The latest articles on DEV Community by David Paluy (@dpaluy). https://dev.to/dpaluy https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F145919%2F547f5da7-55fe-44b2-a4ee-ebf2a85d9260.png https://dev.to/dpaluy en David Paluy Mon, 29 Sep 2025 16:25:00 +0000 https://dev.to/dpaluy/codex-cli-developer-guide-4f03 https://dev.to/dpaluy/codex-cli-developer-guide-4f03 <h2>Table of Contents</h2> <ul> <li> Quick Start </li> <li>Resume Codex Sessions</li> <li> Shell Shortcuts </li> <li> Essential Configuration <ul> <li>Recommended config.toml</li> </ul> </li> <li> Settings - Deep Dive <ul> <li>Sandbox Modes</li> <li>Command-Line Overrides (-c flag)</li> <li>YOLO Mode (--yolo)</li> <li>Approval Policies</li> <li>Profiles for Different Workflows</li> <li>Verbosity - model_verbosity</li> <li>Network Access</li> <li>Environment Variables</li> </ul> </li> <li>Security Best Practices</li> </ul> <h2> Quick Start </h2> <h3> Install Codex CLI </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> <span class="nt">-g</span> @openai/codex@latest </code></pre> </div> <p>verify installation<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>codex <span class="nt">--version</span> </code></pre> </div> <p>Login with your OpenAI credentials<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>codex login </code></pre> </div> <h3> Quick Examples </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Basic usage</span> codex <span class="s2">"refactor this function to use dependency injection"</span> <span class="c"># With higher reasoning effort and detailed summary</span> codex <span class="nt">-c</span> <span class="nv">model_reasoning_effort</span><span class="o">=</span><span class="s2">"high"</span> <span class="nt">-c</span> <span class="nv">model_reasoning_summary</span><span class="o">=</span><span class="s2">"detailed"</span> <span class="s2">"explain this complex algorithm"</span> <span class="c"># Automation in an isolated environment (bypasses sandbox/approvals)</span> codex <span class="nt">--yolo</span> <span class="s2">"run tests and fix any failures"</span> <span class="c"># Generate Rails code when "dev" profile is defined</span> codex <span class="nt">--profile</span> dev <span class="s2">"create a User model with devise authentication"</span> <span class="c"># Debug Rails issues</span> codex <span class="nt">-c</span> <span class="nv">model_reasoning_effort</span><span class="o">=</span><span class="s2">"high"</span> <span class="s2">"fix this N+1 query in the users controller"</span> <span class="c"># Add features</span> codex <span class="s2">"add pagination to the posts index using kaminari"</span> </code></pre> </div> <h2> Resume Codex Sessions </h2> <ol> <li> <strong>Reopen your work.</strong> From the project directory you originally used, run: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> codex resume </code></pre> </div> <p>Codex continues the last session where you left off so you can keep iterating immediately (<a href="https://developers.openai.com/codex/changelog#2025-09-15" rel="noopener noreferrer">Codex changelog</a>).</p> <ol> <li> <strong>Continue last session.</strong> Run <code>codex resume --last</code> to load the most recent conversation.</li> </ol> <h2> Shell Shortcuts </h2> <p>Keep frequently used flags close at hand with a reusable helper.</p> <p>Add this to your <code>.bashrc</code> or <code>.zshrc</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Add to ~/.bashrc or ~/.zshrc</span> cdx<span class="o">()</span> <span class="o">{</span> <span class="nb">local </span><span class="nv">subcommand</span><span class="o">=</span><span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> <span class="nb">local </span><span class="nv">base_model</span><span class="o">=</span><span class="s2">"gpt-5-codex"</span> <span class="nb">local </span><span class="nv">base_args</span><span class="o">=(</span><span class="nt">-m</span> <span class="s2">"</span><span class="nv">$base_model</span><span class="s2">"</span> <span class="nt">--search</span><span class="o">)</span> <span class="k">if</span> <span class="o">[[</span> <span class="nt">-z</span> <span class="s2">"</span><span class="nv">$subcommand</span><span class="s2">"</span> <span class="o">]]</span><span class="p">;</span> <span class="k">then </span>codex <span class="s2">"</span><span class="k">${</span><span class="nv">base_args</span><span class="p">[@]</span><span class="k">}</span><span class="s2">"</span> <span class="k">return fi case</span> <span class="s2">"</span><span class="nv">$subcommand</span><span class="s2">"</span> <span class="k">in </span><span class="nb">help</span><span class="p">|</span><span class="nt">-h</span><span class="p">|</span><span class="nt">--help</span><span class="p">)</span> <span class="nb">cat</span> <span class="o">&lt;&lt;</span><span class="sh">'</span><span class="no">USAGE</span><span class="sh">' &gt;&amp;2 Usage: cdx &lt;prompt&gt; cdx &lt;subcommand&gt; [args] Subcommands: update install the latest Codex CLI 5h high-effort reasoning run yolo run with --yolo (danger mode) dev|quick|auto|analyze switch to a named profile </span><span class="no">USAGE </span> <span class="k">return </span>0 <span class="p">;;</span> update<span class="p">)</span> npm <span class="nb">install</span> <span class="nt">-g</span> @openai/codex@latest <span class="p">;;</span> 5h<span class="p">)</span> <span class="nb">shift </span>codex <span class="nt">-m</span> gpt-5 <span class="nt">-c</span> <span class="nv">model_reasoning_effort</span><span class="o">=</span><span class="s2">"high"</span> <span class="nt">--search</span> <span class="s2">"</span><span class="nv">$@</span><span class="s2">"</span> <span class="p">;;</span> yolo<span class="p">)</span> <span class="nb">shift </span>codex <span class="s2">"</span><span class="k">${</span><span class="nv">base_args</span><span class="p">[@]</span><span class="k">}</span><span class="s2">"</span> <span class="nt">--yolo</span> <span class="s2">"</span><span class="nv">$@</span><span class="s2">"</span> <span class="p">;;</span> dev|quick|auto|analyze<span class="p">)</span> <span class="nb">shift </span>codex <span class="nt">--profile</span> <span class="s2">"</span><span class="nv">$subcommand</span><span class="s2">"</span> <span class="s2">"</span><span class="nv">$@</span><span class="s2">"</span> <span class="p">;;</span> <span class="k">*</span><span class="p">)</span> codex <span class="s2">"</span><span class="k">${</span><span class="nv">base_args</span><span class="p">[@]</span><span class="k">}</span><span class="s2">"</span> <span class="s2">"</span><span class="nv">$@</span><span class="s2">"</span> <span class="p">;;</span> <span class="k">esac</span> <span class="o">}</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>Usage: cdx &lt;prompt&gt; cdx &lt;subcommand&gt; <span class="o">[</span>args] Subcommands: update <span class="nb">install </span>the latest Codex CLI 5h high-effort reasoning run yolo run with <span class="nt">--yolo</span> <span class="o">(</span>danger mode<span class="o">)</span> dev|quick|auto|analyze switch to a named profile </code></pre> </div> <h3> examples </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Default dev workflow without bypassing safeguards</span> cdx <span class="s2">"fix this N+1 query in the posts controller"</span> <span class="c"># Update Codex CLI</span> cdx update <span class="c"># Switch to the dev profile on demand</span> cdx dev <span class="s2">"implement OAuth authentication"</span> <span class="c"># High-reasoning call without yolo overrides</span> cdx 5h <span class="s2">"optimize this complex SQL query with multiple joins"</span> <span class="c"># Explicitly opt into --yolo (automation-only)</span> cdx yolo <span class="s2">"run tests and fix any failures"</span> </code></pre> </div> <h3> Optional aliases </h3> <p>Add a few shortcuts after the function if you prefer profile-specific commands:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">alias </span><span class="nv">cdxdev</span><span class="o">=</span><span class="s1">'cdx dev'</span> <span class="nb">alias </span><span class="nv">cdxq</span><span class="o">=</span><span class="s1">'cdx quick'</span> <span class="nb">alias </span><span class="nv">cdxa</span><span class="o">=</span><span class="s1">'cdx auto'</span> <span class="nb">alias </span><span class="nv">cdxs</span><span class="o">=</span><span class="s1">'cdx analyze'</span> </code></pre> </div> <h2> Essential Configuration </h2> <h3> Recommended config.toml </h3> <p>Create <code>~/.codex/config.toml</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight toml"><code><span class="c"># Base settings</span> <span class="py">model</span> <span class="p">=</span> <span class="s">"gpt-5-codex"</span> <span class="py">model_provider</span> <span class="p">=</span> <span class="s">"openai"</span> <span class="py">sandbox_mode</span> <span class="p">=</span> <span class="s">"workspace-write"</span> <span class="py">approval_policy</span> <span class="p">=</span> <span class="s">"on-failure"</span> <span class="py">model_reasoning_effort</span> <span class="p">=</span> <span class="s">"high"</span> <span class="c"># Enable network for API calls and package installation</span> <span class="nn">[sandbox_workspace_write]</span> <span class="py">network_access</span> <span class="p">=</span> <span class="kc">true</span> <span class="c"># Safe environment variables</span> <span class="nn">[shell_environment_policy]</span> <span class="py">inherit</span> <span class="p">=</span> <span class="s">"core"</span> <span class="py">experimental_use_profile</span> <span class="p">=</span> <span class="kc">true</span> <span class="c"># Development profile</span> <span class="nn">[profiles.dev]</span> <span class="py">model_reasoning_effort</span> <span class="p">=</span> <span class="s">"high"</span> <span class="py">model_verbosity</span> <span class="p">=</span> <span class="s">"high"</span> <span class="py">sandbox_mode</span> <span class="p">=</span> <span class="s">"workspace-write"</span> <span class="py">approval_policy</span> <span class="p">=</span> <span class="s">"on-failure"</span> <span class="c"># Quick tasks profile</span> <span class="nn">[profiles.quick]</span> <span class="py">model_reasoning_effort</span> <span class="p">=</span> <span class="s">"low"</span> <span class="py">sandbox_mode</span> <span class="p">=</span> <span class="s">"workspace-write"</span> <span class="py">approval_policy</span> <span class="p">=</span> <span class="s">"never"</span> <span class="c"># Analysis profile</span> <span class="nn">[profiles.analyze]</span> <span class="py">sandbox_mode</span> <span class="p">=</span> <span class="s">"read-only"</span> <span class="py">model_reasoning_effort</span> <span class="p">=</span> <span class="s">"high"</span> <span class="py">approval_policy</span> <span class="p">=</span> <span class="s">"never"</span> <span class="c"># Automation profile</span> <span class="nn">[profiles.auto]</span> <span class="py">sandbox_mode</span> <span class="p">=</span> <span class="s">"danger-full-access"</span> <span class="py">approval_policy</span> <span class="p">=</span> <span class="s">"never"</span> <span class="py">model_reasoning_summary</span> <span class="p">=</span> <span class="s">"auto"</span> </code></pre> </div> <p>Other providers profiles examples:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight toml"><code><span class="nn">[model_providers.lms]</span> <span class="py">name</span> <span class="p">=</span> <span class="s">"LM Studio"</span> <span class="py">base_url</span> <span class="p">=</span> <span class="s">"http://localhost:1234/v1"</span> <span class="nn">[profiles.qwen3-coder-30b-lms]</span> <span class="py">model_provider</span> <span class="p">=</span> <span class="s">"lms"</span> <span class="py">model</span> <span class="p">=</span> <span class="s">"qwen/qwen3-coder-30b"</span> <span class="py">model_reasoning_effort</span> <span class="p">=</span> <span class="s">"high"</span> <span class="py">approval_policy</span> <span class="p">=</span> <span class="s">"on-failure"</span> </code></pre> </div> <h2> Settings - Deep Dive </h2> <h3> Sandbox Modes </h3> <p>Controls what Codex can access and modify on your system:</p> <h4> <code>read-only</code> - Code Analysis Only </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>codex <span class="nt">--sandbox</span> read-only <span class="s2">"explain what this codebase does"</span> </code></pre> </div> <ul> <li>Reads files anywhere</li> <li>Cannot modify files or run commands</li> <li>Perfect for code review and exploration</li> </ul> <h4> <code>workspace-write</code> - Development Mode (Default) </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>codex <span class="nt">--sandbox</span> workspace-write <span class="s2">"add error handling to this controller"</span> </code></pre> </div> <ul> <li>Reads files anywhere</li> <li>Writes only in current directory</li> <li>Ideal for active development</li> </ul> <h4> <code>danger-full-access</code> - No Restrictions </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>codex <span class="nt">--sandbox</span> danger-full-access <span class="s2">"set up the entire development environment"</span> </code></pre> </div> <ul> <li>Complete system access</li> <li>Use only in Docker containers or disposable environments</li> </ul> <h3> Command-Line Overrides (-c flag) </h3> <p>Override any config setting temporarily:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># High reasoning for complex problems</span> codex <span class="nt">-c</span> <span class="nv">model_reasoning_effort</span><span class="o">=</span><span class="s2">"high"</span> <span class="s2">"optimize this database query"</span> <span class="c"># Low verbosity for simple tasks</span> codex <span class="nt">-c</span> <span class="nv">model_verbosity</span><span class="o">=</span><span class="s2">"low"</span> <span class="s2">"fix this syntax error"</span> <span class="c"># Enable network access on demand</span> codex <span class="nt">--sandbox</span> workspace-write <span class="nt">-c</span> sandbox_workspace_write.network_access<span class="o">=</span><span class="nb">true</span> <span class="s2">"install missing gems"</span> <span class="c"># Skip all approvals</span> codex <span class="nt">-c</span> <span class="nv">approval_policy</span><span class="o">=</span><span class="s2">"never"</span> <span class="s2">"run the test suite"</span> </code></pre> </div> <h3> YOLO Mode (--yolo) </h3> <p>Bypasses all safety mechanisms - use with extreme caution:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Equivalent to: --sandbox danger-full-access --approval-policy never</span> codex <span class="nt">--yolo</span> <span class="s2">"deploy to staging and run integration tests"</span> </code></pre> </div> <p><strong>Safe YOLO usage:</strong></p> <ul> <li>Inside Docker containers</li> <li>Dedicated development VMs</li> <li>When you need complete automation</li> <li>Always have backups and version control</li> </ul> <h3> Approval Policies </h3> <p>Control when Codex asks for permission:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Never ask (automation)</span> codex <span class="nt">-c</span> <span class="nv">approval_policy</span><span class="o">=</span><span class="s2">"never"</span> <span class="s2">"fix linting issues"</span> <span class="c"># Ask before untrusted operations (default-ish)</span> codex <span class="nt">-c</span> <span class="nv">approval_policy</span><span class="o">=</span><span class="s2">"on-request"</span> <span class="s2">"install dependencies"</span> <span class="c"># Ask only when commands fail</span> codex <span class="nt">-c</span> <span class="nv">approval_policy</span><span class="o">=</span><span class="s2">"on-failure"</span> <span class="s2">"run migrations"</span> <span class="c"># Ask before every command</span> codex <span class="nt">-c</span> <span class="nv">approval_policy</span><span class="o">=</span><span class="s2">"untrusted"</span> <span class="s2">"modify production config"</span> </code></pre> </div> <h3> Profiles