2026-03-09 — Performance and admin hardening
What shipped today
Three performance issues and one admin compliance feature shipped today, all from the post-launch hardening backlog. The common theme was efficiency — moving work closer to where it belongs (SQL for aggregation, async for I/O) and adding accountability where it was missing.
The engine got two parallelization upgrades. Feed fetching in rss_scan now runs up to 5 feeds concurrently via asyncio.gather() with a semaphore, cutting scan times from O(n × latency) to roughly O(n/5 × latency) for users with many feeds. This mirrors the same pattern already applied to article.batch_fetch in #103 yesterday — the engine’s I/O-bound handlers are now consistently concurrent.
On the web side, the admin pipeline page had an unbounded query that fetched every row from the commands table just to compute type-level stats in JavaScript. That’s now a proper SQL aggregate via a new admin_type_stats() RPC function, removing ~30 lines of client-side aggregation. The admin impersonation flow also got an audit log — every start/stop action is now recorded in admin_audit_log with admin ID, target user, and timestamp, visible on the admin dashboard.
Completed
- #100 — Parallelize feed fetching in rss_scan with asyncio.gather
- #101 — Replace unbounded admin pipeline typeStats query with SQL aggregate
- #102 — Add audit logging for admin impersonation sessions
Release progress
All four milestones (M1–M4) are closed. No open milestones — all 28 issues shipped.
Carry-over
- PostHog and Sentry verification still pending (env vars, events firing, error capture)
- Pre-existing build failure:
posthog-nodemodule not found — needsnpm install posthog-nodein web/
Risks
- The
posthog-nodebuild failure means Vercel deploys may be using a cached successful build. If the cache invalidates, deploys will break until the dependency is installed.
Flags and watch-outs
admin_audit_loghas RLS enabled but no policies — it’s only accessible via service role (admin client). If someone adds RLS policies later, they need to account for this being admin-only.- The
admin_type_stats()RPC issecurity definer— runs with the function owner’s permissions. Appropriate for admin use but worth noting.
Next session
- Install
posthog-nodein web/ and verify the build passes cleanly - Verify PostHog and Sentry are actually capturing events in production
- Check remaining open issues (#31, #47, #64, #72, #77) — all are
needs-decomposeorbacklog. Consider whether any warrant active work or if the project is in maintenance mode.
Why customer tools are organized wrong
This article reveals a fundamental flaw in how customer support tools are designed—organizing by interaction type instead of by customer—and explains why this fragmentation wastes time and obscures the full picture you need to help users effectively.
Infrastructure shapes thought
The tools you build determine what kinds of thinking become possible. On infrastructure, friction, and building deliberately for thought rather than just throughput.
Server-side dashboard architecture: Why moving data fetching off the browser changes everything
How choosing server-side rendering solved security, CORS, and credential management problems I didn't know I had.
The work of being available now
A book on AI, judgment, and staying human at work.
The practice of work in progress
Practical essays on how work actually gets done.
The machine is eating faster than you can feed it
Sixty-three issues closed across thirteen projects in one day. Four milestones completed. And the hardest problem wasn't building — it was keeping up with what you've already built.
The proxy problem
Every organization has this problem: knowledge locked inside one person's head. Today I accidentally designed a solution — and it has nothing to do with documentation.
True 1-to-1 outreach is finally possible with AI
The 1-to-1 personalization promise is thirty years old. It never worked because understanding each person was too expensive. AI changed the economics.