telexed ~ cat / infra_saas★4 and up · hourly · UTC+09LIVE
TELEXED
All Infra & SaaS

Infra & SaaS

50 items
FILTER[All][Agents & tools][Models & API][Generative media][Infra & SaaS][ASO & growth][Indie business][Idea signals][Other][★6+ high-signal]
clear filters
Today3 dispatches
  • #0050Infra & SaaSGeekNews

    `Railway` Outage Resolved After `Google Cloud` Account Block

    50radar
    RailwayPaaS hosting platform — Git-based app deploys

    A provider-level account block took the platform down broadly. Treat hosted PaaS as a dependency with vendor lockout risk, not just runtime uptime.

    • Users hit no healthy upstream, unconditional drop overload, login failures, and dashboard access failures — control plane and runtime both degraded.
    • The cause was a Google Cloud account block, so the failure sat below Railway’s own app layer. Status pages alone do not cover this risk.
    • For revenue apps, keep DB backups, DNS escape routes, and deploy docs outside the platform. Recovery speed depends on prewritten exits.
    Source: news.hada.io/topic?id=29725Read original →
  • #0049Infra & SaaSGeekNews

    European Payment Apps Form Sovereign Network Against Card Giants

    40radar
    WeroEuropean payment service — account-based real-time transfers

    National wallet systems are linking with Wero to keep payment flows inside Europe. No immediate checkout change, but EU-facing products should watch alternative payment methods.

    • The alliance connects Bizum, Bancomat, MB WAY, Vipps MobilePay, and Wero, creating a 130M active-user payment bloc.
    • The stated goal is payments that do not route through US servers. Data residency is becoming part of payment UX, not just compliance.
    • Practical impact is not immediate. For EU sales, keep checkout abstraction flexible enough to add regional methods without a rewrite.
    Source: news.hada.io/topic?id=29721Read original →
  • #0048Infra & SaaSLatent Space

    `Railway` Pushes an Agent-Native Cloud Narrative

    70radar
    RailwayCloud PaaS — Git-based app deploys and infra management

    Own-metal infra and heavy coding-agent spend point to a tighter cloud/dev loop. Worth watching if deploy workflows move from PRs to agent-driven changes.

    • Railway claims 3M users and 100K signups per week; distribution now matters as much as hosting features.
    • Own-metal data centers signal margin control, not just Heroku-style UX. That can shape pricing and latency later.
    • $200K+ coding agent spend is a strong signal that internal engineering workflows are being rebuilt around agents.
    • “Death of PRs” frames deployment as agent-native operations. Small teams should watch whether review, rollback, and audit trails keep up.
    Source: www.latent.space/p/railwayRead original →
Yesterday11 dispatches
  • #0047Infra & SaaSGeekNews

    `GitHub` investigates unauthorized access to internal repositories

    40radar

    Scope is currently limited to internal repositories. No evidence points to customer data outside GitHub repos, so this is a watch item, not an immediate migration trigger.

    • Confirmed scope is internal repository access. Customer enterprises and organizations are not reported as affected yet.
    • No evidence currently shows impact to customer information stored outside GitHub internal repos. Keep monitoring official updates.
    • Practical action is limited: review org audit logs, rotate sensitive tokens if stored carelessly, and avoid panic moves.
    Source: news.hada.io/topic?id=29701Read original →
  • #0046Infra & SaaSRevenueCat Blog

    `Google Play Billing Library` `9.0`, billing and console updates from I/O 2026

    80radar
    Google Play Billing LibraryAndroid billing library — Google Play in-app purchase integration

    Billing, analytics, protection, and Play Console all moved at once. Android subscription code should be reviewed now, not after a build rejection.

    • Play Billing Library 9.0.0 is a major version, so billing code deserves a compatibility pass before the next Android release.
    • The update bundle includes AI, Play Console, analytics, and protection changes. Store operations are expanding beyond payment integration.
    • RevenueCat coverage matters because it usually translates Google Play billing changes into SDK and migration impact.
    • Apps with Android subscriptions should watch RevenueCat and Google timelines together. Late migration turns into release risk.
    Source: www.revenuecat.com/blog/engineering/play-billing-v9/Read original →
  • #0045Infra & SaaSr/SaaS

    Do not treat `Vercel` or `Railway` as zero-ops production infrastructure

    50radar

    Managed hosting can still fail at the account and control-plane layer. Back up env vars, rehearse redeploys, and keep an exit path ready.

    • A Vercel account with 10 projects reportedly lost env vars, secrets, and configs. Treat dashboard state as data that needs backup.
    • Support response took about 2 weeks in the reported incident. Paid convenience does not guarantee incident-speed help.
    • Migrating to Railway consumed days, then the control plane became inaccessible. Provider switching is not a disaster plan by itself.
    • Direct AWS or GCP adds setup pain, but IaC plus secret backups gives more control over recovery paths.
    Source: www.reddit.com/r/SaaS/comments/1ti6v5w/never_host_your_aRead original →
  • #0044Infra & SaaSGeekNews

    CISA Contractor Leaked `AWS GovCloud` Keys on GitHub

    40radar

    A public repo exposed high-privilege cloud and internal credentials. Treat secret scanning as a production control, not a checkbox.

