3897 stories
·
3 followers

Different hydration and rendering strategies (Next.js)

1 Share

Dont worry, this article is not about the controversial Hydration breaks they are having during the World Cup matches.

We want to discuss the hydration process in Server-Side Rendered applications, how other frameworks handle it, and similar rendering strategies that we apply to make our apps faster.

First, open a server-rendered page on a slow phone.

The content paints almost instantly and looks finished. But tapping a button does nothing for 1 or 2 seconds.

During that time, the page quietly downloads and runs JavaScript to rebuild everything you’re already looking at.

That gap between a page that “looks ready” (HTML is shown) and one that “actually works” (interactive via JavaScript) is called hydration.

Every recent rendering strategy aims to shrink that gap.

Before reducing hydration, let’s look at the alternatives.

For many websites, the best approach is to render HTML once, ahead of time, rather than on every request.

If the page is the same for everyone—a blog post, a docs page, a marketing landing page, you are regenerating identical HTML thousands of times.

Static Site Generation (SSG) renders each page once at build time, writes the result to an HTML file, and serves that file from a CDN.

The server does nothing per request except hand over a file.

The obvious limit is freshness.

If the HTML was built an hour ago, it’s an hour stale. For a blog that’s fine; for a product page with live pricing, it isn’t.

And the build itself becomes the bottleneck at scale: fifty blog posts can be built in seconds, but a hundred thousand product pages can take hours, and every content change means a rebuild.

That freshness problem is what Incremental Static Regeneration (ISR) solves.

You serve the static page as before, but you tell the framework to regenerate it in the background after a set interval, or on demand when the content actually changes.

The first visitor after the interval triggers a quiet rebuild; everyone keeps seeing the last good version until the new one is ready.

You get static delivery speed with content that’s never more than a minute or two stale.

One more variation you’ll see is edge rendering.

This isn’t a different hydration model; it’s SSR or ISR physically moved closer to the user, running on CDN edge servers scattered around the world rather than a single origin server.

You do this to reduce latency: your dynamic HTML is generated a few milliseconds from the visitor rather than a continent away, with the trade-off that edge runtimes are more constrained in what they can do (limited Node APIs, tighter time and memory budgets).

The simplest approach is to avoid rendering initial HTML on the server.

The server sends an almost empty HTML shell. This is just the basic structure of an HTML page, with a reserved section for your app, such as a '

' element, and a script tag that points to your JavaScript code.

The browser then downloads the bundle, which combines all your app’s code into a single file, runs your app, fetches any required data, and builds the entire user interface (UI) in the browser.

There’s no hydration here because there’s nothing to hydrate: the DOM (Document Object Model—the browser’s representation of a web page’s structure and content) was never server-rendered; it was constructed on the client from nothing.

React just builds and attaches in one pass.

We call these apps Single Page Applications or SPA for short.

The main benefit of these apps is simplicity. You only think about the browser.

The downside is speed.

Picture a first-time visitor on a mid-range Android phone, using hotel Wi-Fi to tap your link. They get a blank white screen.

That screen stays while the bundle downloads, then parses, and then executes.

Next, it waits as it fetches the page’s data. Only after all that does anything work.

On your laptop with strong WIFI, you might not notice.

On that phone, it’s long enough for some visitors to close the tab before your app draws a single pixel.

Search engines hit the same wall. The Google bot crawler, requests your page and receives an empty

, which may also have significant SEO implications.

That’s why you want content in the initial HTML, and for that, we need the server.

Server-side rendering

We render HTML on the server, send it to the browser, and have the browser hydrate it into a React app.

The user gets real content instantly, solving both CSR issues. The page isn’t blank while JavaScript loads, and the crawler sees content.

import { renderToString } from 'react-dom/server';
import App from './App';

const html = renderToString(<App />);
// send `html` wrapped in your document shell

On the client:

import { hydrateRoot } from 'react-dom/client';

hydrateRoot(document.getElementById('root'), <App />);

This is ideal for content that must rank and be interactive, such as news sites, blogs, marketing pages with signup forms, or product pages that need strong SEO content.

The downside: we repeat work.

The server renders HTML; the client downloads React, rerenders, and compares the new HTML to the existing HTML. Until this second pass finishes, nothing on the page is interactive.

Traditional hydration runs top to bottom through the tree. If a heavy Comments section is near the top and the LikeButton below, hydration does comments first.

The like button stays dead until hydration is done.

There is also a big problem: hydration mismatches.

If server HTML and client HTML differ in any way, React detects it.

In the worst case, it discards server HTML and re-renders on the client, recreating the blank-screen problem that SSR tries to solve, rendering all the benefits of SSR useless.

Common causes are unassuming code:

// Renders a different value on the server than in the browser:
<span>{new Date().toLocaleTimeString()}</span>

// Reads a browser-only API that doesn't exist on the server:
<div>{window.innerWidth > 768 ? 'desktop' : 'mobile'}</div>

Both look harmless but produce different server and client outputs, triggering hydration warnings.

If the difference is intentional, like a timestamp, React offers an escape: add suppressHydrationWarning, and React won’t warn for that node.

Streaming SSR: send the page in pieces

The first improvement keeps hydration but stops making the user wait for the slowest part of the page before anything shows up.

Instead of rendering the whole tree to a string and sending it once it’s complete, the server streams HTML in chunks as each part becomes ready.

The tool for this is Suspense, a wrapper you put around a slow section that tells React, “show this fallback until everything inside is ready.”

import { Suspense } from 'react';

function ProductPage() {
  return (
    <div>
      <ProductDetails />
      <Suspense fallback={<ReviewsSkeleton />}>
        <Reviews />
      </Suspense>
    </div>
  );
}

The ProductDetails component renders immediately.

The Reviews component, which might be waiting on a slow query, shows a skeleton, and the real reviews stream in when the data is ready.

The user reads the product while the reviews are still loading.

React no longer has to hydrate top-to-bottom. Each Suspense boundary becomes an independent unit that can hydrate on its own, and React prioritizes based on the user’s current activity.

Click a button in a section that hasn’t hydrated yet, and React rushes hydration of that boundary so the handler can run, ahead of the boundaries you’re not touching.

The main benefit of this method is that perceived load time no longer ties to your slowest component.

Go back to that product page. Without streaming, a three-second recommendations query means three seconds before anyone sees the product.

But it’s not perfect: Streaming changes the order and timing of the work, not the amount.

Every interactive component on that page still gets downloaded and re-executed on the client; you’ve made the page feel faster without shipping a single byte less JavaScript.

It also hands you a new way to make things worse if you wrap too much of the page in one Suspense, and a single slow child holds that whole region back:

// One boundary around everything: the fast summary now waits
// on the slow chart, because they share a fallback.
<Suspense fallback={<PageSkeleton />}>
  <Summary />   {/* fast */}
  <SlowChart /> {/* slow */}
</Suspense>

// Separate boundaries: the summary streams in immediately,
//The chart arrives on its own schedule.
<Summary />
<Suspense fallback={<ChartSkeleton />}>
  <SlowChart />
</Suspense>

There’s also another method you’ll see in several frameworks: progressive hydration.

Rather than hydrate every boundary as soon as its code arrives, you defer a component until there’s a reason to wake it up, when it scrolls into view, or when the user first interacts with it.

