►
From YouTube: hyper63 TSC Meeting 2/17
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
B
A
B
C
A
The
sun
yeah
came
out
today,
that's
nice
cool.
Well,
I
will
just
roll
through
the
agenda
and,
if
you
guys
have
anything
to
add
just
let
me
know,
I
don't
think
we
have
any
new
folks
on
the
call.
So
everyone
knows
each
other
which
is
cool
and
then
project
update,
I'm
gonna
roll
through
the
updates
there
on
the
change
log,
at
least
most
of
them,
but
feel
free
to
stop
me
and
ask
questions.
A
A
Add
update,
delete
endpoints
for
the
data
port
and
working
and
tested
and
validated
on
both
pouchdb
and
couchdb,
which
is
cool,
did
a
live
stream
last
week
on
going
through
adding
that
and
posted
those
videos
on
youtube,
and
I
think
that
live
stream
kind
of
kind
of
shows
you
each
piece
of
the
architecture,
so
so
maybe
worth
checking
out
for
folks
wanting
to
contribute
and
then
with
search.
A
You
can
add
bulk
documents
to
your
index,
so
you
can
take
a
list
of
json
documents
and
post
them
to
underscore
bulk
and
they
will
add
to
your
index
and
they're
item
potent.
So
if
you've
already
added
them,
they'll
just
do
nothing.
So
so
that's
probably
the
biggest
thing.
The
other
thing
was
creating
a
github
repo
called
tour,
which
really
kind
of
is
a
quick
10,
20
minute
kind
of
immersive
tour
through
the
hyper
api.
A
A
Using
the
playground
site,
you
kind
of
stick
your
email
in
there
and
you
get
a
jwt
and
then
you
can
go
through
the
tour
step
by
step,
also
created
a
video
screencast
for
that
and
did
a
kind
of
promo
for
os
101
conference
coming
out
open
source
101
at
the
end
of
march
and
did
like
a
two
or
three
minute
kind
of
demo
to
todd
lewis
on
that,
and
that
was
pretty
cool
and
it's
pretty
cool
todd
totally
gets
it
super
excited
about
hyper
63
understands
the
problem.
A
It's
going
to
solve
and
said
a
great
job
on
the
the
website
and
the
blog
and
all
that.
So
that
was
pretty
cool,
that's
good
feedback
and
then
the
other
thing
that
I
I
spent
the
last
few
days
on
is
what
I'm
calling
the
micro
stack.
A
So
lately
we've
been
working
with
what
I
call
the
nano
stack
and
the
nano
stack
is
really
something
to
run
on
a
single
computer
or
you
know,
kind
of
like
a
single
process
and
it
uses
pouchdb
kind
of
file,
system
for
storage
and
memory
for
cache,
and
this
library
mini
search,
which
is
memory
for
search
and
then
the
the
micro
stack
is
more.
A
A
So
in
that
stack,
we
have
couchdb
as
the
adapter
for
the
database
redis
as
the
adapter
for
the
cache
min
io
as
the
adapter
for
storage,
which
is
a
really
cool
project.
It
basically
uses
the
same
api
as
s3,
but
allows
you
to
run
as
as
like
a
server
or
a
cluster
etc
on
any
cloud.
So
that's
pretty
cool
worth
checking
out
and
then
elastic
search
for
search
and
in
the
repo
I
created
a
micro
folder
in
the
images
folder
that
really
provides
a
docker
compose.
A
So
you
can,
you
know,
pull
the
project
down
and
run
docker
compose
on
that
and
it
would
spin
up
docker
containers
of
all
of
those
services
and
then
spin
up
a
hyper
63
that
connects
to
those
services.
So
you
can
kind
of
see
how
you
can.
You
know
run
that
micro
stack
on
your
local
computer.
If
you
wanted
to
and
then
the
other
thing
that
I
just
finished
and
I'll
post
in
the
in
the
slack
is
there's
a
service
render.com.
A
That
is
like
a
platform
as
a
service,
but
it's
built
on
kubernetes,
so
it
has
all
of
the
nice
stuff
that
kubernetes
has.
But
sorry
my
talk
is
driving
me
crazy.
Do
you
need
to
go
outside
hang.
A
On
sorry
about
that,
he
wouldn't
leave
me
alone,
I'm
like
I
think
he
needed
to
go
outside,
but
so
what
I
was
saying
is
the
render.com
is:
is
a
platform
as
a
service
built
on
kubernetes.
So
it
has
all
the
same
semantics
as
kubernetes,
but
it's
you
give
it
a
simple
yaml
file
and
it
deploys
for
you
I'll
post
that
in
the
chat
as
you
might
want
to
take
a
look
at
it,
but
basically
what
I
did
was
set
up
a
deployment
script
for
render.
A
So
you
know,
if
you
had
a
render
account,
you
could
just
you
know,
really
click
a
button
and
launch
hyper
63
on
render.com.
Under
your
account.
Now
the
you
know
the
it
does
set
up
all
the
servers
as
if
you
were
going
to
run
them
in
kubernetes,
so
it
it.
It
won't,
be
well
free.
Let
me
see
where
it
went.
A
Here
here
we
go
I'll
paste
it
in
the
chat
here.
