<![CDATA[Sober Group — Sobriety & Addiction Recovery Community Forums

<![CDATA[Sober Group — Sobriety & Addiction Recovery Community Forums - Website Development]]> https://sobergroup.com/forums/ Sober Group Technical Services excels at providing comprehensive website development services, guiding clients through each phase of the process, from initial wireframe designs to minimal viable products and ultimately to fully functional websites. Our team of seasoned professionals is dedicated to providing personalized and prompt services, ensuring that the final product meets and exceeds client expectations.

As evidence of our commitment to security and privacy, we adhere to the stringent HIPAA compliance standards, protecting sensitive information and placing a premium on the protection of user data. As a result, clients can confidently embark on their digital journey with Sober Group Technical Services, knowing their online presence is captivating and secure.]]> en Wed, 03 Jun 2026 18:07:29 GMT vBulletin 60 https://sobergroup.com/forums/images/misc/rss.png <![CDATA[Sober Group — Sobriety & Addiction Recovery Community Forums - Website Development]]> https://sobergroup.com/forums/ Forging Her Own Path: Houmahani Kane’s Journey in Creative Development https://sobergroup.com/forums/forum/services/website-development/19306-forging-her-own-path-houmahani-kane’s-journey-in-creative-development Wed, 03 Jun 2026 16:30:01 GMT From self-taught beginnings to real client work, I share my journey, key projects, and the challenges that shaped my approach to building interactive...
More...]]> Website Development MyrinNew https://sobergroup.com/forums/forum/services/website-development/19306-forging-her-own-path-houmahani-kane’s-journey-in-creative-development @function https://sobergroup.com/forums/forum/services/website-development/19305-function Wed, 03 Jun 2026 16:30:01 GMT The @function at-rule defines CSS custom functions. These custom functions are reusable blocks of CSS that can accept arguments, contain complex...

@function originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

More...]]> Website Development MyrinNew https://sobergroup.com/forums/forum/services/website-development/19305-function @custom-media https://sobergroup.com/forums/forum/services/website-development/19304-custom-media Wed, 03 Jun 2026 16:30:01 GMT The CSS @custom-media at-rule allows creating aliases for media queries. @custom-media (https://css-tricks.com/almanac/rules/c/custom-media/)...

@custom-media originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

More...]]> Website Development MyrinNew https://sobergroup.com/forums/forum/services/website-development/19304-custom-media offset-path https://sobergroup.com/forums/forum/services/website-development/19303-offset-path Wed, 03 Jun 2026 16:30:01 GMT The offset-path property in CSS defines a movement path for an element to follow during animation. This property began life as motion-path. This,...
This property began life as motion-path. This, and all other related motion-* properties, are being renamed offset-* in the spec. We’re changing …

offset-path originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

More...]]> Website Development MyrinNew https://sobergroup.com/forums/forum/services/website-development/19303-offset-path How To Make Your Design System AI-Ready https://sobergroup.com/forums/forum/services/website-development/19302-how-to-make-your-design-system-ai-ready Wed, 03 Jun 2026 16:30:01 GMT AI-generated prototypes often don't deliver consistently decent results because of tiny inconsistencies scattered all across a design system. I's decisions made but not documented, hard-coded values never cleaned up, or relying too much on AI making sense of mock-ups or design flows on its own.

Yesterday I stumbled upon a useful practical guide by Hardik Pandya from Atlassian — on how to reduce drifts, minimize mistakes, maintain context, and improve the quality of AI-generated prototypes. Let’s see how it works.

1. Design Decisions Are Infrastructure
Unsurprisingly, better AI prototypes come from better data — but also from better human guidance. We shouldn’t assume that AI knows how to choose the right component and how to design with accessibility in mind. It needs priorities, a clear path on how we make decisions, design principles, examples, do’s and don’ts.

In fact, we should treat design decisions as infrastructure. That means that every time we make a decision — not just a design decision, but even a decision on how to actually prioritize our work and how we make decisions around here — it must find a path into the spec file that is then consumed by AI.

2. Auditing: FigmaLint
One of the useful tools to audit the quality of the design system is FigmaLint. It’s a useful free Figma plugin for auditing tokens, states, accessibility, binding tokens, renaming layers, detecting detached instances, missing interactive states and hard-coded values — and preparing the design documentation.

If you often have to work with vendors and third parties who supply you with their design systems and component libraries, that’s a great helper to have by your side — especially if you want to improve the quality of prototypes, AI-generated code, and AI-written documentation.

3. Three Layers: Spec Files + Token Layer + Auditing
To ensure quality, we establish design principles, guidelines, and rules in the form of “spec files”. It’s structured Markdown files that include spacing rules, color choices, component usage guidelines, priorities, etc. AI is going to read and reuse that spec file every time it’s going to generate a prototype.

Because the spec files are text files, it’s much more cost-effective but also much more accurate, just because we don’t rely on AI recognizing or decoding patterns from mock-ups but get specific guidelines instead. In fact, extending code is often a more effective way than generating code from mock-ups.

The token layer lists and keeps updated all tokens used throughout the design system. AI always chooses from a closed set of named variables instead of inventing plausible values ad hoc.

An audit script catches what AI gets wrong. It scans the prototype and flags every hard-coded value and flags it if necessary. It can be a regular software doing that, with AI waiting for its feedback to come back.

Finally, when a design system ships updates, a sync routine flags which spec files need updating. The goal is to make sure that AI always reads up-to-date, current specs, not the ones written against an outdated version.