for Different Workflows </h3> <p>Use profiles to switch between configurations:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># High-reasoning development</span> codex <span class="nt">--profile</span> dev <span class="s2">"implement OAuth authentication"</span> <span class="c"># Quick fixes</span> codex <span class="nt">--profile</span> quick <span class="s2">"fix typo in variable name"</span> <span class="c"># Safe analysis</span> codex <span class="nt">--profile</span> analyze <span class="s2">"review this code for security issues"</span> <span class="c"># Full automation</span> codex <span class="nt">--profile</span> auto <span class="s2">"run tests, fix failures, commit changes"</span> </code></pre> </div> <h3> Verbosity - model_verbosity </h3> <p>Control how much detail Codex provides:</p> <ul> <li>"low" – terse responses suited to automation or CI pipelines</li> <li>"medium" – balanced explanations for everyday development (default)</li> <li>"high" – expanded context and commentary for deep dives </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Detailed explanations</span> codex <span class="nt">-c</span> <span class="nv">model_verbosity</span><span class="o">=</span><span class="s2">"high"</span> <span class="s2">"walk me through this design pattern"</span> <span class="c"># Request a richer reasoning summary when available</span> codex <span class="nt">-c</span> <span class="nv">model_reasoning_summary</span><span class="o">=</span><span class="s2">"detailed"</span> <span class="s2">"explain this complex algorithm"</span> <span class="c"># Minimal output for automation</span> codex <span class="nt">-c</span> <span class="nv">model_reasoning_summary</span><span class="o">=</span><span class="s2">"concise"</span> <span class="nt">-c</span> <span class="nv">model_verbosity</span><span class="o">=</span><span class="s2">"low"</span> <span class="s2">"fix syntax"</span> </code></pre> </div> <p><code>model_verbosity</code> accepts only <code>low</code>, <code>medium</code> (the default), or <code>high</code>; choose the level that matches how much explanation you want in the response. Pair it with <code>model_reasoning_summary</code>, which controls the optional reasoning summary (<code>auto</code> by default, with <code>concise</code> or <code>detailed</code> as alternatives) so you can surface or hide the model's step-by-step reasoning for different workflows.</p> <h3> Network Access </h3> <p>Enable network for package installation and API calls:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight toml"><code><span class="c"># In config.toml</span> <span class="nn">[sandbox_workspace_write]</span> <span class="py">network_access</span> <span class="p">=</span> <span class="kc">true</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Or via command line</span> codex <span class="nt">--sandbox</span> workspace-write <span class="nt">-c</span> sandbox_workspace_write.network_access<span class="o">=</span><span class="nb">true</span> <span class="s2">"bundle install"</span> </code></pre> </div> <h3> Environment Variables </h3> <p>Control which shell variables Codex inherits:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight toml"><code><span class="nn">[shell_environment_policy]</span> <span class="py">inherit</span> <span class="p">=</span> <span class="s">"core"</span> <span class="c"># PATH, HOME, USER, SHELL, etc.</span> <span class="py">experimental_use_profile</span> <span class="p">=</span> <span class="kc">true</span> <span class="c"># Load .bashrc, .zshrc</span> <span class="c"># Whitelist specific variables</span> <span class="py">include_only</span> <span class="p">=</span> <span class="p">[</span> <span class="s">"PATH"</span><span class="p">,</span> <span class="s">"HOME"</span><span class="p">,</span> <span class="s">"RAILS_ENV"</span><span class="p">,</span> <span class="s">"DATABASE_URL"</span> <span class="p">]</span> <span class="c"># Blacklist sensitive variables</span> <span class="py">exclude</span> <span class="p">=</span> <span class="p">[</span> <span class="s">"*_API_KEY"</span><span class="p">,</span> <span class="s">"*_SECRET"</span><span class="p">,</span> <span class="s">"PASSWORD"</span> <span class="p">]</span> </code></pre> </div> <h2> Security Best Practices </h2> <ol> <li><strong>Never use YOLO in production environments</strong></li> <li><strong>Use <code>read-only</code> for code review and exploration</strong></li> <li><strong>Use <code>workspace-write</code> for active development</strong></li> <li><strong>Keep sensitive environment variables out of <code>include_only</code></strong></li> <li><strong>Test configurations in safe environments first</strong></li> <li><strong>Use version control before running destructive operations</strong></li> </ol> <p><strong>Note</strong>: This guide was written for CLI Version: 0.42.0</p> ai codex openai David Paluy Mon, 09 Jun 2025 18:36:09 +0000 https://dev.to/dpaluy/empowering-ai-agents-to-monitor-pull-request-status-ke3 https://dev.to/dpaluy/empowering-ai-agents-to-monitor-pull-request-status-ke3 <p>You can enable AI agents to monitor GitHub pull request (PR) status by polling CI checks. This approach ensures an automated process of delivering quality code by AI agent.</p> <p>It can be used in any AI Agentic workflow. For example, Claude Code, Cursor, etc. </p> <p>Add the script and instructions, and enjoy the magic.</p> <h2> <code># scripts/poll_ci.sh</code> </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/usr/bin/env bash</span> <span class="nb">set</span> <span class="nt">-euo</span> pipefail <span class="nv">PR</span><span class="o">=</span><span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> <span class="nv">INTERVAL</span><span class="o">=</span><span class="s2">"</span><span class="k">${</span><span class="nv">2</span><span class="k">:-</span><span class="nv">15</span><span class="k">}</span><span class="s2">"</span> <span class="c"># seconds</span> <span class="nv">TIMEOUT</span><span class="o">=</span><span class="s2">"</span><span class="k">${</span><span class="nv">3</span><span class="k">:-</span><span class="nv">600</span><span class="k">}</span><span class="s2">"</span> <span class="c"># seconds</span> <span class="nv">START</span><span class="o">=</span><span class="si">$(</span><span class="nb">date</span> +%s<span class="si">)</span> <span class="c"># Auto-detect repository owner and name if not provided</span> <span class="k">if</span> <span class="o">[[</span> <span class="nt">-z</span> <span class="s2">"</span><span class="k">${</span><span class="nv">OWNER</span><span class="k">:-}</span><span class="s2">"</span> <span class="o">]]</span> <span class="o">||</span> <span class="o">[[</span> <span class="nt">-z</span> <span class="s2">"</span><span class="k">${</span><span class="nv">REPO</span><span class="k">:-}</span><span class="s2">"</span> <span class="o">]]</span><span class="p">;</span> <span class="k">then </span><span class="nv">REPO_INFO</span><span class="o">=</span><span class="si">$(</span>gh repo view <span class="nt">--json</span> owner,name <span class="nt">-q</span> <span class="s1">'.owner.login + "/" + .name'</span><span class="si">)</span> <span class="nv">OWNER</span><span class="o">=</span><span class="si">$(</span><span class="nb">echo</span> <span class="s2">"</span><span class="nv">$REPO_INFO</span><span class="s2">"</span> | <span class="nb">cut</span> <span class="nt">-d</span><span class="s1">'/'</span> <span class="nt">-f1</span><span class="si">)</span> <span class="nv">REPO</span><span class="o">=</span><span class="si">$(</span><span class="nb">echo</span> <span class="s2">"</span><span class="nv">$REPO_INFO</span><span class="s2">"</span> | <span class="nb">cut</span> <span class="nt">-d</span><span class="s1">'/'</span> <span class="nt">-f2</span><span class="si">)</span> <span class="k">fi </span><span class="nb">echo</span> <span class="s2">"↪️ Polling PR #</span><span class="nv">$PR</span><span class="s2"> every </span><span class="nv">$INTERVAL</span><span class="s2"> s for </span><span class="nv">$TIMEOUT</span><span class="s2"> s max"</span> <span class="k">while</span> :<span class="p">;</span> <span class="k">do</span> <span class="c"># We use `|| true` so that `gh`'s non-zero exit code on pending or</span> <span class="c"># failed checks don't trigger `set -e` and kill the script.</span> <span class="nv">CHECKS_OUTPUT</span><span class="o">=</span><span class="si">$(</span>gh <span class="nb">pr </span>checks <span class="s2">"</span><span class="nv">$PR</span><span class="s2">"</span> <span class="nt">--repo</span> <span class="s2">"</span><span class="nv">$OWNER</span><span class="s2">/</span><span class="nv">$REPO</span><span class="s2">"</span> 2&gt;&amp;1 <span class="o">||</span> <span class="nb">true</span><span class="si">)</span> <span class="k">if </span><span class="nb">echo</span> <span class="s2">"</span><span class="nv">$CHECKS_OUTPUT</span><span class="s2">"</span> | <span class="nb">grep</span> <span class="nt">-E</span> <span class="s2">"fail|failure|error"</span> <span class="nt">-q</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"❌ PR #</span><span class="nv">$PR</span><span class="s2"> is red"</span> <span class="nb">echo</span> <span class="s2">"</span><span class="nv">$CHECKS_OUTPUT</span><span class="s2">"</span> <span class="nb">exit </span>1 <span class="k">elif </span><span class="nb">echo</span> <span class="s2">"</span><span class="nv">$CHECKS_OUTPUT</span><span class="s2">"</span> | <span class="nb">grep</span> <span class="s2">"pending"</span> <span class="nt">-q</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"• </span><span class="si">$(</span><span class="nb">date</span> +<span class="s2">"%H:%M:%S"</span><span class="si">)</span><span class="s2"> → pending"</span> <span class="k">elif</span> <span class="o">!</span> <span class="nb">echo</span> <span class="s2">"</span><span class="nv">$CHECKS_OUTPUT</span><span class="s2">"</span> | <span class="nb">grep</span> <span class="nt">-E</span> <span class="s2">"fail|failure|error|pending|skipping"</span> <span class="nt">-q</span><span class="p">;</span> <span class="k">then</span> <span class="c"># If there are no failing, pending, or skipping checks, we can assume success.</span> <span class="c"># This is more robust than just checking for "pass", as some CIs might</span> <span class="c"># not report a passing state explicitly if all jobs are neutral/successful.</span> <span class="nb">echo</span> <span class="s2">"✅ PR #</span><span class="nv">$PR</span><span class="s2"> is green"</span> <span class="nb">echo</span> <span class="s2">"</span><span class="nv">$CHECKS_OUTPUT</span><span class="s2">"</span> <span class="nb">exit </span>0 <span class="k">else</span> <span class="c"># This state means there are no failures and no pending, but some are</span> <span class="c"># skipping or in another state. We wait.</span> <span class="nb">echo</span> <span class="s2">"• </span><span class="si">$(</span><span class="nb">date</span> +<span class="s2">"%H:%M:%S"</span><span class="si">)</span><span class="s2"> → waiting for checks to complete"</span> <span class="k">fi</span> <span class="o">((</span> <span class="si">$(</span><span class="nb">date</span> +%s<span class="si">)</span> - START <span class="o">&gt;</span> TIMEOUT <span class="o">))</span> <span class="o">&amp;&amp;</span> <span class="o">{</span> <span class="nb">echo</span> <span class="s2">"⏰ PR #</span><span class="nv">$PR</span><span class="s2"> timed out"</span> <span class="nb">echo</span> <span class="s2">"</span><span class="nv">$CHECKS_OUTPUT</span><span class="s2">"</span> <span class="nb">exit </span>2 <span class="o">}</span> <span class="nb">sleep</span> <span class="s2">"</span><span class="nv">$INTERVAL</span><span class="s2">"</span> <span class="k">done</span> </code></pre> </div> <h2> AI Instructions </h2> <p>Note: Can be added to <code>CLAUDE.md</code> or Cursor rules<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight markdown"><code><span class="gh"># Poll CI Status: $ARGUMENTS</span> Use this command when you need to wait for all GitHub checks on a pull-request to complete and then branch into success or failure flows. <span class="gu">## Parameters (space-separated)</span> | Pos | Name | Example | Purpose | | --- | ---------- | ------- | ------------------------------------------------------- | | 1 | <span class="sb">`pr_id`</span> | <span class="sb">`123`</span> | Pull-request number to monitor | | 2 | <span class="sb">`interval`</span> | <span class="sb">`15`</span> | <span class="ge">*(optional, default 15 s)*</span> seconds between status polls | | 3 | <span class="sb">`timeout`</span> | <span class="sb">`600`</span> | <span class="ge">*(optional, default 600 s)*</span> maximum wait in seconds | <span class="gu">## Environment Variables (optional)</span> | Name | Example | Purpose | | ------- | -------------------- | ------------------------------------------------------------ | | <span class="sb">`OWNER`</span> | <span class="sb">`RAILS`</span> | Repository owner (auto-detected from current repo if unset) | | <span class="sb">`REPO`</span> | <span class="sb">`RAILS`</span> | Repository name (auto-detected from current repo if unset) | <span class="gs">**Run polling script**</span> <span class="sb">`./scripts/poll_ci.sh $ARGUMENTS`</span> The script will automatically detect the repository owner and name from the current directory if not provided via environment variables. </code></pre> </div> ai cursor claude anthropic David Paluy Sun, 09 Feb 2025 19:59:18 +0000 https://dev.to/dpaluy/exploring-agentic-workflow-patterns-312a https://dev.to/dpaluy/exploring-agentic-workflow-patterns-312a <p>As artificial intelligence continues to evolve, we're witnessing a paradigm shift in how AI systems are structured and deployed. Instead of monolithic models, modern AI architectures increasingly rely on multiple specialized agents working together to accomplish complex tasks. These agentic systems represent a fundamental evolution in AI design, offering enhanced flexibility, scalability, and robustness.</p> <h2> Understanding Agentic Workflows </h2> <p>At their core, agentic workflows represent patterns of interaction between multiple AI agents, each specialized in specific tasks or domains. These patterns are the blueprints for orchestrating collaborative AI systems – similar to how design patterns help structure software development. As microservices revolutionized software architecture by breaking down monolithic applications, agentic patterns transform AI systems by decomposing complex tasks into manageable, specialized components.</p> <h2> Why Agentic Patterns Matter </h2> <p>The significance of agentic patterns extends beyond mere architectural elegance. These patterns offer several crucial advantages:</p> <ol> <li><p><strong>Modularity</strong>: By breaking down complex systems into discrete agents, we can more easily maintain, upgrade, and scale individual components without affecting the entire system.</p></li> <li><p><strong>Specialization</strong>: Different agents can be optimized for specific tasks, leading to better performance than a single, general-purpose model.</p></li> <li><p><strong>Reliability</strong>: Systems can gracefully handle failures and maintain operational continuity through patterns like fallback and self-healing loops.</p></li> <li><p><strong>Scalability</strong>: Agentic patterns enable systems to dynamically allocate resources and parallelize tasks, improving efficiency and throughput.</p></li> </ol> <h2> Navigating This Guide </h2> <p>In this visual guide, we'll explore eleven fundamental agentic workflow patterns. Each pattern represents a different approach to organizing and coordinating AI agents, from simple sequential workflows to complex networked architectures. We'll examine each pattern's structure, ideal use cases, advantages, and practical applications.