Skip to content

Best Practices

Best practices & LimitationsΒΆ

To get the best out of the MindFlight AI Server, it's essential to follow a few best practices and understand the limitations of the system. This ensures your deployment remains secure, stable, and scalable.

βœ… Security Best PracticesΒΆ

  • Never hardcode tokens or secrets:
    Always store sensitive data (like JWT tokens, API keys) in environment variables or a secure vault.

  • Use HTTPS in production:
    Make sure all API endpoints are served over HTTPS to avoid token leakage.

  • Validate incoming webhooks:
    Check the authenticity of webhooks by validating signatures or using secret keys.

Example:

# Bad practice (DO NOT DO THIS)
const token = "hardcoded_secret_token";

# Good practice
export SLOP_JWT_SECRET=your_secret_token

πŸ”„ Provider RegistrationΒΆ

  • Always register factories properly: When adding a new Provider, make sure to register its factory so that the server can instantiate it dynamically.

  • Test provider routes: Ensure that all API routes and webhooks for your Provider are tested before deployment.

Checklist:

  • βœ… Factory registered in RegisterProvider().
  • βœ… Tools exposed via GetTools().
  • βœ… Routes mounted dynamically.
  • βœ… Jobs scheduled as needed.

⚠️ System Limitations¢

  • Long-running Jobs: Jobs that run for a long time (e.g., over 5–10 minutes) should be monitored carefully.

  • If a job hangs or fails, use the /api/jobs/status endpoint to check and manage it.

  • Webhook Error Handling: Webhook delivery can fail if:

  • The receiver is unavailable.

  • The payload is invalid.

Always implement retry logic and log errors for debugging.

Metaphor: If a pizza order takes too long, keep checking the oven and have a plan B!

πŸš€ Performance TipsΒΆ

  • PostgreSQL Pub/Sub: The server uses PostgreSQL's Pub/Sub to distribute events internally.

  • βœ… This allows the system to scale horizontally across multiple instances.

  • βœ… It keeps notifications and events synchronized in real-time.

  • Optimize Provider performance:

  • Minimize external API calls where possible.

  • Cache frequent results (e.g., email list retrieval).

  • Job queue management:

  • Use a reasonable number of workers.

  • Balance between throughput and resource usage.

Common Pitfalls (and How to Avoid Them)ΒΆ

Pitfall Solution
Hardcoded secrets in the code Use environment variables or secret managers.
Provider not working Verify the factory is registered and routes are mounted.
Webhook not triggering events Check route configuration and validate incoming payloads.
Jobs hanging or failing silently Monitor via /api/jobs/status and implement error logging.
Performance drops under load Scale horizontally; use Pub/Sub and optimize Provider performance.

Quick RecapΒΆ

  • πŸ”’ Security: Always protect your secrets; validate webhooks.
  • 🧱 Provider Setup: Register and test your Providers properly.
  • πŸ•’ Limits: Monitor long-running jobs and handle webhook errors.
  • πŸš€ Performance: Use Pub/Sub and scale smartly.