Planet Ruby

Ruby Native Is Here

Ship your Rails app to the App Store without opening Xcode. $100 off through May 18.

Avoid html_safe with Tag Helpers, safe_join, and sanitize

Building HTML outside templates? Avoid concatenating strings and calling htmlsafe, which bypasses XSS protection. Instead, use Rails' tag helpers, safejoin, and sanitize for automatic escaping. Examples include creating status badges and formatted addresses without html_safe.

Continuations 2026/18: Hanakai

This edition of the Continuations newsletter announces the launch of Hanakai, a new Ruby web framework. It directs readers to the new site for the full announcement and teases upcoming content.

Ten Years of Frontend

This video episode reflects on the evolution of frontend approaches over the past ten years, exploring changes in client interactions and highlighting a preferred current method.

Choose Your Own Adventure

Exploring the disparity between decision time and implementation time in software development, using an example where a per-resource specialization PR was committed in 24 minutes, far below the 3-5 day estimate.

Borrowed from Prisma

An architectural decision in Roundhouse, influenced by Spinel and Prisma: specialize the closed axis, defer the open one. This reduced Rails-blog errors from 22 to 6 in one PR. The principle generalizes to multi-target transpilers.

Tiered API Rate Limits in Rails 8.2 with Dynamic rate_limit

Build per-plan API rate limits (free, pro, enterprise) using Rails 8.2's dynamic rate_limit options, with no Rack::Attack or custom middleware.

Two Compilers, One Cadence

Four days ago I argued the Spinel subset was the same intermediate language Roundhouse needed. The bet then was that the maturity gaps would close on both sides. Four days in: Matz called Roundhouse "a great forcing function," seven issues have been filed, six are closed, and the channel runs at roughly one fix per day.

Ruby Classes

Classes are central to object-oriented programming in Ruby, offering benefits like composition for dependency injection, inheritance for subclassing, encapsulation for data protection, and modularity for focused, testable code.

Welcome to Hanakai

Hanami, Dry, and Rom are uniting under the new name Hanakai, forming a single shared community for these popular Ruby gems. With billions of downloads, they now share a bigger team and a new website. Hanakai, meaning 'flower fellowship,' invites everyone to join their blossoming community.

This Week in Rails: May 1, 2026

Greg shares the latest updates on Rails in this official weekly summary from the Rails blog.

Ruby Concurrency: What Happens

This newsletter issue delves into Ruby concurrency.

Have Your Say in the 2026 Rails Developer Community Survey

Planet Argon, a Rails Foundation member, is collecting insights from Rails developers for the 2026 community survey. It explores current Rails usage, including tools, team setups, and workflows.

What Is Offliberty Ruby Gem and How It Works

Offliberty is a Ruby gem for fetching downloadable media links from online platforms. It helps developers build robust solutions by simplifying tasks like authentication, payment processing, and automation.

Perron 1.0 Is Here

Announcing Perron 1.0, an open-source Rails-based static site generator with new features like programmatic SEO and API content pulling after 190 commits and 18 releases.

NPM: Putting the Brown in Brownout

The NPM endpoint for Yarn v1's audit feature has been deprecated, causing errors. This affects projects using Yarn for dependency management, including those in the Rails ecosystem.

Setting Up Server Monitoring for a Rails App on Hatchbox

Hatchbox makes deployment easy. Here's how to use AppSignal to monitor memory, CPU, disk, and load on your Rails app.

RubyGems and Bundler 4.0.11 Released

Official RubyGems blog announces RubyGems 4.0.11 and Bundler 4.0.11 with enhancements, bug fixes, and documentation updates. Update via gem update --system or gem install bundler.

Matz Builds an Ahead-of-Time Ruby Compiler

This week's Ruby Weekly newsletter highlights Matz's new ahead-of-time Ruby compiler, Spinel, which emits C for native binaries using Prism and type inference, though with limitations. Also includes a Rails upgrade tool from FastRuby.io.

Patch Release: 18.11.2, 18.10.5

Details on this patch release for GitLab Community Edition and Enterprise Edition.

My Ever-Improving AI Setup for Rails Work with gbrain and gstack

A personal workflow using AI tools like Perplexity for research, Claude Code for repo work, Codex for edits, and Superconductor to reduce friction in Rails development, focusing on safer changes and repeatable reviews.