So
so
basically
it
just
gives
you
a
an
example
of
how
you
would
set
up
these
services
and
connect
to
them
with
hyper
63
using
the
configuration
one
of
the
the
cool
bits
is,
let's
see
if
I
can
show
the
config
file.
A
Is
the
the
config
file
is
using
esm,
so
so
that
was
pretty
cool.
A
So
that's
pretty
cool,
you
can
see
the
adapters
and
the
plugins
and
the
middleware,
and
it's
it's
all
like
the
screenshot
I
took
a
few
weeks
ago.
So
that's
pretty
cool
and
let's
see,
I
think,
all
that's
the
update
so
refactored,
the
redis,
minio,
elastic,
search
and
couch
and
actually
tyler
did
the
elastic
search
adapter,
which
was
super
cool.
So
all
those
are
kind
of
in
this
new
packages,
architecture
and
and
working.
A
So
those
are
the
the
updates
and
the
shout
outs
again.
Wanna
thank
ben
and
janita
for
doing
the
tour
and
verifying
that
the
tour
kind
of
experience
worked
and
casey
for
commenting
on
the
security
discussion
which
we'll
talk
about
joe
dukes
for
helping
organize
the
jairus
code,
school
alumni,
demo
and
then
tyler
for
contributing
to
the
the
core
project
and
and
really
you
know,
working
on
refactoring
the
elastic
search
package
to
work
with
with
the
new
ports.
A
So
thank
you
all,
and
then
one
little
thing
on
that
is:
we've
got
a
blog
set
up.
So
if
anyone
wants
to
guest
post
on
the
blog
happy
to
allow
you
to
be
a
guest
post
person-
and
it
doesn't
have
to
be
about
hyper-
it
could
be
just
about
you
know-
apps
front
end
stuff.
You
know
apis
anything
that
that
we
want
to
talk
about,
but
that's
open.
A
So
if
anyone
would
like
to
do
that
or
if
would
like
to
for
me
to
cross
post
their
post
that'll
be
pretty
cool
one
of
the
things
I'm
gonna
do
with
the
blog
is
to
set
up
a
cross
post
so
that
when
an
article
is
posted
to
the
blog
it'll
automatically
go
to
medium
dev,
2
and
substack,
so
it'll.
You
know
I
want
to
keep
the
source
of
truth,
the
blog,
but
then
want
to
also
you
know,
get
an
audience
too.
So
I've
got
the
medium
and
sub
stack
set
up.
A
I've
just
got
to
set
up
the
dev2
and
I
think
I'll
have
that
in
a
couple
have
that
going
by
this
meeting
next
time.
A
This
is
kind
of
the
road
to
a
release
still
targeting
end
of
march
to
have
a
release,
but
most
of
the
things
that
we'll
choose
from
here
on
out
will
be
focused
at
getting
a
viable
release
and
I
think
the
core
is
pretty
much
there
and
there's
two
two
main
rfcs
to
discuss
today
and
I
think,
depending
on
what
we
decide
there,
that's
gonna
really
kind
of
frame
the
release.
If
you
will
for
hyper,
the
rest
will
be
kind
of
documentation
and
guides
and
stuff
like
that.
A
So
with
that
said,
before
we
jump
into
the
discussion,
is
there
any
feedback,
comments
or
questions
about
the
updates
and
shoutouts.
B
A
B
Also,
have
you
been
getting
questions
about
async's,
the
async
adt.
A
Not
not
many
questions,
tyler
kind
of
picked
it
up.
One
of
the
things
that
that
I
I
ran
into
was
you
know
it's
not
necessarily
yet
esm
friendly
on
some
stuff,
but
but
all
in
all,
it's
been
working.
Fine.
B
Cool
yeah,
I
think,
probably
at
some
point
like
when
I
don't
know
when,
but
at
some
point
when
I've
had
time
I've
been
meaning
to
write
a
post
on
async
anyway,
so
doing
it
and
like
using
references
in
the
project
could
be
something
that
could
work
out
and
then
you
can
also
anytime
someone's
like
hey.
How
do
I
work
with
this?
You
could
be
like
boom
blog
post.
A
Yeah,
I
think
that
would
be
awesome
yeah.
I
I'm
working
on
a
post
with
the
api,
but
but
definitely
want
to
continue
to
to
to
talk
about.
A
You
know
adt's,
especially
a
sink
and
really
have
been
using
a
lot
of
reader,
a
sync
to
to
essentially
inject
the
services
as
a
reader
and
then
ask
for
them
when
you
need
them
through
the
pipeline
and
that's
been
working
really
really
well
it
just
it
makes
it
makes
things
so
much
easier
to
manage.
E
A
Yeah
right
now
we're
using
crocs,
but
it's
it's
all
just
vanilla
adt's,
so
I'm
just
using
crocs
just
because
the
the
errors
are
clear.
A
A
So
I
I
built
my
own,
but
as
of
like
a
few
days
ago
or
whatever
skypac
did
a
release
where
they
actually
improved
their
compatibility
with
node,
and
it
really
is
kind
of
the
node
compatibility
thing.
I
think,
without
digging
too
deep
into
it.
So
if
you
know-
and
I
actually
got
crocs
to
to
run
on
dino-
which
was
pretty
cool,
so
you
know
again
the
other
thing.