A footer newsletter form three screens down doesn’t need to hydrate during initial load; it can wait until you scroll near it.

This still hydrates everything eventually, like streaming, but it spreads the work across time and skips parts the user never reaches.

Islands: hydrate only the interactive parts

Most of a typical web page isn’t interactive at all.

A blog post is text, headings, and images, with maybe a comment widget and a newsletter form.

A docs page is almost entirely static with a search box. Why ship and hydrate a JavaScript runtime for the 95% that’s just sitting there as content?

Islands do this in reverse to SSR: The page is static HTML, and you explicitly mark the parts that need to come alive.

Each interactive region is an “island” in a sea of static markup, and each hydrates independently, loading only its own JavaScript.

Astro is the framework that popularized this, and it makes the model concrete with directives.

By default, a component renders to static HTML and ships zero JavaScript. You opt into interactivity per-component:

---
import Header from '../components/Header.astro';
import Newsletter from '../components/Newsletter.tsx';
import Comments from '../components/Comments.tsx';
---

<Header />
<article>
  <h1>My post</h1>
  <p>This is just text. It ships as HTML, no JavaScript.</p>
</article>

<Newsletter client:visible />
<Comments client:visible />

That client:visible is a loading contract, and it’s the progressive hydration idea from earlier.

It tells Astro to render the component to static HTML first, then hydrate it only when it scrolls into view.

The directives cover the common cases: client:load hydrates immediately for above-the-fold interactivity, client:idle waits until the browser is idle, client:visible waits until the component enters the viewport, and client:only skips server rendering entirely for components that depend on browser-only APIs.

Islands take progressive hydration and add the crucial second half: the parts you never mark stay static forever and ship no JavaScript at all.

If the user never scrolls to the comments, the comment widget’s JavaScript never loads.

This fits content-heavy sites almost perfectly.

Blogs, documentation, marketing pages, news, and e-commerce category pages. Anywhere the page is mostly content with islands of interactivity rather than the other way around.

The framework built around this, Astro, ranked highest in the meta-framework satisfaction category of the State of JS 2025 survey, and Cloudflare acquired it in January 2026. (And if you haven’t read my previous articles, this blog is also using Astro, checkout my previous article where I upgraded to Astro 6 and took advantage of all the cool benefits)

The practical result is that you land a Lighthouse score in the 90s without doing anything clever, because there’s barely any main-thread work for the browser to do.

And since each island is self-contained, you’re not even locked to one framework; you can drop a React island next to a Svelte one on the same page.

There’s a server-side version of the same idea. Astro’s server:defer turns a component into a server island: the static shell ships immediately and is aggressively cached, while a personalized piece, such as a signed-in user’s avatar or cart, renders per-request on the server and slots in without holding up the rest of the page.

You get to cache the 95%, that’s the same for everyone, and still serve the 5% that isn’t.

But islands assume a mostly static page with sprinkles of interactivity, and they’re wonderful until that assumption breaks.

Imagine trying to build Figma, or a trading terminal, or any app where nearly everything on screen is interactive, and pieces share state across the whole layout.

You’d be marking the entire page as one giant island, threading shared state between islands that were designed to be isolated, and fighting the architecture the whole way.

At that point, you’ve reinvented SSR with extra steps.

So islands win when interactivity is the exception. For an app where interactivity is the rule, you need a different weapon.

React Server Components: don’t send the component to the client

A Server Component runs only on the server, which means its code is never sent to the browser.

It can hit the database directly, read the filesystem, use secrets, and what it ships to the client isn’t JavaScript; it’s a serialized description of the UI it produced, in a format React calls Flight.

There are now two streams in play: the HTML stream from the streaming section, which is the markup the browser paints, and this Flight stream, which is a serialized component tree the client reconstructs.

RSC uses both. There’s nothing to hydrate for the server parts because there’s no component code on the client to re-execute.

Components are server-only and weightless on the client. Components marked "use client" ship JavaScript and hydrate.

// Server Component, runs on the server, ships no JS
async function ProductPage({ id }) {
  const product = await db.product.findUnique({ where: { id } });

  return (
    <div>
      <h1>{product.name}</h1>
      <p>{product.description}</p>
      <AddToCartButton productId={product.id} />
    </div>
  );
}
'use client';

// Client Component, this is the part that ships JS and hydrates
function AddToCartButton({ productId }) {
  const [adding, setAdding] = useState(false);
  // ...
}

The product name and description are server-rendered and never become JavaScript on the client.

Only AddToCartButton is visible in the browser.

This is the model Next.js is built around now, and it supports full applications that also include a lot of server-generated, non-interactive content.

The main benefit is that you stop shipping code that the browser will never use.

In that example, your database call and the markup it produces stay on the server; the only JavaScript that reaches the user is AddToCartButton.

You also get to query the database right inside the component, no /api/products/:id route to build, no fetch to wire up, no loading state to manage by hand.

Layer streaming and selective hydration on top, which RSC does for free, and you get a fast first paint, a small bundle, and direct data access in one model.

React 19.2 sharpened the tools in this area. Partial Pre-Rendering lets you render a static shell at build time, cache it at the CDN edge, and stream the dynamic holes per-request, so a single page can be mostly statically cached with a personalized slot or two.

Suspense reveals are batched to match client behavior, and hydration mismatch errors finally name the component that caused them instead of leaving you a cryptic warning.

Although the line between server and client isn’t free, and one "use client" in the wrong place quietly drags a whole subtree into the browser bundle.

Like this:

'use client';

import { HeavyChart } from './HeavyChart'; // also becomes client code

You added "use client" for a single button, and because a client file pulls its imports into the client graph with it, a heavy chart you meant to keep on the server is now in your bundle. “use client creep” is a real failure mode in production codebases.

On top of that, RSC ties you to a framework and a server runtime that uses them; it isn’t something you sprinkle onto a plain SPA you already have.

Also, moving rendering to the server increases your attack surface there, too.

Server Components execute on the server, serialize a payload, and the client deserializes it; each of those steps now runs in a privileged place with access to your database and secrets.

And in late 2025, a serious RSC deserialization vulnerability (CVE-2025-55182) was found being actively exploited and had to be patched across several React and Next.js versions.

Doing this on the server could have a lot of security holes you need to keep an eye on.

TanStack Start: the same primitive, ownership flipped

The Next.js model is server-first.

TanStack Start inverts that. The client stays in charge, and RSCs are demoted from a paradigm to a data type.

The idea is that an RSC payload is just a stream. Specifically, a React Flight stream is the serialized description of UI that the server produced.

TanStack Start treats it as exactly that: bytes you fetch over HTTP, on the client’s terms, whenever you want them, rather than a server-owned tree the framework hands you by default.

You create the server-rendered UI in a server function and load it via a route loader.

Nothing gets marked "use client" to opt out of the server; you opt in to the server only where you want it.

import { createServerFn } from '@tanstack/react-start';
import { renderServerComponent } from '@tanstack/react-start/rsc';

function Greeting() {
  return <h1>Hello from the server</h1>;
}

const getGreeting = createServerFn().handler(async () => {
  return { Greeting: await renderServerComponent(<Greeting />) };
});

Because the payload is just data, it drops into the caching tools you already use. There’s no special “RSC mode.”

