All Posts
WAF Allowlist Patterns
Block-by-default WAF approach using route allowlisting. Stronger security than
Redis and BullMQ Queue Patterns
Comprehensive guide to Redis-backed job queues with BullMQ in Node.js/NestJS
AI PR Review Validation Patterns
Common patterns where AI code reviewers (Claude, Copilot, Codex) produce false
Claude Code Agent Teams
Experimental feature for orchestrating multiple Claude Code instances as a coordinated team with shared task lists and inter-agent messaging
Gemini Asymmetric Embeddings
Gemini's text-embedding-004 uses asymmetric embedding with task_type to encode queries and documents differently, producing better retrieval results than symmetric models.
RAG Hybrid Search Architecture
Why single-method retrieval fails and how fusing dense, sparse, fuzzy, and managed search with Reciprocal Rank Fusion builds a retrieval pipeline that handles both semantic understanding and keyword precision.
pgvector HNSW Index in PostgreSQL
You don't need a dedicated vector database for semantic search — pgvector with HNSW indexes handles under 100K vectors at over 95% recall, right inside PostgreSQL.
EBS vs EFS: AWS Storage Comparison
Understanding when to use EBS (block storage) vs EFS (network filesystem).
ECS Autoscaling Patterns
Best practices for implementing ECS service autoscaling with migration task
NAT Gateway Architecture
Understanding NAT Gateway placement and VPC network flow.
AWS Security Groups Fundamentals
Security Groups are virtual firewalls for AWS resources, controlling inbound
Terraform Fundamentals
Core Terraform concepts for AWS infrastructure management.
Terraform RDS Credentials Management
Managing RDS credentials securely using variables instead of hardcoding.
AWS WAF Implementation
Web Application Firewall setup with allowlist approach.
Amplitude ETL Partitioning
How Amplitude event data is partitioned when moving from raw to refined storage.
Amplitude Export API Response Format
The Amplitude Export API returns data in a **nested compression format** that is
Backfill Stats Manifest on Early Exit
When a job has an early exit path (e.g., "no work to do"), always save a
Calendar EXDATE Behavior: Apple vs Google
Understanding how Apple Calendar and Google Calendar handle recurring event
Celery API-Side Dispatch Pattern
Creating a send-only Celery client in an API service that dispatches tasks to a
class-transformer Undefined Own-Property Bug
When `plainToInstance()` creates class instances under ES2022+ TypeScript
CPU Cache Locality in Batch Field Extraction
Multiple `.map()` calls over the same array force the CPU to reload each object
DataSource vs Repository Pattern
Architectural decision guide for choosing between direct DataSource usage and
ETL Data Separation Strategy
Mixing regular ETL data with manually recovered backfill data in the same S3
NestJS WebSockets Reference
Complete reference for implementing WebSocket functionality in NestJS.
pandas itertuples() vs iterrows()
`iterrows()` is the most common way to iterate over DataFrame rows, but it
PostgreSQL Advisory Locks with TypeORM
Application-level locks managed by PostgreSQL for coordination.
PostgreSQL IN Clause Parameter Limits
When querying by a large set of IDs using TypeORM's `In([...])` operator, the
Deduplicating Functions with Keyword-Only Parameters
Two modules contain near-identical functions with slight behavioral differences.
Sentry N+1 Query Detection
How Sentry detects N+1 queries at runtime, common false positives from parallel
Stale vs Orphan Blocks in Calendar Sync
When syncing calendar data from Google Calendar API, two distinct cleanup
Sync Token Invalidation Recovery (410 GONE)
When Google Calendar API returns 410 GONE, the sync token is invalidated and a
TypeORM CLI와 NestJS DataSource 충돌
TypeORM CLI를 NestJS 프로젝트에서 사용할 때 발생하는 연결 충돌 문제와 해결 방법.
TypeScript Type Narrowing Over Assertions
Prefer type narrowing over non-null assertions (`!`) and forced casting
updatedAt Staleness Guard
When receiving asynchronous updates (webhooks, message queues), compare the
Webhook vs User Activity
Webhooks from external services indicate **their** activity, not **your user's**
Amplitude Export API Timezone Behavior
How Amplitude Export API handles timezones and hour boundaries for event data
Airflow Celery Worker Log Server Configuration
When using CeleryExecutor with workers on separate machines, the webserver needs
Airflow CI/CD Concepts
Understanding Airflow deployment and CI/CD concepts through a kitchen analogy.
Airflow DAG-Level Callbacks
Airflow 2.x silently ignores `on_success_callback` at the DAG level. Only
Airflow DAG start_date and Manual Triggers
When manually triggering a DAG, Airflow may skip task execution if the trigger
Airflow Manual DAG Config Pattern
Pattern for allowing manual DAG triggers with custom parameters while keeping
Airflow Task Dependency Syntax
The `>>` operator in Airflow sets task dependencies and returns the downstream
Bash set -e and Command Substitution
When using `set -e` (exit on error), command substitution behaves unexpectedly
boto3 S3 put_object() Body Parameter Encoding
An ETL pipeline that uploaded JSON manifest files to S3 was failing with a
Claude Code PostToolUse Hooks
PostToolUse hooks fire after a tool completes. They receive JSON via stdin with
DAG Deployment Strategies
Different approaches to deploying Airflow DAGs, with trade-offs analysis.
Docker Compose CI/CD Patterns
Patterns for using Docker Compose in CI/CD pipelines: separating dev and prod configurations, ECR integration, and deployment strategies.