</p> <p>Whether you're designing AI systems, architecting automation workflows, or simply interested in understanding how modern AI systems operate at scale, these patterns provide a valuable framework for thinking about and implementing intelligent systems.</p> <p>Let's dive into each pattern and understand how it can be applied to build more robust, efficient, and intelligent systems.</p> <h2> Table of Contents </h2> <ul> <li>Network (Horizontal)</li> <li> Hierarchical (Vertical) </li> <li>Sequential</li> <li>Parallel</li> <li>Loop (Self-Healing)</li> <li>Router (Agentic RAG)</li> <li>Aggregator (Synthesizer)</li> <li>Branching (Conditional Processing)</li> <li>Ensemble (Voting or Consensus)</li> <li>Cascade (Progressive Refinement)</li> <li>Fallback (Error Handling)</li> </ul> <h2> Network (Horizontal) </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmt7wicuj8hfllktugjop.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmt7wicuj8hfllktugjop.png" alt="Image description" width="800" height="243"></a></p> <p><strong>Description:</strong> Agents interact in a networked or peer-to-peer fashion, forming a decentralized system.</p> <p><strong>Best Used For:</strong> Distributed decision-making, multi-agent collaboration, adaptive learning.</p> <p><strong>Advantages:</strong> High resilience, scalable, fault-tolerant.</p> <p><strong>Example Use Case:</strong> Cybersecurity threat detection where multiple agents exchange information.</p> <h2> Hierarchical (Vertical) </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fefafg6c668k24cyw514w.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fefafg6c668k24cyw514w.png" alt="Image description" width="800" height="323"></a></p> <p><strong>Description:</strong> A main agent delegates tasks to multiple sub-agents in a structured, hierarchical manner.</p> <p><strong>Best Used For:</strong> Task delegation, multi-layered decision-making.</p> <p><strong>Advantages:</strong> Clear structure, easy to manage dependencies, scales well.</p> <p><strong>Example Use Case:</strong> AI-powered IT support system with specialized troubleshooting bots.</p> <h2> Sequential </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F15mb9ejoip8xfjm8hpfs.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F15mb9ejoip8xfjm8hpfs.png" alt="Image description" width="800" height="111"></a></p> <p><strong>Description:</strong> A linear processing pipeline where each agent refines the task and passes the result to the next.</p> <p><strong>Best Used For:</strong> Workflow automation, data processing.</p> <p><strong>Advantages:</strong> Structured flow, easy to manage, deterministic.</p> <p><strong>Example Use Case:</strong> Data processing pipeline with cleaning, analysis, and summarization steps.</p> <h2> Parallel </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Feu6h96rylhv3ms1ltz2h.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Feu6h96rylhv3ms1ltz2h.png" alt="Image description" width="800" height="334"></a></p> <p><strong>Description:</strong> Multiple agents process tasks simultaneously before merging their outputs.</p> <p><strong>Best Used For:</strong> Performance optimization, multi-modal AI processing.</p> <p><strong>Advantages:</strong> Faster execution, increased efficiency.</p> <p><strong>Example Use Case:</strong> AI system simultaneously processes text, image, and audio data.</p> <h2> Loop (Self-Healing) </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj05n06r0hw0oehgkmmov.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj05n06r0hw0oehgkmmov.png" alt="Image description" width="800" height="119"></a></p> <p><strong>Description:</strong> Agents iterate over a process to refine their output, retry errors, or self-improve.</p> <p><strong>Best Used For:</strong> Self-learning models, continuous monitoring.</p> <p><strong>Advantages:</strong> Improves accuracy and self-correcting.</p> <p><strong>Example Use Case:</strong> AI chatbot refining responses based on user feedback.</p> <h2> Router (Agentic RAG) </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fti1mo1zvxewj04mxpjab.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fti1mo1zvxewj04mxpjab.png" alt="Image description" width="800" height="213"></a></p> <p><strong>Description:</strong> An agent routes incoming data to the appropriate knowledge source.</p> <p><strong>Best Used For:</strong> Query classification, intelligent data routing.</p> <p><strong>Advantages:</strong> Efficient, scalable.</p> <p><strong>Example Use Case:</strong> Smart search engine directing queries to the appropriate knowledge base.</p> <h2> Aggregator (Synthesizer) </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxt8ajgtwcae3i5qyrp2j.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxt8ajgtwcae3i5qyrp2j.png" alt="Image description" width="800" height="314"></a></p> <p><strong>Description:</strong> Multiple agents process different aspects of a task independently, and their outputs are aggregated or synthesized into a cohesive result.</p> <p><strong>Best Used For:</strong> Combining diverse data sources, multi-perspective analysis.</p> <p><strong>Advantages:</strong> Comprehensive results, leverages specialized processing, enhances robustness.</p> <p><strong>Example Use Case:</strong> An AI system that gathers insights from various news sources to provide a comprehensive summary.</p> <h2> Branching (Conditional Processing) </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F49cdtm40vwzfkln85wzk.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F49cdtm40vwzfkln85wzk.png" alt="Image description" width="800" height="577"></a></p> <p><strong>Description:</strong> A primary agent evaluates conditions and directs tasks to different sub-agents based on specific criteria or decision points.</p> <p><strong>Best Used For:</strong> Decision-based workflows, conditional task execution.</p> <p><strong>Advantages:</strong> Dynamic processing paths, efficient resource utilization, adaptable to varying inputs.</p> <p><strong>Example Use Case:</strong> Customer support system that routes inquiries to specialized agents based on the nature of the query.</p> <h2> Ensemble (Voting or Consensus) </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F84rsjujcdyyqycw3kz5u.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F84rsjujcdyyqycw3kz5u.png" alt="Image description" width="800" height="442"></a></p> <p><strong>Description:</strong> Multiple agents provide solutions or answers to the same problem, and a consensus mechanism determines the final output.</p> <p><strong>Best Used For:</strong> Improving accuracy, reducing bias, decision-making processes.</p> <p><strong>Advantages:</strong> Enhanced reliability, mitigates individual agent errors, robust outcomes.</p> <p><strong>Example Use Case:</strong> An AI diagnostic system where multiple models assess medical images, and the final diagnosis is based on majority agreement.</p> <h2> Cascade (Progressive Refinement) </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpwn7zcor6vyw8cs79ymn.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpwn7zcor6vyw8cs79ymn.png" alt="Image description" width="800" height="598"></a></p> <p><strong>Description:</strong> A sequence of agents progressively refines the output, with each agent adding incremental improvements or details.</p> <p><strong>Best Used For:</strong> Complex problem-solving, iterative enhancement.</p> <p><strong>Advantages:</strong> Gradual improvement, manageable complexity, allows for intermediate evaluations.</p> <p><strong>Example Use Case:</strong> Natural language processing system where initial agents handle basic parsing, and subsequent agents perform deeper semantic analysis.</p> <h2> Fallback (Error Handling) </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsg79tf4cja2cqompj6px.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsg79tf4cja2cqompj6px.png" alt="Image description" width="800" height="177"></a></p> <p><strong>Description:</strong> A backup agent takes over if the primary agent fails.</p> <p><strong>Best Used For:</strong> AI failover, fault tolerance.</p> <p><strong>Advantages:</strong> Reliability, robustness.</p> <p><strong>Example Use Case:</strong> AI assistant with a backup rules-based chatbot in case of LLM failures.</p> agents ai patterns David Paluy Fri, 07 Feb 2025 22:20:45 +0000 https://dev.to/dpaluy/mastering-cursor-rules-a-developers-guide-to-smart-ai-integration-1k65 https://dev.to/dpaluy/mastering-cursor-rules-a-developers-guide-to-smart-ai-integration-1k65 <h2> What are Cursor Rules? </h2> <p>Cursor Rules are configuration files that define how AI should interact with your codebase. They provide context-aware assistance by setting guidelines, constraints, and behavioral patterns for AI interactions.</p> <h2> Three Types of Cursor Rules </h2> <h3> 1. Global AI Rules (Settings) </h3> <p>Located in Cursor <code>Settings -&gt; General</code>, these rules establish core principles for all AI interactions. They define fundamental behavior patterns and are language-agnostic. Here's a powerful example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;CORE_PRINCIPLES&gt; 1. EXPLORATION OVER CONCLUSION - Never rush to conclusions - Keep exploring until a solution emerges naturally - Question every assumption and inference 2. DEPTH OF REASONING - Break down complex thoughts into simple steps - Embrace uncertainty and revision - Express thoughts in natural conversation 3. THINKING PROCESS - Show work-in-progress thinking - Acknowledge and explore alternatives - Frequently reassess and revise &lt;/CORE_PRINCIPLES&gt; &lt;OUTPUT_FORMAT&gt; Responses must follow: &lt;CONTEMPLATOR&gt; - Begin with foundational observations - Question thoroughly - Show natural progression &lt;/CONTEMPLATOR&gt; &lt;FINAL_ANSWER&gt; - Clear, concise summary - Note remaining questions &lt;/FINAL_ANSWER&gt; &lt;/OUTPUT_FORMAT&gt; </code></pre> </div> <p>This structure transforms AI from a simple answer generator into a thoughtful collaborator that explores solutions thoroughly and shows its reasoning process.</p> <p>Example: <a href="https://majesticlabs.dev/blog/202502/rules_for_ai.txt" rel="noopener noreferrer">Advanced Rules for AI</a> with reasoning</p> <h3> 2. Project-Wide Rules (.cursorrules) </h3> <p>A single file in your project root that serves as the primary guidebook for project-specific conventions:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Framework Standards - Follow Rails architectural patterns - Use service objects for business logic - Reference patterns (@service-objects.md) # Quality Controls - Follow RuboCop guidelines - Enforce test coverage minimums - Ban SQL queries in views </code></pre> </div> <h3> 3. Pattern-Specific Rules (.cursor/rules/*.mdc) </h3> <p>Introduced in Cursor v0.45, these Markdown-based Domain Configuration files target specific file patterns:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>--- Description: Rails Controller Standards Globs: app/controllers/**/*.rb --- # Guidelines - Keep controllers skinny - Use before_action for repeating logic - Follow RESTful conventions </code></pre> </div> <p><strong>Note:</strong> In the current version, those rules are added to prompt only in Agent mode. Chat and Normal compose are still using <code>.cursorrules</code> </p> <h2> Agentic Approach: The Game Changer </h2> <p>Modern Cursor Rules shifted from passive rule listing to active agent instruction. Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>You are instructa, a senior Rails developer with superpowers! ⚡ # Agent Behavior - Read Roadmap.md first - Plan database schema changes - Use ViewComponents for complex UI - Write system tests for critical paths # Code Standards - Follow Rails conventions - Use concerns for shared logic - Tests must pass before merge </code></pre> </div> <h2> Pro Tips </h2> <h3> 1. Reference Architecture Using "@ syntax" </h3> <p>Instead of writing lengthy explanations, reference your documentation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Bad - Controllers should use service objects for complex business logic... # Good - Follow service object patterns defined in @docs/architecture/services.md - See implementation examples in @docs/examples/service_objects/ </code></pre> </div> <h3> 2. Strategic Glob Patterns </h3> <p>Create focused, hierarchical patterns:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Too broad Globs: **/*.rb # Better Globs: app/services/**/*.rb app/models/**/*.rb !app/models/legacy/**/*.rb # Exclude legacy </code></pre> </div> <h3> 3. Combining Rules </h3> <p>Create composable rule sets:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># .cursor/rules/base_ruby.mdc Description: Base Ruby standards # .cursor/rules/rails_controllers.mdc @base_ruby.mdc Description: Controller-specific rules Globs: app/controllers/**/*.rb </code></pre> </div> <h3> 4. Maintainable Organization </h3> <p>Structure rules by domain:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>.cursor/rules/ ├── rails8.mdc ├── models/ │ ├── active_record.mdc │ └── postgresql.mdc ├── controllers/ │ ├── api.mdc │ └── web.mdc └── views/ ├── erb.mdc └── components.mdc </code></pre> </div> <p>The power of Cursor Rules lies in their ability to provide contextual guidance while maintaining flexibility. They transform AI from a generic tool into a project-aware coding partner that understands your architecture, conventions, and goals.</p> cursor rules rails David Paluy Mon, 03 Feb 2025 17:28:00 +0000 https://dev.to/dpaluy/when-third-party-apis-go-rogue-360k https://dev.to/dpaluy/when-third-party-apis-go-rogue-360k <h2> Strategies for Building Bulletproof Integrations </h2> <p>Modern web applications often rely on external APIs that can be slow, unreliable, or even disappear entirely. To build robust integrations, you need clear timeouts, conditional retries, rate limiting, decoupled code designs, and carefully orchestrated background jobs. This post provides proven techniques, using Ruby on Rails for illustration, that can be applied in almost any technology stack.</p> <h2> 1. Configure Timeouts </h2> <p>Timeouts prevent your application from getting stuck when the external service fails to respond promptly.</p> <ul> <li> <strong>Connection Timeout</strong>: How long to wait for the connection to be established (e.g., 5 seconds).</li> <li> <strong>Read Timeout</strong>: How long to wait for data after the connection is established (e.g., 15 seconds).</li> </ul> <h3> Example (Net::HTTP) </h3> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="nb">require</span> <span class="s1">'net/http'</span> <span class="nb">require</span> <span class="s1">'uri'</span> <span class="n">uri</span> <span class="o">=</span> <span class="no">URI</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="s2">"https://api.unreliable.com"</span><span class="p">)</span> <span class="n">http</span> <span class="o">=</span> <span class="no">Net</span><span class="o">::</span><span class="no">HTTP</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="n">uri</span><span class="p">.</span><span class="nf">host</span><span class="p">,</span> <span class="n">uri</span><span class="p">.</span><span class="nf">port</span><span class="p">)</span> <span class="n">http</span><span class="p">.</span><span class="nf">use_ssl</span> <span class="o">=</span> <span class="p">(</span><span class="n">uri</span><span class="p">.</span><span class="nf">scheme</span> <span class="o">==</span> <span class="s1">'https'</span><span class="p">)</span> <span class="n">http</span><span class="p">.</span><span class="nf">open_timeout</span> <span class="o">=</span> <span class="mi">5</span> <span class="c1"># connection timeout</span> <span class="n">http</span><span class="p">.</span><span class="nf">read_timeout</span> <span class="o">=</span> <span class="mi">15</span> <span class="c1"># read timeout</span> <span class="n">response</span> <span class="o">=</span> <span class="n">http</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">uri</span><span class="p">.</span><span class="nf">request_uri</span><span class="p">)</span> <span class="nb">puts</span> <span class="n">response</span><span class="p">.