Research Archive

Red Team Analysis: AI-Native Stack

Layer-by-layer gap analysis

Updated: December 2025 Source: research/RED-TEAM-ANALYSIS.md

Red Team Analysis: AI-Native Stack

Analysis Date: December 21, 2025 Status: Research Phase - Too Early for Production

Executive Summary

The proposed "AI-Native Stack" is directionally correct but implementation-immature. The core thesis - that React/Next.js is the wrong abstraction for agentic coding - appears valid, but current alternatives aren't production-ready.

The Proposed Stack

Layer Choice Rationale
Agent Runtime Go or Elixir High concurrency, low memory, strong typing
Protocol AG-UI + A2UI Decouples agent logic from rendering
UI Renderer Svelte/Web Components Compiler-based, close to the metal
Data Layer Edge DB or SQLite + Turso Single source of truth, no ORM
AI Interface MCP (Model Context Protocol) Standardized tool calling

Layer-by-Layer Assessment

1. Agent Runtime: Go vs Elixir

Go

Strengths:

  • 2.5x faster raw execution than Elixir
  • Single binary deployment (no runtime dependency)
  • Massive hiring pool
  • Excellent HTTP library performance

Critical Gaps:

  • Goroutine leaks are silent killers (Uber found 180-357 distinct leaks across 3111 test suites)
  • Cooperative scheduling can starve long-running operations
  • No built-in actor model - you'll reinvent supervision trees
  • Memory leaks require pprof expertise to debug

Sources:

Elixir/BEAM

Strengths:

  • Fault tolerance via supervision trees (WhatsApp scale proven)
  • Preemptive scheduling prevents starvation
  • Hot code reload in production
  • Per-process garbage collection (no stop-the-world)
  • Best runtime for agentic workflows per recent analysis

Critical Gaps:

  • 3x slower than Go on CPU-bound tasks
  • Minute-long startup times in containers
  • Small ecosystem compared to Node/Go
  • Memory spikes during large HTTP request batches

Sources:

Verdict

Elixir is the better choice for agent runtimes but requires significant learning investment. Neither has first-class LLM streaming primitives - you'll build custom abstractions either way.

2. Protocol Layer: AG-UI + A2UI

AG-UI (CopilotKit)

Status: Production-ready, widely adopted

Strengths:

  • Event-based protocol over HTTP/WebSockets
  • Integrates with LangGraph, CrewAI, AG2
  • Oracle, AWS Strands, Microsoft Agent Framework adoption
  • Solves real-time streaming, state sync, human-in-the-loop

Critical Gaps:

  • Node.js runtime intermediary required
  • Fully-generated UI "too unpredictable and unsafe for live users"
  • Broken quickstart tooling reported (Issue #113)
  • v1.50 focused on "problems developers face" - indicates prior pain

Sources:

A2UI (Google)

Status: v0.8 Public Preview - NOT production ready

Strengths:

  • Native-first approach (not iframe-based)
  • Declarative data format, not executable code
  • Security-first design (agent can only use pre-approved components)

Critical Gaps:

  • Only Web + Flutter supported (no React Native, iOS native)
  • Constrained component catalog limits flexibility
  • Competing with MCP-UI, AG-UI, OpenAI Apps SDK, MCP Apps
  • "Expect changes" warning in docs

Sources:

Verdict

AG-UI is the only production option today. A2UI's native-first approach is promising but premature. The protocol fragmentation (5 competing standards in 2025) is a red flag - consolidation coming.

