A correct JWT verifier does eight things. Most production verifiers I have read do four or five of them. The other three or four get skipped because the library defaults aren't loud about them, the docs gloss over them, or someone copied a "it works" snippet from Stack Overflow circa 2018. Here is the full eight-check list, what each one prevents, and what it looks like to implement them with stru
The previous two posts covered how events flow from the SDK to the UI. This post focuses on visualizing one specific type of event: tool calls. Tool invocations are the most frequent operations in an Agent application. A typical task might call tools twenty or thirty times—reading files, writing files, executing commands, searching code. If every tool call renders as the same gray block, it's hard
Post 1 covered how AgentBridge converts the SDK's AsyncStream<SDKMessage> into [AgentEvent]. This post looks at what [AgentEvent] becomes — how TimelineView renders 18 event types, handles scroll behavior, and stays smooth when the event count gets large. TimelineView is the main body of the workspace, filling all the space between the sidebar and the input box. Its view hierarchy is shallow: Time