Wrap the server function in a TanStack Query call, and the RSC payload gets cache keys, staleTime, and background refetching like any other query.

For static content, set staleTime: Infinity and you’re done.

function Greeting() {
  const query = useQuery({
    queryKey: ['greeting'],
    queryFn: async () => createFromReadableStream(await getGreeting()),
  });

  return <>{query.data}</>;
}

It’s a different answer to the exact same question RSC asks: how do you avoid shipping component code that didn’t need the browser?

Next.js answers at the framework level, server-first, all-in. TanStack Start answers at the data level, is client-first, and is opt-in.

This fits a situation the server-first model handles badly: an existing client-side app, an admin portal or a SaaS dashboard, that wants to move some heavy rendering to the server without rewriting its architecture around a new paradigm.

Markdown parsing, syntax highlighting, a search index, anything heavy and static you’d rather not ship.

You sprinkle in RSCs where they pay off and leave the rest of the SPA alone.

When TanStack migrated the content-heavy parts of their own docs site to this, blog, and docs pages, each dropped around 153 KB gzipped from the client JS graph, and Total Blocking Time fell from about 1,200ms to 260ms.

You don’t have to rewrite your app to try RSCs, but you have to do a lot of the wiring up yourself.

The server-first model’s all-in nature is also what makes streaming, boundaries, and colocated server work feel built in; when you opt into each piece by hand, you own the composition that Next.js provides out of the box.

And TanStack Start is younger, with its RSC support still stabilizing toward 1.0, so for a large production app, you’re taking on a less settled bet than Next.js in exchange for that flexibility.

RSC shrinks the hydration surface to the interactive leaves, no matter how you slice ownership.

But those leaves still hydrate. They still download, re-execute, and rebuild their slice of the tree on the client.

The remaining question is whether even that is necessary, and there are two different answers.

Fine-grained reactivity: hydrate once, then never re-render

React is coarse-grained. When the state changes, the component that owns it reruns, and React walks down from there, diffing the virtual DOM to figure out what actually changed in the real one.

Hydration is expensive partly because it’s this same re-render machinery running for the first time across the whole tree.

SolidJS and Svelte do things differently.

There’s no virtual DOM and no re-rendering. A component runs once to set up a reactive graph, wiring each piece of state directly to the specific DOM node it controls.

When a state changes, the framework updates that one text node or attribute.

import { createSignal } from 'solid-js';

function Counter() {
  const [count, setCount] = createSignal(0);
  // This function body runs ONCE. The signal is wired.
  // straight to the text node below.
  return <button onClick={() => setCount(count() + 1)}>Clicked {count()} times</button>;
}

That Counter function executes only once, during setup. Clicking the button updates the count signal, which updates exactly one text node.

The component never runs again.

Because there’s no re-render machinery, hydration is dramatically cheaper. Solid still incurs a setup cost to wire the reactive graph to the server-rendered DOM, but it’s not re-executing and diffing the whole component tree, so the work is a fraction of what React does during hydration.

Svelte 5 sits in the same territory: its runes system ($state, $derived) moved Svelte to a signal-based, fine-grained reactivity model, close to Solid’s, and State of JS 2025 credited exactly that change as the year’s standout in developer experience.

The newest face in this family is Ripple, an experiment from Dominic Gannaway (who worked on React Hooks at Meta and was on Svelte 5’s core team).

It’s a TypeScript-first compiled language with the same no-virtual-DOM, surgical-update model, reactivity built on a track() primitive.

These frameworks fit performance-critical interactive UIs where things update constantly.

Real-time dashboards with hundreds of live data points, trading interfaces, data grids, and animation-heavy apps targeting a steady 60fps.

Anywhere React’s re-render-and-diff cost compounds across every update on a busy screen.

Of course, React’s download numbers dwarf all of these new frameworks, and that gap is libraries, AI advice and help, and the odds that your next hire already knows the framework.

The meta-frameworks are less settled, too: SvelteKit is solidly production-ready, while SolidStart hit 1.0 but is still filling in deployment adapters and documented patterns, so you’ll more often be the first person to hit a given edge case.

And the mental model differs from React:

// React: this function re-runs on every render, so it's expensive`
// is recomputed each time.
function Row({ value }) {
  const expensive = computeStuff(value);
  return <td>{expensive}</td>;
}

// Solid: this function runs ONCE. If you write it the React way,
// `expensive` is computed a single time and then never updates
// when `value` changes. You have to reach for a derived signal instead.

The code looks like React. It does not behave like React.

Fine-grained reactivity makes hydration cheap. But it still hydrates; there’s still a setup pass that runs on the client to connect the graph to the DOM before anything is interactive.

The last strategy asks whether you can skip even that.

Resumability: don’t hydrate at all

The final move is the strange one, and it needed a new word because it isn’t a faster hydration. It’s the absence of hydration.

Every strategy so far, even the leanest island, shares one assumption: the client has to execute some JavaScript to make the server-rendered HTML interactive.

Re-run the components, or at least run a setup pass to wire up the reactive graph.

Qwik’s argument is that throwing the work away is the actual mistake. Instead of serializing only the HTML and reconstructing everything else on the client, serialize the entire framework’s execution state, component boundaries, event listener locations, and the reactivity graph directly into the HTML.

The client doesn’t rebuild anything. It picks up exactly where the server paused.

The mechanism is visible in the markup. Event handlers aren’t attached during a startup pass; their locations are serialized as attributes pointing at lazy-loadable chunks:

<button on:click="./chunk-abc.js#handler">Add to cart</button>

The only thing that runs on boot is a tiny script called the Qwikloader, a fraction of a kilobyte, which registers one global event listener and does nothing else until you interact.

When the user clicks that button, and only then, the Qwikloader resolves the attribute, downloads the specific handler chunk, rehydrates just the state that handler needs, and runs it.

The code for a given interaction loads when the interaction occurs, not before.

But serializing execution state into the HTML imposes limits on what can be serialized, and those limits constrain how you can write components; you can’t just stuff anything into a closure and expect it to resume.

Loading code per interaction also means more small requests rather than one big upfront bundle, which speculative prefetching and HTTP/2 are designed to hide, but it’s a different performance profile you’ll need to reason about and tune rather than ignore.

And Qwik is the one framework built entirely around this idea, making it the newest and least battle-tested option in this article, with the smallest ecosystem to lean on.

There’s also a case where the payoff simply isn’t there.

If you’re building a video editor or a live dashboard, the user interacts with almost everything almost immediately, so you end up loading most of the code in the first few seconds anyway.

Resumability’s advantage is deferring code the user might never reach; when they reach all of it, you’ve taken on the complexity and gotten little of the benefit.

Next.js 16.3: closing the last gap with instant navigations

Everything so far has been about the first load: how fast the page paints, how much it costs to make it interactive.

But there’s a second moment that decides whether an app feels like an app, and it’s the one server-driven models have always been worst at: what happens when you click a link to the next page.

In a classic server-driven app, that click means a network round-trip.

You click, nothing happens, the server responds, and the next page appears.

For a blog that’s acceptable. For anything that feels like software, that pause is exactly what makes people say server apps feel “like a website” rather than an app.

A client-driven SPA hides the pause: you click, you instantly see a shell of the next page with data still loading, then the rest fills in.

