Simon WillisonModify

2025-07-27 00:20:12

Official statement from Tea on their data leak

A legacy data storage system was compromised, resulting in unauthorized access to a dataset from prior to February 2024. This dataset includes approximately 72,000 images, including approximately 13,000 selfies and photo identification submitted by users during account verification and approximately 59,000 images publicly viewable in the app from posts, comments and direct messages.

Storing and then failing to secure photos of driving licenses is an incredible breach of trust. Many of those photos included EXIF location information too, so there are maps of Tea users floating around the darker corners of the web now.

I've seen a bunch of commentary using this incident as an example of the dangers of vibe coding. I'm confident vibe coding was not to blame in this particular case, even while I share the larger concern of irresponsible vibe coding leading to more incidents of this nature.

The announcement from Tea makes it clear that the underlying issue relates to code written prior to February 2024, long before vibe coding was close to viable for building systems of this nature:

During our early stages of development some legacy content was not migrated into our new fortified system. Hackers broke into our identifier link where data was stored before February 24, 2024. As we grew our community, we migrated to a more robust and secure solution which has rendered that any new users from February 2024 until now were not part of the cybersecurity incident.

Also worth noting is that they stopped requesting photos of ID back in 2023:

During our early stages of development, we required selfies and IDs as an added layer of safety to ensure that only women were signing up for the app. In 2023, we removed the ID requirement.

Tags: privacy, security, ai, generative-ai, llms, vibe-coding

2025-07-26 06:52:14

Qwen3-235B-A22B-Thinking-2507

Those two were both non-reasoning models - a change from the previous models in the Qwen 3 family which combined reasoning and non-reasoning in the same model, controlled by /think and /no_think tokens.

Today's model, Qwen3-235B-A22B-Thinking-2507 (also released as an FP8 variant), is their new thinking variant.

Qwen claim "state-of-the-art results among open-source thinking models" and have increased the context length to 262,144 tokens - a big jump from April's Qwen3-235B-A22B which was "32,768 natively and 131,072 tokens with YaRN".

Their own published benchmarks show comparable scores to DeepSeek-R1-0528, OpenAI's o3 and o4-mini, Gemini 2.5 Pro and Claude Opus 4 in thinking mode.

The new model is already available via OpenRouter.

But how good is its pelican?

I tried it with "Generate an SVG of a pelican riding a bicycle" via OpenRouter, and it thought for 166 seconds - nearly three minutes! I have never seen a model think for that long. No wonder the documentation includes the following:

However, since the model may require longer token sequences for reasoning, we strongly recommend using a context length greater than 131,072 when possible.

Here's a copy of that thinking trace. It was really fun to scan through:

The finished pelican? Not so great! I like the beak though:

Via @Alibaba_Qwen

Tags: ai, generative-ai, llms, qwen, pelican-riding-a-bicycle, llm-reasoning, llm-release

2025-07-24 23:21:30

GitHub Spark was released in public preview yesterday. It's GitHub's implementation of the prompt-to-app pattern also seen in products like Claude Artifacts, Lovable, Vercel v0, Val Town Townie and Fly.io’s Phoenix New. In this post I reverse engineer Spark and explore its fascinating system prompt in detail.

I wrote about Spark back in October when they first revealed it at GitHub Universe.

GitHub describe it like this:

Build and ship full-stack intelligent apps using natural language with access to the full power of the GitHub platform—no setup, no configuration, and no headaches.

You give Spark a prompt, it builds you a full working web app. You can then iterate on it with follow-up prompts, take over and edit the app yourself (optionally using GitHub Codespaces), save the results to a GitHub repository, deploy it to Spark's own hosting platform or deploy it somewhere else.

Here's a screenshot of the Spark interface mid-edit. That side-panel is the app I'm building, not the docs - more on that in a moment.

