Tech, systems, and engineering — from a software architect’s perspective.https://howitworks.dev/https://howitworks.dev/agentic-systems/https://howitworks.dev/agentic-systems/Workflows before agents, three foundations before orchestration, guardrails before autonomy — a synthesis of the two canonical guides on building LLM systems that do things, not just answer questions.https://howitworks.dev/api-security/https://howitworks.dev/api-security/Input validation vs sanitization, parameterized queries, BOLA and mass assignment, rate limiting, SSRF, CORS, CSRF, and the rest of the surface that remains after identity and authorization are solved.https://howitworks.dev/api-styles/https://howitworks.dev/api-styles/The three dominant API styles and what each one actually buys you — coupling, evolvability, performance, tooling — plus the event stream as the fourth style nobody quite calls an API.https://howitworks.dev/authn-authz/https://howitworks.dev/authn-authz/Sessions vs tokens, OAuth2 and OIDC properly distinguished, RBAC vs ABAC vs ReBAC, and where authorization actually belongs in a microservice estate.https://howitworks.dev/caching/https://howitworks.dev/caching/Where to cache, what invalidation actually costs, the stampede and hot-key problems, and why "cache aside" is the default but not always the answer.https://howitworks.dev/ci-cd/https://howitworks.dev/ci-cd/What continuous integration and continuous delivery actually mean, how GitHub Actions / GitLab CI / Jenkins compare, and the deployment strategies — blue/green, canary, rolling — that turn a passing pipeline into a safe rollout.https://howitworks.dev/consistency-models/https://howitworks.dev/consistency-models/CAP is the meme; the real content is linearizable vs serializable vs snapshot vs causal vs eventual — and which apps actually need which.https://howitworks.dev/containers-kubernetes/https://howitworks.dev/containers-kubernetes/What a container actually is, why the image format matters more than the runtime, and what Kubernetes is really solving — scheduling, networking, rollouts — once you strip away the YAML.https://howitworks.dev/conway-team-topologies/https://howitworks.dev/conway-team-topologies/Why the shape of the software mirrors the shape of the organization — and how Skelton and Pais's four team types and three interaction modes turn that observation into a design tool.https://howitworks.dev/database-selection/https://howitworks.dev/database-selection/Relational, document, key-value, graph, time-series, columnar, search — what each store is actually for, and when the right answer is "just use Postgres" and when it is not.https://howitworks.dev/domain-driven-design/https://howitworks.dev/domain-driven-design/A tour of DDD as Evans defined it and Vernon, Young, and Brandolini carried forward — ubiquitous language, bounded contexts, aggregates, events, CQRS, and Event Storming.https://howitworks.dev/event-driven-architecture/https://howitworks.dev/event-driven-architecture/Events, commands, and the three flavors of event-driven systems — notification, state transfer, and sourcing — plus the outbox, CDC, and the eventual-consistency bill that comes with them.https://howitworks.dev/gang-of-four-design-patterns/https://howitworks.dev/gang-of-four-design-patterns/A tour of the most important Gamma, Helm, Johnson, and Vlissides patterns — Strategy, Observer, Decorator, Adapter, Composite, Factory Method, Command, State, and the rest — and which ones still earn their keep.https://howitworks.dev/hexagonal-clean-onion/https://howitworks.dev/hexagonal-clean-onion/Three names for the same architecture — ports, adapters, and the single rule they all enforce: the domain does not know about the world around it.https://howitworks.dev/incident-management/https://howitworks.dev/incident-management/On-call, severity levels, the incident commander role, blameless postmortems — and why the discipline is really about reducing time-to-detect, time-to-mitigate, and time-to-recur.https://howitworks.dev/infrastructure-as-code/https://howitworks.dev/infrastructure-as-code/Terraform, CloudFormation, Pulumi, and CDK compared on what they actually do — plus the state file, drift, modules, and why the declarative model breaks at the edges.https://howitworks.dev/kafka/https://howitworks.dev/kafka/How Kafka actually works — topics, partitions, offsets, replication — and how those primitives turn into microservice communication, event streaming, CDC, and log aggregation.https://howitworks.dev/microservices/https://howitworks.dev/microservices/A tour of the microservice architecture as a set of forces and patterns — decomposition, data, sagas, the distributed monolith — in the spirit of microservices.io.https://howitworks.dev/migration-patterns/https://howitworks.dev/migration-patterns/Strangler fig, parallel run, dual writes, expand-contract, feature flags, and backfill — the patterns that turn big-bang rewrites into sequences of small, reversible steps.https://howitworks.dev/observability/https://howitworks.dev/observability/Logs, metrics, traces, SLIs, SLOs, error budgets, and the cardinality bill — what observability actually is, and why buying a tool is not the same as adopting the discipline.https://howitworks.dev/platform-engineering/https://howitworks.dev/platform-engineering/Platform teams, golden paths, thinnest viable platform, self-service as the discipline — and why "build an internal Heroku" fails differently depending on what you mean by it.https://howitworks.dev/react-best-practices/https://howitworks.dev/react-best-practices/State colocation, lifting and deriving, the useEffect trap, memoization mythology, and the controlled/uncontrolled split — plus the anti-patterns that show up in every large React codebase eventually.https://howitworks.dev/resilience-patterns/https://howitworks.dev/resilience-patterns/Idempotency, timeouts, retries, circuit breakers, bulkheads — what each pattern actually buys you, and how they compose into a system that degrades instead of collapsing.https://howitworks.dev/schema-api-evolution/https://howitworks.dev/schema-api-evolution/Expand-contract, additive change, versioning, deprecation windows — how to change a running system without breaking the things already using it.https://howitworks.dev/testing-strategies/https://howitworks.dev/testing-strategies/What each test-shape is optimizing for, where contract tests fit, the fakes-vs-mocks question, and why the right mix is shaped like the system.