InfoQ

Behind the Scenes: Block 450 JVM Repositories Into Monorepo to Reduce Dependency Drift

Leela Kumili — Fri, 19 Jun 2026 14:47:00 GMT

Block, Inc. describes migrating ~450 JVM repositories into a monorepo across Cash App and Square engineering to reduce dependency drift and coordination overhead. The system supports ~8,800 weekly builds with ~10 min p90 CI time. The approach improves cross-service changes, build visibility, and developer experience through dependency graph–based builds, selective CI, and custom IDE tooling.

By Leela Kumili

Presentation: AI Agents to Make Sense of Data at OpenAI

Bonnie Xu — Fri, 19 Jun 2026 12:02:00 GMT

OpenAI’s Bonnie Xu discusses Kepler, an internal AI data analyst agent built to query 600+ petabytes of data. She explains how they overcome context window limits using MCP, automated code crawling, and RAG. Xu also shares how their team leverages scoped semantic memory for self-learning and utilizes AST-based LLM grading to build a robust, regression-free evaluation pipeline.

By Bonnie Xu

CircleCI Introduces Chunk Sidecars to Bring CI Validation Directly Into AI Coding Workflows

Craig Risi — Fri, 19 Jun 2026 12:00:00 GMT

CircleCI has launched Chunk Sidecars, a new capability designed to bring CI-style validation directly into an AI coding agent's inner development loop

By Craig Risi

TSRX: A Framework-Agnostic Alternative to JSX

Daniel Curtis — Fri, 19 Jun 2026 11:49:00 GMT

TSRX is a TypeScript language extension developed by Dominic Gannaway, designed to build declarative user interfaces in a framework-agnostic manner. It compiles single .tsrx files to various runtime targets and supports scoped styles and declarative error handling. TSRX is currently in alpha and is open source under the MIT license.

By Daniel Curtis

Article: Designing Continuous Authorization for Sensitive Cloud Systems

Venkata Nedunoori — Fri, 19 Jun 2026 09:00:00 GMT

Most cloud systems make one authorization decision at login. Everything after runs on trust established at authentication time. For systems handling regulated data, that gap is where breaches happen. This article presents a continuous authorization architecture covering risk-tiered evaluation, behavioral baselines, privacy-preserving audit trails, and a phased and incremental rollout.

By Venkata Nedunoori

Azure Functions Ships Serverless Agents Runtime at Build 2026

Steef-Jan Wiggers — Fri, 19 Jun 2026 08:57:00 GMT

Azure Functions shipped a serverless agents runtime in public preview at Build 2026. Agents are defined in .agent.md markdown files with YAML triggers, MCP server access, 1,400+ connectors, and sandboxed execution. The Functions team confirmed to InfoQ that the runtime adds no cold start overhead and no billing premium beyond standard Flex Consumption.

By Steef-Jan Wiggers

Windows Platform Security and the Race to Secure AI Agents

Matt Saunders — Fri, 19 Jun 2026 08:00:00 GMT

In a new Windows Developer Blog post titled "Windows platform security for AI agents", Microsoft positions Windows as the trustworthy operating system for autonomous agents and introduces the Microsoft Execution Containers (MXC) SDK as the core of that strategy. The post argues that containment, identity and manageability must be built into the operating system.

By Matt Saunders

GitLab 19.0 Embeds Agentic AI in Secrets, Merge Requests, and Supply Chain Security

Mark Silvester — Fri, 19 Jun 2026 08:00:00 GMT

GitLab 19.0 extends agentic AI beyond code generation into securing credentials, reviewing and merging changes, and scanning dependencies, adding a public beta Secrets Manager, a full merge request Developer Flow, usage-based GitLab Duo billing, and generally available SBOM dependency scanning.

By Mark Silvester

.NET 11 Preview 5: Brings File-Based App Improvements, New C# Features, and a Blazor Validation Wave

Almir Vuk — Fri, 19 Jun 2026 08:00:00 GMT

Microsoft has released the fifth preview of .NET 11, with updates across the SDK, C#, ASP.NET Core, .NET MAUI, and EF Core. Highlights include file-based app improvements, new C# closed classes and unions, a Blazor validation wave, a large MAUI reliability rollup, and SQL Server 2022 as the default EF Core compatibility level.

By Almir Vuk

From Camera to Cloud: Netflix’s Scalable Media Processing Pipeline

Leela Kumili — Thu, 18 Jun 2026 14:36:00 GMT

Netflix has detailed a cloud-based system for scaling camera file processing across global film and TV workflows. The pipeline handles ingest, validation, metadata extraction, and media transformation at scale using FilmLight API and distributed compute. It standardizes workflows across editorial, VFX, and color pipelines, improving consistency and reducing manual handling across productions.

By Leela Kumili

Presentation: Write-Ahead Intent Log: A Foundation for Efficient CDC at Scale

Vinay Chella, Akshat Goel — Thu, 18 Jun 2026 13:13:00 GMT

Vinay Chella and Akshat Goel discuss the challenges of running traditional CDC across heterogeneous databases during peak order traffic. They explain how Debezium hit limits under high load and share how they built Write-Ahead Intent Log (WAIL) - a custom architecture that utilizes a dumb producer proxy and a smart consumer pattern to cleanly separate the intent from the state payload.

By Vinay Chella, Akshat Goel

How Lightweight ADRs and Architectural Advice Forums Can Support Architectural Decisions

Ben Linders — Thu, 18 Jun 2026 11:35:00 GMT

How we decide is at the core of architecture, and the architecture advice process is a way to decentralize architectural decisions. It needs to be supported by Architecture Decision Records because of the speed at which technology and systems move, and can be complemented by a weekly architecture advice forum.

By Ben Linders

Ky 2.0 Fetch API Wrapper with Revamped Hooks, Smarter Timeouts, and Built-In Schema Validation

Daniel Curtis — Thu, 18 Jun 2026 11:30:00 GMT

Ky 2.0 is an open-source JavaScript HTTP client built on the Fetch API, featuring significant updates such as consolidated hook handling, enhanced timeout management, and improved URL processing. The release includes response validation through schema validation libraries and addresses migration from earlier versions. It aims to provide a lightweight alternative to axios.

By Daniel Curtis

VS Code 1.123 Adds Two-Hour Extension Update Delay to Limit Supply Chain Attacks

Steef-Jan Wiggers — Thu, 18 Jun 2026 10:15:00 GMT

VS Code 1.123 adds a two-hour delay before auto-updating extensions to newly published versions, creating a revocation window against supply chain attacks. The delay does not apply to trusted publishers like Microsoft, GitHub, and OpenAI. Similar cooldown mechanisms have now spread across pip, RubyGems, npm, pnpm, Yarn, and Bun.

By Steef-Jan Wiggers

Athena Coalition Brings Coordinated Defence to Open Source Security

Matt Saunders — Thu, 18 Jun 2026 08:00:00 GMT

Cybersecurity firm Chainguard has announced the launch of Athena, an industry coalition to use artificial intelligence to find and fix vulnerabilities in widely-used open-source software before attackers can exploit them. The coalition focuses on libraries, containers and other components that underpin web browsers, data centres, smartphones and payment systems.

By Matt Saunders