Setting the scene How do you trust a client’s session during upload without re-running expensive validation logic or exposing yourself to tampering? In this post, we’ll walk through a production-grade pattern using: - Short-lived signed JWTs (JWS) - AWS KMS for signing & verification - A token chaining model that enforces trust across steps The Goal We wanted to guarantee: - A session is validated exactly once - Uploads are cryptographically bound to that validation - No reli

While building Android support for the Mill build tool, our approach has been to treat the Android Gradle Plugin (AGP) as a black box at first, inspect what it produces, and replicate its behaviour in a Mill implementation. In addition, since AGP is open source, this process often includes us inspecting Gradle code as an extra helping hand to reverse engineer the contract between the build system and the Android ecosystem. In order to validate real-world compatibility, we

Working on a codebase or using an application itself can sometimes be challenging without proper documentation. One effective way to bridge this gap is by using end-to-end (E2E) tests as a form of documentation. E2E tests not only verify that the application works as expected but also provide concrete examples of how different features and functionalities are intended to be used. What is E2E Testing? End-to-end (E2E) testing is a software testing methodology that involves tes