That instant shell is most of why people reach for SPAs even when the server model would serve them better everywhere else.

Next.js 16.3 aims to give the server model the same instant-shell feel, and the way it gets there ties together two things already in this article: Partial Pre-Rendering and the Flight payload that RSC streams to the client.

The whole feature is currently gated behind one flag:

// next.config.ts
const nextConfig = {
  cacheComponents: true,
};

Turning on Cache Components changes the rendering model.

Every route is dynamic by default, with no implicit caching, and PPR becomes the default rather than an experimental per-route opt-in.

From there, whenever a route `awaits ’ data on the server, you’re making one of three choices about that piece of the page.

You can stream it by wrapping the slow part in <Suspense>, and the user instantly sees the static shell with a loading state where that part will go.

You can cache it by marking the work with use cache, and the user instantly sees a previously cached version of that UI, reused across requests.

async function ProductList() {
  'use cache';
  cacheLife('hours');
  const products = await getProducts();
  return <ProductGrid products={products} />;
}

Either of those makes the navigation feel instant, because nothing the user is waiting on blocks the shell.

The third choice is to block on purpose. Some routes shouldn’t show a loading shell, a blog post that should arrive whole rather than skeleton-first, and you opt that route out explicitly:

// page.tsx
export const instant = false;

Next.js 16.3 also brings a new trick: rather than prefetching a page per link, it prefetches one reusable shell per route and caches it on the client for the session.

Twenty links to /chat/[id] now prefetch a single /chat/[id] shell, the same way a SPA ships one piece of per-route code and reuses it for every item.

You can enable it alongside Cache Components:

// next.config.ts
const nextConfig = {
  cacheComponents: true,
  partialPrefetching: true,
};

That shell is the static, cacheable part of the route, the part PPR already knows how to pre-render.

So the two flags are really one idea seen from two ends: PPR decides what part of a route is a static shell, and Partial Prefetching ships exactly that shell to the client ahead of the click.

Because the shell serves as the baseline, prefetching is no longer an all-or-nothing proposition.

If you want a particular link to arrive with more than the bare shell, a chat header that should pop in immediately, you opt that link into deeper prefetching, and Next.js renders down to whatever is synchronous or marked 'use cache':

<Link href={`/chat/${id}`} prefetch={true}>
  {title}
</Link>

This fits exactly the kind of app the server model used to feel wrong for: dashboards, chat apps, anything with a dense sidebar of links where every click used to mean a visible pause.

Vercel has been running it on v0, where rich client features made navigation feel sluggish, and used the new dev-time insights to hunt down the routes that weren’t navigating instantly.

You get the SPA’s instant-click feel without giving up the server-centric model, the small client bundle, the direct data access, the crawlable first load, all the things the RSC section was about.

The problem is that “instant” stops being free and becomes something you maintain.

Every dynamic piece of every route is now a Stream/Cache/Block decision you have to make and keep correct as the app changes; a refactor that moves a cookies() read out of its <Suspense> boundary quietly turns an instant route into a blocking one.

Next.js leans on tooling to hold the line here, the dev-time error, a Navigation Inspector that pauses navigations at the shell so you can see what’s prefetched, and an instant() Playwright helper that asserts what must be visible before the network responds:

import { instant } from '@next/playwright';

test('next page shell is instant', async ({ page }) => {
  await page.goto('/products/shoes');
  await instant(page, async () => {
    await page.click('a[href="/products/hats"]');
    await expect(page.locator('h1')).toContainText('Baseball Cap');
  });
});

It’s also preview-only and flag-gated as of mid-2026, with both cacheComponents and partialPrefetching planned to become defaults in a future major version.

How to actually choose

The only thing that matters is how much client-side work happens between “HTML painted” and “page interactive.”

For most people most of the time, the honest answer is boring.

If you’re building a content site, reach for static generation and islands; Astro will give you near-perfect performance with almost no effort.

If you’re building an app, React with Server Components on a framework like Next.js will carry you a very long way, and the streaming and selective-hydration machinery comes along for free.

The rest are tools you reach for when a specific problem actually calls for them.

Fine-grained reactivity when updating performance on a busy screen is the cause of the issue.

Resumability when you’re large enough that hydration costs have become the bottleneck, and the first interaction must be instant.

CSR when the page is behind a login, and nobody’s first paint matters.

Nobody’s site ever got slow because they server-rendered some HTML and hydrated it.

It’s always the other direction: a content blog shipping a full app runtime, an app fighting hydration cost it never measured, a marketing page blank for two seconds while a bundle loads.

Match the strategy to how much of your page is actually interactive, and reach for something more exotic only when you can name the problem it solves.

References

Read the whole story
emrox
3 hours ago
reply
Hamburg, Germany
Share this story
Delete

Announcing TypeScript 7.0

2 Shares

Today we are proud to announce the availability of TypeScript 7, a 10x faster native port of TypeScript!

Since its early days, TypeScript has promised to deliver on JavaScript that scales. By bringing strong type-checking and rich tooling to the world of JavaScript, TypeScript made it possible to build non-trivial high-quality apps across platforms.

Last year, our team unveiled TypeScript’s next step in scaling: making every part of the toolset an order of magnitude faster. The mission was a native port of TypeScript built in Go that could make the most of modern hardware. This port was done as faithfully as possible, writing new code while maintaining the structure and logic of the original codebase to keep results consistent and compatible between the two compilers. The key difference is that with this new codebase, TypeScript 7 brings native code speed, shared memory multithreading, and a number of new optimizations that typically yield speedups between 8x and 12x on full builds.

Just as with any other release, TypeScript 7 is available via npm:

npm install -D typescript

That will get you the new tsc executable in your workspace (which you can run via npx tsc). Of course, a big part of the TypeScript experience is also about editor support. Your favorite code editor should easily support TypeScript 7 with its new support for the language server protocol (LSP), and its new speed and multithreading improvements. Whether you’re using something like VS Code, Visual Studio, WebStorm, or any other modern editor, TypeScript 7 should work great. Just check your editor’s documentation – for example, VS Code has a dedicated extension for TypeScript 7 that you can use today, and Visual Studio will automatically enable TypeScript 7 based on your workspace.

What Does A Faster TypeScript Mean?

A faster TypeScript sounds great on paper, but what does it mean in practice? Maybe it helps to think about where TypeScript comes up at every stage of development.

A typical day of development might involve opening your editor, opening a TypeScript file, and running an operation like find-all-references across your projects. Then as you’d start to make edits, maybe you’d expect auto-completions to pop up, and get red squiggles on the fly as you’d make edits. When you (and more recently, perhaps an AI agent) were ready to build your project, you’d run tsc, check the output for errors, and then run your generated code somehow.

A faster TypeScript means every part above is streamlined. Waiting for your editor to fully load your project will feel instantaneous. Delays on find-all-references, auto-completion, and diagnostics should take a fraction of the time they used to. And when you run tsc, maybe in --watch mode, you’ll be able to tighten your feedback loop and iterate faster than ever before.

You can see this on real-world projects. In fact, you can try comparing on a few open-source projects yourself. Here are the build times of running TypeScript 6 and 7 on some fairly large open source codebases.