A
The
only
other
reason
that
I
wrote
the
ether
and
task-
and
I
wrote
this
validation
toolkit
on
dino,
because
I
want
to
build-
maybe
build
a
a
validation
library
right,
build
build
one
that
you
know
that
that
could
be
first
class
in
hyper.
63.
A
E
Does
that
make
sense
yeah?
I
remember
your
post
a
few
days
ago
about
being
able
to
to
use
crocs
for
the
first
time,
but
I
don't
it
did
not
connect
that.
That
was
why
you
were
you
created
your
own.
I
thought
that
you
just
preferred
your
own.
For
some
reason,
I
thought
you
had
a
preference
for
your
own,
a
good
recommendation,
also
by
the
way
for
robert
and
and
tyler,
although
I
did
just
end
up
implementing
my
own,
because
it
was
quicker
at
the
time.
B
A
Things
that
that
I'm
doing
because
lucha
has
a
lot
of
great
stuff,
but
I'm
using
vercell's
fetch,
retry
and
wrapping
fetch
around
fetch,
retry
and
then
wrapping
that
in
a
sink.
So
I
get
a
lot
of
a
lot
of
good
good
things
from
that
from
that
api.
So
so
the
fetch
has
the
retries
in
it.
But
then
the
wrapping
around
the
sink
from
promise
with
the
the
timeouts
is
kind
of
nice.
B
D
A
Yeah
yeah,
I
mean
it's,
it's
only
like
you
know.
If
you
go
and
look
at
the
code
for
the
fetch
retro,
it's
only
like
five
lines
of
code,
but
it's
like
you
know
they
did
it
and
it's
just
if
it
comes
to
a
point
to
do
it
then
do
it,
but
but
yeah
I
I
really
like
I
mean
so
so
sanctuary
is
cool,
but
it's
you
know
again.
I
don't
know
enough
to
to
know
what
I'm
saying,
but
what
I
feel
is
you
know.
A
Crocs
is
very
you
know,
javascripty
and
kind
of
paired
with
ramda,
and
it's
kind
of
meant
to
work
with
ramda
really
well
sanctuary
seems
to
be
more
haskelly,
right
and
and
very
kind
of
focused
in
that
that
way.
But
but
again
I
think
it
just
they
all.
They
all
work
and
they're
all
kind
of
the
the
same.
E
B
Do
those
yeah-
and
I
will
I
will
say
like
if
it
if
any
of
these
things
like,
if
you
were
just
if
you
were
only
if
I
could
say
just
like,
maybe
just
if
you
were
only
you
know
going
into
this
one
thing
and
doing
you
know
lifting
into
this
higher
state
to
do
one
thing
and
then
coming
right
back
out
of
it
like
I'd,
say
there,
you
know.
There's
no
point
like
just
do
the
do
the
thing
and
do
it
safe.
B
You
know
like
like
why
lift
stuff
into
a
maybe
or
an
either
and
then
just
bring
it
right
back
out,
but
it's
it's.
You
know
if
you're
able
to
like
lift
stuff
up
into
this
higher
safe
level-
and
you
know
do
what
you
want
all
around
you
know
only
extracting
stuff
when
you
need
to
that's,
that's
where
I
think
the
value
comes
out,
but
it
seems
like
these
things
are
working
out.
A
Yeah
they're
they're
working
really
well,
the
you
know
you
get
you
get
extensibility
by
default
and
and
that
that
extensibility
to
you
know
like
like
in
the
live
stream,
adding
the
bulk
endpoint
right.
It's
not
so
so.
Pouchdb
has
a
bulk
endpoint,
so
so
you're
like
okay,
well
I'll,
just
take
these
json
documents
and
add
it
to
that.
Call
that
bulk
endpoint
and
be
done.
But
it's
not
that
simple.
A
Those
json
documents
have
ids
pouch
tvs.
Looking
for
underscore
ids
pouch
db
won't
do
an
update
without
a
rev
right.
Those
documents
don't
have
revs,
so
you
you
had
to
kind
of
create
this
pipeline
where
you're
transforming
the
data
and
you're
also
making
a
sync
calls
to
the
database
to
say
you
know
like
give
me
all
the
revision
properties
for
these
ids
and
then
creating
your
doc
collection
based
on.
Is
this
an
ad?
Is
this
an
update?
A
Is
this
a
delete
kind
of
thing
and
then
called
the
bulk
update,
and
so
you
know
just
just
being
able
to
turn
everything
into
legos
and
just
work
and
say:
okay,
I
need
to
get
this
step
right
boom.
Then
this
step
boom.
Then
this
step-
and
you
just
work
through
that
pipeline
and
then
at
the
end,
it's
done,
but
the
the
biggest
win
is
in
my
opinion
is
testing
it.
It
just
makes
testing
really.
A
You
know
you,
you
validate
your
input,
you
process
your
pipeline
and
your
output's
either
going
to
be
an
error
or
a
success
right.
So
your
test
is,
in
my
opinion,
clear
and
concise.