ECR Credential Helper
AWS's official solution for automatic ECR authentication. Instead of storing
ECR Token Refresh Cron
AWS ECR authentication tokens expire after 12 hours. For long-running Docker
ETL Schedule Timing
How to choose the correct ETL schedule based on data arrival patterns.
Linux Fundamentals
1. [Cgroups (Control Groups)](#cgroups-control-groups)
Local S3 with MinIO
MinIO is an S3-compatible object storage that runs locally via Docker.
Python Tooling Stack
Standard Python development tooling for all MOBA projects.
S3 Path Normalization Pattern
S3 key prefixes need consistent trailing slashes when building hierarchical
Stow Symlink Health Checking
GNU Stow creates symlinks from system config paths back to a dotfiles repo,
Terraform State Recovery
Procedures for recovering from Terraform state drift when state file doesn't
tmux Smart Session Auto-Start
Auto-start tmux via an iTerm2 Profile Command (`tmux-smart-attach`) with numeric
uv.lock Best Practice
Whether to commit `uv.lock` to version control.
Giscus SvelteKit Integration
Adding a comment system to a statically generated SvelteKit blog without
Mobile Input UX
Techniques for making custom-styled inputs work properly on mobile browsers.
Paraglide-JS i18n for SvelteKit
Adding Korean/English internationalization to a SvelteKit static blog without
Svelte 5 $effect Rune
In Svelte 5, the reactive statement syntax (`$: { }`) from Svelte 4 is replaced
Claude Code Expert Workflows
Synthesized patterns from three complementary expert sources: Boris Cherny (tool
CSS Inline-Replaced Element Gap
Elements like `<textarea>`, `<img>`, `<input>`, and `<video>` are
Documentation Patterns
The **Buffer Pattern** preserves important discoveries during AI-assisted
macOS Keychain Multi-Account Behavior
macOS Keychain allows multiple entries with the same service name but different
Markdownlint Conventions
Markdown files across the 3B knowledge base had inconsistent formatting: missing
React Demo Pipeline Pattern
Pattern for building a fully functional demo mode in a React dashboard when the
shadcn/ui Setup with Vite + Tailwind
Manual setup of shadcn/ui component primitives in a Vite + React + TypeScript +
zsh Backtick Evaluation in Claude Code Skills
Claude Code SKILL.md files can trigger zsh command substitution errors when
Google Calendar API: Recurring Event Updates
Handling "this", "thisAndFollowing", and "all" updates for recurring events.
Google Calendar Recurring Event Operations
Implementation patterns for `all`, `this`, and `thisAndFollowing` recurring
External Calendar Data Normalization
External calendar data (Apple Calendar, GNOME Evolution, travel apps) often
Partial Access Recurring Events
When users are invited to recurring events from the middle of a series, Google
rrule BYDAY Timezone Correction
The rrule JavaScript library interprets `BYDAY` weekday names in UTC, not the
RRULE EXDATE Parsing with Timezone
The `rrule` JavaScript library's `rrulestr()` function fails when:
Lemon Squeezy Subscription Management
Subscription lifecycle, cancellation, expiration, and reactivation.
Binary Checksum Verification
Verify downloaded binaries haven't been tampered with using SHA256 checksums.
IDOR Prevention via Required Parameters (Type-Level Enforcement)
Insecure Direct Object Reference (IDOR) occurs when an API allows users to
Alembic with Async SQLAlchemy
Configuring Alembic migrations to work with SQLAlchemy's async engine
Claude Code Multi-Profile HUD Setup
Running Claude Code with multiple accounts requires careful HUD configuration to show correct per-account usage stats. Here's how to fix cross-profile data leaks.
ECR/ECS Deployment Workflow
Complete guide to container deployment using Amazon ECR and ECS.
AWS VPC Networking Fundamentals
Comprehensive guide to AWS VPC networking: CIDR notation, subnet design, NAT Gateway placement, route tables, and complete Terraform examples.
FastAPI Dependency Injection Patterns
How to use Annotated types with FastAPI Depends() for reusable, type-safe dependency injection across routers.
Pessimistic Locking for Race Conditions
Use SELECT FOR UPDATE to prevent race conditions in check-then-insert patterns, with TypeORM implementation and duplicate key safety nets.
WebSocket Architecture in AWS ECS/ALB
How WebSocket connections work with ALB, ECS, and Redis Pub/Sub for real-time notifications in containerized environments.
OAuth 2.0 Implementation Patterns
Practical patterns for implementing OAuth 2.0 flows in backend services.
Understanding Traefik, Keycloak, and ForwardAuth
How to add centralized authentication to Kubernetes services using Traefik ForwardAuth, Keycloak, and OAuth2-Proxy.
Claude Code: Shared + Personal AI Config Pattern
Split AI instructions into committed (shared) and gitignored (personal) layers
Recharts Dark Theme Customization
Techniques for styling Recharts charts to match a dark terminal theme with CSS
AI Code Review Patterns
Patterns observed when AI reviewers (Claude, Copilot, Codex) generate invalid or misleading feedback, and how to handle each one.
Google Meet Link Creation
Lesson learned from implementing programmatic Google Meet link creation.
Batch Processing Trade-offs
When processing multiple entities that share database operations, there's a
ECS Auto-Scaling Deep Dive
Comprehensive guide to ECS auto-scaling concepts, algorithms, and container
GitHub PR Review API - Inline Comments
How to create PR reviews with inline comments using the GitHub API via `gh` CLI.
Two-Phase Deletion Pattern
A safe deletion pattern for systems without rollback capability where external
Infrastructure Hardening Checklist
Comprehensive security hardening checklist for AWS infrastructure. Covers
Google Calendar Sync Strategies
Full sync vs incremental sync patterns and calendar segregation logic.