今日已更新 63 条资讯 | 累计 20533 条内容
关于我们

今日精选

HOT

最新资讯

共 20533 篇
第 64/1027 页
AI 资讯 Dev.to

The Myth of the Post-Documentation Era

There is a growing sentiment in engineering circles right now that documentation is a relic of the past. The argument usually goes something like this: We’re living in the era of agent-driven development. If an AI agent can read the raw source code or parse an OpenAPI specification instantly, why waste human engineering hours writing prose? Code churns too fast anyway, and human-written docs are outdated the second they’re committed. It’s an attractive, black-and-white view of the world. It’s also completely wrong. Chasing strict determinism in your source of truth is a pipe dream. Code and specs tell a system how something works, but they are fundamentally incapable of explaining why it was built that way in the first place. The Intent Gap: Why Code Isn't Enough Even if you’re building entirely for a downstream consumer of AI agents, there is a massive, structural gap between a raw API specification and an operational reality. Agents are phenomenal at pattern matching and syntax execution, but they struggle with architectural philosophy and human intent. We still need words to contextualize the boundaries. A spec can define an endpoint, its parameters, and its payload. What it can't capture is the nuance of why a specific architectural trade-off was made, or the implicit historical context of a legacy edge case. Prose provides the guardrails for non-deterministic systems. Even if that prose is ultimately consumed by a machine rather than a human, the written word remains the highest-leverage way to transmit intent. The Danger of Slop Describing Slop This doesn't mean we need to return to the days of manually maintaining massive, static wiki pages. Automation has a massive role to play here. Cascading automation—where documentation is dynamically generated alongside code changes—is incredibly powerful. But there’s a trap here: slop describing slop is entirely useless. If we completely hand off documentation generation to unchecked LLMs, we end up with a feedback loo

Ben Halpern 2026-07-13 23:59 5 原文
AI 资讯 Dev.to

The AI Skill Registry at 5,776: A Deep Dive into Reusable Modules for Code Review, Terraform, and Database Migrations

The AI Skill Registry at 5,776: A Deep Dive into Reusable Modules for Code Review, Terraform, and Database Migrations TormentNexus’ skill registry has surpassed 5,776 reusable modules. This post dissects three high-impact skill categories—code review, Terraform generation, and database migration—with real code examples, performance metrics, and architectural constraints. Learn how to leverage these modules to accelerate development pipelines. From Silos to Synergy: Why 5,776 Skills Matter In late 2023, TormentNexus crossed the 5,000-module threshold. As of February 2025, we’re at 5,776 verified, runnable AI skills—each one a `SKILL.md`-defined unit that maps to a specific task, parameter set, and output schema. The registry isn’t a flat list; it’s a dependency graph where skills chain together. For example, a `terraform-generate` skill calls a `code-review` skill internally to validate the generated HCL before output. This modular architecture means a single prompt can sequence up to 3.2 skills on average (median depth: 2), with a measured 94% success rate for execution with no human intervention. The registry spans 37 domains, from frontend component generation to Kubernetes manifests. The top three categories—code review, infrastructure as code, and database operations—account for 1,308 skills collectively. Each skill is stored as a JSON schema in the registry, with an average execution latency of 1.42 seconds (GPU-accelerated, single A100). Let’s examine three representative modules in detail. // Metadata from an actual registered skill: code-review-python v2.1 { "name": "code-review-python", "registryID": "SKI-PYTHON-REVIEW-1729", "version": "2.1", "outputSchema": { "type": "object", "properties": { "issues": { "type": "array", "items": { "$ref": "#/definitions/Issue" } }, "complexityScore": { "type": "number", "minimum": 0, "maximum": 100 }, "refactoredSnippet": { "type": "string" } }, "required": ["issues", "complexityScore"] }, "defaultPromptTemplate": "Revie