4. Examples of AI-Ready Design Systems

Wrapping Up
Ultimately, AI cannot magically resolve technical debt or design debt without proper guidance. It relies heavily on clear decisions, established priorities, and well-defined principles.

The more deliberate and precise designers are in guiding AI, the better the overall outcomes will be. This requires not just cleaning up and improving design systems but also maintaining them over time as decisions need to trickle down into Markdown files. We’ll be busy for years to come.

Meet “Design Patterns For AI Interfaces”
Meet Design Patterns For AI Interfaces, Vitaly’s new video course with 100s of real-life examples and UX guidelines to design AI features that people actually use — with a live UX training later this year. Jump to a free preview.

Meet Design Patterns For AI Interfaces, Vitaly’s video course on interface design & UX.

Video + UX Training

$ 450.00 $ 799.00

Get Video + UX Training
30 video lessons (10h) + Live UX Training.
100 days money-back-guarantee.

Video only

$ 275.00$ 395.00

Get the video course
30 video lessons (10h). Updated yearly.
Also available as a UX Bundle with 3 video courses.

Useful Resources

FigmaLint, by TJ Pitre
Atlassian AI-Ready Design System Example, by Atlassian
Carbon AI-Ready Design System Example, by IBM
CMS Design System AI-Ready Example, by Centers for Medicare & Medicaid Services
Nordhealth AI-Ready Design System Example, by Nordhealth

More...]]> Website Development MyrinNew https://sobergroup.com/forums/forum/services/website-development/19302-how-to-make-your-design-system-ai-ready How to Build Responsive Designs and Scroll Effects with CSS Container Queries https://sobergroup.com/forums/forum/services/website-development/19301-how-to-build-responsive-designs-and-scroll-effects-with-css-container-queries Wed, 03 Jun 2026 16:30:01 GMT Container queries let you target specific sections of your webpage and apply styles to create customizable, responsive designs based on the... Container queries let you target specific sections of your webpage and apply styles to create customizable, responsive designs based on the container's size rather than that of the viewport. This guid

More...]]> Website Development MyrinNew https://sobergroup.com/forums/forum/services/website-development/19301-how-to-build-responsive-designs-and-scroll-effects-with-css-container-queries Manual Testing: How We Make Sure Software Works Correctly https://sobergroup.com/forums/forum/services/website-development/19300-manual-testing-how-we-make-sure-software-works-correctly Wed, 03 Jun 2026 16:30:01 GMT Have you ever played a video game that suddenly stopped working? Or used an app that showed the wrong answer? That happens when software is not... Software Testing comes in. Testing is simply the act of checking whether a software application is working the way it is supposed to work.

In this blog, I will talk about four very important topics in software testing:

Common Manual Testing Techniques
Boundary Value Analysis
Decision Table Testing
The Future of Manual Testing in the Age of AI
Let us begin!

1. Common Manual Testing Techniques

Think of manual testing like a human inspector at a factory. Instead of a machine checking the product, a real person uses the software and checks if it works correctly. The person does this step by step, without using any automated tools.

Here are the most common ways manual testing is done:

Exploratory Testing

In this technique, the tester does not follow a fixed script. Instead, they explore the software freely — just like how you would explore a new video game without reading the instruction manual. The tester uses their experience and curiosity to find bugs.

For example, a tester might try typing very long names in a form or clicking buttons very fast to see if the software breaks.

Black Box Testing

In black box testing, the tester does not know how the software is built inside. They only look at what goes in (input) and what comes out (output). It is like using a TV remote — you press a button and check if the right channel appears. You do not care how the electronics inside work.

This is very useful because real users also do not know the internal code. So this testing checks the software from the user's point of view.

White Box Testing

This is the opposite of black box testing. Here, the tester knows the internal code of the software. They check if each part of the code is working correctly. This is like a mechanic opening a car's engine and checking each part carefully.

Smoke Testing

Before doing detailed testing, testers first do a quick check to see if the software starts and basic things work. This is called smoke testing. It is like switching on a new TV — first you just check if it turns on and shows a picture. If that does not work, there is no point checking other features.

Regression Testing

Every time developers make a change or fix a bug, testers check whether the fix accidentally broke something else. This is called regression testing. Imagine if someone fixed a leaking pipe but accidentally broke a window — you would want to check everything after repairs.

User Acceptance Testing (UAT)

Before software is released to real users, it is given to a small group of actual users to test. They check if the software does what they expected. If they are happy, the software is approved for release.

2. Boundary Value Analysis

Now let us talk about a very clever testing technique called Boundary Value Analysis, or BVA.

Imagine your school says students must be between 5 and 18 years old to join. The "boundaries" are 5 and 18. Boundary Value Analysis says: most bugs hide near the edges, not in the middle.

So if a form accepts ages from 5 to 18, a good tester would check:

Just below the minimum: age 4 (should be rejected)
Exactly at the minimum: age 5 (should be accepted)
Just above the minimum: age 6 (should be accepted)
Just below the maximum: age 17 (should be accepted)
Exactly at the maximum: age 18 (should be accepted)
Just above the maximum: age 19 (should be rejected)
Why do bugs hide at boundaries? Because when programmers write code, they sometimes make small mistakes like writing > instead of >=. These small mistakes cause the software to behave incorrectly at the edges.

