今日已更新 156 条资讯 | 累计 20626 条内容
关于我们

今日精选

HOT

最新资讯

共 20626 篇
第 69/1032 页
AI 资讯 HackerNews

Show HN: HTML, CSS and JavaScript in the Terminal

This is a model I’ve been thinking about lately. It demonstrates a pattern that I’m wondering could exist, where terminal applications, BBS-style shared user boards, and other expressions of creativity and sharing are created with web technologies but rendered into the terminal and accessed over SSH. I like that this brings back some kind of old days of the internet feeling and uses web technologies but sidesteps the public World Wide Web, even though it’s still on the internet. You can try it o

keepamovin 2026-07-13 23:52 2 原文
AI 资讯 Dev.to

How I Set Up Claude Code as My Testing Toolkit: Issue Fixes, PR Reviews, and Skills for Test Case Generation

I believe AI will be another service like the internet or a cell phone, and it's important to use it correctly by adding the right context, being aware of token usage, and following your own process. For this reason some months ago I finished different courses about how to use Claude: A course with Ivan Davidov and a small contribution from Debbie O'Brien, on setting up agents with Playwright. The anthropic Claude courses I checked the Addy Osmani Agent skills repo and checked his courses on linkedin. And I am taking the Mosh Hamedani course Claude Code for Professional Developers and finished other claude skills course. Also, in one of the jobs, I used skills developed by other QAs. I initially struggled with complex queries and generating API automation test cases due to the complexity of the user stories. But after some feedback from the agents and the user stories were clearer and with more context, like including the legacy stored procedure or checking the PR code, I got better results using the skills with GitHub copilot. It's better to create your own agents with your rules and process. You need a framework with concrete coding rules and conventions, for your test cases. For example, for test cases, I prefer critical user journeys with detailed steps and assertions in bullet points, rather than 10 tests that test a small part of the real user flow. For automation frameworks, I like to follow these rules: Create components such as grid, combo, and calendar instead of helpers with that functions. All elements on the page object model class only contains the elements with the components and general functions. On spec file I access the elements of the component like loginPage.loginButton.click() instead of create a LoginClick on the Page class. For the selectors I prefer getByRole because I think it is better for accessibility, and the user sees buttons and text instead of complex xPaths or data-test-ids. Add assertions that I can reuse in several tests on the pa

abigail armijo 2026-07-13 23:52 5 原文
开发者 Dev.to

How I shipped structured JSON logging + Prometheus metrics with zero new dependencies

How I shipped structured JSON logging + Prometheus metrics with zero new dependencies I almost added structlog and prometheus_client to my pyproject.toml . Then I read what they actually do. Both libraries are excellent. structlog is the right call when you have a 30-engineer team shipping 50 services. prometheus_client is the right call when you have five teams of consumers scraping different metrics. For a single-author Python project with one process and one user, both are over-engineered. The 80 lines of code I would have pulled in, I can write in 200. The result: zero new runtime dependencies, full control over the output, and a smaller pip install footprint for every user. Here is what I did instead. The minimum useful observability surface A small Python service needs four things, in order of importance: Every log line is one JSON object. (No parsing for downstream tools.) Every request has a trace id. Every log line in that request carries the same trace id. (So you can grep by id and see the whole story.) Every log line goes to stderr. (So journald , Docker, and kubectl logs all see it without any extra configuration.) Every metric is exposed in Prometheus text format at a stable URL. structlog gives you #1, #2, #3 with a lot of flexibility. prometheus_client gives you #4 with a lot of flexibility. Both are about 16 MB of transitive dependencies combined. For a service that runs in a single process and exports maybe 20 metric names, the libraries are doing more work than the project. The 80-line JsonFormatter The custom logging formatter is the simplest part. The whole thing is here: import json import logging from contextvars import ContextVar from datetime import datetime , timezone _trace_id_var : ContextVar [ str | None ] = ContextVar ( " trace_id " , default = None ) class JsonFormatter ( logging . Formatter ): def format ( self , record : logging . LogRecord ) -> str : payload = { " ts " : datetime . now ( tz = timezone . utc ). isoformat (), " level