Robert Pelloni 2026-07-13 23:58 6 原文
AI 资讯 HackerNews

Show HN: Jacquard, a programming language for AI-written, human-reviewed code

I'm fascinated by the generative AI wave rolling over us, and wondered if AI could create a language that it might prefer using over the ones created by and for humans. To create the design, I had AI analyze the ASTs of several mainstream languages plus a few of the conceptually groundbreaking but esoteric ones (listed in the README) and then create a new structure and new syntax. It was named after the Jacquard machine ( https://en.wikipedia.org/wiki/Jacquard_machine ), a precursor to Babbage's

jbwinters 2026-07-13 23:56 2 原文
AI 资讯 HackerNews

Show HN: HTML, CSS and JavaScript in the Terminal

This is a model I’ve been thinking about lately. It demonstrates a pattern that I’m wondering could exist, where terminal applications, BBS-style shared user boards, and other expressions of creativity and sharing are created with web technologies but rendered into the terminal and accessed over SSH. I like that this brings back some kind of old days of the internet feeling and uses web technologies but sidesteps the public World Wide Web, even though it’s still on the internet. You can try it o

keepamovin 2026-07-13 23:52 2 原文
AI 资讯 Dev.to

How I Set Up Claude Code as My Testing Toolkit: Issue Fixes, PR Reviews, and Skills for Test Case Generation

I believe AI will be another service like the internet or a cell phone, and it's important to use it correctly by adding the right context, being aware of token usage, and following your own process. For this reason some months ago I finished different courses about how to use Claude: A course with Ivan Davidov and a small contribution from Debbie O'Brien, on setting up agents with Playwright. The anthropic Claude courses I checked the Addy Osmani Agent skills repo and checked his courses on linkedin. And I am taking the Mosh Hamedani course Claude Code for Professional Developers and finished other claude skills course. Also, in one of the jobs, I used skills developed by other QAs. I initially struggled with complex queries and generating API automation test cases due to the complexity of the user stories. But after some feedback from the agents and the user stories were clearer and with more context, like including the legacy stored procedure or checking the PR code, I got better results using the skills with GitHub copilot. It's better to create your own agents with your rules and process. You need a framework with concrete coding rules and conventions, for your test cases. For example, for test cases, I prefer critical user journeys with detailed steps and assertions in bullet points, rather than 10 tests that test a small part of the real user flow. For automation frameworks, I like to follow these rules: Create components such as grid, combo, and calendar instead of helpers with that functions. All elements on the page object model class only contains the elements with the components and general functions. On spec file I access the elements of the component like loginPage.loginButton.click() instead of create a LoginClick on the Page class. For the selectors I prefer getByRole because I think it is better for accessibility, and the user sees buttons and text instead of complex xPaths or data-test-ids. Add assertions that I can reuse in several tests on the pa

abigail armijo 2026-07-13 23:52 5 原文
开发者 Dev.to

How I shipped structured JSON logging + Prometheus metrics with zero new dependencies

How I shipped structured JSON logging + Prometheus metrics with zero new dependencies I almost added structlog and prometheus_client to my pyproject.toml . Then I read what they actually do. Both libraries are excellent. structlog is the right call when you have a 30-engineer team shipping 50 services. prometheus_client is the right call when you have five teams of consumers scraping different metrics. For a single-author Python project with one process and one user, both are over-engineered. The 80 lines of code I would have pulled in, I can write in 200. The result: zero new runtime dependencies, full control over the output, and a smaller pip install footprint for every user. Here is what I did instead. The minimum useful observability surface A small Python service needs four things, in order of importance: Every log line is one JSON object. (No parsing for downstream tools.) Every request has a trace id. Every log line in that request carries the same trace id. (So you can grep by id and see the whole story.) Every log line goes to stderr. (So journald , Docker, and kubectl logs all see it without any extra configuration.) Every metric is exposed in Prometheus text format at a stable URL. structlog gives you #1, #2, #3 with a lot of flexibility. prometheus_client gives you #4 with a lot of flexibility. Both are about 16 MB of transitive dependencies combined. For a service that runs in a single process and exports maybe 20 metric names, the libraries are doing more work than the project. The 80-line JsonFormatter The custom logging formatter is the simplest part. The whole thing is here: import json import logging from contextvars import ContextVar from datetime import datetime , timezone _trace_id_var : ContextVar [ str | None ] = ContextVar ( " trace_id " , default = None ) class JsonFormatter ( logging . Formatter ): def format ( self , record : logging . LogRecord ) -> str : payload = { " ts " : datetime . now ( tz = timezone . utc ). isoformat (), " level

