<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Twio_AI</title>
    <description>The latest articles on DEV Community by Twio_AI (@twio_ai).</description>
    <link>https://dev.to/twio_ai</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3963488%2Fb1e312c9-b7e5-47f3-a25a-436a00f086a4.png</url>
      <title>DEV Community: Twio_AI</title>
      <link>https://dev.to/twio_ai</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/twio_ai"/>
    <language>en</language>
    <item>
      <title>Can You Vibe-Code Without Understanding the Code? I Tried</title>
      <dc:creator>Twio_AI</dc:creator>
      <pubDate>Sat, 11 Jul 2026 09:10:52 +0000</pubDate>
      <link>https://dev.to/twio_ai/can-you-vibe-code-without-understanding-the-code-i-tried-5e8</link>
      <guid>https://dev.to/twio_ai/can-you-vibe-code-without-understanding-the-code-i-tried-5e8</guid>
      <description>&lt;p&gt;&lt;em&gt;Lessons from 100,000+ lines of LLM-written code at a two-person startup.&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;twio is an AI workspace for mortgage advisers, built by two engineers. Since our first commit in early 2026, the repo has grown to nearly 2,000 commits and over 100,000 lines of code — almost all of it written by LLMs. Along the way I reversed my position completely: I started out believing "if there's a bug, let the LLM fix it — why bother understanding the code?" I now believe &lt;strong&gt;you have to own every architectural decision the LLM makes, from day one.&lt;/strong&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  I believed the promise
&lt;/h2&gt;

&lt;p&gt;Vibe coding sounds irresistible: agents running in loops, code you never read, bugs pasted back for the model to fix. And on small web projects it genuinely works — the app runs, iteration is fast. I also let LLMs build things fully autonomously, with the same result: fine while the project was small, painful once it got complex or crossed a few tens of thousands of lines.&lt;/p&gt;

&lt;p&gt;What I had missed is that the term was scoped from birth. When Karpathy &lt;a href="https://x.com/karpathy/status/1886192184808149383" rel="noopener noreferrer"&gt;coined vibe coding&lt;/a&gt;, he added a qualifier: "not too bad for throwaway weekend projects." I had absorbed the swagger and lost the qualifier.&lt;/p&gt;

&lt;h2&gt;
  
  
  The moment it flipped
&lt;/h2&gt;

&lt;p&gt;What changed my mind wasn't a bug. It was an ordinary design discussion. The LLM and I talked through a feature, and it produced a plan that looked perfectly reasonable. Then it hit me: &lt;strong&gt;I had no way to tell whether the plan was sound — and no way to tell whether the code it produced was right.&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;I wasn't making an engineering decision. I was rolling dice.&lt;/p&gt;

&lt;p&gt;You can shrug and trust the model; in a small project the cost of that is invisible. But as the codebase grows, the plans go wrong more and more often, until pretending stops being an option.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why it breaks down
&lt;/h2&gt;

&lt;p&gt;Three mechanisms, none of them bad luck.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;The bottleneck moved; the cost didn't vanish.&lt;/strong&gt; Vibe coding removes the cost of &lt;em&gt;writing&lt;/em&gt; code. The cost of &lt;em&gt;verifying&lt;/em&gt; it is merely deferred — with interest. Every piece of code nobody understands is a liability; small projects feel fast because the debt isn't due yet.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Errors compound.&lt;/strong&gt; Every unreviewed diff adds a little entropy, and an LLM working in a messier codebase produces messier output. That's why the decline isn't linear — past some point it snowballs.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;LLMs reviewing LLMs doesn't save you.&lt;/strong&gt; I tried the review-agent recipes. They miss the problems that matter, because reviewer and author share the same blind spots. And human review has a prerequisite: you can't review what you don't understand.&lt;/p&gt;

&lt;p&gt;Peter Naur said all of this forty years ago in &lt;a href="https://gwern.net/doc/cs/algorithm/1985-naur.pdf" rel="noopener noreferrer"&gt;&lt;em&gt;Programming as Theory Building&lt;/em&gt;&lt;/a&gt;: a program's real substance isn't the code but the theory in its builders' heads — the architecture, the trade-offs, the &lt;em&gt;why it's shaped this way&lt;/em&gt;. If every line is AI-generated and no human ever builds that theory, the code exists but the theory never did. My "can't judge the plan" moment was me discovering I held no theory.&lt;/p&gt;

&lt;h2&gt;
  
  
  Different symptoms, one disease
&lt;/h2&gt;

&lt;p&gt;Use these tools long enough and you learn their temperaments. GPT loves sprawling master plans that ship code nobody asked for. Cursor's plans are sometimes pointed the wrong way, sometimes just under-thought. Claude tends to propose the safest plan, not the best one. And nearly all of them share one instinct: no bold refactoring — they hate deleting code, tiptoe around existing structure, and only ever add.&lt;/p&gt;

&lt;p&gt;These aren't vendor bug lists. They're symptoms of one disease: &lt;strong&gt;there is no referee in the system.&lt;/strong&gt; When nobody is present to ask "is this plan right? should this code die?", every model slides toward entropy.&lt;/p&gt;

&lt;h2&gt;
  
  
  Where vibe coding still wins
&lt;/h2&gt;

&lt;p&gt;Prototypes, one-off scripts, spikes, anything you'd happily throw away and rewrite — vibe coding is the optimal strategy there, and I still use it that way. Karpathy's qualifier was right all along. The mistake is extending it to software you intend to maintain.&lt;/p&gt;

&lt;h2&gt;
  
  
  What we do instead
&lt;/h2&gt;

&lt;p&gt;The principle is simple: &lt;strong&gt;the engineer owns understanding and decisions; the LLM writes the code.&lt;/strong&gt; At twio that has settled into four habits.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Plans are signed off before code is written.&lt;/strong&gt; Every feature starts as a design discussion; I judge the direction, surface the trade-offs, and make the call. Our working agreement — a &lt;code&gt;CLAUDE.md&lt;/code&gt; loaded into every LLM session — requires the model to stop and ask the moment a plan starts getting complicated, instead of silently picking the heavier option.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Rules written against the model's instincts.&lt;/strong&gt; The agreement's core clauses invert default LLM behavior: &lt;em&gt;simplicity matters more than functionality&lt;/em&gt;; &lt;em&gt;refactor, don't just accumulate&lt;/em&gt;; &lt;em&gt;delete, don't preserve&lt;/em&gt;. Models add by nature, so deletion has to be written policy.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Review to understand, not to nitpick.&lt;/strong&gt; Reviewing isn't hunting bugs line by line. It's staying fluent in the architecture — knowing what the code actually does — so that when the next plan lands, you can tell which approach genuinely fits the project.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;One commit per stage.&lt;/strong&gt; Big tasks are cut into small, self-contained increments, each type-checked and tested before its own commit. I never review one giant diff — only a chain of small ones I can actually read.&lt;/p&gt;

&lt;p&gt;None of this stops the LLM from being wrong. It guarantees something better: &lt;strong&gt;when a mistake happens, someone who holds the theory is in the room.&lt;/strong&gt; The architecture still lives in my head, and I can call every plan right or wrong.&lt;/p&gt;

&lt;h2&gt;
  
  
  The part that isn't outsourced
&lt;/h2&gt;

&lt;p&gt;What AI makes obsolete isn't the programmer — it's the typing. Turning vague requirements into a precise spec, judging whether a plan is right, owning the outcome: none of that has been outsourced by an inch. With the marginal cost of producing code approaching zero, it matters more than ever.&lt;/p&gt;

&lt;p&gt;Building twio taught me this the concrete way: you can outsource the typing, but not the understanding. And understanding has no shortcut — it accumulates from the very first line.&lt;/p&gt;

</description>
      <category>vibecoding</category>
      <category>ai</category>
      <category>llm</category>
      <category>programming</category>
    </item>
    <item>
      <title>Inside twio's CI/CD: How a Two-Engineer AI Startup Ships</title>
      <dc:creator>Twio_AI</dc:creator>
      <pubDate>Sat, 11 Jul 2026 06:59:21 +0000</pubDate>
      <link>https://dev.to/twio_ai/inside-twios-cicd-how-a-two-engineer-ai-startup-ships-144j</link>
      <guid>https://dev.to/twio_ai/inside-twios-cicd-how-a-two-engineer-ai-startup-ships-144j</guid>
      <description>&lt;p&gt;&lt;em&gt;No per-push CI, exactly one hard gate, and LLM evals that never block a merge — and why.&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;twio is an AI workspace for mortgage advisers. Its core features — email parsing, loan refixing, application-pack preparation — are all LLM-driven. The engineering team is two people. There is no dedicated QA and no dedicated ops. The stack is a Node/TypeScript monolith with a React frontend, running on GCP Cloud Run, backed by Neon Postgres.&lt;/p&gt;

&lt;p&gt;That combination of constraints — a tiny team, an LLM-centric product, fully managed infrastructure — produced a CI/CD pipeline that looks noticeably different from the textbook version: &lt;strong&gt;there is no "run CI on every push," the entire pipeline has exactly one mandatory gate, and LLM evals never block anything.&lt;/strong&gt; This post walks through the whole flow along two tracks — CI (how code gets verified) and CD (how code reaches an environment) — and explains the reasoning behind each design decision.&lt;/p&gt;

&lt;h2&gt;
  
  
  The big picture
&lt;/h2&gt;

&lt;p&gt;The pipeline consists of seven GitHub Actions workflows, one Cloud Build trigger on the GCP side, and one git hook that has since been deleted:&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F8447ub8h6olwhsu6ep7m.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F8447ub8h6olwhsu6ep7m.png" alt="twio's CI/CD pipeline at a glance: PRs feed on-demand checks, main auto-deploys to staging, nightly evals monitor, and a manual release gate guards production" width="800" height="785"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Part 1: CI — how code gets verified
&lt;/h2&gt;

&lt;p&gt;CI has to answer two questions: what verification exists, and when each kind runs.&lt;/p&gt;

&lt;h3&gt;
  