A
Nice
yeah,
but
but
it
really
in
time
right
so
I
was
able
to
implement
that
pipeline
feature
with
happy
and
sad
tests
and
everything
over
four
live
streams,
so
basically
four
hours
worth
of
actual
work
and
and
having
that
abstraction
just
removes
so
much
boilerplate
to
where
it's
just
you
know,
you're
focusing
on
you
know
the
business
value
right,
you're,
focusing
on
the
problem
not
trying
to
set
up
something
to
get
to
the
problem,
so
big
thumbs
up
with
a
sink
for
me:
cool
cool
next
yep,
so
rfcs,
the
first
one
is
security
and
basically.
A
I'm
really
going
back
and
forth
a
lot
on
this,
but
but
basically
you
know
casey
brought
up
a
good
point
last
meeting
about
you
know
adding
security
in
some
fashion
to
the
project,
and
so
one
of
the
one
of
the
initial
proposals
after
that
was
like
adding
scopes,
and
so
so
the
way
that
the
first,
let
me
kind
of
back
up
and
say
the
way
that
the
project
is
now
is
that
you
can
choose
what
kind
of
app
you
want
to
run
and
that
app
is
the
interface
so
that
app
could
be
express
that
app
could
be
grpc.
A
It
could
be
pro
buffers,
it
could
be
graphql.
A
All
of
those
things
are
true
and
then
there's
this
middleware
piece
that
will
essentially
act
like
a
pipeline
so
before,
and
it
depends
on
this
app
implementing
this
middleware
right.
So
so
this
app
has
basically
the
app
when
you
execute
it.
It
returns
a
app
and
the
middleware
gets
injected
into
the
app.
So
that
app
has
to
do
something
with
that
middleware.
A
I'm
gonna
take
an
argument
as
an
app
and
I'm
going
to
return
an
app,
so
the
middleware
pipeline
is,
I
take
an
app
and
I
return
an
app
and
in
this
case
we're
using
it
to
secure
this
service
by
jwt
using
a
secret,
but
it
could
be
a
public
private
key.
It
could
be
oauth
too.
It
could
be
whatever
you
choose
to
to
use,
so
so
it
could
be
completely
passed
through
because
your
infrastructure
is
creating
the
security
boundaries
right.
A
So
so
like
in
google,
you
can
just
load
stuff
in
a
pod
and
then
you
can
just
say
secure
this
endpoint
right
and
and
google
will
do
that
or
you
could
use
a
tool
like
a
security
gateway
like
a
kong
or
express
gateway
and
secure
the
endpoints
that
way,
so
this
kind
of
leaves
everything
open,
and
you
know
what
what
casey
was
saying
was
that
you
know
that's
great
for
big
enterprise
projects,
but
maybe
maybe
for
small
startups
having
something
regarding
best
practices.
A
A
If
you
wanted
to
write
data,
it
would
be
data
colon
write
and
that's
so
so
that
would
change
the
surface
area
of
the
core
and
basically
say
that
you
know
the
app
would
be
responsible
for
passing
the
scope
to
the
client,
and
I
tried
to
draw
this
out
or
or
the
scope
to
core.
So
the
app
would
be
responsible
for
passing
the
scope
to
core,
and
I
tried
to
draw
this
out
in
a
sequence
diagram.
A
Hopefully
it
makes
sense,
and-
and
this
is
where
I'm
struggling
is
when
you
know
when
you're
dealing
with
services,
you
have
a
different
authentication
scheme
than
what
your
client
deals
with
with
an
api
right.
So
if
you
were
connecting
to
twilio
in
your
app,
you
would
register
with
twilio
and
you
would
get
an
api
key
and
then
your
app
would
be
able
to
do
everything
that
that
api
key
could
do
on
twilio.
A
So
I'm
kind
of
following
that
kind
of
practice
versus
making
the
service
too
complicated,
where
the
api
has
to
think
a
lot
like
it's
like,
and
the
reason
is,
is
because
the
api
should
be
really
kind
of
being
the
the
router.
If
you
will
the
who
can
go
where
when
right,
because
it
knows
who
the
client
is
and
what
the
client
is
authorized
to
do.
A
So,
as
I
drew
this
out,
you
know
it's
like
the
client
goes
to
the
aussie
server.
They
get
some
sort
of
valid
thing
and
then
they
request
get
movies.
A
A
Then
the
api
would
have
to
use
that
jwt
to
do
a
request
to
hyper
to
get
the
movies
and
then
it
would
validate
that
token
check
the
scope
return,
the
movies,
then
the
api
would
return.
The
movies
to
the
client
does
that
make.
A
What
I
struggle
with
is
this
extra
hop
for
every
single
request.
I
just
I
don't
like
it
and
then
you
have
to
sit
there
and
say
well
what
are
you
going
to
pass
as
the
api?
To
get
that
token,
so
you
got
to
pass
something
so
the
alternate
proposal.
A
And
then
you
generate
your
token
and
then
you
make
a
post
or
you
could
do
a
shared
secret.
Generate
your
token.
Make
a
post,
but
but
still
api
are,
are
the
the
client
right,
the
hyper,
63
client
kind
of
generates
the
token,
instead
of
making
a
separate
call
to
hyper
63
to
generate
the
token
to
me,
this
is
a
little
bit
more
cleaner.
E
A
So
the
the
the
trade-off
is,
you
know
the
the
api
has
to
maintain
some
sort
of
thing
that
it
knows
about
right
and
and
even
either
one
of
these
it
has
to
to
do
it.
