If you want to drive Claude Code or OpenAI Codex with code comments this is for you. Make sure to set up a good check command that takes files as arguments, such as eslint. The agent fixes issues in the changed files first, making the feedback loop tight.
for me i figured out it’s about the body. it’s ok to be lifted up from the body into the thinking mind but i “owe” my body to spend some time there as well.
sometimes all it takes is sitting 20min in the morning just observing sensations in my body, and saying good morning to various organs haha. sounds silly but creates a solid foundation for my day.
> layout, "server-only", accidentally bundling server code
the main issue i wanted to highlight is that things are not caught at type-check time. maybe vercel could provide eslint plugins? this could codify a lot of the caveats
> There's no way to get around thinking about AuthN/Z with any server APIs
very true! maybe there is a way to make the default secure somehow by making it awkward to publicly expose a POST route by accident. awesome that next.js 15 is doing things in that regard.
thanks for addressing the points leerob, shows the great governance mentioned in the end of the post :)
imo it's easier to spot the authn/authz issue here
export default function handler(
req: NextApiRequest,
res: NextApiResponse<ResponseData>
) {
// updating user details without authn/authz
}
than here
"use server"
export async function updateUser(email: string, age: number) {
// updating user details without authn/authz
}
without having read any next docs. engineers got trained to consider authn/authz the moment they see "http route/endpoint", maybe being more explicit about what happens in the api would help?
or next could provide an authn api for server actions that authn providers would implement?
while working on a few slack apps and llm agents i couldn't help but notice how chat platforms like slack could be to agents what message brokers (kafka, rabbitmq, sqs) are to services.