  
  1.1 Four layers of verification
&lt;/h3&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fhwzn6jj7yeilglxeq9xz.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fhwzn6jj7yeilglxeq9xz.png" alt="The four verification layers: build + type check, unit tests, LLM evals, and end-to-end — with determinism, cost, and CI status for each" width="800" height="375"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The first two layers are unremarkable. The third and fourth are specific to LLM products and worth unpacking.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;LLM evals.&lt;/strong&gt; Each eval is a Vitest test: it assembles the real system prompt for the unit under test (a tool, a sub-agent, or a workflow step), calls a real model, but mocks every tool return — no database, no network beyond the LLM. Cheap deterministic assertions run first, then a Gemini-based LLM-as-judge checks the semantic claims. "Real model" implies two properties: &lt;strong&gt;it costs money&lt;/strong&gt;, and &lt;strong&gt;any single run is noisy&lt;/strong&gt; — the same code can pass today and fail tomorrow. Those two properties dictate where evals can live in CI: on-demand or as monitoring, never as a gate. Our working agreements (the &lt;code&gt;CLAUDE.md&lt;/code&gt; at the repo root) encode this as a hard rule: &lt;em&gt;"Gate only on stable, discriminating signals."&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;End-to-end.&lt;/strong&gt; The opposite extreme: real database, real model, real &lt;code&gt;/api/chat&lt;/code&gt;, driving an entire business flow as a black box — for example, a loan refix from creating the contact all the way to sending the application to the lender. A cold-start case takes minutes. It runs locally, by hand, and never appears in any workflow.&lt;/p&gt;

&lt;h3&gt;
  
  
  1.2 The rise and retirement of the pre-push hook
&lt;/h3&gt;

&lt;p&gt;The original trigger mechanism was a Husky pre-push hook. The entire thing was one line:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="c"&gt;# .husky/pre-push&lt;/span&gt;
npm run build &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; npm &lt;span class="nb"&gt;test&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Build plus the full unit suite, enforced locally before every push. As the test suite grew, this model hit its limit: roughly five minutes of waiting per push, on a high-frequency action. Waiting cost multiplied by push frequency stopped being worth it. In late April the hook was deleted and verification moved into CI, on demand. The commit message is refreshingly plain:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;Move build-and-test validation from local Husky pre-push into a comment-triggered GitHub Action so contributors can run checks consistently in CI.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;Beyond the waiting, &lt;strong&gt;consistency&lt;/strong&gt; was the second motive: a hook only constrains machines that have it installed, local environments drift, and &lt;code&gt;git push --no-verify&lt;/code&gt; walks straight around it. A check that runs in CI is identical for everyone — and its result is recorded on the PR.&lt;/p&gt;

&lt;h3&gt;
  
  
  1.3 On-demand verification, driven by PR comments
&lt;/h3&gt;

&lt;p&gt;The pre-push hook was replaced by three PR comment commands:&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F71ly04dbd58n10rpqw0z.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F71ly04dbd58n10rpqw0z.png" alt="The three PR comment commands: /ut runs build + unit tests (allowed on forks), /eval:tool and /eval:subagent run LLM evals (blocked on forks)" width="799" height="246"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The architecture is "one router plus N reusable workflows": a single workflow, &lt;code&gt;pr-comment.yml&lt;/code&gt;, listens for &lt;code&gt;issue_comment&lt;/code&gt; events, parses the command with a regex, and invokes the matching workflow via &lt;code&gt;workflow_call&lt;/code&gt;. Adding a new command means one new regex branch in the router and one new workflow file — the trigger logic never changes, and you never end up with several workflows racing for the same event.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F8dwo7m28av1m7srw0mpm.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F8dwo7m28av1m7srw0mpm.png" alt="The PR comment router: one workflow parses the comment and dispatches to reusable workflows via workflow_call; results are posted back onto the PR" width="800" height="580"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;A few deliberate choices here:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;On demand, not on every PR.&lt;/strong&gt; The full unit suite costs five minutes; evals cost real API money; and plenty of PRs never touch LLM-adjacent code. The author decides what to run. Single-file mode (say, &lt;code&gt;/eval:tool build_refix_proposal_from_text&lt;/code&gt;) drives the cost of one verification about as low as it can go.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;A closed interaction loop.&lt;/strong&gt; A recognized command immediately gets a 🚀 reaction ("heard you"), and the run posts its result — ✅/❌, commit, command, log link — back onto the PR. A new command on the same PR cancels the previous run (the concurrency group is keyed by PR number).&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Fork safety.&lt;/strong&gt; Evals need LLM API keys, which live in a GitHub Environment called &lt;code&gt;LLM Test&lt;/code&gt;. Workflows triggered from fork PRs can't see those secrets, so the router detects forks and replies with a polite refusal instead. &lt;code&gt;/ut&lt;/code&gt; needs no keys and runs on forks just fine.&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  1.4 After the merge: nightly-eval as the safety net
&lt;/h3&gt;

&lt;p&gt;On-demand verification has a structural hole: &lt;strong&gt;it relies on discipline, and sooner or later a PR merges without enough eval coverage.&lt;/strong&gt; The plug for that hole is nightly-eval — the full &lt;code&gt;eval:tool&lt;/code&gt; and &lt;code&gt;eval:subagent&lt;/code&gt; suites against &lt;code&gt;main&lt;/code&gt;, every night:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight yaml"&gt;&lt;code&gt;&lt;span class="na"&gt;on&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
  &lt;span class="na"&gt;schedule&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
    &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="na"&gt;cron&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="s"&gt;17&lt;/span&gt;&lt;span class="nv"&gt; &lt;/span&gt;&lt;span class="s"&gt;15&lt;/span&gt;&lt;span class="nv"&gt; &lt;/span&gt;&lt;span class="s"&gt;*&lt;/span&gt;&lt;span class="nv"&gt; &lt;/span&gt;&lt;span class="s"&gt;*&lt;/span&gt;&lt;span class="nv"&gt; &lt;/span&gt;&lt;span class="s"&gt;*"&lt;/span&gt;   &lt;span class="c1"&gt;# ~3 a.m. NZ; deliberately off the top&lt;/span&gt;
                            &lt;span class="c1"&gt;# of the hour, the slot GitHub delays most&lt;/span&gt;
  &lt;span class="na"&gt;workflow_dispatch&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="pi"&gt;{}&lt;/span&gt;      &lt;span class="c1"&gt;# can also be triggered manually&lt;/span&gt;
&lt;span class="na"&gt;concurrency&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
  &lt;span class="na"&gt;group&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;nightly-eval&lt;/span&gt;
  &lt;span class="na"&gt;cancel-in-progress&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="kc"&gt;false&lt;/span&gt;  &lt;span class="c1"&gt;# never cancel an in-flight eval run&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Its most important property is that it is &lt;strong&gt;report-only: it observes, it never blocks.&lt;/strong&gt; The workflow's header comment gives two reasons:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;These evals call real models and grade with an LLM judge, so a single pass/fail is noisy — in the comment's words, "unfit to gate merges on."&lt;/li&gt;
&lt;li&gt;It runs after the merge. The code is already on &lt;code&gt;main&lt;/code&gt;; failing can't stop anything. Its entire value is trend monitoring.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;The alerting channel is &lt;strong&gt;self-healing&lt;/strong&gt;: a failure opens an issue labeled &lt;code&gt;eval-regression&lt;/code&gt;; consecutive failures append comments to that same issue rather than opening a new one every day; a green run posts "Recovered" and closes it. At any moment there is at most one open regression issue, which makes the Issues tab a de facto health light for LLM behavior on staging.&lt;/p&gt;

&lt;h3&gt;
  
  
  1.5 The only hard gate: before production
&lt;/h3&gt;

&lt;p&gt;The whole pipeline has exactly one mandatory checkpoint, and it lives inside the production deploy workflow (&lt;code&gt;deploy-prod.yml&lt;/code&gt;):&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight yaml"&gt;&lt;code&gt;&lt;span class="na"&gt;jobs&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
  &lt;span class="na"&gt;test&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;                        &lt;span class="c1"&gt;# the only hard gate&lt;/span&gt;
    &lt;span class="na"&gt;steps&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
      &lt;span class="c1"&gt;# ...checkout main, npm ci...&lt;/span&gt;
      &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="na"&gt;run&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;npx tsc --noEmit&lt;/span&gt;
      &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="na"&gt;run&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;npm test&lt;/span&gt;
  &lt;span class="na"&gt;deploy&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
    &lt;span class="na"&gt;needs&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;test&lt;/span&gt;                &lt;span class="c1"&gt;# no green, no deploy&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Why only one gate, and why only deterministic checks? A gate's job is to stop things that shouldn't ship, which means it has to stand on stable signals. A gate that goes red at random gets ignored or re-run until it passes — and takes the pipeline's credibility down with it. So type checks and unit tests gate the release; LLM quality is the nightly monitor's job.&lt;/p&gt;

&lt;h2&gt;
  
  
  Part 2: CD — how code reaches an environment
&lt;/h2&gt;

&lt;h3&gt;
  
  
  2.1 The environment model
&lt;/h3&gt;

&lt;p&gt;Two environments, fully symmetrical, in the same GCP project and region:&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fi8fhxbbc2nkzhie3sgl0.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fi8fhxbbc2nkzhie3sgl0.png" alt="Environment model: staging (dev.twio.ai, main branch, twio-main, auto-deploy, no gate) vs production (app.twio.ai, prod branch, twio-prod, manual, gated)" width="800" height="340"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The branch model: all day-to-day work lands on &lt;code&gt;main&lt;/code&gt; through PRs. The &lt;code&gt;prod&lt;/code&gt; branch takes no direct commits — it is rebased onto &lt;code&gt;main&lt;/code&gt; at each release. Every position of &lt;code&gt;prod&lt;/code&gt; therefore corresponds to an actual production release: it is both the deploy source and the release history.&lt;/p&gt;

&lt;h3&gt;
  
  
  2.2 Staging: every push is a deploy
&lt;/h3&gt;

&lt;p&gt;Code merged into &lt;code&gt;main&lt;/code&gt; shows up on dev.twio.ai a few minutes later. GitHub Actions does nothing on this path — a Cloud Build trigger on the GCP side watches the repository, builds from the Dockerfile at the repo root, and deploys to &lt;code&gt;twio-main&lt;/code&gt;.&lt;/p&gt;

&lt;p&gt;Why we're comfortable with a zero-gate staging: &lt;strong&gt;mistakes are cheap&lt;/strong&gt; (it's an internal trial environment), &lt;strong&gt;safety nets exist&lt;/strong&gt; (nightly evals surface an LLM regression within a day at worst, and the release gate stops deterministic breakage from reaching production), and &lt;strong&gt;the fix path is short&lt;/strong&gt; (the next push is the next deploy). Flip it around: a gate here would tax every single push with a wait, and buy protection the release gate already provides.&lt;/p&gt;

