weeklyfoo #143

weeklyfoo #143 is here: your weekly digest of all webdev news you need to know! This time you’ll find 39 valuable links in 5 categories! Enjoy!

🚀 Read it!

• I Wrote a 70x Faster SQL Parser While Barely Looking at the Code: Rebuilding PostHog’s SQL parser using Claude Code in parallel sessions — 70x faster than the C++ ANTLR parser, validated with property-based testing by PostHog / ai, engineering / 11 min read

📰 Good to know

• Building a Design System Specced for Engineers and Agents: How Evil Martians built a design system readable by both engineers and AI agents in seven weeks, cutting the usual audit time with LLM assistance by Evil Martians / design, ai, engineering / 13 min read
• Temporary Cloudflare Accounts for AI Agents: Cloudflare’s new —temporary flag in Wrangler lets AI agents deploy Workers without human sign-up or MFA by Cloudflare / cloudflare, ai, agents / 8 min read
• Everything a Senior Engineer Needs to Know About LLMs: A 30-minute deep dive into Transformers, self-attention mechanisms, and the architecture choices that shape modern language models by pathtostaff / ai, engineering / 30 min read
• Streaming HTML Might Become a Thing: Declarative partial updates — a browser proposal for streaming HTML placeholders — brings framework-style patterns straight to the web platform by Ollie Williams / web, html, browser / 4 min read
• In Praise of Memcached: The case for choosing Memcached over Redis when you need fast, stateless caching without the complexity of persistence and data structures by jchri.st / databases, performance / 5 min read
• Astro 7.0: Faster build times with a new Rust-powered compilation and Markdown/MDX processing pipeline — Advanced Routing adds full control over the request pipeline by Astro Team / astro, javascript, tooling / 21 min read
• Vite 8.1: Experimental bundled dev mode radically speeds up dev server startup and full reloads on large apps, plus WASM/ESM integration support by Vite Team / javascript, tooling / 7 min read
• window.showDirectoryPicker Opens Up a Whole New World: Chrome’s File System Access API lets web apps access local directories — enabling in-browser dev tools and full file editors by Steve Harrison / web, browser, javascript / 2 min read
• Modern CSS Theming: How to use light-dark(), contrast-color(), and style-queries for themes that adapt automatically to system preferences by Una Kravets / css, web / 7 min read
• The Low-Tech AI of Elden Ring: How Elden Ring’s enemies use a stack-based goal management system — a surprisingly simple and effective alternative to behavior trees for dynamic hierarchical AI behavior by nega.tv / engineering, gamedev, ai / 15 min read
• PACT: Anonymous Credentials for the Web: Mozilla’s proposal for cryptographic bot-rate-limiting without user tracking or device fingerprinting — sites can throttle bots via math, not surveillance by Dennis Jackson / security, privacy, browser / 20 min read
• What’s Coming in Postgres 19: Quality-of-life improvements arriving in Postgres 19 — REPACK, partitioning enhancements, SQL/PGQ graph queries, and GROUP BY ALL by Craig Kerstiens / databases, postgres / 14 min read
• The HTTP QUERY Method: New idempotent HTTP method for sending request bodies in read-only queries — filling the gap between GET and POST for large query payloads by IETF / web, http / 30 min read
• Node.js 26.4 Adds Package Maps: Experimental package maps resolve modules from a static JSON file instead of walking node_modules — plus early support for the new vfs subsystem by Antoine du Hamel / javascript, nodejs / 16 min read
• Blocking Install Scripts Is Not a Silver Bullet: npm v12 skips install scripts by default, but a compromised package’s code still runs at import time — Node’s permissions model and sandboxing are the actual defense by Ulises Gascon / javascript, nodejs, security / 21 min read
• GitHub Actions Steps Can Now Run in Parallel: Step-level parallelism lets multiple steps run concurrently within a job without needing separate jobs or a matrix workaround by GitHub / github, tooling, ci / 4 min read
• Rspack 2.1: Ships TypeScript 7 support and the Rust-based React Compiler — faster builds for projects using the new type stripping and Rust-compiled JSX transform by Rspack Team / javascript, tooling, rust / 17 min read
• Agent Hooks for Deterministic Guardrails: How to use agent hooks to enforce rules AI agents cannot ignore — 100% deterministic checks that fire during work, not after by Zarar / ai, agents / 7 min read

