惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
T
Troy Hunt's Blog
Scott Helme
Scott Helme
T
Threat Research - Cisco Blogs
T
Tenable Blog
L
LINUX DO - 热门话题
V
Visual Studio Blog
I
Intezer
Blog — PlanetScale
Blog — PlanetScale
Cisco Talos Blog
Cisco Talos Blog
A
Arctic Wolf
C
Cyber Attacks, Cyber Crime and Cyber Security
F
Fortinet All Blogs
aimingoo的专栏
aimingoo的专栏
Know Your Adversary
Know Your Adversary
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
N
Netflix TechBlog - Medium
SecWiki News
SecWiki News
I
InfoQ
Microsoft Security Blog
Microsoft Security Blog
Project Zero
Project Zero
W
WeLiveSecurity
Microsoft Azure Blog
Microsoft Azure Blog
A
About on SuperTechFans
Recorded Future
Recorded Future
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Vercel News
Vercel News
S
Securelist
Spread Privacy
Spread Privacy
L
LangChain Blog
云风的 BLOG
云风的 BLOG
G
Google Developers Blog
MongoDB | Blog
MongoDB | Blog
Google DeepMind News
Google DeepMind News
Recent Commits to openclaw:main
Recent Commits to openclaw:main
D
Darknet – Hacking Tools, Hacker News & Cyber Security
C
CERT Recently Published Vulnerability Notes
罗磊的独立博客
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
The Last Watchdog
The Last Watchdog
Attack and Defense Labs
Attack and Defense Labs
博客园 - 司徒正美
Help Net Security
Help Net Security
L
Lohrmann on Cybersecurity
人人都是产品经理
人人都是产品经理
Forbes - Security
Forbes - Security
Hacker News - Newest:
Hacker News - Newest: "LLM"
PCI Perspectives
PCI Perspectives
博客园 - 【当耐特】
T
Tor Project blog

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
Launching BabyChain: durable image and video model chains on AWS Aurora and Vercel
akirayuusha · 2026-06-13 · via DEV Community

Today we are launching BabyChain: a self-hosted canvas studio and durable chain API for image and video model workflows.

The short version is this: BabyChain lets you design a ComfyUI-style media chain on a canvas, then call that same chain from product code as POST /api/v1/chains/runs. Every step executes through provider APIs with server-side credentials, every state transition persists to AWS Aurora, and Vercel functions stay stateless.

The product has one invariant: every output becomes the next input.

If you run model chains on a local GPU workbench today, BabyChain is the version of that workflow you can deploy, call from a backend, and keep forever. The canvas is not a demo shell. It is a visual editor on top of the same durable contract your application calls.


Why we built it: canvas workflows are not production infrastructure

Real generative media work is rarely one model call. It is an image model feeding an image-to-video model, often with a refine step in the middle and a video-to-video step at the end. Canvas tools made that composable, but most of them are creative workbenches. The workflow lives inside a UI, expects a local GPU or a managed model runtime, and does not naturally become an authenticated API that another product can call.

We kept hitting the same wall in our own projects: the moment a visual workflow needed to become product infrastructure (authenticated, retryable, callable from a queue, safe to expose to another backend), we had to rewrite it as glue code.

BabyChain's design goal was to make that distance zero.

Design the chain on a canvas. Call the same chain from your backend. Those should not be two different systems.

What ships today

  • Multi-flow canvas studio. Many independent image → video flows side by side on one permanent workspace, with autosave and a library of saved chains plus their results.
  • 57 image and video models across Black Forest Labs, Runway, Alibaba Cloud DashScope, Google, OpenAI, and BytePlus, for 78,948 valid chain combinations.
  • Schema-true node cards. Every card's fields, enum options, ranges, and defaults are generated from that model's schema, so the UI cannot offer a parameter the API would reject.
  • BYOK execution. Provider keys live in the server environment, never in the browser and never in caller requests. Caller apps authenticate with BabyChain API keys.
  • Durable runs on Aurora. Ordered steps, provider request ids, generation ids, outputs, failures, callbacks, and a timeline are all persisted. One signed callback delivers the terminal run when a webhook URL is supplied.