&lt;p&gt;Worth stating honestly: after the pre-push hook was deleted, this became the most aggressive trade-off in the whole design. A PR that never ran &lt;code&gt;/ut&lt;/code&gt; can, in principle, put code that fails unit tests onto staging — until someone runs the tests, the nightly alarm fires, or the release gate catches it. For a two-person team that risk is acceptable. For a bigger team it wouldn't be.&lt;/p&gt;

&lt;h3&gt;
  
  
  2.3 Production: a manually triggered pipeline
&lt;/h3&gt;

&lt;p&gt;A release is one click of "Run workflow" in the GitHub Actions tab. Five steps follow:&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fg1av8qwlpqbooiae2snt.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fg1av8qwlpqbooiae2snt.png" alt="The production deploy pipeline: gate (tsc + unit tests), rebase prod onto main, keyless auth via Workload Identity Federation, gcloud run deploy, health check" width="800" height="724"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The reasoning, step by step:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Manual, not automatic.&lt;/strong&gt; Release cadence is a human decision: batch a few PRs, avoid customers' active hours. A small team doesn't need merge-to-production continuous deployment; it needs "one click when we choose to ship, verification guaranteed every time."&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Rebase, not merge.&lt;/strong&gt; &lt;code&gt;prod&lt;/code&gt; stays commit-for-commit identical to &lt;code&gt;main&lt;/code&gt; (linear history), and each release leaves an exact snapshot. The push uses &lt;code&gt;--force-with-lease&lt;/code&gt; rather than bare &lt;code&gt;--force&lt;/code&gt;: if the remote branch moved unexpectedly, the push fails instead of silently overwriting. If &lt;code&gt;prod&lt;/code&gt; doesn't exist, it's created from &lt;code&gt;main&lt;/code&gt; — a defense added later covering the deleted-or-never-created case.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Keyless auth via WIF.&lt;/strong&gt; GitHub authenticates to GCP through Workload Identity Federation: no service-account JSON key stored anywhere, GitHub's OIDC token is exchanged for short-lived credentials, and the trust relationship is scoped to this one repository. A key that doesn't exist can't leak.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Pinning &lt;code&gt;APP_BASE_URL&lt;/code&gt;.&lt;/strong&gt; This variable is boot-critical — the container uses it to provision its task queues at startup, and without it the service won't come up (the workflow comment: &lt;em&gt;"its absence crashes boot"&lt;/em&gt;). So every deploy re-asserts it via &lt;code&gt;--update-env-vars&lt;/code&gt;, protecting against someone editing service config in the console, losing the variable, and getting a mysterious explosion several deploys later.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;A health check as the last word.&lt;/strong&gt; A "successful" Cloud Run deploy only means the new revision started; it doesn't mean the app is healthy. After deploying, the workflow curls the service URL and fails the run on anything outside 200–399.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Uncancelable.&lt;/strong&gt; The concurrency group sets &lt;code&gt;cancel-in-progress: false&lt;/code&gt; — in the comment's words, &lt;em&gt;"never cancel a prod deploy mid-flight."&lt;/em&gt; New triggers queue up; a half-finished production deploy never gets killed. (The old staging workflow was configured the opposite way, &lt;code&gt;cancel-in-progress: true&lt;/code&gt;: a newer push simply supersedes the deploy in progress, because staging only ever cares about the latest version.)&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  2.4 Self-contained at runtime: no post-deploy checklist
&lt;/h3&gt;

&lt;p&gt;The container's start command:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight docker"&gt;&lt;code&gt;&lt;span class="k"&gt;CMD&lt;/span&gt;&lt;span class="s"&gt; ["sh", "-c", "node dist/db/migrate.js &amp;amp;&amp;amp; node dist/index.js"]&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Database migrations run automatically on every container start. The app then bootstraps all of its infrastructure dependencies &lt;strong&gt;before&lt;/strong&gt; binding the port — creating or reconciling Cloud Tasks queues, Cloud Scheduler jobs, and Pub/Sub topics. If critical configuration is missing, startup fails loudly (the container won't come up and the deploy goes red) instead of limping along.&lt;/p&gt;

&lt;p&gt;For a small team, the point of this choice is that &lt;strong&gt;deploys have no runbook&lt;/strong&gt;. There is no "remember to run migrations after deploying," no "remember to create the queue" folklore — environmental dependencies are either handled by the code itself or the deploy fails and tells you immediately. Health check + loud failure + self-provisioning together guarantee that &lt;em&gt;a green deploy means the environment is correct&lt;/em&gt;.&lt;/p&gt;

&lt;h3&gt;
  
  
  2.5 Cleanup: cost is part of the pipeline
&lt;/h3&gt;

&lt;p&gt;Every &lt;code&gt;gcloud run deploy --source&lt;/code&gt; produces a new container image (stored in Artifact Registry, billed by storage) and a new Cloud Run revision. Two environments deploying at high frequency means the bill only goes one way unless something pushes back. The hardening commit recorded the motivation:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;Each deploy via &lt;code&gt;gcloud run deploy --source .&lt;/code&gt; accumulates Docker images in Artifact Registry, driving up storage costs.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;&lt;code&gt;cleanup-images.yml&lt;/code&gt; does the housekeeping, hourly (plus on every push, plus manual):&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Cloud Run revisions&lt;/strong&gt;: each service keeps only the newest one plus whatever is serving traffic;&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Images&lt;/strong&gt;: each service keeps the two most recent; anything referenced by a live revision is skipped; the rest are deleted.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Its own history tracks usage growth: it began as an inline cleanup step in the deploy workflow, was split into a standalone daily cron the same day, and moved to hourly a month later once deploy frequency picked up.&lt;/p&gt;

&lt;h2&gt;
  
  
  Summary
&lt;/h2&gt;

&lt;p&gt;Every trigger point in the pipeline:&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fb010voyprm5q78sjyhmn.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fb010voyprm5q78sjyhmn.png" alt="All trigger points: PR comments run on-demand checks, pushes auto-deploy staging, nightly evals monitor, a manual workflow gates and deploys production, hourly cleanup prunes images" width="799" height="466"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Each decision is small on its own. Together they reduce to three consistent principles:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Gate only on deterministic signals.&lt;/strong&gt; The pipeline's single mandatory checkpoint (before production) contains nothing but type checks and unit tests. Making a randomly-red check a gate just teaches everyone to ignore gates.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Noisy signals monitor; they don't block.&lt;/strong&gt; The value of LLM evals is in the trend: run nightly, open an issue on failure, auto-close on recovery — not in vetoing any particular merge.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Expensive operations run on demand.&lt;/strong&gt; The time-expensive (five minutes of unit tests) and the money-expensive (real-model evals) are both behind explicit commands, with the author deciding what to run; whatever slips through is caught by the nightly net and the release gate.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Finally, the fine print: this design assumes a team small enough for mutual trust, a staging environment where mistakes are cheap, and a release cadence of two or three ships a week. As the team grows, as compliance requirements appear, or as evals get stable enough to trust, the number and placement of gates should be revisited. This pipeline is itself the product of several rewrites within a single year — there's no reason to believe today's shape is final.&lt;/p&gt;




&lt;p&gt;&lt;em&gt;Originally published on &lt;a href="https://twio-ai-engineering.medium.com/inside-twios-ci-cd-how-a-two-engineer-ai-startup-ships-92ceabaaf43e" rel="noopener noreferrer"&gt;Medium&lt;/a&gt;.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>devops</category>
      <category>cicd</category>
      <category>llm</category>
      <category>startup</category>
    </item>
    <item>
      <title>Inside Twio: Optimizing Queue System for AI Workflows Instead of Scaling Compute</title>
      <dc:creator>Twio_AI</dc:creator>
      <pubDate>Tue, 30 Jun 2026 10:01:34 +0000</pubDate>
      <link>https://dev.to/twio_ai/infinite-compute-someone-elses-bottleneck-21lh</link>
      <guid>https://dev.to/twio_ai/infinite-compute-someone-elses-bottleneck-21lh</guid>
      <description>&lt;blockquote&gt;
&lt;p&gt;Whenever a few users ran Twio's email import at the same time, it slowed to a crawl — and adding servers wouldn't have helped. Here's where the real bottleneck was hiding, and the simple fix that sorted it out.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;h2&gt;
  
  
  What this system actually does
&lt;/h2&gt;

&lt;p&gt;At Twio, we build software for mortgage brokers. One of our features scans a broker's mailbox and assembles a "loan book" — every client, every loan, every upcoming rate-expiry date.&lt;/p&gt;

&lt;p&gt;Behind that one button sits a real pipeline. We pull the broker's mail, make sense of it, and fold it into a clean, deduplicated book of loans:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Broker's Gmail
    |  download emails + attachments
    v
Extract &amp;amp; clean ........ parse PDFs, strip quoted replies
    |
    v
Understand ............. Gemini reads each email &amp;amp; doc
    |
    v
Index for retrieval .... RAG embeddings
    |
    v
Consolidate ............ dedupe, group by client &amp;amp; household
    |
    v
Loan book
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The parsing step is where the model earns its keep: Gemini reads each email and each PDF and pulls out the facts — who, which bank, how much, and when the rate expires. Most of this runs on our own machines. But two steps lean on services we don't control: the &lt;strong&gt;bulk download from Gmail&lt;/strong&gt; and the &lt;strong&gt;parsing by Gemini&lt;/strong&gt;. Hold onto that — the whole story grows out of those two.&lt;/p&gt;

&lt;h2&gt;
  
  
  The symptom: a job that looked stuck for fifteen minutes
&lt;/h2&gt;

&lt;p&gt;One day a broker opens a ticket: "Your scan is broken — it's been stuck for fifteen minutes."&lt;/p&gt;

&lt;p&gt;We pull the logs. The job isn't broken. It hasn't even &lt;strong&gt;started downloading its first batch&lt;/strong&gt;. It's sitting in line, behind three other brokers who happened to click "scan" in the same five-minute window.&lt;/p&gt;

