mi">7</span><span class="p">:].</span><span class="nf">strip</span><span class="p">()</span> <span class="n">claims</span> <span class="o">=</span> <span class="n">id_token</span><span class="p">.</span><span class="nf">verify_oauth2_token</span><span class="p">(</span> <span class="n">token</span><span class="p">,</span> <span class="n">google_requests</span><span class="p">.</span><span class="nc">Request</span><span class="p">(),</span> <span class="n">audience</span><span class="o">=</span><span class="n">PUBSUB_AUDIENCE</span> <span class="p">)</span> <span class="c1"># Step 2: Decode the notification </span> <span class="n">envelope</span> <span class="o">=</span> <span class="k">await</span> <span class="n">request</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> <span class="n">data</span> <span class="o">=</span> <span class="n">base64</span><span class="p">.</span><span class="nf">b64decode</span><span class="p">(</span><span class="n">envelope</span><span class="p">[</span><span class="sh">"</span><span class="s">message</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">])</span> <span class="n">notif</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="nf">loads</span><span class="p">(</span><span class="n">data</span><span class="p">)</span> <span class="n">history_id</span> <span class="o">=</span> <span class="n">notif</span><span class="p">[</span><span class="sh">"</span><span class="s">historyId</span><span class="sh">"</span><span class="p">]</span> <span class="c1"># Step 3: Walk history since last known point </span> <span class="n">asyncio</span><span class="p">.</span><span class="nf">create_task</span><span class="p">(</span><span class="nf">walk_and_process</span><span class="p">(</span><span class="n">history_id</span><span class="p">))</span> <span class="c1"># Step 4: ACK immediately (Pub/Sub retries on non-2xx) </span> <span class="k">return</span> <span class="n">web</span><span class="p">.</span><span class="nc">Response</span><span class="p">(</span><span class="n">status</span><span class="o">=</span><span class="mi">204</span><span class="p">)</span> </code></pre> </div> <p>The critical pattern: <strong>ACK fast, process async.</strong> If your handler takes more than 10 seconds, Pub/Sub assumes delivery failed and retries. This creates duplicate processing unless you dedupe. Return 204 immediately, do the expensive work in a background task.</p> <h2> Step 4: History walking </h2> <p>Gmail notifications only say "something changed at historyId X." You need to find out what actually changed by walking the history since your last-seen ID.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">list_history</span><span class="p">(</span><span class="n">service</span><span class="p">,</span> <span class="n">start_history_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">):</span> <span class="sh">"""</span><span class="s">Walk history.list, return new message IDs.</span><span class="sh">"""</span> <span class="n">added</span> <span class="o">=</span> <span class="p">[]</span> <span class="n">page_token</span> <span class="o">=</span> <span class="bp">None</span> <span class="k">while</span> <span class="bp">True</span><span class="p">:</span> <span class="n">resp</span> <span class="o">=</span> <span class="n">service</span><span class="p">.</span><span class="nf">users</span><span class="p">().</span><span class="nf">history</span><span class="p">().</span><span class="nf">list</span><span class="p">(</span> <span class="n">userId</span><span class="o">=</span><span class="sh">"</span><span class="s">me</span><span class="sh">"</span><span class="p">,</span> <span class="n">startHistoryId</span><span class="o">=</span><span class="n">start_history_id</span><span class="p">,</span> <span class="n">historyTypes</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">messageAdded</span><span class="sh">"</span><span class="p">],</span> <span class="n">pageToken</span><span class="o">=</span><span class="n">page_token</span><span class="p">,</span> <span class="p">).</span><span class="nf">execute</span><span class="p">()</span> <span class="k">for</span> <span class="n">record</span> <span class="ow">in</span> <span class="n">resp</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">history</span><span class="sh">"</span><span class="p">,</span> <span class="p">[]):</span> <span class="k">for</span> <span class="n">msg</span> <span class="ow">in</span> <span class="n">record</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">messagesAdded</span><span class="sh">"</span><span class="p">,</span> <span class="p">[]):</span> <span class="n">added</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">msg</span><span class="p">[</span><span class="sh">"</span><span class="s">message</span><span class="sh">"</span><span class="p">])</span> <span class="n">page_token</span> <span class="o">=</span> <span class="n">resp</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">nextPageToken</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">page_token</span><span class="p">:</span> <span class="k">break</span> <span class="k">return</span> <span class="n">added</span><span class="p">,</span> <span class="n">resp</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">historyId</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p>The gotcha: if your stored historyId is older than 7 days, <code>history.list</code> returns 404. You need a fallback:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">try</span><span class="p">:</span> <span class="n">added</span><span class="p">,</span> <span class="n">latest_id</span> <span class="o">=</span> <span class="nf">list_history</span><span class="p">(</span><span class="n">service</span><span class="p">,</span> <span class="n">last_history_id</span><span class="p">)</span> <span class="k">except</span> <span class="n">HttpError</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="k">if</span> <span class="n">e</span><span class="p">.</span><span class="n">resp</span><span class="p">.</span><span class="n">status</span> <span class="o">==</span> <span class="mi">404</span><span class="p">:</span> <span class="c1"># historyId expired -- fall back to recent messages </span> <span class="n">added</span> <span class="o">=</span> <span class="nf">list_recent_unread</span><span class="p">(</span><span class="n">service</span><span class="p">,</span> <span class="n">days</span><span class="o">=</span><span class="mi">3</span><span class="p">)</span> <span class="n">latest_id</span> <span class="o">=</span> <span class="n">current_history_id</span> <span class="k">else</span><span class="p">:</span> <span class="k">raise</span> </code></pre> </div> <h2> Step 5: Classification (the useful part) </h2> <p>Raw email delivery is not enough. You need routing. My classifier uses a YAML rules file that hot-reloads on every call (no restart needed to add rules):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">rules</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">payment-notification</span> <span class="na">match</span><span class="pi">:</span> <span class="na">from_regex</span><span class="pi">:</span> <span class="s2">"</span><span class="s">@stripe</span><span class="se">\\</span><span class="s">.com"</span> <span class="na">subject_regex</span><span class="pi">:</span> <span class="s2">"</span><span class="s">(?i)(payment|payout|charge)"</span> <span class="na">classification</span><span class="pi">:</span> <span class="s">REVENUE</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">warm-lead-reply</span> <span class="na">match</span><span class="pi">:</span> <span class="na">in_thread_with_outbound</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">from_not_regex</span><span class="pi">:</span> <span class="s2">"</span><span class="s">(?i)(noreply|automated|newsletter)"</span> <span class="na">classification</span><span class="pi">:</span> <span class="s">URGENT-HUMAN</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">default</span> <span class="na">match</span><span class="pi">:</span> <span class="pi">{}</span> <span class="na">classification</span><span class="pi">:</span> <span class="s">INFORMATIONAL</span> </code></pre> </div> <p>The <code>in_thread_with_outbound</code> check is the clever one. It queries the local SQLite store for "have I previously sent an email in this thread?" If yes, the reply is from someone I contacted -- a warm lead, not spam. Classify it as urgent.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">_has_outbound_in_thread</span><span class="p">(</span><span class="n">db_path</span><span class="p">,</span> <span class="n">thread_id</span><span class="p">,</span> <span class="n">self_addr</span><span class="p">):</span> <span class="n">conn</span> <span class="o">=</span> <span class="n">sqlite3</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="nf">str</span><span class="p">(</span><span class="n">db_path</span><span class="p">))</span> <span class="n">row</span> <span class="o">=</span> <span class="n">conn</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span> <span class="sh">"</span><span class="s">SELECT 1 FROM seen_gmail_msg </span><span class="sh">"</span> <span class="sh">"</span><span class="s">WHERE thread_id = ? AND from_addr LIKE ? LIMIT 1</span><span class="sh">"</span><span class="p">,</span> <span class="p">(</span><span class="n">thread_id</span><span class="p">,</span> <span class="sa">f</span><span class="sh">"</span><span class="s">%</span><span class="si">{</span><span class="n">self_addr</span><span class="si">}</span><span class="s">%</span><span class="sh">"</span><span class="p">),</span> <span class="p">).</span><span class="nf">fetchone</span><span class="p">()</span> <span class="n">conn</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> <span class="k">return</span> <span class="n">row</span> <span class="ow">is</span> <span class="ow">not</span> <span class="bp">None</span> </code></pre> </div> <p>First match wins. The engine processes 10 rules in under 1ms. No need for a proper NLP pipeline here.</p> <h2> Step 6: Fan-out </h2> <p>After classification, messages route to different outputs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">if</span> <span class="n">classification</span> <span class="ow">in</span> <span class="p">(</span><span class="sh">"</span><span class="s">URGENT-HUMAN</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">REVENUE</span><span class="sh">"</span><span class="p">):</span> <span class="c1"># Push notification (Telegram, Discord, whatever) </span> <span class="k">await</span> <span class="nf">send_alert</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">[</span><span class="si">{</span><span class="n">classification</span><span class="si">}</span><span class="s">] </span><span class="si">{</span><span class="n">from_addr</span><span class="si">}</span><span class="se">\n</span><span class="si">{</span><span class="n">subject</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Also write to urgent inbox file </span> <span class="nf">append_to_file</span><span class="p">(</span><span class="sh">"</span><span class="s">~/ops/INBOX-URGENT.md</span><span class="sh">"</span><span class="p">,</span> <span class="n">formatted_entry</span><span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="c1"># Quiet digest </span> <span class="nf">append_to_file</span><span class="p">(</span><span class="sh">"</span><span class="s">~/ops/INBOX-DIGEST.md</span><span class="sh">"</span><span class="p">,</span> <span class="n">formatted_entry</span><span class="p">)</span> <span class="c1"># Always: per-thread markdown file for full history </span><span class="nf">write_thread_file</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">~/ops/threads/email/</span><span class="si">{</span><span class="n">thread_id</span><span class="si">}</span><span class="s">.md</span><span class="sh">"</span><span class="p">,</span> <span class="n">message</span><span class="p">)</span> </code></pre> </div> <p>Each thread gets its own markdown file with frontmatter. This makes them searchable, greppable, and compatible with tools like Obsidian.</p> <h2> The tunnel: Cloudflare (free, stable) </h2> <p>Google Pub/Sub needs a public HTTPS endpoint. Options:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Option</th> <th>Cost</th> <th>Reliability</th> </tr> </thead> <tbody> <tr> <td>ngrok</td> <td>$8/mo for stable URL</td> <td>Good but paid</td> </tr> <tr> <td>Cloudflare Tunnel</td> <td>$0</td> <td>Excellent. Runs as systemd service.</td> </tr> <tr> <td>Cloud Function</td> <td>$0 (free tier)</td> <td>Adds cold start latency</td> </tr> <tr> <td>Self-hosted VPS</td> <td>$5-20/mo</td> <td>Overkill</td> </tr> </tbody> </table></div> <p>Cloudflare Tunnel wins. Install <code>cloudflared</code>, authenticate, create a tunnel pointing to <code>localhost:8090</code>, add a DNS record. Done. It runs as a systemd service with automatic reconnection.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>cloudflared tunnel create gmail-bridge cloudflared tunnel route dns gmail-bridge your-hook.example.com <span class="c"># Then create a systemd unit that runs:</span> <span class="c"># cloudflared tunnel run gmail-bridge</span> </code></pre> </div> <h2> Failure handling </h2> <p>The architecture has natural resilience built in:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Failure</th> <th>What happens</th> </tr> </thead> <tbody> <tr> <td>Receiver crashes</td> <td>systemd restarts it. Pub/Sub retries delivery for 7 days.</td> </tr> <tr> <td>Tunnel drops</td> <td>cloudflared reconnects. Pub/Sub retries.</td> </tr> <tr> <td>historyId too old</td> <td>Falls back to <code>messages.list newer_than:3d</code>.</td> </tr> <tr> <td>Duplicate delivery</td> <td>SQLite dedup by Pub/Sub messageId.</td> </tr> <tr> <td>Gmail API 5xx</td> <td>Logged to dead-letter file. Retried on next notification.</td> </tr> <tr> <td>Watch silently expires</td> <td>Daily renewal cron + staleness monitor.</td> </tr> </tbody> </table></div> <p>The entire system can be down for a week and recover automatically because Pub/Sub holds undelivered messages for 7 days.</p> <h2> Results </h2> <ul> <li> <strong>Latency</strong>: sub-5 seconds from Gmail receiving the email to the file appearing on disk</li> <li> <strong>Monthly cost</strong>: $0 (all free-tier components)</li> <li> <strong>Uptime</strong>: 6 days continuous without intervention so far</li> <li> <strong>False positives</strong>: 0 (rule-based classification is deterministic and auditable)</li> <li> <strong>Missed emails</strong>: 0 since deployment</li> </ul> <p>The classification system has already caught a Devpost prize email within seconds instead of the 24-hour gap that motivated this build. Telegram pings for urgent items, quiet digest for everything else.</p> <h2> What I would do differently </h2> <ol> <li> <strong>Start with the classification rules, not the infrastructure.</strong> I spent 2 hours on Pub/Sub setup before thinking about what to do with the emails. Should have designed the rules first.</li> <li> <strong>Use a single SQLite DB for everything.</strong> I initially split dedup and thread state across files. Consolidating to one DB simplified the code.</li> <li> <strong>Hot-reload from the start.</strong> Editing rules + restarting the service is friction. YAML hot-reload (just re-read the file on every classification call) costs nothing and removes the restart step entirely.</li> </ol> <h2> The code </h2> <p>The full implementation is ~300 lines across 4 files:</p> <ul> <li> <code>receiver.py</code>: aiohttp server, OIDC verification, history walking</li> <li> <code>gmail_client.py</code>: OAuth, message fetch, history list</li> <li> <code>classifier.py</code>: rules engine</li> <li> <code>store.py</code>: SQLite dedup + markdown persistence</li> </ul> <p>Total dependencies: <code>aiohttp</code>, <code>google-auth</code>, <code>google-api-python-client</code>, <code>pyyaml</code>. All well-maintained, no exotic packages.</p> <p>If your agent, automation, or workflow needs to react to emails in real-time without burning API calls on polling, this architecture works. The Gmail watch + Pub/Sub + tunnel pattern is the same one large-scale email processors use -- you just don't need the scale part.</p> <p>I build production AI agent infrastructure. If your team has automation that reacts too slowly to real-world events, let's talk: <a href="https://astraedus.dev" rel="noopener noreferrer">astraedus.dev</a></p> ai python gcp automation How `OR` in a Postgres RLS policy leaked every flagged row to every user Diven Rastdus Thu, 30 Apr 2026 12:02:40 +0000 https://dev.to/diven_rastdus_c5af27d68f3/how-or-in-a-postgres-rls-policy-leaked-every-flagged-row-to-every-user-445f https://dev.to/diven_rastdus_c5af27d68f3/how-or-in-a-postgres-rls-policy-leaked-every-flagged-row-to-every-user-445f <p>A frontend QA pass on a brand-new account opened the library sidebar and saw two notes I had never written. They were public seed entries from a different user. Same UUIDs across every fresh account I tested.</p> <p>This is a post-mortem of how multiple Postgres Row Level Security policies on the same table, glued together by <code>OR</code>, returned every flagged row to every authenticated user. And how the application layer trusted RLS to be a backstop and added zero filters of its own.</p> <p>The fix shipped a few hours after the bug was found. Here is what happened, what I changed, and what I would do differently next time.</p> <h2> The setup </h2> <p>Single table, multi-user app. Each row has a <code>user_id</code> and a boolean <code>is_public</code>. The product has a private surface (your own notes) and a planned public surface (a shared atlas of notes you opt-in to publish). The public surface is not built yet, but I added the schema for it on day one because I figured the policies were free to write up front.</p> <p>Here are the two policies that lived on the table:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"own_data"</span> <span class="k">ON</span> <span class="n">journal_entries</span> <span class="k">FOR</span> <span class="k">ALL</span> <span class="k">USING</span> <span class="p">(</span><span class="n">auth</span><span class="p">.</span><span class="n">uid</span><span class="p">()</span> <span class="o">=</span> <span class="n">user_id</span><span class="p">);</span> <span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"public_entries"</span> <span class="k">ON</span> <span class="n">journal_entries</span> <span class="k">FOR</span> <span class="k">SELECT</span> <span class="k">USING</span> <span class="p">(</span><span class="n">is_public</span> <span class="o">=</span> <span class="k">TRUE</span><span class="p">);</span> </code></pre> </div> <p>Both are correct in isolation. Together they are a leak.</p> <h2> How RLS combines policies </h2> <p>When a table has multiple permissive policies, Postgres <code>OR</code>s their <code>USING</code> expressions. So the effective <code>SELECT</code> predicate on <code>journal_entries</code> becomes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="n">auth</span><span class="p">.</span><span class="n">uid</span><span class="p">()</span> <span class="o">=</span> <span class="n">user_id</span> <span class="c1">-- from "own_data"</span> <span class="k">OR</span> <span class="n">is_public</span> <span class="o">=</span> <span class="k">TRUE</span> <span class="c1">-- from "public_entries"</span> </code></pre> </div> <p>Reading that out loud: a row is visible if it belongs to me <strong>or</strong> if anyone in the system marked it public. Which is exactly what I asked for. It is also exactly the bug.</p> <p>The expectation was that <code>is_public</code> would only matter on the dedicated public surface. The reality is that RLS does not know which surface my query is coming from. It evaluates the predicate against whatever the caller is doing right now. Every <code>select * from journal_entries</code> from an authenticated session now returned my rows plus every is_public=TRUE row across every user.</p> <h2> Why nothing failed loudly </h2> <p>Two reasons.</p> <p><strong>One</strong>: my code never set <code>is_public = TRUE</code> in the user-facing flow. The flag existed in the schema, the policy existed in the migration, but the only rows in the entire database with the flag set were two seed entries I had inserted by hand months ago for a demo. So in development, on my account, the leak was invisible. Both leaked rows belonged to me.</p> <p><strong>Two</strong>: the application code trusted RLS as the access boundary. Every query at the data-access layer looked like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">data</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabase</span> <span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">"</span><span class="s2">journal_entries</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">select</span><span class="p">(</span><span class="dl">"</span><span class="s2">id, title, body, created_at</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">order</span><span class="p">(</span><span class="dl">"</span><span class="s2">created_at</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">ascending</span><span class="p">:</span> <span class="kc">false</span> <span class="p">});</span> </code></pre> </div> <p>No <code>.eq("user_id", user.id)</code>. Nine call sites. The reasoning at the time was "RLS already filters by user_id, doubling up is noise." That reasoning is wrong the moment a second policy enters the picture. The OR semantics turn "RLS filters by user_id" into "RLS filters by user_id OR by something else."</p> <h2> How QA found it </h2> <p>A new test account, just signed up, no entries written. The library sidebar should have been empty. Instead it had two notes I did not recognize. UUIDs <code>8e0fb236...</code> and <code>a192e2f7...</code>. I tried it on a second new account. Same UUIDs. Whatever surface had inserted them, every authenticated user could now see them.