aidless 2026-07-13 23:50 6 原文
AI 资讯 Dev.to

Complete AI Agent Lockdown: 21 Policy Types for Maximum Security

Complete AI Agent Lockdown: 21 Policy Types for Maximum Security Giving an AI agent a wallet without guardrails is like giving a toddler a credit card — technically functional, potentially catastrophic. If you're building AI agents that interact with crypto wallets, the security model you choose isn't an afterthought. It's the difference between a useful autonomous system and one that drains your funds on a bad inference. This post is about exactly how WAIaaS handles that problem. Not vague promises about "enterprise-grade security" — specific mechanisms, specific policy types, and specific code you can run today. The Actual Risk Model Let's be honest about what can go wrong when you give an AI agent wallet access: The agent misinterprets a prompt and sends funds to the wrong address A compromised session token gets used by an attacker The agent executes a DeFi action with parameters outside your intended range Gas fees spike and the agent submits transactions at costs you'd never accept manually The agent approves an unlimited token allowance to a contract you didn't vet None of these require a malicious agent. They can all happen with a well-intentioned model operating outside the boundaries you forgot to define. The solution isn't to avoid giving agents wallet access — it's to define exactly what they're allowed to do, and nothing more. WAIaaS approaches this with three distinct security layers, a default-deny policy engine with 21 policy types across 4 security tiers, and multiple channels for human approval when transactions exceed your defined thresholds. Layer 1: Authentication — Three Separate Keys for Three Separate Roles The first layer is role separation. WAIaaS uses three authentication methods that map to three distinct principals: masterAuth (Argon2id) — The system administrator role. Creates wallets, manages sessions, configures policies. This credential never touches the agent. sessionAuth (JWT HS256) — The AI agent's credential. Scoped to a specific

Wallet Guy 2026-07-13 23:49 5 原文
AI 资讯 Dev.to

Real-Time AI Observability: Dashboards That Show Actual Database Rows

Real-Time AI Observability: Dashboards That Show Actual Database Rows Discover how TormentNexus shatters the status quo by rendering real SQLite rows in your agent monitoring dashboards—no mock data, no synthetic graphs. Learn why live database visibility is the cornerstone of effective debugging AI workflows and how our real-time dashboard exposes every query, state, and anomaly as it happens. Why Mock Data Undermines Debugging AI Every developer has experienced the disconnect: a polished dashboard displays smooth latency curves and flawless agent trajectories, yet the underlying system is silently generating corrupted embeddings or leaking PII into production logs. Traditional observability platforms—Datadog, Grafana, New Relic—aggregate metrics into averages, percentiles, and precomputed time series. They intentionally discard raw row-level data to conserve storage and processing. This works fine for server uptime or HTTP status codes, but for AI agent monitoring, it’s a catastrophic abstraction. Consider a LangGraph agent processing user queries against a SQLite knowledge base. A mock-data dashboard would show "3,200 rows processed per minute" and "95% query success rate." But what if 12% of those "successful" queries return stale or hallucinated responses because a background thread silently reindexed tables without updating vector hashes? With aggregate metrics alone, you’d never know. You’d see a green status indicator while your AI feeds garbage to users. That’s the reality of debugging AI without raw row visibility. TormentNexus solves this by exposing every INSERT, UPDATE, and DELETE that occurs within your SQLite databases—in real time. Our real-time dashboard doesn’t poll for snapshots. It streams row-level mutations directly from WAL (Write-Ahead Log) files, giving you the exact data your agents are producing, not a statistically smoothed version. How TormentNexus Streams Live Database Rows Under the hood, TormentNexus leverages SQLite’s built-in replic