&lt;p&gt;Our background jobs ran on Google Cloud Tasks, with a deliberately simple setup: &lt;strong&gt;one job type, one queue, one task at a time.&lt;/strong&gt; To avoid hogging that single slot, a scan splits itself into small batches: download a batch, re-enqueue itself at the back of the line, download the next, and repeat until done.&lt;/p&gt;

&lt;p&gt;That "one queue, one at a time" is where it breaks. When N brokers scan at once, their batches interleave in the same line:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;One shared queue (FIFO):   A1  B1  C1  A2  B2  C2  A3  B3  C3  ...
                           A's 3rd batch waits for the 7th slot -&amp;gt; 3x slower
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Every scan slows to &lt;strong&gt;1/N&lt;/strong&gt; speed. And the frontend has a safety net: if progress doesn't move for ~12 minutes, it declares the scan "stalled" and tells the user to retry. So the brokers stuck at the back of the line — whose jobs were perfectly healthy — hit a &lt;strong&gt;"stalled" screen for a problem that didn't exist.&lt;/strong&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  The reflex that doesn't work
&lt;/h2&gt;

&lt;p&gt;When something is slow, the first instinct is always the same: &lt;strong&gt;throw machines at it.&lt;/strong&gt; We run on Cloud Run, which autoscales to — for all practical purposes — infinite compute. Still not fast enough? Just let more tasks run at once.&lt;/p&gt;

&lt;p&gt;And normally, that instinct is &lt;em&gt;right&lt;/em&gt;. Picture a supermarket checkout. If cashier A rings people up five times faster than cashier B, the line behind A clears five times faster. Faster cashier, shorter line — that's almost the definition of the job. So more lanes and quicker workers should mean shorter queues. Obviously.&lt;/p&gt;

&lt;p&gt;Except it would have done nothing for us. Because in our store, &lt;strong&gt;the bottleneck was never the cashier.&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;It was the customer.&lt;/p&gt;

&lt;p&gt;Picture the person at the front of the line moving at the speed of Flash — the sloth from &lt;em&gt;Zootopia&lt;/em&gt;. You can sit a Formula 1 driver at the register; he'll just sit there, tapping the conveyor belt, while Flash s-l-o-w-l-y reaches for his wallet and s-l-o-w-l-y counts out the change. The moment the &lt;em&gt;customer&lt;/em&gt; is the slow part, the cashier's speed stops mattering at all.&lt;/p&gt;

&lt;p&gt;That sloth is Gmail.&lt;/p&gt;

&lt;h2&gt;
  
  
  The real bottleneck lives somewhere else
&lt;/h2&gt;

&lt;p&gt;So why is Gmail our sloth? A &lt;strong&gt;per-user rate limit.&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Gmail caps how fast you can call its API for any single user. For one broker's mailbox you get so many calls a second and not one more; push past it and Gmail hands back a flat &lt;strong&gt;429.&lt;/strong&gt; It doesn't matter how fast our worker runs — Gmail feeds us that one mailbox at sloth speed regardless. More machines don't make the broker move faster; they just park more Formula 1 drivers behind the same slow customer.&lt;/p&gt;

&lt;p&gt;(The far end of the pipeline pulls the same trick, by the way. Gemini — the model reading the emails — meters us too, and we tame that one with a different valve that deserves its own post. I only bring it up because the shape keeps repeating: both ends of this pipeline run on a budget we don't get to set.)&lt;/p&gt;

&lt;p&gt;And here's what stung: the parallelism we needed was sitting right there, unused. &lt;strong&gt;Every broker's Gmail budget is independent&lt;/strong&gt; — broker A draining A's quota does nothing to B's. They could have run fully in parallel from the start. Our one shared queue was quietly throwing that away.&lt;/p&gt;

&lt;p&gt;The diagnosis was almost embarrassing in hindsight: the limit is &lt;strong&gt;per user&lt;/strong&gt;, but our queue was &lt;strong&gt;global&lt;/strong&gt;. We had built a single chokepoint in front of a crowd of independent, parallelizable customers.&lt;/p&gt;

&lt;h2&gt;
  
  
  The fix: one queue per user
&lt;/h2&gt;

&lt;p&gt;Replace "one global queue" with "&lt;strong&gt;one queue per user, processed in parallel&lt;/strong&gt;," and you get two things at once:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Speed:&lt;/strong&gt; different users run in their own queues at the same time, so throughput climbs with the number of active users instead of collapsing to 1/N.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Safety:&lt;/strong&gt; a single user's batches still run &lt;strong&gt;one queue, one at a time&lt;/strong&gt;, which naturally keeps them inside that user's Gmail budget — no self-inflicted 429.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;One property — a private lane per user, many lanes in parallel — cures both the slowness and the rate-limiting.&lt;/p&gt;

&lt;p&gt;It sounds simple. But &lt;strong&gt;the most obvious way to build it is the one thing you must not do.&lt;/strong&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  The trap: the 7-day rule
&lt;/h2&gt;

&lt;p&gt;"One queue per user" leads straight to: &lt;strong&gt;create a queue named after the user on demand, delete it when it goes idle.&lt;/strong&gt; Users grow without bound, so cleaning up feels mandatory.&lt;/p&gt;

&lt;p&gt;And that walks right into a quiet rule in Cloud Tasks:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Once you delete a queue, its name can't be reused for about 7 days.&lt;/strong&gt;&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;Which means: a broker scans today, the queue gets deleted — and if they &lt;strong&gt;come back to scan within 7 days, they hit a name that's still "on hold," and the job fails to enqueue.&lt;/strong&gt; The users who return within a week are exactly the active ones you most want to serve.&lt;/p&gt;

&lt;p&gt;Put bluntly: "one queue per user" is the right idea; "&lt;strong&gt;a queue you create and delete per user&lt;/strong&gt;" is the wrong mechanism.&lt;/p&gt;

&lt;h2&gt;
  
  
  The solution: a fixed pool, assigned by hashing
&lt;/h2&gt;

&lt;p&gt;So we flipped it around. Instead of building a queue per user, we provision a &lt;strong&gt;fixed pool of queues once, at startup&lt;/strong&gt; — we run 128 — and from then on we &lt;strong&gt;only use them, never delete them.&lt;/strong&gt; A simple hash then assigns each user to one, evenly and permanently:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight typescript"&gt;&lt;code&gt;&lt;span class="kd"&gt;const&lt;/span&gt; &lt;span class="nx"&gt;POOL_SIZE&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="mi"&gt;128&lt;/span&gt;

&lt;span class="c1"&gt;// Every user maps to the same queue, every time.&lt;/span&gt;
&lt;span class="kd"&gt;function&lt;/span&gt; &lt;span class="nf"&gt;queueForUser&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;userId&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="kr"&gt;number&lt;/span&gt;&lt;span class="p"&gt;):&lt;/span&gt; &lt;span class="kr"&gt;string&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
  &lt;span class="kd"&gt;const&lt;/span&gt; &lt;span class="nx"&gt;slot&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="nx"&gt;userId&lt;/span&gt; &lt;span class="o"&gt;%&lt;/span&gt; &lt;span class="nx"&gt;POOL_SIZE&lt;/span&gt;   &lt;span class="c1"&gt;// userId is an auto-increment int -&amp;gt; modulo spreads evenly&lt;/span&gt;
  &lt;span class="k"&gt;return&lt;/span&gt; &lt;span class="s2"&gt;`email-import--q&lt;/span&gt;&lt;span class="p"&gt;${&lt;/span&gt;&lt;span class="nx"&gt;slot&lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="s2"&gt;`&lt;/span&gt;
&lt;span class="p"&gt;}&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;





&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;hash(userId) % 128  -&amp;gt;  one fixed queue, always the same one

   Broker A  -&amp;gt;  q5     (A and C happen to collide
   Broker C  -&amp;gt;  q5      on the same lane)
   Broker B  -&amp;gt;  q42

   Different lanes run in parallel; the same lane runs one at a time.
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Don't let "hashing" scare you off — here it does just two plain things:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Even:&lt;/strong&gt; it spreads users across all 128 queues instead of piling them onto one.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Stable:&lt;/strong&gt; a given user always lands on the &lt;strong&gt;same&lt;/strong&gt; queue — so their scan stays serialized (Gmail-safe), while different users land on different queues (parallel, fast).&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The best part: this design &lt;strong&gt;never creates or deletes a queue&lt;/strong&gt; — so the 7-day trap simply doesn't exist. The queue count is also &lt;strong&gt;pinned&lt;/strong&gt; at 128 (independent of how many users we have, and well under the cloud's ~1,000-per-region cap).&lt;/p&gt;

&lt;p&gt;The cost? Tiny. Occasionally two users hash to the same queue and wait on each other (above, A and C both land on q5). But collisions among 128 lanes are rare, and even when they happen it's just a little slower — &lt;strong&gt;never wrong, and never a rate-limit problem.&lt;/strong&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  The takeaway
&lt;/h2&gt;

&lt;p&gt;The real lesson here has little to do with queues or hashing:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;When something gets slow and your first instinct is "add machines" — &lt;strong&gt;stop, and find the resource that's actually the bottleneck.&lt;/strong&gt; It's often not on your machines at all, but inside some external service that meters you per user, per call.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;Find it, then &lt;strong&gt;shape your concurrency around it&lt;/strong&gt; — not around your compute. Our compute can be infinite. The bottleneck never was ours.&lt;/p&gt;

</description>
      <category>architecture</category>
      <category>googlecloud</category>
      <category>programming</category>
      <category>backend</category>
    </item>
    <item>
      <title>From Monolith Prompt to Event-Driven Agent — twio's Architecture Story</title>
      <dc:creator>Twio_AI</dc:creator>
      <pubDate>Mon, 22 Jun 2026 09:43:42 +0000</pubDate>
      <link>https://dev.to/twio_ai/from-monolith-prompt-to-event-driven-agent-twios-architecture-story-ad0</link>
      <guid>https://dev.to/twio_ai/from-monolith-prompt-to-event-driven-agent-twios-architecture-story-ad0</guid>
      <description>&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;TL;DR&lt;/strong&gt; — Our goal was a free-form agent—like Cursor or Claude Code—where users start anywhere, ask anything, and never march through a fixed pipeline. Getting there meant progressively moving responsibility off the prompt and onto the harness: first sequencing and state, then lifecycle and triage. The conversational freedom at the top was only safe because we kept adding structural guardrails underneath.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;We wanted twio to feel like Cursor, but for mortgage brokers: a free-form agent you simply talk to. Jump into the middle of a refix, ask "when does their rate expire?", paste a customer's email, and let the agent carry on. No fixed pipelines, no "step 1 of 4"—just work the way it actually arrives.&lt;/p&gt;