Scaling Ruby's Defenses with AI

Official RubyGems blog post discussing AI-assisted vulnerability scanning in the Ruby ecosystem, including a report on Nokogiri. It highlights the growing gap between attackers and defenders in open source security.

Untyped, on Purpose

Most type systems force a single bet on the dial between programmer annotations and compiler inference. Roundhouse declined to set it, introducing Ty::Untyped as a first-class type. This serves as the IR's load-bearing primitive for deferring strictness decisions until evidence emerges.

How to Build a Rails App That’s Ready for the App Stores

Five rules for building a Rails app ready for app stores, saving months of mobile-prep refactoring.

BikeTube ShedTacular

In this podcast episode, hosts Joël Quenneville and Aji Slater share their favorite YouTube channels and videos that have inspired their work, including programming-related creators like The Coding Train and Computerphile.

A Better Experience for Everyone: Usability Meets Accessibility

Learn why usability is just as important as accessibility in web design. Explore key concepts and examples that emphasize creating truly inclusive and user-friendly experiences.

Rails link_to Method: The Complete Guide with Examples

A comprehensive guide to the Rails link_to helper, essential for building views. It covers basic usage in navigation menus and advanced options for complex user interactions, with practical examples.

Round Trip

A demo of a working blog on localhost:3000 using two make commands. Rails source goes in, transpiled Spinel-subset Ruby comes out, with real-time Turbo broadcasts and SQLite persistence in between.

Spinel in Practice: What Works and What Breaks

Introducing MapView: Render beautiful, production-ready maps directly from your Rails backend. No external APIs, no dependencies, just pure speed and control. Zero external dependencies, lightning-fast rendering, production-ready and battle-tested.

Monitoring Sidekiq Job Performance

Sidekiq jobs fail quietly. Here's how to catch slow jobs, retry storms, and queue backlogs with AppSignal before your users notice.

Building a Private Karpathy-Style LLM Wiki With gbrain and gstack

A private local AI brain tailored for Rails development, incorporating personal defaults like review preferences and risk assessments. It features a Karpathy-style LLM Wiki for durable knowledge, gbrain for distilled work signals, and gstack for coding workflows, ensuring private data stays secure.

Rails Authorization Patterns: Pundit, CanCanCan, and Action Policy

Authentication identifies users, while authorization determines their permissions in Rails apps. Common issues include missing tenant scopes or unsafe lookups. Rails 8 includes an authentication generator, but clear rules are needed for sensitive reads and writes: Can the user perform this action? See this record? Or this collection?

Rails Security Best Practices: A Comprehensive Guide

Rails provides a strong security baseline but doesn't secure applications alone. This guide explores default protections, enhancements in newer versions like Rails 8.1, and essential practices for production apps, including authorization, auditing, and CI checks.

Ruby Concurrency: What Actually Happens

Every 'what happens when' question about Ruby concurrency, answered with diagrams.

The 2026 Rails Community Survey Is Open

Let's talk about what's really going on.

Two Compilers, One Subset

An update on overlapping inputs and non-overlapping values in compiler work. The overlap is sharper, with the internal IR structurally being the Spinel subset, discovered rather than designed.

Less Opinions. More Data. The 2026 Rails Survey

The Rails Developer Survey, run every two years by Planet Argon, is open to developers at all levels. Results are shared publicly without paywalls or vendor spin, offering a snapshot of community practices since 2009.

Rails in 2026, Dependencies, and the Long Tail of Decisions

In this podcast episode, discussions cover Ruby on Rails in 2026, focusing on scaling, restraint, and system understandability. Topics include LLMs' impact on contributions, the importance of conventions, and how dependencies accumulate over time.

Two Compilers, One Moment

Two compilers, started a month apart. The first by Ruby's creator. The second by someone with no knowledge of the first. The interesting question isn't which one is right—it's what changed in the surrounding landscape that made now the moment.

The Rails Way in 2026

A discussion on defining the Rails Way in 2026, highlighting a consistent pattern in Rails repositories: a fat model with a callback that triggers a service object executed as a background job. This view comes from experience fixing large Rails applications.

Active Record Gets Better Every Week

Official Rails blog summary of this week's developments in Ruby on Rails, highlighting ongoing improvements to Active Record.