• Spark capabilities
• Reverse engineering Spark with Spark
• That system prompt in detail
• What can we learn from all of this?
• Spark features I'd love to see next

Spark capabilities

Sparks apps are client-side apps built with React - similar to Claude Artifacts - but they have additional capabilities that make them much more interesting:

1. They are authenticated: users must have a GitHub account to access them, and the user's GitHub identity is then made available to the app.
2. They can store data! GitHub provides a persistent server-side key/value storage API.
3. They can run prompts. This ability isn't unique - Anthropic added that to Claude Artifacts last month. It looks like Spark apps run prompts against an allowance for that signed-in user, which is neat as it means the app author doesn't need to foot the bill for LLM usage.

A word of warning about the key/value store: it can be read, updated and deleted by anyone with access to the app. If you're going to allow all GitHub users access this means anyone could delete or modify any of your app's stored data.

I built a few experimental apps, and then decided I to go meta: I built a Spark app that provides the missing documentation for how the Spark system works under the hood.

Reverse engineering Spark with Spark

Any system like Spark is inevitably powered by a sophisticated invisible system prompt telling it how to behave. These prompts double as the missing manual for these tools - I find it much easier to use the tools in a sophisticated way if I've seen how they work under the hood.

Could I use Spark itself to turn that system prompt into user-facing documentation?

Here's the start of my sequence of prompts:

1. An app showing full details of the system prompt, in particular the APIs that Spark apps can use so I can write an article about how to use you [result]

That got me off to a pretty great start!

You can explore the final result at github-spark-docs.simonwillison.net.

Spark converted its invisible system prompt into a very attractive documentation site, with separate pages for different capabilities of the platform derived from that prompt.

I read through what it had so far, which taught me how the persistence, LLM prompting and user profile APIs worked at a JavaScript level.

Since these could be used for interactive features, why not add a Playground for trying them out?

2. Add a Playground interface which allows the user to directly interactively experiment with the KV store and the LLM prompting mechanism [result]

This built me a neat interactive playground:

The LLM section of that playground showed me that currently only two models are supported: GPT-4o and GPT-4o mini. Hopefully they'll add GPT-4.1 soon. Prompts are executed through Azure OpenAI.

It was missing the user API, so I asked it to add that too:

3. Add the spark.user() feature to the playground [result]

Having a summarized version of the system prompt as a multi-page website was neat, but I wanted to see the raw text as well. My next prompts were:

4. Create a system_prompt.md markdown file containing the exact text of the system prompt, including the section that describes any tools. Then add a section at the bottom of the existing System Prompt page that loads that via fetch() and displays it as pre wrapped text

5. Write a new file called tools.md which is just the system prompt from the heading ## Tools Available - but output &lt; instead of < and &gt; instead of >

   No need to click "load system prompt" - always load it

   Load the tools.md as a tools prompt below that (remove that bit from the system_prompt.md)

The bit about < and > was because it looked to me like Spark got confused when trying to output the raw function descriptions to a file - it terminated when it encountered one of those angle brackets.

Around about this point I used the menu item "Create repository" to start a GitHub repository. I was delighted to see that each prompt so far resulted in a separate commit that included the prompt text, and future edits were then automatically pushed to my repository.

I made that repo public so you can see the full commit history here.

... to cut a long story short, I kept on tweaking it for quite a while. I also extracted full descriptions of the available tools:

• str_replace_editor for editing files, which has sub-commands view, create, str_replace, insert and undo_edit. I recognize these from the Claude Text editor tool, which is one piece of evidence that makes me suspect Claude is the underlying model here.
• npm for running npm commands (install, uninstall, update, list, view, search) in the project root.
• bash for running other commands in a shell.
• create_suggestions is a Spark-specific tool - calling that with three suggestions for next steps (e.g. "Add message search and filtering") causes them to be displayed to the user as buttons for them to click.

Full details are in the tools.md file that Spark created for me in my repository.

The bash and npm tools clued me in to the fact that Spark has access to some kind of server-side container environment. I ran a few more prompts to add documentation describing that environment:

• Use your bash tool to figure out what linux you are running and how much memory and disk space you have (this ran but provided no output, so I added:)
• Add that information to a new page called Platform
• Run bash code to figure out every binary tool on your path, then add those as a sorted comma separated list to the Platform page

This gave me a ton of interesting information! Unfortunately Spark doesn't show the commands it ran or their output, so I have no way of confirming if this is accurate or hallucinated. My hunch is that it's accurate enough to be useful, but I can't make any promises.