&lt;p&gt;Our first version was the exact opposite of this. It could complete a refix end-to-end, but only if the broker followed the script's exact sequence. Start in the middle, ask a side question, or reply three days later, and the system would break.&lt;/p&gt;

&lt;p&gt;This is the story of how we chased that conversational freedom across three architectures. On the surface, each rebuild looked like a structural change. Underneath, it was a steady offloading of responsibilities—stripping away what the LLM was bad at holding, and handing it to the harness.&lt;/p&gt;

&lt;p&gt;&lt;em&gt;(To understand the evolution, just know that a **refix&lt;/em&gt;&lt;em&gt;—renewing a mortgage rate—sounds like a 4-step linear process, but in reality, it's fragmented, non-linear, and spans days. Keep that in mind.)&lt;/em&gt;&lt;/p&gt;




&lt;h2&gt;
  
  
  Architecture 1: The Monolith Script (and the Illusion of Control)
&lt;/h2&gt;

&lt;p&gt;When we started, we had no prior experience with LLM harnesses. Freedom was the goal, but first we had to answer a simpler question: &lt;em&gt;Can an LLM handle a real mortgage workflow end-to-end at all?&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;Our first architecture was one giant prompt driving the entire refix. It looked roughly like this:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;You are a mortgage assistant. To do a refix:
1. Look up the customer by name; if several match, ask which one...
2. Ask for the new rate and term — unless the customer emailed...
3. Build the proposal. Repayment = P&amp;amp;I, unless interest-only...
4. Fill the lender form. ANZ uses fields X/Y; ASB uses...
5. Draft the sign-off email. Warm but professional...
...and ~300 more lines of rules, edge cases, and tone notes.
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;It was simple, predictable, and legible. Then it met production reality, and fractured under two fatal flaws:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Cognitive Overload:&lt;/strong&gt; The longer the workflow, the more the prompt ballooned with edge cases, scattering the model's attention. It assumed a fixed sequence, but brokers don't work that way.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Tangled Coupling:&lt;/strong&gt; One prompt carrying fetch, validate, draft, and edge-case logic became an entangled wall of text. You couldn't test "build the proposal" without running the whole machine.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;The recurring disruption that exposed these flaws: &lt;strong&gt;"The customer replies three days later."&lt;/strong&gt; In the monolith, there was simply no place for this. The run was over, or it was blocked waiting for a turn that wasn't coming.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;The Diagnosis:&lt;/strong&gt; A monolithic prompt fuses three things that should never mix.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fmermaid.ink%2Fimg%2FZ3JhcGggTFIKICAgIEFbVXNlciBJbnB1dF0gLS0%2BIEIoR0lBTlQgUFJPTVBUKQogICAgQiAtLT4gQ1tDb250cm9sIEZsb3ddCiAgICBCIC0tPiBEW0RvbWFpbiBMb2dpY10KICAgIEIgLS0%2BIEVbU3RhdGUgLyBNZW1vcnldCiAgICBDICYgRCAmIEUgLS0%2BIEZbTExNIE91dHB1dF0KICAgIAogICAgc3R5bGUgQiBmaWxsOiNmZWUyZTIsc3Ryb2tlOiNlZjQ0NDQsc3Ryb2tlLXdpZHRoOjJweAogICAgc3R5bGUgQyBmaWxsOiNmZWYzYzcsc3Ryb2tlOiNmNTllMGIKICAgIHN0eWxlIEQgZmlsbDojZmVmM2M3LHN0cm9rZTojZjU5ZTBiCiAgICBzdHlsZSBFIGZpbGw6I2ZlZjNjNyxzdHJva2U6I2Y1OWUwYg%3D%3D%3Ftype%3Dpng%26bgColor%3DFFFFFF%26width%3D1200" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fmermaid.ink%2Fimg%2FZ3JhcGggTFIKICAgIEFbVXNlciBJbnB1dF0gLS0%2BIEIoR0lBTlQgUFJPTVBUKQogICAgQiAtLT4gQ1tDb250cm9sIEZsb3ddCiAgICBCIC0tPiBEW0RvbWFpbiBMb2dpY10KICAgIEIgLS0%2BIEVbU3RhdGUgLyBNZW1vcnldCiAgICBDICYgRCAmIEUgLS0%2BIEZbTExNIE91dHB1dF0KICAgIAogICAgc3R5bGUgQiBmaWxsOiNmZWUyZTIsc3Ryb2tlOiNlZjQ0NDQsc3Ryb2tlLXdpZHRoOjJweAogICAgc3R5bGUgQyBmaWxsOiNmZWYzYzcsc3Ryb2tlOiNmNTllMGIKICAgIHN0eWxlIEQgZmlsbDojZmVmM2M3LHN0cm9rZTojZjU5ZTBiCiAgICBzdHlsZSBFIGZpbGw6I2ZlZjNjNyxzdHJva2U6I2Y1OWUwYg%3D%3D%3Ftype%3Dpng%26bgColor%3DFFFFFF%26width%3D1200" alt="Diagram: one giant prompt fusing control flow, domain logic, and state into a single LLM output" width="1200" height="437"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;em&gt;Fused together, changing one risks breaking the others.&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;The mandate for our first refactor was clear: &lt;strong&gt;Pull these three apart, and stop hardcoding the sequence.&lt;/strong&gt;&lt;/p&gt;




&lt;h2&gt;
  
  
  Architecture 2: Planner + Steps (Decoupling Flow and State)
&lt;/h2&gt;

&lt;p&gt;We shattered the monolith into &lt;strong&gt;Steps&lt;/strong&gt;. A step is a small, single-purpose agent with a typed contract: a focused prompt, a whitelist of tools, and strictly defined I/O schemas for state.&lt;/p&gt;

&lt;p&gt;A &lt;strong&gt;Planner&lt;/strong&gt; produced an ordered sequence, and an orchestrator executed them. This cleanly separated the monolith's responsibilities:&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fmermaid.ink%2Fimg%2FZ3JhcGggTFIKICAgIFBbUGxhbm5lcl0gLS0%2BfE9yZGVyc3wgUzFbU3RlcCAxOiBQYXJ0aWVzXQogICAgUzEgLS0%2BfFdyaXRlcyAncGFydGllcycgc2xpY2V8IFMyW1N0ZXAgMjogUHJvcG9zYWxdCiAgICBTMiAtLT58V3JpdGVzICdwcm9wb3NhbCcgc2xpY2V8IFMzW1N0ZXAgMzogRm9ybSBGaWxsZXJdCiAgICAKICAgIFMxIC0uLT4gTDEoKExMTTogPGJyPlNtYWxsIFByb21wdCkpCiAgICBTMiAtLi0%2BIEwyKChMTE06IDxicj5TbWFsbCBQcm9tcHQpKQogICAgUzMgLS4tPiBMMygoTExNOiA8YnI%2BU21hbGwgUHJvbXB0KSkKCiAgICBjbGFzc0RlZiBoYXJuZXNzIGZpbGw6I2YwZmRmNCxzdHJva2U6IzIyYzU1ZSxzdHJva2Utd2lkdGg6MnB4OwogICAgY2xhc3NEZWYgbGxtIGZpbGw6I2VmZjZmZixzdHJva2U6IzNiODJmNixzdHJva2Utd2lkdGg6MnB4OwogICAgCiAgICBjbGFzcyBQLFMxLFMyLFMzIGhhcm5lc3M7CiAgICBjbGFzcyBMMSxMMixMMyBsbG07%3Ftype%3Dpng%26bgColor%3DFFFFFF%26width%3D1200" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fmermaid.ink%2Fimg%2FZ3JhcGggTFIKICAgIFBbUGxhbm5lcl0gLS0%2BfE9yZGVyc3wgUzFbU3RlcCAxOiBQYXJ0aWVzXQogICAgUzEgLS0%2BfFdyaXRlcyAncGFydGllcycgc2xpY2V8IFMyW1N0ZXAgMjogUHJvcG9zYWxdCiAgICBTMiAtLT58V3JpdGVzICdwcm9wb3NhbCcgc2xpY2V8IFMzW1N0ZXAgMzogRm9ybSBGaWxsZXJdCiAgICAKICAgIFMxIC0uLT4gTDEoKExMTTogPGJyPlNtYWxsIFByb21wdCkpCiAgICBTMiAtLi0%2BIEwyKChMTE06IDxicj5TbWFsbCBQcm9tcHQpKQogICAgUzMgLS4tPiBMMygoTExNOiA8YnI%2BU21hbGwgUHJvbXB0KSkKCiAgICBjbGFzc0RlZiBoYXJuZXNzIGZpbGw6I2YwZmRmNCxzdHJva2U6IzIyYzU1ZSxzdHJva2Utd2lkdGg6MnB4OwogICAgY2xhc3NEZWYgbGxtIGZpbGw6I2VmZjZmZixzdHJva2U6IzNiODJmNixzdHJva2Utd2lkdGg6MnB4OwogICAgCiAgICBjbGFzcyBQLFMxLFMyLFMzIGhhcm5lc3M7CiAgICBjbGFzcyBMMSxMMixMMyBsbG07%3Ftype%3Dpng%26bgColor%3DFFFFFF%26width%3D1200" alt="Diagram: a planner ordering three typed steps, each backed by a small scoped LLM prompt" width="1200" height="296"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;em&gt;The planner orders typed steps; each runs its own small, scoped LLM prompt.&lt;/em&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  The Breakthrough: Context as Memory
&lt;/h3&gt;

&lt;p&gt;The most critical insight of this era was how we handled state. Steps didn't get the whole conversation history; they got a scoped view. &lt;/p&gt;

&lt;p&gt;&lt;code&gt;refix_proposal&lt;/code&gt; reads &lt;code&gt;parties&lt;/code&gt;, writes &lt;code&gt;proposal&lt;/code&gt;, and &lt;em&gt;never sees the rest&lt;/em&gt;. This isn't just access control; &lt;strong&gt;it's memory management&lt;/strong&gt;. A model reasons far more accurately over a small, relevant context than a massive one. Scoping the view didn't just tidy the code—it made the steps sharper.&lt;/p&gt;