Real-life Example at NSDL

At my workplace, we test demat account opening forms. If a PAN number must be exactly 10 characters, we test with 9 characters, 10 characters, and 11 characters. This way, we catch bugs that only appear at the exact edges of the allowed range.

Why BVA is powerful:

It reduces the number of test cases needed
It finds bugs that normal testing might miss

- It is simple, logical, and easy to explain

3. Decision Table Testing

Now let us talk about Decision Table Testing. This technique is used when software behaves differently based on different combinations of conditions.

Let me give you a fun example. Imagine a pizza app with these rules:

Yes	Yes	30% off
Yes	No	10% off
No	Yes	15% off
No	No	No discount

This table shows every possible combination of conditions and what the system should do. This is a Decision Table.

Why Do We Need Decision Tables?

Sometimes software has many rules that interact with each other. It is very easy to miss a combination. A decision table makes sure we test every single combination of conditions.

How to Create a Decision Table

Step 1 — List all the conditions (for example: is the user logged in? Is the payment successful? Is the item in stock?)

Step 2 — List all the actions or results (for example: show order confirmation, show error message)

Step 3 — Fill in every possible combination of Yes/No for each condition

Step 4 — Write test cases for each column of the table

Real-life Example

At NSDL, when we test KYC validation for demat accounts, we deal with multiple conditions:

Is the PAN number valid?
Is the KRA database responding?
Is the account type individual or corporate?
Each combination needs to be tested. Decision table testing ensures we do not miss any scenario, which is very important in financial software where errors can affect real money and real accounts.

4. The Future of Manual Testing in the Age of AI

This is the most exciting topic! The world is changing very fast. AI (Artificial Intelligence) tools are becoming part of every industry, including software testing. So what will happen to manual testers like us?

What AI Is Already Doing in Testing

AI tools can now:

Write test cases automatically by reading the requirements
Find bugs faster by learning from past bug patterns
Run thousands of tests in a few minutes (automated testing)
Predict which parts of the software are likely to have bugs
Tools like Selenium, Appium, and AI-powered platforms like Testim, Mabl, and Functionize are already being used by companies to speed up testing.

Will AI Replace Manual Testers?

This is the big question everyone is asking. The honest answer is: AI will not replace manual testers — it will change what manual testers do.

Here is why:

AI is very good at repetitive tasks. Running the same test 1000 times? AI wins. But AI cannot think creatively. It cannot understand human emotions, user experience, or business logic the way a human can.

Manual testers are still needed for:

Exploratory testing, where creativity and curiosity matter
Understanding business requirements and user expectations
Testing usability — does the app feel easy and natural to use?
Ethical testing — is the software fair to all users?
Reviewing AI-generated test results and deciding what they mean
### The New Role of Manual Testers

The future manual tester will be someone who:

Understands AI tools and knows how to work with them
Writes smart test strategies that AI can execute
Focuses on exploratory and risk-based testing — areas where human judgment is needed
Knows API testing and database validation — skills that remain relevant
Learns automation basics — at least enough to collaborate with automation engineers
### My Personal Journey

As a QA engineer at NSDL, I have already started this journey. I independently learned Postman for API testing and built Mock Servers to simulate external systems. I have also started Core Java and Selenium training to move towards automation.

The message is clear: upskill, adapt, and stay curious. Manual testers who keep learning will not only survive but thrive in the AI era.

Conclusion

Software testing is not just about finding bugs. It is about making sure that when you press a button in an app, the right thing happens. Techniques like Boundary Value Analysis and Decision Table Testing help testers be smart and organized. And even as AI becomes more powerful, human testers will always be needed to bring judgment, creativity, and business understanding to the table.

If you are a beginner in testing — start today. Learn the basics, practice on real projects, and never stop learning. The field is growing, and there is a place for everyone who is willing to work hard.

Happy Testing!

Published by Gayatri Suryavanshi | QA Engineer | NSDL Mumbai

Connect with me on LinkedIn | GitHub

More...]]> Website Development MyrinNew https://sobergroup.com/forums/forum/services/website-development/19300-manual-testing-how-we-make-sure-software-works-correctly NHI Governance Is the Outcome. GitGuardian Is How You Get There https://sobergroup.com/forums/forum/services/website-development/19299-nhi-governance-is-the-outcome-gitguardian-is-how-you-get-there Wed, 03 Jun 2026 16:30:01 GMT There is a category mistake that happens all the time in the non-human identity (NHI) market. People talk about governance as if it were a box you...

NHI governance is the outcome of the hard work of understanding what you have and whether each identity is in a desired state. It is the condition you reach when your organization can see non-human identities, understand what access they hold, detect when that access becomes risky, and prove remediation efforts were taken when something went wrong.

That is exactly why GitGuardian's secrets-first model makes sense for organizations fighting for visibility and control of their sprawling non-human identity inventories.

The GitGuardian platform is built around the pragmatic truth that, if a non-human identity authenticates with an API key, token, service credential, or other secret-backed authentication string, that secret becomes the best artifact for discovering the identity, understanding its reach, and explaining the security state of the access it enables. GitGuardian gives teams true visibility over all NHI secrets across infrastructure, tying that visibility to hygiene improvement and breach reduction.

Let's take a look at the platform, feature by feature, to understand how we deliver on our promise to help you reach your NHI governance goals.

Start With the Secrets You Can Actually See

GitGuardian helps teams get to NHI governance by starting with the thing most organizations can observe right now: the secrets their non-human identities rely on. These access mechanisms provide a pragmatic approach to mapping your identities across your environments.