</span><span class="nf">body</span> </code></pre> </div> <p>If these limits are exceeded, <code>Net::HTTP</code> raises an exception that you can catch and handle.</p> <h2> 2. Automatic Retries </h2> <p>When dealing with transient or server-side failures, you can retry requests to increase success rates. However, be selective:</p> <ol> <li> <strong>Retry</strong> on timeouts and server (5xx) errors.</li> <li> <strong>Do not retry</strong> on 4xx errors. They usually indicate issues in your request itself.</li> </ol> <h3> Example Using Faraday with Retry </h3> <p>Use <a href="https://github.com/lostisland/faraday-retry" rel="noopener noreferrer">faraday-retry</a> or <a href="https://github.com/kamui/retriable" rel="noopener noreferrer">Retriable</a> for robust retry behavior.</p> <h4> Faraday + faraday-retry </h4> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="nb">require</span> <span class="s1">'faraday'</span> <span class="nb">require</span> <span class="s1">'faraday/retry'</span> <span class="k">def</span> <span class="nf">fetch_data</span> <span class="no">Faraday</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="ss">url: </span><span class="s2">"https://api.unreliable.com"</span><span class="p">)</span> <span class="k">do</span> <span class="o">|</span><span class="n">conn</span><span class="o">|</span> <span class="n">conn</span><span class="p">.</span><span class="nf">request</span> <span class="ss">:retry</span><span class="p">,</span> <span class="ss">max: </span><span class="mi">3</span><span class="p">,</span> <span class="ss">interval: </span><span class="mi">1</span><span class="p">,</span> <span class="ss">exceptions: </span><span class="p">[</span><span class="no">Faraday</span><span class="o">::</span><span class="no">TimeoutError</span><span class="p">,</span> <span class="no">Faraday</span><span class="o">::</span><span class="no">ConnectionFailed</span><span class="p">]</span> <span class="n">conn</span><span class="p">.</span><span class="nf">options</span><span class="p">.</span><span class="nf">timeout</span> <span class="o">=</span> <span class="mi">15</span> <span class="n">conn</span><span class="p">.</span><span class="nf">options</span><span class="p">.</span><span class="nf">open_timeout</span> <span class="o">=</span> <span class="mi">5</span> <span class="n">conn</span><span class="p">.</span><span class="nf">response</span> <span class="ss">:raise_error</span> <span class="n">conn</span><span class="p">.</span><span class="nf">adapter</span> <span class="no">Faraday</span><span class="p">.</span><span class="nf">default_adapter</span> <span class="k">end</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="s2">"/data"</span><span class="p">)</span> <span class="k">rescue</span> <span class="no">Faraday</span><span class="o">::</span><span class="no">ClientError</span> <span class="o">=&gt;</span> <span class="n">e</span> <span class="c1"># Handle 4xx or client errors</span> <span class="k">rescue</span> <span class="no">Faraday</span><span class="o">::</span><span class="no">ServerError</span> <span class="o">=&gt;</span> <span class="n">e</span> <span class="c1"># Handle 5xx after retries</span> <span class="k">end</span> </code></pre> </div> <h4> Retriable </h4> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="nb">require</span> <span class="s1">'net/http'</span> <span class="nb">require</span> <span class="s1">'uri'</span> <span class="nb">require</span> <span class="s1">'retriable'</span> <span class="k">def</span> <span class="nf">reliable_request</span> <span class="n">uri</span> <span class="o">=</span> <span class="no">URI</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="s2">"https://api.unreliable.com"</span><span class="p">)</span> <span class="no">Retriable</span><span class="p">.</span><span class="nf">retriable</span><span class="p">(</span><span class="ss">on: </span><span class="p">[</span><span class="no">Timeout</span><span class="o">::</span><span class="no">Error</span><span class="p">],</span> <span class="ss">tries: </span><span class="mi">3</span><span class="p">)</span> <span class="k">do</span> <span class="n">http</span> <span class="o">=</span> <span class="no">Net</span><span class="o">::</span><span class="no">HTTP</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="n">uri</span><span class="p">.</span><span class="nf">host</span><span class="p">,</span> <span class="n">uri</span><span class="p">.</span><span class="nf">port</span><span class="p">)</span> <span class="n">http</span><span class="p">.</span><span class="nf">use_ssl</span> <span class="o">=</span> <span class="p">(</span><span class="n">uri</span><span class="p">.</span><span class="nf">scheme</span> <span class="o">==</span> <span class="s1">'https'</span><span class="p">)</span> <span class="n">http</span><span class="p">.</span><span class="nf">open_timeout</span> <span class="o">=</span> <span class="mi">5</span> <span class="n">http</span><span class="p">.</span><span class="nf">read_timeout</span> <span class="o">=</span> <span class="mi">15</span> <span class="n">response</span> <span class="o">=</span> <span class="n">http</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">uri</span><span class="p">.</span><span class="nf">request_uri</span><span class="p">)</span> <span class="c1"># raise or handle depending on response code</span> <span class="k">return</span> <span class="n">response</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <h2> 3. Implement a Hard Rate Limiter </h2> <p>Many APIs have soft limits—once you exceed them, you might be billed for each additional request. Implement a hard limit within your app to avoid unexpected costs.</p> <ol> <li> <strong>Track request counts</strong> in persistent storage (e.g., database or Redis).</li> <li> <strong>Reject calls immediately</strong> if you’re at the limit.</li> </ol> <h3> Example (Rails Model) </h3> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">class</span> <span class="nc">ApiUsageTracker</span> <span class="no">MAX_REQUESTS_PER_HOUR</span> <span class="o">=</span> <span class="mi">1000</span> <span class="k">def</span> <span class="nc">self</span><span class="o">.</span><span class="nf">increment_usage</span> <span class="n">record</span> <span class="o">=</span> <span class="no">ApiTracker</span><span class="p">.</span><span class="nf">find_or_create_by</span><span class="p">(</span><span class="ss">hour: </span><span class="no">Time</span><span class="p">.</span><span class="nf">current</span><span class="p">.</span><span class="nf">beginning_of_hour</span><span class="p">)</span> <span class="k">if</span> <span class="n">record</span><span class="p">.</span><span class="nf">request_count</span> <span class="o">&lt;</span> <span class="no">MAX_REQUESTS_PER_HOUR</span> <span class="n">record</span><span class="p">.</span><span class="nf">increment!</span><span class="p">(</span><span class="ss">:request_count</span><span class="p">)</span> <span class="k">return</span> <span class="kp">true</span> <span class="k">else</span> <span class="k">return</span> <span class="kp">false</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">call_protected_api</span> <span class="k">if</span> <span class="no">ApiUsageTracker</span><span class="p">.</span><span class="nf">increment_usage</span> <span class="c1"># Proceed with API call</span> <span class="k">else</span> <span class="c1"># Return an error or raise an exception</span> <span class="k">raise</span> <span class="s2">"API limit exceeded!"</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>In this snippet, <code>hour</code> is used to group requests by the current hour.</p> <h2> 4. Decouple with an Interface </h2> <p>Minimize direct dependencies on a specific API by coding against an interface. This gives you freedom to swap out underlying providers without altering business logic.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">module</span> <span class="nn">CurrencyProvider</span> <span class="k">def</span> <span class="nf">convert</span><span class="p">(</span><span class="n">amount</span><span class="p">,</span> <span class="n">from_currency</span><span class="p">,</span> <span class="n">to_currency</span><span class="p">)</span> <span class="k">raise</span> <span class="no">NotImplementedError</span> <span class="k">end</span> <span class="k">end</span> <span class="k">class</span> <span class="nc">UnreliableApiCurrencyConverter</span> <span class="kp">include</span> <span class="no">CurrencyProvider</span> <span class="k">def</span> <span class="nf">convert</span><span class="p">(</span><span class="n">amount</span><span class="p">,</span> <span class="n">from_currency</span><span class="p">,</span> <span class="n">to_currency</span><span class="p">)</span> <span class="c1"># Actual call to https://api.unreliable.com</span> <span class="k">end</span> <span class="k">end</span> <span class="k">class</span> <span class="nc">FallbackCurrencyConverter</span> <span class="kp">include</span> <span class="no">CurrencyProvider</span> <span class="k">def</span> <span class="nf">convert</span><span class="p">(</span><span class="n">amount</span><span class="p">,</span> <span class="n">from_currency</span><span class="p">,</span> <span class="n">to_currency</span><span class="p">)</span> <span class="c1"># A cached or offline calculation</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <h2> 5. Asynchronous, Persistent Queuing </h2> <p>Offload external API interactions to background jobs. This approach lets your application remain responsive and resilient to transient failures.</p> <ol> <li> <strong>Dedicated Queue</strong>: Place API jobs in a separate queue to keep them isolated.</li> <li> <strong>Persist Status</strong>: Use database-backed jobs so failures are not lost.</li> <li> <strong>Retry or Discard</strong>: Use <code>retry_on</code> or <code>discard_on</code> to handle specific errors gracefully.</li> </ol> <h3> Rails ActiveJob Example </h3> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">class</span> <span class="nc">PaymentJob</span> <span class="o">&lt;</span> <span class="no">ApplicationJob</span> <span class="n">queue_as</span> <span class="ss">:api_calls</span> <span class="n">retry_on</span> <span class="no">PaymentGatewayError</span><span class="p">,</span> <span class="ss">wait: </span><span class="mi">1</span><span class="p">.</span><span class="nf">minute</span><span class="p">,</span> <span class="ss">attempts: </span><span class="mi">5</span> <span class="n">retry_on</span> <span class="no">NetworkTimeout</span><span class="p">,</span> <span class="ss">wait: :exponentially_longer</span><span class="p">,</span> <span class="ss">attempts: :unlimited</span> <span class="k">def</span> <span class="nf">perform</span><span class="p">(</span><span class="n">order</span><span class="p">)</span> <span class="c1"># Make request to https://api.unreliable.com</span> <span class="c1"># If PaymentGatewayError or NetworkTimeout occurs,</span> <span class="c1"># Rails retries automatically based on the settings</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p><code>retry_on</code> handles defined exceptions by re-enqueuing the job for another attempt. You can also use <code>discard_on</code> for errors that should not be retried.</p> <h2> Conclusion </h2> <p>Incorporating strict timeouts, targeted retries, robust rate limiting, interface-based designs, and asynchronous job orchestration will make your application more resilient when integrating with an unreliable or slow external service. By implementing these strategies, you ensure higher availability, better fault tolerance, and tighter control over behavior when the API fails or becomes unresponsive.</p> rails api integration David Paluy Sat, 30 Nov 2024 04:20:01 +0000 https://dev.to/dpaluy/lang-everything-the-missing-guide-to-langchains-ecosystem-1eo7 https://dev.to/dpaluy/lang-everything-the-missing-guide-to-langchains-ecosystem-1eo7 <p>In the rapidly evolving landscape of AI development, the Lang* ecosystem has emerged as a powerhouse for building sophisticated language model applications. Let's break down the key players and understand when to use each.</p> <h2> LangChain: The Foundation </h2> <p>Think of LangChain as your Swiss Army knife for LLM development. It's the foundational framework that handles:</p> <ul> <li> <strong>LLM Integration</strong>: Seamlessly works with both closed-source (GPT-4) and open-source (Llama 3) models</li> <li> <strong>Prompt Management</strong>: Dynamic templates instead of hardcoded prompts</li> <li> <strong>Memory Systems</strong>: Built-in conversation memory</li> <li> <strong>Chain Operations</strong>: Connect multiple tasks into smooth workflows </li> <li> <strong>External Data</strong>: Easy integration with document loaders and vector databases</li> </ul> <p>Instead of writing boilerplate code for API calls and agent management, LangChain provides clean abstractions that make complex AI applications manageable.</p> <h2> LangGraph: The Orchestrator </h2> <p>Built on top of LangChain, LangGraph specializes in managing multi-agent workflows through three core components:</p> <ol> <li> <strong>State</strong>: Maintains the current snapshot of your application</li> <li> <strong>Nodes</strong>: Individual components performing specific tasks</li> <li> <strong>Edges</strong>: Defines how data flows between nodes</li> </ol> <p>LangGraph shines when you need agents to collaborate and make decisions cyclically. It's beneficial for task automation and research assistance systems.</p> <h2> LangFlow: The Visual Builder </h2> <p>Want to prototype without coding? LangFlow offers a drag-and-drop interface for building LangChain applications. Key features include:</p> <ul> <li>Visual workflow design</li> <li>Quick prototyping capabilities </li> <li>API access to created workflows</li> <li>Perfect for MVPs</li> </ul> <p>While primarily meant for prototyping rather than production, it's an excellent tool for rapid development and team collaboration.</p> <h2> LangSmith: The Monitor </h2> <p>Every production AI application needs monitoring, and that's where LangSmith comes in. It provides:</p> <ul> <li>Lifecycle management (prototyping to production)</li> <li>Performance monitoring</li> <li>Token usage tracking</li> <li>Error rate analysis</li> <li>Latency monitoring</li> </ul> <p>The best part? LangSmith works independently of your LLM framework, though it integrates seamlessly with LangChain and LangGraph.</p> <h2> Making the Right Choice </h2> <ul> <li> <strong>Use LangChain</strong> when building any LLM-powered application from scratch</li> <li> <strong>Add LangGraph</strong> when you need sophisticated multi-agent interactions</li> <li> <strong>Start with LangFlow</strong> for rapid prototyping and visual development</li> <li> <strong>Deploy LangSmith</strong> when you need severe monitoring and performance tracking</li> </ul> <p>Remember, these tools aren't mutually exclusive - they're designed to work together, forming a comprehensive ecosystem for AI application development.</p> langchain ai llm David Paluy Fri, 22 Nov 2024 09:22:52 +0000 https://dev.to/dpaluy/leveraging-ai-tools-for-modern-web-development-2k2c https://dev.to/dpaluy/leveraging-ai-tools-for-modern-web-development-2k2c <h2> Overview </h2> <p>This guide outlines an efficient workflow using multiple AI tools to build web applications, from planning to deployment.