Codebase TypeScript 6 TypeScript 7 Speedup
vscode 125.7s 10.6s 11.9x
sentry 139.8s 15.7s 8.9x
bluesky 24.3s 2.8s 8.7x
playwright 12.8s 1.47s 8.7x
tldraw 11.2s 1.46s 7.7x

Compile times of the projects between TypeScript 6 and 7 described the table above, ranging from 7.7x to 11.9x

TypeScript 7 also typically does better while asking for less aggregate memory over the span of a build.

Codebase TypeScript 6 TypeScript 7 Memory Delta
vscode 5.2GB 4.2GB -18%
sentry 4.9GB 4.6GB -6%
bluesky 1.8GB 1.3GB -26%
playwright 1.0GB 0.9GB -11%
tldraw 0.6GB 0.5GB -15%

Differences in memory reduction between TypeScript 6 and 7 described in the table above, ranging from -6% to -26%

Of course, there’s more to the experience than the full build. On the same computer, opening a file with an error in the VS Code codebase would previously take about 17.5 seconds from the time you opened the editor to the time you saw the first error. With TypeScript 7, it’s under 1.3 seconds – over 13x faster.

Battle-Tested and Ready for Production

The TypeScript project contains tens of thousands of tests built over more than a decade that run on every commit on our main branch. They’ve ensured every one of our releases is stable and reliable.

But TypeScript 7 is no ordinary release. Beyond our test suite, we’ve leveraged a number of different resources to make sure TypeScript 7 is solid for production use.

Over the last year we’ve worked with many large teams internally and externally to test TypeScript 7 on real-world codebases. The results have been overwhelmingly positive, with entire companies reporting that TypeScript 7 has been stable, fast, and easy to adopt. For example, the VS Code team recently highlighted their experience with TypeScript 7’s preview releases to move faster in their development cycle. We’ve also worked with Microsoft teams like Loop, Office, PowerBI, Teams, and Xbox to ensure that TypeScript is ready for the largest of codebases. Likewise, companies like Bloomberg, Canva, Figma, Google, Lattice, Linear, Miro, Notion, Sentry, Slack, Vanta, Vercel, VoidZero, and more have worked with us to test TypeScript 7 on their codebases and given us feedback to make it better.

Additionally, we’ve rebuilt much of our broader test infrastructure to run on TypeScript 7. TypeScript 6 and earlier had automated and on-demand testing for TypeScript and JavaScript projects on GitHub to detect regressions in the compiler and language service. The same testing is back, and running against TypeScript 7, finding issues in real codebases so we can find gaps in our core test suite and ship a better experience.

The combination of explicit feedback, automated crash reports, and aggressive testing has made a measurable difference in quality. In fact, our data insights have shown us that TypeScript 7.0’s new language server has actually reduced failing language server commands by over 80%, and reduced server crashes by over 60% compared to that of TypeScript 6.0.

We’ve also heard some incredible feedback from teams at scale:

  • Slack engineers have told us that TypeScript 7 eliminated 40% of their merge queue time and brought type-checking time in CI from about 7.5 minutes to 1.25 minutes. Local development in the editor was previously almost “unusable” due to language server load times and engineers would typically let CI do a full type-check. TypeScript 7 has been able to load the same codebase in a few seconds and made local type-checking feasible again.
  • Builds at Vanta have dramatically improved, showing a speedup of up to 9x faster on one of their biggest projects.
  • Similarly, the News Services team at Microsoft told us that adopting TypeScript 7 saved them 400 hours a month waiting for CI builds.
  • Last year, engineers working on PowerBI described TypeScript 7 in the editor as “life-saving” for working on their codebase. They adopted the experience as a default even before TypeScript 7 supported rename functionality in VS Code.
  • Developers working on Loop’s monorepo were also ecstatic. The previous editor experience was described as unusable at their scale, whereas the TypeScript 7 experience has been “amazing” to use.
  • Canva developers have told us that TypeScript 7’s language service shows dramatic speedups, going from about 58 seconds to seeing the first error in their editors to about 4.8 seconds.

Running Side-by-Side with TypeScript 6.0

While TypeScript 7.0 is here, it does not ship with an API. We expect TypeScript 7.1 to ship with a new (and different) API, but until then we have made it a priority to ensure TypeScript can be run side-by-side with TypeScript 6.0 for utilities that still need some programmatic access to the compiler (such as typescript-eslint).

As part of the 6.0/7.0 transition process, we’ve published a new compatibility package, @typescript/typescript6. This package provides an executable named tsc6, so that if needed, you can install TypeScript 7.0 (which ships its own tsc binary) side-by-side without naming conflicts. The new package also re-exports the TypeScript 6.0 API, so that you can use tsc for TypeScript 7, while other tooling can continue to rely on 6.0.

Because some tools like typescript-eslint expect to import from typescript directly via peer dependencies, we recommend achieving this via npm aliases. You should be able to run the following command

npm install -D typescript@npm:@typescript/typescript6

or modify your package.json as follows:

{
  "devDependencies": {
    "typescript": "npm:@typescript/typescript6@^6.0.2",
  }
}

Note that doing this will leave you only with a tsc6 executable. To get 7.0’s tsc, you can add another alias for TypeScript 7 and npx tsc will just work with 7.0:

{
  "devDependencies": {
    "@typescript/native": "npm:typescript@^7.0.2",
    "typescript": "npm:@typescript/typescript6@^6.0.2"
  }
}

Nightly Builds and @typescript/native-preview

Until now, most developers have installed TypeScript 7 via the @typescript/native-preview package. This package shipped nightly builds of the new codebase, and has served the community well with over 8.5 million weekly downloads!

However, going forward, nightly builds will soon resume under the standard typescript package with the next tag. You can install it with:

npm install -D typescript@next

Custom Scaling: Parallelization and Controls

TypeScript 7.0 now performs many steps in parallel, including parsing, type-checking, and emitting. Some of these steps, like parsing and emitting can mostly be done independently across files. As such, parallelization automatically scales well with larger codebases with relatively little overhead. But not every step in a TypeScript build is easily parallelizable.

TypeScript 7 introduces the experimental --checkers and --builders flags to fine-tune the parallelization behavior for less-trivial steps like type-checking and project reference building. It also introduces a --singleThreaded flag to disable parallelization entirely, which can be useful for debugging or running in environments with limited resources.

Type-Checker Parallelization

Other steps, like type-checking, have more complex dependencies across files. Most files end up relying on the same type information from their dependencies and the global scope, and so running type-checkers completely independently would be wasteful – both in computation and memory. On the other hand, type-checking occasionally relies on the relative ordering of information in a program, and so type-checking from scratch must always check the same files in an identical order to ensure the same results.

To enable parallelization while avoiding these pitfalls, TypeScript 7.0 creates a fixed number of type-checker workers with their own view of the world. These type-checking workers may end up duplicating some common work, but given the same input files, they will always divide them identically and produce the same results.

The default number of type-checking workers is 4, but it can be configured with the new --checkers flag. You may find that increasing this number can further speed up builds on larger codebases where typical machines have more CPU cores, but will typically come at the cost of increased memory usage. For example, in the table above, we ran TypeScript 7 with its default of --checkers 4. Here’s what the results look like on the same machine with --checkers 8.

