Ash Weekly: Issue #20

Ash AI launch and demo videos, new articles and discussions on Ash, Ash Authentication CVE, phoenix.new released, more bulk action support in AshSqlite.

Ash Weekly!

Welcome to Ash Weekly — your quick, informal digest of what’s new and notable in the world of Ash Framework. Got something cool? Drop it in the #showcase channel on Discord!

Shameless Plugs

• Buy the book!

• Check out Ash Premium Support from Alembic.

• Sponsor me if you like what I do. To all of my current sponsors: thank you ❤️

Ash AI Launch and Demo videos

ElixirConf EU released my launch of Ash AI, and Code and Stuff released an introduction video to it. Christian makes really amazing videos and I’m super hyped about the idea of him making more Ash content. Go follow him 😎

Articles/commentary on Ash

Kamaro Lambert has a great series on Ash with a bunch of useful tips, and his most recent one is about reusing business logic with calculations.

A reddit post about the good the bad and the ugly of learning Ash was posted, and the original poster actually provided something you almost never see: two applications both with and without Ash. Worth checking out!

AshAuthentication CVE

A low severity CVE was issued for AshAuthentication due to the fact that we weren’t invalidating tokens server-side on sign-out. Please read the CVE and upgrade accordingly.

Phoenix.new launched

I’ve so far had a mixed experience with phoenix.new when comparing it to my local agentic development setup. Some things are beyond impressive, and many of these are actually delightful little touches that are hard to notice because they feel so natural. The magically provisioned infrastructure aside:

• The agent has the ability to pop open a virtual browser window in line to preview changes.

• When it runs its terminal commands, it sends them to a terminal that you can still type in. Anyone who has seen an agent hang running a command that was waiting for user input knows the frustration of having to stop it and tell it to rerun with `--yes`.

• It’s fun to follow the agent around and watch it work. Also really annoying that you can’t unfollow the agent to go make some small tweak while its working.

• The `browser` tool given to the agent is a stroke of genius, completely obviating AFAICT the need to have something like puppet tools to open browsers etc.

With that said, there are some things that I’d really like to see improved:

• The pricing is the opposite of transparent as I’ve got zero idea what $20 gets me, when it is going to run out etc. Nothing feels worse than that “I’m just one prompt away from this PoC I’m making” to then get told you have to put more quarters in the machine.

• Now that I’ve got all these new agent prompting and context setting skills, the inability to really use them is very frustrating. There isn’t a way to add a context file that persists (i.e `AGENTS.md`), and because the tokens/context stuff is all completely hidden from you, there is no way to know what information you give the agent is actually remaining in its context window. This makes it hard to “drive”. Remember, agents aren’t intelligent (yet), they are code fire hoses that have a low skill barrier but a high skill ceiling.

• I think the system prompt kinda screws me up and I’d rather be able to just disable it entirely. I’m sure it’s amazing for people with…different standards than me. I’ve got my own patterns and workflows, and I’m particular about how my tech is built, and I want to be able to take my patterns and run them in this cool new sandboxed magic agentic development environment.

Bulk actions in AshSqlite

Prior to the most recent set of releases, if the data layer wasn’t capable of raising errors, we didn’t let them do `update_query` or `destroy_query` operations. This was a pretty big limitation on `AshSqlite` which has now been restricted. With all that said, you still can’t do atomic validations meaning that there will be many cases where we switch to doing piecemeal updates.

Releases

Ash: 3.5.15-3.5.16

• A new `mix ash` command, showing the Ash version and list of available `ash.` prefixed commands

• Allow using `update_query` and `destroy_query` callbacks even when `expr_error` is not supported.

• Add support *back* for regexes in match constraints/validations. Fun fact: OTP 28.1 is going to support regexes at compile time again 🤣. So we’ll be in some temporary limbo but the status quo WRT regexes will return to normal.

• show action when inspecting an `Ash.Query`

• Add `assert_stripepd test helper by Samuel Wrenn

• Better error message on unexpected argument inputs to code interfaces by Abhishek Tripathi

Ash AI: 0.1.5-0.2.2

• Install usage rules by default, linking to dependency folders automatically.

• JSON processor for providers that do not support json_schema or tool calling by Abhishek Tripathi

• improvement: Usage rules mcp integration (#60) by Barnabas Jovanovics

• more context in error messages (#56) by Abhishek Tripathi

• When using Adapter.CompletionTool (for anthropic) add the cache_control (#51) by Rodolfo Torres

• more realistic handling of example generation (#50) by Abhishek Tripathi

Igniter: 0.6.7

• Support for private repositories

• Use hex to support looking up org package versions

• Add missing `—only` flag documentation for install task

• Add `Igniter.Test.refute_creates`

• Don’t disable protocol consolidation when creating projects

• Add `Igniter.rm` and track removed files across operations

Spark: 2.2.64

• add `:regex_as_mfa` type, for better OTP28+ compatibility (which actually it turns it won’t be necessary and everything can just use `{:struct, Regex}` in `OTP 28.1`.

AshGraphql: 1.7.15

• Add sortable_fields option, similar to filterable_fields by Jechol Lee

• Add a verifier for argument types option to ensure that all fields are actions, and all subfields are fields.

AshAuthentication: 4.9.4

• Revoke tokens on logout. See the CVE above.

AshAuthenticationPhoenix: 2.10.0-2.10.1

• Revoke tokens on logout. See the CVE above.

• Add `on_mount_prepend`, for prepending on mount hooks to the various route builders in Phoenix by Aidan Gauland

AshPostgres: 2.6.8

• Add a `create_schemas_in_migrations?` callback to tell the migration generator not to generate “CREATE SCHEMA IF NOT EXISTS” migrations

AshSql: 0.2.82

• Optimize/simplify boolean functions like `&&` and `||`. They are expensive operations and when we know that the left and right are exclusively booleans/references we can be smarter and use `and` and `or`.

AshSqlite: 0.2.11

• Support `update_query` and `destroy_query`

AshArchival: 2.0.0

• Add `archive_related_authorize?` and default it to `true`. See the changelog in the project for more information and an upgrade guide.