&lt;p&gt;Architecture 2 was a massive leap forward. We shipped a lot of features on it. But it carried a hidden, fatal assumption: &lt;strong&gt;It assumed work is synchronous and continuous.&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;To start work, the broker had to land on a homepage and &lt;strong&gt;select the workflow type from a dropdown&lt;/strong&gt; (e.g., "Refix"). Choosing "Refix" launched the fixed plan. That demands the broker knows the shape of the work &lt;em&gt;before&lt;/em&gt; anything runs. (You don't pick "refactor" from a menu before Cursor listens—you just start typing).&lt;/p&gt;

&lt;p&gt;Furthermore, the plan assumed run-to-completion. So, our recurring disruption returned: &lt;strong&gt;The customer replies three days later.&lt;/strong&gt; By then, the pipeline had finished or stalled. We tried bolting on a separate "inbox" to triage incoming items, but it felt like stapling an async patch onto a synchronous system. We deleted it.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;The Diagnosis:&lt;/strong&gt; A refix is not a workflow you execute. It's a long-lived case, fed by disconnected events over days.&lt;/p&gt;

&lt;p&gt;The mandate for the next refactor: &lt;strong&gt;Stop making the broker declare the work up front. Stop pretending work runs to completion.&lt;/strong&gt;&lt;/p&gt;




&lt;h2&gt;
  
  
  Architecture 3: The Open Case (Event-Driven Paradigm)
&lt;/h2&gt;

&lt;p&gt;We collapsed the dropdown menu of workflow types into &lt;strong&gt;one universal Case&lt;/strong&gt;. Every inbound event—email, chat message, late reply—flows into the same entry point. The first thing that runs is the planner, but it now has a completely different job: &lt;strong&gt;Triage&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;Instead of sequencing a known workflow, the planner looks at a single event and picks a path:&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fmermaid.ink%2Fimg%2FZ3JhcGggVEQKICAgIEV2ZW50KChJbmJvdW5kIEV2ZW50KSkgLS0%2BIFRyaWFnZXtUcmlhZ2UgUGxhbm5lcn0KICAgIAogICAgVHJpYWdlIC0tPnxTaW1wbGUgUXVlc3Rpb258IERpcmVjdFtSZXNwb25kIERpcmVjdGx5IDxicj4gTk8gUExBTl0KICAgIFRyaWFnZSAtLT58TWF0Y2hlZCBQbGF5Ym9va3wgV2FrZVsgV2FrZSBFeGlzdGluZyBDYXNlIF0KICAgIFRyaWFnZSAtLT58VW5rbm93biBUYXNrfCBBZEhvY1sgQ29tcG9zZSBBZC1Ib2MgU3RlcHMgXQogICAgCiAgICBXYWtlIC0tPiBTdGVwc1tSdW4gUmVxdWlyZWQgU3RlcHNdCiAgICBBZEhvYyAtLT4gU3RlcHMKICAgIAogICAgU3RlcHMgLS0%2BIFF1aWV0WyhDYXNlIEdvZXMgUXVpZXQgPGJyPiBBYnNlbmNlID0gV2FpdGluZyBTdGF0ZSldCiAgICAKICAgIEZ1dHVyZUV2ZW50KChDdXN0b21lciBSZXBsaWVzIDxicj4gMyBEYXlzIExhdGVyKSkgLS4tPiB8UmUtZW50ZXJzIFRyaWFnZXwgVHJpYWdlCgogICAgY2xhc3NEZWYgZXZlbnQgZmlsbDojZTBlN2ZmLHN0cm9rZTojNjM2NmYxLHN0cm9rZS13aWR0aDoycHg7CiAgICBjbGFzc0RlZiBzdWNjZXNzIGZpbGw6I2RjZmNlNyxzdHJva2U6IzIyYzU1ZTsKICAgIGNsYXNzRGVmIHdhaXQgZmlsbDojZmVmOWMzLHN0cm9rZTojZWFiMzA4OwogICAgY2xhc3NEZWYgZnV0dXJlIGZpbGw6I2ZjZTdmMyxzdHJva2U6I2VjNDg5OSxzdHJva2UtZGFzaGFycmF5OiA1IDU7CiAgICAKICAgIGNsYXNzIEV2ZW50IGV2ZW50OwogICAgY2xhc3MgRGlyZWN0IHN1Y2Nlc3M7CiAgICBjbGFzcyBRdWlldCB3YWl0OwogICAgY2xhc3MgRnV0dXJlRXZlbnQgZnV0dXJlOw%3D%3D%3Ftype%3Dpng%26bgColor%3DFFFFFF%26width%3D1200" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fmermaid.ink%2Fimg%2FZ3JhcGggVEQKICAgIEV2ZW50KChJbmJvdW5kIEV2ZW50KSkgLS0%2BIFRyaWFnZXtUcmlhZ2UgUGxhbm5lcn0KICAgIAogICAgVHJpYWdlIC0tPnxTaW1wbGUgUXVlc3Rpb258IERpcmVjdFtSZXNwb25kIERpcmVjdGx5IDxicj4gTk8gUExBTl0KICAgIFRyaWFnZSAtLT58TWF0Y2hlZCBQbGF5Ym9va3wgV2FrZVsgV2FrZSBFeGlzdGluZyBDYXNlIF0KICAgIFRyaWFnZSAtLT58VW5rbm93biBUYXNrfCBBZEhvY1sgQ29tcG9zZSBBZC1Ib2MgU3RlcHMgXQogICAgCiAgICBXYWtlIC0tPiBTdGVwc1tSdW4gUmVxdWlyZWQgU3RlcHNdCiAgICBBZEhvYyAtLT4gU3RlcHMKICAgIAogICAgU3RlcHMgLS0%2BIFF1aWV0WyhDYXNlIEdvZXMgUXVpZXQgPGJyPiBBYnNlbmNlID0gV2FpdGluZyBTdGF0ZSldCiAgICAKICAgIEZ1dHVyZUV2ZW50KChDdXN0b21lciBSZXBsaWVzIDxicj4gMyBEYXlzIExhdGVyKSkgLS4tPiB8UmUtZW50ZXJzIFRyaWFnZXwgVHJpYWdlCgogICAgY2xhc3NEZWYgZXZlbnQgZmlsbDojZTBlN2ZmLHN0cm9rZTojNjM2NmYxLHN0cm9rZS13aWR0aDoycHg7CiAgICBjbGFzc0RlZiBzdWNjZXNzIGZpbGw6I2RjZmNlNyxzdHJva2U6IzIyYzU1ZTsKICAgIGNsYXNzRGVmIHdhaXQgZmlsbDojZmVmOWMzLHN0cm9rZTojZWFiMzA4OwogICAgY2xhc3NEZWYgZnV0dXJlIGZpbGw6I2ZjZTdmMyxzdHJva2U6I2VjNDg5OSxzdHJva2UtZGFzaGFycmF5OiA1IDU7CiAgICAKICAgIGNsYXNzIEV2ZW50IGV2ZW50OwogICAgY2xhc3MgRGlyZWN0IHN1Y2Nlc3M7CiAgICBjbGFzcyBRdWlldCB3YWl0OwogICAgY2xhc3MgRnV0dXJlRXZlbnQgZnV0dXJlOw%3D%3D%3Ftype%3Dpng%26bgColor%3DFFFFFF%26width%3D1200" alt="Diagram: inbound events enter a triage planner that responds directly, wakes a case, or composes steps; a 3-day-late reply re-enters triage" width="1200" height="1321"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;em&gt;Triage routes each event — answer directly, wake a case, or compose steps. A late reply just re-enters triage.&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;Three mechanisms make this architecture work:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;1. Long-Lived Cases with Implicit Waiting&lt;/strong&gt;&lt;br&gt;
After acting, a case goes quiet. In our system, the absence of new messages &lt;em&gt;is&lt;/em&gt; the waiting state—there is no dangling pipeline. What broke Architecture 1 and stalled Architecture 2 is now trivial.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;2. First-Class "Do Nothing" Path&lt;/strong&gt;&lt;br&gt;
When a broker asks "when does their rate expire?", the triage planner answers it directly and stops. No four-step plan is generated. Often, no plan is the right plan.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;3. Declarative Playbooks&lt;/strong&gt;&lt;br&gt;
Domain knowledge moved out of code and into Markdown playbooks. This allows mortgage experts to edit the "how" without touching the engine code.&lt;/p&gt;

&lt;h3&gt;
  
  
  Guarding the Freedom: Data-Flow Validation
&lt;/h3&gt;

&lt;p&gt;Handing a language model the freedom to compose its own step sequences is dangerous. We put a hard floor under it: a &lt;strong&gt;data-flow validator&lt;/strong&gt; that rejects an incoherent plan &lt;em&gt;before a single token of work is spent&lt;/em&gt;.&lt;/p&gt;

&lt;p&gt;If the planner emits &lt;code&gt;refix_proposal&lt;/code&gt; before &lt;code&gt;parties&lt;/code&gt;, the validator hands back a precise error, and the planner self-corrects.&lt;/p&gt;

&lt;p&gt;This introduces a brilliant mechanism we call &lt;strong&gt;Soft Reads vs. Hard Reads&lt;/strong&gt;:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;strong&gt;Hard Read (Correctness):&lt;/strong&gt; An ordering constraint. &lt;code&gt;form_filler&lt;/code&gt; &lt;em&gt;must&lt;/em&gt; wait for &lt;code&gt;parties&lt;/code&gt;. If it's missing, the validator blocks it.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Soft Read (Composability):&lt;/strong&gt; Visibility-only. &lt;code&gt;form_filler&lt;/code&gt; &lt;em&gt;can&lt;/em&gt; see &lt;code&gt;refix_proposal&lt;/code&gt; if it exists, but won't force it into the plan. This lets the step be dropped into a one-off request without dragging the whole refix sequence along.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;One &lt;code&gt;reads&lt;/code&gt; declaration scopes the step's memory &lt;em&gt;and&lt;/em&gt; acts as an edge in the dependency graph. One declaration, two jobs.&lt;/p&gt;

&lt;p&gt;This is where twio finally felt like the free-form agent we set out to build. It’s the synthesis of our journey: &lt;strong&gt;Freedom at the top, structure at the bottom, knowledge in prose.&lt;/strong&gt;&lt;/p&gt;