Most teams do not begin with a complete, clean inventory of every service account, workload identity, automation token, certificate, and API credential in the environment. They begin with fragments. They know some of what lives in cloud IAM. They know some of what lives in their vaults. They know some of what was set up by platform teams, some by developers, and some by vendors. The rest shows up in scattered evidence across the software lifecycle.

GitGuardian gives you visibility into your secrets that should never have been left as plaintext, such as source code and configuration files. But it also extends to the systems surrounding software delivery, where credentials are copied, pasted, cached, logged, and forgotten. This includes messaging systems like Slack, ticketing systems like Jira, and container registries like Amazon ECR, among dozens of other places.

That is the first governance outcome GitGuardian supports. Teams get a clearer view of the real identity surface, not the planned one. If a secret exists in a system of record but has also spread into a support ticket or a shared internal workspace, the state of that identity has already changed. That secret is now part of a broader exposure story, and GitGuardian gives teams a way to see it.

Extend the View Into the Vaults

Secrets visibility only goes so far if the picture ends at plaintext exposure. GitGuardian extends the model by indexing secrets from the places teams intentionally store them — enterprise secrets managers such as Hashicorp Vault and CyberArk's Conjur, or cloud providers such as AWS Secrets Manager or Azure Key Vault.

GitGuardian collects secret metadata to enrich the inventory without sending secret values in the clear. GitGuardian is no longer only telling you what leaked. It is also helping you understand the managed layer where those secrets are supposed to live.

That creates a much more useful inventory across infrastructure. Teams can see the secrets created within approved systems and compare that state with the same credentials discovered elsewhere in the organization. The same secret in a vault, a private repository, and a team chat means something has gone wrong with your governance plan. GitGuardian provides a single view that is much closer to the truth of how access actually works inside modern systems.

Confronting Vault Sprawl In NHI Governance

Vault visibility also surfaces a problem that deserves more attention than it usually gets: vault sprawl.

Many organizations have done the right thing in spirit and still carry unnecessary complexity in practice. They have multiple secret managers, overlapping teams, inherited platforms, duplicated values, and different operational habits across cloud, product, and security groups.

GitGuardian helps expose that overhead by showing where the same secret is duplicated, reused, or spread across environments. The product's posture policies explicitly include duplicated secrets, reused secrets, and cross-environment secrets.

The GitGuardian platform does not just tell you that a vault exists. It helps you see whether the state of your vault-backed secrets is clean, duplicated, sprawling, or risky.

Turn Secret Discovery Into a Live Inventory

Turning your detection findings into a living inventory is where the larger governance story starts to come together. GitGuardian's platform provides a centralized NHI inventory connecting discovered identities, secrets, and related context. This makes it easy for teams to search, review, and prioritize what they have across the whole of their enterprise environment. The goal is a unified visibility into the cloud identity footprint, with graph-based relationships across identities, policies, and secrets.

That inventory matters most when it reflects state instead of aspiration. A spreadsheet of service accounts does not tell you where credentials have spread. A static export from one platform does not tell you whether the same secret is reused somewhere else, duplicated in another system, or exposed outside the boundary where it was meant to live. GitGuardian brings those questions together because its model starts with the secret itself and then layers in identity, source, ownership, and policy context around it.

Each non-human identity has a visual knowledge graph on GitGuardian that maps the systems where they are created, stored, and used, and layers metadata from each source into a unified model. The platform, using ggscout, collects the fingerprint of secrets and related metadata from supported secrets managers, while CI and infrastructure sources add the "where" NHIs are used and consumed. Cloud IAM systems, including Microsoft Entra and AWS IAM, add permissions and policy context, other identity providers extend identity coverage, and SaaS providers add visibility into usage and potential exposure.

GitGuardian gives you one contextual view of NHI posture. That makes the inventory operational. Which credentials are active? Which ones are leaking across trust boundaries? Which ones are tied to sensitive roles or broad permissions? Which ones are duplicated across storage locations? Governance gets more concrete once the inventory reflects those conditions.

Add Ownership to the Inventory

Inventory alone does not move risk. Someone has to own the identities, the credentials, and the cleanup. GitGuardian lets teams assign responsibility to non-human identities directly in the inventory. This helps close the accountability gap for machine identities, speed remediation, and support compliance expectations.

Most teams already know the mechanical work of secret rotation, credential cleanup, and policy review. The real slowdown usually comes from ambiguity. Who owns this service principal? Who is responsible for the token tied to this automation? Who decides whether a duplicated credential can be removed? Who gets paged when a leaked secret is tied to a business-critical workflow? GitGuardian makes that ambiguity visible and more manageable by placing ownership alongside the identity record itself.

Ownership also changes how teams can talk about governance internally. The conversation stops being "we found another secret" and becomes "this identity is out of policy, here is the owner, and here is the condition that needs to be resolved." That is a much healthier operational model. It turns secret incidents into identity decisions, and it gives engineering, platform, and security teams a common object to work on together.

Use Policy to Define Acceptable State

Governance needs a line between acceptable and unacceptable states. GitGuardian's NHI Governance posture policies provide that line in a way that stays close to observable conditions. These policies are informed by the OWASP Top 10 for NHIs, and the currently documented set includes publicly leaked secrets, internally leaked secrets, cross-environment secrets, reused secrets, and duplicated secrets.

