REST sends data across the network. What if it could send callable objects instead? | Kenton Varda

REST APIs return data. Cap'n Web returns stubs — references to live objects on the server. That single shift changes everything about how you design APIs 💣 Kenton Varda (Cloudflare Workers, creator of Cap'n Proto) shows why passing functions and objects by reference over the network isn't just a nice DX improvement — it's a fundamentally different security model for AI agents. What's inside: 🔹 How to eliminate client libraries entirely with TypeScript-native RPC 🔹 Promise pipelining: 3 round trips collapsed into 1 without await 🔹 Lifecycle management — your server knows exactly when the client is gone 🔹 Why giving AI agents auth tokens is broken — and what capability-based RPC does instead 🔥 Kenton Varda is the lead engineer of Cloudflare Workers — the platform that redefined what serverless can do at the edge. He's also the creator of Cap'n Proto, the high-performance serialization and RPC protocol used across distributed systems at scale — and now Cap'n Web, which brings those ideas natively to the browser and JavaScript runtimes. 👉 Connect with Kenton: 🔗 https://x.com/KentonVarda 🔗 https://github.com/kentonv 📌 Follow the link to watch the full version of the talk and gain access to all Node Congress recordings: 🔗 https://gitnation.com/events/node-con... 💬 Don’t just watch — get your toughest architecture questions answered in real-time, be part of the room where Seniors and Architects shape the future, get ahead of the curve. Join us live at the next event! 🔗 https://gitnation.com/events?utm_sour... 🕐 Timestamps: 00:00 - "REST is making the world worse" — Kenton's opening argument 00:57 - Your 20% Off 🤫 01:17 - Your TypeScript class IS the API. Hello World in Cap'n Web 02:16 - RPC stubs: call remote objects like local functions 04:25 - The chat app REST API nobody wants to write 05:36 - Same API, zero boilerplate — the Cap'n Web version 07:44 - OpenAPI YAML vs TypeScript: one of these puts you to sleep 08:32 - Auth token on every request? There's a better way 10:42 - Objects with lifecycle: your server knows when the client is gone 12:39 - "Isn't this slower?" — promise pipelining kills the objection 14:24 - No client, no server. Just two peers passing functions 15:00 - Pub/sub in 5 lines: pass a callback, get real-time updates 16:25 - AI agents + auth tokens = a disaster waiting to happen 18:20 - Why sandboxing AI agents over REST is a nightmare 21:09 - Give the agent a stub, not a token. Capability-based security 23:26 - Q&A: prototype pollution, React integration, type safety ✍️ This talk was part of Node Congress 2026: No REST for Cap'n Web | Kenton Varda 🔗 https://nodecongress.com/?utm_source=... 📌 We’ve hidden a secret code for 20% off your next event. Join our upcoming conferences! 💫 JSNation 2026 June 11 & 15, 2026 (Amsterdam) 🔗https://jsnation.com/?utm_source=yout... 💫 React Summit, June 12 & 16, 2026 (Amsterdam) https://reactsummit.com/?utm_source=y... 💫 TechLeadConf, June 11 & 12, 2026 (Amsterdam) https://techleadconf.com/?utm_source=... and more! 🚀 Check out all the upcoming events from GitNation: 🔗 https://gitnation.com/events?utm_sour... Don't forget to use INSIDER20 promo code for 20% off on tickets. #CapnWeb #RPC #TypeScript #JavaScript #WebDev #APIDesign #REST #Cloudflare #CloudflareWorkers #WebSocket #PromisePipelining #AIAgents #CapabilityBasedSecurity #NodeJS #BackendDev #SoftwareEngineering #DeveloperTools #CapnProto #Sandboxing #NodeCongress