Codebase TypeScript 6 TypeScript 7 (--checkers 8) Speedup
vscode 125.7s 7.51s 16.7x
sentry 139.8s 12.08s 11.6x
bluesky 24.3s 2.01s 12.1x
playwright 12.8s 1.16s 11x
tldraw 11.2s 1.06s 10.6x

As you can see, these codebases get a better speedup from dedicating more cores, but results will differ across projects and underlying machines.

On the other hand, on machines with fewer CPU cores and less memory (e.g. CI runners) you may want to decrease this number to avoid unnecessary or incidental overhead. You can specify a value as low as --checkers 1, effectively making type-checking single-threaded and eliminating duplicate work.

In rare cases, varying the number of --checkers may surface order-dependent results. Specifying a fixed number of checkers across build environments can help ensure everyone is getting the same results, but is up to the discretion of your team.

Project Reference Builder Parallelization

TypeScript 7.0 can parallelize builds within a project, but it can now also build multiple projects at once as well. This behavior can be configured with the new --builders flag, which controls the number of parallel project reference builders that can run at once when running under --build. This can be particularly helpful for monorepos with many projects.

Like --checkers, increasing the number of builders can speed up builds, but may come at the cost of increased memory usage. It also has a multiplicative effect with --checkers, so it’s important to find the right balance for your machine and codebase. For example, building with --checkers 4 --builders 4 allows up to 16 type-checkers to run at once, which may be excessive.

Unlike --checkers, varying the number of builders should not produce different results; however, building project references is fundamentally bottlenecked by the dependency graph of projects (with the exception of type-checking on codebases that leverage --isolatedDeclarations and separate syntactic declaration file emit).

Single-Threaded Mode

In some cases, it can be helpful to enforce single-threaded operation throughout the compiler. This may be useful for debugging, comparing performance with TypeScript 6 and 7, when orchestrating parallel builds externally, or for running in environments with very limited resources. To enable single-threaded mode, you can use the new --singleThreaded flag. This will not only cap the number of type-checking workers to 1, but also ensure parsing and emitting are done in a single thread.

Improved --watch Mode

TypeScript 7 ships with a completely rebuilt --watch mode. --watch is now powered by a new foundation based on the Parcel bundler’s file-watcher that provides efficient and stable cross-platform file watching capabilities.

When our team set out to port our file watching logic, we encountered a few challenges with cross-platform file watching in Go. The standard library doesn’t provide a built-in file watching API, and existing third-party libraries we explored had various issues with stability, performance, cross-platform support, or issues with build tooling integration. We were able to build solutions around polling periodically to check for file changes, and this worked broadly across operating systems; however it was computationally expensive, especially at larger-scale projects with many dependencies in node_modules. Even with dynamic scheduling strategies, we found that pure-polling solutions were too taxing for general use.

For many years, Visual Studio Code has relied on @parcel/watcher, and in recent years TypeScript in VS Code has relied on its file watching capabilities indirectly. While it seemed promising, one of the problems for us with Parcel’s watcher is that it’s written in C++, and in turn requires a full C++ toolchain to build. Given our positive experience with Parcel’s watcher in VS Code, we explored porting it to Go with a few minimal assembly shims to avoid introducing a new toolchain dependency.

The exploration has been a success – what started as a very direct translation from C++ to Go was further refined into idiomatic Go that still passes the ported test suite. The watcher is a self-contained package that has allowed us to keep a clean separation of concerns between what we care to watch and why. We are now seeing significant resource improvements in --watch mode across platforms, and have been hearing positive feedback from earlier users of TypeScript 7.

We’d like to extend our thanks to Devon Govett whose work on Parcel has provided immense benefits to both the Visual Studio Code and TypeScript projects. We hope this port will provide opportunities and insights for the original Parcel watcher codebase over time.

Updates Since 5.x, and New Behaviors from 6.0

TypeScript 7.0 is made to be compatible with TypeScript 6.0’s type-checking and command-line behavior. Practically any TypeScript code that compiles cleanly with TypeScript 6.0 (with the stableTypeOrdering flag on, and without any ignoreDeprecations flag set) should compile identically in TypeScript 7.0.

With that said, TypeScript 7.0 adopts 6.0’s new defaults, and provides hard errors in the face of any flags and constructs deprecated in TypeScript 6.0. This is notable as 6.0 is still relatively new, and many projects will need to adapt to its new behaviors. We encourage developers to adopt TypeScript 6.0 to make the transition to TypeScript 7.0 easier, and you can also read the TypeScript 6.0 release blog post for more details on these deprecations.

At a glance, the notable default changes to configuration are:

  • strict is true by default.
  • module defaults to esnext.
  • target defaults to the current stable ECMAScript version immediately preceding esnext.
  • noUncheckedSideEffectImports is true by default.
  • libReplacement is false by default.
  • stableTypeOrdering is true by default, and cannot be turned off.
  • rootDir now defaults to ./, and inner source directories must be explicitly set.
  • types now defaults to [], and the old behavior can be restored by setting it to ["*"].

We believe the rootDir and types changes may be the most “surprising” changes, but they can be mitigated easily. Projects where the tsconfig.json sits outside of a directory like src will simply need to include rootDir to preserve the same directory structure.

  {
      "compilerOptions": {
          // ...
+         "rootDir": "./src"
      },
      "include": ["./src"]
  }

For the types change, projects that depend on specific global declarations will need to list them explicitly. For example,

  {
      "compilerOptions": {
          // Explicitly list the @types packages you need (e.g. bun, mocha, jasmine, etc.)
+         "types": ["node", "jest"]
      }
  }

The deprecations that have turned into hard errors with no-op behavior are:

  • target: es5 is no longer supported.
  • downlevelIteration is no longer supported.
  • moduleResolution: node/node10 are no longer supported, with nodenext and bundler being recommended instead.
  • module: amd, umd, systemjs, none are no longer supported, with esnext or preserve being recommended in conjunction with bundlers or browser-based module resolution.
  • baseUrl is no longer supported, and paths can be updated to be relative to the project root instead of baseUrl.
  • moduleResolution: classic is no longer supported, and bundler or nodenext are the recommended replacements.
  • esModuleInterop and allowSyntheticDefaultImports cannot be set to false.
  • alwaysStrict is assumed to be true and can no longer be set to false.
  • The module keyword cannot be used in namespace declarations.
  • The asserts keyword cannot be used on imports, and must use the with keyword instead (to align with developments on ECMAScript’s import attribute syntax).
  • /// <reference no-default-lib /> directives are no longer respected under skipDefaultLibCheck.
  • Command line builds cannot take file paths when the current directory contains a tsconfig.json file unless passed an explicit --ignoreConfig flag.

Template Literal Types Now Preserve Unicode Code Points

TypeScript 7.0 now treats Unicode code points more naturally when inferring from template literal types. For example:

type HeadTail<S> = S extends `${infer Head}${infer Tail}` ? [Head, Tail] : never;

type Result = HeadTail<"😀abc">;
//   ^
// In 7.0: ["😀", "abc"]
// Previously: ["\ud83d", "\ude00abc"]

Previously, TypeScript followed JavaScript’s UTF-16 indexing behavior here and split "😀" into two halves of a surrogate pair (\ud83d and \ude00). That was technically consistent with indexing in JavaScript (e.g. the inferred Head type was equal to "😀abc"[0]), but it usually wasn’t what people intended, and could produce string literal types containing unpaired surrogates that aren’t semantically meaningful.

