rails

rack-mini-profiler reveals performance bottlenecks in Rails apps. It displays database queries, rendering time, memory allocation on every page. I use Flamegraphs to visualize where time is spent. Memory profiling identifies allocation hotspots. Query

Long-running jobs are where Hotwire can feel magical: start an export, then watch progress update live. I give each job a “progress” model, render it in a turbo_frame_tag, and broadcast replacements as the job advances. The job updates percent and sta

Even with model broadcasts, it’s useful to know how streams map to ActionCable channels. Turbo::StreamsChannel is essentially a channel that streams from a signed stream name. When I need custom behavior, I still follow the same scoping rules: identif

APIs are easier to operate when errors are structured and consistent. Wrap errors into a problem-details style response with a stable type and request_id so support can quickly trace issues.

User content needs defense in depth: markdown rendering + sanitization + link attribute hygiene. Keep the allowed tags list explicit and test it. Don’t trust upstream renderers to be safe by default.

Production visibility requires more than basic request logging. I instrument critical code paths using ActiveSupport::Notifications to publish custom metrics that monitoring services consume. Each instrumented block publishes events with timing data,

Turbo Frames can trigger lots of small requests, so caching matters. For expensive frame endpoints (like an activity panel), I use stale? with an ETag that includes a cache key and the latest update timestamp. If the content hasn’t changed, Rails retu

Sidekiq processes background jobs asynchronously using Redis and multi-threading. ActiveJob provides framework-agnostic interface—I use it for portability between job processors. Jobs handle emails, data processing, API calls, report generation. perfo

When a page has many small targets, wiring dozens of Turbo Stream operations can get noisy. Rails’ broadcasts_refreshes (Rails 7.1+) lets you take a pragmatic approach: broadcast a refresh, and Turbo morphs the page. It’s not always the right choice (

When receiving webhooks from external services, signature verification ensures the payload comes from the claimed sender and hasn't been tampered with. Services like Stripe and GitHub include an HMAC signature in headers computed from the request body

For apps with replicas, route read-only code paths to reading role and enforce prevent_writes. This is a strong reliability move: accidental writes on replicas become exceptions instead of silent data loss.

Direct deletes can be risky and slow. Mark records for deletion, then sweep in batches in a maintenance job. This gives you observability and a rollback window.