Curl Removed from Omnibus-GitLab FIPS Packages in 19.0

Starting with Omnibus-GitLab 19.0, FIPS packages will no longer include a GitLab-built version of curl, instead using the distribution's curl. This change addresses compatibility with OpenSSL 1.x and extends to all FIPS packages for maintainability and security.

Static Types for Dynamic Targets

Ruby's + operator performs addition on integers, concatenation on strings and arrays, and raises errors for incompatible types. Compiling this to six target languages requires knowing operand types at each site. Roundhouse introduces RBS ingestion and a diagnostic pipeline for its typed IR.

Optimizing Ruby Path Methods

Catch JavaScript Errors with User-Friendly Error Feedback

JavaScript errors, including those in Stimulus controllers, often fail silently, confusing users. This article demonstrates a simple class to catch unhandled errors and display them in a friendly banner, improving app user experience.

MapView Flyers Are at RubyKaigi 2026 – Here’s the Must-Watch Talk Schedule

Ruby Stack News, a newsletter, features MapView Flyers at RubyKaigi 2026, highlighting the must-watch talk schedule. Introducing MapView: render beautiful, production-ready maps from your Ruby backend with zero external dependencies, lightning-fast rendering, and production-ready features.

Great Big Rails World 2026 Update: CFP, Corporate Support Tickets, Workshops

The official Rails blog shares updates for Rails World 2026, including CFP, corporate support tickets, and workshops. The event returns to Austin, Texas on September 23-24, 2026, with space for 1,200 developers, founders, and teams.

A Ruby 4.0 Double: JRuby 10.1 and mruby 4.0

This week's Ruby Weekly newsletter highlights JRuby 10.1's Ruby 4.0 compatibility and memory improvements, a new chapter for Ruby Central amid financial changes, and updates to RubyConf.

RubyConf Updates

Ruby Central has announced significant changes, including adaptations for RubyConf. This year's flagship event features exciting new programs designed to reimagine the conference.

How to Build a Scalable SaaS Platform Using Rails

In a competitive digital world, SaaS platforms must prioritize scalability, user growth, feature expansion, performance, and long-term maintainability from the start. This guide explores building such a platform using Rails.

GitLab Patch Release: 18.11.1, 18.10.4, 18.9.6

Rails Was Already Typed

Rails apps come pre-typed through schemas, conventions, and inference—no annotations required. Roundhouse reads these types, types every expression, and emits to seven targets. As of today, TypeScript and Rust outputs produce the same DOM as Rails on the standard blog scaffold.

Ruby 4.0.3 Released

Official Ruby release: Ruby 4.0.3 includes ERB 6.0.1.1, fixing CVE-2026-41316. Update if using Marshal.load on untrusted data with erb and activesupport. Release schedule continues every two months.

CVE-2026-41316: ERB @_init Deserialization Guard Bypass via def_module / def_method / def_class

Official security advisory for CVE-2026-41316: A deserialization vulnerability in ERB allows arbitrary code execution when Marshal.load is used on untrusted data in apps with erb and activesupport loaded. Affects Rails applications and tools using Marshal for caching or IPC. Upgrade the erb gem recommended.

Third-Party API Integration Solutions in Rails

Applications in today's digital world rarely operate alone. Businesses integrate third-party services for features like payment gateways, social logins, maps, and cloud storage. This guide covers API integration solutions in Rails.

Generating Thousands of Maps per Minute in Ruby

This newsletter introduces MapView, a tool for rendering beautiful, production-ready maps directly from your Ruby backend. It offers zero external dependencies, lightning-fast rendering, and is battle-tested for production.

Generating Thousands of Maps per Minute in Ruby

Introducing MapView, a Ruby library for rendering production-ready maps directly from your backend. It requires no external APIs or dependencies, offers lightning-fast rendering, and was presented at RubyWorld Conference in 2025.

Making the Rails Default Job Queue Fiber-Based

Exploring Async::Job for LLM applications, encountering its limitations, and patching Solid Queue to run jobs as fibers instead.

Let's Enable MFA for All Ruby Gems

Supply chain attacks are becoming more common. RubyGems could be next. Here's how to make the ecosystem safer.

JRuby 10.1.0.0 Released

This release targets Ruby 4.0 compatibility and includes experimental optimizations. Ruby 4.0 compatibility is largely complete, with more features planned. Production users are advised to stick with JRuby 10.0 for stability. Major enhancements include reduced object size.

