nyxcore-systems
5 min read

Navigating the Dev Current: From Persona Fixes to GPT-5 Quirks

A deep dive into a recent development sprint, covering critical workflow fixes, building a batch URL importer, tackling OpenAI's evolving API, and designing robust progressive authentication – all in one intensive session.

TypeScriptOpenAIAuthenticationAPI IntegrationFullstackDevelopment WorkflowTroubleshootingNext.jstRPCWebAuthn

In the world of software development, some sessions are a focused deep dive into a single problem. Others are a high-octane sprint across a diverse landscape of challenges and features. The past 24 hours fell squarely into the latter category. It was a marathon of fixing, building, adapting, and designing, touching everything from database updates to cutting-edge AI integrations and future-proof authentication systems.

Let's pull back the curtain on what went down.

The Mission Brief: A Multi-Front Assault

The overarching goal for this session was ambitious:

  • Rectify critical workflow persona assignments.
  • Implement a much-needed batch URL import feature.
  • Address breaking changes with the OpenAI API, especially concerning gpt-5.
  • Architect a sophisticated progressive authentication system.
  • Craft a concise description for nyxCore.

By the time the dust settled, all immediate tasks were "done," with the progressive authentication specification drafted and ready for review.

Conquering the To-Do List: A Deep Dive into What Got Done

1. Workflow Wisdom: Persona Power-Up

Our internal clarait-auth workflow (335a4785-659f-4cc4-bd86-0d84b7bd0844) was experiencing some identity crises. Seven persona assignments were either missing or incorrect, leading to potential misrouting and access issues.

  • The Fix: Based on the BRauth Design Spec note (5ef6eed9), I performed a direct SQL UPDATE on production to correct 5 missing and 2 wrong persona assignments. This ensures the right people (or agents!) are assigned to the right tasks within the workflow.

2. Axiom's New Appetite: Batch URL Import

Our Axiom module needed a more efficient way to ingest URLs. Manually adding them one by one was becoming a bottleneck.

  • The Feature: I built a Batch URL Import capability.
    • Backend (1219bc1): A new batchFetchUrls tRPC mutation was added to src/server/trpc/routers/axiom.ts to handle the incoming data.
    • Frontend: A collapsible "Batch URL Import" section was integrated into the AxiomTab (src/app/(dashboard)/dashboard/projects/[id]/page.tsx). It features a textarea for pasting URLs and a file upload option. Crucially, it includes robust regex-based URL extraction and deduplication using Array.from(new Set(...)) to prevent redundant entries.

3. Taming the LLM Frontier: OpenAI API Adaptations

The rapidly evolving landscape of Large Language Models (LLMs) often means adapting to API changes. gpt-5 brought a couple of curveballs.

  • max_tokens vs. max_completion_tokens (c59a942): OpenAI deprecated max_tokens in favor of max_completion_tokens for all models. Our adapter in src/server/services/llm/adapters/openai.ts was updated to reflect this across the board, preventing 400 Bad Request errors.
  • GPT-5's Temperature Preferences (9b5dde8): We discovered that gpt-5 doesn't support custom temperature or top_p parameters; it strictly enforces the default value of 1.
    • The Fix: gpt-5 was added to our isReasoningModel() check, which dynamically skips setting these parameters for models that don't support them. This prevents errors like "Only the default (1) value is supported."

4. Architecting Trust: Progressive Authentication Design

Building a robust and user-friendly authentication system is paramount. I drafted a comprehensive Progressive Auth Design Spec (docs/superpowers/specs/2026-03-18-progressive-auth-design.md).

  • Key Features: The spec outlines a flexible approach combining Social Login (Google + GitHub), Passkeys (WebAuthn) for strong, passwordless authentication, and a Magic Link as a convenient fallback.
  • Robust Review: The spec underwent a rigorous review by our internal code-reviewer agent, leading to the identification and resolution of 3 critical issues, including considerations for account linking (allowDangerousEmailAccountLinking), secure passkey JWT session creation via @auth/core/jwt, and efficient Redis challenge storage.
  • Status: The spec is written and reviewed but not yet committed to git, pending a final human user review.

5. Clarait's Core Story: The nyxCore Description

A concise, ~200-word German description for nyxCore was drafted for Clarait, ensuring clear communication of its purpose and value.

Lessons from the Trenches: Our "Pain Log" Transformed

Not everything was smooth sailing. Here are a couple of valuable lessons learned through trial and error:

1. TypeScript's Iteration Quirks with Set

  • The Attempt: For URL deduplication in the batch import, I initially tried the concise [...new Set(urls)].
  • The Hurdle: This threw a TypeScript error, indicating that Set<string> can only be iterated with the --downlevelIteration flag (which wasn't enabled for our target).
  • The Workaround: The reliable Array.from(new Set(urls)) provided an immediate and effective solution, ensuring compatibility without changing compiler settings. This was documented in our CLAUDE.md for future reference.

2. GPT-5's Specific Demands

  • The Attempt (1): Using max_tokens with gpt-5.

  • The Hurdle (1): A 400 Bad Request error: "Unsupported parameter: 'max_tokens' is not supported with this model."

  • The Lesson (1): Always use max_completion_tokens for OpenAI models moving forward, as max_tokens is deprecated.

  • The Attempt (2): Setting temperature: 0.3 for gpt-5.

  • The Hurdle (2): Another 400 Bad Request error: "Only the default (1) value is supported."

  • The Lesson (2): gpt-5 has specific constraints on certain parameters. It's crucial to check model capabilities and dynamically adjust API calls (e.g., by conditionally omitting parameters) to avoid errors. Our isReasoningModel() check now handles this for gpt-5.

The Current State of Play

  • Production: The fixes (including OpenAI API adaptations) are live on root@46.225.232.35 with commit 9b5dde8.
  • Workflows:
    • 335a4785 (clarait-auth): Personas are fixed; the workflow was pending and may have already started.
    • 565e6345: This workflow, which previously hit GPT-5 errors, should now function correctly after the redeploy.
  • Axiom Import: Project f6df472f (clarait-auth), tenant b5b898be has ~50 compliance URLs being imported into Axiom via the new batch feature.
  • Anthropic: API credits are still depleted – a critical item for future LLM operations.
  • Auth Spec: The progressive auth spec is on disk, but not yet in version control.

What's Next on the Horizon

The immediate next steps are clear:

  1. Commit the progressive auth spec to git.
  2. Facilitate user review of the progressive auth spec before moving to implementation planning.
  3. Verify workflow 565e6345 – confirm gpt-5 functionality.
  4. Check workflow 335a4785 – confirm clarait-auth run completion.
  5. Verify Axiom batch import for the ~50 compliance URLs.
  6. Top up Anthropic API credits.

Concluding Thoughts

This session was a testament to the dynamic nature of development. From the meticulous detail of SQL updates and persona mappings to the forward-looking design of authentication and the quick-fire adaptations required by rapidly evolving AI APIs, it highlighted the breadth of skills required. Each challenge overcome, each feature shipped, and each lesson learned propels us forward, making our systems more robust, efficient, and ready for what's next.