Engineering, product, and company updates
Django as a headless API with Next.js as a separate frontend is one of the most preview-unfriendly architectures by default. Here's the configuration that makes per-PR previews work for both halves together.
AI coding agents ship code faster than humans can verify it. Verified software delivery is the practice of making sure every change was previewed, reviewed, and signed off before it reaches production — with evidence that it happened.
A framework-agnostic reference for Node preview environments — build vs runtime env vars, Knex migrations, Express middleware that depends on the request URL, and the patterns that adapt to NestJS or Fastify.
Independent verification and validation has adapted to two previous reshapings of software delivery. Continuous delivery is the third, and it calls for a family of configurable patterns rather than a single new model.
Phoenix LiveView's stateful WebSocket model breaks most preview tooling. Here's a working configuration for previews that handle LiveView sessions, BEAM clustering, and Channels correctly.
FastAPI's async architecture creates preview-specific challenges Django doesn't have. Here's the configuration for async DB pooling, Alembic migrations, and dependency injection that works in ephemeral environments.
AI agents have shifted the bottleneck from deploying code to verifying it. Ephemeral preview environments are the infrastructure primitive that AI-native development demands.
Laravel previews involve queue workers that look like Sidekiq but behave differently, cache scoping that prevents cross-preview contamination, and Artisan migration patterns specific to ephemeral environments.
Vercel previews work beautifully when your whole app is Next.js. The moment you split off an API backend, they don't. Here's the configuration for previews that include both.
A reference setup for Django preview environments — migration ordering, Celery worker scoping, static and media files, and the auth and OAuth callback gotchas.
A real reference setup for Rails preview environments — Docker Compose, ActiveJob and Sidekiq scoping, asset pipeline gotchas, and a seed strategy that works on first boot.
Heroku Review Apps was the de facto preview environment for a decade. Here's an honest look at what's replacing it — Render, Railway, Fly.io, and PreviewProof — and which one fits which kind of team.
IV&V has historically been stage-gated. Continuous delivery breaks that model. Preview environments are the missing piece that lets IV&V engage with what the team actually ships, when it ships, instead of with assembled milestone packages.
Preview environments need security that satisfies compliance without creating friction for external stakeholders — here's how authentication, authorization, and audit apply when the reviewer isn't on your team.
Adding preview environments to GitHub Actions takes a single workflow step — here's how container-based previews integrate with your existing CI pipeline without changing your build.
Ephemeral preview environments need a database that's useful on first boot — here's how to handle migrations, seed data, and realistic test fixtures with PostgreSQL.
Preview environments and staging environments serve different purposes — understanding when you need both and when one is enough depends on your team's testing and release workflow.
Sharing preview environments with non-technical stakeholders shouldn't require VPN access, developer accounts, or Slack threads — here's what secure sharing actually looks like.
User acceptance testing is the final gate before production, but most teams struggle to integrate UAT into modern development workflows — here's how it evolved and what's still broken.
AI-assisted development has created a QA bottleneck — closing it requires democratizing functional testing across the entire team.
Frontend previews from Vercel and Netlify solve a different problem than full-stack preview environments — the architecture determines what you can actually test before production.
Solo developers using AI agents can close the accountability gap by generating acceptance criteria and testable previews on every run.
PII handling in previews takes a different shape when data is CUI. A walkthrough of CUI categories most likely to appear in software contracts, the handling rules that apply, and architectural patterns that make CUI-safe previews possible.
Most preview tools generate audit data, but it lives inside the tool's database in vendor-specific format. Auditors need portable, tamper-evident evidence tied to the deployed artifact. Here's what that looks like.
Federal contractors evaluating preview tools need to know whether the tool can be used under their ATO. A buyer's guide to deployment model, data flow, authentication, and disclosure requirements.
Preview environments can run on AWS GovCloud, but the deployment model differs from commercial AWS. A practical guide to BYOC architecture, FedRAMP boundary questions, and the data residency vs. stakeholder access tension.
Reading the diff isn't enough. Running the tests isn't enough. Here's what actually-good verification of AI-authored work looks like, and why most teams haven't built it yet.
Cursor and Claude Code produce dramatically better output when your repo gives them clear context. Here's how to configure both for preview-aware AI development.
When an AI opens a PR, who actually signs off? The implicit trust chain in code review breaks. Here's a practical pattern for making stakeholder approval explicit.
When an autonomous agent finishes a task and opens a PR, 'is this correct?' isn't answerable by reading the diff. Here's the concrete checklist for what to verify instead.
Seed data takes on a different character when AI is opening pull requests. Here's why the bar is higher, what to seed, and why letting the agent generate fixtures is a trap.
Preview environment workflows were designed for human-paced, human-authored code. AI agents change every assumption — here's what breaks and what to do about it.
An ordered walkthrough you can run on an existing codebase to find the specific places it isn't preview-friendly yet — and a prioritized list of fixes you can ship this week.
CLAUDE.md, AGENTS.md, and .cursorrules are quickly becoming the canonical context files for AI coding agents. Almost nobody writes them with preview environments in mind. Here's what to include.
Repo strategy isn't the same axis as architecture, but it shapes how previews work. Here's how monorepo and polyrepo each constrain preview design — and the patterns that work.
Cost is the second-biggest reason teams abandon preview environments. Here are the ops patterns — auto-sleep, right-sizing, cleanup, shared pools — that make per-PR previews actually affordable.
Sidekiq, Celery, BullMQ, and friends were built for long-lived servers. Here's how to make background jobs work in environments that come and go with each pull request.
Bugs that appear in preview but not on a developer's laptop are an ephemeral version of the dev-to-prod parity problem. Here's what to actually align — and what to leave alone.
All three have official test modes. All three have non-obvious gotchas when you wire them into ephemeral preview environments. Here's what actually works.
Most teams treat feature flags as global. In preview environments, that's exactly wrong — the flag for the feature you're previewing is probably off, hiding the thing you're trying to demo.
Single-service previews are easy. The moment you have two services authenticating to each other, the dynamic-URL problem comes back uglier. Here's how to handle it.
Webhooks have the same dynamic-URL problem as OAuth, with different shapes. Three categories of solutions, when to use each, and the security gotchas nobody mentions.
OAuth expects a registered callback URL. Preview environments give you a new URL on every PR. Here are the four patterns that actually work, with code for each major IdP.
Env vars in preview environments aren't a single config — they're four overlapping layers with different lifecycles. Here's a pattern that holds up.
Should every PR get its own isolated database, or should all previews share a long-lived dev database? It's the most consequential decision in your preview environment design. Here's how to choose.
A migration that runs fine in production behaves differently against a freshly created preview database every PR. Here are the patterns that survive ephemeral environments — and what to do when migrations are too slow.
Test fixtures are designed to test code paths. Preview environment data needs to test user experience. Three users and four orders won't surface the pagination bug. Here's why synthetic data generation is a different discipline.
Preview environments and PII don't mix. The moment a PR preview contains a real customer's email, you've created a compliance problem — even if only your team can see it. Here's how to handle PII as a first-class concern in preview seed data.
Empty databases produce useless previews. Production data is too risky and too large. Here are the four real strategies for seeding Postgres in ephemeral environments — and when each one is actually the right choice.
Most preview environment failures aren't tooling problems — they're architecture problems. Here's an opinionated checklist for what 'preview-friendly' actually means at every layer of your stack.