The
the
trade-off
is
that
it's
just
one
less
hop,
and
I
think
this
could
be
implemented
in
the
client,
the
hyper
63
client
so
like
the
api
caller,
the
the
api
developer
wouldn't
even
have
to
know
about
the
private
key
right.
C
A
A
Yeah,
well,
I
think
the
first
question
is
in
the
proposal
was
kind
of
focused
on
let's
get
to
adding
scopes
for
for
essentially
each
endpoint,
so
in
core.
A
A
C
I
think
it's
good
that,
if
we're
going
to
use
tokens
to
kind
of
constrain
access
that
we
don't
want,
like
a
token
being
hijacked
to
be
able
to
use
on
any
hyper
63
port
like,
for
example,
if
I
get
a
data
or
if
I
get
like
a
search
token,
and
I
could
start
mucking
around
in
data
and
like
deleting
data
or
mutating
it.
That
sounds
kind
of
not
good.
C
C
A
Yeah,
I
think
the
the
the
biggest
one
that
that
we
have
to
definitely
address
is
the
the
destroy,
because
it's
super
easy
right
now
to
like
destroy
a
database
or
destroy
your
search
by
mistake.
C
D
C
I
don't
know
how
conventional
that
is.
I
would
defer
to
other
folks
on
the
call
that
have
a
bit
more
experience
with
scope
claims.
Unlike
a
jwt.
C
And
I
guess
the
scopes
can
be
whatever
you
want
them
to
be,
but
yeah
write,
read
and
destroy
sounds
like
a
sounds.
Reasonable
sounds
kosher
to
me.
B
I
was
pretty
standard
for
stuff.
Like
I
mean
you
could
see
this
on
github
for
generating
a
token.
For
example,
I've
seen
it
a
bunch
of
places
and
makes
sense.
A
A
Basically,
the
way
you
know
you
could
use
the
rest
api,
but
you
know
you
have
to
kind
of
build
your
own
client.
Essentially,
so
what
we're
working
on
is
you
know
and
envision
a
client
for
every
single
you
know
kind
of
platform.
A
We
may
not
build
all
of
those,
but
but
definitely
the
node
client
and
then
in
this
client.
A
You
can
create
the
client
and
pass
some
arguments
and
in
this
situation
it
could
be
like
you
know,
past
a
private
key
or
or
a
secret,
or
something
like
that.
But
then,
when
you
call
client
data
create
this
client
will
inject
the
right
scope
for
you.
So
so
you
wouldn't
have
to
inject
the
scope
right.
So
so,
as
someone
building
their
api,
they
get
that
security
by
default.
C
A
If,
if
we
do
this
round
trip
every
time,
then
something's
got
to
validate
this
post
right,
so
you
need
another
layer
to
validate
the
post.
C
C
Whereas
if
you
have-
and
it's
just
latency
it's
just
more
sort
of
propagation
delay
waiting
on
things
to
come
back,
it's
not
something
you
can
cache
right.
So
just
signing
a
jwt
with
a
secret
makes
sense
to
me.
C
A
Right
and-
and
actually
this
would
be,
the
the
ap-
the
api
would
actually
own
the
private
key
right
so
like
it
just
wouldn't
be
yeah,
so
so
the
api
would
own.
The
private
key
and
hyper
would
only
know
of
the
public
key,
so
so
hyper
would
never
know
what
the
private
key
was
in
the
api
would,
you
know,
know.
C
Its
private
key
interesting,
so
this
says
this
could
give
the
ability
of
the
consumer
of
hyper
63
to
rotate
its
own
keys
right
for
whatever
use
case.
Maybe
one
company
they
rotate
their
keys
once
a
month
or
something
because
they're
lazy
and
then
another
company.
They
have
hyper
sensitive
data,
pun
unintended,
and
so
they
have
to
rotate
their
keys
every
hour
and
they.
A
Right
and-
and
I
really
like
the
way
that
this
project
cds
hooks
does
it,
but
basically
in
the
off
z
server,
you
have
an
an
endpoint
that
allows.
You
sorry
allows
you
to
get
your
get
the
public
key,
so
so,
basically
and
all
zero.
Does
this
too,
I
think
yeah
onsier?
Does
it
too
so?
A
Basically,
hyper
63
would
come
in
and
in
cash,
but
would
go
hyper
63
to
all
c
get
public
keys,
and
with
that
step
you
know
you
would
write
your
own
middleware
or
we
could
have
a
middleware
that
implements
an
example
like
this,
but
but
with
that
step,
that's
how
you
would
do
key
rotation,
so
this
aussie
service
would
provide
your
key
rotation
and
every
time
a
private
key
came,
there
would
be
in
the
header
of
the
jwt.
C
Yeah-
and
I
think
that
that
that
makes
sense,
I
think
it
also
from
like
a
developer
perspective,
typically
with
sort
of
open
source
solutions,
things
that
I've
seen
at
least
there's
like
a
you,
can
spin
up
just
like
a
sandbox
with
no
sort
of
off,
and
then
you
can
turn
off
on
later,
like
so,
you
can
just
play
in
the
sandbox.
This
firebase
has
this.
C
A
No,
you
you
could
you
know
you
could
include
your
public
key
as
as
an
environment
variable
or
as
a
secret
file.
So
then,
when
hyper
starts
up,
it's
got
it
essentially.