🧰 Tools

• Recall: Local memory plugin for Claude Code — captures session activities offline and generates concise project summaries without external servers or API keys by raiyanyahya / claude, ai, tools
• Orca: AI orchestration tool for running multiple coding agents in parallel, with terminal splits, design mode, and a mobile companion for monitoring workflows by stablyai / ai, agents, tools
• cnfast: Drop-in alternative to tailwind-merge, clsx, and classnames with up to 7x faster class merging by Aiden Bai / css, tailwind, tools
• Polygraph: Nx’s meta-harness that connects all your organization’s repos into a synthetic monorepo, letting AI agents read, write, and grep across repo boundaries by Nx / ai, agents, tools
• ast-grep Outline: New feature lets AI agents inspect a file’s symbol structure without reading the whole file — fewer tokens, faster code navigation by ast-grep / ai, tools, ast
• Hunk: Terminal diff viewer built for agent-authored changesets — review-first with multi-file streams, inline AI annotations, and a skill file for automated feedback sessions by modem-dev / ai, tools, terminal, git
• Pagecast: Publish local HTML, Markdown, and static mini apps to shareable Cloudflare Pages URLs from the terminal or coding agents. by Amal David / cloudflare
• Migration Autopilot: GitHub Action that reviews database migration PRs for dangerous patterns — column drops, renames, truncations, and similar footguns by Migration Autopilot / databases, postgres, tools
• Go Micro: Agent harness and service framework for Go — model routing, memory, tools, guardrails, durable workflows, MCP and A2A gateways via pluggable Go interfaces by Go Micro / ai, agents, golang, tools
• Hasp: Local-first secret broker with project bindings, time-bounded grants, and first-class agent support — inject secrets into processes or supply them on-demand by Hasp / security, agents, tools
• pnpm pnpr: Experimental pnpm-compatible npm registry server written in Rust — early preview of self-hosted package registry support for pnpm workspaces by pnpm / javascript, nodejs, tools
• AccessControl 3.0: RBAC/ABAC access control library with a real policy engine, conditional grants, ownership enforcement, mandatory restriction gates, and audit hooks by Onur Yildirim / security, tools
• design.md: Format spec for describing a visual identity to coding agents — structured design context that complements CLAUDE.md for AI-assisted development workflows by Google Labs / ai, design, agents, tools
• tw-fade: Tailwind CSS v4 plugin for CSS mask fades on scroll containers — scroll edge effects with zero custom CSS by Pete Boere / css, tailwind, tools
• Takumi 2.0: Rust-powered engine that renders JSX to images without a headless browser — v2.0 adds SVG output and on-demand Google Fonts by Kane Wang / javascript, react, tools
• ForesightJS 4: Predicts user intent from mouse and keyboard cues to prefetch content for a snappier UX — v4 adds a declarative React component by ForesightJS / javascript, performance, tools
• grove: Git worktree manager that automates dependency cloning and dev server management per worktree — less boilerplate for parallel branch work by Iheanyi Ekechukwu / git, tools

🤪 Fun

• I Stored a Website in a Favicon: Encoding HTML into the RGB channels of a favicon so the browser can extract and render it via JavaScript by Tim Wehrle / creative, web / 5 min read
• CSSQuake: Quake ported to HTML/CSS 3D geometry via PolyCSS — no WebGL or canvas renderer required by Agustin Capeletto / css, gamedev, creative / 1 min read

📺 Videos

• What’s Missing in Postgres?: Bruce Momjian tours features Postgres still lacks — sharding, connection pooling, columnar storage, and transparent data encryption by Bruce Momjian / databases, postgres