Self-host it in an afternoon

BabyChain is Apache-2.0 and built to be deployed, not hosted by us:

git clone https://github.com/babysea-community/babychain.git
cd babychain && pnpm install --frozen-lockfile
cp .env.example .env.local   # DATABASE_URL, owner login, provider keys
pnpm run aurora:migrate      # applies the schema, idempotent
pnpm dev                     # or use the one-click Vercel deploy button

For production, BabyChain is designed around AWS Aurora. For local development, it can also point at a local PostgreSQL database. The README walks through creating the Aurora cluster, setting DATABASE_URL, applying the schema, and deploying the app on Vercel.

The rest of this post is the architecture: how a canvas workflow becomes durable infrastructure on Aurora and Vercel.

The architecture: Aurora remembers, Vercel advances

The naive way to run a multi-model chain on serverless is to hold the whole chain in one function invocation. That dies quickly. A single image → video → video-modify workflow can spend several minutes inside provider queues, and a stateless function should not be asked to babysit that entire wait.

The durable way is to make the database the only place workflow state lives:

Aurora owns every fact about a run.
Vercel functions are stateless workers.
Each invocation advances a run by at most one step.
Any instance can pick up any run mid-chain.

When a caller creates a run, BabyChain persists the run and its ordered steps to Aurora, may opportunistically advance the first ready step, and returns without waiting for the full chain. Each subsequent poll of GET /api/v1/chains/get/{runId}, or a cron sweep, loads the run from Aurora, advances exactly one provider step (submit or poll), persists the result, and returns. Long chains survive serverless limits because no instance ever needs to outlive a step.

Aurora owns every fact about a run, so a Vercel function is allowed to disappear at any moment. The chain is not.

Aurora Serverless v2 fits the workload: bursty, low-idle, spiky on demo days. The connection pool absorbs Aurora wake-ups when a cluster is configured to pause with a 30-second connection timeout. For Aurora/RDS endpoints, deployers keep ?sslmode=require in DATABASE_URL; BabyChain strips the driver-level query param and connects with TLS, including the RDS CA behavior expected by the Node.js pg client.

The schema: seven tables, one source of truth

Everything durable lives in one private schema, babychain_private, applied idempotently by pnpm aurora:migrate:

Table Owns
chain_run Run lifecycle: status, input, output, error code/message, idempotency key hash, callback intent
chain_step Ordered steps: per-step params, provider request ids, generation ids, output files, failure details
canvas Saved node graphs as jsonb, owner-scoped, with a touch trigger and a (owner_email, updated_at desc) index
api_key Hashed caller keys with scopes
audit_event Append-only audit trail
callback_delivery Final signed-webhook delivery state
babysea_webhook_delivery Inbound provider webhook bookkeeping

Two design details earned their keep:

The input_order sidecar. PostgreSQL jsonb does not preserve key order, but the public run resource echoes the caller's input back in API responses, and key order is part of how people read their own request. Run creation stores a small jsonb array of the caller's original key order alongside the canonicalized input, and the presenter re-applies it on the way out. It is a small detail, but it matters when an API response is also a debugging surface.

Guarded state transitions. Steps only leave the queued state through updates with a where status = 'queued' guard. That single predicate makes the fail-fast path race-safe: when a step fails, the runner marks the run failed and sweeps every still-queued downstream step to skipped (their input can never arrive) without ever clobbering a step that a concurrent invocation already started.

Idempotency end to end

Generative media is expensive enough that retries must not multiply spend. BabyChain makes idempotency a property of the whole pipeline, not one endpoint:

  1. Run creation hashes the caller's Idempotency-Key per principal and stores it on chain_run with a unique constraint. A retried create replays the stored run: same id, same response, zero new provider calls.
  2. Step submission derives a deterministic idempotency key per run, step, and chain version. If a function instance dies between submitting to a provider and persisting the result, the retry resubmits with the same key, and providers that honor idempotency can deduplicate server-side.

The same discipline applies on the way out: when a run includes a webhook URL, the terminal callback is claimed on the run row and each signed delivery attempt is recorded in callback_delivery, so concurrent instances do not both send the same terminal callback.

A canvas that cannot lose your work

The studio is a multi-flow React Flow canvas. Every edit autosaves to the canvas table in Aurora, and surviving real-world usage took three iterations:

Debounced autosave is a data-loss bug with good intentions: it can drop the last burst of edits before a reload.

