Query plan caching improves performance by reusing execution plans. I use prepared statements to parse once, execute many times. PostgreSQL caches plans after 5 executions. Plan invalidation occurs when statistics change. Generic plans vs custom plans

The Fetch API provides modern interface for HTTP requests returning promises. I use fetch(url) to make GET requests that resolve with Response objects. The response.json() parses JSON data asynchronously. POST requests need method, headers, and body o

Soft deletes mark records as deleted without removing them from the database, enabling recovery and audit trails. I add SoftDeletes trait to models and a deleted_at timestamp column. Calling delete() sets deleted_at instead of removing rows. Soft-dele

Rails’ built-in encryption makes it easier to protect PII at rest. Use it for fields like phone numbers or external tokens. Combine with deterministic encryption when you need lookup-by-value.

Once services talk to other services, logs alone don’t tell you where time goes. I like OpenTelemetry because it’s vendor-neutral: export to Honeycomb, Datadog, Tempo—whatever your team uses. I keep the initial setup minimal: instrument http, express,

For queries too complex for the ORM, I use raw SQL. The raw() method returns model instances. I use cursor.execute() for non-model queries. I always use parameterized queries to prevent SQL injection—never string interpolation. For reporting, raw SQL

Window functions perform calculations across rows related to the current row. I use them for running totals, rankings, and moving averages. Django's Window expression with functions like RowNumber, Rank, DenseRank provide SQL window function support.

For structs with many optional fields, the builder pattern provides a fluent API for construction. I define a separate Builder struct with methods that return self for chaining. The final build() method validates and returns the target struct. This is

Large request bodies are where naive code falls over. Instead of io.ReadAll, I decode JSON incrementally with json.Decoder and enable DisallowUnknownFields so unexpected fields fail fast. That becomes a surprisingly strong safety net when you evolve A

Authorization filters often become string-SQL soup. Use Arel to build composable scopes that are still readable and safe. This snippet shows a “visible_to(member)” scope with a join and a condition that can evolve without turning into interpolated SQL

Service objects extract complex business logic from models and controllers, following Single Responsibility Principle. I structure services with a clear public interface—typically a call method. Services handle multi-step operations, external API call

Mobile navigation requires different patterns than desktop—hamburger menus, slide-out drawers, and touch-friendly interactions. I build a responsive nav with Stimulus that shows a mobile menu button below a breakpoint and auto-hides when links are cli