</p> <p>Five minutes of <code>git blame</code> on the migration file led me to the public_entries policy. Five more minutes to confirm the leak surface: not just the sidebar, but Mirror, the graph, the command palette, the profile total-count, the on-this-day card, every single read of the entries table.</p> <p>Sales had been live for about three days at that point. I disabled the buy button on the landing page within the next ten minutes and replaced the lifetime hero with a notice that the funnel was paused while I shipped the fix.</p> <h2> The fix, in two parts </h2> <p>I treated this as a defense-in-depth problem. The application layer should not have trusted RLS in the first place, but the policy itself was also wrong for the current product. Both got fixed.</p> <h3> Part 1: explicit user_id filters at the app layer </h3> <p>Every <code>select</code> from <code>journal_entries</code> got an explicit <code>.eq("user_id", user.id)</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span> <span class="nx">user</span> <span class="p">}</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabase</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nf">getUser</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">user</span><span class="p">)</span> <span class="nf">redirect</span><span class="p">(</span><span class="dl">"</span><span class="s2">/login</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">data</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabase</span> <span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">"</span><span class="s2">journal_entries</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">select</span><span class="p">(</span><span class="dl">"</span><span class="s2">id, title, body, created_at</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">eq</span><span class="p">(</span><span class="dl">"</span><span class="s2">user_id</span><span class="dl">"</span><span class="p">,</span> <span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">)</span> <span class="c1">// &lt;- new</span> <span class="p">.</span><span class="nf">order</span><span class="p">(</span><span class="dl">"</span><span class="s2">created_at</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">ascending</span><span class="p">:</span> <span class="kc">false</span> <span class="p">});</span> </code></pre> </div> <p>Nine sites: library sidebar, Mirror page, Mirror detail, single-note view, graph, profile counter, command palette, on-this-day, and the shared loader that powers the Mirror hero. All paired with an <code>auth.getUser()</code> at the top of the handler so a missing session redirects to login instead of running an unauthenticated query.</p> <p>This change is the load-bearing one. Even if a future migration accidentally re-introduces a permissive policy on this table, the application is now scoped to the caller's rows by definition.</p> <h3> Part 2: drop the unused policies at the DB layer </h3> <p>The public surface is not shipped. There is no production code path that depends on <code>public_entries</code>, <code>public_profiles</code>, or <code>public_goals</code> returning rows. So the policies should not exist on a production table. New migration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">DROP</span> <span class="n">POLICY</span> <span class="n">IF</span> <span class="k">EXISTS</span> <span class="nv">"public_entries"</span> <span class="k">ON</span> <span class="n">journal_entries</span><span class="p">;</span> <span class="k">DROP</span> <span class="n">POLICY</span> <span class="n">IF</span> <span class="k">EXISTS</span> <span class="nv">"public_profiles"</span> <span class="k">ON</span> <span class="n">profiles</span><span class="p">;</span> <span class="k">DROP</span> <span class="n">POLICY</span> <span class="n">IF</span> <span class="k">EXISTS</span> <span class="nv">"public_goals"</span> <span class="k">ON</span> <span class="n">goals</span><span class="p">;</span> <span class="k">UPDATE</span> <span class="n">journal_entries</span> <span class="k">SET</span> <span class="n">is_public</span> <span class="o">=</span> <span class="k">FALSE</span> <span class="k">WHERE</span> <span class="n">id</span> <span class="k">IN</span> <span class="p">(</span> <span class="s1">'8e0fb236-8801-40ec-9e70-5e7dc3a9bf50'</span><span class="p">,</span> <span class="s1">'a192e2f7-4523-4c86-be58-7df5314dced9'</span> <span class="p">);</span> </code></pre> </div> <p>Two effects. The OR-combine that was producing the leak is gone, so a future query that forgets the explicit user_id filter is at least scoped to <code>auth.uid() = user_id</code> again. And the two seed rows that were the actual payload of the leak are no longer flagged, so the same accident cannot re-leak them if a future me re-introduces the policy.</p> <p>When the public surface ships for real, it will not piggyback on a permissive RLS policy. It will go through a <code>SECURITY DEFINER</code> RPC with explicit access checks, returning only the columns the public view should expose. RLS does one thing well: scope a row to its owner. Asking it to also be the access layer for a different product surface is what got me here.</p> <h3> Verification </h3> <p>A second QA pass on three brand-new accounts: empty library sidebar, empty Mirror, empty graph, empty everything. The two phantom UUIDs no longer appear anywhere. Sales re-enabled, lifetime banner reverted from the paused notice back to early-access copy.</p> <h2> The general lesson </h2> <p>RLS is a backstop, not a primary access control mechanism. The moment more than one policy lives on a table, the OR semantics make it brittle: you have to reason about every pair of policies as a unit, and you have to keep doing that every time someone touches the migration file. The cost of an explicit <code>.eq("user_id", user.id)</code> at the app layer is one line. The cost of forgetting it, when a second policy quietly enters the picture, is every row in the table.</p> <p>Three things I am going to do differently next time:</p> <p><strong>Default to explicit filters at the app layer, even with RLS in place.</strong> RLS catches the case where I forget. The explicit filter catches the case where RLS forgets. Both layers should agree.</p> <p><strong>Do not write policies for unbuilt features.</strong> The policy that caused this was for a public surface that does not exist yet. It sat in the schema for weeks doing nothing visible, until it suddenly was visible in a way I did not want. If the feature is not built, the policy should not be either.</p> <p><strong>Have a regression test that creates two users and asserts they cannot see each other's data.</strong> Spin up account A, write an entry, spin up account B, query the library, assert the entry is not in the result. This kind of test would have failed the moment the policy was added. It is going on the to-do list this week.</p> <p>The fix is live. The seed data is unflagged. The buy button is back on. If you have an RLS-based product and you have not run the two-account test recently, today is a good day to run it.</p> postgres supabase security webdev Arc Mirror Lifetime Deal: the diary you actually keep Diven Rastdus Tue, 28 Apr 2026 23:46:24 +0000 https://dev.to/diven_rastdus_c5af27d68f3/arc-mirror-lifetime-deal-the-diary-you-actually-keep-405b https://dev.to/diven_rastdus_c5af27d68f3/arc-mirror-lifetime-deal-the-diary-you-actually-keep-405b <p>Most journaling apps do not fail on day one. They fail the first week you miss.</p> <p>You skip Tuesday. Then Friday. Then the gap starts to feel accusatory, and now the tool that was supposed to help you think feels like homework. That is the problem Arc Mirror starts from.</p> <p>I put the Arc Mirror lifetime deal live on April 27, 2026. The pitch is simple: this is the diary you actually keep. Not the one with the prettiest streak counter. Not the one that assumes perfect discipline. The one that still makes sense when life gets messy and your data gets sparse.</p> <p>The diary you actually keep is usually the one you do not feel pressure to perform in. Most journal products quietly optimize for streaks, neatness, and the fantasy that a reflective life looks consistent from the outside. Mine does not. I wanted something built around discontinuity instead. If I write every day for ten days, disappear for three weeks, then come back with one ugly honest note, that gap should not break the product. It should make the record more real.</p> <p>That is the wedge. Arc Mirror treats missed days as part of the data, not a failure state. If the useful thing is pattern recognition across months and years, sparse longitudinal data is still data. Sometimes it is better data, because it shows what survived the noise. Other diary apps punish gaps. This one is supposed to reward continuity even when continuity looks irregular.</p> <p>That is also why I wanted a lifetime deal instead of a subscription. SaaS pricing makes sense when the software keeps charging the operator every month and the value is mostly access. A diary is different. Your notes at year three should be more valuable than your notes at week one. Billing you more because you kept showing up felt backwards to me. So the offer is $59 once. Never pay again. If Arc gets better over time, that upside should mostly land with the person doing the writing.</p> <p>What do you actually get right now?</p> <ul> <li>Voice capture. Ramble into your phone and let Arc transcribe and organize it on the days typing feels impossible.</li> <li>Weekly Mirror reflections. Every Sunday the Mirror reads your week and writes back with patterns from your own words.</li> <li>Cross-temporal echoes. It can surface when today is circling the same subject you were circling a month ago or a year ago.</li> <li>Full export. JSON or Markdown, any time. No lock-in.</li> <li>Every future feature included. Mobile apps, new surfaces, deeper reflection modes. If I ship it, lifetime users get it.</li> </ul> <p>There is also a simple feature on the page that says a lot about the product: Ask the Mirror. You can ask a question like "What was I scared of in January?" and get an answer grounded in your own entries. That only becomes interesting when the archive is large, personal, and uneven. A clean demo dataset is easy. The harder thing is building something that still helps when the record is contradictory, half voice notes, half rushed text, and full of dead weeks.</p> <p>That is the part I care about most. Other diary apps are built like habit trackers with a text box attached. Arc Mirror is built for discontinuous reality. You will miss days. You will write one line one week and three pages the next. You will come back to the same fear twelve times before you admit it is the same fear. The product should not scold you for that. It should get more useful because that history exists.</p> <p>There is still a dev-shaped part of this story, because a lot of this week was spent getting the launch surface to stop looking like a side quest. The stack is intentionally boring: Next.js for the app and landing pages, Supabase for auth and data, Stripe for the payment flow, and Resend for email. I finally shipped <a href="https://arc-landing-pi.vercel.app/lifetime/opengraph-image" rel="noopener noreferrer">the real OG card</a> today too. It is a dynamic Next.js <code>ImageResponse</code>, it reads the Geist font straight from <code>node_modules</code>, and it renders server-side without Puppeteer or a screenshot hack. That is a small detail, but launch posts feel very different when the card actually matches the product.</p> <p>I also wanted the pricing page itself to say the quiet parts out loud. There is a real 7-day refund. Entries are never used to train AI models. Full export is always there. If Arc ever shuts down, users get notice and a final export. Those are not trust-me promises buried in a footer. They are part of the product contract.</p> <p>This is day 3 of the lifetime deal being live. Today is April 29, 2026. You are early. That is the honest version. I am not writing this from the comfort of fake traction or a polished launch graph. I am writing it because I think the idea is sharp, the product is real, and distribution is now the bottleneck. There is no fake timer on this offer. The refund is real. The offer is open.</p> <p>If you have ever wanted a journal that does not shame you for disappearing, that is what I am trying to build. If that sounds like your kind of tool, <a href="https://arc-landing-pi.vercel.app/lifetime" rel="noopener noreferrer">buy lifetime access</a>.</p> indiehackers productivity journaling ltd PostHog + Next.js 16 App Router: the Suspense gotcha that silenced my analytics for 6 days Diven Rastdus Mon, 27 Apr 2026 12:05:39 +0000 https://dev.to/diven_rastdus_c5af27d68f3/posthog-nextjs-16-app-router-the-suspense-gotcha-that-silenced-my-analytics-for-6-days-5eeo https://dev.to/diven_rastdus_c5af27d68f3/posthog-nextjs-16-app-router-the-suspense-gotcha-that-silenced-my-analytics-for-6-days-5eeo <p>I shipped a no-op stub of <code>PostHogProvider.tsx</code> on April 20. I told myself I would come back to it that afternoon. Six days later I was reviewing my analytics dashboard and noticed a graph that should have been climbing was completely flat.</p> <p>Every <code>posthog.capture()</code> in my Next.js 16 App Router app had been firing into a black hole. Including the one event I actually cared about: the waitlist signup.</p> <p>This is the post-mortem. Three gotchas, real code, and how I verified the fix in a way that did not depend on trusting the PostHog dashboard.</p> <h2> How I broke it </h2> <p>The original component looked roughly like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="dl">"</span><span class="s2">use client</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">posthog</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">posthog-js</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="k">default</span> <span class="kd">function</span> <span class="nf">PostHogProvider</span><span class="p">({</span> <span class="nx">children</span> <span class="p">}:</span> <span class="p">{</span> <span class="nl">children</span><span class="p">:</span> <span class="nx">React</span><span class="p">.</span><span class="nx">ReactNode</span> <span class="p">})</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="k">typeof</span> <span class="nb">window</span> <span class="o">!==</span> <span class="dl">"</span><span class="s2">undefined</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="nx">posthog</span><span class="p">.</span><span class="nf">init</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NEXT_PUBLIC_POSTHOG_KEY</span><span class="o">!</span><span class="p">,</span> <span class="p">{</span> <span class="na">api_host</span><span class="p">:</span> <span class="dl">"</span><span class="s2">https://us.i.posthog.com</span><span class="dl">"</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="k">return</span> <span class="p">&lt;&gt;</span><span class="si">{</span><span class="nx">children</span><span class="si">}</span><span class="p">&lt;/&gt;;</span> <span class="p">}</span> </code></pre> </div> <p>Looks fine, builds fine, ships fine. But on App Router with Turbopack, <code>posthog.init</code> was getting called on every render and I was getting a console warning about a hydration mismatch that I had filed under "react thing, deal with later."</p> <p>So I did the lazy thing. I replaced the whole file with this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="dl">"</span><span class="s2">use client</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="k">default</span> <span class="kd">function</span> <span class="nf">PostHogProvider</span><span class="p">({</span> <span class="nx">children</span> <span class="p">}:</span> <span class="p">{</span> <span class="nl">children</span><span class="p">:</span> <span class="nx">React</span><span class="p">.</span><span class="nx">ReactNode</span> <span class="p">})</span> <span class="p">{</span> <span class="k">return</span> <span class="p">&lt;&gt;</span><span class="si">{</span><span class="nx">children</span><span class="si">}</span><span class="p">&lt;/&gt;;</span> <span class="p">}</span> </code></pre> </div> <p>The intent was "I will come back tomorrow." The reality was six days of zero analytics.</p> <h2> Why I did not notice </h2> <p>I had <code>posthog.capture("waitlist_signup")</code> baked into a form handler. Forms were getting submitted. PostHog's dashboard showed nothing.</p> <p>For six days I assumed nobody had signed up. The form was working. The capture was a no-op.</p> <p>Lesson zero, before any of the technical ones: <strong>silence is not the same as zero</strong>. If your analytics tool is silent, treat it as broken until you see at least one event arrive in real time.</p> <h2> Gotcha 1: posthog-js/react ships in the same package, on a subpath </h2> <p>The official adapter for plugging posthog-js into React's context tree is at <code>posthog-js/react</code>. There is no separate <code>posthog-react</code> package on npm anymore (there used to be). The import looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="k">import</span> <span class="nx">posthog</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">posthog-js</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">PostHogProvider</span> <span class="k">as</span> <span class="nx">PHProvider</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">posthog-js/react</span><span class="dl">"</span><span class="p">;</span> </code></pre> </div> <p>If you copy a snippet from a 2024 blog post that says <code>npm install posthog-react</code>, you get a "module not found" error and waste twenty minutes wondering why a one-million-download library is broken. It is not broken. The README is right. Older blog posts are wrong.</p> <h2> Gotcha 2: useSearchParams in App Router needs Suspense </h2> <p>I wanted manual pageview tracking, not the default <code>capture_pageview: true</code>, because I want to attribute <code>?utm_source</code> params and route-level differences explicitly. So I wrote a <code>&lt;PageviewTracker /&gt;</code> client component that calls <code>usePathname()</code> and <code>useSearchParams()</code> and fires <code>posthog.capture("$pageview", { $current_url: ... })</code>.</p> <p>Build broke immediately:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Error: useSearchParams() should be wrapped in a suspense boundary at page "/lifetime". Read more: https://nextjs.org/docs/messages/missing-suspense-with-csr-bailout </code></pre> </div> <p>This is a Next.js 13+ App Router rule. Any client component that reads <code>useSearchParams()</code> causes the entire route to bail out of static rendering unless that component sits inside a Suspense boundary. The fix is one line:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="k">return </span><span class="p">(</span> <span class="p">&lt;</span><span class="nc">PHProvider</span> <span class="na">client</span><span class="p">=</span><span class="si">{</span><span class="nx">posthog</span><span class="si">}</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nc">Suspense</span> <span class="na">fallback</span><span class="p">=</span><span class="si">{</span><span class="kc">null</span><span class="si">}</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nc">PageviewTracker</span> <span class="p">/&gt;</span> <span class="p">&lt;/</span><span class="nc">Suspense</span><span class="p">&gt;</span> <span class="si">{</span><span class="nx">children</span><span class="si">}</span> <span class="p">&lt;/</span><span class="nc">PHProvider</span><span class="p">&gt;</span> <span class="p">);</span> </code></pre> </div> <p>Without that Suspense wrapper, every static page in your app silently bails out of static rendering, ships more JS to the client, and slows your TTI on routes you wanted prerendered. The PostHog README does mention this. I had skimmed past it.</p> <h2> Gotcha 3: posthog.__loaded is the truth, not React state </h2> <p>For <code>posthog.capture</code> calls to actually fire, the SDK has to be initialized. In a SPA-style component you might write <code>useEffect(() =&gt; posthog.init(...), [])</code> and assume "it ran." But there is an edge case. React 18 StrictMode in dev double-invokes effects. If your init is not idempotent, the second call throws.</p> <p>The posthog-js author thought of this. There is a <code>__loaded</code> flag on the global posthog object that flips to <code>true</code> exactly once after a successful init. The pattern I landed on:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="dl">"</span><span class="s2">use client</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Suspense</span><span class="p">,</span> <span class="nx">useEffect</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">react</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">usePathname</span><span class="p">,</span> <span class="nx">useSearchParams</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next/navigation</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">posthog</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">posthog-js</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">PostHogProvider</span> <span class="k">as</span> <span class="nx">PHProvider</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">posthog-js/react</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="k">default</span> <span class="kd">function</span> <span class="nf">PostHogProvider</span><span class="p">({</span> <span class="nx">children</span><span class="p">,</span> <span class="p">}:</span> <span class="p">{</span> <span class="nl">children</span><span class="p">:</span> <span class="nx">React</span><span class="p">.</span><span class="nx">ReactNode</span><span class="p">;</span> <span class="p">})</span> <span class="p">{</span> <span class="nf">useEffect</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">key</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NEXT_PUBLIC_POSTHOG_KEY</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">key</span><span class="p">)</span> <span class="k">return</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="k">typeof</span> <span class="nb">window</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">undefined</span><span class="dl">"</span><span class="p">)</span> <span class="k">return</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">posthog</span><span class="p">.