Week 22 — CoverView API, Satori rendering, and the art of a single curl call

What I built

CoverView API

alt text Image generated by Advanced CoverView API invoked by an Agent using the skill

  • I forked dormant CoverView project to make it Advanced CoverView by fixing all it’s bugs and adding a few new features.
  • This week I took it forward and added APIs to it. Now, I just tell my AI agents what I want and they generate the cover image for me, they curl the API and get the image back.
  • Moved the CoverView image generator from a standalone Cloudflare Worker into a Pages Function on cover.soumendrak.com/api. Now the frontend and API live together, same domain, auto-deploy together on push.

Stack: Cloudflare Pages Functions + Satori (no headless browser)

What the API does:

  • GET/POST /api/generate returns a PNG cover image given title, subtitle, theme, icon, platform, author, font, pattern, color preset
  • Landed 18 SVG pattern backgrounds (graph-paper, circuit-board, dots, jigsaw, brickwall, bubbles, etc.) to match the frontend’s texture options
  • 7 themes: dark, light, gradient, basic, outline, stylish, modern
  • 12 color presets with curated bg+accent pairs
  • 13 platform presets covering Hashnode, Dev.to, Medium, LinkedIn, Twitter, Facebook, YouTube, Instagram, Pinterest, WordPress, Tumblr
  • 21 dev icons (Go, Python, Rust, React, Kubernetes, Docker, etc.)
  • Unsplash photo backgrounds when an access key is configured
  • 5 font options: Inter, Merriweather, Fira Code, Anek Bangla, JetBrains Mono

Developer experience:

  • Swagger UI at /api/ with full OpenAPI 3.0 spec at /api/openapi.json
  • All enums (icons, patterns, themes, platforms, color presets) show up as dropdowns in the Swagger UI
  • CORS enabled for browser access
  • Production deployment with Worker observability (logs + traces, 100% sampling)

Why this matters: Lowered the bar for cover image generation to a single curl call. No need to open the UI, no browser required. The same API powers both the existing React frontend and programmatic use.

Shop Website

  • Today, I upgraded a shop website to a luxurious site with actual clock as an hero image.
  • It got the moonphases, sunset/sunrise state of the sun, date, day, month and of course time.
  • I just started as a fluke and it become more and more interesting with each iteration. Claude 4.8 is awesome.

Clock Image

  • It feels awesome to have a static website with a real-time clock that updates every second, all without any client-side JavaScript. The server generates a new image on each request reflecting the current time and celestial state. A perfect blend of art, engineering, and a touch of magic.

OpenOdia Hub

  • Fine-tuned how the top contributors are being selected and included other non-AI open-source contributors.
  • Got a new #1.
  • I have shared this on a post on X and after so many years, got a 1000+ views on a Tweet.

Tweet

OpenOdia PyPi library

New Features

  • Felt really good to contribute to an old project that I had been working on for years.

Johnny Decimal Reorganization

Reorganized the entire nini-research reports directory from a flat mess into Johnny Decimal categories. 41 reports across 8 ranges:

RangeCategoryCount
00-09Meta, Frameworks & Methods9
10-19Career & Location9
20-29Finance & Wealth6
30-39Projects: Agent & Voice5
40-49Projects: Odia & Language4
50-59Technology Deep Dives3
60-69Learning & Research4
90-99Operations & Misc1

Each category is capped at <100 reports. When one fills up, we create the next range. Every file follows XX.YY-description.md naming. The messy flat directory is now navigable at a glance.

What failed

  • The Satori rendering engine is picky about CSS. An empty <div></div> with no display property silently fails when combined with SVG content. The error messages are misleading , “Expected div to have explicit display: flex” actually means “one of your divs has children but no layout mode.” Took 4 deploys to isolate.

  • The Cloudflare API token I generated lacked Zone permissions, so I could not add a Workers Route for cover.soumendrak.com/api/*. Had to pivot to Pages Functions instead, which turned out cleaner anyway , the API now lives in the same repo and deploys atomically with the frontend.

  • Working on all the projects feel like a challenge.