Spark apps can be made visible to any GitHub user - I set that toggle on mine and published it to system-exploration-g--simonw.github.app, so if you have a GitHub account you should be able to visit it there.

I wanted an unathenticated version to link to though, so I fired up Claude Code on my laptop and had it figure out the build process. It was almost as simple as:

npm install
npm run build

... except that didn't quite work, because Spark apps use a private @github/spark library for their Spark-specific APIs (persistence, LLM prompting, user identity) - and that can't be installed and built outside of their platform.

Thankfully Claude Code (aka Claude Honey Badger) won't give up, and it hacked around with the code until it managed to get it to build.

That's the version I've deployed to github-spark-docs.simonwillison.net using GitHub Pages and a custom subdomain so I didn't have to mess around getting the React app to serve from a non-root location.

The default app was a classic SPA with no ability to link to anything inside of it. That wouldn't do, so I ran a few more prompts:

• Add HTML5 history support, such that when I navigate around in the app the URL bar updates with #fragment things and when I load the page for the first time that fragment is read and used to jump to that page in the app. Pages with headers should allow for navigation within that page - e.g. the Available Tools heading on the System Prompt page should have a fragment of #system-prompt--available-tools and loading the page with that fragment should open that page and jump down to that heading. Make sure back/forward work too
• Add # links next to every heading that can be navigated to with the fragment hash mechanism
• Things like <CardTitle id="performance-characteristics">Performance Characteristics</CardTitle> should also have a # link - that is not happening at the moment

... and that did the job! Now I can link to interesting sections of the documentation. Some examples:

• Docs on the persistence API
• Docs on LLM prompting
• The full system prompt, also available in the repo
• That Platform overiew, including a complete list of binaries on the Bash path. There are 782 of these! Highlights include rg and jq and gh.
• A Best Practices guide that's effectively a summary of some of the tips from the longer form system prompt.

The interactive playground is visible on my public site but doesn't work, because it can't call the custom Spark endpoints. You can try the authenticated playground for that instead.

That system prompt in detail

All of this and we haven't actually dug into the system prompt itself yet.

I've read a lot of system prompts, and this one is absolutely top tier. I learned a whole bunch about web design and development myself just from reading it!

Let's look at some highlights:

You are a web coding playground generating runnable code micro-apps ("sparks"). This guide helps you produce experiences that are not only functional but aesthetically refined and emotionally resonant.

Starting out strong with "aesthetically refined and emotionally resonant"! Everything I've seen Spark produce so far has had very good default design taste.

Use the available search tools to understand the codebase and the user's query. You are encouraged to use the search tools extensively both in parallel and sequentially, especially when you are starting or have no context of a project.

This instruction confused me a little because as far as I can tell Spark doesn't have any search tools. I think it must be using rg and grep and the like for this, but since it doesn't reveal what commands it runs I can't tell for sure.

It's interesting that Spark is not a chat environment - at no point is a response displayed directly to the user in a chat interface, though notes about what's going on are shown temporarily while the edits are being made. The system prompt describes that like this:

You are an AI assistant working in a specialized development environment. Your responses are streamed directly to the UI and should be concise, contextual, and focused. This is not a chat environment, and the interactions are not a standard "User makes request, assistant responds" format. The user is making requests to create, modify, fix, etc a codebase - not chat.

All good system prompts include examples, and this one is no exception:

✅ GOOD:

• "Found the issue! Your authentication function is missing error handling."
• "Looking through App.tsx to identify component structure."
• "Adding state management for your form now."
• "Planning implementation - will create Header, MainContent, and Footer components in sequence."

❌ AVOID:

• "I'll check your code and see what's happening."
• "Let me think about how to approach this problem. There are several ways we could implement this feature..."
• "I'm happy to help you with your React component! First, I'll explain how hooks work..."

The next "Design Philosophy" section of the prompt helps explain why the apps created by Spark look so good and work so well.