A
C
Yeah,
I
mean,
I
guess
you
could
as
part
of
that
middleware
hyper
63
or
whatever.
Maybe
it's
not
middleware
at
this
point?
If
it
does
this
like
on
startup,
it
fetches
the
public
id
from
your
auth
from
your
authorization
server
and
it
doesn't
on
hyper
63
is
like
health
check-in
point
or
something
it
doesn't
come
up
as
healthy
until
it
receives
that
key.
C
E
E
Basically
you
wouldn't
you
wouldn't
have
anything
to
do
with
generating
a
secret
and
then
sending
a
public
key
to
hyper
63
it'd
almost
be
sort
of
the
opposite.
A
That
hyper
trust
right.
So
so,
if
you
know,
if
you
wanted
to
to
do
that,
then
you
know
a
better
approach
would
be
to
to
use
something
like
express
gateway
and
and
put
this
gateway
kind
of
in
front
of
hyper
63
and
manage
it.
That
way,.
A
Or
are
a
kong
or
a
mule
or
apogee,
you
would
and
and
again
one
one
of
the.
The
reasons
is
that
it's
like.
A
A
You
know
it's
not
going
to
be
able
to
be
used
in
an
open
source
context
and
a
multi-tenant
service
context
without
having
you
know
really
some
some
some
weird
abstractions
that
that
make
it
a
challenge,
so
so
that
that's
really
the
main.
The
main
problem.
C
It's
like
authorization
server
it
it's
appealing
to
me
just
because
I
know
a
lot
of
companies
will
already
have
like
an
authorization
server
like
like
aut00
or
something,
and
they
just
want
to
keep
using
that
and
not
have
to
worry
about
other
kinds
of
tokens,
and
so
they
just
use
auth0
as
their
identity
provider,
an
authorization
server
and
then
just
post
those
tokens
into
63
and
hyper
63,
just
sort
of
adopts
their
authentication
strategy
or
their
authorization
strategy.
Sorry.
A
What
is
the
secret
sauce
that
allows
this
api
to
get
a
token?
Is
it
you
know
an
api
key
right
and
then,
if
someone
else
gets
that
api
key,
then
anybody
can
call
to
get
that
token
and
and
they've
hijacked
the
system.
So.
A
You
know,
63.llc
has
also
a
software
as
a
service
solution
as
well,
but
but
the
the
authentication
models
will
be
different.
B
I'ma,
let
it
sit
for
a
bit.
I
don't
know
enough
about
about
operating
services
with
with
public
private
keys,
to
be
able
to
speak.
A
Yeah
well
a
good.
A
good
example
is
github
right,
so
github
everyone
has
their
private
and
github
shows
the
world
your
your
public
key
right.
So
you
can
go
to
github
and
get
your
public
key
for
your
account,
and
anybody
else
can.
A
A
B
Control
yeah,
it's
the
the
token
stuff
like
this
flow
makes
sense
to
me.
I
don't
like
the
extra
bit
of
work
you
got
to
do,
but
to
go
back
and
do
that
you
know
validating
every
time
for
every
yeah.
I
don't
know,
I
don't
have
an
opinion
right
now,
but
okay,
I'm
sure
I'm
sure
I
usually
do
so.
Give
it
some
time.
A
Well,
give
it
some
thought,
regardless
of
this.
I
think
the
you
know,
however,
that
shakes
out
the
the
thing
is
is
probably
the
the
next
rfc
just
really
quick
is
to.
You
know,
really
make
the
client
kind
of
hide
those
details
anyway,
so
so
that
way,
when,
when
you're
an
api
developer
and
you're
building
your
api
and
you're
connecting
to
your
service,
you
know
whatever
we
tell
you
to
put
in
is
what
you
have
to
put
in
and
then
you're
gonna
you're
gonna
get
access
to
it.
So
we
can.
A
We
can
hide,
hide
those
details
from
the
user.
The
api
developer,
the
the
last
our
rfc
to
to
talk
about,
if
you
have
time,
is.
A
Well,
they're
kind
of
two
one
is
on
the
client
kind
of
start
to
take
these
primitives
and
compose
them
into
pipelines.
So,
for
example,
if
I
know
that
I
want
to
cache
the
document
movie,
then
I
could
just
use
my
client
and
say
set
up
db,
and
here
are
my
document
types.
I've
got
movie,
I've
got
actor,
I've
got
producer,
go
ahead
and
cache
movie
and
go
ahead
and
cache
actor,
and
then
what
the
client
would
do
is
basically
run
a
pipeline.
A
A
We
could
do
the
same
thing
for
search
too.
You
could
just
say
for
name
movie,
do
search
true,
and
it
would
do
the
same.
It
would
basically
compose
the
data
port
and
the
search
port
and
then
every
time
something's
added
to
data
or
updated
from
data.
It
would
just
also
in
that
pipeline,
add
it
to
search
or
update
it
in
search
and
then,
when
you
did
a
search,
you
would
just
have
your
documents
there.
C
As
an
api,
I
love
it.
It's
it's
really
like
simple,
like
as
a
consumer,
just
being
able
to
like
set
a
key.
Is
the
idea
that,
like
when
instantiating
the
client
or
something
like
that,
so
is
the
idea
that
the
client
would
actually
make
two
separate
calls
to
hyper
63.