aidless 2026-07-13 23:50 6 原文
AI 资讯 Dev.to

Complete AI Agent Lockdown: 21 Policy Types for Maximum Security

Complete AI Agent Lockdown: 21 Policy Types for Maximum Security Giving an AI agent a wallet without guardrails is like giving a toddler a credit card — technically functional, potentially catastrophic. If you're building AI agents that interact with crypto wallets, the security model you choose isn't an afterthought. It's the difference between a useful autonomous system and one that drains your funds on a bad inference. This post is about exactly how WAIaaS handles that problem. Not vague promises about "enterprise-grade security" — specific mechanisms, specific policy types, and specific code you can run today. The Actual Risk Model Let's be honest about what can go wrong when you give an AI agent wallet access: The agent misinterprets a prompt and sends funds to the wrong address A compromised session token gets used by an attacker The agent executes a DeFi action with parameters outside your intended range Gas fees spike and the agent submits transactions at costs you'd never accept manually The agent approves an unlimited token allowance to a contract you didn't vet None of these require a malicious agent. They can all happen with a well-intentioned model operating outside the boundaries you forgot to define. The solution isn't to avoid giving agents wallet access — it's to define exactly what they're allowed to do, and nothing more. WAIaaS approaches this with three distinct security layers, a default-deny policy engine with 21 policy types across 4 security tiers, and multiple channels for human approval when transactions exceed your defined thresholds. Layer 1: Authentication — Three Separate Keys for Three Separate Roles The first layer is role separation. WAIaaS uses three authentication methods that map to three distinct principals: masterAuth (Argon2id) — The system administrator role. Creates wallets, manages sessions, configures policies. This credential never touches the agent. sessionAuth (JWT HS256) — The AI agent's credential. Scoped to a specific

Wallet Guy 2026-07-13 23:49 5 原文
AI 资讯 Dev.to

Real-Time AI Observability: Dashboards That Show Actual Database Rows

Real-Time AI Observability: Dashboards That Show Actual Database Rows Discover how TormentNexus shatters the status quo by rendering real SQLite rows in your agent monitoring dashboards—no mock data, no synthetic graphs. Learn why live database visibility is the cornerstone of effective debugging AI workflows and how our real-time dashboard exposes every query, state, and anomaly as it happens. Why Mock Data Undermines Debugging AI Every developer has experienced the disconnect: a polished dashboard displays smooth latency curves and flawless agent trajectories, yet the underlying system is silently generating corrupted embeddings or leaking PII into production logs. Traditional observability platforms—Datadog, Grafana, New Relic—aggregate metrics into averages, percentiles, and precomputed time series. They intentionally discard raw row-level data to conserve storage and processing. This works fine for server uptime or HTTP status codes, but for AI agent monitoring, it’s a catastrophic abstraction. Consider a LangGraph agent processing user queries against a SQLite knowledge base. A mock-data dashboard would show "3,200 rows processed per minute" and "95% query success rate." But what if 12% of those "successful" queries return stale or hallucinated responses because a background thread silently reindexed tables without updating vector hashes? With aggregate metrics alone, you’d never know. You’d see a green status indicator while your AI feeds garbage to users. That’s the reality of debugging AI without raw row visibility. TormentNexus solves this by exposing every INSERT, UPDATE, and DELETE that occurs within your SQLite databases—in real time. Our real-time dashboard doesn’t poll for snapshots. It streams row-level mutations directly from WAL (Write-Ahead Log) files, giving you the exact data your agents are producing, not a statistically smoothed version. How TormentNexus Streams Live Database Rows Under the hood, TormentNexus leverages SQLite’s built-in replic