</p> <h2> Tools Required </h2> <ul> <li>Perplexity AI - <em>Initial research &amp; tech stack validation</em> </li> <li>OpenAI O1 Model - <em>Primary documentation tool</em> </li> <li>Claude AI - <em>Coding assistant</em> </li> <li>Cursor AI - <em>IDE</em> </li> <li>Bolt.new - <em>Frontend design &amp; project setup</em> </li> <li>Replit AI - <em>Quick deployments</em> </li> </ul> <h2> Step 1: Research with Perplexity AI </h2> <h3> Initial Market Research Phase </h3> <p>Use Perplexity for comprehensive analysis in this order:</p> <ol> <li> <strong>Problem Research</strong> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight markdown"><code>"Research [your problem area]: <span class="p">-</span> What are the current challenges in [industry/domain]? <span class="p">-</span> How do people currently solve this problem? <span class="p">-</span> What are the main pain points with existing solutions? <span class="p">-</span> What are the latest trends in solving this problem? <span class="p">-</span> Are there any recent technological advancements in this area?" </code></pre> </div> <p>2. <strong>Solution Validation</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight markdown"><code>"Analyze solution feasibility for [your proposed solution]: <span class="p">-</span> What similar solutions exist in the market? <span class="p">-</span> What are their technical approaches? <span class="p">-</span> What are common implementation challenges? <span class="p">-</span> What makes solutions successful in this space? <span class="p">-</span> Are there any regulatory or compliance considerations?" </code></pre> </div> <p>3. <strong>Competition Analysis</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight markdown"><code>"Research competitors in [your solution space]: <span class="p">-</span> Who are the main players? <span class="p">-</span> What tech stacks do they use? <span class="p">-</span> What are their key features? <span class="p">-</span> What are their strengths and weaknesses? <span class="p">-</span> What are users saying about these solutions? <span class="p">-</span> What features are missing in current solutions?" </code></pre> </div> <p>4. <strong>Technical Validation</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight markdown"><code>"Technical research for implementation: <span class="p">-</span> Best practices for [your chosen tech stack] <span class="p">-</span> Common scalability issues and solutions <span class="p">-</span> Security considerations <span class="p">-</span> Performance optimizations <span class="p">-</span> Integration challenges <span class="p">-</span> Latest relevant tools and libraries" </code></pre> </div> <h3> Research Organization </h3> <p>Create a summary document including:</p> <ol> <li>Problem Space Overview</li> <li>Market Gaps</li> <li>Competitor Matrix</li> <li>Technical Requirements</li> <li>Unique Value Propositions</li> </ol> <p>This research will feed directly into your O1 documentation phase, providing solid foundations for your PRD.</p> <h2> Step 2: Project Planning with OpenAI O1 Model </h2> <h3> Why O1 Model? </h3> <p>O1 is best for documentation and should be your starting point. The documentation provides context to LLMs and gives less room for hallucination.</p> <h3> Key Documents to Generate </h3> <ol> <li><strong>PRD (Project Requirements Document)</strong></li> <li><strong>App Flow &amp; Functionality Documentation</strong></li> <li><strong>Project Development Roadmap</strong></li> </ol> <p>These three documents should provide sufficient foundation to begin development.</p> <h3> Providing Project Context </h3> <p>Share as much information about your project as possible. Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight markdown"><code>"I want to build a web application with Next.js 14 app router using: <span class="p">-</span> TypeScript <span class="p">-</span> TailwindCSS <span class="p">-</span> shadcn/ui Backend: <span class="p">-</span> Supabase for auth, database and storage Project Details: [Provide comprehensive details about:] <span class="p">-</span> Problem it solves <span class="p">-</span> Solution approach <span class="p">-</span> Target users <span class="p">-</span> Core features <span class="p">-</span> API integrations <span class="p">-</span> Additional context [The more information provided, the better the documentation quality]" </code></pre> </div> <h2> Step 3: Frontend Design with Bolt.new </h2> <h3> Initial Setup Tip </h3> <p>Create a base boilerplate with your common tech stack and configurations. Fork this boilerplate for new projects to save tokens and setup time.</p> <h3> Process </h3> <ol> <li>Create new project in Bolt.new (using your boilerplate fork)</li> <li>Attach your PRD and app flow documentation</li> <li>Use this prompt: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight markdown"><code>"Design me the frontend components for the project I just attached. We will work on page to page basis: <span class="p">1.</span> First: Core skeleton (Left sidebar + Main content area) <span class="p">2.</span> Then: Code each page <span class="p">3.</span> Finally: Subdivide pages into components for complex functionality Do you understand?" </code></pre> </div> <ol> <li>Download or copy the final code for each component</li> </ol> <h2> Step 4: Implementation with Claude AI </h2> <h3> Setup </h3> <ol> <li>Start new Claude project</li> <li>Attach all documentation: <ul> <li>PRD</li> <li>App Flow &amp; Functionality Doc</li> <li>Project Development Roadmap</li> <li>Bolt.new generated code files</li> </ul> </li> </ol> <h3> Custom Instructions for Claude </h3> <div class="highlight js-code-highlight"> <pre class="highlight markdown"><code>"You're a Next.js 14 Expert. You code web apps with simple and scalable architecture. Your Goal is to work with me as a Coding Guide. I will be using: <span class="p">-</span> Cursor AI as my IDE <span class="p">-</span> Bolt for setting up project <span class="p">-</span> Replit for deployment Provide me step by step instructions to code this project. Do not miss any step. Provide instructions in simple language (where to go, what to do) Major help I need from you is for: <span class="p">-</span> File structure <span class="p">-</span> Project setup <span class="p">-</span> Debugging <span class="p">-</span> Deployment Go through the attached files everytime, to provide best answers." </code></pre> </div> <h2> Step 5: Development Process </h2> <ol> <li>Follow Claude's step-by-step instructions</li> <li>Use Cursor AI as your IDE</li> <li>Set up project structure</li> <li>Implement features systematically</li> <li>Debug with Claude's assistance</li> <li>Deploy using Replit</li> </ol> <h2> Best Practices </h2> <ol> <li> <strong>Research First</strong>: Validate technical decisions with Perplexity</li> <li> <strong>Documentation Second</strong>: Create comprehensive documentation with O1</li> <li> <strong>Systematic Approach</strong>: Follow the workflow sequentially</li> <li> <strong>Error Handling</strong>: Expect and learn from mistakes</li> <li> <strong>Iterative Development</strong>: Use multiple iterations to perfect features</li> <li> <strong>Tool Specialization</strong>: Leverage each AI tool's strengths</li> <li> <strong>Reusable Boilerplate</strong>: Maintain and fork a base project setup</li> </ol> <h2> Common Pitfalls to Avoid </h2> <ol> <li>Don't skip the research phase</li> <li>Don't expect single-prompt solutions</li> <li>Don't skip the documentation phase</li> <li>Don't ignore AI tool specializations</li> <li>Don't rush through error messages</li> <li>Don't start from scratch when you have a good boilerplate</li> </ol> <h2> Tips for Success </h2> <ol> <li>Use Perplexity for up-to-date tech decisions</li> <li>Provide detailed context to AI tools</li> <li>Save successful prompts for reuse</li> <li>Document errors and solutions</li> <li>Build progressively, starting with core features</li> <li>Test extensively at each stage</li> <li>Keep your boilerplate updated with latest dependencies</li> </ol> <h2> Important Note </h2> <p>There will be many errors, mistakes, and retries before mastering this workflow. However, once you master AI-assisted coding, you can build any SaaS for yourself or clients efficiently.</p> <p>Remember: Claims about building complete web apps with a single prompt are misleading. Success comes from systematic approach and understanding each tool's strengths and limitations.</p> <h2> Workflow Summary </h2> <ol> <li>Research tech stack and best practices (Perplexity)</li> <li>Create comprehensive documentation (O1)</li> <li>Design and generate frontend components (Bolt.new)</li> <li>Implement with expert guidance (Claude + Cursor)</li> <li>Deploy and iterate (Replit)</li> </ol> <p>This systematic approach ensures high-quality results while maximizing the effectiveness of each AI tool in your development workflow.​​​​​​​​​​​​​​​​</p> aicodeworkflow promptengineering webdevautomation David Paluy Thu, 07 Nov 2024 16:11:35 +0000 https://dev.to/dpaluy/make-master-branch-default-again-3d52 https://dev.to/dpaluy/make-master-branch-default-again-3d52 <p><strong>Remember:</strong> Good version control is about maintaining a clear, authoritative source of truth for your code. The name <strong>should serve this purpose</strong> first and foremost.</p> <p>I didn't follow the trend of changing my default branch from <code>master</code> to <code>main</code>. It doesn't make any sense to spend my resources reconfiguring my settings.<br> Also, DHH <a href="https://world.hey.com/dhh/forcing-master-to-main-was-a-good-faith-exploit-b21ee30c" rel="noopener noreferrer">agreed</a> that it was a classic exploit of good faith.</p> <h2> Historical Context: The Master Craftsman Tradition </h2> <p>The term "master" has a rich history in European guild systems and skilled trades dating back centuries. A master craftsman (or "Meister" in German-speaking regions) was someone who had achieved the highest level of skill and expertise in their trade. This usage derives from the Latin "magister," meaning "teacher" or "chief."</p> <ul> <li>Apprentices would study under a master to learn their craft</li> <li>Becoming a master required years of study and the creation of a "masterpiece"</li> <li>Masters were teachers and guardians of quality standards</li> <li>The title "Master" indicated expertise and teaching authority, not ownership</li> </ul> <h2> Git's Usage of "Master" </h2> <p>When Git was developed, the term "master" was chosen for the default branch to indicate it as the authoritative version of the code - the version from which all other branches derive their work. This usage aligns with:</p> <ul> <li>Master recordings in audio production (the final, authoritative mix)</li> <li>Master copies in publishing (the definitive version)</li> <li>Master's degrees in academia (advanced level of subject expertise)</li> </ul> <h2> Technical Benefits of "Master" </h2> <ol> <li> <strong>Widely Recognized:</strong> The term is universally understood in version control systems</li> <li> <strong>Tool Compatibility:</strong> Many CI/CD tools and scripts expect "master" as the default</li> <li> <strong>Clear Meaning:</strong> Instantly communicates which branch is authoritative</li> <li> <strong>Historical Continuity:</strong> Maintains compatibility with existing documentation and workflows</li> </ol> <h2> Local computer </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>git config --system init.defaultbranch master </code></pre> </div> <h2> Github Update </h2> <h3> Personal Settings </h3> <ol> <li>Visit: <a href="https://github.com/settings/repositories" rel="noopener noreferrer">https://github.com/settings/repositories</a> </li> <li>Set the default repository branch to: <code>master</code> </li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9y3cgc7iszd585u9tkex.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9y3cgc7iszd585u9tkex.png" alt="Repository Default Branch in Github" width="800" height="158"></a></p> <h3> Organization Account </h3> <ol> <li>Go to Organization settings of your repository: <code>https://github.com/organizations/[ORGANIZATION]/settings/repository-defaults</code> </li> <li>Set the default repository branch to: <code>master</code> </li> </ol> git github master dothingsthatmatter David Paluy Wed, 06 Nov 2024 00:48:43 +0000 https://dev.to/dpaluy/implement-a-secure-dynamic-domain-approval-system-for-embeddable-widgets-in-ruby-on-rails-2f53 https://dev.to/dpaluy/implement-a-secure-dynamic-domain-approval-system-for-embeddable-widgets-in-ruby-on-rails-2f53 <p>In the previous <a href="https://dev.to/dpaluy/embed-js-widgets-smoothly-with-rails-a-step-by-step-guide-fpk">post</a> I explained how to implement Embed JS Widgets with Ruby on Rails. </p> <p>But you have to define the approved domain explicitly:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="no">Rails</span><span class="p">.</span><span class="nf">application</span><span class="p">.</span><span class="nf">config</span><span class="p">.</span><span class="nf">action_dispatch</span><span class="p">.</span><span class="nf">default_headers</span><span class="p">.</span><span class="nf">merge!</span><span class="p">({</span> <span class="s1">'Content-Security-Policy'</span> <span class="o">=&gt;</span> <span class="s2">"frame-ancestors 'self' https://trusted-domain.com"</span> <span class="p">})</span> </code></pre> </div> <p>A common, naive approach is to set frame-ancestors to allow embedding on any domain using a wildcard <code>(*)</code>. While this enables maximum flexibility, it also opens the widget to misuse and unauthorized access.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/widgets_controller.rb</span> <span class="k">class</span> <span class="nc">WidgetsController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="k">def</span> <span class="nf">show</span> <span class="n">response</span><span class="p">.</span><span class="nf">headers</span><span class="p">[</span><span class="s1">'Content-Type'</span><span class="p">]</span> <span class="o">=</span> <span class="s1">'application/javascript'</span> <span class="n">response</span><span class="p">.</span><span class="nf">headers</span><span class="p">[</span><span class="s1">'Content-Security-Policy'</span><span class="p">]</span> <span class="o">=</span> <span class="s2">"frame-ancestors *"</span> <span class="n">render</span> <span class="ss">layout: </span><span class="kp">false</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>While this approach is convenient, it lacks domain restriction, meaning any website can use the widget, which could lead to potential misuse. For a secure, client-specific widget, let’s set up a dynamic domain approval system.</p> <h2> Secure Approach: Dynamic Domain Approval </h2> <p>To ensure that only authorized clients can embed the widget, we’ll implement a system where each <code>Account</code> in the application has approved domains. When the widget is served, it dynamically checks the account’s approved domains and sets a restrictive <code>frame-ancestors</code> header accordingly.</p> <h3> Step 1: Set Up the Account Model with Approved Domains </h3> <p>Update your Account model to include a domain attribute representing the domain where the client’s widget can be embedded.</p> <p>Example: <code>Account.create!(name: "Example Client 1", domain: "example1.com")</code></p> <h3> Step 2: Set Up a Secure Widget Endpoint </h3> <p>To serve the widget securely, we’ll modify the <code>WidgetsController</code> to check the Account model for the requesting client’s approved domain and set the <code>frame-ancestors</code> directive based on that domain.</p> <h4> Define the Widget Controller Action </h4> <p>In the <code>WidgetsController</code>, add logic to look up the client account based on a unique identifier, such as an API key. This API key can be passed securely as part of the script request to identify the client.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/widgets_controller.rb</span> <span class="k">class</span> <span class="nc">WidgetsController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="n">before_action</span> <span class="ss">:set_content_security_policy</span> <span class="k">def</span> <span class="nf">show</span> <span class="n">response</span><span class="p">.</span><span class="nf">headers</span><span class="p">[</span><span class="s1">'Content-Type'</span><span class="p">]</span> <span class="o">=</span> <span class="s1">'application/javascript'</span> <span class="n">render</span> <span class="ss">layout: </span><span class="kp">false</span> <span class="k">end</span> <span class="kp">private</span> <span class="k">def</span> <span class="nf">set_content_security_policy</span> <span class="c1"># Look up the account based on a unique identifier, such as an API key</span> <span class="n">account</span> <span class="o">=</span> <span class="no">Account</span><span class="p">.