I won't quote the whole thing, but the sections include "Foundational Principles", "Typographic Excellence", "Color Theory Application" and "Spatial Awareness". These honestly feel like a crash-course in design theory!

OK, I'll quote the full typography section just to show how much thought went into these:

Typographic Excellence

• Purposeful Typography: Typography should be treated as a core design element, not an afterthought. Every typeface choice should serve the app's purpose and personality.
• Typographic Hierarchy: Construct clear visual distinction between different levels of information. Headlines, subheadings, body text, and captions should each have a distinct but harmonious appearance that guides users through content.
• Limited Font Selection: Choose no more than 2-3 typefaces for the entire application. Consider San Francisco, Helvetica Neue, or similarly clean sans-serif fonts that emphasize legibility.
• Type Scale Harmony: Establish a mathematical relationship between text sizes (like the golden ratio or major third). This forms visual rhythm and cohesion across the interface.
• Breathing Room: Allow generous spacing around text elements. Line height should typically be 1.5x font size for body text, with paragraph spacing that forms clear visual separation without disconnection.

At this point we're not even a third of the way through the whole prompt. It's almost 5,000 words long!

Check out this later section on finishing touches:

Finishing Touches

• Micro-Interactions: Add small, delightful details that reward attention and form emotional connection. These should be discovered naturally rather than announcing themselves.
• Fit and Finish: Obsess over pixel-perfect execution. Alignment, spacing, and proportions should be mathematically precise and visually harmonious.
• Content-Focused Design: The interface should ultimately serve the content. When content is present, the UI should recede; when guidance is needed, the UI should emerge.
• Consistency with Surprise: Establish consistent patterns that build user confidence, but introduce occasional moments of delight that form memorable experiences.

The remainder of the prompt mainly describes the recommended approach for writing React apps in the Spark style. Some summarized notes:

• Spark uses Vite, with a src/ directory for the code.
• The default Spark template (available in github/spark-template on GitHub) starts with an index.html and src/App.tsx and src/main.tsx and src/index.css and a few other default files ready to be expanded by Spark.
• It also has a whole host of neatly designed default components in src/components/ui with names like accordion.tsx and button.tsx and calendar.tsx - Spark is told "directory where all shadcn v4 components are preinstalled for you. You should view this directory and/or the components in it before using shadcn components."
• A later instruction says "Strongly prefer shadcn components (latest version v4, pre-installed in @/components/ui). Import individually (e.g., import { Button } from "@/components/ui/button";). Compose them as needed. Use over plain HTML elements (e.g., <Button> over <button>). Avoid creating custom components with names that clash with shadcn."
• There's a handy type definition describing the default spark. API namespace:

  declare global {
    interface Window {
      spark: {
        llmPrompt: (strings: string[], ...values: any[]) => string
        llm: (prompt: string, modelName?: string, jsonMode?: boolean) => Promise<string>
        user: () => Promise<UserInfo>
        kv: {
          keys: () => Promise<string[]>
          get: <T>(key: string) => Promise<T | undefined>
          set: <T>(key: string, value: T) => Promise<void>
          delete: (key: string) => Promise<void>
        }
      }
    }
  }

• The section on theming leans deep into Tailwind CSS and the tw-animate-css package, including a detailed example.
• Spark is encouraged to start by creating a PRD - a Product Requirements Document - in src/prd.md. Here's the detailed process section on that, and here's the PRD for my documentation app (called PRD.md and not src/prd.md, I'm not sure why.)

The system prompt ends with this section on "finishing up":

Finishing Up

• After creating files, use the create_suggestions tool to generate follow up suggestions for the user. These will be presented as-is and used for follow up requests to help the user improve the project. You must do this step.
• When finished, only return DONE as your final response. Do not summarize what you did, how you did it, etc, it will never be read by the user. Simply return DONE

Notably absent from the system prompt: instructions saying not to share details of the system prompt itself!

I'm glad they didn't try to suppress details of the system prompt itself. Like I said earlier, this stuff is the missing manual: my ability to use Spark is greatly enhanced by having read through the prompt in detail.