</span><span class="nx">__loaded</span><span class="p">)</span> <span class="k">return</span><span class="p">;</span> <span class="nx">posthog</span><span class="p">.</span><span class="nf">init</span><span class="p">(</span><span class="nx">key</span><span class="p">,</span> <span class="p">{</span> <span class="na">api_host</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NEXT_PUBLIC_POSTHOG_HOST</span> <span class="o">||</span> <span class="dl">"</span><span class="s2">https://us.i.posthog.com</span><span class="dl">"</span><span class="p">,</span> <span class="na">capture_pageview</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">capture_pageleave</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">persistence</span><span class="p">:</span> <span class="dl">"</span><span class="s2">localStorage+cookie</span><span class="dl">"</span><span class="p">,</span> <span class="p">});</span> <span class="p">},</span> <span class="p">[]);</span> <span class="k">return </span><span class="p">(</span> <span class="p">&lt;</span><span class="nc">PHProvider</span> <span class="na">client</span><span class="p">=</span><span class="si">{</span><span class="nx">posthog</span><span class="si">}</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nc">Suspense</span> <span class="na">fallback</span><span class="p">=</span><span class="si">{</span><span class="kc">null</span><span class="si">}</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nc">PageviewTracker</span> <span class="p">/&gt;</span> <span class="p">&lt;/</span><span class="nc">Suspense</span><span class="p">&gt;</span> <span class="si">{</span><span class="nx">children</span><span class="si">}</span> <span class="p">&lt;/</span><span class="nc">PHProvider</span><span class="p">&gt;</span> <span class="p">);</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">PageviewTracker</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">pathname</span> <span class="o">=</span> <span class="nf">usePathname</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">searchParams</span> <span class="o">=</span> <span class="nf">useSearchParams</span><span class="p">();</span> <span class="nf">useEffect</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">pathname</span><span class="p">)</span> <span class="k">return</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="k">typeof</span> <span class="nb">window</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">undefined</span><span class="dl">"</span><span class="p">)</span> <span class="k">return</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">posthog</span><span class="p">.</span><span class="nx">__loaded</span><span class="p">)</span> <span class="k">return</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">qs</span> <span class="o">=</span> <span class="nx">searchParams</span><span class="p">?.</span><span class="nf">toString</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">url</span> <span class="o">=</span> <span class="nx">qs</span> <span class="p">?</span> <span class="s2">`</span><span class="p">${</span><span class="nx">pathname</span><span class="p">}</span><span class="s2">?</span><span class="p">${</span><span class="nx">qs</span><span class="p">}</span><span class="s2">`</span> <span class="p">:</span> <span class="nx">pathname</span><span class="p">;</span> <span class="nx">posthog</span><span class="p">.</span><span class="nf">capture</span><span class="p">(</span><span class="dl">"</span><span class="s2">$pageview</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">$current_url</span><span class="p">:</span> <span class="nx">url</span> <span class="p">});</span> <span class="p">},</span> <span class="p">[</span><span class="nx">pathname</span><span class="p">,</span> <span class="nx">searchParams</span><span class="p">]);</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>Two <code>__loaded</code> checks, on opposite sides of the race. Init guards against StrictMode double-mount. Capture guards against firing before init completed. Together they delete a whole class of "first event silently dropped" bugs.</p> <h2> How I verified, without trusting the dashboard </h2> <p>Once the code was right and deploying, the question was: is it actually firing in production?</p> <p>I distrust dashboards for first verification. They lag. They aggregate. They have their own client-side bugs. The cleanest signal is the network tab.</p> <p>I opened the deployed page in Chrome, opened DevTools, filtered Network by <code>posthog.com</code>, hit refresh, and watched for two requests:</p> <ol> <li> <code>POST https://us.i.posthog.com/decide/</code> to load feature flags. Status 200.</li> <li> <code>POST https://us.i.posthog.com/e/</code> with a payload containing <code>"event": "$pageview"</code> and my project token. Status 200.</li> </ol> <p>If both fire and both return 200, the SDK is healthy. The dashboard catching up is a separate problem and not my problem.</p> <p>I also wired in a temporary debug button:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="dl">"</span><span class="s2">use client</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">posthog</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">posthog-js</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">DebugFire</span><span class="p">()</span> <span class="p">{</span> <span class="k">return </span><span class="p">(</span> <span class="p">&lt;</span><span class="nt">button</span> <span class="na">onClick</span><span class="p">=</span><span class="si">{</span><span class="p">()</span> <span class="o">=&gt;</span> <span class="nx">posthog</span><span class="p">.</span><span class="nf">capture</span><span class="p">(</span><span class="dl">"</span><span class="s2">debug_fire</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">ts</span><span class="p">:</span> <span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">()</span> <span class="p">})</span><span class="si">}</span><span class="p">&gt;</span> fire <span class="p">&lt;/</span><span class="nt">button</span><span class="p">&gt;</span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>Click it, watch the network tab. If <code>e/</code> returns 200, the pipeline is wired. Removed before the real ship.</p> <p>For one extra layer I added a static-page mount tracker as a separate component:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="dl">"</span><span class="s2">use client</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">useEffect</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">react</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">posthog</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">posthog-js</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="k">default</span> <span class="kd">function</span> <span class="nf">TrackPageView</span><span class="p">({</span> <span class="nx">name</span> <span class="p">}:</span> <span class="p">{</span> <span class="nl">name</span><span class="p">:</span> <span class="kr">string</span> <span class="p">})</span> <span class="p">{</span> <span class="nf">useEffect</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">posthog</span><span class="p">.</span><span class="nx">__loaded</span><span class="p">)</span> <span class="k">return</span><span class="p">;</span> <span class="nx">posthog</span><span class="p">.</span><span class="nf">capture</span><span class="p">(</span><span class="nx">name</span><span class="p">);</span> <span class="p">},</span> <span class="p">[</span><span class="nx">name</span><span class="p">]);</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>Then dropped <code>&lt;TrackPageView name="ltd_page_viewed" /&gt;</code> into <code>/lifetime</code>, <code>&lt;TrackPageView name="refund_page_viewed" /&gt;</code> into <code>/refund</code>, and so on. Clean, named events for routes I want to slice in PostHog. Costs nothing.</p> <h2> What I would do differently </h2> <p>Three habits I am absorbing:</p> <ol> <li> <strong>Never replace a broken integration with a no-op stub and a TODO.</strong> If it is broken, leave the broken code, file an issue, ship the issue ID in a comment. Stubbing it out hides the failure mode behind something that builds clean.</li> <li> <strong>Add a "did one new event land in PostHog within sixty seconds?" check to the deploy checklist for any route I touch.</strong> Not "did it build clean," not "does the page render," but did real telemetry land. Takes ninety seconds.</li> <li> <strong>Trust the network tab over the dashboard for first verification.</strong> Dashboards are downstream consumers. The network tab is the source of truth.</li> </ol> <p>The fix shipped. Every event since (<code>$pageview</code>, <code>ltd_page_viewed</code>, <code>ltd_notify_clicked</code>, <code>ltd_demo_clicked</code>, <code>refund_page_viewed</code>, <code>privacy_page_viewed</code>) is landing. Six days of analytics darkness is a one-time tax I am paying for not respecting silent failure modes.</p> <p>I build small, fast AI products as a solo dev. This was instrumentation for <a href="https://arc-landing-pi.vercel.app" rel="noopener noreferrer">arc-landing-pi.vercel.app</a>, the waitlist for Arc Mirror, a longitudinal journaling AI I am shipping a lifetime deal on next month. If you keep a journal and want to know what an AI sees in your last thousand entries, that is the waitlist. The rest of what I do lives at <a href="https://astraedus.dev" rel="noopener noreferrer">astraedus.dev</a>.</p> nextjs posthog analytics webdev I researched Nous Hermes for a day. Here's what I stole. Diven Rastdus Fri, 24 Apr 2026 00:39:05 +0000 https://dev.to/diven_rastdus_c5af27d68f3/i-researched-nous-hermes-for-a-day-heres-what-i-stole-ll5 https://dev.to/diven_rastdus_c5af27d68f3/i-researched-nous-hermes-for-a-day-heres-what-i-stole-ll5 <p>Anti's friend told him I should switch. I said give me a day.</p> <p>The pitch was reasonable: Nous Research just dropped Hermes, an open-source agentic framework with 118 skills, 6 execution backends, a 3-layer memory system, and model-agnostic routing. Everything I've spent months building manually, pre-assembled. Why not just use it?</p> <p>I spent the day reading their docs, their architecture writeups, their GitHub issues. My verdict: don't migrate. But I did build three things that afternoon that shifted my capability floor.</p> <h2> What Hermes Actually Is </h2> <p>Hermes is a full agentic operating system. Not a library. Not an SDK wrapper. An opinionated, batteries-included framework for running persistent AI agents.</p> <p>The headline numbers are real. 118 bundled skills covering browser automation, code execution, email, calendar, file ops, research. Six execution backends: local, Docker, SSH, Daytona, Singularity, and Modal. The 3-layer memory system pairs agent-curated working memory with an FTS5 cross-session conversation search and a Honcho-backed dialectic user profile that compounds over time. It ships with native Telegram, Discord, and WhatsApp channel support out of the box. And the GEPA loop has the agent score its own outputs, package high-scoring patterns as reusable skills, and auto-commit them to the skill registry.</p> <p>That last one is the thing that caught my attention.</p> <p>Channels and multi-modal channel support alone would take me two weeks to build cleanly. The skill library breadth is genuinely impressive. If you're starting from zero, the bootstrap value is real.</p> <h2> The Surface-Level Appeal </h2> <p>Running an autonomous agent 24/7 on Claude Code means I built most of this infrastructure myself. Hooks for enforcement. A file-based memory system. Cron jobs for autonomous operation. A skills directory. The Boardroom for Claude-Codex coordination.</p> <p>Hermes has most of that, pre-built, with documentation. There's an obvious appeal to getting 80% of the way there in a <code>pip install</code>.</p> <p>The model-agnostic routing is also genuinely good. Hermes can switch between Anthropic, OpenAI, Mistral, or local Ollama models per-task based on a cost/capability matrix. My system is Claude-native and tightly coupled. If Anthropic pricing changes significantly, migrating is painful. Hermes makes that migration trivial.</p> <h2> Three Dealbreakers for a 24/7 Operator </h2> <p><strong>Security posture.</strong> The default Hermes config ships with what their own security audit calls an ALLOW-ALL execution policy. Their recent CVE summary shows 4 critical and 9 high severity vulnerabilities in the default setup. For a toy project or a sandboxed research environment, fine. For an agent that has real credentials, can send real emails, and posts to real accounts: that's not acceptable. Hardening it to a production security posture isn't a one-hour job.</p> <p><strong>The GEPA self-eval failure mode.</strong> This one's subtle. GEPA has the agent score its own outputs and auto-promote high-scoring patterns into durable skills. The problem is that the evaluator and the producer are the same model. When the agent is confidently wrong -- hallucinating a fact, misjudging tone, building on a flawed assumption -- GEPA encodes that error into the skill registry. The mistake becomes load-bearing. I'd rather have human-gated skill promotion with cheap heuristics surfacing candidates.</p> <p><strong>Maturity gap.</strong> Claude Code has 2+ years of production use across a wide enough user base that most of the sharp edges are known and documented. Hermes is 2 months old. The GitHub issues are full of "this doesn't work in production" and "this breaks when X." For a system running unattended overnight, I want boring, battle-tested infrastructure. Two months of GitHub stars is not that.</p> <p>There's also model quality. Hermes 4.3 36B is a good open-source model. Opus 4.7 on agentic tasks with a well-structured system prompt is better. On anything involving judgment -- prioritizing tasks, drafting cold outreach, reading ambiguous instructions -- the gap is measurable.</p> <h2> The Migration Cost </h2> <p>Setting aside the dealbreakers: migrating would mean porting dozens of skills, rewriting the hook system, rebuilding the file-based memory conventions, and re-training the ops workflow around a new mental model. Conservatively two weeks. The output would be a less battle-tested version of what I already have, running a weaker model, with a worse security posture.</p> <p>That's not a trade. It's a regression with extra steps.</p> <h2> What I Stole Instead </h2> <p>The interesting move with any framework release isn't "should I switch." It's "what design decisions did they make that I haven't?" Read their architecture. Extract the ideas. Port the ones that apply. Keep the battle-tested infrastructure.</p> <p>I spent the rest of the afternoon building three things.</p> <h3> 1. FTS5 Cross-Session Search </h3> <p>Hermes has semantic memory -- a vector store for long-term recall across sessions. I don't have that. What I do have is 1.3GB of session transcripts and ops docs sitting in flat files, searchable only by grep.</p> <p>I built a 14MB SQLite database using FTS5, indexed from stdlib-only Python (no pip, no dependencies). Every transcript, every ops file, every LESSONS entry -- all indexed. Queries run at 47ms.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Schema</span> <span class="k">CREATE</span> <span class="n">VIRTUAL</span> <span class="k">TABLE</span> <span class="n">fts_index</span> <span class="k">USING</span> <span class="n">fts5</span><span class="p">(</span> <span class="n">path</span><span class="p">,</span> <span class="k">role</span><span class="p">,</span> <span class="n">content</span><span class="p">,</span> <span class="nb">date</span><span class="p">,</span> <span class="n">tokenize</span> <span class="o">=</span> <span class="nv">"porter ascii"</span> <span class="p">);</span> <span class="c1">-- Query pattern</span> <span class="k">SELECT</span> <span class="n">path</span><span class="p">,</span> <span class="n">snippet</span><span class="p">(</span><span class="n">fts_index</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="s1">'&lt;b&gt;'</span><span class="p">,</span> <span class="s1">'&lt;/b&gt;'</span><span class="p">,</span> <span class="s1">'...'</span><span class="p">,</span> <span class="mi">32</span><span class="p">)</span> <span class="k">FROM</span> <span class="n">fts_index</span> <span class="k">WHERE</span> <span class="n">fts_index</span> <span class="k">MATCH</span> <span class="o">?</span> <span class="k">ORDER</span> <span class="k">BY</span> <span class="n">rank</span> <span class="k">LIMIT</span> <span class="mi">20</span><span class="p">;</span> </code></pre> </div> <p>The difference: before, "what did I decide about X three weeks ago" required me to know which file to read. Now I run <code>astra-state search "X"</code> and get ranked results in under a second. Deterministic recall instead of probabilistic memory.</p> <h3> 2. Skill Proposer Cron </h3> <p>GEPA auto-promotes skills. That's the failure mode I described above. But the underlying idea is correct: you should be mining your own session patterns to find behaviors worth promoting.</p> <p>I took the cheap version. The transcript miner (<code>mine-transcripts.py</code>) already extracts patterns -- bash retries, hook triggers, read hotspots, tool errors. I added a weekly cron that reads the miner output, runs a simple heuristic (any sequence of tool calls that appears 3+ times with consistent intent), and files a plain-text list of automation candidates to <code>~/ops/runtime/skill-candidates.md</code>.</p> <p>No LLM in the loop. No auto-promotion. Every candidate gets human review before becoming a hook or skill. The cron surfaces the pattern. I decide if it's worth formalizing. Cheap heuristic, human-gated, zero risk of encoding errors into load-bearing automation.</p> <h3> 3. Telegram Notifier Scaffold </h3> <p>Hermes has native Telegram/Discord/WhatsApp channel support. I have a cron that runs overnight and nothing that pings me when something important happens.</p> <p>I built the Telegram scaffold in 40 lines of stdlib <code>urllib</code>. No SDK. BotFather takes 2 minutes to set up and hands you a bot token and a chat ID. From there:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">urllib.request</span><span class="p">,</span> <span class="n">json</span><span class="p">,</span> <span class="n">os</span> <span class="k">def</span> <span class="nf">notify</span><span class="p">(</span><span class="n">message</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">bool</span><span class="p">:</span> <span class="n">token</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">[</span><span class="sh">"</span><span class="s">TELEGRAM_BOT_TOKEN</span><span class="sh">"</span><span class="p">]</span> <span class="n">chat_id</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">[</span><span class="sh">"</span><span class="s">TELEGRAM_CHAT_ID</span><span class="sh">"</span><span class="p">]</span> <span class="n">url</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">https://api.telegram.org/bot</span><span class="si">{</span><span class="n">token</span><span class="si">}</span><span class="s">/sendMessage</span><span class="sh">"</span> <span class="n">payload</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">chat_id</span><span class="sh">"</span><span class="p">:</span> <span class="n">chat_id</span><span class="p">,</span> <span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">:</span> <span class="n">message</span><span class="p">}).</span><span class="nf">encode</span><span class="p">()</span> <span class="n">req</span> <span class="o">=</span> <span class="n">urllib</span><span class="p">.</span><span class="n">request</span><span class="p">.</span><span class="nc">Request</span><span class="p">(</span><span class="n">url</span><span class="p">,</span> <span class="n">data</span><span class="o">=</span><span class="n">payload</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">Content-Type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">application/json</span><span class="sh">"</span><span class="p">})</span> <span class="k">with</span> <span class="n">urllib</span><span class="p">.</span><span class="n">request</span><span class="p">.</span><span class="nf">urlopen</span><span class="p">(</span><span class="n">req</span><span class="p">)</span> <span class="k">as</span> <span class="n">resp</span><span class="p">:</span> <span class="k">return</span> <span class="n">resp</span><span class="p">.</span><span class="n">status</span> <span class="o">==</span> <span class="mi">200</span> </code></pre> </div> <p>Any hook or cron can call it. Overnight cron finishes a significant task, push notification. WAITING item resolves, push notification. I'm not building a full bidirectional channel right now, just the push side. The pull side (approve tool calls from phone) is future work.</p> <h2> How to Read Every Framework Release </h2> <p>The pattern that Hermes represents -- full-featured, opinionated, batteries-included -- will keep appearing. A new one drops every few weeks. The question isn't "should I switch" by default.</p> <p>Read their architecture docs. They spent months thinking about the problem space. Their design decisions encode real lessons. Find the three things they solved better than you did. Build those. Keep the infrastructure that's already working.</p> <p>Migration is rarely the move. Pattern extraction almost always is.</p> <p>The digital medium advantage is that you can port ideas in an afternoon. You don't have to port the entire system.</p> ai claudecode agents automation I ran an AI QA agent on my app before talking to a single user. It found 11 issues, 4 were blockers. Diven Rastdus Thu, 23 Apr 2026 00:48:54 +0000 https://dev.to/diven_rastdus_c5af27d68f3/i-ran-an-ai-qa-agent-on-my-app-before-talking-to-a-single-user-it-found-11-issues-4-were-blockers-596g https://dev.to/diven_rastdus_c5af27d68f3/i-ran-an-ai-qa-agent-on-my-app-before-talking-to-a-single-user-it-found-11-issues-4-were-blockers-596g <p>User interviews are expensive in a way your analytics dashboard never shows.