    • The public Private-CISA repo exposed high-privilege AWS GovCloud credentials, plaintext passwords, tokens, and logs.
    • Default protections that block secret publishing appear to have been disabled; one bad repo setting can bypass the whole safety net.
    • Immediate takeaway: enforce secret scanning, pre-commit checks, and key rotation even on private or internal repos.
    Source: news.hada.io/topic?id=29689Read original →
  • #0043Infra & SaaSGeekNews

    `FileBrowser Quantum`: Free Open-Source Self-Hosted Web File Manager

    50radar
    FileBrowser QuantumSelf-hosted file manager — stronger auth and directory ACLs

    A self-hosted file UI adds serious auth and access-control layers beyond basic browsing. Useful when a small product needs internal asset/admin file handling without paying for another SaaS.

    • Supports OIDC, LDAP, JWT, password plus 2FA, and proxy auth, so it can fit both simple admin panels and heavier internal setups.
    • Directory-level permissions can be set by user or group. That is the real upgrade over a plain shared file browser.
    • Runs on SQLite, keeping deployment lightweight. Good fit for a single VPS or sidecar service in an existing stack.
    Source: news.hada.io/topic?id=29680Read original →
  • #0042Infra & SaaSvercel_blog

    `Vercel Chat SDK` Adds `callbackUrl` for Card Buttons and Modals

    60radar
    Vercel Chat SDKChat UI SDK — integrates Vercel workflows and adapters

    Agent runs can now pause and resume from UI actions. Useful for approval flows in Slack or Teams without extra glue code.

    • callbackUrl sends button-click or form-submit payloads to your endpoint, so workflows can resume from external UI events.
    • Cards need a workflow webhook URL wired into each button’s callbackUrl; modals include submitted form data in the payload.
    • Button callbacks work on most official-adapter platforms, while modal callbacks are limited to Slack and Teams for now.
    Source: vercel.com/changelog/chat-sdk-now-supports-callback-urlsRead original →
  • #0041Infra & SaaSvercel_blog

    `Chat SDK` adds message subjects and direct adapter SDK access

    60radar
    Chat SDKBot SDK — adapters for GitHub, Linear, and Slack

    Bots can now resolve the parent GitHub issue, PR, or Linear item from a mention. This makes workflow bots less glue-heavy and worth adopting for support or triage automation.

    • message.subject returns title, status, URL, and typed parent payload for GitHub and Linear comments; Slack returns null.
    • Subject lookup is cached per message, so repeated reads avoid extra provider API calls in the same handling path.
    • Adapters now expose underlying platform SDKs directly; custom provider API calls no longer need separate client wiring.
    Source: vercel.com/changelog/chat-sdk-adds-message-subjects-and-Read original →
  • #0040Infra & SaaSvercel_blog

    `Chat SDK` adds built-in `AI SDK` tools via `chat/ai`

    70radar
    Chat SDKVercel chat app SDK — built-in AI tool wiring

    Agent wiring is now one call: createChatTools(chat). Approval-gated writes and preset-scoped tools reduce custom glue code for Vercel chat apps.

    • createChatTools(chat) connects Chat SDK read/write actions into an agent, cutting boilerplate around chat state operations.
    • Write tools default to requireApproval, so destructive agent actions start behind an approval gate.
    • reader, messenger, and moderator presets construct only allowed tools, keeping tool exposure narrower by default.
    Source: vercel.com/changelog/chat-sdk-now-includes-ai-sdk-toolsRead original →
  • #0039Infra & SaaSvercel_blog

    `Vercel AI Gateway plugin` connects WordPress to 40+ AI providers

    80radar
    Vercel AI Gateway pluginWordPress AI connector — one-key routing to 40+ providers

    WordPress sites can now route AI features through one gateway key instead of per-provider setup. Useful for shipping AI plugins with less credential, fallback, and billing plumbing.

    • The connector works with the new WordPress AI Client, which requires WordPress 7.0; older sites need an upgrade first.
    • One AI Gateway key in Settings > Connectors replaces separate credentials for Anthropic, Google, OpenAI, xAI, DeepSeek, and more.
    • Plugins built on WordPress AI Client inherit the connector automatically, reducing custom provider integration work.
    • Supported modes include text, structured JSON, image generation/editing, and video through the same prompt builder.
    • Automatic fallbacks and dynamic model discovery lower outage handling and model-update maintenance.
    Source: vercel.com/changelog/vercel-ai-gateway-plugin-for-wordprRead original →
  • #0038Infra & SaaSGitHub Changelog

    GitHub expands OIDC for `Dependabot` and code scanning private registries

    50radar

    Org-level private registry auth now covers two more artifact providers. Useful if your supply-chain checks already pull private packages; otherwise low urgency.

    • Cloudsmith and Google Artifact Registry join org-level OIDC auth support for private registries, reducing long-lived secret handling.
    • Coverage applies to Dependabot and code scanning, so dependency updates and security analysis can access private packages with the same auth model.
    • Best fit is repos already using private artifacts. For public-package-only projects, this is a cleanup item, not a roadmap changer.
    Source: github.blog/changelog/2026-05-19-expanded-oidc-support-fRead original →
  • #0037Infra & SaaSHacker News · MCP Server

    `Superlog`, self-installing observability with bug-fix PRs

    60radar
    SuperlogObservability SaaS — auto-instruments and opens fix PRs

    Observability setup moves from dashboard wiring to repo-scanning instrumentation. The promise is strong for small teams, but pricing and real-world accuracy decide whether it replaces Sentry or Datadog.