  • A debounce-based autosave silently dropped the last burst of edits before a reload. We replaced it with a dirty flag plus a steady flush loop, so a flush is always at most ~1.5 seconds behind your latest keystroke.
  • A sendBeacon final flush covers tab close, reload, navigation, and tab-hide through an owner-authenticated endpoint.
  • Hydration runs exactly once per mount, so router refreshes can never reset live canvas state.

The result is the demo I like most: edit a prompt, log out, log back in on another machine. The edit is there, served from Aurora. Close the tab mid-run, reopen, and the run resumes, because run progress was never in the browser to begin with.

Where the real pain lived: provider normalization

Six providers (Black Forest Labs, Runway, Alibaba Cloud DashScope, Google Gemini API, OpenAI, BytePlus ARK), 57 supported models, 78,948 valid chain combinations. Not one provider agrees on what "give me a 16:9 image" means.

The deepest rabbit hole was Alibaba DashScope output sizes. Each model family has different rules, documented nowhere and discovered only by probing the live API:

  • qwen-image / qwen-image-plus accept exactly five sizes. Anything else is a 400.
  • qwen-image-max and z-image-turbo cap each dimension at 2048.
  • The wan2.6 / wan2.7 families enforce per-model pixel budgets.

Provider docs are a starting point. The live API is the truth.

So the adapter computes sizes per model. For budgeted models, a requested ratio w:h is fitted into a pixel budget P_max:

scale = sqrt(P_max / (w * h))
W = floor(scale * w / 16) * 16
H = floor(scale * h / 16) * 16

…and snapped-size models get a lookup table instead, because they allow no freedom at all. Wrong sizes now physically cannot be sent.

The same empirical attitude shaped everything at the boundary: Runway's per-endpoint pixel ratios, OpenAI's permanent quota 429s masquerading as transient rate limits, and BFL output URLs that expire after ~10 minutes (the UI shows honest loading and expiry states instead of leaking alt text).

One structural decision keeps this manageable: the canvas node cards are generated from each model's schema (fields, enum options, ranges, defaults). The UI cannot offer a parameter the API would reject, because both are projections of the same source of truth.

What keeps it honest

BabyChain is built around runtime invariants instead of optimistic workflows. A chain should be able to fail cleanly, resume after an interrupted function, reject invalid model roles and normalized inputs before dispatch, and preserve canvas state even if the browser disappears mid-edit.

The runtime behavior we validated end to end:

Step fails             -> run goes terminal, downstream steps skipped, caller sees the provider's real error
Function instance dies -> next poll resumes the run from Aurora, idempotent resubmit
Client retries create  -> same run replayed, zero duplicate spend
Tab closes mid-edit    -> sendBeacon flush, canvas intact after re-login
Aurora wake-up         -> 30s connection budget absorbs it when pause is enabled

The current project gate is 237 tests plus typecheck, lint, and production build. The tests cover the runner, provider adapters, templates, API behavior, migrations, idempotency errors, callback behavior, and the schema rules that keep the canvas and API aligned.

What I would do next

BabyChain is already usable as a deployable starter, but the next layer is about making runs cheaper to inspect, easier to share, and safer to operate for teams:

  • Output archival. Copy provider outputs to S3 before short-lived URLs expire, especially for providers whose generated URLs are only useful for minutes.
  • Branching chains. The canvas already runs flows side by side; the runner should support fan-out inside one chain, such as one image feeding multiple video treatments.
  • Team workspaces. Add multi-user accounts with per-key scopes and quotas on top of the existing api_key model.
  • Run economics. Surface per-run cost estimates and provider spend from the data Aurora already stores.

The takeaway

Statelessness is a feature you design for, not a constraint you fight. Once every fact about a run lives in Aurora (runs, steps, provider ids, outputs, failures, callbacks, canvases, audit), serverless time limits, cold starts, and instance churn stop being the center of the system. Vercel gives the control plane instant deployment; Aurora gives it durable memory.

Design on the canvas. Ship the same contract as an API. Let the database remember everything.

Creators and developers: deploy it, chain your own models in your own cloud, and tell us what you automate first.

Hackathon note

BabyChain is our entry to the H0: Hack the Zero Stack with Vercel v0 & AWS Databases hackathon. This post was created for the purposes of entering that hackathon. #H0Hackathon