Mateo Rodriguez

API docs shouldn’t be a wiki page that drifts from reality. I generate an OpenAPI spec from code-adjacent definitions so changes get reviewed alongside implementation. The frontend benefits too: typed clients, mock servers, and even contract tests bec

GraphQL makes it very easy to accidentally create N+1 query explosions. DataLoader batches requests for the same resource during a single tick and gives you per-request caching. The trick is scoping: loaders must be per-request, not global singletons,

OAuth flows are a minefield, and PKCE is the safe default for public clients. I generate a verifier, derive a challenge, store the verifier in a short-lived session, and then exchange the authorization code for tokens. The key detail is treating the v

Bcrypt is fine, but Argon2 is the modern default with better resistance to GPU attacks. I store the full hash string (it includes parameters + salt) and keep verification in one utility so the rest of the app doesn’t grow its own auth helpers. The imp

Noisy error reporting without context turns into a pile of untriaged alerts. I initialize Sentry early, set the release from the git SHA, and tag the environment so I can separate staging from production. I also set a sample rate and capture only what

Shipping a deploy with a missing env var is an easy way to create a confusing outage. process.env is just a bag of strings, so I parse env at startup, validate required variables, and fail fast with a clear message. The other win is type safety: once

Modals are accessibility traps—literally. Without focus management, keyboard users can tab into the page behind the modal and get lost. I trap focus within the dialog while it’s open, restore focus to the trigger on close, and support Escape to dismis

Scroll listeners are easy to get wrong and they can cause performance issues on long lists. IntersectionObserver lets the browser do the hard work: I put a sentinel div at the bottom of the list and trigger fetchNextPage when it becomes visible. I als

Search boxes are a classic place to accidentally fire a request on every keystroke. I debounce the value that triggers the query (not the input rendering) so typing stays responsive, and I cancel/ignore stale requests so results don’t arrive out of or

Immediate retries are a great way to stampede a struggling dependency. I use exponential backoff with jitter so retries spread out naturally and don’t synchronize across instances, and I cap the maximum delay so worst-case latency doesn’t become unbou

When a dependency starts timing out, naive retries can amplify the outage by piling on more work. A circuit breaker gives the system a chance to breathe: after enough failures, it opens and returns a fast error, then it half-opens to probe recovery. I

Not every codebase needs full-blown DDD, but I still want a clean seam between business logic and SQL. A tiny repository module per aggregate gives me that seam, and it makes testing easier because I can stub repository methods rather than mocking the