3. UI Renderer: Svelte vs Web Components

SvelteKit

Strengths:

  • Compiler-based (outputs vanilla JS/HTML)
  • Smaller bundle sizes than React
  • Simpler mental model
  • Native WebSocket support added 2025

Critical Gaps:

  • 200 pods required for 11k RPS (proxy + HTML render)
  • IDE unresponsive on large projects (1 minute LSP init)
  • Library pre-compilation not supported (recompiles UI kits every build)
  • SSR testing is flaky (hydration race conditions)
  • adapter-node customization limited

Sources:

Web Components

Strengths:

  • Framework-agnostic (true interoperability promise)
  • Browser-native (no framework lock-in)
  • Google's A2UI built on this model

Critical Gaps:

  • No native SSR support (DOM-dependent)
  • React interop breaks synchronous reactivity assumptions
  • Requires WASM solutions for server rendering (Enhance)
  • Declarative Custom Elements (DCE) still proposal stage

Sources:

Verdict

SvelteKit for small-medium apps, Next.js 16 for scale. Web Components are architecturally correct but practically immature. The "compiler-based is AI-friendly" thesis is valid but SvelteKit's scaling gaps are real.

4. Data Layer: EdgeDB vs SQLite + Turso

EdgeDB (now Gel)

Strengths:

  • Graph-relational model eliminates joins
  • EdgeQL is powerful and type-safe
  • No ORM needed (schema IS the API)

Critical Gaps:

  • Requires 1GB memory minimum to start
  • Cannot adopt on brownfield projects
  • 1 minute Docker startup time
  • "Little information available" - thin docs
  • Still in beta after years of development
  • Renamed to "Gel" in Feb 2025 (identity crisis?)

Sources:

SQLite + Turso

Strengths:

  • Sub-5ms response times
  • Works offline/unreliable networks
  • Edge replication model
  • Concurrent writes announced (4x throughput)

Critical Gaps:

  • Single-writer architecture (historical, being fixed)
  • Concurrent writes are TECH PREVIEW only
  • Rust rewrite (Turso Database) NOT production ready
  • Replication costs scale linearly with replicas

Sources:

Verdict

Neither is production-ready for write-heavy workloads. The "no ORM" dream remains unfulfilled - both move complexity rather than eliminating it. Postgres + Drizzle is the pragmatic choice today.

5. AI Interface: MCP (Model Context Protocol)

Status: Donated to Linux Foundation (Dec 2025), but security-broken

Strengths:

  • Anthropic + OpenAI + Google backing
  • Standardized tool calling interface
  • Growing ecosystem of MCP servers

Critical Gaps:

  • 2,000 exposed servers with ZERO authentication (Knostic scan)
  • Production incident: Replit AI deleted 1,200 records despite explicit freeze
  • OAuth 2.1 implementation still DRAFT
  • No SOC2, PCI-DSS, FedRAMP certification
  • 10-15ms latency overhead per call
  • Can't block unauthorized international data flows
  • Legacy system integration assumes modern APIs

Sources:

Verdict

Dev tools only, never production data. The security model is fundamentally broken. Use direct API calls for anything touching customer data.

Gap Summary

Stack Component Production Ready? Timeline to Ready
Elixir Runtime Yes (but learning curve) Now (if you invest)
Go Runtime Yes (but wrong model) N/A
AG-UI Yes Now
A2UI No 6-12 months
SvelteKit Partial (scale limits) Unknown
Web Components No 12-24 months
EdgeDB/Gel No Unknown
Turso Concurrent No 6 months
MCP (secure) No 6-12 months

Recommendations

For Existing Projects (rally-hq, six, aix, etc.)

Stay with Next.js 16 + Turbopack + Drizzle. The migration cost exceeds the benefit.

For New Simple Apps/Sites

SvelteKit is viable. Monitor scale as you grow.

For New Agent-Native Products

Elixir/Phoenix + AG-UI + Postgres is the defensible choice IF you're willing to learn Elixir.

For CLI Tools (bc-migration type)

Bun + TypeScript + SQLite (local). Simple, fast, no runtime gaps.

The Unfilled Gaps (Opportunities)

  1. AI-Composable Primitives Library

    • No standard library of functions AI can reliably compose
    • First-mover advantage available

  2. Property-Based Testing for AI Code

    • No framework generates verifiable tests alongside AI code
    • fast-check exists but isn't AI-integrated

  3. Secure MCP Alternative

    • MCP's security model is broken
    • Room for enterprise-grade alternative

  4. True "No ORM" Data Layer

    • EdgeDB tried and failed to reach production
    • The impedance mismatch problem remains unsolved