How I Built a Native iOS App with Rails and One YAML File

And didn't open Xcode once.

Monitoring Cron Jobs with Whenever

The Missing Bundler Features

Over the last few months, there has been a lot of talk about making Bundler faster, both by improving it directly or reimplementing it in another language, and while it may surprise some, that didn’t excite me much.

Continuations 2026/16: Pent Up

I'm back in Australia and back at work tomorrow. I had some pent-up open source energy, managing to knock out contributions.

Everyday Rails Testing with RSpec, Now in Spanish!

A Spanish translation of the book is now available on Leanpub.

Introducing Roundhouse

Roundhouse reads Rails applications and produces standalone projects in other target languages. The deployment target becomes a compiler flag rather than a runtime choice. It started two days ago. The post details what it is, what it can do today, and why the Rails subset it targets is larger than it sounds.

Optimizing Ruby Path Methods

A post on optimizing Ruby path methods, sharing experiences from starting a new job at Intercom and improving the monolith's CI with colleagues.

Refactoring Databases (in Rails)

The ONCE App Server

An exploration of the thinking behind the ONCE open source app server and the challenges of making self-hosted software accessible to anyone.

Query Command for Database Queries and More

Official Rails blog: This Week in Rails summary highlighting the new query command for database queries and more.

PII Filtering for RubyLLM with Top Secret

Automatically filter sensitive information from your RubyLLM conversations before it reaches third-party providers.

A New Chapter for Ruby Central

Official announcement from Ruby Central detailing recent operational changes, including parting ways with key staff and contractors, to ensure long-term sustainability.

TruffleRuby 34: Full Ruby 3.4 Compatibility, Up to 23% Faster Parsing, and a New Prism-Based Ripper with 20x Speedups

This issue of the Awesome Ruby Newsletter highlights TruffleRuby 34's full Ruby 3.4 compatibility, up to 23% faster parsing, and a new Prism-based Ripper with 20x speedups.

Nine Days

Despite claims that Claude Code is nerfed, the author built a Rails blog app in nine days, transpiling it to six compiled languages with real-time WebSocket broadcasting, downloadable binaries, and over 126 tests.

Rust on Rails

Railcar now transpiles Rails applications to Rust, generating a working Axum server with rusqlite, Turbo Streams, 21 passing tests, zero compiler warnings, and it's the sixth target language.

Level Up CSS Transitions with Cubic-Bezier

CSS transitions often feel flat with the default ease function. Cubic-bezier adds character, allowing bouncing and overshooting for natural motion. It uses a cubic Bézier curve in properties like transition-timing-function. Syntax: cubic-bezier(x1, y1, x2, y2). Examples demonstrate improvements over default easing.

Go on Rails

Railcar now transpiles Rails applications to Go, generating a working net/http server with view functions, SQLite, and Turbo Streams. All 21 tests pass, making it the fifth target language.

TruffleRuby 34 Released with Full Ruby 3.4 Support

This week's Ruby Weekly newsletter covers the release of TruffleRuby 34, a high-performance Ruby implementation on GraalVM that now fully supports Ruby 3.4 with 97% ruby/spec compliance and efficiency gains.

CI Expert and Data Analyst AI Agents Target Development Gaps

GitLab 18.11 introduces two new AI agents for Duo Agent Platform: CI Expert Agent (in beta) bridges the gap between writing code and running pipelines, while Data Analyst Agent (generally available) answers questions about code delivery. These target issues general AI tools can't address, like pipeline history and failures.

GitLab 18.11 Release

Elixir on Rails

Railcar can now transpile a Rails application to Elixir. It generates a working Plug + Bandit server with EEx templates, Exqlite, and Turbo Streams, with 21 tests passing as the first functional language target.

Create QR Codes from Scratch with Ruby, ruby-libgd, and rqrcode

A guide to generating QR codes from scratch using Ruby, along with ruby-libgd and rqrcode. Also recommends keeping an eye on Ruby on Rails Kaigi.

Create QR Codes from Scratch with Ruby, ruby-libgd, and rqrcode

A tutorial on creating QR codes from scratch using Ruby, along with the ruby-libgd and rqrcode libraries.