Robert Pelloni 2026-07-13 23:48 6 原文
AI 资讯 Dev.to

MCP Protocol Deep-Dive: How Tool Discovery Actually Works Under the Hood

MCP Protocol Deep-Dive: How Tool Discovery Actually Works Under the Hood Uncover the mechanics of Model Context Protocol (MCP) tool discovery—from JSON-RPC handshake to progressive injection. A technical walkthrough of capability negotiation and dynamic endpoint enumeration with real code examples and traffic flow analysis. The Handshake That Sets the Stage: JSON-RPC Initiation Tool discovery in MCP doesn't start with a simple “list tools” call. It begins with a structured JSON-RPC 2.0 handshake that negotiates protocol version, transport layer, and supported extensions. The client (e.g., an agent or IDE) sends an initialize request with its capabilities object, including fields like supportsToolDiscovery and maxToolCount . The server responds with its own capabilities, and only after this mutual agreement does the real enumeration begin. Real-world implementations—like those in the official MCP SDKs—use a ClientCapabilities struct that flags whether the client can handle dynamic tool lists, streaming updates, or batch discovery. For instance, a lightweight edge agent might set supportsToolDiscovery: false , forcing the server to pre-bundle tools into the initial handshake, while a full-featured IDE sends supportsToolDiscovery: true with a maxToolCount: 50 to throttle large tool registries. // Example initialize request (client → server) { "jsonrpc": "2.0", "id": 1, "method": "initialize", "params": { "protocolVersion": "2024-11-05", "capabilities": { "supportsToolDiscovery": true, "maxToolCount": 50, "supportsStreaming": false } } } The server responds with its own capabilities—advertising tool discovery endpoints, supported JSON-RPC methods, and any custom extensions. This two-way handshake ensures both sides speak the same dialect before a single tool name is exchanged. Tool Enumeration: Beyond the “listTools” Metho Once handshaken, the client issues a tools/list call—but the real depth lies in pagination and chunking. A production MCP server with hundreds of too

Robert Pelloni 2026-07-13 23:47 6 原文
AI 资讯 Dev.to

Beyond Synchronous Hell: Why Your Multi-Agent System Needs an Event-Driven Backbone

Beyond Synchronous Hell: Why Your Multi-Agent System Needs an Event-Driven Backbone Explore how event-driven architecture (EDA) transforms multi-agent coordination. Learn to build a Pub/Sub backbone where Planner, Implementer, and Critic agents stay synchronized without blocking—using the Swarm event bus for async AI patterns in production. The Synchronization Crisis in Multi-Agent Systems Every developer who has scaled a multi-agent system beyond two agents has hit the same wall: synchronous calls create deadlocks, timeouts, and cascading failures. Imagine a Planner agent dispatching tasks to five Implementer agents while a Critic agent evaluates output in parallel. In a naive request-response system, the Planner blocks until every Implementer returns—and the Critic can't even start until the Planner finishes its orchestration loop. Latency compounds, memory pressure spikes, and a single slow agent halts the entire pipeline. In production benchmarks at TormentNexus, we observed that synchronous coordination between just three agents increased end-to-end latency by 340% compared to an event-driven equivalent. The root cause? The Planner spent 78% of its time waiting on I/O—listening for responses instead of doing actual work. This is where event-driven AI (EDA) becomes not just an optimization, but a necessity. The Pub/Sub Pattern: Decoupling Agents with an Event Bus Event-driven architecture inverts the control flow. Instead of one agent calling another, agents publish events onto a shared bus (the Swarm event bus) and subscribe to the events they care about. The Planner doesn't wait—it emits a "TaskAssigned" event and immediately moves on to the next task. Implementer agents pick up tasks asynchronously, and the Critic monitors a "TaskCompleted" stream without ever polling the Planner. // Example: Swarm event bus subscription for a Critic agent const eventBus = new SwarmEventBus(); eventBus.subscribe('TaskCompleted', async (event) => { const { taskId, implementati

