#154 🤖 AI in Rails, LLM Cost Tracking, and Better Architecture

Happy Wednesday!

Here is issue #154 of our newsletter, bringing you news and the best tools for your current or future Rails & AI projects…

Dependency Management & Upgrades

1. 💣 Ever had a gem turn into a ticking time bomb in your Rails app? In this article, Gelsey & Ernesto break down the five critical checks to keep your app's foundation rock-solid and future-proof in “How to Choose A Gem Wisely (To Prevent a Maintenance Nightmare). Don't let your next gem choice haunt you!

2. 🔧 Henrique shares our newest guide: Sidekiq and Ruby Compatibility Table! Warning: Legacy versions of Sidekiq no longer receive updates or security fixes, so upgrading is the safest path. Need help upgrading? FastRuby.io is ready to assist.

3. 🔒 New Security Feature: Bundler 4.0.13 introduces Cooldown, an opt-in safety net that prevents bundle install from grabbing gems immediately after release. By enforcing a configurable waiting period (e.g., 2–3 days), it shields your projects from supply-chain attacks that exploit the narrow window between a compromised account and the first malicious push.

Rails Production & Maintenance

4. 🎯 Joe Masilotti made a daring move by replacing WebSockets with polling, and it’s been a game-changer! After a customer got stuck with an endless spinner, Joe found that sometimes, the old ways are indeed the best. See how this switch improved his app's reliability.

5. 🍪 Stop Storing Objects in Rails Sessions: It’s a common mistake to treat sessions as server memory, but Rails defaults to client-side cookies that max out at ~4KB. Syed Aslam explains the hidden serialization costs, how to avoid CookieOverflow errors in production, and why you should only ever store record IDs in your session.

6. 📧 Stop guessing with webhook mocks. Daniela Baron reveals how to use Stripe’s Test Clocks and CLI to simulate real payment failure cycles end-to-end. This setup catches subtle race conditions (such as deleting user data before sending the final email) that unit tests miss, ensuring your subscribers always receive the right message at the right time.

7. 🛠️ Tired of unreliable test stubs? Meet http_decoy, your new go-to for RSpec testing! This real fake HTTP server by Jibran Usman ensures your tests validate request contracts and simulate dynamic responses, catching issues before they hit production.

8. 📊 Dropping columns in Rails can crash your production app if the deployment window isn't perfectly atomic. Akshay Khot breaks down the industry-standard two-step strategy using ignored_columns to safely decommission database fields without downtime.

​

Architecture & Ruby Internals

9. 📚 Building with parts. David Morales explores composition as an alternative to inheritance, showing how smaller, reusable components can make Ruby applications easier to understand and maintain.

10. 🔑 Ready to unlock a metaprogramming secret? Check out Ruby's Ancestor Chain method lookup with Ruby Stack News. Discover how the ancestor chain works and why 'prepend' is the crafty rule-breaker that takes the lead.

11. 🚀 Supercharge your Ruby apps with minimal code changes. In this OSS Friday update on Noteflakes, we get a progress update on UringMachine’s fiber scheduler, including new benchmarks, testing, and performance improvements built around Ruby Fibers and io_uring.

12. 📧 Ready for Hanami 3.0? Tim Riley takes us through the exciting new hanami-mailer gem! From setting up base classes to customizing SMTP delivery, this guide helps you master mailers in Hanami. Then get ready for a global audience with i18n integration! Check out the seamless internationalization setup in Hanami 3.0, featuring automatic component registration and customizable configurations.

​

AI & LLMs in Ruby

13. 🚀 Live Now! Anthropic launches Claude Fable 5, a Mythos-class powerhouse for general use that dominates in coding, science, and vision. While Fable 5 includes safety filters for everyone, the unrestricted Claude Mythos 5 is now live for elite cyber defenders.

14. 💡 From Coder to Architect. Zil Norvilis suggests that as AI takes over syntax, Rails developers must focus on the "Rails Way": system design, strict conventions, and architectural oversight. The new skill set isn't typing code; it's knowing exactly where that code should live.

15. 🤖 AI isn't creating new engineering problems; it's just exposing the ones we ignored. Brandon Weaver argues that AI acts as a relentless chaos engineer, instantly surfacing weak documentation, vague requirements, brittle processes, and hidden technical debt. What humans learned to route around, the AI walks straight into, forcing us to finally fix the gaps.

16. 🧮 Keep your LLM expenses under control with this Rails-native LLM Cost Tracker! This self-hosted gem logs every call your app makes to OpenAI, Anthropic, and more, giving you detailed insights into tokens, costs, and latency (all without a proxy).

​

🚨 Security & Vulnerability Watch

17. This security scanner goes beyond Brakeman, tackling AI injections, DoS patterns, and more. With version 0.1.8, enjoy sharper AI detection, lightning-fast scans, and smarter supply chain analysis with rails-guarddog.

18. Ruby Security Advisories: Users should upgrade to a patched version as soon as possible.

• ​CVE-2026-44476 (doorkeeper-openid_connect)
• ​GHSA-xf4v-w5x5-pv79 (nokogiri)

​

📅 Upcoming Community Events & Learning

Philly.rb's next meetup features "Authentication Hell, a​ browser-based game built with Ruby" by Mike Dalton. Thursday, June 18, 5:30 PM - 8:00 PM - Hope to see you there!

​RubyConf 26’ is July 14-16, 2026, in Las Vegas, NV. We can't wait to catch Mike Toppa discuss AI-assisted coding and Charles of Headius' lightning talk on JRuby capabilities. What are you excited to see?

​

Check out our other articles on: ​​​​Ruby | Rails | Compatibility | ​​Upgrades​​​​ | ​​​​Tech Debt​​​ | AI​

Bookmark, share, or save them for later. We hope these links are helpful to you. 😉

Best,

The ​​​​​​FastRuby.io​​​​​​ Team