Underneath
the
hood
yeah.
A
C
A
So
it
would,
you
know,
again,
have
to
map
it
out,
but
but
my
my
my
feeling
is
that
it
would
you
know
once
once
it's
saved
to
the
source
of
truth,
then
it's
going
to
return
a
success.
It
may
return
a
success
with
a
message.
Could
not
cash
check
your
cash
server,
but
it
would
return
a
success
to
the
client.
A
A
Yeah,
the
the
way
that
that
I
would
set
it
up
is,
I
would
set
up
a
you,
know,
kind
of
an
event
kind
of
internal
event,
emitter,
so
that
you
know
it
would
it
would
be
yeah.
I
I
guess
I
guess
we
have
to
think
through
that.
C
A
You
know
again,
this
won't
prevent
you
from
manually
setting
it
up
right.
So
so
maybe
this
is,
you
know
this
is
an
opinionated
use
case.
If
you
want
to
set
something
up,
quick
and
then,
if
this
particular
opinionated
case
doesn't
work
for
you,
then
you
don't
include
cash
and
you
implement
it.
The
way
that
you
want
to
implement
it.
C
B
A
So
search
so
you
just
say,
search
true
and
then
you
know,
basically
it
would
it
would
every
time
you
create
a
new
movie
document.
It
would
also
add
it
to
the
search
index.
A
But
those
are
the
two
main
ones
another
one
could
be
like.
If
you're
setting
up
storage,
you
know
you
might
want
to
upload
a
file
and
upload
metadata
and
you
might
want
to
compose
those
two
like
an
avatar
for
a
user
account
or
something
like
that.
A
The
last
one,
just
you
know.
A
The
schema
kind
of
like
a
mongoose
if
you're
familiar
with
mongoose
are
sequalized
where
in
your
client
you
go
through
and
basically
you
know
basically
add
a
schema
as
you're
you're
setting
up
your
document
types
and
then
that
schema
just
has
to
follow
some
sort
of
pattern,
probably
model
it
after
zod
or
something
it
would
be,
would
be
nice
to
model
it
after
an
either
right
or
or
a
a
validation
result.
A
So
you
know
anything
that
can
generate
a
validation
result
type.
It
would
work,
but
but
anyway,
either
way
the
the
gist
of
it
is
that
as
I'm
building
these
types,
I
can
give
it
a
schema
and
then
the
client
would
actually
essentially
do
a
validation
step
before
it
actually
persisted
anything.
C
C
So
my
first
thought
on
this
and
it
kind
of
ties
into
a
question
I
had
on
the
last
discussion
or
the
last
rfc
was
like
the
plug-in
system
that
we
built
for
hyper
63
allows
for
like
plug-in
composition,
to
build
an
adapter
for
a
given
port.
C
A
So
I'd
have
to
give
some
thought
to
that:
how
do
you
keep
them
generic
and
you
know
again,
keep
you
know,
keep
the
api
team
focused
on
solving
business
problems
and
not
in
you
know,
kind
of
infrastructure.
C
C
But
I
like
thinking,
I
don't
know
some
sort
of
like
validation,
plug-in
and
you
could
like
validate
over
this
particular
you
compose
a
validation
plugin
and
it's
just
a
very
generic
like
pass
it
to
schema,
and
then
you
can
compose
it
on
top
of
create
document
for
a
data
port,
for
example,
and
then
it
would
add
that
validation
and
if
it
passes
validation,
then
it
calls
the
next
piece
of
in
the
plug-in
chain
to
persist
it.
C
A
We
might
yeah,
but
it's
just
bypassing
core
and
core.
Has
your
your
hooks
and
your
scopes
and
I
don't
know
it.
D
A
Mitigates
you
know
the
the
purpose
of
the
data
adapter
is
is
really
well
defined.
If
you
I
mean,
certainly
you
could
add
a
plug-in,
but
I
think
it
it
kind
of
breaks
its
mission
a
little
bit.
A
Yeah,
the
use
case
here
is
is
really
like
twofold.
One
is
to
have
a
a
second
line
of
defense
before
you
throw
your
data
to
hyper
63.
A
The
the
other
is
that
you
could
imagine
some
sort
of
admin
ui
where
or
an
admin
tool
where
someone's
kind
of
building
these
schemas
and
they
generate
the
validation
into
code
for
the
api
team
to
use.
A
So
I
think
think
of
a
cms
portal
right
where
you
go
in
and
you
specify
your
models
and
then
then,
when
developers
use
those
endpoints,
those
models
validate
those
endpoints.
D
A
B
No,
I
kind
of
you
were
saying
we
talking
about
having
we
got
like
a
compositional
pipeline
of,
like
I
guess.
Procedurally
like
like
step
one
something
step.
Two
but
like
do
you
know,
do
something
with
the
with
a
request
or
structure
of
data
and
then
step
two
validate
that
and
then
like,
if
everything's,
fine,
just
return
whatever
that
data
was
and
carry
on
to
the
next
step,.
B
Don't
know
I'm
just
saying
we've
I've
for,
like,
I
guess
three
years
now
had
that
on
an
app
at
work
for
better
or
worse,
but
the
biggest
problem
is
that
people
forget
to
include
it
in
these
pipelines.
