@humanwhocodes.com
Human who codes. Creator of @eslint.org. Author. Speaker. Advisor. Coach. GitHub Star. Mastodon: https://fosstodon.org/@nzakas Blog: https://humanwhocodes.com Coaching: https://humanwhocodes.com/coaching
The Supabase MCP server is really nice. I use Bredbox's production MCP server in read-only mode which enables the agent to find problems more easily. It just debugged an OAuth error in production by pulling the logs. Saved a ton of time.
The urge to multi-task is strong when using AI for coding. Single-tasking, however, still makes you more productive. In my latest newsletter, I discuss strategies for staying focused while AI does the heavy lifting:
https://newsletter.human...
Here's a tip if, like me, you set up AI to do something in your Node.js project and walk away. Add this to your AGENTS.md
> If changes to package.json are necessary, do those changes last.
Prevents coming back an hour later to see nothing done because it was waiting for a confirmation.
I spent some time digging into proxying fetch requests in server-side JavaScript. It turns out each runtime does things somewhat differently. I wrote it all up here:
https://humanwhocodes.co...
One of the benefits of using a PRD-driven approach to AI-assisted programming, is you can ask a model to produce marketing material based on the functionality described in the PRDs.
Finally figured out how to speed up Bredbox page loads. π Outside of the cold start penalty, the page-to-page navigation is much faster now.
(I was hitting Supabase to verify the user on every request, but turns out that's not required with the new asymmetric token signing keys.)
Chrome Web Store requires you to publish a phone number along with your extension? Making me think twice about a Bredbox Chrome extension. The last thing I need is *more* spam phone calls.
Claude Desktop has been broken for me since Friday. The process starts but no UI is displayed.
My latest creation for Bredbox (with Copilot's help), a zero-dependency npm package that can extract the images from a .ico file (and also convert the BMPs to PNGs if you so desire):
https://www.npmjs.com/pa...
One thing I've been surprised to learn while building Bredbox is just how poor HTML structure is in the wild. I've seen <title> tags inside <body>, incorrect og:type, missing favicon <link> on just the homepage. It's a jungle out there.
Oh, I thought you were asking about social logins with the MCP server, not Supabase itself. Context is key.
I didnβt find it annoying. YMMV
The Bredbox OAuth authorization service is now live! π This is a case where AI not only implemented the code but taught me each step of the way. Just successfully tested the soon-to-come Bredbox Firefox extension with it.
I remember when apps started showing the weather when you signed in to let you know they were location-aware. I feel like summarization is the equivalent for AI.
Thereβs no OAuth. Not sure what youβre referring to.
It's pretty sweet that local Supabase now ships with a built-in MCP server.
Claude 4.6 Sonnet has been pretty impressive in my recent testing. I'm getting Opus-like performance on long-running, complex tasks.
Claude chat window. Me: Crosspost this: Really disappointed that the VS Code - Gemini 3.1 Pro integration is still so flaky. I've been itching to give it a try. Claude: Before I post, I want to flag something: **Gemini 3.1 Pro** doesn't appear to be a real product β Google's model line doesn't use that naming convention. You might be thinking of a different model (like Gemini 1.5 Pro, or perhaps a different AI tool integration entirely). Could you double-check the name so the post is accurate?
Is Claude throwing shade?
Really disappointed that the VS Code - Gemini 3.1 Pro integration is still so flaky. I've been itching to give it a try.
One of the unfortunate side effects of company-backed open source projects is that people seem to expect all popular projects to be staffed full-time and just as responsive. Many maintainers work in their spare time on projects so this is an unfair expectation.
I really wish security vulnerability reports had more discernment over whether something represents an actual risk. Every report, we get flooded with ESLint issues demanding immediate upgrades even though there's no real exploit for ESLint. It's such a waste of everyone's energy.
It's tempting to use Claude 4.6 Opus for everything because it's so capable, but that's not cost efficient. The goal of AI-assisted programming is to get the greatest value for the lowest cost. That's why I think that budgeting is quickly becoming a necessary skill for software engineers.
It lives!
The pay-as-you-go X API looks enticing, but it won't return you full articles. You get the raw article text with all images, code blocks, and links removed. Then you get arrays of each with no location info. There's no way to reconstruct the whole article.
So when will Claude Code support AGENTS.md
I like you, don't get me wrong, but I'm just not sure I'm ready to spend my Claude 4.6 Opus credits on you.
Pretty exciting day for Bredbox: the REST API just shipped. π Imagine if Pocket (rest in peace) had a REST API -- that's the vision. Available today to all users.
Bredbox still requires an invite as it's being stress-tested, and you can request an invite here:
https://bredbox.app
Hmm, the Cloudflare workers rate limit API doesn't return the number of requests remaining for the period. That's disappointing. It may be effective but not a great choice for APIs.
I've been knee-deep in understanding how Supabase signing keys work and how to provide your own. Here's a quick writeup:
https://humanwhocodes.co...
This is not my intended workflow. π
Fascinating. After refactoring my prompts into custom agents, prompts, and skills in VS Code, I asked Gemini to solve a problem. It launched the product-manager agent to write a PRD, followed by the architect agent for a tech spec, and then created a detailed task list to implement the spec.