What can we learn from all of this?

This is an extremely well designed and implemented entrant into an increasingly crowded space.

GitHub previewed it in October and it's now in public preview nine months later, which I think is a great illustration of how much engineering effort is needed to get this class of app from initial demo to production-ready.

Spark's quality really impressed me. That 5,000 word system prompt goes a long way to explaining why the system works so well. The harness around it - with a built-in editor, Codespaces and GitHub integration, deployment included and custom backend API services - demonstrates how much engineering work is needed outside of a system prompt to get something like this working to its full potential.

When the Vercel v0 system prompt leaked Vercel's CTO Malte Ubl said:

When @v0 first came out we were paranoid about protecting the prompt with all kinds of pre and post processing complexity.

We completely pivoted to let it rip. A prompt without the evals, models, and especially UX is like getting a broken ASML machine without a manual

I would love to see the evals the Spark team used to help iterate on their epic prompt!

Spark features I'd love to see next

I'd love to be able to make my Spark apps available to unauthenticated users. I had to figure out how to build and deploy the app separately just so I could link to it from this post.

Spark's current deployment system provides two options: just the app owner or anyone with a GitHub account. The UI says that access to "All members of a selected organization" is coming soon.

Building and deploying separately had added friction due to the proprietary @github/spark package. I'd love an open source version of this that throws errors about the APIs not being available - that would make it much easier to build the app independently of that library.

My biggest feature request concerns that key/value API. The current one is effectively a global read-write database available to any user who has been granted access to the app, which makes it unsafe to use with the "All GitHub users" option if you care about your data being arbitrarily modified or deleted.

I'd like to see a separate key/value API called something like this:

spark: {
  userkv: {
    keys: () => Promise<string[]>
    get: <T>(key: string) => Promise<T | undefined>
    set: <T>(key: string, value: T) => Promise<void>
    delete: (key: string) => Promise<void>
  }
}

This is the same design as the existing kv namespace but data stored here would be keyed against the authenticated user, and would not be visible to anyone else. That's all I would need to start building applications that are secure for individual users.

I'd also love to see deeper integration with the GitHub API. I tried building an app to draw graphs of my open issues but it turned there wasn't a mechanism for making authenticated GitHub API calls, even though my identity was known to the app.

Maybe a spark.user.githubToken() API method for retrieving a token for use with the API, similar to how GITHUB_TOKEN works in GitHub Actions, would be a useful addition here.

Pony requests aside, Spark has really impressed me. I'm looking forward to using it to build all sorts of fun things in the future.

Tags: github, javascript, ai, react, typescript, prompt-engineering, generative-ai, llms, ai-assisted-programming, llm-tool-use, vibe-coding, system-prompts

2025-07-24 15:41:51

[...] You learn best and most effectively when you are learning something that you care about. Your work becomes meaningful and something you can be proud of only when you have chosen it for yourself. This is why our second self-directive is to build your volitional muscles. Your volition is your ability to make decisions and act on them. To set your own goals, choose your own path, and decide what matters to you. Like physical muscles, you build your volitional muscles by exercising them, and in doing so you can increase your sense of what’s possible.

LLMs are good at giving fast answers. They’re not good at knowing what questions you care about, or which answers are meaningful. Only you can do that. You should use AI-powered tools to complement or increase your agency, not replace it.

— Recurse Center, Developing our position on AI

Tags: llms, education, ai, generative-ai

2025-07-24 08:27:54

I Drank Every Cocktail

Adam's write up is delightful, incorporating pedantry, data nerdery, a trip to the Internet Archive, some excellent bar recommendations in New York and London and hints at elicit rum smuggling to help make the final cocktail, the IBA Tiki, using two different Havana Club rums that are illegal in the USA thanks to import restrictions.

Via Andy Baio

Tags: cocktails

2025-07-24 03:08:32

Instagram Reel: Veo 3 paid preview

(Christine checked first if I minded them using that concept. I did not!)

Tags: google, ai, generative-ai, gemini, pelican-riding-a-bicycle, text-to-video