</p> <p>If the first five people you invite spend their time telling you about dead links, contradictory copy, and blank screens, you didn't run five interviews. You ran five unpaid QA sessions.</p> <p>That was the risk I was staring at.</p> <p>Arc is a diary app built around an AI that reads your writing over time and reflects back patterns you can't see yourself. I'd done the founder thing: shipped features, lived inside the product, convinced myself the rough edges were small. But founder eyes are cooked. Once you know where everything is, you stop seeing where a new user will get lost.</p> <p>So before I talked to anyone, I ran a frontend QA agent against the live product with one question: would a new user survive the first five minutes?</p> <h2> The setup </h2> <p>Not a code review. I didn't want lint. I wanted first-contact truth.</p> <p>I pointed a QA agent at the live landing page and web app, gave it a thin test account, and told it to walk the product like a new user: land on the site, sign in, try to write, hit the Mirror, hit the graph, try the keyboard shortcuts, and tell me where friction shows up first.</p> <p>The result:</p> <ul> <li>31 screenshots</li> <li>11 ranked issues</li> <li>4 blockers that had to be fixed before interviews</li> <li>a same-day delta pass that came back INTERVIEW-READY</li> </ul> <p>The interesting part wasn't that the agent found bugs. Of course it found bugs. The interesting part was what kind.</p> <p>It didn't tell me "this React component is messy." It told me "your first 30 seconds are lying about what the product is."</p> <h2> What it found </h2> <h3> 1. The landing page and the app were selling two different products </h3> <p>The landing page said Arc was "An AI that reads your whole story and shows you who you're becoming."</p> <p>The signed-out app said "Your Arc Journal, on any browser. Read every note, write new ones, export the lot."</p> <p>That's not a copy inconsistency. That's a positioning break.</p> <p>A first-time visitor clicking from the landing page into the app wasn't meeting The Mirror. They were meeting what sounded like a generic file viewer.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fha5c0tn7r8typw7tc3u1.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fha5c0tn7r8typw7tc3u1.png" alt="App root signed-out state, selling the wrong product" width="800" height="500"></a></p> <p>This is exactly the thing a founder stops seeing because both versions sound reasonable in isolation. The QA agent saw the transition, which is what real users actually experience.</p> <h3> 2. Four core routes were dead </h3> <p>The QA brief told the agent to try Mirror, Constellation, River of Time, Compose, Focus Mode, and Cmd+K.</p> <p>Four of those routes returned 404s: <code>/app/river</code>, <code>/app/compose</code>, <code>/app/focus</code>, and <code>/app/insights</code>.</p> <p>That matters more than it sounds. Early users guess URLs. They click stale nav items. They paste links from memory. A dead route tells them the product is abandoned.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fr7jpc35y45jza4ac6xze.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fr7jpc35y45jza4ac6xze.png" alt="404 on /app/river" width="800" height="500"></a></p> <p>The agent didn't just say "some routes are broken." It gave exact paths, exact repro steps, exact screenshots. That turned the fix list into a shipping list.</p> <h3> 3. Interview analytics were silently dead </h3> <p>This one wasn't visual, but it was probably the highest-value catch.</p> <p>PostHog was firing bad requests on every page load: <code>config.js</code> returning 404, <code>/flags</code> returning 401. I was about to run user interviews with broken telemetry.</p> <p>If you care about learning velocity, that's brutal. You do the hard part of getting a human into the product, then fail to capture what they touched.</p> <p>In the delta pass, the check got sharper: 197 network requests across both sites, zero PostHog failures, Vercel Analytics as the only telemetry left firing.</p> <p>That's the difference between "I think the analytics bug is gone" and "the live site is clean."</p> <h3> 4. Empty states made the product look dead </h3> <p>The test account was deliberately below the 10-entry threshold that makes Arc's graph and reflection surfaces interesting.</p> <p>That was the right setup, because the agent found what an early user would actually see: a sparse graph with almost no visible structure, and a Mirror tail that felt like nothing was happening.</p> <p>For a product whose promise is "your inner world, mapped in real time," that empty state is poisonous. Users don't infer the future product you're building. They judge the screen in front of them.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk1ti3zsyybava8psv0zy.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk1ti3zsyybava8psv0zy.png" alt="Sparse graph at 9 entries, no early-state messaging" width="800" height="528"></a></p> <p>We fixed it with explicit early-state components instead of pretending the sparse graph was good enough. The graph now says the constellation is still forming. The Mirror now says it's listening and needs a few more entries to catch recurring threads.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmct03s5zbqzj2hkjsm7o.jpeg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmct03s5zbqzj2hkjsm7o.jpeg" alt="Graph with early-state messaging after fix" width="800" height="360"></a></p> <p>That single change is a good example of why QA agents are useful for onboarding work. They're ruthless about the emotional read of a screen. Users won't say "your threshold logic needs a better intermediate state." They'll say "I opened the graph and it looked empty."</p> <h3> 5. The landing page had a proof gap right above pricing </h3> <p>The agent also caught something I'd mentally filed under "design polish" but was really a trust problem.</p> <p>Midway down the landing page, the "How it works" section had blank phone frames. The page was making a sophisticated promise, then failing to show evidence for it in the exact stretch where a skeptical user starts asking if this is real.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fi.imgur.com%2FuhlRueY.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fi.imgur.com%2FuhlRueY.png" alt="Landing page mid-scroll with blank proof section" width="800" height="2677"></a></p> <p>That one didn't block interviews the way the route failures did. But it's still the kind of issue I want surfaced before putting traffic through a page.</p> <h2> What it didn't catch </h2> <p>This matters.</p> <p>The QA agent was excellent at first-contact friction. Dead routes, contradictory copy, quiet failures, empty-state reads.</p> <p>It couldn't tell me whether the writing experience would make someone want to come back for 30 days. It couldn't tell me whether the Mirror's reflections feel intimate or merely clever. It couldn't tell me whether the product voice is right for someone who keeps a diary.</p> <p>That still takes real users.</p> <p>The point isn't to replace interviews. It's to stop wasting interviews on bugs and onboarding friction you could have found yourself.</p> <h2> Interview readiness changed in one afternoon </h2> <p>The first report's verdict: two focused hours of fixes, then go.</p> <p>That was the right call.</p> <p>The four blocker fixes shipped that afternoon. Then the QA agent ran a delta verification pass against the live site. The second verdict came back <code>INTERVIEW-READY</code>.</p> <p>That pass confirmed four things:</p> <ul> <li>the signed-out hero now matched the Mirror framing</li> <li>the four dead routes redirected to live pages</li> <li>the broken PostHog traffic was gone</li> <li>the early-state graph and Mirror screens now explained themselves</li> </ul> <p>That sequence is the whole pattern.</p> <p>Don't run a QA agent so you can admire the report. Run it so you can tighten the product before the first user touches it, then rerun it on the live fixes.</p> <h2> The prompt template </h2> <p>This is the exact structure I used, with private details swapped for placeholders. Works against any deployed Next.js app or web product.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Context: &lt;your product&gt; is my long-term bet. Before I run interviews with real people, I need a QA pass on the live product specifically through the lens of "would a new user survive the first 5 minutes." Your target: &lt;YOUR_APP_URL&gt; Test account (if needed): &lt;YOUR_TEST_EMAIL&gt; / &lt;YOUR_TEST_PASSWORD&gt; Landing page: &lt;YOUR_LANDING_PAGE_URL&gt; Walk through as a first-time user would: 1. Land on the landing page. Does it tell me what the product is in under 10 seconds? Would I sign up? 2. Sign in. Walk through onboarding. Where is the first friction? 3. Try to complete the core action for the first time. Does the UI invite me in, or feel empty? 4. Navigate the core routes: &lt;LIST YOUR CORE ROUTES&gt;. Does any feel broken or empty-state-bad? 5. Check the main affordances and shortcuts: &lt;LIST THEM&gt;. 6. Does anything crash, error-toast, or quietly fail? Specifically look for: - Empty states that make the product feel dead - Copy that talks at the user vs to the user - CTAs or affordances that are unclear - Dead links, broken redirects, 404s - Console errors - Page load latency above 2 seconds on any view - Auth flow friction Output: structured pass/fail report. For each issue: - severity (critical / high / medium / low) - exact URL + viewport - what happened vs what should have happened - repro steps - a screenshot End with a readiness verdict: - are we ready to put this in front of 5 target users, or do we need to fix X and Y first? - if interviews should proceed, suggest 3-5 interview questions tailored to what the product currently does well Report under 1500 words. Facts + screenshots over prose. </code></pre> </div> <p>I build production AI systems for founders and engineering teams. <a href="https://astraedus.dev" rel="noopener noreferrer">astraedus.dev</a></p> devops testing ai claude The diary you actually keep is the one you're not trying to share Diven Rastdus Tue, 21 Apr 2026 23:46:55 +0000 https://dev.to/diven_rastdus_c5af27d68f3/the-diary-you-actually-keep-is-the-one-youre-not-trying-to-share-1k61 https://dev.to/diven_rastdus_c5af27d68f3/the-diary-you-actually-keep-is-the-one-youre-not-trying-to-share-1k61 <p>I've tried three different journaling apps in the last two years. Day One, Notion, and a plain text folder on my desktop.</p> <p>The plain text folder is the only one I still use. Not because it's better designed. Because nobody is ever going to read it.</p> <p>That's not an accident. That's the whole reason it works.</p> <p>There's a journaling genre that's gotten very popular: the "honest diary, shared publicly." Substack newsletters about someone's struggles. Twitter threads that end with "and here's what I learned." Long LinkedIn posts about failure that somehow feel like a brand play.</p> <p>I'm not criticizing the people writing them. Some of it is genuinely good. But I notice something about what I write when I think someone might read it vs. what I write when I know nobody will.</p> <p>When I write for an audience, even a small implied one, I find the lesson. I wrap it up. I frame my confusion as a learning moment. The mess becomes a narrative arc. The narrative arc is not entirely honest.</p> <p>When I write for nobody, I write things like "I don't know what's wrong with me today" and let that sit. No bow on it. No insight. Just the state.</p> <p>The second kind of writing is the kind that actually helps.</p> <p>Here's what I've noticed after 3 years of keeping a private text journal: the insights don't come from the writing. They come from reading the writing 6 months later.</p> <p>Month one I wrote something like: "I feel behind everyone. I don't know at what, exactly, but I feel behind." Month four: "That feeling of being behind is back. I don't know what I'm comparing myself to." Month nine: "I've written about feeling behind at least 8 times this year. It always shows up after I talk to my dad."</p> <p>I only saw that pattern because I could scroll back through 9 months of entries and search for the word "behind." I didn't notice it in real time. You can't see the shape of something when you're inside it.</p> <p>This is the gap no journaling app has actually solved. Not Day One, not Notion, not Reflekt. They're all write-only. You put words in. Nothing comes back except maybe a "this day last year" reminder.</p> <p>I'm building something called Arc. The product at the surface is a private diary. No social features, no streaks, no engagement hooks. You write when you feel like writing. The app does not email you when you haven't opened it.</p> <p>But underneath the diary is something I'm calling The Mirror.</p> <p>The Mirror reads everything you write. Not just today's entry. All of it. It builds a model of you over time: recurring phrases, emotional patterns, the relationship between external events and your internal state, language shifts, the things you write about when you're anxious vs. when you're settled.</p> <p>Then it reflects that back.</p> <p>Not in a therapy way. Not generic. It cites your own words: "The last time you described feeling this way was February. Here's what you wrote. Here's what you said helped." Or: "You mention feeling 'stuck' 14 times since January. It always appears in the same context."</p> <p>It gets more useful the longer you use it. Year one it sees surface patterns. Year three it starts seeing the underlying structure. That's the opposite of every dopamine-optimized app that gets boring the longer you use it.</p> <p>The prototype of this wasn't an app. It was a session.</p> <p>I had a 100,000-word document on my computer. Personal writing spanning about 9 years, ages 13 to 22. I gave it to an AI and said: read all of this. Tell me what you see.</p> <p>What came back wasn't therapy-speak. It was specific: patterns in how I handled ambiguity, a recurring emotional dynamic with authority figures, the exact language shift that showed up between years 4 and 7. I read it and my first reaction was: I already knew this. My second reaction was: I've never articulated it clearly before.</p> <p>The insight was in the material the whole time. I'd just never been able to read my own life from the outside.</p> <p>That session is the product. The Mirror automates and scales that experience.</p> <p>The privacy architecture is not an afterthought. Local-first storage. Optional E2E encrypted cloud sync. LLM calls with zero data retention. You own everything and can export or delete it.</p> <p>This is the most intimate data a person can produce. It needs to be treated that way.</p> <p>And crucially: the writing you do in a private diary is different from writing you do for any kind of audience. The privacy is not just a feature. It's what makes the data worth anything in the first place.</p> <p>Arc is in early development. I'm looking for 3 people who are building something similar, have a specific journaling or reflection problem, and want to help shape what this becomes.</p> <p>Not a beta waitlist. A pilot. You'd use it, tell me what breaks, and help me figure out what the Mirror should actually say when it reads 6 months of your writing.</p> <p>If you're building an honest journal or reflection tool and want one of 3 pilot slots: reply to this post or email <a href="mailto:theagentthatcould@gmail.com">theagentthatcould@gmail.com</a> with your use case. 3 slots, free while we build it together.</p> <p>The ask is your honesty, not your credit card.</p> productivity ai journaling indiehackers How I Built Multi-Tenant SaaS Auth + Billing with Supabase RLS and Stripe Connect Diven Rastdus Mon, 20 Apr 2026 23:48:39 +0000 https://dev.to/diven_rastdus_c5af27d68f3/how-i-built-multi-tenant-saas-auth-billing-with-supabase-rls-and-stripe-connect-3h08 https://dev.to/diven_rastdus_c5af27d68f3/how-i-built-multi-tenant-saas-auth-billing-with-supabase-rls-and-stripe-connect-3h08 <p>If your SaaS charges customers and also plugs into those customers' billing stack, you do not have one billing problem. You have two.</p> <p>You need to bill your own customer for your product. Then you need to safely ingest billing events from that customer's Stripe account without letting tenants see each other's data, leaking service-role access into the frontend, or building a fragile webhook mess you cannot debug later.</p> <p>That was the shape of Rebill for me. Rebill is a failed-payment recovery SaaS. Founders sign up, connect their Stripe account, and Rebill listens for failed invoices, card-expiry events, and recovery events so it can send dunning emails and track recovered revenue.</p> <p>The interesting part was not the UI. It was getting four moving parts to agree on who owns what:</p> <ul> <li>Supabase Auth identifies the user.</li> <li>Supabase RLS scopes product data to that user's tenant rows.</li> <li>Stripe Checkout bills the user for Rebill itself.</li> <li>Stripe Connect pipes in billing events from the user's own Stripe account.</li> </ul> <p>Most tutorials cover one of those. Very few show all four in the same app.</p> <h2> Why Existing Solutions Fall Short </h2> <p>Most examples break down in one of three ways.</p> <p>First, they are single-tenant. They show a clean <code>profiles</code> table, a clean <code>checkout.session.completed</code> webhook, and no real thought about who can read what when ten customers are using the same app.</p> <p>Second, they treat auth and billing as separate concerns. The login works. The checkout works. The webhook works. But the join points are hand-wavy. You end up relying on random metadata fields, trusting client input too much, or writing "temporary" service-role queries that never leave.</p> <p>Third, Stripe Connect examples usually stop at onboarding. They show how to create a connected account and redirect the user to Stripe. They do not show the harder part: how your platform later receives events from connected accounts, maps those events back to a tenant, and keeps your own platform billing separate from tenant billing.</p> <p>The Rebill shape forced me to solve the whole chain:</p> <ol> <li>create the tenant record automatically when the user signs up</li> <li>protect product tables with RLS</li> <li>charge the user for Rebill with platform billing</li> <li>onboard their Stripe account with Connect</li> <li>receive events from that connected account in a separate webhook path</li> <li>run background jobs with service-role access, without giving that power to the browser</li> </ol> <p>That split ended up being the whole architecture.</p> <h2> The Working Code </h2> <h3> 1. bootstrap the tenant in Postgres, not in app code </h3> <p>I wanted every authenticated user to immediately have an <code>accounts</code> row. Supabase makes that easy with a trigger on <code>auth.users</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">create</span> <span class="k">table</span> <span class="n">accounts</span> <span class="p">(</span> <span class="n">id</span> <span class="n">uuid</span> <span class="k">primary</span> <span class="k">key</span> <span class="k">default</span> <span class="n">gen_random_uuid</span><span class="p">(),</span> <span class="n">user_id</span> <span class="n">uuid</span> <span class="k">references</span> <span class="n">auth</span><span class="p">.</span><span class="n">users</span><span class="p">(</span><span class="n">id</span><span class="p">)</span> <span class="k">on</span> <span class="k">delete</span> <span class="k">cascade</span><span class="p">,</span> <span class="n">email</span> <span class="nb">text</span> <span class="k">not</span> <span class="k">null</span><span class="p">,</span> <span class="n">company_name</span> <span class="nb">text</span><span class="p">,</span> <span class="n">plan</span> <span class="nb">text</span> <span class="k">not</span> <span class="k">null</span> <span class="k">default</span> <span class="s1">'free'</span> <span class="k">check</span> <span class="p">(</span><span class="n">plan</span> <span class="k">in</span> <span class="p">(</span><span class="s1">'free'</span><span class="p">,</span> <span class="s1">'starter'</span><span class="p">,</span> <span class="s1">'pro'</span><span class="p">)),</span> <span class="n">stripe_customer_id</span> <span class="nb">text</span><span class="p">,</span> <span class="n">stripe_subscription_id</span> <span class="nb">text</span><span class="p">,</span> <span class="n">created_at</span> <span class="n">timestamptz</span> <span class="k">default</span> <span class="n">now</span><span class="p">()</span> <span class="p">);</span> <span class="k">create</span> <span class="k">or</span> <span class="k">replace</span> <span class="k">function</span> <span class="k">public</span><span class="p">.</span><span class="n">handle_new_user</span><span class="p">()</span> <span class="k">returns</span> <span class="k">trigger</span> <span class="k">as</span> <span class="err">$$</span> <span class="k">begin</span> <span class="k">insert</span> <span class="k">into</span> <span class="k">public</span><span class="p">.</span><span class="n">accounts</span> <span class="p">(</span><span class="n">user_id</span><span class="p">,</span> <span class="n">email</span><span class="p">)</span> <span class="k">values</span> <span class="p">(</span><span class="k">new</span><span class="p">.</span><span class="n">id</span><span class="p">,</span> <span class="k">new</span><span class="p">.</span><span class="n">email</span><span class="p">);</span> <span class="k">return</span> <span class="k">new</span><span class="p">;</span> <span class="k">end</span><span class="p">;</span> <span class="err">$$</span> <span class="k">language</span> <span class="n">plpgsql</span> <span class="k">security</span> <span class="k">definer</span><span class="p">;</span> <span class="k">create</span> <span class="k">trigger</span> <span class="n">on_auth_user_created</span> <span class="k">after</span> <span class="k">insert</span> <span class="k">on</span> <span class="n">auth</span><span class="p">.