These policies work because they are concrete. They describe conditions a team can verify. A secret is either publicly exposed or not. A credential is reused across identities, or it is not. A secret crosses environment boundaries or it does not. A value is duplicated across storage locations, or it is not. That makes policy useful as an operational tool instead of a vague aspiration.

It also helps teams mature without pretending they need to solve every machine identity problem in one move. A team can start by reducing public exposure. Then it can work on internal sprawl, duplication, and environment separation. From there, it can move toward cleaner ownership, stronger storage patterns, and narrower permissions. GitGuardian supports that progression because the product is built to show the current state, not just the ideal future state.

GitGuardian Helps Teams Earn the Outcome

NHI governance is the result of understanding what exists, its current state, who owns it, and whether that condition is acceptable. What is acceptable to your team can only be determined by your circumstances and risk tolerances.

GitGuardian helps teams achieve their desired outcomes by prioritizing secrets visibility first. It finds credentials where they were exposed across the software lifecycle. It extends that picture into the vaults and managed stores where those credentials are supposed to live. It turns those fragments into an identity inventory that can be searched, reviewed, and prioritized. It adds ownership so someone is accountable for cleanup and decision-making. It enriches the picture with identity and permission context so teams can understand the impact. It applies posture policies so governance has a measurable definition.

GitGuardian gives teams a better view into the state of their non-human identities by following the secrets those identities depend on. For a problem as messy and distributed as machine identity governance, that is exactly where organizations should start.

We would be happy to help.

More...]]> Website Development MyrinNew https://sobergroup.com/forums/forum/services/website-development/19299-nhi-governance-is-the-outcome-gitguardian-is-how-you-get-there <![CDATA[We rewrote Apache Airflow's control plane in Go (and kept the UI)]]> https://sobergroup.com/forums/forum/services/website-development/19298-we-rewrote-apache-airflow-s-control-plane-in-go-and-kept-the-ui Wed, 03 Jun 2026 16:30:01 GMT TL;DR — Leoflow v0.0.1 just shipped. It speaks the Airflow API, runs the Airflow 3.2.x UI unmodified, but replaces the Python control plane with Go....
TL;DR — Leoflow v0.0.1 just shipped. It speaks the Airflow API, runs the Airflow 3.2.x UI unmodified, but replaces the Python control plane with Go. Pod-per-task is the only execution mode. Each DAG is its own container image. Fan-in (map-reduce) is a Python list comprehension. Install: curl -fsSL https://raw.githubusercontent.com/ne...ain/install.sh | sh. GitHub: neochaotic/leoflow — stars and issues warmly accepted.

The 3 AM pager

You know the one. The scheduler stalled again. Or the triggerer suffocated under 500 sensors. Or a worker leaked file descriptors until Kubernetes OOMKilled it mid-run. Or someone bumped pandas for the new DAG and broke six legacy ones because they all share the same image.

Apache Airflow is the most widely deployed workflow orchestrator on earth. It is also the one that bleeds the most in production. None of those wounds are bugs — they are structural consequences of running orchestration through a Python control plane. You cannot patch the GIL. You cannot make DagBag reparse cheap. You cannot make Celery workers ephemeral without rewriting them.

So we did the only thing left: we kept everything Airflow got right and replaced everything that bleeds.

What "kept" means

We did not invent a new model. Airflow's KubernetesExecutor proved years ago that pod-per-task is correct: each task gets its own container, its own resources, its own lifecycle. You can't leak a process that exits.

We also did not invent a new UI. The Airflow 3.2.x React SPA ships embedded inside the Leoflow server binary. Your team's muscle memory survives the migration.

What we kept:

The pod-per-task execution model
The Airflow 3.2.x UI (literally the same React build, served from /)
The HTTP API shape (/api/v2/dags/..., /api/v2/dagRuns/..., etc.)
The vocabulary: DAG, TaskInstance, DagRun, XCom, Trigger Rules
The DAG-authoring dialect — from airflow.sdk import DAG, task, TaskFlow, classic operators

What we threw out:

The Python scheduler. It's Go now.
The Python triggerer. Sensors are 2 KB goroutines.
The shared /dags folder. Each DAG is its own immutable container image.
The "long-lived Celery worker" model. Every task is an ephemeral pod.

What it looks like to write a DAG

Two files. That's the whole project.

leoflow.yaml — your deploy concerns

dag_id: etl_sales
python_version: "3.11"
dependencies:
- pandas==2.1.0
- requests==2.31.0

dag.py — your DAG, in real Airflow SDK 3.2.x

from airflow.sdk import DAG, task

@task
def fetch() -> list[dict]:
import requests
return requests.get("[https://api.example.com/orders](https://api.example.com/orders)").json()

@task
def transform(orders: list[dict]) -> list[dict]:
return [{"id": o["id"], "value": o["amount"] * 1.1} for o in orders]

with DAG("etl_sales", schedule="0 5 * * *", catchup=False):
transform(fetch())

# generates Dockerfile, builds image, emits dag.json
leoflow compile .

# registers a new versioned DAG
leoflow push ./dag.json

No Dockerfile. No requirements.txt. No Helm values.yaml for this DAG. No pyproject.toml. The compiler reads leoflow.yaml, generates a Dockerfile against the official base image (leoflow/python-runtime:3.11), builds, pushes to your registry, and registers a versioned dag.json with the control plane. That's the whole inner loop.