B
That
doesn't
mean
it's
a
bad
idea.
I
like
that,
I
feel.
Like
I
love,
I
love
the
concept,
that's
how
my
brain
works.
C
C
The
plug-ins
is
an
array
and
a
plug-in
can
implement
a
partial
of
the
port
api
and
then,
as
long
as
those
plug-ins,
when
they're
composed
together
form
the
entire
poor
implementation,
then
that's
that's
what
you
have
so.
Basically,
you
kind
of
compose
a
adapter
out
of
plugins.
A
C
No,
that
makes
that
I
totally
grok
that
tom
I
and
I
agree,
that's
a
that's
a
bad
idea.
We
want
to
be
discouraging
developers
from
doing
that.
I
think
I'm
misunderstanding
what
we
meant
by
sort
of
like
the
validation
that
we
were
meaning
to
enforce
so,
like
data
shape
versus
like,
like
the
shape
of
the
data
versus
like
the
semantic
meaning
of
the
data
or.
A
Yeah,
so
to
try
to
pull
back.
The
genesis
of
this
request.
Number
one
is
is
as
I'm
implementing
two
projects
using
hyper
and
building
two
different
apis.
A
I
I'm
noticing
that
I'm
using
a
similar
pattern
where
validating
then
doing
my
business
rules
and
then
sending
it
to
hyper,
and
this
kind
of
was
derived
from
the
thing
of
you
know
what
what
if
I
have
a
backstop
that
validates
the
schema
on
the
client.
A
So
that
you
know
again,
I
make
sure
before
I
send
to
the
client
that
my
data
is
right
and
then
the
other
side
was
someone
proposed
building
a
portal
so
that
they
could
date
a
model
for
hyper
63.
B
I
get
I
get.
I
get
this
now
yeah
because
it's
it's
like
saying,
I
don't
want.
I
don't
really
care
about
injecting
this,
as
you
know
like
we
like,
we
at
work
use
that
concept.
Tyler
was
talking
about
as
middleware
with
koa
like
that's
a
it's
just
a
middleware
and
a
chain
of
right
goddess
have
any
middleware,
but
this
is.
This
is
more
like
hey.
B
I
want
to
have
this
thing
called
movies
or
movie,
and
here's
what
that
looks
like,
and
so,
whenever
you're
doing
stuff,
I
just
want
you
to
take
what
I
said
a
movie
is,
and
I
want
you
to
make
sure
that
the
movie
is
okay.
Is.
A
A
A
Whereas
with
this
you
would
make
sure
every
time
you
got
a
movie
or
got
a
list
of
movies,
the
client
would
essentially
validate
that,
based
on
your
schema
before
bubbling
it
up
to
your
business
logic
and
to
your
client,
so
it
just
happened
it
just
it.
Just
like,
like
I
said,
there's
two
fold,
one
one
is
just
to
you
know:
reduce
some
additional
code,
maybe
even
make
the
client
have
a
validation
function.
A
And
and
you're
right,
you
would
normally
like
in
koa
or
express,
maybe
use
the
middleware.
But
if
you
use
the
middleware
for
that,
you
know
like
if
we
use
express,
then
then,
if
someone
wanted
to
use
restify
right,
that
middleware
may
not
work
for
that
right
or
if
someone
wanted
to
use,
you
know
gprc
and
a
gateway
there.
Or
if
someone
wanted
just
to
embed,
you
know
kind
of
hyper
in
their
project,
so
those
were
kind
of
the
knocks
for
not
using
middleware.
B
Yeah,
no,
I
dig
it
if,
what's
the
I
have
to
run,
go
do
dead
stuff
in
a
second
yeah.
B
A
A
A
fun
error
I
mean
like
what
I'm
doing
now
is
just
saying
you
know
that
that
that
that
format
is
undefined
or
whatever
something
like
that
unspecified,
but
but
it
yeah.
You
know
if,
if
you
change
the
shape
of
the
movie
and
change
the
validation
and
you
don't
migrate,
your
old
movie
shapes
to
new
movie
shapes.
B
Yeah
an
idea
that
comes
to
mind.
We
are
talking
about
firing
off
events
and
having
listeners
to
that
anytime.
I've
done
anything
like
this
set
up
some
sort
of
whether
whether
you
use
that
on
interface
or
just
have
some
single
callback
that
gets
called
like
on
error,
and
then
you
send
through
essentially
a
type
and
message
or
type
in
payload,
and
then
that
would
let
it
not
fail
silently
and
not
fail
loudly.
It's
more
like
hey
something
ain't
right.
B
A
Cool
all
right!
Well,
that's
all
I
had
was
there
anybody
that
had
any
other
new
business.
Sorry,
we
went
long
today.
E
Can
you
share
those
those
off
diagrams
and
the
slack
because
it'll
be
a
lot
easier
to
talk
about
something
after
looking
at
those
for
a
while
than
improvise.
E
E
You
just
send
those
and
then
I'll
I'll
bring
it
up
next
time,
if
there's
time
or
in
slack
or
something.
A
Yeah
again
just
I,
I
don't
want
to
create
an
open
source
project
that
is
unusable
right,
like
that
you
have
to
you,
have
to
use
the
service
to
to
use
it.
So
that's
the
goal.
Okay,.