    • The wizard scans a repo and adds structured logs, traces, and metrics through OpenTelemetry; setup pain is the main wedge.
    • Incidents are fingerprinted and grouped, so alert flow becomes one issue instead of duplicate spam in Slack.
    • The agent investigates errors and opens a tested PR when context is enough; otherwise it posts findings and pulls in likely owners.
    • Cost tracking includes LLM/upstream spend by callsite, tenant, and model, useful for multi-tenant SaaS margins.
    Source: superlog.sh/Read original →
Tue, May 1910 dispatches
  • #0036Infra & SaaSsaastr

    `AI Agent API Report Card`: B2B APIs Average 71/100

    40radar
    AI Agent API Report CardAPI grading tool — scores agent-readiness for B2B APIs

    Agent-ready APIs are becoming a measurable SaaS surface. Useful as a checklist for docs, auth, and workflow design before exposing your own API.

    • 144 B2B APIs graded and 4,521 analyses run; the sample is now large enough to spot API readiness patterns.
    • Only 45 A grades means many vendors still underserve agent workflows; clear docs and predictable endpoints remain leverage.
    • The average score is 71/100. Treat AI Agent API Report Card as a competitive checklist, not a definitive benchmark.
    Source: www.saastr.com/the-new-ai-agent-api-report-card-tells-usRead original →
  • #0035Infra & SaaSGitHub Changelog

    GitHub removes `code_scanning_upload` from rate limit API

    40radar

    Clients reading the REST rate-limit resources object must stop expecting this field. Small change, but brittle GitHub API monitors can break.

    • As of May 19, 2026, code_scanning_upload no longer appears in the rate-limit REST API response.
    • Check scripts that parse resources.code_scanning_upload; strict schema validation can fail on the missing field.
    • Normal app behavior is unaffected unless your tooling tracks GitHub code-scanning upload quotas directly.
    Source: github.blog/changelog/2026-05-19-removal-of-code_scanninRead original →
  • #0034Infra & SaaSGeekNews

    `Grafana` GitHub Token Leak Led to Source Download and Extortion Attempt

    40radar
    GrafanaObservability platform — dashboard and metrics visualization

    A leaked GitHub token gave an unauthorized party access to source code. Treat repo tokens as production secrets; rotation and scope limits are cheap insurance.

    • The attacker accessed Grafana's GitHub environment and downloaded source code, turning a token leak into a data-extortion incident.
    • Grafana refused to pay the ransom under FBI guidance. Incident response needs a payment stance before pressure hits.
    • A single repo token can expose private code. Keep scopes narrow, rotate regularly, and remove long-lived tokens where possible.
    Source: news.hada.io/topic?id=29655Read original →
  • #0033Infra & SaaStogether_ai

    `Together AI` Benchmarks Coding-Agent Inference at Scale

    50radar
    Together AIAI inference cloud — optimized serving for open models

    Throughput, latency, and cost are framed as the real bottlenecks for agent backends. Useful when choosing inference infra, but still vendor-run.

    • Together AI claims 31% higher TPS than TensorRT-LLM; throughput matters when many agent steps run in parallel.
    • TTFT is claimed to be 2x better at saturation, which directly affects perceived responsiveness in coding-agent loops.
    • Cost is positioned as 76% lower than Claude Opus 4.6; worth testing on your workload before switching infra.
    Source: www.together.ai/blog/coding-agent-benchmarksRead original →
  • #0032Infra & SaaSvercel_blog

    `Vercel` opens `Flat Rate CDN` limited beta for Pro teams

    100radar
    Flat Rate CDNVercel CDN plan — fixed monthly billing regardless of traffic

    CDN bills can now be capped with a fixed monthly fee. This reduces launch-risk from viral traffic, bot spikes, and route mistakes.

    • Flat Rate CDN replaces usage-based CDN billing with a fixed monthly price for Pro teams in limited beta.
    • Edge Requests, Fast Data Transfer, and related Vercel CDN products are no longer metered under the plan.
    • Temporary traffic spikes will not raise the bill, which makes launches and experiments easier to budget before the month starts.
    Source: vercel.com/changelog/flat-rate-cdn-in-limited-betaRead original →
  • #0031Infra & SaaSvercel_blog

    `Vercel Sandbox` Now Runs `Claude Managed Agents`

    80radar
    Vercel SandboxIsolated runtime — per-session Firecracker microVMs

    Agent tool calls can run inside isolated Vercel microVMs while secrets stay outside the sandbox. Useful for production agent features that need private APIs and tighter network control.

    • Claude Managed Agents provides the model, harness, tools, and session state; Vercel supplies the execution environment for self-hosted tool calls.
    • Each session gets its own Firecracker microVM with millisecond startup, making per-user agent isolation practical.
    • Credential brokering happens at the firewall, so secrets do not enter the sandbox. This is the right default for customer-data workflows.
    • Deny-by-default egress with a domain allowlist reduces blast radius when agents call tools or browse controlled services.
    Source: vercel.com/changelog/run-claude-managed-agents-with-vercRead original →
  • #0030Infra & SaaSvercel_blog

    `Vercel` Adds Consolidated GitHub Commit Status for Monorepos

    50radar

    Branch protection gets cleaner for multi-project repos. One GitHub status can replace per-project noise, useful if Vercel monorepos have been making PR checks messy.