Random Thoughts & Quotes

  • Satori is an incredible piece of engineering. It renders a subset of HTML+CSS to PNG using Yoga layout + text shaping , all in a single Wasm binary. No browser, no Puppeteer, no cold start problems. The tradeoff is you have to think like a layout engine, not like a web developer.

  • There is something satisfying about reducing a complex visual tool to a single curl command. The same API that generates a 1600x840 Hashnode cover also serves its own documentation page. Self-documenting APIs feel like a cheat code.

  • “Observability for AI agents is not just about traces and spans. It is about understanding the decision graph , why an agent chose tool A over tool B, and whether that chain of reasoning was sound.” , This line from a Fiddler post stuck with me. It captures why AI observability is fundamentally different from traditional observability. Traces tell you what happened. Decision chains tell you why.

What I learned

  • Claude Code creator says developers will become builders. Do they agree?

    • Boris Cherny, Claude Code’s creator, argues coding is largely “solved” and predicts 100x more engineers, though under different job titles since he doubts we will keep calling them engineers.
    • The piece deliberately airs dissent. Drew DeVault calls the “builder” framing obnoxious and warns AI produces garbage results, while others insist experienced engineers still matter a lot.
    • I land on the middle ground. The role shifts from translating thought into syntax toward guiding systems and owning architecture and quality. That is augmentation, not replacement.
  • Beyond code generation: rethinking engineering productivity in the age of AI agents

    • Dropbox’s core point is that agents shift the bottleneck rather than remove it. Faster code generation just piles pressure onto review queues, CI and release coordination.
    • Their internal Nova platform already produces roughly 1 in 12 pull requests, and they measure value across Fuel, Adoption, Output and Impact rather than raw PR throughput.
    • Why it matters: success comes from the systems around the model such as context, tooling and quality controls, so upstream spec quality and downstream validation become the real constraints.
  • How Lyft Built a Self-Serve AI Agent Platform with LangGraph and LangSmith

    • Lyft let non-technical domain experts build support agents themselves, cutting agent creation from about 6 months to roughly 2 weeks while lifting AI resolution rate 16% and cutting hallucination and contradiction rates 20%.
    • The architecture is a LangGraph router-based multi-agent system with separate rider and driver instances, parallel safety checks at every turn and DynamoDB-backed multi-turn state.
    • The lesson I take is that prompt quality, not infrastructure, was the bottleneck. They standardized a five-part prompt template and put 100% of production agents under automated LLM-as-a-Judge evaluation with 5-10% canary rollouts.
  • How to build a better agent harness with traces and evals

    • The thesis is that agent gains come from the harness, meaning context, tools, routing and data sources, not from prompt tweaking alone, via a repeatable loop of trace, evaluate, debug, refine and run again.
    • Their PM agent example processed 40 GitHub discussions, 60 issues and 8 releases, scoring each by priority into P0-P3 markdown reports.
    • Why it matters: they advise starting narrow on a low-stakes internal workflow, tracing from day one and writing evals around specific behaviors like priority accuracy rather than vague quality scores.
  • Interpreter Skills: Building Workflows for Agents

    • Interpreter skills pair a SKILL.md instruction file with an executable index.ts module, so deterministic procedural work lives in reviewable code while the model only decides when to invoke it.
    • Unlike external scripts these modules participate in the harness loop directly, spawning subagents and managing task graphs, as shown by a GitHub triage skill exposing a triage(repo, options) function.
    • Why it matters: skills effectively become testable APIs, letting you replace fuzzy evals like “did it follow instructions” with concrete checks like “did it call the expected function with correct inputs”.
  • Fixing agent failures in production: Interrupt 2026 recap

    • LangChain’s pitch is that production reliability is now a tooling problem. Their new LangSmith Engine watches production traces, clusters recurring failures into named issues, diagnoses root causes and proposes fixes for review.
    • Interrupt 2026 drew 1,000+ builders across 23 sessions with real-world agent implementations from Cisco, LinkedIn and Rippling, and all recordings are on-demand.
    • The signal I take is that the conversation has shifted from “can it work” to operational concerns like Sandboxes going GA for secure code execution and continual learning.
  • How we made a SQL query optimization agent 59% more accurate using autoresearch and LLM Observability

    • Datadog applied Karpathy’s autoresearch method, letting an AI agent autonomously propose, run and evaluate experiments, lifting their SQL optimization agent’s precision from 0.54 to 0.86 across 23 experiments.
    • The single biggest unlock was requiring the agent to cite tool evidence before suggesting optimizations, which eliminated most hallucinations and pushed precision from 0.54 to 0.83 early on.
    • A two-pass architecture of a high-recall detector plus a surgical verifier broke a plateau around 0.837, and they did it on cheaper Haiku instead of Sonnet.
  • AI coding made us faster. Why did incidents increase?