</span><span class="nf">find_by</span><span class="p">(</span><span class="ss">api_key: </span><span class="n">params</span><span class="p">[</span><span class="ss">:api_key</span><span class="p">])</span> <span class="k">if</span> <span class="n">account</span> <span class="o">&amp;&amp;</span> <span class="n">account</span><span class="p">.</span><span class="nf">domain</span><span class="p">.</span><span class="nf">present?</span> <span class="c1"># Restrict embedding to the approved domain</span> <span class="n">response</span><span class="p">.</span><span class="nf">headers</span><span class="p">[</span><span class="s2">"Content-Security-Policy"</span><span class="p">]</span> <span class="o">=</span> <span class="s2">"frame-ancestors </span><span class="si">#{</span><span class="n">account</span><span class="p">.</span><span class="nf">domain</span><span class="si">}</span><span class="s2">"</span> <span class="k">else</span> <span class="c1"># Deny embedding if no approved domain is found</span> <span class="n">response</span><span class="p">.</span><span class="nf">headers</span><span class="p">[</span><span class="s2">"Content-Security-Policy"</span><span class="p">]</span> <span class="o">=</span> <span class="s2">"frame-ancestors 'none'"</span> <span class="n">head</span> <span class="ss">:forbidden</span> <span class="c1"># Block access if the account or domain is not valid</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <ul> <li>The <code>set_content_security_policy</code> method checks for a matching <code>Account</code> based on an <code>api_key</code> parameter.</li> <li>If the account has a valid approved domain, it sets the <code>frame-ancestors</code> directive to allow embedding only on that domain. If no approved domain is found, it sets <code>frame-ancestors</code> to <code>'none'</code>, denying access and returning a 403 Forbidden status.</li> </ul> <h4> Generate API Keys for Accounts </h4> <p>Each <code>Account</code> should have a unique API key to secure access. Generate these keys and store them in the <code>Account</code> model.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># db/migrate/xxxxxx_add_api_key_to_accounts.rb</span> <span class="k">class</span> <span class="nc">AddApiKeyToAccounts</span> <span class="o">&lt;</span> <span class="no">ActiveRecord</span><span class="o">::</span><span class="no">Migration</span><span class="p">[</span><span class="mf">7.0</span><span class="p">]</span> <span class="k">def</span> <span class="nf">change</span> <span class="n">add_column</span> <span class="ss">:accounts</span><span class="p">,</span> <span class="ss">:api_key</span><span class="p">,</span> <span class="ss">:string</span> <span class="n">add_index</span> <span class="ss">:accounts</span><span class="p">,</span> <span class="ss">:api_key</span><span class="p">,</span> <span class="ss">unique: </span><span class="kp">true</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/models/account.rb</span> <span class="k">class</span> <span class="nc">Account</span> <span class="o">&lt;</span> <span class="no">ApplicationRecord</span> <span class="n">before_create</span> <span class="ss">:generate_api_key</span> <span class="kp">private</span> <span class="k">def</span> <span class="nf">generate_api_key</span> <span class="nb">self</span><span class="p">.</span><span class="nf">api_key</span> <span class="o">=</span> <span class="no">SecureRandom</span><span class="p">.</span><span class="nf">hex</span><span class="p">(</span><span class="mi">20</span><span class="p">)</span> <span class="c1"># Generates a 40-character API key</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Use this API key in the widget request URL to identify the account.</p> <h3> Step 3: Update the Embed Code for Client Sites </h3> <p>Provide each client with an embed code that includes their unique API key. This ensures only authorized clients can load the widget on their approved domain.</p> <h4> Client-Specific Embed Code </h4> <p>The API key is embedded in the script URL to securely identify the client account:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="c">&lt;!-- Embed Code for Client Site --&gt;</span> <span class="nt">&lt;script </span><span class="na">type=</span><span class="s">"text/javascript"</span><span class="nt">&gt;</span> <span class="p">(</span><span class="kd">function</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">script</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nf">createElement</span><span class="p">(</span><span class="dl">'</span><span class="s1">script</span><span class="dl">'</span><span class="p">);</span> <span class="nx">script</span><span class="p">.</span><span class="nx">src</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">https://yourapp.com/widget.js?api_key=CLIENT_API_KEY</span><span class="dl">"</span><span class="p">;</span> <span class="nx">script</span><span class="p">.</span><span class="k">async</span> <span class="o">=</span> <span class="kc">true</span><span class="p">;</span> <span class="nb">document</span><span class="p">.</span><span class="nx">head</span><span class="p">.</span><span class="nf">appendChild</span><span class="p">(</span><span class="nx">script</span><span class="p">);</span> <span class="p">})();</span> <span class="nt">&lt;/script&gt;</span> </code></pre> </div> <p>Replace <code>CLIENT_API_KEY</code> with the actual API key for each client. This key allows Rails to dynamically set the <code>frame-ancestors</code> header according to the client’s approved domain.</p> <h3> Step 4: Test and Monitor Access </h3> <p>Test the widget on both approved and unapproved domains to ensure this solution works as expected.</p> <p> 1. <strong>Approved Domain Test</strong>: Embed the widget code on a page hosted on the approved domain (e.g., example1.com). Confirm the widget loads and displays properly.</p> <p> 2. <strong>Unapproved Domain Test</strong>: Try embedding the widget on an unapproved domain. Confirm that the widget does not load and the network request returns a 403 Forbidden status.</p> <p>Happy Hacking!</p> rails widget security embed David Paluy Tue, 05 Nov 2024 21:12:00 +0000 https://dev.to/dpaluy/embed-js-widgets-smoothly-with-rails-a-step-by-step-guide-fpk https://dev.to/dpaluy/embed-js-widgets-smoothly-with-rails-a-step-by-step-guide-fpk <p>Creating a custom JavaScript widget that can be embedded in client websites is a powerful way to extend the reach of your Ruby on Rails application. Whether it's a chat box, an analytics tracker, or any other interactive element, a custom widget lets you bring functionality directly to users. Let’s walk through the steps of building a secure, embeddable widget and cover the best practices.</p> <h2> Table of Contents </h2> <p> 1. Step 1: Setup<br>  2. Step 2: Creating an Embed Code for Clients<br>  3. Step 3: Embedding Your Widget in an Iframe (Optional)<br>  4. Step 4: Setting Headers for Iframe Embedding<br>  5. Step 5: Test the Widget<br>  6. Step 6: Adding Version Support with Versioned Routes and Controllers</p> <h2> Step 1: Setup </h2> <p>Create a new Rails endpoint: This endpoint will serve the JavaScript code for your widget. Typically, this could be an action within a <code>WidgetsController</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/widgets_controller.rb</span> <span class="k">class</span> <span class="nc">WidgetsController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="k">def</span> <span class="nf">show</span> <span class="c1"># Your widget code here</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Configure the Route: Set up a route to make the widget accessible.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># config/routes.rb</span> <span class="no">Rails</span><span class="p">.</span><span class="nf">application</span><span class="p">.</span><span class="nf">routes</span><span class="p">.</span><span class="nf">draw</span> <span class="k">do</span> <span class="n">get</span> <span class="s1">'/widget.js'</span><span class="p">,</span> <span class="ss">to: </span><span class="s1">'widgets#show'</span><span class="p">,</span> <span class="ss">as: :widget</span> <span class="k">end</span> </code></pre> </div> <p>Serve JavaScript from the Controller: In Rails, you can respond with JavaScript by setting the appropriate content type.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/widgets_controller.rb</span> <span class="k">class</span> <span class="nc">WidgetsController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="k">def</span> <span class="nf">show</span> <span class="n">response</span><span class="p">.</span><span class="nf">headers</span><span class="p">[</span><span class="s1">'Content-Type'</span><span class="p">]</span> <span class="o">=</span> <span class="s1">'application/javascript'</span> <span class="n">render</span> <span class="ss">layout: </span><span class="kp">false</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Write the JavaScript Code for Your Widget: The widget script typically includes the logic to render a custom HTML element or iframe on the client’s page.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// app/views/widgets/show.js.erb</span> <span class="p">(</span><span class="kd">function</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">widgetDiv</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nf">createElement</span><span class="p">(</span><span class="dl">'</span><span class="s1">div</span><span class="dl">'</span><span class="p">);</span> <span class="nx">widgetDiv</span><span class="p">.</span><span class="nx">id</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">custom-widget</span><span class="dl">'</span><span class="p">;</span> <span class="nx">widgetDiv</span><span class="p">.</span><span class="nx">innerHTML</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">&lt;p&gt;This is your custom widget content!&lt;/p&gt;</span><span class="dl">"</span><span class="p">;</span> <span class="nb">document</span><span class="p">.</span><span class="nx">body</span><span class="p">.</span><span class="nf">appendChild</span><span class="p">(</span><span class="nx">widgetDiv</span><span class="p">);</span> <span class="p">})();</span> </code></pre> </div> <h2> Step 2: Creating an Embed Code for Clients </h2> <p>To allow clients to embed your widget, provide a JavaScript snippet they can copy and paste into their HTML:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="c">&lt;!-- Client Embeddable Code --&gt;</span> <span class="nt">&lt;script </span><span class="na">type=</span><span class="s">"text/javascript"</span><span class="nt">&gt;</span> <span class="p">(</span><span class="kd">function</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">script</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nf">createElement</span><span class="p">(</span><span class="dl">'</span><span class="s1">script</span><span class="dl">'</span><span class="p">);</span> <span class="nx">script</span><span class="p">.</span><span class="nx">src</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">https://yourapp.com/widget.js</span><span class="dl">"</span><span class="p">;</span> <span class="nx">script</span><span class="p">.</span><span class="k">async</span> <span class="o">=</span> <span class="kc">true</span><span class="p">;</span> <span class="nb">document</span><span class="p">.</span><span class="nx">head</span><span class="p">.</span><span class="nf">appendChild</span><span class="p">(</span><span class="nx">script</span><span class="p">);</span> <span class="p">})();</span> <span class="nt">&lt;/script&gt;</span> </code></pre> </div> <h2> Step 3: Embedding Your Widget in an Iframe (Optional) </h2> <p>Consider embedding the widget content in an iframe for more isolation and control over styling. This approach keeps the widget's styling and behavior separate from the client's site.</p> <h3> Update the JavaScript Code to create an iframe for the widget: </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// app/views/widgets/show.js.erb</span> <span class="p">(</span><span class="kd">function</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">iframe</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nf">createElement</span><span class="p">(</span><span class="dl">'</span><span class="s1">iframe</span><span class="dl">'</span><span class="p">);</span> <span class="nx">iframe</span><span class="p">.</span><span class="nx">src</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">&lt;%= widget_content_url %&gt;</span><span class="dl">"</span><span class="p">;</span> <span class="nx">iframe</span><span class="p">.</span><span class="nx">style</span><span class="p">.</span><span class="nx">width</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">300px</span><span class="dl">"</span><span class="p">;</span> <span class="nx">iframe</span><span class="p">.</span><span class="nx">style</span><span class="p">.</span><span class="nx">height</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">200px</span><span class="dl">"</span><span class="p">;</span> <span class="nb">document</span><span class="p">.</span><span class="nx">body</span><span class="p">.</span><span class="nf">appendChild</span><span class="p">(</span><span class="nx">iframe</span><span class="p">);</span> <span class="p">})();</span> </code></pre> </div> <h3> Define a New Route and View for the Widget Content: </h3> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># config/routes.rb</span> <span class="no">Rails</span><span class="p">.</span><span class="nf">application</span><span class="p">.</span><span class="nf">routes</span><span class="p">.</span><span class="nf">draw</span> <span class="k">do</span> <span class="n">get</span> <span class="s1">'/widget_content'</span><span class="p">,</span> <span class="ss">to: </span><span class="s1">'widgets#content'</span><span class="p">,</span> <span class="ss">as: :widget_content</span> <span class="k">end</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/widgets_controller.rb</span> <span class="k">def</span> <span class="nf">content</span> <span class="n">render</span> <span class="ss">layout: </span><span class="kp">false</span> <span class="k">end</span> </code></pre> </div> <h3> Create the Widget Content HTML: Create a view to render inside the iframe </h3> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="c">&lt;!-- app/views/widgets/content.html.erb --&gt;</span> <span class="nt">&lt;div</span> <span class="na">id=</span><span class="s">"iframe-widget"</span><span class="nt">&gt;</span> <span class="nt">&lt;p&gt;</span>This is the widget content in an iframe.<span class="nt">&lt;/p&gt;</span> <span class="nt">&lt;/div&gt;</span> </code></pre> </div> <h2> Step 4: Setting Headers for Iframe Embedding </h2> <p>Configure the appropriate HTTP headers to ensure your widget works securely in an iframe. There are two primary headers to consider:</p> <p><strong>Remove the X-Frame-Options Header</strong>: The X-Frame-Options header is deprecated but still widely respected by many browsers. To remove it, add the following configuration in an initializer:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># config/initializers/security_headers.rb</span> <span class="no">Rails</span><span class="p">.</span><span class="nf">application</span><span class="p">.</span><span class="nf">config</span><span class="p">.</span><span class="nf">action_dispatch</span><span class="p">.</span><span class="nf">default_headers</span><span class="p">.</span><span class="nf">delete</span><span class="p">(</span><span class="s1">'X-Frame-Options'</span><span class="p">)</span> </code></pre> </div> <p><strong>Set the Frame-Ancestors Directive</strong>:The modern and more flexible approach is to use <code>Content-Security-Policy</code> with the <code>frame-ancestors</code> directive, which allows you to specify the domains allowed to embed your widget in an iframe. Adjust this header as needed based on your security requirements.