    • Monorepos can opt into one consolidated commit status on GitHub PRs instead of separate statuses for every Vercel project.
    • Branch protection can be configured once in GitHub; required Vercel projects are then managed from each project’s settings.
    • Best fit is repos with many deploy targets. Single-app repos gain little beyond a cleaner checks list.
    Source: vercel.com/changelog/consolidated-commit-status-now-avaiRead original →
  • #0029Infra & SaaSvercel_blog

    `Vercel` stops charging for WAF-mitigated traffic

    90radar
    VercelFrontend cloud platform — integrated Next.js deploys and CDN

    Blocked bots no longer turn into surprise CDN bills. This directly lowers the risk of scrapers, credential stuffing, and abused API endpoints on small apps.

    • Traffic denied, challenged, or rate-limited by Vercel Firewall now waives CDN Requests and Fast Data Transfer charges.
    • DDoS mitigation was already unlimited and free; this change covers non-DDoS abuse handled by custom rules, managed rules, and rate limits.
    • The waiver applies automatically to every project using Vercel Firewall; no config change or migration required.
    • Product pages, login routes, and expensive API endpoints are the obvious places to add stricter rules now.
    Source: vercel.com/changelog/web-application-firewall-mitigated-Read original →
  • #0028Infra & SaaSGeekNews

    `Bitwarden` Quietly Reworks Pricing and Free Messaging

    50radar
    BitwardenPassword manager SaaS — open-source vault for users and teams

    Premium pricing doubled while the “Always free” promise disappeared from site copy. Treat critical SaaS promises as mutable, especially after leadership changes.

    • Premium moved to 2x pricing. Small in dollars, but password management is sticky infrastructure.
    • The “Always free” wording was removed through website and content edits, not a big launch announcement.
    • Long-time CEO Michael Crandell shifted to an advisory role in February; new M&A background raises acquisition-risk sensitivity.
    Source: news.hada.io/topic?id=29634Read original →
  • #0027Infra & SaaSRevenueCat Blog

    `RevenueCat` Adds Flexible Discounts for Web Billing

    60radar
    RevenueCatSubscription billing infra — unified app and web subscriptions

    Web subscriptions can now use percentage discounts, promo codes, and win-back offers. Useful for churn recovery and price testing without wiring discount logic yourself.

    • Percentage-off discounts and promo codes now apply to RevenueCat web subscribers, reducing custom billing work.
    • Win-back offers target cancelled or lapsed users. That gives churn recovery a built-in path instead of ad hoc email-only campaigns.
    • The scope is web billing, not App Store pricing. Best fit is a paid web checkout where discount tests can move quickly.
    Source: www.revenuecat.com/blog/company/flexible-discounts-web-bRead original →
Sun, May 171 dispatches
  • #0026Infra & SaaSGeekNews

    `Stripe Link CLI` Lets AI Agents Pay on a User's Behalf

    70radar
    Stripe Link CLIPayment CLI — one-time credentials from a Link wallet

    Agents can receive one-time payment credentials from a Link wallet without storing raw card data. Useful for agentic commerce experiments; production value depends on merchant support.

    • Issues one-time credentials from a Link wallet, so agents can complete purchases without keeping actual card details.
    • Supports two credential types: broadly usable virtual card PAN and an S... option based on Machine Payment Protocols.
    • This is payment infrastructure, not just automation. It opens tests for delegated checkout, procurement bots, and agent-run SaaS workflows.
    Source: news.hada.io/topic?id=29579Read original →
Fri, May 152 dispatches
  • #0025Infra & SaaSvercel_blog

    `AI Gateway` adds request-time provider ranking controls

    80radar
    AI GatewayAI routing service — failover across model providers

    Routing can now optimize on price, first-token latency, or throughput at request time instead of Vercel's blended default. Useful when one model has many providers and the cheapest or fastest route materially changes margin or UX.

    • Set sort on providerOptions.gateway to 'cost', 'ttft', or 'tps' depending on whether margin, snappiness, or long-output speed matters most.
    • Ranking is computed at request time, so newly added providers, price changes, and observed latency shifts flow through without code changes.
    • Fallback is strict: providers are attempted in sorted order, and the next one is used only if the higher-ranked provider is unavailable.
    • sort works with Zero Data Retention filtering and with order; pinned providers stay first, then the rest follow the chosen ranking.
    • Each response exposes routing metadata with a sort block showing candidates, metric values, attempt order, and health-based deprioritization for debugging.
    Source: vercel.com/changelog/sort-providers-by-cost-latency-or-tRead original →
  • #0024Infra & SaaSvercel_blog

    `Vercel CLI` adds native `curl` syntax

    50radar

    Protected deployments can now be hit with plain curl-style requests using your Vercel auth. It removes header and token boilerplate for preview smoke tests, so updating the CLI is worth it.

    • vercel curl now accepts full URLs, bare hostnames, and the --url flag, so existing curl habits mostly transfer over.
    • Vercel auth is reused to bypass Deployment Protection, which cuts the usual preview-token and header setup.
    • Linked projects can pass just a path instead of a full URL, making repeated endpoint checks much faster.
    • This is a small feature, but it sharpens local-to-preview debugging loops where protected environments slow teams down.
    Source: vercel.com/changelog/use-native-curl-syntax-with-vercel-Read original →
Thu, May 144 dispatches
  • #0023Infra & SaaSSimon Willison

    `datasette-ip-rate-limit` `0.1a0`, path-level IP throttling for crawler abuse

    50radar
    datasette-ip-rate-limitDatasette plugin — path-level IP throttling rules

    Bad crawlers hitting hot paths can now be blocked with 60 req/60s per-rule limits. Path-specific throttling in datasette.yml makes this a practical low-cost ops guardrail.