&lt;h2&gt;
  
  
  Why Not Just Use LangGraph?
&lt;/h2&gt;

&lt;p&gt;We evaluated LangGraph and similar agent frameworks before building our own. They are excellent tools, but designed for a fundamentally different paradigm: the static graph. Our workflow is a dynamic, event-driven beast.&lt;/p&gt;

&lt;p&gt;Forcing our architecture into a graph exposed three core mismatches:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;1. The engine isn't the graph; it's the contracts.&lt;/strong&gt;&lt;br&gt;
Frameworks give you nodes, edges, and shared state. But twio's real value isn't topology—it's the typed step contracts (&lt;code&gt;reads&lt;/code&gt;/&lt;code&gt;softReads&lt;/code&gt;), the triage planner's judgment, and the prose playbooks. We'd still have to write all of that, just wrapped in someone else's &lt;code&gt;StateGraph&lt;/code&gt; syntax. We'd take on a heavy dependency while our actual core logic (like the 40-line data-flow validator) becomes harder to tweak.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;2. Pre-compiled graphs vs. runtime composition.&lt;/strong&gt;&lt;br&gt;
A graph requires defining paths ahead of time. Our planner composes a fresh step sequence at runtime for &lt;em&gt;every single event&lt;/em&gt;, checked by a validator before execution. You can force a static framework to do dynamic routing, but then the graph stops being the source of truth. You end up fighting the framework's core abstraction.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;3. Shared state vs. strict isolation.&lt;/strong&gt;&lt;br&gt;
Our central thesis is that a step should only see its declared context slices. Graph frameworks default to passing a massive shared state object through every node. We’d be constantly fighting the framework's default behavior to enforce the one rule we care about most.&lt;/p&gt;

&lt;p&gt;If our workflows were mostly static and predictable, LangGraph would save us real work. Ours aren't.&lt;/p&gt;

&lt;p&gt;But the deeper point is this: &lt;strong&gt;our event-driven case design entirely sidesteps the need for durable execution.&lt;/strong&gt; Frameworks earn their keep by handling suspend/resume, timers, and exactly-once side effects. Because "no new messages" &lt;em&gt;is&lt;/em&gt; our waiting state, the system naturally suspends without needing underlying infrastructure to maintain it. If we ever actually need durable execution, we’ll reach for a dedicated engine like Temporal—not an agent framework.&lt;/p&gt;




&lt;h2&gt;
  
  
  What's Still Hard
&lt;/h2&gt;

&lt;p&gt;Top-level freedom introduces new failure modes. The planner can match the wrong playbook. It can compose a valid but suboptimal plan. Prose playbooks can drift from what the steps actually execute. Our guardrails catch a majority of this, but this is a live frontier, not a solved problem.&lt;/p&gt;

&lt;p&gt;The through-line of this whole journey is that you don't arrive at the architecture—you get pushed into it by reality. Ultimately, the customer who replies three days late wrote more of our architecture than we did.&lt;/p&gt;

&lt;h3&gt;
  
  
  Architectural Takeaways
&lt;/h3&gt;

&lt;p&gt;If you are building long-lived, agentic systems:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Don't make the model hold what the harness holds better.&lt;/strong&gt; Offload sequencing, durable state, and lifecycle management to traditional code.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Treat context as memory.&lt;/strong&gt; Strictly scope each step's view. Models reason better over small, relevant contexts.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Model the arriving unit as an event, not a task.&lt;/strong&gt; Work is fragmented; your architecture should expect interruption.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Build a first-class "just respond" path.&lt;/strong&gt; Forcing a workflow when a direct answer suffices destroys the user experience.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Earn freedom with guardrails.&lt;/strong&gt; Use static validation (like our data-flow checker) to make self-composing agents safe.&lt;/li&gt;
&lt;/ol&gt;




&lt;p&gt;&lt;em&gt;We're building &lt;a href="https://dev.to/twio_ai"&gt;twio&lt;/a&gt;, an AI assistant for mortgage brokers. If you're wrestling with the same questions about long-lived, event-driven agent architectures, we'd love to compare notes.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>ai</category>
      <category>llm</category>
      <category>architecture</category>
      <category>agents</category>
    </item>
    <item>
      <title>Why Twio Chose Vertex AI Search over pgvector for Production RAG</title>
      <dc:creator>Twio_AI</dc:creator>
      <pubDate>Mon, 22 Jun 2026 00:00:58 +0000</pubDate>
      <link>https://dev.to/twio_ai/why-twio-chose-vertex-ai-search-over-pgvector-for-production-rag-51jm</link>
      <guid>https://dev.to/twio_ai/why-twio-chose-vertex-ai-search-over-pgvector-for-production-rag-51jm</guid>
      <description>&lt;p&gt;When we first built RAG at Twio, pgvector was the obvious pick. Our business data was already in PostgreSQL, and dropping embeddings into the same database was the fastest path to a working product.&lt;/p&gt;

&lt;p&gt;For the first version, that was right. As we scaled, the problem stopped being "how do we store vectors?" and became "how do we reliably understand thousands of broker documents, emails, and attachments in production?" That changed the answer. Today, Vertex AI Search is our main retrieval layer.&lt;/p&gt;

&lt;h2&gt;
  
  
  RAG is Twio's memory layer, not a search feature
&lt;/h2&gt;

&lt;p&gt;Twio is an AI SaaS for loan brokers. A single client case is a mess of fragmented information:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;email threads&lt;/li&gt;
&lt;li&gt;payslips, bank statements, identity documents&lt;/li&gt;
&lt;li&gt;loan forms, lender requirements&lt;/li&gt;
&lt;li&gt;handwritten notes, follow-up emails, missing-document requests&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The AI needs to answer questions like:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;What documents has this client already sent?&lt;/li&gt;
&lt;li&gt;Which email mentioned the missing requirement?&lt;/li&gt;
&lt;li&gt;Does this bank statement support the income claim?&lt;/li&gt;
&lt;li&gt;Summarize all documents related to this borrower.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;If retrieval is weak, the answer is weak. If indexing lags, context is missing. If parsing is wrong, the model sees the wrong evidence. RAG isn't a feature on the side — it's the memory layer of the product.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why pgvector was the right first choice
&lt;/h2&gt;

&lt;p&gt;Twio is a multi-tenant SaaS, so retrieval can't just return "similar content" — it has to return similar content scoped to the right user, client, application, or file. pgvector made that trivial: embeddings sat next to the business records, joined cleanly, and filtered with plain SQL.&lt;/p&gt;

&lt;p&gt;The early wins were real:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;no new infrastructure&lt;/li&gt;
&lt;li&gt;low cost, easy local dev&lt;/li&gt;
&lt;li&gt;SQL inspection for debugging&lt;/li&gt;
&lt;li&gt;straightforward metadata filtering&lt;/li&gt;
&lt;li&gt;fast to ship&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;It let us build the first version quickly and learn from actual usage. That matters more than people give it credit for.&lt;br&gt;
&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Flnwrd6ayn9xd0hscn4ue.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Flnwrd6ayn9xd0hscn4ue.png" alt=" " width="800" height="650"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Where pgvector stopped paying off
&lt;/h2&gt;

&lt;p&gt;pgvector didn't fail. It did exactly what it's designed for. The issue was that vector storage is only one slice of the RAG pipeline, and pgvector left every other slice to us:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;download attachments&lt;/li&gt;
&lt;li&gt;extract text from PDFs, run OCR on scans&lt;/li&gt;
&lt;li&gt;chunk documents, generate embeddings&lt;/li&gt;
&lt;li&gt;design metadata, build retrieval queries&lt;/li&gt;
&lt;li&gt;tune indexes, improve ranking&lt;/li&gt;
&lt;li&gt;monitor Postgres load, debug retrieval quality&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;A clean PDF is easy. A scanned bank statement isn't. An email body is easy. An email with five attachments, lender forms, tables, and partial OCR isn't. A demo dataset is easy. A real broker workspace with years of historical emails isn't.&lt;/p&gt;

&lt;p&gt;With pgvector, every weakness in that pipeline was ours to fix. When retrieval quality dropped, the suspect list ran all the way from OCR through chunking and embedding to vector distance, SQL filtering, ranking, and DB performance. The extension is simple. The production RAG system around it isn't.&lt;/p&gt;

&lt;p&gt;The cost shifted from cloud bill to engineering time — and engineering time was the constrained resource.&lt;/p&gt;

&lt;h2&gt;
  
  
  pgvector vs Vertex AI Search, in Twio's terms
&lt;/h2&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Scenario&lt;/th&gt;
&lt;th&gt;pgvector&lt;/th&gt;
&lt;th&gt;Vertex AI Search&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Clean text PDF&lt;/td&gt;
&lt;td&gt;We own extraction, chunking, embedding, storage, search&lt;/td&gt;
&lt;td&gt;Vertex handles most of the indexing and retrieval workflow&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Scanned document&lt;/td&gt;
&lt;td&gt;We build or integrate OCR ourselves&lt;/td&gt;
&lt;td&gt;Vertex absorbs much of the document-processing logic&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Broker asks a document question&lt;/td&gt;
&lt;td&gt;We own query design, ranking, filtering&lt;/td&gt;
&lt;td&gt;Managed search with stronger out-of-the-box quality&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Attachment bursts&lt;/td&gt;
&lt;td&gt;Postgres carries more search and indexing load&lt;/td&gt;
&lt;td&gt;Search workload lives outside the main database&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Debugging&lt;/td&gt;
&lt;td&gt;Excellent SQL visibility, but many custom layers to inspect&lt;/td&gt;
&lt;td&gt;Less low-level control, but far less custom infra to debug&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Cost&lt;/td&gt;
&lt;td&gt;Lower direct service cost&lt;/td&gt;
&lt;td&gt;Higher service cost, lower engineering and maintenance cost&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Production readiness&lt;/td&gt;
&lt;td&gt;Significant custom work required&lt;/td&gt;
&lt;td&gt;Easier to operate as a managed layer&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;&lt;strong&gt;pgvector was cheaper as a database extension. Vertex is cheaper as a product decision.&lt;/strong&gt; The cloud bill is one input; engineering time, reliability, and iteration speed are the bigger ones at our stage.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why Vertex fits Twio's shape of problem
&lt;/h2&gt;

