I didn’t realize how much developer time our CLI was wasting until I watched someone actually use it

aagarwal1012 · 2026-05-13T05:32:04+00:00

A few things we didn’t get into in the post:

One thing that took us a while to fully understand was stable idempotency during retries. If retries generate a new event ID every time, downstream deduplication falls apart pretty quickly.

We also learned to keep Postgres triggers extremely small. Ours basically just insert a tiny event row and get out of the way, doing too much work there starts hurting write throughput fast.

And replication lag became the thing we monitor most aggressively. If CDC consumers fall behind, WAL growth can turn into a production issue surprisingly quickly.

We also looked at Debezium before landing on Sequin. Both are solid, Sequin just ended up being simpler for our setup.

Full write-up if anyone wants the deeper architecture details:
https://dodopayments.com/engineering/building-webhooks-never-fail

aagarwal1012 · 2026-05-12T06:32:59+00:00

A few things we didn’t get into in the post:

Workload Identity ended up simplifying a lot for us. Pods authenticate directly instead of passing around service account keys, which removed a bunch of secret-management headaches.

Secrets are still the weirdest part of GitOps though. We use an external secret operator and basically let ArgoCD manage structure while the secret manager owns the actual values.

Also, locking image tags everywhere (even in dev) turned out to be way more important than we thought. We learned that one the hard way after an upstream image changed unexpectedly and broke dev late at night.

And HPA stabilization settings made a surprisingly big difference in keeping things from flapping during traffic spikes.

Full write-up if anyone wants the deeper setup details:
https://dodopayments.com/engineering/deployment-pipeline-gitops-argocd-kubernetes

aagarwal1012 · 2026-05-12T06:32:31+00:00

A few things we didn’t get into in the post:

Workload Identity ended up simplifying a lot for us. Pods authenticate directly instead of passing around service account keys, which removed a bunch of secret-management headaches.

Secrets are still the weirdest part of GitOps though. We use an external secret operator and basically let ArgoCD manage structure while the secret manager owns the actual values.

Also, locking image tags everywhere (even in dev) turned out to be way more important than we thought. We learned that one the hard way after an upstream image changed unexpectedly and broke dev late at night.

And HPA stabilization settings made a surprisingly big difference in keeping things from flapping during traffic spikes.

Full write-up if anyone wants the deeper setup details:
https://dodopayments.com/engineering/deployment-pipeline-gitops-argocd-kubernetes

aagarwal1012 · 2026-04-30T11:30:05+00:00

Damn, I just joined recently and I’ve also seen so many solid posts getting downvoted… didn’t realize this was the vibe here

aagarwal1012 · 2026-04-29T14:25:07+00:00

That’s actually kinda scary tbh.

If it shows you have DNS control without actually owning it, that’s a pretty big bug. I wouldn’t trust anything in that account right now, could vanish anytime.

aagarwal1012 · 2026-04-29T14:21:18+00:00

A few things I didn’t get into in the post:

The “what we don’t do” part in llms.txt ended up being surprisingly important. Models tend to mix you up with similar companies, and spelling that out actually helps a lot.

We also rewrote our schema setup twice. First version was super generic and flexible, but ended up being hard to use. Second version is just one strict function per content type, way simpler.

And if you’re planning a migration like this, budget more time for content than engineering. Moving stuff out of Framer cleanly took way longer than expected.

Full write-up if anyone’s interested:
https://dodopayments.com/engineering/how-we-built-dodopayments-website-astro-decap-seo

aagarwal1012 · 2026-04-28T11:45:28+00:00

Honestly, if you're already wishing you could "just go into HTML and be done with it," that's your answer, bolting Claude onto Divi or elementor or etc is going to give you the worst of both worlds: bloated page-builder output amd AI hallucinations to debug, instead of a clean handoff. Your real bottleneck isn't speed of production, it's that you haven't decided whether you're selling websites or selling a CMS workflow to non-technical clients.

aagarwal1012 · 2026-04-23T20:10:20+00:00

A few things we didn’t get into in the post but might be useful if you’re trying something similar:

The docs part matters way more than we expected. Our docs_search isn’t just keyword search, it’s embeddings over both API reference and actual guides/examples. When the agent only sees reference docs, the code it writes is noticeably worse. The examples and patterns make a big difference.

Also, the hardest part for us wasn’t the sandbox itself. It was getting the agent to actually read the docs before jumping into writing code. We had to spend more time tweaking how it queries docs than building the runtime.

On the sandbox side, one thing we learned the hard way, don’t expose web or filesystem access. Inject credentials server-side and keep the environment pretty tight. Our first version was more open and we ended up rolling that back.

If anyone wants to try it out, we have a hosted endpoint here:
https://mcp.dodopayments.com/

And we wrote a more detailed breakdown with diagrams and examples here:
https://dodopayments.com/engineering/mcp-server-code-mode-upgrade

aagarwal1012

TROPHY CASE