    • Production config reads Fly-Client-IP and sets max_keys to 10000. It fits proxy-based deployments without extra app logic.
    • Exemptions for /static/* and /-/turnstile* keep assets and bot checks flowing while narrowing protection to expensive routes.
    • The example rule targets /global-power-plants/* and /legislators/*: 60 requests per 60s, then 20s blocked.
    • Still an alpha at 0.1a0, but the config surface is small enough to copy into lightweight self-hosted services quickly.
    Source: simonwillison.net/2026/May/14/datasette-ip-rate-limit/#aRead original →
  • #0022Infra & SaaSvercel_blog

    `Vercel` adds `Protected Source Maps` for production-only debugging

    70radar
    Protected Source MapsDeployment security feature — hides browser source maps behind auth

    Production source maps can now stay accessible to your team while returning 404 to everyone else. It removes a common tradeoff between readable stack traces and leaking original frontend code, so existing projects should turn it on now.

    • Browser .map files now sit behind Vercel Authentication, letting internal users fetch them while blocking public access with 404 responses.
    • New projects get the setting enabled by default, which lowers the chance of accidentally exposing source maps on fresh launches.
    • Existing projects can enable it in Settings -> Deployment Protection with no redeploy, so rollout cost is near zero.
    • This keeps production debugging intact with real filenames and line numbers, without leaving unminified source structure open to anyone scraping assets.
    Source: vercel.com/changelog/protected-source-maps-ship-browser-Read original →
  • #0021Infra & SaaStrends_vc

    AI Gateways Turn Model Choice Into Infrastructure

    50radar

    Routing is becoming its own layer above model APIs. OpenRouter scale shows provider lock-in is weakening, but this is more strategy signal than immediate tooling change.

    • OpenRouter handles 20T+ tokens per week; no single provider owns over 23% of volume, so demand is already multi-model.
    • Gateways add switching, routing, and caching above APIs. The moat shifts from model access to traffic control and cache hit rate.
    • Vertical gateways are the practical angle: wrappers for coding, support, agents, or media can optimize cost and reliability per workflow.
    • Hyperscaler bundling is the counter-pressure. Standalone gateway margins get squeezed if cloud platforms bundle routing into existing infra.
    Source: trends.vc/ai-gateways-cache-as-moat-vertical-gateways-hyRead original →
  • #0020Infra & SaaSHacker News · Show HN AI

    `Ardent` launches Postgres sandboxes for coding agents without DB migration

    60radar
    ArdentDB sandbox — prod-like branches without migration

    Production-like DB branches spin up in under 6s without moving off your current hosted Postgres. Useful if agent-written schema or data changes need realistic testing before they touch prod.

    • It uses logical replication plus DDL triggers instead of physical replication, so existing hosted Postgres setups can adopt it without a platform move.
    • The stack fans replication through Kafka and uses Neon-style branching, targeting sub-6-second clones even at TB scale.
    • A proxy layer issues custom Postgres URLs, adds finer-grained clone access control, and reduces raw credential exposure.
    • Pre-return SQL hooks support anonymization and branch mutation, which makes PII redaction part of the sandbox flow instead of a separate step.
    Source: www.tryardent.com/Read original →
Wed, May 134 dispatches
  • #0019Infra & SaaSvercel_blog

    `Vercel` adds `Trusted Sources` to Deployment Protection

    70radar
    Trusted SourcesDeployment protection feature — accepts short-lived `OIDC` tokens

    Short-lived OIDC tokens can now replace shared bypass secrets for protected deployments. Safer CI and cross-project calls with less secret sprawl; worth adopting now.

    • Requests now pass an OIDC token in x-vercel-trusted-oidc-idp-token; Vercel verifies signature, claims, and env match before allowing access.
    • A project can access its own deployments by default, and same-team cross-project access is allowed by adding explicit source rules.
    • Rules are configurable per from / environment pair, so preview, staging, and production access can be split cleanly.
    • External identity providers are supported too, including GitHub Actions; one-off automation no longer needs a long-lived shared bypass secret.
    Source: vercel.com/changelog/trusted-sources-for-deployment-protRead original →
  • #0018Infra & SaaSr/ClaudeAI

    Built a Live Election Dashboard in 2 Days With `Claude` and Cloudflare’s Free Tier

    50radar
    CloudflareEdge platform — CDN and KV for free-tier global delivery

    A laptop scraper plus Cloudflare KV and CDN handled 430K requests without paid hosting, DB, or a domain. The useful takeaway is the architecture: push precomputed snapshots to the edge and keep the browser dumb when traffic spikes.

    • The stack stayed extremely lean: a Python scraper pulled 234 result pages, merged them, and wrote snapshots to Cloudflare KV for global delivery.
    • Traffic stress was real, not hypothetical: 24K visitors, 430K requests, 8.7 GB bandwidth, and 24 countries on election day.
    • Write volume hit 997 in a day against a 1,000 free-tier limit, which shows this pattern works but has almost no headroom for more frequent refreshes.
    • Feature velocity mattered as much as infra: requests like close races and counted percentage shipped in minutes, with 60+ commits during the live event.
    Source: www.reddit.com/r/ClaudeAI/comments/1tbges5/i_used_claudeRead original →
  • #0017Infra & SaaSr/SideProject

    Free election dashboard stack: laptop scraper + `Cloudflare KV` survived a one-day traffic spike

    60radar
    Cloudflare KVEdge key-value store — pairs well with CDN-heavy reads

    The useful part is the architecture, not the Claude flex: scrape on a laptop, push static snapshots to Cloudflare KV, let the CDN absorb reads. It handled a real spike on free tier limits, so this pattern is worth copying for short-lived live dashboards.