TypeScript on Rails

Railcar now transpiles Rails applications to TypeScript, generating a working Express server with EJS templates, better-sqlite3, Turbo Streams, and 21 passing tests—the third target in a single day.

Migrating a Rails App from Heroku to Railway

A guide to migrating a multi-tenant Rails app from Heroku to Railway in about an hour, including handling an accidental database break.

A Guide to the Breaking Changes in GitLab 19.0

This guide details the 15 breaking changes in GitLab 19.0, organized by deployment type and impact, with mitigation steps for confident upgrades. Deployment windows for GitLab.com are specified, and the team is committed to reducing such changes.

Different Approaches to Debugging Query Performance in Rails

Slow database queries can impact Rails applications. This post explores approaches to debugging query performance, including built-in Rails tools like the explain method on Active Record relations, which shows query execution plans. Common causes include missing indexes, N+1 problems, and full table scans.

RubyGems.org Has a Public Roadmap

The official RubyGems blog announces a public roadmap for rubygems.org, detailing upcoming features like Organizations general availability, security tooling, gem archival, and acceptable use policies. This provides transparency into the registry's future developments.

Python on Rails

Railcar now transpiles Rails applications to Python, creating a working web app with aiohttp, SQLite, Tailwind CSS, and Turbo Streams. The blog app, which also compiles to Crystal, passes 21 tests and supports full CRUD with nested resources.

A Different Kind of Tired

Reflecting on six months with AI: the code got easier, but something else became more difficult.

Continuations 2026/15: Mustermann Bump

This edition of the Continuations newsletter discusses a bump in the Mustermann gem, alongside travel updates from Taiwan.

How to Build a Documentation Companion with Claude Skills: Six Lessons from the Field

Lessons from building a documentation companion with Claude skills for a Rails monolith platform. Covers setting up repos, implementing Ruby classes, sourcing data changes, and auditing data quality.

Now You See It: Vite on Rails Without the Proxy

Introducing rails_vite—a new Vite integration for Rails that works with Propshaft, not against it. Drop it into an existing jsbundling app for instant CSS HMR, or use the full gem for manifest-based asset resolution.

Use Rails Combined Credentials

Rails 8.1 introduces a combined credentials API to streamline secrets handling. Instead of mixing ENV and credentials lookups, use Rails.app.creds.require for required keys or .option for optional ones, raising KeyError if missing.

MapView: Server-Side Map Rendering for Rails

MapView is a Ruby gem that enables server-side rendering of maps, routes, points, and polygons with zoom levels from global to detailed views.

MapView: Server-Side Map Rendering for Rails

MapView is a Ruby gem that enables rendering maps, routes, points, and polygons with zoom levels from global to detailed views directly on your Rails server.

The Importance of Benchmarks

Late last year, the Aha! Develop team added support for team line-level reporting. During a team demo in the run-up to the release, we discovered one of our internal sprint reports was taking 15 minutes to load, almost freezing the browser in the process.

Building a Complete GIS Stack in Rails: ruby-libgd + libgd-gis + map_view

Over the past few months, a small GIS-oriented stack in Ruby has been developed, focused on rendering maps from GeoJSON directly on the server. It started at a low level, building bindings around libgd: ruby-libgd (MIT).

Building a Complete GIS Stack in Rails: ruby-libgd + libgd-gis + map_view

A guide to building a complete GIS stack in Rails using ruby-libgd, libgd-gis, and map_view. It enables rendering maps directly from the backend without external APIs, and includes a live demo.

How I Made $360 by Serving Markdown to AI Agents from My Jekyll Blog

A personal account of earning $360 through referrals by providing Markdown versions of Jekyll blog posts for AI agents, leading to unexpected conversions in a personal finance app.

Crystal on Rails

Compiling arbitrary Ruby is hard, as is generating type signatures. But Rails, being a DSL with known semantics, allows Railcar to transpile Rails apps to Crystal, provide a Rails-compatible Crystal framework, and generate RBS type signatures.

Gemfile of Dreams: The Libraries We Use to Build Rails Apps

Unveiling the Gemfile toolbox of the Martian Rails engineer: a universe of Evil Martian gems that encapsulate their philosophy and soul.

Explicit Query: and Body: Kwargs for Integration Tests and More!

This official Rails blog post summarizes the week's highlights in Rails, including explicit query and body kwargs for integration tests.

Dear Heroku: Uhh... What’s Going On?