Robert Pelloni 2026-07-13 23:45 4 原文
开发者 Dev.to

Commerce And Secrets Without An IAP Tax

Commerce is the easiest feature in this release to misunderstand, so the first sentence has to be blunt: What is Codename One? Codename One is an open-source framework for building native iOS, Android, desktop, and web apps from a single Java or Kotlin codebase. Learn more at codenameone.com . Commerce does not replace IAP and never will. Purchases still go through Apple, Google, or the payment processor you chose. Codename One does not process the payment, does not touch the money, and does not take a percentage. PR #5300 adds infrastructure around the annoying backend work that comes after a purchase: validation, entitlement checks, subscription lifecycle, webhooks, and reporting. That backend work is real. Anyone who has shipped subscriptions knows the trap. Buying a SKU is not the same as knowing whether the user has the right to a feature right now. Renewals, grace periods, refunds, billing retry, product changes, trials, family sharing and store server notifications all show up later. The device has one view. The store has another. Your backend usually needs a third. Commerce is the optional service that turns that mess into an entitlement. Entitlements Instead Of SKU Branches Your app should not need to know every SKU that grants pro . It should ask for pro . CommerceManager cm = CommerceManager . getInstance (); cm . setAppUserId ( accountId ); if ( cm . isEntitled ( "pro" )) { unlockProFeatures (); } Purchases are still delegated to the existing Purchase API: cm . subscribe ( "pro_monthly" ); // or cm . purchase ( "remove_ads" ); After a purchase, or when the app starts, refresh off the EDT: new Thread (() -> { CommerceManager cm = CommerceManager . getInstance (); cm . refresh (); CN . callSerially (() -> { if ( cm . isEntitled ( "pro" )) { unlockProFeatures (); } }); }). start (); refresh() validates the current receipts with the cloud when the build has a build_key and commerce is enabled. In a local build or simulator, it safely falls back to the normal

Shai Almog 2026-07-13 23:39 6 原文
AI 资讯 Dev.to

Skip LinkedIn/Indeed: most companies' job boards have a public JSON API

If you've ever tried to pull job listings by scraping LinkedIn or Indeed, you know the pain: anti-bot systems, CAPTCHAs, rotating proxies, and scripts that silently break every few weeks. Here's the thing — you usually don't need any of that. Companies don't post jobs on LinkedIn first. They post them in their ATS (Applicant Tracking System) — Greenhouse, Lever, Ashby, Workday, etc. — and most ATS platforms expose the company's board as a public JSON endpoint . No key, no login, no browser. It's the company's own source of truth, so it's cleaner and fresher than any aggregator. The endpoints A few that work with a plain GET ( {company} = the company's slug): Greenhouse — https://boards-api.greenhouse.io/v1/boards/{company}/jobs?content=true Lever — https://api.lever.co/v0/postings/{company}?mode=json Recruitee — https://{company}.recruitee.com/api/offers/ Breezy HR — https://{company}.breezy.hr/json SmartRecruiters, Ashby, BambooHR and Personio have their own equivalents. Workday is the one annoying exception — it's a POST and needs the full board URL (tenant + datacenter + site), so you can't guess it from a bare company name. Example: pulling Stripe's open roles (Python) Stripe uses Greenhouse: import requests company = " stripe " url = f " https://boards-api.greenhouse.io/v1/boards/ { company } /jobs?content=true " jobs = requests . get ( url ). json ()[ " jobs " ] for j in jobs [: 5 ]: print ( j [ " title " ], " — " , j [ " location " ][ " name " ]) That's it. No Selenium, no proxy, no CAPTCHA solver. Runs in ~200ms and won't break next Tuesday because Cloudflare changed something. Auto-detecting the ATS If you don't know which ATS a company uses, just try them in order and take the first one that returns jobs. A bare 404 means "not this ATS, try the next." Greenhouse → Lever → Ashby → SmartRecruiters → Recruitee → Breezy covers a huge chunk of tech companies. Gotchas Rate limits are lenient but real — be polite, set a User-Agent . Descriptions : Greenhouse/Leve

Noble Ronin 2026-07-13 23:33 3 原文