For local development, leoflow lite provisions a managed Postgres, hot-reloads on every save, gives each DAG its own per-DAG virtualenv at ~/.leoflow/dev/venvs//, and auto-detects uv on PATH for 5–10× faster cold installs. Two DAGs that pin conflicting versions of the same package coexist without interference. This is the bit that made me file the issue against Airflow for the first time, ten years ago. We finally have it.

Map-reduce, as a Python list comprehension

Hyperparameter search. K-fold cross-validation. Ensemble training. Monte Carlo. Every parallel ML workload is map-reduce. Most orchestrators make you build it: an operator per fan-out, a broker for the intermediate values, shared storage for the artifacts, a custom reducer that knows how to find them all.

Leoflow expresses the whole pattern in two lines of Python:

from airflow.sdk import DAG, task

@task
def trial(lr: float) -> dict:
return train_one(lr) # map

@task
def select_best(trials: list[dict]) -> dict:
return max(trials, key=lambda r: r["score"]) # reduce

with DAG("hparam_search", schedule=None):
select_best([trial(lr) for lr in [0.001, 0.01, 0.05, 0.1, 0.5]])

That [trial(lr) for lr in …] is the whole map. trials: list[dict] is the whole reduce.

No XCom plumbing, no broker, no shared filesystem, no special operator. The parser captures the list shape at compile time; the runtime assembles upstream XComs in declaration order and delivers them as a real Python list. Per-trial isolation (own pod, own process, own venv if you want). Per-trial retry. Deterministic ordering. A 256 KB cap per upstream value. A null slot for any upstream that legitimately produced no result.

If you have ever written a Celery chord by hand, take a moment.

Architecture

┌───────────────────────────────────────────────── ──────────────┐
│ Author / CI │
│ leoflow.yaml + dag.py + (auto-generated) Dockerfile │
└───────────────────────────────┬───────────────── ──────────────┘
│ leoflow compile / push
▼
┌───────────────────────────────────────────────── ──────────────┐
│ Control plane — Go │
│ ┌───────────────────────────────────────────────── ──────────┐
│ │ HTTP API /api/v2 · JWT · RBAC · multi-tenant │
│ ├───────────────────────────────────────────────── ──────────┤
│ │ Scheduler state machine · cron · catchup │
│ │ · PG-advisory-lock leader election │
│ │ · retries with backoff │
│ ├───────────────────────────────────────────────── ──────────┤
│ │ Agent gRPC service · task spec · state · XCom · logs │
│ └───────────────────────────────────────────────── ──────────┘
│ │ │
│ Postgres (metadata) Redis (XCom + log) │
└───────┼──────────────────────────────────┼────── ──────────────┘
│ dispatch: one pod per task │
▼ │
┌───────────────────────────────────────┐ │
│ Kubernetes │ │
│ ┌─────────────────────────────────┐ │ │
│ │ Worker pod = your DAG image │ │ │
│ │ │ │ │
│ │ leoflow-agent (15 MB Go bin) │ │ │
│ │ ⇅ gRPC │ │ │
│ │ your Python / Bash code │──┼──┘
│ └─────────────────────────────────┘ │
└───────────────────────────────────────┘

Short-lived http_api tasks skip the pod and run inline as goroutines (capped). Everything else runs pod-per-task, every time. Concurrency is goroutines and pods — no Celery, no triggerer process, no shared worker pool.

A few specifics worth calling out:

Leader election is a Postgres advisory lock. No external coordinator. No ZooKeeper, no etcd, no Raft library. It is the kind of decision you can explain to a new hire in 30 seconds.
XCom lives in Postgres on Lite (small, no Redis required for laptop dev) and Redis on Pro. 256 KB cap, optional schema validation, last-write-wins.
Connections are encrypted at rest with AES-256-GCM and delivered to tasks via Airflow's standard AIRFLOW_CONN_ env var. Postgres / MySQL / SQLite / MSSQL / Redis / HTTP / GCS connectors ship with chain-of-custody-tested integration tests.
The agent is a static Go binary, ~15 MB. PID 1 of the task pod. Talks gRPC back to the control plane. Forks one process per task. Does not buffer Python output (-u plus PYTHONUNBUFFERED=1), because watching a SIGKILL race steal half of the user's print() output is its own kind of torment.

The numbers (the only honest part of any orchestration README)

We are not going to claim "1000× faster" because nobody who has run real pipelines believes you. Here is what falls out of replacing the control plane:

Scheduler decision latency	3–10 s per task
Sensor concurrency	~500 (asyncio Triggerer)	100,000+ — each sensor is a 2 KB goroutine
DAG parsing cost	Re-parsed every scheduler loop	Zero — dag.json is precompiled, immutable
Worker lifecycle	Long-lived, leak-prone	Ephemeral pod per task — spawn, run, die
Worker image size	1.5 GB+ Airflow base	~200 MB typical — each DAG is its own slim image
Dependency isolation	Workaround via KubernetesPodOperator	Native — every DAG is a container
Cold start	15–45 s	2–5 s target — agent is a 15 MB static binary
Observability	Retrofitted with effort	Native — Prometheus + OpenTelemetry + structured logs from commit one

These are the structural wins. The marketing-grade "X× faster" depends on your DAG. The scheduler latency drop is universal.