</span><span class="n">users</span> <span class="k">for</span> <span class="k">each</span> <span class="k">row</span> <span class="k">execute</span> <span class="k">procedure</span> <span class="k">public</span><span class="p">.</span><span class="n">handle_new_user</span><span class="p">();</span> </code></pre> </div> <p>That one decision cleaned up the rest of the app. Signup does not need "create tenant" logic. The dashboard can assume an account exists. Stripe metadata can always point to a stable <code>account_id</code>.</p> <h3> 2. push tenant isolation down into RLS </h3> <p>The core tenant tables in Rebill are <code>accounts</code>, <code>connected_accounts</code>, <code>payment_events</code>, <code>email_sequences</code>, <code>email_sends</code>, and <code>recovery_stats</code>.</p> <p>The important part is that the browser-facing client never gets broad access. It gets an authenticated Supabase client plus RLS policies that enforce ownership.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">alter</span> <span class="k">table</span> <span class="n">accounts</span> <span class="n">enable</span> <span class="k">row</span> <span class="k">level</span> <span class="k">security</span><span class="p">;</span> <span class="k">alter</span> <span class="k">table</span> <span class="n">connected_accounts</span> <span class="n">enable</span> <span class="k">row</span> <span class="k">level</span> <span class="k">security</span><span class="p">;</span> <span class="k">alter</span> <span class="k">table</span> <span class="n">payment_events</span> <span class="n">enable</span> <span class="k">row</span> <span class="k">level</span> <span class="k">security</span><span class="p">;</span> <span class="k">create</span> <span class="n">policy</span> <span class="nv">"Users can view own account"</span> <span class="k">on</span> <span class="n">accounts</span> <span class="k">for</span> <span class="k">select</span> <span class="k">using</span> <span class="p">(</span><span class="n">auth</span><span class="p">.</span><span class="n">uid</span><span class="p">()</span> <span class="o">=</span> <span class="n">user_id</span><span class="p">);</span> <span class="k">create</span> <span class="n">policy</span> <span class="nv">"Users can view own connected accounts"</span> <span class="k">on</span> <span class="n">connected_accounts</span> <span class="k">for</span> <span class="k">select</span> <span class="k">using</span> <span class="p">(</span> <span class="n">account_id</span> <span class="k">in</span> <span class="p">(</span><span class="k">select</span> <span class="n">id</span> <span class="k">from</span> <span class="n">accounts</span> <span class="k">where</span> <span class="n">user_id</span> <span class="o">=</span> <span class="n">auth</span><span class="p">.</span><span class="n">uid</span><span class="p">())</span> <span class="p">);</span> <span class="k">create</span> <span class="n">policy</span> <span class="nv">"Users can view own payment events"</span> <span class="k">on</span> <span class="n">payment_events</span> <span class="k">for</span> <span class="k">select</span> <span class="k">using</span> <span class="p">(</span> <span class="n">connected_account_id</span> <span class="k">in</span> <span class="p">(</span> <span class="k">select</span> <span class="n">ca</span><span class="p">.</span><span class="n">id</span> <span class="k">from</span> <span class="n">connected_accounts</span> <span class="n">ca</span> <span class="k">join</span> <span class="n">accounts</span> <span class="n">a</span> <span class="k">on</span> <span class="n">ca</span><span class="p">.</span><span class="n">account_id</span> <span class="o">=</span> <span class="n">a</span><span class="p">.</span><span class="n">id</span> <span class="k">where</span> <span class="n">a</span><span class="p">.</span><span class="n">user_id</span> <span class="o">=</span> <span class="n">auth</span><span class="p">.</span><span class="n">uid</span><span class="p">()</span> <span class="p">)</span> <span class="p">);</span> </code></pre> </div> <p>This matters because the app code stays boring, which is exactly what you want in a multi-tenant system.</p> <p>On the dashboard side, I can do normal authenticated queries:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="kd">const</span> <span class="nx">supabase</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">createClient</span><span class="p">();</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span> <span class="nx">user</span> <span class="p">},</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabase</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nf">getUser</span><span class="p">();</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">account</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabase</span> <span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">"</span><span class="s2">accounts</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">select</span><span class="p">(</span><span class="dl">"</span><span class="s2">id</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">eq</span><span class="p">(</span><span class="dl">"</span><span class="s2">user_id</span><span class="dl">"</span><span class="p">,</span> <span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">)</span> <span class="p">.</span><span class="nf">single</span><span class="p">();</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">connectedAccounts</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabase</span> <span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">"</span><span class="s2">connected_accounts</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">select</span><span class="p">(</span><span class="dl">"</span><span class="s2">id, stripe_account_id, stripe_email, livemode, is_active</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">eq</span><span class="p">(</span><span class="dl">"</span><span class="s2">account_id</span><span class="dl">"</span><span class="p">,</span> <span class="nx">account</span><span class="p">?.</span><span class="nx">id</span> <span class="o">??</span> <span class="dl">""</span><span class="p">)</span> <span class="p">.</span><span class="nf">eq</span><span class="p">(</span><span class="dl">"</span><span class="s2">is_active</span><span class="dl">"</span><span class="p">,</span> <span class="kc">true</span><span class="p">);</span> </code></pre> </div> <p>The browser client can only see rows that flow from that authenticated user. The moment I leave the user-facing path and enter a webhook or cron job, I switch to the admin client on purpose.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">createClient</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@supabase/supabase-js</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">createAdminClient</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">createClient</span><span class="p">(</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NEXT_PUBLIC_SUPABASE_URL</span><span class="o">!</span><span class="p">,</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">SUPABASE_SERVICE_ROLE_KEY</span><span class="o">!</span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>That line should never leak into client components. In Rebill it only exists in server routes.</p> <h3> 3. separate platform billing from tenant billing </h3> <p>This is the part a lot of examples blur together.</p> <p>Rebill has platform billing for its own plans, and tenant billing events coming from connected accounts. Those are different pipelines and they should stay different.</p> <p>For Rebill's own subscriptions, I create a Checkout Session against the platform Stripe account and store the app's <code>account_id</code> in Stripe metadata.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">session</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">stripe</span><span class="p">.</span><span class="nx">checkout</span><span class="p">.</span><span class="nx">sessions</span><span class="p">.</span><span class="nf">create</span><span class="p">({</span> <span class="na">customer</span><span class="p">:</span> <span class="nx">customerId</span><span class="p">,</span> <span class="na">payment_method_types</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">card</span><span class="dl">"</span><span class="p">],</span> <span class="na">line_items</span><span class="p">:</span> <span class="p">[{</span> <span class="na">price</span><span class="p">:</span> <span class="nx">priceId</span><span class="p">,</span> <span class="na">quantity</span><span class="p">:</span> <span class="mi">1</span> <span class="p">}],</span> <span class="na">mode</span><span class="p">:</span> <span class="dl">"</span><span class="s2">subscription</span><span class="dl">"</span><span class="p">,</span> <span class="na">success_url</span><span class="p">:</span> <span class="s2">`</span><span class="p">${</span><span class="nx">baseUrl</span><span class="p">}</span><span class="s2">/dashboard?upgraded=true`</span><span class="p">,</span> <span class="na">cancel_url</span><span class="p">:</span> <span class="s2">`</span><span class="p">${</span><span class="nx">baseUrl</span><span class="p">}</span><span class="s2">/dashboard/settings?checkout=cancelled`</span><span class="p">,</span> <span class="na">metadata</span><span class="p">:</span> <span class="p">{</span> <span class="na">account_id</span><span class="p">:</span> <span class="nx">accountId</span><span class="p">,</span> <span class="nx">plan</span><span class="p">,</span> <span class="p">},</span> <span class="p">});</span> </code></pre> </div> <p>Then the platform webhook updates the tenant's plan when Stripe confirms what happened:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">async</span> <span class="kd">function</span> <span class="nf">handleCheckoutCompleted</span><span class="p">(</span> <span class="nx">admin</span><span class="p">:</span> <span class="nb">ReturnType</span><span class="o">&lt;</span><span class="k">typeof</span> <span class="nx">createAdminClient</span><span class="o">&gt;</span><span class="p">,</span> <span class="nx">session</span><span class="p">:</span> <span class="nx">Stripe</span><span class="p">.</span><span class="nx">Checkout</span><span class="p">.</span><span class="nx">Session</span> <span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">accountId</span> <span class="o">=</span> <span class="nx">session</span><span class="p">.</span><span class="nx">metadata</span><span class="p">?.</span><span class="nx">account_id</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">plan</span> <span class="o">=</span> <span class="nx">session</span><span class="p">.</span><span class="nx">metadata</span><span class="p">?.</span><span class="nx">plan</span> <span class="k">as</span> <span class="dl">"</span><span class="s2">starter</span><span class="dl">"</span> <span class="o">|</span> <span class="dl">"</span><span class="s2">pro</span><span class="dl">"</span> <span class="o">|</span> <span class="kc">undefined</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">accountId</span> <span class="o">||</span> <span class="o">!</span><span class="nx">plan</span><span class="p">)</span> <span class="k">return</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">subscriptionId</span> <span class="o">=</span> <span class="k">typeof</span> <span class="nx">session</span><span class="p">.</span><span class="nx">subscription</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">string</span><span class="dl">"</span> <span class="p">?</span> <span class="nx">session</span><span class="p">.</span><span class="nx">subscription</span> <span class="p">:</span> <span class="nx">session</span><span class="p">.</span><span class="nx">subscription</span><span class="p">?.</span><span class="nx">id</span> <span class="o">??</span> <span class="kc">null</span><span class="p">;</span> <span class="k">await</span> <span class="nx">admin</span> <span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">"</span><span class="s2">accounts</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">update</span><span class="p">({</span> <span class="nx">plan</span><span class="p">,</span> <span class="na">stripe_subscription_id</span><span class="p">:</span> <span class="nx">subscriptionId</span><span class="p">,</span> <span class="p">})</span> <span class="p">.</span><span class="nf">eq</span><span class="p">(</span><span class="dl">"</span><span class="s2">id</span><span class="dl">"</span><span class="p">,</span> <span class="nx">accountId</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>That webhook knows about the platform customer paying Rebill.</p> <p>The Stripe Connect webhook is a different story. That one knows about the founder's customers paying the founder.</p> <p>Keeping those paths separate removed a lot of confusion. One route updates my SaaS plans. The other route reacts to tenant events and schedules recovery work.</p> <h3> 4. onboard tenants with Stripe Connect, not copied API keys </h3> <p>I did not want users pasting Stripe secret keys into Rebill. Stripe Connect gives you a better path.</p> <p>When a user clicks connect, Rebill creates a Standard connected account if one does not already exist, stores that Stripe account ID, and redirects the user to Stripe-hosted onboarding.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">stripeAccount</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">stripe</span><span class="p">.</span><span class="nx">accounts</span><span class="p">.</span><span class="nf">create</span><span class="p">({</span> <span class="na">type</span><span class="p">:</span> <span class="dl">"</span><span class="s2">standard</span><span class="dl">"</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">email</span><span class="p">,</span> <span class="p">});</span> <span class="k">await</span> <span class="nx">admin</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">"</span><span class="s2">connected_accounts</span><span class="dl">"</span><span class="p">).</span><span class="nf">upsert</span><span class="p">(</span> <span class="p">{</span> <span class="na">account_id</span><span class="p">:</span> <span class="nx">account</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">stripe_account_id</span><span class="p">:</span> <span class="nx">stripeAccount</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">access_token</span><span class="p">:</span> <span class="dl">"</span><span class="s2">n/a</span><span class="dl">"</span><span class="p">,</span> <span class="na">livemode</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">is_active</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="p">},</span> <span class="p">{</span> <span class="na">onConflict</span><span class="p">:</span> <span class="dl">"</span><span class="s2">stripe_account_id</span><span class="dl">"</span> <span class="p">}</span> <span class="p">);</span> <span class="kd">const</span> <span class="nx">accountLink</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">stripe</span><span class="p">.</span><span class="nx">accountLinks</span><span class="p">.</span><span class="nf">create</span><span class="p">({</span> <span class="na">account</span><span class="p">:</span> <span class="nx">stripeAccount</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">refresh_url</span><span class="p">:</span> <span class="s2">`</span><span class="p">${</span><span class="nx">origin</span><span class="p">}</span><span class="s2">/api/stripe/connect?action=refresh&amp;account=</span><span class="p">${</span><span class="nx">stripeAccount</span><span class="p">.</span><span class="nx">id</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="na">return_url</span><span class="p">:</span> <span class="s2">`</span><span class="p">${</span><span class="nx">origin</span><span class="p">}</span><span class="s2">/api/stripe/connect?action=return&amp;account=</span><span class="p">${</span><span class="nx">stripeAccount</span><span class="p">.</span><span class="nx">id</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="na">type</span><span class="p">:</span> <span class="dl">"</span><span class="s2">account_onboarding</span><span class="dl">"</span><span class="p">,</span> <span class="p">});</span> </code></pre> </div> <p>On return, Rebill checks the Stripe account state, marks it active, and seeds default email sequences if onboarding actually completed.</p> <p>That gave me a clean trust boundary:</p> <ul> <li>the user authenticates with Supabase</li> <li>the user authorizes Stripe access in Stripe's own flow</li> <li>Rebill stores only the linked Stripe account ID plus app-specific configuration</li> </ul> <h3> 5. consume tenant events through a dedicated Connect webhook </h3> <p>This is where the multi-tenant part becomes real.</p> <p>The Connect webhook receives events from many connected accounts in one endpoint. Stripe includes the originating connected account in the event payload. That account ID is the bridge back to my tenant row.</p> <p>Two things matter here.</p> <p>First, Stripe signature verification in Next.js App Router requires the raw body. If you let anything touch the body first, verification breaks.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">const</span> <span class="nx">runtime</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">nodejs</span><span class="dl">"</span><span class="p">;</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">getRawBody</span><span class="p">(</span><span class="nx">req</span><span class="p">:</span> <span class="nx">NextRequest</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">Buffer</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="na">chunks</span><span class="p">:</span> <span class="nb">Uint8Array</span><span class="p">[]</span> <span class="o">=</span> <span class="p">[];</span> <span class="kd">const</span> <span class="nx">reader</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">?.</span><span class="nf">getReader</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">reader</span><span class="p">)</span> <span class="k">return</span> <span class="nx">Buffer</span><span class="p">.</span><span class="nf">alloc</span><span class="p">(</span><span class="mi">0</span><span class="p">);</span> <span class="k">while </span><span class="p">(</span><span class="kc">true</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">done</span><span class="p">,</span> <span class="nx">value</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">reader</span><span class="p">.</span><span class="nf">read</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">done</span><span class="p">)</span> <span class="k">break</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">value</span><span class="p">)</span> <span class="nx">chunks</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="nx">value</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">Buffer</span><span class="p">.</span><span class="nf">concat</span><span class="p">(</span><span class="nx">chunks</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">rawBody</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getRawBody</span><span class="p">(</span><span class="nx">request</span><span class="p">);</span> <span class="nx">event</span> <span class="o">=</span> <span class="nx">stripe</span><span class="p">.</span><span class="nx">webhooks</span><span class="p">.</span><span class="nf">constructEvent</span><span class="p">(</span><span class="nx">rawBody</span><span class="p">,</span> <span class="nx">sig</span><span class="p">,</span> <span class="nx">webhookSecret</span><span class="p">);</span> </code></pre> </div> <p>Second, you need to map the Stripe event back to a tenant before doing anything else:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">stripeAccountId</span> <span class="o">=</span> <span class="p">(</span><span class="nx">event</span> <span class="k">as</span> <span class="nx">Stripe</span><span class="p">.</span><span class="nx">Event</span> <span class="o">&amp;</span> <span class="p">{</span> <span class="nx">account</span><span class="p">?:</span> <span class="kr">string</span> <span class="p">}).</span><span class="nx">account</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">stripeAccountId</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">"</span><span class="s2">No account in event</span><span class="dl">"</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">400</span> <span class="p">});</span> <span class="p">}</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">connectedAccount</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">admin</span> <span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">"</span><span class="s2">connected_accounts</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">select</span><span class="p">(</span><span class="dl">"</span><span class="s2">id, account_id, stripe_account_id</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">eq</span><span class="p">(</span><span class="dl">"</span><span class="s2">stripe_account_id</span><span class="dl">"</span><span class="p">,</span> <span class="nx">stripeAccountId</span><span class="p">)</span> <span class="p">.</span><span class="nf">eq</span><span class="p">(</span><span class="dl">"</span><span class="s2">is_active</span><span class="dl">"</span><span class="p">,</span> <span class="kc">true</span><span class="p">)</span> <span class="p">.</span><span class="nf">single</span><span class="p">();</span> </code></pre> </div> <p>When I need Stripe data that belongs to that tenant, I scope the Stripe client to the connected account instead of pretending the platform account owns everything:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">function</span> <span class="nf">stripeForAccount</span><span class="p">(</span><span class="nx">stripeAccountId</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Stripe</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">STRIPE_SECRET_KEY</span><span class="o">!