Ian Macartney
@ianmacartney
Followers
1K
Following
332
Media
90
Statuses
497
friendly engineer. works at https://t.co/W72Fib5QYx former infra lead for previews @ Dropbox 🦋 https://t.co/MrHlnAMxBj
California
Joined April 2008
Big updates to the Agent Component:.- Abort an async stream remotely.- Pending, failed, and aborted streamed messages auto-save.- AI SDK v5 support.- Easier to use alongside AI SDK vs. wrapping.- Type-safe custom context passed to tools.- <SmoothText>msg.text</SmoothText>
9
3
71
Full Stack post on Authorization is out!.
stack.convex.dev
Learn about authorization techniques and how to implemented them with practical examples.
2
0
11
[Authorization 5/].Nothing is absolute. Defense in depth is a sign of maturity, but can also slow you down and give you a false sense of security. If it's "everyone responsibility," no one layer feels pressure to be responsible. Also: compliance is a real thing.
1
0
1
[Authorization 4/].IMO middleware and RLS are the definition of "spooky action at a distance" - one of my favorite phrases I picked up at @convex_dev. "oh that's happening in this other file, even there's no way of telling that from here.".
1
0
2
[Authorization 3/].Client "authorization" isn't a security strategy, but that doesn't mean you can't care about UX and steer users towards content they *do* have access to, and give feedback as close to the touch point as possible.
1
0
1
[Authorization 2/].Once you’re in a trusted environment, there’s an odd curve: as you go from generic middleware towards the endpoint def, your context *increases*, then as you go towards utility functions and raw database ops, you *lose* context on the original *user intent*.
1
0
2
[Authorization 1/].I realized after adding better parametrization to my middleware-ish library, that I have a lot of opinions on authorization!. For one, the highest leverage place to enforce authn & authz is at the boundary between untrusted & trusted environments. Why? 🧵
1
5
37
RLS should be the last line of defense, not first. Defense in depth is great, but the most precise authorization can happen where the user intent is most clear (& within a trusted environment). Have already started a Stack post on Auth{n,z}- will publish soon!
Public DBs with rules at the row level is a security anti-pattern. The right way to do things is to make the DB private and only accessible by your backend. Then, implement access rules in the API. @kiwicopple why push this pattern rather than correct private auth ?.
2
2
8
I love working here; there's always high leverage things to do. I especially like that the approach is principled, opinionated, and (imo) starting with the right primitives. Who do you know that cares a lot about API design?.
@Andrew_Rentsch @convex_dev Not an official roadmap but re this job role: redesigning pagination, client-side ID allocation, better optimistic updates, a query primitive with ~no execution time/size limits, better index syntax, a new scheduling primitive for triggering execution when data changes, simplify.
1
0
10
Met the team recently - very impressed how fast they've built this. And giving more control over the underly Convex app / data feels like a really good model for graduating vibe apps into scalable businesses 👏.
VibeFlow (@vibeflowai) is the fastest way to build robust full-stack apps without code, giving you full control over your backend with visual, n8n-style workflows. Build your app visually with VibeFlow:
0
3
20
Is there a clean way for library authors to support both AI SDK v4 and v5 simultaneously?. Naming a type EmbeddingModelV1 implied to me that there was a plan for backwards compatibility. EmbeddingModelV1 type was removed when V2 was added 🤔.
3
0
1
iykyk
Gave a talk last night about building the Agent/RAG/etc components. Why they are the way they are, and more. Full📺 in🧵
1
0
2
Gave a talk last night about building the Agent/RAG/etc components. Why they are the way they are, and more. Full📺 in🧵
4
4
18
5 different package releases in 5 hours. Alphas are great for shipping fast
1
0
9
Documentation for the Agent component is live 🎉. -> docs.convex.dev/agents. Odd coincidence that there's ~2300 lines of documentation & example code 🤔. maybe more surprising there's fewer lines of React?.@convex-dev/agent
2
4
25
That was a doozy! Docs and examples galore, will share more soon.
github.com
to start it includes a few other PRs that will get landed sooner Fixes #81 By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the...
3
0
8
@convex-dev/agent. RAG component: Repo (OSS): Agent component:
0
0
1