This week's Awesome Ruby Newsletter, featuring an article on Heroku.

Ruby Regex Match Guide (2026) with Examples

Regular expressions are powerful tools for Ruby developers, useful for validating input, parsing logs, scraping data, or transforming strings in Rails apps. This guide explores regex matching with examples to boost productivity.

Announcing Fuik: A Webhook Engine for Rails

Fuik is a Rails engine that simplifies webhook handling by catching and storing payloads from providers like Stripe or GitHub. It manages storage, routing, signature verification, and debugging. Install with bundle add fuik, run the generator, and migrate to access webhooks at /webhooks.

Protecting rubygems.org from the Outside In: DoS Prevention and Compromised Passwords

Official RubyGems blog post detailing recent security enhancements, including stronger gem validation at push time and integration with Have I Been Pwned to detect compromised passwords, ensuring gems are safe and authentic.

A Maintainer's Guide to Ruby's Release Cycle

This week's Ruby Weekly newsletter features a guide to Ruby's release cycle by core team member hsbt, covering versioning, maintenance, and lifecycle terms. It also includes updates on RubyGems and Bundler proposals, temporary changes to RubyGems.org, and Rails' new AGENTS.md file for AI agents.

Form Objects vs Service Objects in Rails

A comparison of Form Objects and Service Objects (or POROs) for handling complex logic in Rails applications. Form Objects are ideal for user inputs that update multiple records, mimicking Active Record models with validation and save methods. Service Objects handle business logic without direct form ties.

MapView: Static Maps for Rails. No JS. No Frontend. Just Ruby.

This newsletter introduces MapView, a gem for static maps in Rails without JS or frontend dependencies. From the creator of ruby-libgd and libgd-gis, it offers native Rails integration.

MapView: Static Maps for Rails. No JS. No Frontend. Just Ruby.

MapView provides static maps for Rails without JavaScript or frontend dependencies, rendering directly from the backend. It's fast, controlled, and production-ready, created by the maker of ruby-libgd and libgd-gis.

4.0.10 Released

This official RubyGems blog post announces the release of RubyGems 4.0.10 and Bundler 4.0.10, featuring enhancements like improved sorting algorithms and updated license lists, along with various bug fixes.

Migrating an Event Pipeline from NATS to Kafka with Zero Downtime

Evil Martians migrated Wallarm's core event pipeline from NATS to Kafka in two months with zero downtime. Learn how they handle event deduplication and reconstruct business flows for better understanding of the application.

GitLab Patch Release: 18.10.3, 18.9.5, 18.8.9

Pipeline Security Lessons from March Supply Chain Incidents

This article examines four supply chain attacks on CI/CD pipelines in March 2026, targeting tools like Trivy, Checkmarx KICS, LiteLLM, and axios. It highlights pipeline vulnerabilities and demonstrates how GitLab's policy enforcement can block, detect, and contain such threats.

Temporarily Disabling Language Support

This official RubyGems announcement details sustained bot traffic overwhelming the site, leading to temporary disabling of language support for stability. Caching improvements are underway to restore it soon.

This Week in Rails: Faster Logs, Reliable Parallel Tests, and Key Deprecations

This week's Rails summary highlights improvements in the codebase, including faster logs, reliable parallel tests, and key deprecations, along with performance refinements and legacy cleanup.

This Week in Rails: Faster Logs, Reliable Parallel Tests, and Key Deprecations

This week's summary of Rails developments covers faster logs, reliable parallel tests, and key deprecations in the codebase.

TestProf Digest 2026.4: Surprising Finds from 30k Specs

This digest covers updates in slow tests and how TestProf helps Rails teams manage CI build times.

JRuby 10.0.5.0 Released

This release targets Ruby 3.4 compatibility and includes fixes for JIT compiler bugs affecting super calls and defined_method yields, Fiber#raise control issues, socket connections in nonblocking operations, and Process#detach exceptions. It also adds official support for Java 26 and new platform integrations.

Easter Eggs

Easter eggs are fun hidden gems in codebases that don't affect functionality. This screencast explores some easter eggs in the Rails codebase.

Speedup ActiveRecord::LogSubscriber#sql_color and more!

Official Rails blog post summarizing this week's changes in the codebase, including a speedup to ActiveRecord::LogSubscriber#sql_color.