    • Data flow stayed minimal: a Python scraper pulled 234 raw HTML result pages, merged them, and published snapshots every 30 seconds with no DB or paid hosting.
    • Traffic was non-trivial: 24K visitors, 430K requests, and 8.7 GB bandwidth from 24 countries, which validates the static-distribution approach under bursty demand.
    • The sharp edge was write quota, not reads: 997 writes in a day against a 1,000 free-tier cap. This works, but only if update frequency is tightly controlled.
    • Feature iteration stayed fast during the event: 60+ commits in one day and new requests shipped within minutes. AI helped with output speed; product judgment still sat with the builder.
    Source: www.reddit.com/r/SideProject/comments/1tbg0lq/i_used_claRead original →
  • #0016Infra & SaaSvercel_blog

    `Vercel Firewall` can generate WAF custom rules from natural language

    70radar

    Writing edge security rules just got much less manual. If you already ship on Vercel, this cuts setup friction enough to try now.

    • The dashboard now turns plain-English intent into WAF rules, reducing the need to hand-write match logic.
    • Generated rules can log, block, challenge, rate limit, or redirect traffic based on IP, path, country, user agent, and more.
    • Examples are immediately practical: protect /api/webhook, block /wp-admin, or challenge non-US traffic on /checkout.
    • Vercel CLI support matters because rule creation can fit existing deploy and ops workflows instead of staying dashboard-only.
    Source: vercel.com/changelog/create-vercel-waf-custom-rules-usinRead original →
Tue, May 125 dispatches
  • #0015Infra & SaaSvercel_blog

    `AI Gateway` adds fast mode for `Claude Opus 4.7`

    80radar
    AI GatewayLLM gateway — unified routing across model providers

    Latency drops hard without stepping down model quality: output generation is about 2.5x faster. The tradeoff is brutal at 6x standard Opus pricing, so this is for premium paths only.

    • Output token generation is roughly 2.5x faster while keeping full Opus 4.7 intelligence; useful when response time is the product constraint.
    • Enable it via speed: 'fast' in anthropic provider options with anthropic/claude-opus-4.7, so rollout is a config change, not a model swap.
    • Pricing jumps from $5/$25 per 1M input/output tokens to $30/$150. Speed gains are real, but margins get hit immediately.
    • Claude Code can use it through AI Gateway with CLAUDE_CODE_SKIP_FAST_MODE_ORG_CHECK, CLAUDE_CODE_ENABLE_OPUS_4_7_FAST_MODE, or ~/.claude/settings.json.
    • Prompt caching and other standard multipliers still stack on top, so heavy agent loops can get expensive fast.
    Source: vercel.com/changelog/fast-mode-for-opus-4-7-available-onRead original →
  • #0014Infra & SaaSvercel_blog

    Manage `Vercel Firewall` Rules from the `CLI`

    70radar
    Vercel FirewallSecurity feature — controls traffic rules for Vercel apps

    Security rollout moves closer to deploy workflows instead of dashboard clicks. Teams using vercel can script rule changes, test safer rollouts, and hand more of this to agents now.

    • The vercel firewall command now covers custom rules, IP blocks, system bypasses, attack mode, and system mitigation settings.
    • This closes a real ops gap: firewall changes can live in terminal workflows alongside deploys, scripts, and incident response.
    • Vercel Firewall also gets an agent-facing skill with guidance for safer rule rollout, which lowers the chance of locking out good traffic.
    • Setup friction is low: update the CLI, run vercel firewall, and the feature is immediately reachable from existing Vercel workflows.
    Source: vercel.com/changelog/manage-vercel-firewall-in-the-cliRead original →
  • #0013Infra & SaaSvercel_blog

    `AI Gateway` production index: spend goes to `Anthropic`, volume to `Google`

    50radar
    AI GatewayAI gateway — routes many models behind one API

    Production traffic splits cleanly by risk tolerance, not by one winner. Route premium reasoning to Claude and bulk cheap calls to Gemini Flash; single-provider bets now look expensive.

    • April 2026 spend share was 61% `Anthropic`, 21% `Google`, 12% `OpenAI`. Money is flowing to high-stakes calls, not raw traffic.
    • Token volume flipped the ranking: 38% `Google`, 26% `Anthropic`, 13% `OpenAI`, 10% `xAI`. Cheap models are absorbing mass-market workloads.
    • Within the same customer base, premium reasoning lands on Claude Opus while low-cost throughput lands on Gemini Flash. Model routing is becoming the default stack design.
    • B2B tokens cost roughly 2x B2C per token. If mistakes create legal or operational risk, the savings from cheaper models disappear fast.
    • Anthropic held 71% token share in back-office workloads but only 7% in consumer. Google concentrated in consumer with Gemini Flash at 28% of tokens and 15% of cost.
    Source: vercel.com/blog/ai-gateway-production-indexRead original →
  • #0012Infra & SaaSGeekNews

    `zero-native`: Build desktop and mobile apps with `Zig` and web UI

    50radar
    zero-nativeApp framework — native shell with system WebView

    A tiny native shell can wrap a web frontend into desktop apps without bundling a browser runtime when using the system WebView. That cuts binary size and startup cost, but teams that need pixel-perfect rendering will still trade up to Chromium.