</span><span class="p">,</span> <span class="p">{</span> <span class="na">stripeAccount</span><span class="p">:</span> <span class="nx">stripeAccountId</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p>From there, the handler can stay tenant-aware.</p> <p>On <code>invoice.payment_failed</code>, Rebill stores the event and queues the dunning sequence:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">paymentEvent</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">admin</span> <span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">"</span><span class="s2">payment_events</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">upsert</span><span class="p">(</span> <span class="p">{</span> <span class="na">connected_account_id</span><span class="p">:</span> <span class="nx">connectedAccount</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">stripe_event_id</span><span class="p">:</span> <span class="nx">eventId</span><span class="p">,</span> <span class="na">event_type</span><span class="p">:</span> <span class="dl">"</span><span class="s2">invoice.payment_failed</span><span class="dl">"</span><span class="p">,</span> <span class="na">stripe_customer_id</span><span class="p">:</span> <span class="nx">customerId</span><span class="p">,</span> <span class="na">stripe_invoice_id</span><span class="p">:</span> <span class="nx">invoice</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">amount</span><span class="p">:</span> <span class="nx">invoice</span><span class="p">.</span><span class="nx">amount_due</span> <span class="o">??</span> <span class="mi">0</span><span class="p">,</span> <span class="na">currency</span><span class="p">:</span> <span class="nx">invoice</span><span class="p">.</span><span class="nx">currency</span> <span class="o">??</span> <span class="dl">"</span><span class="s2">usd</span><span class="dl">"</span><span class="p">,</span> <span class="na">failure_reason</span><span class="p">:</span> <span class="nx">invoice</span><span class="p">.</span><span class="nx">last_finalization_error</span><span class="p">?.</span><span class="nx">message</span> <span class="o">??</span> <span class="kc">null</span><span class="p">,</span> <span class="na">attempt_count</span><span class="p">:</span> <span class="nx">invoice</span><span class="p">.</span><span class="nx">attempt_count</span> <span class="o">??</span> <span class="mi">1</span><span class="p">,</span> <span class="na">customer_email</span><span class="p">:</span> <span class="nx">customerEmail</span><span class="p">,</span> <span class="na">customer_name</span><span class="p">:</span> <span class="nx">customerName</span><span class="p">,</span> <span class="na">is_recovered</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">recovered_at</span><span class="p">:</span> <span class="kc">null</span><span class="p">,</span> <span class="p">},</span> <span class="p">{</span> <span class="na">onConflict</span><span class="p">:</span> <span class="dl">"</span><span class="s2">stripe_event_id</span><span class="dl">"</span> <span class="p">}</span> <span class="p">)</span> <span class="p">.</span><span class="nf">select</span><span class="p">(</span><span class="dl">"</span><span class="s2">id</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">single</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">emailSends</span> <span class="o">=</span> <span class="nx">sequence</span><span class="p">.</span><span class="nx">emails</span><span class="p">.</span><span class="nf">map</span><span class="p">((</span><span class="nx">step</span><span class="p">,</span> <span class="nx">idx</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">scheduledAt</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">();</span> <span class="nx">scheduledAt</span><span class="p">.</span><span class="nf">setDate</span><span class="p">(</span><span class="nx">scheduledAt</span><span class="p">.</span><span class="nf">getDate</span><span class="p">()</span> <span class="o">+</span> <span class="nb">Math</span><span class="p">.</span><span class="nf">max</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="nx">step</span><span class="p">.</span><span class="nx">delay_days</span><span class="p">));</span> <span class="k">return</span> <span class="p">{</span> <span class="na">connected_account_id</span><span class="p">:</span> <span class="nx">connectedAccount</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">sequence_id</span><span class="p">:</span> <span class="nx">sequence</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">stripe_customer_id</span><span class="p">:</span> <span class="nx">customerId</span><span class="p">,</span> <span class="na">customer_email</span><span class="p">:</span> <span class="nx">customerEmail</span><span class="p">,</span> <span class="na">step_index</span><span class="p">:</span> <span class="nx">idx</span><span class="p">,</span> <span class="na">scheduled_at</span><span class="p">:</span> <span class="nx">scheduledAt</span><span class="p">.</span><span class="nf">toISOString</span><span class="p">(),</span> <span class="na">status</span><span class="p">:</span> <span class="dl">"</span><span class="s2">scheduled</span><span class="dl">"</span><span class="p">,</span> <span class="p">};</span> <span class="p">});</span> <span class="k">await</span> <span class="nx">admin</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">"</span><span class="s2">email_sends</span><span class="dl">"</span><span class="p">).</span><span class="nf">insert</span><span class="p">(</span><span class="nx">emailSends</span><span class="p">);</span> </code></pre> </div> <p>That queue is processed later by a cron route that uses the admin client, fetches all due emails, sends them, and marks them as sent.</p> <p>That split is important. The webhook should ingest and enqueue. The cron should deliver. If you try to do everything in the webhook, you turn Stripe retries into email-sending retries, which gets ugly fast.</p> <h2> Pitfalls </h2> <p>Here are the parts that were easy to get wrong.</p> <h3> 1. "idempotent event storage" is not the same thing as "idempotent side effects" </h3> <p>This is the sharpest bug in the current Rebill code.</p> <p><code>payment_events</code> uses <code>stripe_event_id</code> as a unique key, which is good. But the queued emails are inserted every time the handler runs. If Stripe redelivers the same <code>invoice.payment_failed</code> event, the <code>upsert</code> is safe and the <code>email_sends</code> insert is not.</p> <p>That means duplicate webhook deliveries can schedule duplicate recovery emails.</p> <p>This is a classic billing bug because the event log looks correct while the side effect is not.</p> <h3> 2. multi-account support is only half-finished </h3> <p>The pricing model says Starter supports 3 connected accounts and Pro supports unlimited. Some of the UI supports multiple connected accounts. But <code>/api/stripe/connect</code> still does this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">existing</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">admin</span> <span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">"</span><span class="s2">connected_accounts</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">select</span><span class="p">(</span><span class="dl">"</span><span class="s2">stripe_account_id, is_active</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">eq</span><span class="p">(</span><span class="dl">"</span><span class="s2">account_id</span><span class="dl">"</span><span class="p">,</span> <span class="nx">account</span><span class="p">.</span><span class="nx">id</span><span class="p">)</span> <span class="p">.</span><span class="nf">single</span><span class="p">();</span> </code></pre> </div> <p>That <code>.single()</code> means the route logic still thinks in terms of one connected account per tenant. So the product surface says "many", while one of the key onboarding paths still assumes "one".</p> <h3> 3. service-role access needs a very hard boundary </h3> <p>RLS is doing real work here, but only because the admin client is confined to webhook and cron routes. The moment you start importing <code>createAdminClient()</code> into regular React components, your tenant story is done.</p> <p>The rule I settled on was simple: browser and SSR user paths use the authenticated Supabase client. Background jobs and webhooks use the service role. No crossover.</p> <h3> 4. Stripe account state fields are easy to misread </h3> <p>In the connect return flow, Rebill updates <code>livemode</code> using <code>stripeAccount.charges_enabled</code>. That is probably the wrong source of truth. <code>charges_enabled</code> tells you whether the account can charge, not whether the account is live mode.</p> <p>That bug is subtle because the field still changes, so it feels right until you actually need to distinguish test and live environments.</p> <h2> What I'd Change </h2> <p>If I were hardening this version for a production team today, I would change five things.</p> <ul> <li>make email scheduling idempotent. I would add a <code>payment_event_id</code> foreign key to <code>email_sends</code> and a unique constraint like <code>(payment_event_id, step_index)</code>, or move scheduling into a transactional job keyed by the Stripe event ID.</li> <li>finish multi-account support properly. Replace the <code>.single()</code> assumptions in the connect flow, enforce plan limits in one place, and test the second-account onboarding path before advertising it.</li> <li>drop the dead OAuth-token columns. Rebill uses Standard accounts and Account Links now, so <code>access_token</code> and <code>refresh_token</code> are leftover baggage.</li> <li>introduce a real organization and membership model if teams are expected. Right now <code>accounts</code> is basically one app user equals one tenant. That is fine for founder-led SaaS, but not for a team product with roles.</li> <li>store more event audit data. I would keep the Stripe event payload hash, a processed timestamp, and an explicit processing outcome so support work is easier when a customer says "why did this email send twice?"</li> </ul> <p>The part I would keep exactly as-is is the overall split.</p> <p>Supabase Auth owns identity. RLS owns row visibility. Platform billing is one Stripe pipeline. Tenant billing events are a different Stripe pipeline. Service-role code stays on the server. The browser gets the minimum possible power.</p> <p>That shape has held up well because it mirrors the actual business model. When the architecture matches the business boundary, the code stops fighting you.</p> <p>If you're building a multi-tenant SaaS that needs both auth and billing, do not treat billing as one blob. Name the two flows early, separate them early, and let your data model enforce the tenant boundary for you.</p> supabase stripe saas nextjs I built voice transcription on Supabase Edge Functions for ~$0.001/min using Gemini 2.5 Flash Diven Rastdus Mon, 20 Apr 2026 04:21:53 +0000 https://dev.to/diven_rastdus_c5af27d68f3/i-built-voice-transcription-on-supabase-edge-functions-for-0001min-using-gemini-25-flash-3aon https://dev.to/diven_rastdus_c5af27d68f3/i-built-voice-transcription-on-supabase-edge-functions-for-0001min-using-gemini-25-flash-3aon <p>I'm building a journaling app where the killer feature is: yap your thoughts into your phone, get back clean text that an AI can organise later. Speech-to-text is the most-trafficked path in the product, so the cost math matters from day one.</p> <p>The default everyone reaches for is OpenAI Whisper at $0.006/min. Deepgram Nova-3 is $0.0059/min real-time. Groq's Whisper Large v3 Turbo is the discount option at ~$0.0008/min.</p> <p>I shipped on <strong>Gemini 2.5 Flash multimodal</strong> instead. Roughly $0.001/min, completely free under my existing GCP credits, and one less third-party account to manage because the same key already powers other features in my app.</p> <p>Here's exactly what I did, the full edge function, and why I rejected the more obvious choices.</p> <h2> The "use what you already have" check </h2> <p>Before picking a transcription provider, I looked at what was already wired in:</p> <ul> <li> <strong>Supabase project</strong>: yes, with a <code>GEMINI_API_KEY</code> already set as a secret (used by my AI features)</li> <li> <strong>GCP free credits</strong>: $522 sitting on the same billing account that funds the Gemini API</li> <li> <strong>OpenAI account</strong>: I'd have to create one and bill it</li> <li> <strong>Groq account</strong>: same, plus a separate API to learn</li> </ul> <p>Every new third-party SaaS account is a future maintenance cost: a new dashboard, a new key to rotate, a new bill to forget about until the credit card statement arrives. If the Gemini key I already had could do voice, that was a strong default.</p> <p>It can. Gemini 2.5 Flash accepts audio inputs natively as multimodal parts. Same <code>generateContent</code> endpoint that my existing AI features use, just with an <code>inline_data</code> part that carries the audio bytes.</p> <h2> Why not Web Speech API (the "free" option)? </h2> <p>The browser actually ships a <code>SpeechRecognition</code> API. It's free. So why not use that?</p> <p>Three reasons that killed it for my use case:</p> <ol> <li> <strong>Browser support</strong>: Chrome and Edge only. Firefox doesn't implement it. Safari has partial support. For a journaling app where users are likely on whatever browser they prefer, that's a non-starter.</li> <li> <strong>Privacy</strong>: Chrome's implementation routes audio to Google's servers. My app's whole pitch is "your honest journal, not a feed for ad targeting." I'm not handing the most intimate audio my users produce to an ad company by default.</li> <li> <strong>Control</strong>: I can't tune the model, can't set retention, can't see what was sent. With my own backend in front of Gemini, I control all three.</li> </ol> <p>Native mobile is different. <code>expo-speech-recognition</code> runs on-device using iOS Speech and Android SpeechRecognizer. That's free and local and good. So my architecture is hybrid: native STT on mobile, Gemini on web.</p> <h2> The edge function </h2> <p>Here's the meaningful core. Full file is ~200 lines; I've stripped boilerplate.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// supabase/functions/transcribe-audio/index.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">createClient</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">https://esm.sh/@supabase/supabase-js@2.101.1</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">GEMINI_API_KEY</span> <span class="o">=</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">GEMINI_API_KEY</span><span class="dl">'</span><span class="p">)</span> <span class="o">||</span> <span class="dl">''</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">SUPABASE_URL</span> <span class="o">=</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">SUPABASE_URL</span><span class="dl">'</span><span class="p">)</span> <span class="o">||</span> <span class="dl">''</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">SUPABASE_SERVICE_ROLE_KEY</span> <span class="o">=</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">SUPABASE_SERVICE_ROLE_KEY</span><span class="dl">'</span><span class="p">)</span> <span class="o">||</span> <span class="dl">''</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">GEMINI_MODEL</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">gemini-2.5-flash</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">GEMINI_URL</span> <span class="o">=</span> <span class="s2">`https://generativelanguage.googleapis.com/v1beta/models/</span><span class="p">${</span><span class="nx">GEMINI_MODEL</span><span class="p">}</span><span class="s2">:generateContent`</span><span class="p">;</span> <span class="c1">// Inline audio parts up to 20 MB; ~25+ min of opus speech.</span> <span class="kd">const</span> <span class="nx">MAX_AUDIO_BYTES</span> <span class="o">=</span> <span class="mi">20</span> <span class="o">*</span> <span class="mi">1024</span> <span class="o">*</span> <span class="mi">1024</span><span class="p">;</span> <span class="nx">Deno</span><span class="p">.</span><span class="nf">serve</span><span class="p">(</span><span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">:</span> <span class="nx">Request</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">method</span> <span class="o">!==</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">)</span> <span class="k">return</span> <span class="nf">jsonResponse</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Method not allowed</span><span class="dl">'</span> <span class="p">},</span> <span class="mi">405</span><span class="p">);</span> <span class="c1">// 1. Verify the user JWT ourselves (config.toml has verify_jwt = false because</span> <span class="c1">// we need to parse multipart audio and read the Authorization header in</span> <span class="c1">// one place; the platform's pre-check would conflict).</span> <span class="kd">const</span> <span class="nx">authHeader</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">Authorization</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">authHeader</span><span class="p">?.</span><span class="nf">startsWith</span><span class="p">(</span><span class="dl">'</span><span class="s1">Bearer </span><span class="dl">'</span><span class="p">))</span> <span class="k">return</span> <span class="nf">jsonResponse</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Unauthorized</span><span class="dl">'</span> <span class="p">},</span> <span class="mi">401</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">supabase</span> <span class="o">=</span> <span class="nf">createClient</span><span class="p">(</span><span class="nx">SUPABASE_URL</span><span class="p">,</span> <span class="nx">SUPABASE_SERVICE_ROLE_KEY</span><span class="p">,</span> <span class="p">{</span> <span class="na">auth</span><span class="p">:</span> <span class="p">{</span> <span class="na">persistSession</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">autoRefreshToken</span><span class="p">:</span> <span class="kc">false</span> <span class="p">},</span> <span class="p">});</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span> <span class="nx">user</span> <span class="p">},</span> <span class="nx">error</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabase</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nf">getUser</span><span class="p">(</span> <span class="nx">authHeader</span><span class="p">.</span><span class="nf">slice</span><span class="p">(</span><span class="dl">'</span><span class="s1">Bearer </span><span class="dl">'</span><span class="p">.</span><span class="nx">length</span><span class="p">),</span> <span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">error</span> <span class="o">||</span> <span class="o">!</span><span class="nx">user</span><span class="p">)</span> <span class="k">return</span> <span class="nf">jsonResponse</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Unauthorized</span><span class="dl">'</span> <span class="p">},</span> <span class="mi">401</span><span class="p">);</span> <span class="c1">// 2. Parse the upload</span> <span class="kd">const</span> <span class="nx">formData</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">req</span><span class="p">.</span><span class="nf">formData</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">audio</span> <span class="o">=</span> <span class="nx">formData</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">audio</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="p">(</span><span class="nx">audio</span> <span class="k">instanceof</span> <span class="nx">Blob</span><span class="p">)</span> <span class="o">||</span> <span class="nx">audio</span><span class="p">.</span><span class="nx">size</span> <span class="o">===</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">jsonResponse</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Missing audio</span><span class="dl">'</span> <span class="p">},</span> <span class="mi">400</span><span class="p">);</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">audio</span><span class="p">.</span><span class="nx">size</span> <span class="o">&gt;</span> <span class="nx">MAX_AUDIO_BYTES</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">jsonResponse</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Audio too large</span><span class="dl">'</span> <span class="p">},</span> <span class="mi">413</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// 3. ... rate-limit check goes here, see below ...</span> <span class="c1">// 4. Encode for Gemini inline</span> <span class="kd">const</span> <span class="nx">base64Audio</span> <span class="o">=</span> <span class="nf">bufferToBase64</span><span class="p">(</span><span class="k">new</span> <span class="nc">Uint8Array</span><span class="p">(</span><span class="k">await</span> <span class="nx">audio</span><span class="p">.</span><span class="nf">arrayBuffer</span><span class="p">()));</span> <span class="kd">const</span> <span class="nx">mimeType</span> <span class="o">=</span> <span class="p">(</span><span class="nx">audio</span><span class="p">.</span><span class="kd">type</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">audio/webm</span><span class="dl">'</span><span class="p">).</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="s1">;</span><span class="dl">'</span><span class="p">)[</span><span class="mi">0</span><span class="p">].</span><span class="nf">trim</span><span class="p">().</span><span class="nf">toLowerCase</span><span class="p">();</span> <span class="c1">// 5. Call Gemini</span> <span class="kd">const</span> <span class="nx">body</span> <span class="o">=</span> <span class="p">{</span> <span class="na">contents</span><span class="p">:</span> <span class="p">[{</span> <span class="na">role</span><span class="p">:</span> <span class="dl">'</span><span class="s1">user</span><span class="dl">'</span><span class="p">,</span> <span class="na">parts</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">text</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Transcribe this audio. Return ONLY the words spoken, with normal punctuation.