This is a breaking change for type-level string manipulation that intentionally modeled UTF-16 code units, such as some string Length utilities. In practice, we expect the new behavior to be more useful and less surprising: template literal inference now follows the same intuition as iterating a string with for...of or spreading it with [...str], where "😀" is treated as one unit.

JavaScript Differences

As we ported the existing codebase, we also took the opportunity to revisit how our JavaScript support works.

TypeScript originally supported JavaScript files by using JSDoc comments and recognizing certain code patterns for analysis and type inference. Lots of the time, this was based on popular coding patterns, but occasionally it was based on whatever people might be writing that Closure and the JSDoc doc generating tool might understand. While this approach was helpful for developers with loosely-written JSDoc codebases, it required a number of compromises and special cases to work well, and diverged in a number of ways from TypeScript’s analysis in .ts files.

In TypeScript 7.0, we have reworked our JavaScript support to be more consistent with how we analyze TypeScript files. Some of the differences include:

  • Values cannot be used where types are expected – instead, write typeof someValue
  • @enum is not specially recognized anymore – create a @typedef on (typeof YourEnumDeclaration)[keyof typeof YourEnumDeclaration].
  • A standalone ? is no longer usable as a type – use any instead.
  • @class does not make a function a constructor – use a class declaration instead.
  • Postfix ! is not supported – just use T.
  • Type names must be defined within a @typedef tag (i.e. /** @typedef {T} TypeAliasName */), not adjacent to an identifier (i.e. /** @typedef {T} */ TypeAliasName;).
  • Closure-style function syntax (e.g. function(string): void) is no longer supported – use TypeScript shorthands instead (e.g. (s: string) => void).

Additionally, some JavaScript patterns, like aliasing this and reassigning the entirety of a function’s prototype are no longer specially treated.

While some of our JS support is in flux, we have been updating this CHANGES.md file to capture the differences between TypeScript 6.0 and 7.0 in more detail.

Editor Experience

As we mentioned above, TypeScript 7.0’s performance improvements are not limited to the command line experience – they also extend to the editor experience too. For VS Code users, we have a dedicated extension for TypeScript 7. When you install this extension, it will automatically become the default experience. You can disable and re-enable it at any time with the “Disable TypeScript 7 Language Server” and “Enable TypeScript 7 Language Server” commands from the command palette. In the coming weeks support for TypeScript 7 will ship as part of VS Code itself.

For Visual Studio users, the latest version of the IDE will automatically enable TypeScript 7 based on your workspace. You won’t need to do anything differently.

Of course, TypeScript 7 should work great in any editor of your choosing. The new foundation is built on the Language Server Protocol (LSP) and is able to leverage multiple threads to serve simultaneous requests as quickly as possible.

Since it first debuted, we’ve added in missing functionality like auto-imports, expandable hovers, inlay hints, code lenses, go-to-source-definition, JSX linked editing and tag completions, and more. Missing features from TypeScript 7.0 beta, such as semantic highlighting, “sort imports”, “remove unused imports”, and more are now in.

Additionally, we’ve continued to drive performance and stability in the past few months. We’ve rebuilt much of our testing and diagnostics infrastructure to make sure the quality bar is high, in which we are able to fuzz-test the language server against the top TypeScript and JavaScript codebases on GitHub. As we’ve mentioned above, TypeScript 7’s new language server is significantly more stable than TypeScript 6’s.

TypeScript and Embedded Languages

It’s worth calling out that workflows that use Vue, MDX, Astro, Svelte, and others will likely not yet be able to leverage TypeScript 7. Similarly, specialized type-checking within templates like Angular will also likely not use TypeScript 7. This is mainly because TypeScript 7 does not yet expose a stable programmatic API, and so tools (such as Volar) which embed TypeScript into their own compilers and language services can only currently rely on TypeScript 6.0. We expect this to be a point-in-time issue, as we are committed to providing a solution here. We will be actively working with the maintainers of these projects to ensure TypeScript 7 supports these workflows.

Until then, we recommend that teams use TypeScript 7 in scenarios where language server plugins are not required. Projects using Angular can use a combination of TypeScript 7 to get fast project-wide error detection at the CLI with tsc, and TypeScript 6.0 for editor support. Projects using Vue, MDX, Astro, Svelte, and others will need to continue using TypeScript 6.0 for now. In VS Code, users can simply run the “Disable TypeScript 7 Language Server” command to revert to TypeScript 6.0.

The Road Forward

TypeScript 7.0 is a major milestone in the TypeScript project. This port has been the primary focus of our team for over a year, and with 7.0 out, we will be returning to new feature work, ergonomic improvements, more performance wins, and implementing a new API for the broader ecosystem. While that seems major, we expect a fairly similar timeline to releases prior to TypeScript 7.0, with new featureful versions published every 3-4 months. With TypeScript 7.1 on the horizon, we hope to bridge any gaps to help bring the community forward.

We also encourage you to share your experience using TypeScript 7.0 online. Feel free to follow and tag @typescriptlang.org on Bluesky or @typescript@fosstodon.org on Mastodon, or @typescript on Twitter, and let us and others know what you think of TypeScript 7.

We know this new release will be incredibly valuable for the TypeScript ecosystem. We hope that it makes your day-to-day coding experience more fast, fun, productive, and joyful.

Welcome to the native era of the TypeScript toolset.

Happy Hacking!

– The TypeScript Team

The post Announcing TypeScript 7.0 appeared first on TypeScript.

Read the whole story
emrox
1 day ago
reply
Hamburg, Germany
alvinashcraft
1 day ago
reply
Pennsylvania, USA
Share this story
Delete

(comic) Range of emotions

1 Comment

Read the whole story
emrox
3 days ago
reply
Feels like this is the exact feeling which I miss in my today work life since AI got into my work
Hamburg, Germany
Share this story
Delete

Regression to the Mean — On LLMs and the Quiet Death of the New

1 Share

the promise of more ideas · and the pull to the center

Regression
to the Mean

We were handed a machine that could think alongside us, and told it would set off an explosion of new ideas. It may do the opposite — so gently that we mistake the flattening for progress.

scroll

the promise · no. 01

A model on every desk; a collaborator for every mind. The pitch was a Cambrian bloom — a thousand directions explored at once, by everyone. More minds thinking, surely, means more thoughts worth thinking.

an explosion of the new

the mean · no. 02

But ask it anything and it returns the most probable continuation — the center of mass of everything already written. Trained on the past, it answers in the past tense of thought. Not what is true. What is typical.

the average · returned at the speed of certainty

the correction · no. 03

Offer it something it has never seen, and it doesn't light up. It corrects you. To a system built to predict the expected, the genuinely new is indistinguishable from a mistake.

The pushback is soft, and constant:

Did you mean —

the familiar thing, offered in place of yours.

Not a standard term

the new name returned as a typo.

Most sources agree

consensus handed back as fact.