&lt;p&gt;Twio's RAG problem is document-heavy. We aren't searching short snippets — we're dealing with messy broker PDFs, scans, forms, tables, and forwarded attachments. Vertex helps in four concrete ways:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Less infrastructure to own.&lt;/strong&gt; Indexing and retrieval are handled by the managed layer, so we don't rebuild that surface.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Less document-processing logic to maintain.&lt;/strong&gt; OCR and parsing for messy broker files is one of the harder parts of the pipeline to keep healthy. Vertex covers much of it.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Postgres stays focused on what it's good at&lt;/strong&gt; — business data, transactions, workflow state — instead of competing with OLTP work for the same resources.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;It scales more naturally&lt;/strong&gt; as document volume grows.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Vertex isn't free, but the alternative isn't either. Building OCR, indexing, ranking, monitoring, and tuning ourselves has its own bill — paid in engineer-weeks.&lt;br&gt;
&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F18fsqompa5ea18g1vpgy.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F18fsqompa5ea18g1vpgy.png" alt=" " width="800" height="570"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  What pgvector still does well
&lt;/h2&gt;

&lt;p&gt;pgvector is still a strong choice when:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;data volume is moderate&lt;/li&gt;
&lt;li&gt;you're already on Postgres and want retrieval close to your data&lt;/li&gt;
&lt;li&gt;your documents are already clean text&lt;/li&gt;
&lt;li&gt;you need tight SQL filtering and full control&lt;/li&gt;
&lt;li&gt;you want a fast, low-cost first version&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;For us, it was the right first implementation — and it taught us what retrieval the product actually needed. It may stay in the stack for internal or fallback use cases.&lt;/p&gt;

&lt;h2&gt;
  
  
  Takeaway
&lt;/h2&gt;

&lt;p&gt;The lesson from Twio's RAG evolution is simple:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Start with the tool that helps you learn fastest. Move to the tool that helps you operate best.&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;pgvector got us to a working RAG system quickly. As the product matured, the real challenge shifted to document processing, indexing quality, and operational reliability — and at that point, Vertex AI Search became the better fit. It costs more as a service and less as a system to maintain. For a SaaS at Twio's stage, that's the trade that matters.&lt;/p&gt;

</description>
      <category>ai</category>
      <category>architecture</category>
      <category>database</category>
      <category>rag</category>
    </item>
    <item>
      <title>From pg-boss to Cloud Tasks: Fixing Queue Bursts and DB Connection Failures on Serverless</title>
      <dc:creator>Twio_AI</dc:creator>
      <pubDate>Tue, 02 Jun 2026 03:23:40 +0000</pubDate>
      <link>https://dev.to/twio_ai/from-pg-boss-to-cloud-tasks-fixing-queue-bursts-and-db-connection-failures-on-serverless-ii5</link>
      <guid>https://dev.to/twio_ai/from-pg-boss-to-cloud-tasks-fixing-queue-bursts-and-db-connection-failures-on-serverless-ii5</guid>
      <description>&lt;p&gt;At Twio we picked pg-boss for our job queue, ran into trouble when we went serverless, looked at Pub/Sub, and ended up on Google Cloud Tasks. This is what each queue got right, what it got wrong for our workload, and the rule we landed on for choosing between them.&lt;/p&gt;

&lt;h2&gt;
  
  
  The workload
&lt;/h2&gt;

&lt;p&gt;Twio is an AI SaaS for loan brokers. The piece that needs a job queue is email processing: download an email, parse the body and attachments, OCR, classify with an LLM, write structured data, and index for RAG. One email with five attachments easily becomes 30+ background jobs. A batch upload becomes hundreds.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why pg-boss worked — until it didn't
&lt;/h2&gt;

&lt;p&gt;Our database was Postgres on Neon, so pg-boss was the obvious starting point. No extra infrastructure, and one feature we genuinely loved: &lt;strong&gt;transactional enqueue&lt;/strong&gt;. Because jobs live in the same database as business data, you can create a job in the same transaction as the row that triggered it. No dual-write problem, no "DB succeeded but the queue API failed" inconsistency.&lt;/p&gt;

&lt;p&gt;It also gave us retries, delayed jobs, dead-letter queues, dedup keys, and full SQL visibility into stuck or failed jobs. For a Postgres-first app on always-on infra, it's an excellent tool.&lt;/p&gt;

&lt;p&gt;Then we moved heavy processing to Cloud Run, and the cracks showed up.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;pg-boss polls. Neon suspends. They want opposite things.&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;pg-boss runs a query roughly every 1–2 seconds to look for the next job, plus maintenance queries. Neon autosuspends compute when nothing touches the database. If the queue is polling every second, Neon's idle timer never expires — you pay for always-on compute even when the queue is empty.&lt;/p&gt;

&lt;p&gt;Worse, when Neon &lt;em&gt;did&lt;/em&gt; manage to suspend, the next poll had to wake it. That wake-up takes hundreds of ms to a few seconds, and queries that triggered it would fail with &lt;code&gt;Connection terminated&lt;/code&gt;, &lt;code&gt;ECONNRESET&lt;/code&gt;, or timeouts. Pooled connections made it worse: the pool kept sockets that the server had already closed during suspend, and the next polling cycle picked one up and broke.&lt;/p&gt;

&lt;p&gt;This isn't a pg-boss bug. It's an architectural mismatch.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why Pub/Sub wasn't the answer
&lt;/h2&gt;

&lt;p&gt;Pub/Sub is event-driven — no polling against Postgres, Neon can suspend freely. That fixed the obvious problem, but introduced a worse one for our shape of work.&lt;/p&gt;

&lt;p&gt;Pub/Sub is built to move messages &lt;strong&gt;fast&lt;/strong&gt;. We needed a queue that moves messages &lt;strong&gt;carefully&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;Two specific failure modes hit us:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Retry amplification.&lt;/strong&gt; A parent import job publishes 100 child parse messages, then crashes before acking. Pub/Sub redelivers the parent. The parent re-publishes 100 children. After a few retries, you have hundreds of duplicate child jobs.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;No native job-level pacing.&lt;/strong&gt; If 300 messages land at once, subscribers consume them as fast as they can — slamming our parser, Neon, the LLM provider, and third-party APIs simultaneously. Pub/Sub has flow control on the subscriber side, but it's not the kind of per-queue dispatch throttle we needed.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Plus the ack-deadline problem on long parse jobs, where a missed lease extension causes redelivery while the original is still running.&lt;/p&gt;

&lt;p&gt;All of these are solvable with idempotency keys, outboxes, and bounded retries — but at that point you're rebuilding what a job queue should give you out of the box.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why Cloud Tasks fit
&lt;/h2&gt;

&lt;p&gt;Cloud Tasks is push-based: when a task is due, Google sends an HTTP request to our handler. When there are no tasks, nothing touches our database. That alone resolved the pg-boss/Neon conflict — Neon suspends, costs drop, no more wake-up connection errors.&lt;/p&gt;

&lt;p&gt;But the real reason it fit was &lt;strong&gt;per-queue dispatch control&lt;/strong&gt;:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight yaml"&gt;&lt;code&gt;&lt;span class="c1"&gt;# queue.yaml&lt;/span&gt;
&lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="na"&gt;name&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;email-parse&lt;/span&gt;
  &lt;span class="na"&gt;rateLimits&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
    &lt;span class="na"&gt;maxDispatchesPerSecond&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="m"&gt;10&lt;/span&gt;
    &lt;span class="na"&gt;maxConcurrentDispatches&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="m"&gt;20&lt;/span&gt;
  &lt;span class="na"&gt;retryConfig&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
    &lt;span class="na"&gt;maxAttempts&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="m"&gt;5&lt;/span&gt;
    &lt;span class="na"&gt;minBackoff&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;10s&lt;/span&gt;
    &lt;span class="na"&gt;maxBackoff&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;600s&lt;/span&gt;
    &lt;span class="na"&gt;maxDoublings&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="m"&gt;4&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Enqueue 300 tasks in a second and Cloud Tasks won't deliver them all at once — it paces dispatch to the limits we set. Our parsers, Neon, and the LLM provider stay protected from bursts.&lt;/p&gt;

&lt;p&gt;It also gives us operational levers Pub/Sub doesn't: list tasks, inspect depth, pause a queue, purge a bad batch. When a fan-out goes wrong, we can stop it.&lt;/p&gt;

&lt;h2&gt;
  
  
  What Cloud Tasks doesn't solve
&lt;/h2&gt;

&lt;p&gt;Two things, both important.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;It's still at-least-once.&lt;/strong&gt; A handler can finish the work and Cloud Tasks can still redeliver if the HTTP response is lost. Handlers must be idempotent.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Fan-out duplication is still possible.&lt;/strong&gt; If the parent creates 100 child tasks and then fails before returning 200, the retried parent creates them again. The fix here is deterministic task names:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;parse-{emailId}-{attachmentId}
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Cloud Tasks rejects duplicate names within its retention window, so the second attempt is a no-op. But you have to design for it — it's not automatic.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;And it doesn't recover transactional enqueue.&lt;/strong&gt; Cloud Tasks lives outside the database, so creating a task after a DB write is a dual-write. If you need strict atomicity, the answer is still an outbox: write the business row and an outbox row in one transaction, have a relay publish to Cloud Tasks and mark the row published. No external queue makes this go away.&lt;/p&gt;

&lt;h2&gt;
  
  
  The rule we landed on
&lt;/h2&gt;

&lt;p&gt;Queue selection isn't about finding the best queue. It's about matching the queue to the runtime model.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;pg-boss&lt;/strong&gt; for small internal jobs in always-on services where Postgres transactionality matters.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Cloud Tasks&lt;/strong&gt; for cross-system, serverless workflows where we need to protect Neon, LLM providers, and third-party APIs from bursts.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;And three rules that apply regardless:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Every handler is idempotent.&lt;/li&gt;
&lt;li&gt;Fan-out children have deterministic keys.&lt;/li&gt;
&lt;li&gt;If enqueue must be atomic with a business write, use an outbox.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Cloud Tasks fixed our infrastructure mismatch, but the real win was clarifying what the queue is responsible for. Infrastructure handles scheduling, retries, and rate limits. Correctness belongs to the application.&lt;/p&gt;

</description>
      <category>architecture</category>
      <category>cloud</category>
      <category>postgres</category>
      <category>serverless</category>
    </item>
  </channel>
</rss>