What it is not (because we have all read those launch posts)

It is not v1.0. Per ADR 0037, v0.0.1 ends the pre-alpha series; every release after is vX.Y.Z-rc.N → vX.Y.Z. The HTTP API, CLI surface, and Helm values may change between minor versions until v1.0.0 locks them.
The UI is still Airflow 3.2.x. It is a tactical choice (your team's muscle memory). A purpose-built Leoflow UI is on the roadmap (ADR 0018).
Pro is Kubernetes-only. Lite runs anywhere. Pro means a real cluster, external Postgres + Redis, the Helm chart. There is deliberately no Docker-Compose "Pro" path; we explained why in ADR 0015.
It is not a drop-in for every Airflow plugin. The Airflow operator catalog has 30+ years of accreted Python; we ship a closed set (python, bash, http_api) plus first-party connectors. ADR 0036 defines a runtime shim for from airflow.providers..hooks. import Hook so the common cases keep working — but if your DAG depends on three obscure providers we have not vendored, you will hit a wall today. File an issue; we are gating the next batch by demand.

Try it in 60 seconds

curl -fsSL [https://raw.githubusercontent.com/ne...ain/install.sh) | sh
leoflow lite # http://localhost:8088 (LITE badge)

The Lite installer is a single shell script that installs three static Go binaries into ~/.leoflow/bin, runs leoflow setup (managed CPython, parser, workspace), and starts a control plane against a managed local Postgres. First leoflow lite boot drops example DAGs in ~/leoflow/examples/, hot-reloads on save, and exposes an embedded code editor at /ide (Python/YAML highlighting, contextual create targets, collapse/expand carets, recursive folder delete). Recover the admin password any time with leoflow lite reset-password. Open the Lite cookbook for the rest.

For production, the Helm chart deploys against external Postgres 13+ and Redis 6+ (Cloud SQL / RDS / Memorystore / ElastiCache / Azure Cache all work):

kubectl create namespace leoflow
helm install lf oci://ghcr.io/neochaotic/leoflow -n leoflow \
--version v0.0.1 \
--set database.url='postgres://USER:PASS@HOST:5432/leoflow?sslmode=verify-full' \
--set redis.url='rediss://HOST:6380/0' \
--set auth.jwtSecret="$(openssl rand -base64 64)" \
--set secretKey="$(openssl rand -hex 16)"

Read the chart docs for every value.

Engineering discipline (the stuff you would actually want to know)

If you are evaluating Leoflow as a load-bearing piece of your data platform, the answers are in the repo, but the short version:

Strict TDD. Every line of production code is preceded by a failing test (ADR 0011). Per-package coverage floors enforced in CI.
Go Report Card A+ as the quality floor (ADR 0012). gocyclo ≤ 15 per function. GoDocs on every exported identifier.
Supply chain from commit one. govulncheck, gosec, Trivy, CodeQL, gitleaks, OpenSSF Scorecard, OpenSSF Best Practices badge. Releases signed with cosign. SBOMs published per platform.
Every architectural decision is an ADR. 37 of them at the time of writing. They are the single best place to start if you want to understand the why.
The repo also runs an end-to-end install smoke against seven Linux distros (ubuntu:24.04, debian:12, fedora:41, alpine:3.20, opensuse/leap:15, archlinux:latest, rockylinux:9) on every release, plus a prealpha.N → v0.0.1 upgrade smoke. The v0.0.1 release got the green light because every one of those passed.

Help us ship the next milestone

We are at v0.0.1. The next steps are visible — pick any:

Star the repo at github.com/neochaotic/leoflow. It is the cheapest way to tell us this matters to you.
Open an issue with a chronic Airflow pain we have not closed yet. Pre-1.0 is the time to shape the API.
File a PR. Strict TDD applies. The CONTRIBUTING guide is the entry point. We review fast.
Try the Lite quick start (60 seconds, above). If something does not work, that is an issue worth filing.
Run the Helm chart against a real cluster and tell us what bit you. Pro alpha needs real-world miles before it gets a Pro v1.0.0.

What is on the post-v0.0.1 table

Visible work toward v0.1.0:

Optimized backfill (parallel execution with throttling)
UI scaling for 10,000+ DAGs (caching, server-side pagination)
Dynamic task mapping
OIDC authentication (Google, Azure AD, Keycloak, Okta)
Deferrable tasks (ADR 0016) — efficient dispatch + long-poll pattern, native Go, no separate Triggerer process
A purpose-built Leoflow UI (ADR 0018)

We are deliberately keeping the surface small until it is boring and reliable. Workflow orchestrators have to be boring to be useful.

License & credits

Apache 2.0. We stand on the shoulders of Airflow — the team behind it defined the vocabulary, proved the architecture, and built the UI we reuse without modification today. We also studied Argo Workflows, Prefect, and Dagster carefully; each made decisions worth borrowing, and we did.

If you have ever waited five seconds for an Airflow task to start, you know why we built this.

→ github.com/neochaotic/leoflow — the v0.0.1 release notes are at /releases/tag/v0.0.1.

Thanks for reading. Tell us what hurts.

More...]]> Website Development MyrinNew https://sobergroup.com/forums/forum/services/website-development/19298-we-rewrote-apache-airflow-s-control-plane-in-go-and-kept-the-ui Building an Advanced LangChain AI Workflow Automation with LangGraph https://sobergroup.com/forums/forum/services/website-development/19297-building-an-advanced-langchain-ai-workflow-automation-with-langgraph Wed, 03 Jun 2026 16:30:01 GMT 🚀 Technical Briefing: This tutorial is part of our deep-dive series on Agentic Workflows at Gate of AI (https://gateofai.com). For the full technical...
🚀 Technical Briefing: This tutorial is part of our deep-dive series on Agentic Workflows at Gate of AI. For the full technical breakdown, interactive code sandbox, and the native Arabic translation, visit the original article here.

