Notes from the engineering bench.
Page 4 of 5
Blog posts — page 4
How to add AI features to an existing SaaS without burning your runway
Ship AI features that earn their token budget. A pragmatic playbook for bootstrapped SaaS — picking the right first feature, tier-gating usage, capping spend, and designing for graceful failure.
Next.js 15 App Router production patterns: what's actually changed
Next.js 15 is the App Router past its awkward teenage phase. Async params, partial prerendering, a new cache model, and a Turbopack that finally ships production builds. Here is what works in production, what still hurts, and where teams keep tripping.
Prompt caching strategies that cut Claude API bills by 70%
Prompt caching is the single biggest cost lever on RAG and agent workloads. Here's the math, the right cache_control placement, and the traps that quietly tank cache hit rates.
OWASP Top 10 for SaaS applications in 2026
The OWASP Top 10 is the baseline every SaaS team should audit against. Here's the 2026 list translated into SaaS terms — real examples, the mitigation that actually works, and a check you can run today.
Deploying Node.js at scale: PM2 vs Kubernetes vs Fly.io vs Vercel
Most teams pick the wrong deployment target for their stage. Here's a stage-by-stage breakdown of PM2 on a single VPS, Fly.io, Vercel, and Kubernetes — with real cost numbers, ops tradeoffs, and the failure modes nobody warns you about.
Fine-tuning vs RAG vs prompting: a decision framework for 2026
Three tools, three jobs. Here is the framework our team uses to decide when to fine-tune, when to reach for RAG, and when a well-designed prompt is genuinely all the problem needs.
Form validation patterns: React Hook Form + Zod in production
React Hook Form handles the state, Zod owns the truth. This is the schema-first pattern we ship on every production SaaS form — resolver wiring, server-side reuse, async validation, dynamic fields, and the accessibility pieces teams forget until an audit lands.
Marketplace take-rate economics: finding the sweet spot
Take rate is the single most consequential lever on a two-sided marketplace. Pick it too low and you can't afford growth; pick it too high and supply defects. Here's how the big platforms got to their numbers, and how to pick yours.
Node.js in 2026: ESM everywhere, native test runner, permission model
Node.js in 2026 looks very different from Node.js in 2022. ESM is the default, the test runner ships in the box, the permission model is stable, and TypeScript runs without a build step. Here is what actually changed, what to migrate, and where Jest and Mocha still earn their keep.
Building rate limiters that scale: Redis, sliding windows, and token buckets
Rate limiting is one of those boring backend primitives that only becomes interesting the day it breaks. Here's a honest comparison of the four algorithms that matter, the Redis patterns that make them work across nodes, and the traps — clock skew, stampedes, hot keys — that catch teams the first time they ship at real volume.