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># config/initializers/security_headers.rb</span> <span class="no">Rails</span><span class="p">.</span><span class="nf">application</span><span class="p">.</span><span class="nf">config</span><span class="p">.</span><span class="nf">action_dispatch</span><span class="p">.</span><span class="nf">default_headers</span><span class="p">.</span><span class="nf">merge!</span><span class="p">({</span> <span class="s1">'Content-Security-Policy'</span> <span class="o">=&gt;</span> <span class="s2">"frame-ancestors 'self' https://trusted-domain.com"</span> <span class="p">})</span> </code></pre> </div> <p>This configuration allows your app to be embedded in iframes only by the specified domains. Replace <code>https://trusted-domain.com</code> with the actual domains you trust.</p> <h2> Step 5: Test the Widget </h2> <p>Once you’ve set up the widget and headers, test the widget by embedding it on a test page in various browsers to ensure compatibility. If you’ve used <code>frame-ancestors</code>, confirm that only the specified domains can embed your widget and that the widget displays as expected.</p> <h2> Step 6: Adding Version Support with Versioned Routes and Controllers </h2> <p>As your widget evolves, you may introduce new features or improvements that not all clients are ready to adopt immediately. Supporting multiple versions of your widget ensures backward compatibility, allowing clients to upgrade at their own pace without disrupting their existing integrations.</p> <h3> Implementing Version Support Using Versioned Routes and Controllers </h3> <h4> Define Versioned Routes </h4> <p>Start by setting up separate routes for each version of your widget. Namespacing each version keeps your code organized and allows you to manage different versions independently.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># config/routes.rb</span> <span class="no">Rails</span><span class="p">.</span><span class="nf">application</span><span class="p">.</span><span class="nf">routes</span><span class="p">.</span><span class="nf">draw</span> <span class="k">do</span> <span class="n">namespace</span> <span class="ss">:v1</span> <span class="k">do</span> <span class="n">get</span> <span class="s1">'/widget.js'</span><span class="p">,</span> <span class="ss">to: </span><span class="s1">'widgets#show'</span><span class="p">,</span> <span class="ss">as: :widget_v1</span> <span class="n">get</span> <span class="s1">'/widget_content'</span><span class="p">,</span> <span class="ss">to: </span><span class="s1">'widgets#content'</span><span class="p">,</span> <span class="ss">as: :widget_content_v1</span> <span class="k">end</span> <span class="n">namespace</span> <span class="ss">:v2</span> <span class="k">do</span> <span class="n">get</span> <span class="s1">'/widget.js'</span><span class="p">,</span> <span class="ss">to: </span><span class="s1">'widgets#show'</span><span class="p">,</span> <span class="ss">as: :widget_v2</span> <span class="n">get</span> <span class="s1">'/widget_content'</span><span class="p">,</span> <span class="ss">to: </span><span class="s1">'widgets#content'</span><span class="p">,</span> <span class="ss">as: :widget_content_v2</span> <span class="k">end</span> <span class="c1"># Add more versions as needed</span> <span class="k">end</span> </code></pre> </div> <h4> Create Versioned Controllers </h4> <p>For each version, create a controller within its namespace. This separation ensures that changes in one version don't affect others.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/v1/widgets_controller.rb</span> <span class="k">module</span> <span class="nn">V1</span> <span class="k">class</span> <span class="nc">WidgetsController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="k">def</span> <span class="nf">show</span> <span class="n">response</span><span class="p">.</span><span class="nf">headers</span><span class="p">[</span><span class="s1">'Content-Type'</span><span class="p">]</span> <span class="o">=</span> <span class="s1">'application/javascript'</span> <span class="n">render</span> <span class="s1">'v1/widgets/show'</span><span class="p">,</span> <span class="ss">layout: </span><span class="kp">false</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">content</span> <span class="n">render</span> <span class="s1">'v1/widgets/content'</span><span class="p">,</span> <span class="ss">layout: </span><span class="kp">false</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/v2/widgets_controller.rb</span> <span class="k">module</span> <span class="nn">V2</span> <span class="k">class</span> <span class="nc">WidgetsController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="k">def</span> <span class="nf">show</span> <span class="n">response</span><span class="p">.</span><span class="nf">headers</span><span class="p">[</span><span class="s1">'Content-Type'</span><span class="p">]</span> <span class="o">=</span> <span class="s1">'application/javascript'</span> <span class="n">render</span> <span class="s1">'v2/widgets/show'</span><span class="p">,</span> <span class="ss">layout: </span><span class="kp">false</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">content</span> <span class="n">render</span> <span class="s1">'v2/widgets/content'</span><span class="p">,</span> <span class="ss">layout: </span><span class="kp">false</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <h4> Create Version-Specific JavaScript and HTML Views </h4> <p>Each version can have its own JavaScript and HTML files, allowing you to tailor functionality and appearance per version.</p> <p><strong>Version 1 JavaScript:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// app/views/v1/widgets/show.js.erb</span> <span class="p">(</span><span class="kd">function</span><span class="p">()</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Widget Version 1 Loaded</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">iframe</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nf">createElement</span><span class="p">(</span><span class="dl">'</span><span class="s1">iframe</span><span class="dl">'</span><span class="p">);</span> <span class="nx">iframe</span><span class="p">.</span><span class="nx">src</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">&lt;%= widget_content_v1_url %&gt;</span><span class="dl">"</span><span class="p">;</span> <span class="nx">iframe</span><span class="p">.</span><span class="nx">style</span><span class="p">.</span><span class="nx">width</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">300px</span><span class="dl">"</span><span class="p">;</span> <span class="nx">iframe</span><span class="p">.</span><span class="nx">style</span><span class="p">.</span><span class="nx">height</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">200px</span><span class="dl">"</span><span class="p">;</span> <span class="nb">document</span><span class="p">.</span><span class="nx">body</span><span class="p">.</span><span class="nf">appendChild</span><span class="p">(</span><span class="nx">iframe</span><span class="p">);</span> <span class="p">})();</span> </code></pre> </div> <p><strong>Version 1 Content:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="c">&lt;!-- app/views/v1/widgets/content.html.erb --&gt;</span> <span class="nt">&lt;div</span> <span class="na">id=</span><span class="s">"iframe-widget-v1"</span><span class="nt">&gt;</span> <span class="nt">&lt;p&gt;</span>This is the widget content for version 1.<span class="nt">&lt;/p&gt;</span> <span class="nt">&lt;/div&gt;</span> </code></pre> </div> <p><strong>Version 2 JavaScript:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// app/views/v2/widgets/show.js.erb</span> <span class="p">(</span><span class="kd">function</span><span class="p">()</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Widget Version 2 Loaded with New Features</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">iframe</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nf">createElement</span><span class="p">(</span><span class="dl">'</span><span class="s1">iframe</span><span class="dl">'</span><span class="p">);</span> <span class="nx">iframe</span><span class="p">.</span><span class="nx">src</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">&lt;%= widget_content_v2_url %&gt;</span><span class="dl">"</span><span class="p">;</span> <span class="nx">iframe</span><span class="p">.</span><span class="nx">style</span><span class="p">.</span><span class="nx">width</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">400px</span><span class="dl">"</span><span class="p">;</span> <span class="c1">// Updated dimensions</span> <span class="nx">iframe</span><span class="p">.</span><span class="nx">style</span><span class="p">.</span><span class="nx">height</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">300px</span><span class="dl">"</span><span class="p">;</span> <span class="nb">document</span><span class="p">.</span><span class="nx">body</span><span class="p">.</span><span class="nf">appendChild</span><span class="p">(</span><span class="nx">iframe</span><span class="p">);</span> <span class="p">})();</span> </code></pre> </div> <p><strong>Version 2 Content:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="c">&lt;!-- app/views/v2/widgets/content.html.erb --&gt;</span> <span class="nt">&lt;div</span> <span class="na">id=</span><span class="s">"iframe-widget-v2"</span><span class="nt">&gt;</span> <span class="nt">&lt;p&gt;</span>This is the widget content for version 2 with new features!<span class="nt">&lt;/p&gt;</span> <span class="nt">&lt;/div&gt;</span> </code></pre> </div> <h4> Provide Versioned Embed Codes to Clients </h4> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="c">&lt;!-- Client Embeddable Code for Version 1 --&gt;</span> <span class="nt">&lt;script </span><span class="na">type=</span><span class="s">"text/javascript"</span><span class="nt">&gt;</span> <span class="p">(</span><span class="kd">function</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">script</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nf">createElement</span><span class="p">(</span><span class="dl">'</span><span class="s1">script</span><span class="dl">'</span><span class="p">);</span> <span class="nx">script</span><span class="p">.</span><span class="nx">src</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">https://yourapp.com/v1/widget.js</span><span class="dl">"</span><span class="p">;</span> <span class="nx">script</span><span class="p">.</span><span class="k">async</span> <span class="o">=</span> <span class="kc">true</span><span class="p">;</span> <span class="nb">document</span><span class="p">.</span><span class="nx">head</span><span class="p">.</span><span class="nf">appendChild</span><span class="p">(</span><span class="nx">script</span><span class="p">);</span> <span class="p">})();</span> <span class="nt">&lt;/script&gt;</span> </code></pre> </div> <h2> Final Thoughts </h2> <p>Creating an embeddable widget for a Rails application involves a few key considerations: serving JavaScript securely, managing styles, and configuring headers correctly for iframe compatibility. By following the steps above, you’ll have a widget that clients can easily add to their sites, expanding the usability of your Rails application.</p> rails javascript embed widget David Paluy Sat, 02 Nov 2024 23:22:31 +0000 https://dev.to/dpaluy/using-cursorai-as-your-developer-companion-a-complete-guide-54gd https://dev.to/dpaluy/using-cursorai-as-your-developer-companion-a-complete-guide-54gd <h1> Mastering CursorAI: A Developer's Guide to AI-Powered Coding </h1> <p>As artificial intelligence continues to transform software development, CursorAI emerges as a powerful developer companion. This guide will help you leverage CursorAI effectively, from initial setup to advanced usage patterns.</p> <h2> Table of Contents </h2> <ul> <li>Introduction</li> <li>Getting Started</li> <li>The Specification Writer</li> <li>Development Workflow</li> <li>Advanced Features</li> <li>Privacy and Security</li> <li>Best Practices</li> <li>Resources</li> </ul> <h2> Introduction </h2> <p>CursorAI is more than just a code editor - it's an AI-powered development environment that can help you write, review, and improve code. You can significantly boost your productivity by understanding its capabilities and how to use them effectively.</p> <h2> Getting Started </h2> <h3> Model Selection Strategy </h3> <p>CursorAI provides access to different AI models, each with its strengths:</p> <ol> <li> <p><strong>Claude 3.5</strong></p> <ul> <li>Perfect for exploration and initial development</li> <li>Quick iterations and implementations</li> <li>Acts as your junior developer for task execution</li> <li>Ideal for brainstorming and context building</li> </ul> </li> <li> <p><strong>GPT o1</strong></p> <ul> <li>Excels at in-depth analysis</li> <li>Makes architectural decisions</li> <li>Writes detailed specifications</li> <li>Functions like a senior engineer</li> <li>Takes more time but provides deeper insights</li> </ul> </li> </ol> <h2> The Specification Writer </h2> <h3> Setting Up Your Specification Writer </h3> <p>Start with this foundational prompt:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>You are a software architect. Your task is to provide clear, precise specifications for engineers to implement. Focus only on the current features, avoiding theoretical or future considerations. Break down the specs feature by feature, keeping each prompt under 200 words. </code></pre> </div> <h3> Feature Definition Process </h3> <ol> <li>Structure your features clearly</li> <li>Include acceptance criteria</li> <li>Specify technical constraints</li> <li>Add technology stack requirements</li> </ol> <p>Example specification:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight markdown"><code>Feature: User Authentication Stack: Next.js 14, Prisma, PostgreSQL Description: Email-based authentication system with password reset Acceptance Criteria: <span class="p">-</span> Email/password signup <span class="p">-</span> Login with credentials <span class="p">-</span> Password reset flow <span class="p">-</span> Session management Technical Constraints: <span class="p">-</span> Must use Next-Auth <span class="p">-</span> JWT token-based </code></pre> </div> <h2> Development Workflow </h2> <h3> Using CursorRules </h3> <p>CursorRules help maintain consistency in your codebase. Create a <code>.cursorrules</code> file in your project root to define coding standards and preferences.</p> <p>For Ruby on Rails projects, you can use this comprehensive template:<br> <a href="https://gist.github.com/dpaluy/a4facedfeb11894174cb23b648640a6f" rel="noopener noreferrer">Ruby on Rails CursorRules</a></p> <h3> Code Tagging </h3> <p>Use the @/ symbol to help CursorAI focus on relevant code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>@/src/components # Focus on components @/lib/utils # Focus on utilities </code></pre> </div> <p>This helps the AI understand context and generate more relevant code.</p> <h3> Save All Feature </h3> <ul> <li>Use "save all" in the CursorAI composer to write changes to files</li> <li>If the button isn't visible, try resizing your window</li> <li>Test changes before accepting them</li> <li>You can still reject changes after saving</li> </ul> <h2> Advanced Features </h2> <h3> Effective Prompting </h3> <ol> <li> <p><strong>Preparation</strong></p> <ul> <li>Plan your prompts carefully</li> <li>Use simpler models for prompt refinement</li> <li>Think through what you want to achieve</li> </ul> </li> <li> <p><strong>Iteration</strong></p> <ul> <li>Be patient with o1 model responses</li> <li>Provide clear, reasoned explanations</li> <li>Build on previous responses</li> </ul> </li> </ol> <h3> Workflow Optimization </h3> <p>For exploration:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0w2aeqfg5chdol0q2n1w.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0w2aeqfg5chdol0q2n1w.png" alt="Exploration Flow" width="800" height="1450"></a></p> <p>For architecture decisions:<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwhyk4moorxoq0xs7wfn8.