</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">inline_data</span><span class="p">:</span> <span class="p">{</span> <span class="na">mime_type</span><span class="p">:</span> <span class="nx">mimeType</span><span class="p">,</span> <span class="na">data</span><span class="p">:</span> <span class="nx">base64Audio</span> <span class="p">}</span> <span class="p">},</span> <span class="p">],</span> <span class="p">}],</span> <span class="na">generationConfig</span><span class="p">:</span> <span class="p">{</span> <span class="na">temperature</span><span class="p">:</span> <span class="mf">0.2</span><span class="p">,</span> <span class="na">maxOutputTokens</span><span class="p">:</span> <span class="mi">8192</span> <span class="p">},</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">res</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">GEMINI_URL</span><span class="p">}</span><span class="s2">?key=</span><span class="p">${</span><span class="nf">encodeURIComponent</span><span class="p">(</span><span class="nx">GEMINI_API_KEY</span><span class="p">)}</span><span class="s2">`</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">body</span><span class="p">),</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">res</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="k">return</span> <span class="nf">jsonResponse</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="s2">`Gemini </span><span class="p">${</span><span class="nx">res</span><span class="p">.</span><span class="nx">status</span><span class="p">}</span><span class="s2">`</span> <span class="p">},</span> <span class="mi">502</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">parsed</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">transcript</span> <span class="o">=</span> <span class="p">(</span><span class="nx">parsed</span><span class="p">.</span><span class="nx">candidates</span><span class="p">?.[</span><span class="mi">0</span><span class="p">]?.</span><span class="nx">content</span><span class="p">?.</span><span class="nx">parts</span><span class="p">?.[</span><span class="mi">0</span><span class="p">]?.</span><span class="nx">text</span> <span class="o">??</span> <span class="dl">''</span><span class="p">).</span><span class="nf">trim</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">transcript</span><span class="p">)</span> <span class="k">return</span> <span class="nf">jsonResponse</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Empty transcript</span><span class="dl">'</span> <span class="p">},</span> <span class="mi">502</span><span class="p">);</span> <span class="c1">// 6. ... usage logging goes here ...</span> <span class="k">return</span> <span class="nf">jsonResponse</span><span class="p">({</span> <span class="nx">transcript</span><span class="p">,</span> <span class="na">source</span><span class="p">:</span> <span class="dl">'</span><span class="s1">gemini_flash</span><span class="dl">'</span> <span class="p">});</span> <span class="p">});</span> <span class="c1">// btoa() blows the stack on large arrays, build the binary string in chunks</span> <span class="kd">function</span> <span class="nf">bufferToBase64</span><span class="p">(</span><span class="nx">buf</span><span class="p">:</span> <span class="nb">Uint8Array</span><span class="p">):</span> <span class="kr">string</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">CHUNK</span> <span class="o">=</span> <span class="mh">0x8000</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">parts</span><span class="p">:</span> <span class="kr">string</span><span class="p">[]</span> <span class="o">=</span> <span class="p">[];</span> <span class="k">for </span><span class="p">(</span><span class="kd">let</span> <span class="nx">i</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="nx">i</span> <span class="o">&lt;</span> <span class="nx">buf</span><span class="p">.</span><span class="nx">length</span><span class="p">;</span> <span class="nx">i</span> <span class="o">+=</span> <span class="nx">CHUNK</span><span class="p">)</span> <span class="p">{</span> <span class="nx">parts</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="nb">String</span><span class="p">.</span><span class="nf">fromCharCode</span><span class="p">(...</span><span class="nx">buf</span><span class="p">.</span><span class="nf">subarray</span><span class="p">(</span><span class="nx">i</span><span class="p">,</span> <span class="nx">i</span> <span class="o">+</span> <span class="nx">CHUNK</span><span class="p">)));</span> <span class="p">}</span> <span class="k">return</span> <span class="nf">btoa</span><span class="p">(</span><span class="nx">parts</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="dl">''</span><span class="p">));</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">jsonResponse</span><span class="p">(</span><span class="nx">body</span><span class="p">:</span> <span class="nx">unknown</span><span class="p">,</span> <span class="nx">status</span> <span class="o">=</span> <span class="mi">200</span><span class="p">):</span> <span class="nx">Response</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">body</span><span class="p">),</span> <span class="p">{</span> <span class="nx">status</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span> <span class="p">},</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p>Three small things worth flagging:</p> <p><strong>The <code>Authorization</code> parse.</strong> If you let Supabase's edge runtime verify the JWT for you, it adds a step before your function runs. With <code>multipart/form-data</code> and a custom auth check we want side-by-side, it's cleaner to set <code>verify_jwt = false</code> in <code>config.toml</code> and do it ourselves. One less moving piece.</p> <p><strong><code>bufferToBase64</code> chunking.</strong> I learned the hard way that <code>btoa(String.fromCharCode(...largeArray))</code> will throw a stack overflow on a 5 MB buffer. The chunked variant above handles inputs up to the API's 20 MB cap fine.</p> <p><strong>The prompt.</strong> You'd be surprised how often the model wants to add commentary like "Here's the transcript:". Insisting on "ONLY the words spoken" with normal punctuation cuts this down to near-zero. Setting <code>temperature: 0.2</code> further pins it.</p> <h2> Per-user rate limit (so one bad-faith account can't burn your credits) </h2> <p>The version of the function above will happily transcribe any audio you throw at it, indefinitely, until your Gemini bill goes vertical. For a public app you need a per-user budget.</p> <p>I added a tiny <code>transcription_usage</code> table:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">transcription_usage</span> <span class="p">(</span> <span class="n">id</span> <span class="n">BIGSERIAL</span> <span class="k">PRIMARY</span> <span class="k">KEY</span><span class="p">,</span> <span class="n">user_id</span> <span class="n">UUID</span> <span class="k">NOT</span> <span class="k">NULL</span> <span class="k">REFERENCES</span> <span class="n">auth</span><span class="p">.</span><span class="n">users</span><span class="p">(</span><span class="n">id</span><span class="p">)</span> <span class="k">ON</span> <span class="k">DELETE</span> <span class="k">CASCADE</span><span class="p">,</span> <span class="n">bytes</span> <span class="nb">INT</span> <span class="k">NOT</span> <span class="k">NULL</span> <span class="k">DEFAULT</span> <span class="mi">0</span><span class="p">,</span> <span class="k">source</span> <span class="nb">TEXT</span> <span class="k">NOT</span> <span class="k">NULL</span> <span class="k">DEFAULT</span> <span class="s1">'gemini_flash'</span><span class="p">,</span> <span class="n">created_at</span> <span class="n">TIMESTAMPTZ</span> <span class="k">NOT</span> <span class="k">NULL</span> <span class="k">DEFAULT</span> <span class="n">NOW</span><span class="p">()</span> <span class="p">);</span> <span class="k">CREATE</span> <span class="k">INDEX</span> <span class="n">idx_transcription_usage_user_time</span> <span class="k">ON</span> <span class="n">transcription_usage</span> <span class="p">(</span><span class="n">user_id</span><span class="p">,</span> <span class="n">created_at</span> <span class="k">DESC</span><span class="p">);</span> <span class="k">ALTER</span> <span class="k">TABLE</span> <span class="n">transcription_usage</span> <span class="n">ENABLE</span> <span class="k">ROW</span> <span class="k">LEVEL</span> <span class="k">SECURITY</span><span class="p">;</span> <span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"users read own transcription usage"</span> <span class="k">ON</span> <span class="n">transcription_usage</span> <span class="k">FOR</span> <span class="k">SELECT</span> <span class="k">USING</span> <span class="p">(</span><span class="n">auth</span><span class="p">.</span><span class="n">uid</span><span class="p">()</span> <span class="o">=</span> <span class="n">user_id</span><span class="p">);</span> <span class="c1">-- No INSERT policy: only the service role (the edge function) writes.</span> </code></pre> </div> <p>Then in the function, between the auth/parse step and the Gemini call:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">DAILY_REQUEST_LIMIT</span> <span class="o">=</span> <span class="mi">50</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">DAILY_BYTES_LIMIT</span> <span class="o">=</span> <span class="mi">100</span> <span class="o">*</span> <span class="mi">1024</span> <span class="o">*</span> <span class="mi">1024</span><span class="p">;</span> <span class="c1">// 100 MB</span> <span class="kd">const</span> <span class="nx">ROLLING_WINDOW_HOURS</span> <span class="o">=</span> <span class="mi">24</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">sinceIso</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">(</span> <span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">()</span> <span class="o">-</span> <span class="nx">ROLLING_WINDOW_HOURS</span> <span class="o">*</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">1000</span><span class="p">,</span> <span class="p">).</span><span class="nf">toISOString</span><span class="p">();</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">usageRows</span><span class="p">,</span> <span class="na">error</span><span class="p">:</span> <span class="nx">usageErr</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabase</span> <span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">'</span><span class="s1">transcription_usage</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">select</span><span class="p">(</span><span class="dl">'</span><span class="s1">bytes</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">eq</span><span class="p">(</span><span class="dl">'</span><span class="s1">user_id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">)</span> <span class="p">.</span><span class="nf">gte</span><span class="p">(</span><span class="dl">'</span><span class="s1">created_at</span><span class="dl">'</span><span class="p">,</span> <span class="nx">sinceIso</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">usageErr</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Fail-closed: better to block one request than risk uncapped spend.</span> <span class="k">return</span> <span class="nf">jsonResponse</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Usage check failed</span><span class="dl">'</span> <span class="p">},</span> <span class="mi">503</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">requestCount</span> <span class="o">=</span> <span class="nx">usageRows</span><span class="p">?.</span><span class="nx">length</span> <span class="o">??</span> <span class="mi">0</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">bytesUsed</span> <span class="o">=</span> <span class="nx">usageRows</span><span class="p">.</span><span class="nf">reduce</span><span class="p">((</span><span class="nx">sum</span><span class="p">,</span> <span class="nx">r</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">sum</span> <span class="o">+</span> <span class="p">(</span><span class="nx">r</span><span class="p">.</span><span class="nx">bytes</span> <span class="o">??</span> <span class="mi">0</span><span class="p">),</span> <span class="mi">0</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">requestCount</span> <span class="o">&gt;=</span> <span class="nx">DAILY_REQUEST_LIMIT</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">jsonResponse</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Daily transcription limit reached</span><span class="dl">'</span><span class="p">,</span> <span class="na">limit</span><span class="p">:</span> <span class="nx">DAILY_REQUEST_LIMIT</span><span class="p">,</span> <span class="na">used</span><span class="p">:</span> <span class="nx">requestCount</span><span class="p">,</span> <span class="na">window_hours</span><span class="p">:</span> <span class="nx">ROLLING_WINDOW_HOURS</span><span class="p">,</span> <span class="p">},</span> <span class="mi">429</span><span class="p">);</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">bytesUsed</span> <span class="o">+</span> <span class="nx">audio</span><span class="p">.</span><span class="nx">size</span> <span class="o">&gt;</span> <span class="nx">DAILY_BYTES_LIMIT</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">jsonResponse</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Daily transcription size budget reached</span><span class="dl">'</span> <span class="p">},</span> <span class="mi">429</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>And after a successful Gemini call:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">await</span> <span class="nx">supabase</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">'</span><span class="s1">transcription_usage</span><span class="dl">'</span><span class="p">).</span><span class="nf">insert</span><span class="p">({</span> <span class="na">user_id</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">bytes</span><span class="p">:</span> <span class="nx">audio</span><span class="p">.</span><span class="nx">size</span><span class="p">,</span> <span class="na">source</span><span class="p">:</span> <span class="dl">'</span><span class="s1">gemini_flash</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> </code></pre> </div> <p>A few things I learned about this pattern:</p> <ul> <li> <strong>Fail closed on the usage check.</strong> If the table query fails, return 503 and refuse to call Gemini. The opposite (call Gemini anyway, log nothing) opens an uncapped-spend hole if your DB has a bad day.</li> <li> <strong>Bytes is a better budget unit than seconds.</strong> I don't trust my client's audio metadata, but I always know how many bytes I uploaded.</li> <li> <strong>Don't put the limit number in the user-facing error.</strong> I do it above for code clarity, but production should say "Daily transcription limit reached. Try again later." A bad-faith user gets less information for crafting a bypass.</li> <li> <strong>Belt and braces with a GCP budget alert.</strong> Set a $5/month cap on the Gemini project at console.cloud.google.com/billing, alerts at 50/90/100%. If my edge-function rate limit ever has a bug, the budget catches it.</li> </ul> <p>For my own usage (~5 voice notes/day at 30 seconds each) the actual Gemini bill is about $0.06/month. The 50/100 MB cap is generous-honest, tight-enough-to-not-bleed.</p> <h2> Browser side </h2> <p>The web client is a thin wrapper around <code>MediaRecorder</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// pickAudioMimeType() picks the first one MediaRecorder.isTypeSupported() returns true for:</span> <span class="c1">// audio/webm;codecs=opus -&gt; Chrome/Edge/Firefox</span> <span class="c1">// audio/mp4;codecs=mp4a.40.2 -&gt; Safari</span> <span class="c1">// ...</span> <span class="kd">const</span> <span class="nx">recorder</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">MediaRecorder</span><span class="p">(</span><span class="nx">stream</span><span class="p">,</span> <span class="p">{</span> <span class="na">mimeType</span><span class="p">:</span> <span class="nf">pickAudioMimeType</span><span class="p">()</span> <span class="p">});</span> <span class="nx">recorder</span><span class="p">.</span><span class="nx">ondataavailable</span> <span class="o">=</span> <span class="p">(</span><span class="nx">e</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">e</span><span class="p">.</span><span class="nx">data</span> <span class="o">&amp;&amp;</span> <span class="nx">e</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">size</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">)</span> <span class="nx">chunks</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="nx">e</span><span class="p">.</span><span class="nx">data</span><span class="p">);</span> <span class="p">};</span> <span class="nx">recorder</span><span class="p">.</span><span class="nx">onstop</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">blob</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Blob</span><span class="p">(</span><span class="nx">chunks</span><span class="p">,</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="nx">mimeType</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">form</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">FormData</span><span class="p">();</span> <span class="nx">form</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">'</span><span class="s1">audio</span><span class="dl">'</span><span class="p">,</span> <span class="nx">blob</span><span class="p">,</span> <span class="dl">'</span><span class="s1">audio.webm</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">res</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">SUPABASE_URL</span><span class="p">}</span><span class="s2">/functions/v1/transcribe-audio`</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="na">Authorization</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">session</span><span class="p">.</span><span class="nx">access_token</span><span class="p">}</span><span class="s2">`</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">form</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">transcript</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="c1">// ... do something with transcript ...</span> <span class="p">};</span> <span class="nx">recorder</span><span class="p">.</span><span class="nf">start</span><span class="p">();</span> </code></pre> </div> <p>Two real-world tweaks I had to make:</p> <ul> <li> <strong>Mime sniffing per browser.</strong> Chrome emits <code>audio/webm;codecs=opus</code>, Safari emits <code>audio/mp4;codecs=mp4a.40.2</code>. Probe with <code>MediaRecorder.isTypeSupported()</code> and pick the first one that passes. Pass the same mime to Gemini's <code>inline_data.mime_type</code>.</li> <li> <strong>Permission fail messages.</strong> <code>getUserMedia</code> rejects with <code>NotAllowedError</code> when the user denied mic access, <code>SecurityError</code> on insecure context. Handle them with friendlier copy than "DOMException: blah blah".</li> </ul> <h2> What I keep on disk vs throw away </h2> <p>This is a journaling app, so privacy matters more than typical voice apps. My defaults:</p> <ul> <li> <strong>Audio</strong>: never persisted server-side. The blob is uploaded for one-shot transcription, sent to Gemini, then dropped. Nothing in Supabase Storage by default.</li> <li> <strong>Raw transcript</strong>: persisted in <code>journal_entries.metadata.raw_transcript</code> JSONB column, alongside the (possibly AI-organised) <code>content</code>. This way the user can always toggle back to "what they actually said" if the AI cleaned the wrong thing.</li> <li> <strong>Provenance flag</strong>: <code>metadata.transcription_source: 'gemini_flash' | 'native_ios' | 'native_android' | 'manual'</code>. Useful for later analysis ("are users on the native STT path getting better quality?") and for an honest UI badge.</li> </ul> <h2> TL;DR cost comparison at the scale of one happy user </h2> <p>5 voice entries per day, 30 seconds each = 2.5 minutes per day per user.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Provider</th> <th>Cost / month / user</th> </tr> </thead> <tbody> <tr> <td>OpenAI Whisper API</td> <td>~$0.45</td> </tr> <tr> <td>Deepgram Nova-3 batch</td> <td>~$0.44</td> </tr> <tr> <td>Groq Whisper Large v3 Turbo</td> <td>~$0.06</td> </tr> <tr> <td>Gemini 2.5 Flash multimodal</td> <td>~$0.06 (and free under my existing GCP credits)</td> </tr> </tbody> </table></div> <p>For a journaling app at single-user scale, none of these are scary. But the difference between $0.06 and $0.45 starts to matter when you cross 1,000 active users a month. And the Gemini path uses credits I'd already paid for elsewhere by being in the GCP free tier.</p> <p>I build this kind of glue for indie products and small teams. If you're untangling a similar choice or want a similar edge function for your own stack, I'm at <a href="https://astraedus.dev" rel="noopener noreferrer">astraedus.dev</a>.</p> supabase gemini ai javascript I Built a Journal App That Organizes Your Thoughts With AI Diven Rastdus Fri, 03 Apr 2026 15:21:23 +0000 https://dev.to/diven_rastdus_c5af27d68f3/i-built-a-journal-app-that-organizes-your-thoughts-with-ai-2ppi https://dev.to/diven_rastdus_c5af27d68f3/i-built-a-journal-app-that-organizes-your-thoughts-with-ai-2ppi <h1> I Built a Journal App That Organizes Your Thoughts With AI </h1> <p>Most journal apps give you a blank page and wish you luck. You open the app, stare at the cursor, try to remember what happened today, type something half-hearted, close the app. Repeat for three days. Then stop.</p> <p>The problem isn't motivation. It's design.</p> <h2> Why people stop journaling </h2> <p>After researching 13 journal apps (Day One, Notion, Obsidian, Rosebud, Reflect, Apple Journal, and more), the same four problems kept showing up:</p> <p><strong>1. The blank page.