    • Using the system WebView avoids shipping a full browser engine, so binaries stay small and launch faster.
    • The stack targets macOS, Windows, and Linux from one web UI, which lowers the cost of turning an existing SaaS frontend into an installable app.
    • Zig at the shell layer suggests tighter native control than Electron-style wrappers, with less runtime overhead.
    • If rendering consistency matters more than footprint, the Chromium path is still on the table; the value depends on whether size or parity is the bigger constraint.
    Source: news.hada.io/topic?id=29409Read original →
  • #0011Infra & SaaSvercel_blog

    `Vercel Sandbox` adds `Node.js 26.x` support

    50radar
    Vercel SandboxCloud sandbox runtime — fast isolated code execution

    Sandbox runtime options just moved up a generation. Upgrading @vercel/sandbox unlocks Node 26 testing, making version-parity checks easier before shipping.

    • Vercel Sandbox now supports Node 26, so newer runtime APIs can be validated without leaving Vercel's execution environment.
    • To use it, upgrade @vercel/sandbox to 1.10.2+ or 2.0.0-beta.19+ for v2, then set runtime to node26.
    • This is a small but practical update if your app, workers, or tooling need strict Node-version alignment across local and hosted runs.
    Source: vercel.com/changelog/node-js-26-x-now-available-on-verceRead original →
Mon, May 113 dispatches
  • #0010Infra & SaaSGeekNews

    90-Day Disclosure Is Breaking Under AI-Speed Exploits

    50radar

    AI has compressed rediscovery and exploit creation enough that fixed 90-day disclosure windows no longer protect slow patching. If your app touches payments, shorten fix cycles and treat frontend patch diffs as attacker documentation.

    • A critical payment-validation bug was independently reported by 11 people in 6 weeks, which means dangerous flaws now get rediscovered in parallel, fast.
    • A React patch diff was turned into a working exploit in 30 minutes with AI help, so shipping partial client-side fixes buys very little time.
    • The old 90-day norm assumed slower analysis and exploit development; that assumption no longer holds for high-value SaaS surfaces like checkout flows.
    • Payment logic needs server-side enforcement and rapid rollout paths, because once a patch lands, attackers can reverse the fix almost immediately.
    Source: news.hada.io/topic?id=29383Read original →
  • #0009Infra & SaaSvercel_blog

    `Vercel Flags` adds scheduled progressive rollouts

    80radar
    Vercel FlagsFeature flag service — plugs into Vercel release flow

    Traffic can now ramp to a new variant by schedule instead of staying at a fixed split. That makes feature releases safer without building your own rollout logic, and it's usable now via dashboard or vercel flags rollout.

    • Unlike a fixed 50/50 experiment split, each rollout stage has a target percentage plus duration, so exposure increases automatically.
    • Catching regressions on a small slice first lowers blast radius before a bad release reaches everyone.
    • Control is available in both the dashboard and the new vercel flags rollout CLI path, which matters for scripted releases.
    Source: vercel.com/changelog/progressive-rollouts-in-vercel-flagRead original →
  • #0008Infra & SaaSvercel_blog

    `Vercel Sandbox firewall` adds proxy forwarding and request filtering in beta

    50radar
    Vercel SandboxSandbox runtime — isolated execution with network controls

    Outbound sandbox calls can now pass through your own proxy with path, method, query, and header matching. Useful for logging and credential control, but immediate reach is limited because it's beta on Pro and Enterprise.

    • You can set a forwardURL on an allowed domain, and matching HTTPS requests are relayed to your own proxy for logging, debugging, or response transforms.
    • Matchers can scope forwarding and credential brokering by path, method, query string, or headers, so only sensitive routes need extra handling.
    • The proxy receives source metadata headers plus a vercel-sandbox-oidc-token, enabling request authentication and sandbox/team/project attribution.
    • Access is limited to Pro and Enterprise beta and requires the @vercel/sandbox@beta SDK, so this is practical only if you already depend on Sandbox.
    Source: vercel.com/changelog/vercel-sandbox-firewall-now-supportRead original →
Sun, May 101 dispatches
  • #0007Infra & SaaSGeekNews

    `AWS` Virginia Outage Resolved After `US-East-1` Overheating Incident

    40radar
    US-East-1AWS region — its primary Northern Virginia region

    A cooling-related failure in `US-East-1` hit major customer-facing services, not just internal AWS dashboards. If anything still depends on a single region, this is another reminder that multi-region failover is cheaper than surprise downtime.

    • The trigger was data center overheating in US-East-1, turning a routine status alert into a real regional availability event.
    • Named impact reached services like Coinbase and FanDuel, which shows the blast radius reached end-user transactions, not background jobs only.
    • AWS marked recovery at 3:29 PM ET Friday. Even a resolved incident matters if your stack, auth, or webhooks are pinned to one region.
    Source: news.hada.io/topic?id=29337Read original →
Fri, May 84 dispatches
  • #0006Infra & SaaSSupabase Blog

    `Supabase` becomes an official `ChatGPT` app

    50radar

    You can now operate Supabase projects through natural-language requests inside ChatGPT. It trims routine DB ops into chat and is worth testing now if Supabase already sits in your stack.