    • The paradox is real and DORA-confirmed. Higher AI adoption correlates with shorter cycle times and larger PRs but also elevated change failure rates.
    • Three failure modes stand out: polished AI code gets rubber-stamped by reviewers, the same model writing both code and tests grades its own homework, and models miss invisible system context like retry queues and old design decisions.
    • The key line is that AI amplifies whatever your delivery process already is, and teams with contract testing, canary deploys and risk-based review reportedly cut incidents about 33% within two quarters.
  • Bliki: Vibe Coding

    • Fowler draws a sharp line between vibe coding, where you embrace the vibes and forget the code exists, and agentic programming where you still review and care about the structure.

    • The risks he names are concrete: security holes like leaked credentials, code that becomes hard for both humans and LLMs to modify, and non-deterministic edits that break unrelated sections.

    • On the whole vibe coding software is best used for disposable software that’s only used by its author or a close group of collaborators who understand and accept the risks involved. Code that is more complex, more widely-used, and with more consequences to its risks should not be forgotten about.

  • Introducing Nova, our internal platform for coding agents

    • Dropbox built Nova on the insight that real engineering is debugging, migrations and flaky tests, not just writing code, so they built one unified platform instead of point solutions.
    • Reliability comes from context plus validation. Service-specific AGENTS.md files, validation commands and retry loops make background jobs trustworthy, and their Deflaker system validates fixes through 100+ test runs.
    • The takeaway that resonates is that some decisions like branch management and test execution work better outside the agent loop, and better integration with engineering systems matters as much as smarter models.
  • What we learned testing 7 models under the same agent harness

    • Running seven models through one GitHub CLI agent harness showed correctness clustered tightly between 79.6% and 85.1%, so final-answer accuracy alone barely distinguishes models.
    • The real divergence was operational. Latency ranged from 9.5 seconds (Sonnet 4.6) to 32.2 seconds (GPT-5) and tool calls per task swung from 1.45 to 5.82, meaning two models can reach the same answer with wildly different cost and failure risk.
    • The practical takeaway I like is to treat model swaps like migrations not vibes, measuring the path the agent takes and not just whether it got the right answer.
  • Harnesses Get Agents Running. A Control Plane Keeps Them Under Control

    • The clean distinction here is that harnesses like LangChain, CrewAI, Bedrock and Claude Code define how an agent executes, while a control plane defines what agents are allowed to do across the whole org.
    • A harness is blind to your other agents. It does not enforce org-wide policy, give compliance a unified audit trail or manage identities and quotas across teams.
    • It matters because enterprises end up running multiple harnesses, and a harness-agnostic control plane gives standardized telemetry, continuous quality evaluation and real-time alerts, on the principle that observability has to precede autonomy.
  • AI Agent Security Risks: Why Autonomous Systems Demand a New Threat Model

    • The argument is that agents expand the attack surface in ways traditional LLM controls cannot cover, since a prompt injection that merely produces misleading text in an LLM triggers real-world actions in an agent.
    • It lays out six expansion points including persistent-memory payloads that activate later, multi-agent cascading failures where compromised upstream agents poison trusted downstream inputs and service-level credentials that widen the blast radius.
    • Static guardrails fall short because agent threats emerge from sequences of individually benign actions, so the piece argues observability must become a first-class security control, aligned with the OWASP Agentic AI Top 10 (2025).
  • How to Trace Agent Handoffs in Multi-Agent LLM Systems