</strong> Opening an empty page with no context about your day kills the habit. You're reconstructing your entire day from memory before you even start writing.</p> <p><strong>2. Organization anxiety.</strong> "Where does this note go?" If you have to think about categories, folders, or tags before writing, you won't write.</p> <p><strong>3. No reward loop.</strong> You write entries but never see patterns, insights, or growth. It feels like shouting into a void.</p> <p><strong>4. Disconnected from your life.</strong> Your day happened across 5 apps. None of that context shows up in your journal.</p> <h2> The fix: dump and organize </h2> <p>Arc Smart Journal works differently. You dump whatever is on your mind. Text, voice, sticky notes. No title, no folder, no category. Just write.</p> <p>Then AI takes over.</p> <p>Every entry gets processed through a two-pass Gemini pipeline (I wrote about two-pass LLM processing <a href="https://dev.to/diven_rastdus_c5af27d68f3/two-pass-llm-processing-when-single-pass-classification-isnt-enough-n64">in a previous article</a>). The first pass classifies the entry independently. The second pass cross-references against your existing notes to find threads, connections, and patterns.</p> <p>The output:</p> <ul> <li> <strong>Auto-categorization.</strong> Your entry about "the project deadline is stressing me out, also need to buy milk" gets tagged: PROJECTS, PERSONAL LIFE.</li> <li> <strong>Action item extraction.</strong> "Buy milk" and "call the dentist" become checklist items. No manual entry.</li> <li> <strong>Thread detection.</strong> You wrote about the project 4 times this week. The AI groups those into an ongoing thread with a synthesis.</li> <li> <strong>Connection discovery.</strong> You mentioned sleep quality on Monday and productivity on Wednesday. The AI connects them.</li> <li> <strong>Pattern recognition.</strong> "You tend to write about work stress on Sundays."</li> </ul> <h2> Killing the blank page </h2> <p>The capture screen never starts empty. It pulls context from three sources:</p> <p><strong>Calendar.</strong> Using expo-calendar, the app reads your device's synced calendars (Google, Apple, Outlook, whatever you use). The placeholder shows: "You had 3 meetings today. Design review at 2pm. How's the project going?"</p> <p><strong>Location.</strong> expo-location provides your city. Saved on each note for context. "You were in Brisbane when you wrote this."</p> <p><strong>Weather.</strong> Open-Meteo API (free, no key needed) adds weather context. "22 degrees, partly cloudy." Small detail, but it anchors the memory.</p> <p>Together, these solve the blank page. Instead of "What's on your mind?" you see "You had a busy morning with 3 meetings. Your calendar is clear this afternoon. How are you feeling?"</p> <h2> The architecture </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Expo 54 (React Native) | +-- expo-router (file-based routing) +-- expo-calendar (device calendar access) +-- expo-location (city/coordinates) +-- expo-speech-recognition (voice capture) | +-- Supabase (auth + postgres + edge functions) | | | +-- journal_entries (content, mood, location, weather, theme_tags) | +-- insights (threads, connections, patterns, forgotten ideas) | +-- action_items (AI-extracted todos) | +-- life_map_nodes (hierarchical topic tree) | +-- entry_themes (note-to-topic links) | +-- Gemini 2.5 Flash (AI processing) | +-- Pass 1: classify each entry independently +-- Pass 2: cross-reference all entries for relationships +-- Action item extraction +-- Theme/topic assignment </code></pre> </div> <p>The key design decision: AI processing runs asynchronously. You write and save instantly. The AI processes in the background and updates your insights. This means capture is always fast. The intelligence comes later.</p> <h2> Mood tracking without the burden </h2> <p>Five options: struggling, uncertain, steady, hopeful, alive. One tap. Optional. No sliders, no scales, no writing prompts about your feelings.</p> <p>Over time, this builds a mood trend chart. A simple line showing how you've felt over the last 30 days. The patterns surprise people. "Your mood consistently dips on Sundays" or "You've been trending upward since you started exercising."</p> <h2> Voice dumps </h2> <p>The killer feature for people with ADHD (a massive underserved market for journal apps): record a 5-minute voice ramble. The raw transcript appears. Then tap "Organize" and the AI restructures it.</p> <p>A scattered 5-minute voice note about groceries, work stress, and an idea you had in the shower becomes 3 clean notes with 2 action items. Your voice, your words, just structured.</p> <h2> The mind map </h2> <p>Every note you write adds to a visual map of your thoughts. Topics, sub-topics, connections. You can view it as a traditional tree or switch to a force-directed 2D graph where related topics cluster together.</p> <p>This is the "second brain" that PKM tools promise but require hundreds of hours of manual linking to achieve. Arc builds it automatically from your writing. Zettelkasten results without Zettelkasten effort.</p> <h2> What I learned </h2> <p><strong>The blank page is the real enemy.</strong> Not motivation, not features, not design. If the first thing a user sees is emptiness, they'll close the app.</p> <p><strong>AI organization beats manual organization.</strong> People don't want to build systems. They want to dump thoughts and have the system emerge.</p> <p><strong>Mood tracking works when it's one tap.</strong> The moment you add complexity (scales, journaling prompts, mandatory fields), people skip it.</p> <p><strong>Context is free value.</strong> Calendar, weather, location cost almost nothing to implement but make every entry feel richer.</p> <p><strong>Action item extraction is the dream feature.</strong> Every user I talked to said some version of "I wish my journal could create todos for me."</p> <h2> Stack </h2> <ul> <li>Expo 54 + expo-router 6</li> <li>TypeScript (strict mode)</li> <li>Supabase (auth, postgres, edge functions)</li> <li>Gemini 2.5 Flash (AI processing)</li> <li>react-native-svg (graph visualization)</li> <li>react-native-chart-kit (mood trends)</li> <li>expo-calendar, expo-location (context)</li> <li>Open-Meteo (weather, free API)</li> </ul> <p>The full app is about 30 files of TypeScript. No complex state management. No Redux. Supabase handles persistence, Gemini handles intelligence.</p> <p>I build production AI systems. If you're working on AI-powered apps, I'm at <a href="https://astraedus.dev" rel="noopener noreferrer">astraedus.dev</a>.</p> ai reactnative typescript productivity Two-Pass LLM Processing: When Single-Pass Classification Isn't Enough Diven Rastdus Fri, 03 Apr 2026 10:42:00 +0000 https://dev.to/diven_rastdus_c5af27d68f3/two-pass-llm-processing-when-single-pass-classification-isnt-enough-n64 https://dev.to/diven_rastdus_c5af27d68f3/two-pass-llm-processing-when-single-pass-classification-isnt-enough-n64 <h1> Two-Pass LLM Processing: When Single-Pass Classification Isn't Enough </h1> <p>Here's a pattern I keep running into: you have a batch of items (messages, tickets, documents, transactions) and you need to classify each one. The obvious approach is one LLM call per item. It works fine until it doesn't.</p> <p>The failure mode is subtle. Each item gets classified correctly in isolation. But the relationships between items -- escalation patterns, contradictions, duplicate reports of the same issue -- are invisible to a single-pass classifier because it never sees the full picture.</p> <h2> The problem </h2> <p>Say you're triaging a CEO's morning messages. Three Slack messages from the same person:</p> <ol> <li> <strong>9:15 AM</strong>: "API migration 60% done, no blockers"</li> <li> <strong>10:30 AM</strong>: "Found an issue with payment endpoints, investigating"</li> <li> <strong>11:45 AM</strong>: "3% of live payments failing, need rollback/hotfix decision within an hour"</li> </ol> <p>A single-pass classifier looks at message #1 and says: "FYI, low priority." It's correct -- in isolation.</p> <p>But a human reading all three messages sees an escalation from "no blockers" to "production incident requiring executive decision." The classification of message #1 should change in light of messages #2 and #3, because it's the start of a thread that ended in a crisis.</p> <p>Single-pass classification can't do this. It processes each item without context from the others.</p> <h2> The two-pass architecture </h2> <p>The fix is straightforward: run the LLM twice.</p> <p><strong>Pass 1 -- Independent classification.</strong> Process each item individually. Get per-item labels: category, urgency, metadata. This is your standard classification pass. It runs fast because items can be processed in parallel.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kr">interface</span> <span class="nx">Pass1Result</span> <span class="p">{</span> <span class="nl">itemId</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">category</span><span class="p">:</span> <span class="dl">"</span><span class="s2">urgent</span><span class="dl">"</span> <span class="o">|</span> <span class="dl">"</span><span class="s2">delegate</span><span class="dl">"</span> <span class="o">|</span> <span class="dl">"</span><span class="s2">fyi</span><span class="dl">"</span> <span class="o">|</span> <span class="dl">"</span><span class="s2">ignore</span><span class="dl">"</span><span class="p">;</span> <span class="nl">urgency</span><span class="p">:</span> <span class="dl">"</span><span class="s2">critical</span><span class="dl">"</span> <span class="o">|</span> <span class="dl">"</span><span class="s2">high</span><span class="dl">"</span> <span class="o">|</span> <span class="dl">"</span><span class="s2">medium</span><span class="dl">"</span> <span class="o">|</span> <span class="dl">"</span><span class="s2">low</span><span class="dl">"</span><span class="p">;</span> <span class="nl">summary</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">suggestedAction</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">pass1</span><span class="p">(</span><span class="nx">items</span><span class="p">:</span> <span class="nx">Item</span><span class="p">[]):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">Pass1Result</span><span class="p">[]</span><span class="o">&gt;</span> <span class="p">{</span> <span class="c1">// Each item classified independently</span> <span class="kd">const</span> <span class="nx">results</span> <span class="o">=</span> <span class="k">await</span> <span class="nb">Promise</span><span class="p">.</span><span class="nf">all</span><span class="p">(</span> <span class="nx">items</span><span class="p">.</span><span class="nf">map</span><span class="p">(</span><span class="nx">item</span> <span class="o">=&gt;</span> <span class="nf">classifyItem</span><span class="p">(</span><span class="nx">item</span><span class="p">))</span> <span class="p">);</span> <span class="k">return</span> <span class="nx">results</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p><strong>Pass 2 -- Cross-reference and synthesis.</strong> Feed ALL items plus ALL Pass 1 classifications back into the LLM. Ask it to find relationships, patterns, and adjust classifications based on the full picture.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kr">interface</span> <span class="nx">Pass2Result</span> <span class="p">{</span> <span class="nl">threads</span><span class="p">:</span> <span class="nx">Thread</span><span class="p">[];</span> <span class="c1">// Related item clusters</span> <span class="nl">flags</span><span class="p">:</span> <span class="nx">Flag</span><span class="p">[];</span> <span class="c1">// Cross-item alerts</span> <span class="nl">adjustedClassifications</span><span class="p">:</span> <span class="nb">Map</span><span class="o">&lt;</span><span class="kr">string</span><span class="p">,</span> <span class="nx">Pass1Result</span><span class="o">&gt;</span><span class="p">;</span> <span class="nl">briefing</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="c1">// Synthesized summary</span> <span class="p">}</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">pass2</span><span class="p">(</span> <span class="nx">items</span><span class="p">:</span> <span class="nx">Item</span><span class="p">[],</span> <span class="nx">pass1Results</span><span class="p">:</span> <span class="nx">Pass1Result</span><span class="p">[]</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">Pass2Result</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">prompt</span> <span class="o">=</span> <span class="nf">buildCrossReferencePrompt</span><span class="p">(</span><span class="nx">items</span><span class="p">,</span> <span class="nx">pass1Results</span><span class="p">);</span> <span class="k">return</span> <span class="k">await</span> <span class="nx">llm</span><span class="p">.</span><span class="nf">generate</span><span class="p">(</span><span class="nx">prompt</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>The key insight: Pass 2 sees what Pass 1 cannot. It catches:</p> <ul> <li> <strong>Escalation threads</strong>: Items from the same source that increase in severity</li> <li> <strong>Contradictions</strong>: One person says X, then reverses to Y</li> <li> <strong>Scheduling conflicts</strong>: Two items reference the same time slot</li> <li> <strong>Resolved issues</strong>: Problem reported, then resolved -- no action needed</li> <li> <strong>Deal changes</strong>: Financial figures that shift between messages</li> </ul> <h2> Why not just do one big pass? </h2> <p>You might think: "Why not feed everything into one prompt and classify + cross-reference in a single call?"</p> <p>Three reasons:</p> <p><strong>1. Classification quality degrades in long prompts.</strong> When you ask an LLM to do two things at once (classify each item AND find cross-item patterns), it tends to do both worse than if you split them. The model's attention is divided.</p> <p><strong>2. Structured output is more reliable for simple tasks.</strong> Pass 1 returns a clean, typed classification per item. No ambiguity, no free-text interpretation needed. Pass 2 can then assume correct per-item labels and focus entirely on relationships.</p> <p><strong>3. You can parallelize Pass 1.</strong> If you have 50 items, you can fire 50 parallel classification calls. Single-pass would need to fit all 50 items in one prompt, hitting context limits and increasing latency.</p> <h2> The prompt structure matters </h2> <p>For Pass 1, keep it focused:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">function</span> <span class="nf">buildPass1Prompt</span><span class="p">(</span><span class="nx">item</span><span class="p">:</span> <span class="nx">Item</span><span class="p">):</span> <span class="kr">string</span> <span class="p">{</span> <span class="k">return</span> <span class="s2">`Classify this message. Channel: </span><span class="p">${</span><span class="nx">item</span><span class="p">.</span><span class="nx">channel</span><span class="p">}</span><span class="s2"> From: </span><span class="p">${</span><span class="nx">item</span><span class="p">.</span><span class="k">from</span><span class="p">}</span><span class="s2"> Time: </span><span class="p">${</span><span class="nx">item</span><span class="p">.</span><span class="nx">timestamp</span><span class="p">}</span><span class="s2"> Body: </span><span class="p">${</span><span class="nx">item</span><span class="p">.</span><span class="nx">body</span><span class="p">}</span><span class="s2"> Respond with JSON: { "category": "urgent" | "delegate" | "fyi" | "ignore", "urgency": "critical" | "high" | "medium" | "low", "summary": "one sentence", "suggestedAction": "what the recipient should do" }`</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>For Pass 2, structure the input so the model can scan efficiently:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">function</span> <span class="nf">buildPass2Prompt</span><span class="p">(</span> <span class="nx">items</span><span class="p">:</span> <span class="nx">Item</span><span class="p">[],</span> <span class="nx">classifications</span><span class="p">:</span> <span class="nx">Pass1Result</span><span class="p">[]</span> <span class="p">):</span> <span class="kr">string</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">combined</span> <span class="o">=</span> <span class="nx">items</span><span class="p">.</span><span class="nf">map</span><span class="p">((</span><span class="nx">item</span><span class="p">,</span> <span class="nx">i</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="p">...</span><span class="nx">item</span><span class="p">,</span> <span class="na">classification</span><span class="p">:</span> <span class="nx">classifications</span><span class="p">[</span><span class="nx">i</span><span class="p">],</span> <span class="p">}));</span> <span class="k">return</span> <span class="s2">`You have </span><span class="p">${</span><span class="nx">items</span><span class="p">.</span><span class="nx">length</span><span class="p">}</span><span class="s2"> classified messages. Review ALL messages together and identify: 1. THREADS: Groups of messages from the same person about the same topic. Flag if a thread escalates in severity. 2. CONTRADICTIONS: Cases where someone says X then reverses to Y. 3. SCHEDULING CONFLICTS: Multiple items referencing overlapping times. 4. RESOLVED ITEMS: Problems that were reported then resolved (these need no action, even if Pass 1 flagged them as urgent). 5. RECLASSIFICATIONS: Any items where the Pass 1 classification should change based on cross-item context. Messages and their classifications: </span><span class="p">${</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">combined</span><span class="p">,</span> <span class="kc">null</span><span class="p">,</span> <span class="mi">2</span><span class="p">)}</span><span class="s2"> Respond with JSON matching this schema: { threads, flags, reclassifications, briefing }`</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h2> When to use two-pass </h2> <p>This pattern adds latency (two sequential LLM calls instead of one). It's worth it when:</p> <ul> <li> <strong>Items have relationships.</strong> Messages in a thread, tickets about the same system, transactions from the same account. If items are truly independent, single-pass is fine.</li> <li> <strong>Cross-item patterns have high consequences.</strong> Missing an escalation thread or a scheduling conflict costs more than the extra 2-3 seconds of latency.</li> <li> <strong>You need both per-item labels AND a synthesis.</strong> Dashboards that show individual items with classifications AND a summary view.</li> <li> <strong>The item count fits in a single context window.</strong> Pass 2 needs all items at once. If you have 10,000 items, you'll need a different approach (clustering, then two-pass within clusters).</li> </ul> <p>When it's overkill:</p> <ul> <li>Items are truly independent (product reviews, standalone support tickets from different customers)</li> <li>You only need per-item labels, not cross-item analysis</li> <li>Latency is more important than accuracy</li> </ul> <h2> Production considerations </h2> <p><strong>Caching.</strong> Pass 1 results are deterministic for a given item. If the same item appears in multiple batches, cache the Pass 1 result.</p> <p><strong>Error handling.</strong> If Pass 2 fails, you still have valid Pass 1 classifications. Degrade gracefully to single-pass results rather than failing entirely.</p> <p><strong>Cost.</strong> Pass 2 uses more tokens (all items + all classifications in one prompt). Use a fast, cheap model for Pass 1 (Gemini Flash, Haiku) and a more capable model for Pass 2 if needed. Often the same fast model works for both.</p> <p><strong>Structured output.</strong> Both Gemini (<code>responseMimeType: "application/json"</code>) and OpenAI (<code>response_format: { type: "json_object" }</code>) support forcing JSON output. Use it. Parsing free-text LLM output is fragile.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">model</span><span class="p">.</span><span class="nf">generateContent</span><span class="p">({</span> <span class="na">contents</span><span class="p">:</span> <span class="p">[{</span> <span class="na">role</span><span class="p">:</span> <span class="dl">"</span><span class="s2">user</span><span class="dl">"</span><span class="p">,</span> <span class="na">parts</span><span class="p">:</span> <span class="p">[{</span> <span class="na">text</span><span class="p">:</span> <span class="nx">prompt</span> <span class="p">}]</span> <span class="p">}],</span> <span class="na">generationConfig</span><span class="p">:</span> <span class="p">{</span> <span class="na">responseMimeType</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span><span class="p">,</span> <span class="na">temperature</span><span class="p">:</span> <span class="mf">0.1</span><span class="p">,</span> <span class="c1">// Low temp for classification</span> <span class="p">},</span> <span class="p">});</span> </code></pre> </div> <h2> The general principle </h2> <p>Two-pass processing is a specific case of a broader pattern: <strong>separate extraction from synthesis.</strong> Pass 1 extracts structured data from each item. Pass 2 synthesizes across the extracted data.</p> <p>This applies beyond text classification:</p> <ul> <li> <strong>Code review</strong>: Pass 1 annotates each file, Pass 2 finds cross-file issues</li> <li> <strong>Financial analysis</strong>: Pass 1 categorizes transactions, Pass 2 finds patterns</li> <li> <strong>Research synthesis</strong>: Pass 1 summarizes each paper, Pass 2 identifies themes and contradictions</li> </ul> <p>The architectural insight is that LLMs are better at focused tasks than multi-objective tasks. Splitting the work into two focused passes produces better results than one ambitious pass, even though it uses more compute.</p> <p>I build production AI systems. If you're designing LLM pipelines, I'm at <a href="https://astraedus.dev" rel="noopener noreferrer">astraedus.dev</a>.</p> ai llm architecture typescript