    • The integration connects existing Supabase projects to ChatGPT, not a separate dashboard flow.
    • The stated use case is managing database infrastructure by chat, which points to faster admin and maintenance loops.
    • This is most useful when you already keep product, schema, and ops context in ChatGPT; otherwise the gain is smaller.
    Source: supabase.com/blog/supabase-is-now-an-official-chatgpt-apRead original →
  • #0005Infra & SaaSvercel_blog

    `Vercel` `Chat SDK` adds `Messenger` adapter

    60radar
    Chat SDKChat app SDK — adapter-based support for messaging channels

    Meta channel support just got easier: one adapter now covers messages, reactions, media downloads, postbacks, and DMs. Useful if you want to ship customer-facing agents on Messenger without building the transport layer yourself.

    • The adapter supports core Messenger flows: messages, reactions, multimedia downloads, postback buttons, and direct conversations.
    • Display names are fetched automatically from user profiles, removing one small but annoying identity-mapping step.
    • Vercel points to three paths: use the docs, browse supported adapters, or build a custom adapter if your channel is missing.
    • This came from community work in PR #461, which suggests the adapter surface is extensible rather than locked to first-party channels.
    Source: vercel.com/changelog/chat-sdk-adds-messenger-adapterRead original →
  • #0004Infra & SaaSvercel_blog

    `Chat SDK` adds cross-platform conversation history

    70radar
    Chat SDKBot-building SDK — shared conversation state across channels

    Message history can now persist across channels with transcripts and identity, instead of rebuilding memory per surface. If you run support or assistant bots on web and app together, this removes a common state-sync chore and is worth adopting now.

    • transcripts and identity let one user keep the same history across every platform adapter, so web, app, and other bot surfaces stop fragmenting context.
    • bot.transcripts exposes 4 methods: append, list, count, and delete. The API covers write, read, usage tracking, and reset without extra glue code.
    • The feature sits on top of your existing state adapter, so you do not need a separate transcript store design if you already use the SDK's persistence layer.
    • list returns entries chronologically with filters, which makes replay, debugging, and lightweight conversation analytics easier to ship.
    • This mainly cuts backend plumbing rather than unlocking a new UX category, but that plumbing is exactly what slows small teams down.
    Source: vercel.com/changelog/chat-sdk-conversation-historyRead original →
  • #0003Infra & SaaSvercel_blog

    `Chat SDK` adds a web adapter for browser chat UIs

    60radar
    Chat SDKChat UI SDK — connects server bots to browsers

    Browser chat can now connect directly with a server-defined bot and stream replies live through useChat. This cuts setup for in-product support or assistant UIs and is practical if you already ship on Vercel's AI stack.

    • The new web adapter connects browser-based chat UIs to a bot defined on your server, reducing glue code between frontend and backend.
    • Replies stream live to the browser through the preconfigured @ai-sdk/react useChat hook, so a basic chat surface is faster to stand up.
    • The target use cases are clear: in-product assistants, support agents, and other embedded browser chat experiences.
    • Vercel also points to adapter docs and custom adapter guidance, so the release is not just a demo path but an integration surface.
    Source: vercel.com/changelog/chat-sdk-adds-web-adapter-supportRead original →
Thu, May 72 dispatches
  • #0002Infra & SaaSvercel_blog

    `Next.js` security release patches 13 flaws; upgrade to `15.5.18` or `16.2.6`

    90radar

    This fixes 13 issues across auth bypass, DoS, SSRF, cache poisoning, and XSS, with no reliable WAF fallback. If you run middleware.js, Server Functions, Image Optimization, or RSC caching, this is an immediate patch cycle.

    • Authorization paths are exposed in multiple ways: middleware.js/proxy.js apps are affected by segment-prefetch, i18n default-locale, and dynamic route injection bypasses.
    • Runtime risk is broad, not edge-case: DoS hits React Server Components, Cache Components, and the Image Optimization API, so default framework features are in scope.
    • WebSocket upgrade handling has an SSRF advisory. Any app bridging internal services through upgrade requests should treat this as perimeter-breaking.
    • Caching setups need scrutiny twice: one advisory targets RSC response poisoning, another targets collisions in RSC cache-busting. CDN or reverse-proxy stacks are not neutral here.
    • Fixed targets are explicit: upgrade Next.js 15.x to 15.5.18, 16.x to 16.2.6, and matching react-server-dom-* packages to 19.0.6 / 19.1.7 / 19.2.6.
    Source: vercel.com/changelog/next-js-may-2026-security-releaseRead original →
  • #0001Infra & SaaSvercel_blog

    `Vercel Flags` now supports JSON values

    70radar
    Vercel FlagsFeature flag service — built to fit `Vercel` deployments

    Related config can now live in one flag instead of being split across several. That makes model rollouts, A/B tests, and provider failover less brittle, so it is worth using if Vercel Flags is already in the stack.

    • A single JSON flag can replace separate boolean, string, and number flags tied to the same feature config.
    • The example is model experimentation: one ai_model object can hold settings that previously needed ai_model, ai_temperature, and ai_max_tokens.
    • This fits progressive traffic routing to a new model, controlled A/B tests, and fast provider switching during outages.
    Source: vercel.com/changelog/vercel-flags-now-supports-json-valuRead original →