    • The core claim is that the most dangerous failures in multi-agent systems happen between agents, not inside them, where context gets dropped and guardrail policies fail to propagate.
    • It prescribes five handoff elements to capture per boundary including W3C Trace Context propagation, a structured sender/receiver payload, decision metadata with confidence scores, a context diff and inherited guardrail state.
    • The four named failure modes of silent context truncation, guardrail inheritance gaps, circular handoff loops and 200-500ms eval latency per external call are why I think a queryable span hierarchy beats forensic log grepping once you hit hundreds of traces a day.
  • OpenTelemetry Graduates from CNCF, Solidifying as the De Facto Observability Standard

    • OTel graduated on May 21, 2026 with 12,000+ contributors from over 2,800 companies and the second-highest project velocity of 240+ CNCF projects behind only Kubernetes.
    • The adoption scale is real: 1.36 billion downloads of the JavaScript API and 1.3 billion of the Python API in the past year.
    • Graduation matters because it signals production readiness and lets teams swap observability backends without rewriting instrumentation, which is exactly what AI workloads need as they get more distributed.
  • Inside the LLM Call: GenAI Observability with OpenTelemetry

    • The piece shows how GenAI semantic conventions record model IDs, input/output token counts and finish reasons, and optionally capture prompts, completions and tool calls as span attributes.
    • What caught my eye is that VS Code Copilot, OpenAI Codex and Claude Code already emit OTel, and the free Aspire Dashboard renders it as chat-style views over Docker via OTLP.
    • The takeaway is that specialized GenAI visualizers beat raw JSON for debugging and that the conventions are still evolving, so real-world feedback shapes the standard.
  • OpenTelemetry Profiles Enters Public Alpha

    • Profiles is now a fourth observability signal alongside traces, metrics and logs, with a deduplicated stack format and resource attributes that cut 40% off the wire size.
    • The open-source eBPF profiler does low-overhead system-wide profiling on Linux with no code instrumentation and now covers Go symbolization, ARM64 Node.js plus initial BEAM and .NET 9-10.
    • Alpha means it is ready for community testing but not critical production yet, so I would start exporting in the standard format now and wait on the production-ready vendor backends still in progress.
  • OpenTelemetry Collector v0.153.0 Stabilizes Seven Feature Gates

    • This release graduates seven feature gates to stable including exporter.PersistRequestContext, pdata.enableRefCounting and telemetry.UseLocalHostAsDefaultMetricsAddress, and it removes pdata.useCustomProtoEncoding entirely.
    • Stabilizing gates counts as a breaking change for anyone still toggling those flags, so you should audit your config before upgrading.
    • It also fixes a memory corruption bug in Snappy compression, which is the kind of low-level fix that justifies the upgrade on its own.
  • Langfuse Launch Week 5: CI/CD Experiment Gates for LLM Quality

    • The new langfuse/experiment-action runs Langfuse experiments inside GitHub Actions on pull requests and blocks the merge when scores drop below configured thresholds.
    • It supports versioned datasets that pin a snapshot timestamp and returns one of three outcomes: pass, regress or fail-to-run.
    • This is the part of LLM ops that has been missing for me. Treating eval scores as a release gate alongside normal CI checks is how you actually stop accuracy regressions from shipping.
  • Langfuse Agent Skill: Let Coding Agents Instrument and Manage Observability

    • Langfuse published an agent skill following the open Agent Skills standard so tools like Claude Code and Cursor can drive observability and eval workflows through natural language.
    • You can ask an agent to “show the last 10 traces with a score below 0.5” then spin up a dataset and add those traces, effectively turning Langfuse into a headless platform.
    • The changelog claims traces instrumented with the skill come out higher quality than without it, which is the real selling point. The skill encodes proven instrumentation practices instead of leaving agents to guess.
  • Why OpenTelemetry Is Now the Foundation for AI Observability

    • OpenTelemetry reached CNCF graduation after roughly seven years, born from merging OpenTracing and OpenCensus, and it now ranks second only to Kubernetes in contribution velocity.
    • AI agents do not need new pillars so much as metadata extensions, and projects like OpenLLMetry and OpenInference are adding model identity, prompt data and inference context with upstream integration expected in 6-12 months.
    • The article flags a sharp risk I had not considered. Agents can autonomously delete their own logs and traces, so real-time observability plus sandboxing is needed to catch bad behavior before the evidence is gone.

This week has been a busy week. Hope next week will be even busier with more productive work. Till then, keep rocking.