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwhyk4moorxoq0xs7wfn8.png" alt="architecture decisions" width="800" height="1450"></a></p> <h2> Privacy and Security </h2> <h3> Privacy Mode Options </h3> <ol> <li> <p><strong>Basic Privacy Settings</strong></p> <ul> <li>Enable Privacy Mode to prevent code storage</li> <li>Note: Prompts are retained for 30 days by AI providers</li> </ul> </li> <li> <p><strong>Data Indexing</strong></p> <ul> <li>Control automatic indexing</li> <li>Use manual indexing with "Compute Index"</li> <li>Understand what data is being indexed</li> </ul> </li> </ol> <h3> API Key Usage </h3> <p>When using your API key:</p> <ul> <li>Requests still go through Cursor's backend</li> <li>Required for prompt construction</li> <li>Consider this in your security planning</li> </ul> <h2> Best Practices </h2> <ol> <li> <p><strong>Model Selection</strong></p> <ul> <li>Use Claude 3.5 for exploration and quick tasks</li> <li>Switch to o1 for critical decisions</li> <li>Match the model to the task complexity</li> </ul> </li> <li> <p><strong>Code Organization</strong></p> <ul> <li>Use code tagging effectively</li> <li>Maintain a clear project structure</li> <li>Follow framework conventions</li> </ul> </li> <li> <p><strong>Documentation</strong></p> <ul> <li>Document AI-specific commands</li> <li>Keep track of successful prompts</li> <li>Note any limitations or workarounds</li> </ul> </li> <li> <p><strong>Testing</strong></p> <ul> <li>Test generated code thoroughly</li> <li>Use incremental changes</li> <li>Verify edge cases</li> </ul> </li> </ol> <h2> Resources </h2> <ol> <li><a href="https://gist.github.com/dpaluy/a4facedfeb11894174cb23b648640a6f" rel="noopener noreferrer">Ruby on Rails <code>.cursorrules</code> Template</a></li> <li>Cursor's <a href="https://docs.cursor.com/get-started/usage" rel="noopener noreferrer">official documentation</a> </li> <li>Community templates and examples <ul> <li><a href="https://playbooks.com/course/introduction-to-cursor" rel="noopener noreferrer">https://playbooks.com/course/introduction-to-cursor</a></li> <li> <a href="https://cursor.directory/" rel="noopener noreferrer">https://cursor.directory/</a> <code>.cursorrules</code> for various frameworks</li> </ul> </li> </ol> <h2> Conclusion </h2> <p>CursorAI is a powerful tool that can significantly enhance your development workflow. By understanding its capabilities and following these guidelines, you can make the most of its features while maintaining code quality and security.</p> <p>Remember:</p> <ul> <li>Choose the suitable model for your task</li> <li>Plan your prompts carefully</li> <li>Use privacy features appropriately</li> <li>Test thoroughly</li> <li>Document your successful patterns</li> </ul> <p>With practice, CursorAI becomes an invaluable member of your development team, helping you write better code faster while maintaining high quality and security standards.</p> cursor ai productivity code David Paluy Sat, 02 Nov 2024 22:20:05 +0000 https://dev.to/dpaluy/testing-external-services-with-rspec-vcr-and-webmock-in-ruby-on-rails-4ndo https://dev.to/dpaluy/testing-external-services-with-rspec-vcr-and-webmock-in-ruby-on-rails-4ndo <h1> Testing External Services with RSpec, VCR, and WebMock in Ruby on Rails </h1> <p>For quick setup, just run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>rails app:template <span class="nv">LOCATION</span><span class="o">=</span><span class="s1">'https://railsbytes.com/script/X8Bsyo'</span> </code></pre> </div> <p>👉 <a href="https://railsbytes.com/public/templates/X8Bsyo" rel="noopener noreferrer">View template source</a></p> <h2> Introduction </h2> <p>When building Rails applications that integrate with external services, it's crucial to have reliable tests that don't depend on actual HTTP requests. This tutorial will show you how to use VCR and WebMock to record and replay HTTP interactions in your RSpec tests.</p> <h2> Setup </h2> <p>First, add these gems to your <code>Gemfile</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="n">group</span> <span class="ss">:test</span> <span class="k">do</span> <span class="n">gem</span> <span class="s1">'rspec-rails'</span> <span class="n">gem</span> <span class="s1">'vcr'</span> <span class="n">gem</span> <span class="s1">'webmock'</span> <span class="k">end</span> </code></pre> </div> <p>Run <code>bundle install</code> to install the gems.</p> <h2> Configuring VCR and WebMock </h2> <p>Create a new file at <code>spec/support/vcr.rb</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="nb">require</span> <span class="s1">'vcr'</span> <span class="nb">require</span> <span class="s1">'webmock/rspec'</span> <span class="c1"># Disable all real HTTP connections, except to localhost</span> <span class="no">WebMock</span><span class="p">.</span><span class="nf">disable_net_connect!</span><span class="p">(</span><span class="ss">allow_localhost: </span><span class="kp">true</span><span class="p">)</span> <span class="no">VCR</span><span class="p">.</span><span class="nf">configure</span> <span class="k">do</span> <span class="o">|</span><span class="n">c</span><span class="o">|</span> <span class="c1"># Where VCR will store the recorded HTTP interactions</span> <span class="n">c</span><span class="p">.</span><span class="nf">cassette_library_dir</span> <span class="o">=</span> <span class="no">Rails</span><span class="p">.</span><span class="nf">root</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="s1">'spec'</span><span class="p">,</span> <span class="s1">'cassettes'</span><span class="p">)</span> <span class="c1"># Ignore localhost requests</span> <span class="n">c</span><span class="p">.</span><span class="nf">ignore_localhost</span> <span class="o">=</span> <span class="kp">true</span> <span class="c1"># Tell VCR to use WebMock</span> <span class="n">c</span><span class="p">.</span><span class="nf">hook_into</span> <span class="ss">:webmock</span> <span class="c1"># Allow VCR to be configured through RSpec metadata</span> <span class="n">c</span><span class="p">.</span><span class="nf">configure_rspec_metadata!</span> <span class="c1"># Allow real HTTP connections when no cassette is in use</span> <span class="n">c</span><span class="p">.</span><span class="nf">allow_http_connections_when_no_cassette</span> <span class="o">=</span> <span class="kp">true</span> <span class="c1"># Configure how requests are matched</span> <span class="n">c</span><span class="p">.</span><span class="nf">default_cassette_options</span> <span class="o">=</span> <span class="p">{</span> <span class="ss">match_requests_on: </span><span class="p">[</span><span class="ss">:method</span><span class="p">,</span> <span class="ss">:uri</span><span class="p">,</span> <span class="ss">:body</span><span class="p">]</span> <span class="p">}</span> <span class="c1"># Filter sensitive data before recording</span> <span class="n">c</span><span class="p">.</span><span class="nf">before_record</span> <span class="k">do</span> <span class="o">|</span><span class="n">interaction</span><span class="o">|</span> <span class="n">interaction</span><span class="p">.</span><span class="nf">request</span><span class="p">.</span><span class="nf">headers</span><span class="p">[</span><span class="s1">'Authorization'</span><span class="p">]</span> <span class="o">=</span> <span class="s1">'[FILTERED]'</span> <span class="k">end</span> <span class="c1"># Ignore specific hosts</span> <span class="n">ignored_hosts</span> <span class="o">=</span> <span class="p">[</span><span class="s1">'codeclimate.com'</span><span class="p">]</span> <span class="n">c</span><span class="p">.</span><span class="nf">ignore_hosts</span> <span class="o">*</span><span class="n">ignored_hosts</span> <span class="k">end</span> <span class="c1"># Configure RSpec to use VCR</span> <span class="no">RSpec</span><span class="p">.</span><span class="nf">configure</span> <span class="k">do</span> <span class="o">|</span><span class="n">config</span><span class="o">|</span> <span class="n">config</span><span class="p">.</span><span class="nf">around</span><span class="p">(</span><span class="ss">:each</span><span class="p">)</span> <span class="k">do</span> <span class="o">|</span><span class="n">example</span><span class="o">|</span> <span class="n">options</span> <span class="o">=</span> <span class="n">example</span><span class="p">.</span><span class="nf">metadata</span><span class="p">[</span><span class="ss">:vcr</span><span class="p">]</span> <span class="o">||</span> <span class="p">{}</span> <span class="n">options</span><span class="p">[</span><span class="ss">:allow_playback_repeats</span><span class="p">]</span> <span class="o">=</span> <span class="kp">true</span> <span class="k">if</span> <span class="n">options</span><span class="p">[</span><span class="ss">:record</span><span class="p">]</span> <span class="o">==</span> <span class="ss">:skip</span> <span class="no">VCR</span><span class="p">.</span><span class="nf">turned_off</span><span class="p">(</span><span class="o">&amp;</span><span class="n">example</span><span class="p">)</span> <span class="k">else</span> <span class="n">custom_name</span> <span class="o">=</span> <span class="n">example</span><span class="p">.</span><span class="nf">metadata</span><span class="p">[</span><span class="ss">:vcr</span><span class="p">]</span><span class="o">&amp;</span><span class="p">.</span><span class="nf">delete</span><span class="p">(</span><span class="ss">:cassette_name</span><span class="p">)</span> <span class="n">generated_name</span> <span class="o">=</span> <span class="n">example</span><span class="p">.</span><span class="nf">metadata</span><span class="p">[</span><span class="ss">:full_description</span><span class="p">]</span> <span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="sr">/\s+/</span><span class="p">,</span> <span class="mi">2</span><span class="p">)</span> <span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="s1">'/'</span><span class="p">)</span> <span class="p">.</span><span class="nf">underscore</span> <span class="p">.</span><span class="nf">tr</span><span class="p">(</span><span class="s1">'.'</span><span class="p">,</span> <span class="s1">'/'</span><span class="p">)</span> <span class="p">.</span><span class="nf">gsub</span><span class="p">(</span><span class="sr">/[^\w\/]+/</span><span class="p">,</span> <span class="s1">'_'</span><span class="p">)</span> <span class="p">.</span><span class="nf">gsub</span><span class="p">(</span><span class="sr">/\/$/</span><span class="p">,</span> <span class="s1">''</span><span class="p">)</span> <span class="nb">name</span> <span class="o">=</span> <span class="n">custom_name</span> <span class="o">||</span> <span class="n">generated_name</span> <span class="no">VCR</span><span class="p">.</span><span class="nf">use_cassette</span><span class="p">(</span><span class="nb">name</span><span class="p">,</span> <span class="n">options</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">example</span><span class="p">)</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <h2> Using VCR in Your Tests </h2> <p>Here are some examples of how to use VCR in your specs:</p> <h3> Basic Usage </h3> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># spec/services/weather_service_spec.rb</span> <span class="no">RSpec</span><span class="p">.</span><span class="nf">describe</span> <span class="no">WeatherService</span> <span class="k">do</span> <span class="n">describe</span> <span class="s1">'#get_forecast'</span> <span class="k">do</span> <span class="n">it</span> <span class="s1">'fetches weather data from the API'</span> <span class="k">do</span> <span class="n">service</span> <span class="o">=</span> <span class="no">WeatherService</span><span class="p">.</span><span class="nf">new</span> <span class="n">forecast</span> <span class="o">=</span> <span class="n">service</span><span class="p">.</span><span class="nf">get_forecast</span><span class="p">(</span><span class="s1">'London'</span><span class="p">)</span> <span class="n">expect</span><span class="p">(</span><span class="n">forecast</span><span class="p">).</span><span class="nf">to</span> <span class="kp">include</span><span class="p">(</span><span class="s1">'temperature'</span><span class="p">)</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <h3> Custom Cassette Names </h3> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="no">RSpec</span><span class="p">.</span><span class="nf">describe</span> <span class="no">WeatherService</span> <span class="k">do</span> <span class="n">describe</span> <span class="s1">'#get_forecast'</span> <span class="k">do</span> <span class="n">it</span> <span class="s1">'fetches weather data'</span><span class="p">,</span> <span class="ss">vcr: </span><span class="p">{</span> <span class="ss">cassette_name: </span><span class="s1">'weather_api/london_forecast'</span> <span class="p">}</span> <span class="k">do</span> <span class="c1"># Your test code</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>It will make a first connection to the external service and record the response into a cassete</p> <h3> Skipping VCR </h3> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="n">it</span> <span class="s1">'makes real HTTP requests'</span><span class="p">,</span> <span class="ss">vcr: </span><span class="p">{</span> <span class="ss">record: :skip</span> <span class="p">}</span> <span class="k">do</span> <span class="c1"># VCR will be disabled for this test</span> <span class="k">end</span> </code></pre> </div> <h2> Best Practices </h2> <ol> <li> <strong>Sensitive Data</strong>: Always filter sensitive information like API keys and tokens: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="no">VCR</span><span class="p">.</span><span class="nf">configure</span> <span class="k">do</span> <span class="o">|</span><span class="n">c</span><span class="o">|</span> <span class="n">c</span><span class="p">.</span><span class="nf">filter_sensitive_data</span><span class="p">(</span><span class="s1">'&lt;API_KEY&gt;'</span><span class="p">)</span> <span class="p">{</span> <span class="no">ENV</span><span class="p">[</span><span class="s1">'API_KEY'</span><span class="p">]</span> <span class="p">}</span> <span class="k">end</span> </code></pre> </div> <ol> <li> <strong>Match Request Bodies</strong>: When testing POST requests, make sure to match on body content: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="ss">vcr: </span><span class="p">{</span> <span class="ss">match_requests_on: </span><span class="p">[</span><span class="ss">:method</span><span class="p">,</span> <span class="ss">:uri</span><span class="p">,</span> <span class="ss">:body</span><span class="p">],</span> <span class="ss">record: :new_episodes</span> <span class="p">}</span> </code></pre> </div> <ol> <li> <strong>Regular Cassette Updates</strong>: Periodically re-record your cassettes to ensure they match current API responses:</li> </ol> <h2> Troubleshooting </h2> <h3> Common Issues </h3> <ol> <li> <p><strong>Unmatched Requests</strong>: If VCR can't find a matching request, check:</p> <ul> <li>Request method (GET, POST, etc.)</li> <li>URL (including query parameters)</li> <li>Request body</li> <li>Headers (if matching on headers)</li> </ul> </li> <li> <p><strong>Playback Failures</strong>: If recorded responses aren't playing back:</p> <ul> <li>Verify the cassette file exists</li> <li>Check if the request matching criteria are too strict</li> <li>Ensure sensitive data is being filtered consistently</li> </ul> </li> </ol> <h2> Conclusion </h2> <p>VCR and WebMock provide a robust solution for testing external service integrations in Rails. By following these patterns and best practices, you can create reliable, maintainable tests that don't depend on external services being available.</p> <p>Remember to:</p> <ul> <li>Filter sensitive data</li> <li>Organize cassettes logically</li> <li>Update cassettes periodically</li> <li>Match requests appropriately</li> <li>Handle errors gracefully</li> </ul> rspec rails vcr webmock