ci-cd
Browse all articles, tutorials, and guides about ci-cd
Posts
Per-Branch AI Endpoints: Isolating Model Spend Across Prod, Preview, and CI
When previews, CI, and production all call models with the same key, you cannot tell what a preview cost or notice a runaway test until the invoice. Because a Neon branch is its own deployment with a usage ledger that lives in the branch's Postgres, model spend is attributed and isolated per environment. I proved it: a CI branch spent tokens while production stayed flat.
When the SSH Server Attacks the Client: libssh2 CVE-2026-55200
You spent years hardening sshd. This bug does not care. CVE-2026-55200 is a pre-auth heap overflow in libssh2 where a malicious SSH server takes over the client that connects to it, no credentials needed. And libssh2 is a client library hiding in curl, git tooling, and backup jobs all over your pipeline. Here is the bug, who is actually exposed, and how to find it in your stack.
Preview Environments That Include the Backend, Not Just the Frontend
Every PR gets a frontend preview URL. The backend is almost always one shared staging database, so previews quietly lie to you. On Neon a branch is the database, its data, and the functions together, so each PR can get a real isolated backend. Here is the workflow, tested end to end.
npm v12 Will Stop Running Install Scripts. We Audited Our Repos to See What Actually Breaks
Starting with npm v12 (estimated July 2026), dependency install scripts will not run unless you allowlist them. We ran the new audit tooling on our own production repos: 65 packages flagged, 4 that matter, and a surprising amount of nothing breaking.
CVE-2026-3854: A Single git push Owned GitHub
A semicolon in a git push option let any authenticated user run code on GitHub.com's backend and on 88% of self-hosted GitHub Enterprise installs. Here is how the bug worked and what to do.