Typegres:
- Tables as TypeScript classes
- Methods are your API: clients compose real SQL (joins, aggregates, subqueries)
- Sandboxed via object-capability-based RPC
- Live queries built in
Try it in your browser π https://t.co/aYiAjX5WoM
@BuildingWithTom 8s on 500 rows?! Was it doing some roundtrip or something?
RLS alternative might interest you: auth is structural, you use typed classes to return what the caller can reach, bound at query construction (i.e., injects the right `where`/`on` clause): https://t.co/4rOU5tWaCR
@StackCurious I built `.live()` into Typegres for exactly this: subscribe to any query. No websocket needed, just a regular HTTP request. Works anywhere you have Postgres
https://t.co/aYiAjX5WoM
@alexdeliadev@prisma@DrizzleORM Yeah and Drizzle (and every other ORM) doesn't enforce types within query expressions: eq(posts.title, posts.viewCount) (text vs integer) typechecks fine
That's what sparked Typegres: every operator and function is typed end-to-end, nullability included. https://t.co/aYiAjX5WoM
@heyrapto Yeah β and with many tables, ORMs lack organization. How do you denormalize a relation without breaking clients?
My take: the TS class IS the layer. Computed columns + mutations live on the class, all compose to SQL. Schema underneath is refactorable. https://t.co/aYiAjX5WoM
Built this because every app I've made ends up rephrasing the same data model four times: schema, ORM, controller, DTO.
Typegres collapses that to one class: clients compose typed queries against the methods you expose.
Typegres:
- Tables as TypeScript classes
- Methods are your API: clients compose real SQL (joins, aggregates, subqueries)
- Sandboxed via object-capability-based RPC
- Live queries built in
Try it in your browser π https://t.co/aYiAjX5WoM
I'm working on a fifth model, specifically for the agent use-case (a hybrid of 3 & 4): give clients a query builder with full SQL fidelity -- but that can't escape tenancy boundaries.
How much would that move the needle on an "untrusted middle layer"?
(Link if curious: https://t.co/4uzMl0Y9Uq)
@joschelboschel Appreciate it!
It's a fork of tsgo, so you can just do: `typenix --lsp --stdio` (vim example recently added to README: https://t.co/M6kGAU4w2H)
What do you mean by marketing? Happy to improve if its something specific.
Announcing TypeNix: full typing for Nix, based on TypeScript.
The trick: map Nix AST -> TS AST: the typechecker never knows it's looking at Nix.
Types all 42K nixpkgs files, 13s locally. Fixed-point patterns (`makeExtensible`, etc.) typed.
Early PoC: https://t.co/4lXz8OxCJK
@typescript@grhmc@tweagio
@joschelboschel Honored! Probably just a link and short description for now given it's an early PoC. TypeNix is based on tsgo, I know there's WASM ports of tsgo but still assume it would need some extra work. Would love to be included.
Writing code is no longer the bottleneck.
AI agents are already opening pull requests, monitoring repos, and writing meaningful code.
The real bottleneck is validating that code safely against real infrastructure.
Today weβre announcing what we built to fix that.
The power of AI agents comes from:
1. intelligence of the underlying model
2. how much access you give it to all your data
3. how much freedom & power you give it to act on your behalf
I think for 2 & 3, security is the biggest problem. And very soon, if not already, security will become THE bottleneck for effectiveness and usefulness of AI agents as a whole (1-3), since intelligence is still rapidly scaling and is no-longer an obvious bottleneck for many use-cases.
The more data & control you give to the AI agent: (A) the more it can help you AND (B) the more it can hurt you.
A lot of tech-savvy folks are in yolo mode right now and optimizing for the former (A - usefulness) over the the latter (B - pain of cyber attacks, leaked data, etc).
I think solving the AI agent security problem is the big blocker for broad adoption. And of course, this is a specific near-term instance of the broader AI safety problem.
All that said, this is a super exciting time to be alive for developers. I constantly have agent loops running on programming & non-programming tasks. I'm actively using Claude Code, Codex, Cursor, and very carefully experimenting with OpenClaw. The only down-side is lack of sleep, and an anxious feeling that everyone feels of always being behind of latest state-of-the-art. But other than that, I'm walking around with a big smile on my face, loving life π₯β€οΈ
PS: By the way, if your intuition about any of the above is different, please lay out your thoughts on it. And if there are cool projects/approaches I should check out, let me know. I'm in full explore/experiment mode.
@AnnikaSays Love the Slack structure insight.
Question: are you running OpenClaw on real accounts (email, personal files, etc.) or test data? Building a security layer for exactly this -- curious if you've hit any trust/privacy concerns.
@mitsuhiko Love it & completely agree we will see programming languages for agents.
I'd add primitives for running untrusted/semi-trusted LLM generated code securely:
- isolation
- fine-grained access/delegation
- data flow tracking (application of "flow context")
Yes and even sandboxing isn't enough either: you need fine-grained data access and data flow control within the sandbox.
That's exactly what I'm building: https://t.co/9IPccfWxSm
If you're blocked on agent privacy/security, would love to hear your integrations/use-case.
@thoughtlesslabs Building exactly this: policy layer where "don't leak passwords" is enforced by the system, not a suggestion to the LLM.
What integrations would unblock you?