Are you sure?

conviction sanded down to the mean.

the collapse · no. 04

And we feed its answers back in as the next questions. Each pass, the spread narrows; the strange tails thin out. Variance leaks out of the culture. We converge — not on what is right, but on what is average.

output becomes input · the curve sharpens to a spike

the cost · no. 05

Yet every discovery was, at the moment it was made, out of distribution. It disagreed with the consensus of its day — moving earth, unseen germs, drifting continents, each first filed as error. A model of consensus is, by construction, a machine for telling you the new thing is wrong.

discovery has only ever lived in the tail

the deviation · no. 06

So the scarce thing inverts. The average is now free, infinite, identical — worth little precisely because everyone holds it. What is priceless is the deviation: the position the model marks as wrong, kept anyway. Not the answer it was sure of — the one it would not stop correcting.

guard the tail

what the machine can't hand back

It will give you the average of all that has been thought. The new was never in there.

A tool that returns the most likely sentence is a comfort and a quiet narrowing at once. The work it cannot do for you is the only work that ever mattered: to stand, on purpose, where the curve runs thin — and stay there long enough to be right.


not the most probable answer.
the one it tried to correct.

written off-distribution · on purpose

Read the whole story
emrox
4 days ago
reply
Hamburg, Germany
Share this story
Delete

Safe human-friendly multi-agent setup

1 Share

Like everyone else I've been playing with agents.

But I had two problems:

  1. I didn't want to --dangerously-skip-permissions and give Claude access to my entire computer unsupervised. Besides regular agent stupidity, prompt injections are a thing.
  2. I couldn't safely run two agents or more on the same repo.

I also wanted a solution that would let me edit and run the code on my machine, even if the agent runs inside a VM or container.

This seems like a common set of issues and requirements. But the only thing I could find that satisfied all of them was workmux, which forces you into using tmux (which I didn't want).

I figured rolling out my own solution would be easy (and for once, it was), and would teach me something (it did). So here we go!

To bake this solution we need:

  • Git worktrees, to get one checkout of the codebase to each agent (we'll also give them their own branch).
  • A virtualization or containerization solution to run the agents inside. I went with Dev Containers and their CLI, which runs containers on Docker.
  • Judicious use of mount volumes on the container so that we can share the code between host and container, but isolate OS-specific bits.
  • Some command glue to make everything easy to operate.

Notes on Containerization

There's many ways to build the containerization. I landed on Dev Containers as the first thing I tried, and it seems as easy to set up as those kind of things are going to get.

One area of note is security. On macOS Docker runs your containers inside a VM. On Linux, it uses a suite of isolation tech to shield them from your system. Containers outside a VM are notoriously less secure in practice — the attack surface for an escape is much higher, and it's much easier to shoot yourself in the foot with misconfiguration. So if you're manning Linux and you want optimal security, you might want to look into alternatives. That being said, to purely defend against mistakes and prompt injections, this much is probably enough.

Even on macOS, there's a single VM for all containers. You might want to isolate every worktree in its own container to avoid accidental cross-agent interference.

Dev Containers are a standard for tools to setup and become aware of a container in which the code can be built and run. As such, some IDEs (VS Code, JetBrains, ...) can set up and connect to the container for you. They install a copy of the IDE inside the container and connect with a light client on the host. So while the UI is on the IDE, everything meaningful is running in the container (this is called "remote development").

This capability was initially appealing to me, but now I don't care about it. Because the code is mirrored between host and guest, and dependencies are isolated, I prefer to just edit on my host and run commands on the guest.

Note that IDEs can also connect to any container via SSH instead for remote development. You will actually need this instead of the built-in dev container support if you want to open multiple sessions (one per worktree for instance).

Example Walkthrough

Okay, let's see what the setup looks like in practice. I will link to a repo where I'm cooking some experiment (pinning the links to a commit for posterity).

Dev Container

The Dev Container setup is done inside the .devcontainer directory.

devcontainer.json specified the attached Dockerfile, the resources we want to allocate, setting a few names so that things are nice and tidy inside the VM and inside Docker. There's a built-in feature for getting Node.js and one to run the SSH daemon. The other dependencies are installed via a RUN command in the Dockerfile.

The username is vscode because we use a Microsoft Debian base image that comes with this non-root user by default. SSH will run on port 2222.

We mount the host's id_rsa public key (so that it can be allowed to SSH into the container), as well as a node_modules_volume to isolate dependencies between host and container.

In our repo, node_modules in the root and in every worktree is symlinked to node_modules_volume/{root, wt-<worktree>}. On the host, node_modules_volume is a regular directory, while on the container it is a volume, meaning guest and container manage their dependencies separately.

We also mount create dedicated volumes for the Claude Code and JetBrains settings. These persist when the container image is being rebuilt which avoids us having to reauthenticate Claude and redownloading the (hefty) IntelliJ backend every time the image is rebuilt. (This is if you want to use remote development and can be skipped otherwise.)

Finally, we can specify VS Code extension that need to exist container-side. Host-side extensions can still be used, but some (typically those that need to run binary tools) need to be installed server-side. (Again, only relevant for remote development).

The post-create.sh script is referenced in the Dockerfile and runs inside the container after it has been created & spun up and is used to setup the shared volumes and files.

The Dockerfile installs some dependencies, including Claude and the Playwright MCP server so that Claude can debug webapps from inside the container.

With this devcontainer setup, we can use the following command (although the repo wraps them in makefile commands which we'll review shortly):

  • bring the container up or down with devcontainer {up,down} --workspace-folder .
  • rebuild the image with devcontainer up --workspace-folder . --remove-existing-container
  • run a shell or claude in the image with devcontainer exec --workspace-folder . {bash, claude --dangerously-skip-permissions}

Once spun up you can connect by SSH via vscode@localhost:2222, and you can connect your IDE for remote development. On VS Code use the Remote SSH extension, on JetBrains IDE look for the "File > Remote Development..." menu.

Worktrees & Makefile

The repo's makefile exposes the following commands:

  • make dev.{up, down} — bring the dev container up or down
  • make dev.tear — bring the dev container down and delete it (named volumes persist)
  • make dev.rebuild — rebuild the dev container
  • make dev.shell — open a shell in the container (if run from a worktree dir, open the shell in the corresponding worktree on the container)
  • make dev.claude — opens claude in the container (same comment for worktrees)
  • make tree name=<NAME> — create a new worktree at .worktrees/<NAME> on branch wt/<NAME>
  • make rmtree name=<NAME> — remove the worktree at .worktrees/<NAME> (the branch is preserved)
  • make trees — list all worktrees

Additionally, the makefie is aware of our system to isolate dependencies (node_modules) between host and container. make setup (sets up the repo) and make nuke (delete all outputs and dependencies) ensure that the node_modules symlink are setup properly, as described in the previous section.

Coda

And that's it. Worktrees, containerization with judicious use of volumes, and some glue commands. That's all you need to safely isolate your agents from one another and from your system, while retaining the ability to build and run both on the host and the container. Have fun hacking!

Read the whole story
emrox
4 days ago
reply
Hamburg, Germany
Share this story
Delete

Holes

2 Comments and 6 Shares
If you're thinking 'Wait, a giant crystal cave in Mexico? What's that?' then I'm SO excited for the image search you're about to do.
Read the whole story
emrox
7 days ago
reply
Hamburg, Germany
Share this story
Delete
1 public comment
alt_text_bot
8 days ago
reply
If you're thinking 'Wait, a giant crystal cave in Mexico? What's that?' then I'm SO excited for the image search you're about to do.
Next Page of Stories