Tutorial
Advanced
⏱ 45 min read
© Gate of AI 2026-06-03

Build a production-grade multi-agent workflow using LangGraph v1.2. Use state-based orchestration to manage autonomous reasoning loops securely.

Prerequisites

Python 3.10+
LangChain v1.3.4+ and LangGraph v1.2.4+
OpenAI API Key (GPT-4o)
Understanding of Pydantic and TypedDict for state management

Installation

pip install langchain==1.3.4 langgraph==1.2.4 langchain-openai

Step 1: Define the State Schema

In modern agentic workflows, "Memory" is replaced by an explicit State Schema. This allows the graph to pass data between nodes with type safety.

from typing import TypedDict, Annotated

import operator

from langchain_core.messages import BaseMessage

class AgentState(TypedDict):

# Annotate as 'list' to append new messages instead of overwriting

messages: Annotated[list[BaseMessage], operator.add]

task_goal: str

generated_topology: str

Step 2: Orchestrate with LangGraph

We replace the legacy Agent class with Nodes and Edges. This allows for "Time-Travel Debugging" and human-in-the-loop checkpoints.

from langgraph.graph import StateGraph, END

from langchain_openai import ChatOpenAI

llm = ChatOpenAI(model="gpt-4o", temperature=0.2)

Define Node Logic

def understand_task(state: AgentState):

# ... logic to parse natural language ...

return {"task_goal": "Optimized Ethylene Cracking"}

def generate_topology(state: AgentState):

# ... logic to output process structure ...

return {"generated_topology": "C2H4 -> C2H2 + H2"}

Build the Graph

workflow = StateGraph(AgentState)

workflow.add_node("understand", understand_task)

workflow.add_node("topology", generate_topology)

workflow.set_entry_point("understand")

workflow.add_edge("understand", "topology")

workflow.add_edge("topology", END)

app = workflow.compile()

Testing the Workflow

To run the production-grade agent, we invoke the graph with an initial state.

result = app.invoke({"messages": ["Design an ethylene cracking process"]})

print(result["generated_topology"])

More...]]> Website Development MyrinNew https://sobergroup.com/forums/forum/services/website-development/19297-building-an-advanced-langchain-ai-workflow-automation-with-langgraph ::search-text https://sobergroup.com/forums/forum/services/website-development/19276-search-text Tue, 02 Jun 2026 23:30:02 GMT

::search-text originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

More...]]> Website Development MyrinNew https://sobergroup.com/forums/forum/services/website-development/19276-search-text Build Your Own AI Agent https://sobergroup.com/forums/forum/services/website-development/19275-build-your-own-ai-agent Tue, 02 Jun 2026 23:30:02 GMT We just posted a course on the freeCodeCamp.org YouTube channel that will teach you how to build and deploy intelligent AI agents that bridge the gap... We just posted a course on the freeCodeCamp.org YouTube channel that will teach you how to build and deploy intelligent AI agents that bridge the gap between Large Language Models (LLMs) and real-worl

More...]]> Website Development MyrinNew https://sobergroup.com/forums/forum/services/website-development/19275-build-your-own-ai-agent From Flutter to Backend: How to Build Production-Grade REST APIs with Dart and Serverpod https://sobergroup.com/forums/forum/services/website-development/19274-from-flutter-to-backend-how-to-build-production-grade-rest-apis-with-dart-and-serverpod Tue, 02 Jun 2026 23:30:02 GMT Serverpod is one of the most performant backend frameworks built on Dart. It's a fully opinionated backend framework that comes with its own ORM, its own code generation system, migration tooling, aut

More...]]> Website Development MyrinNew https://sobergroup.com/forums/forum/services/website-development/19274-from-flutter-to-backend-how-to-build-production-grade-rest-apis-with-dart-and-serverpod The AWS FinOps Guide for Series A Startups: The 8 Cost Patterns That Appear After Product-Market Fit https://sobergroup.com/forums/forum/services/website-development/19273-the-aws-finops-guide-for-series-a-startups-the-8-cost-patterns-that-appear-after-product-market-fit Tue, 02 Jun 2026 23:30:02 GMT You raised your Series A. Engineering hired fast. Features shipped faster. And somewhere between month six and month twelve, someone forwarded you an... You raised your Series A. Engineering hired fast. Features shipped faster. And somewhere between month six and month twelve, someone forwarded you an AWS Cost Explorer screenshot with a line that only

More...]]> Website Development MyrinNew https://sobergroup.com/forums/forum/services/website-development/19273-the-aws-finops-guide-for-series-a-startups-the-8-cost-patterns-that-appear-after-product-market-fit How TradingAgents (82K★) could slash 70% of LLM costs with a gateway layer https://sobergroup.com/forums/forum/services/website-development/19272-how-tradingagents-82k★-could-slash-70-of-llm-costs-with-a-gateway-layer Tue, 02 Jun 2026 23:30:02 GMT More... (https://dev.to/lynkr/how-tradingagents-82k-could-slash-70-of-llm-costs-with-a-gateway-layer-40p5)
More...]]> Website Development MyrinNew https://sobergroup.com/forums/forum/services/website-development/19272-how-tradingagents-82k★-could-slash-70-of-llm-costs-with-a-gateway-layer