Robert Pelloni 2026-07-13 23:48 6 原文
AI 资讯 Dev.to

MCP Protocol Deep-Dive: How Tool Discovery Actually Works Under the Hood

MCP Protocol Deep-Dive: How Tool Discovery Actually Works Under the Hood Uncover the mechanics of Model Context Protocol (MCP) tool discovery—from JSON-RPC handshake to progressive injection. A technical walkthrough of capability negotiation and dynamic endpoint enumeration with real code examples and traffic flow analysis. The Handshake That Sets the Stage: JSON-RPC Initiation Tool discovery in MCP doesn't start with a simple “list tools” call. It begins with a structured JSON-RPC 2.0 handshake that negotiates protocol version, transport layer, and supported extensions. The client (e.g., an agent or IDE) sends an initialize request with its capabilities object, including fields like supportsToolDiscovery and maxToolCount . The server responds with its own capabilities, and only after this mutual agreement does the real enumeration begin. Real-world implementations—like those in the official MCP SDKs—use a ClientCapabilities struct that flags whether the client can handle dynamic tool lists, streaming updates, or batch discovery. For instance, a lightweight edge agent might set supportsToolDiscovery: false , forcing the server to pre-bundle tools into the initial handshake, while a full-featured IDE sends supportsToolDiscovery: true with a maxToolCount: 50 to throttle large tool registries. // Example initialize request (client → server) { "jsonrpc": "2.0", "id": 1, "method": "initialize", "params": { "protocolVersion": "2024-11-05", "capabilities": { "supportsToolDiscovery": true, "maxToolCount": 50, "supportsStreaming": false } } } The server responds with its own capabilities—advertising tool discovery endpoints, supported JSON-RPC methods, and any custom extensions. This two-way handshake ensures both sides speak the same dialect before a single tool name is exchanged. Tool Enumeration: Beyond the “listTools” Metho Once handshaken, the client issues a tools/list call—but the real depth lies in pagination and chunking. A production MCP server with hundreds of too

Robert Pelloni 2026-07-13 23:47 6 原文
AI 资讯 Dev.to

Beyond Synchronous Hell: Why Your Multi-Agent System Needs an Event-Driven Backbone

Beyond Synchronous Hell: Why Your Multi-Agent System Needs an Event-Driven Backbone Explore how event-driven architecture (EDA) transforms multi-agent coordination. Learn to build a Pub/Sub backbone where Planner, Implementer, and Critic agents stay synchronized without blocking—using the Swarm event bus for async AI patterns in production. The Synchronization Crisis in Multi-Agent Systems Every developer who has scaled a multi-agent system beyond two agents has hit the same wall: synchronous calls create deadlocks, timeouts, and cascading failures. Imagine a Planner agent dispatching tasks to five Implementer agents while a Critic agent evaluates output in parallel. In a naive request-response system, the Planner blocks until every Implementer returns—and the Critic can't even start until the Planner finishes its orchestration loop. Latency compounds, memory pressure spikes, and a single slow agent halts the entire pipeline. In production benchmarks at TormentNexus, we observed that synchronous coordination between just three agents increased end-to-end latency by 340% compared to an event-driven equivalent. The root cause? The Planner spent 78% of its time waiting on I/O—listening for responses instead of doing actual work. This is where event-driven AI (EDA) becomes not just an optimization, but a necessity. The Pub/Sub Pattern: Decoupling Agents with an Event Bus Event-driven architecture inverts the control flow. Instead of one agent calling another, agents publish events onto a shared bus (the Swarm event bus) and subscribe to the events they care about. The Planner doesn't wait—it emits a "TaskAssigned" event and immediately moves on to the next task. Implementer agents pick up tasks asynchronously, and the Critic monitors a "TaskCompleted" stream without ever polling the Planner. // Example: Swarm event bus subscription for a Critic agent const eventBus = new SwarmEventBus(); eventBus.subscribe('TaskCompleted', async (event) => { const { taskId, implementati

Robert Pelloni 2026-07-13 23:45 4 原文
开发者 Dev.to

Commerce And Secrets Without An IAP Tax

Commerce is the easiest feature in this release to misunderstand, so the first sentence has to be blunt: What is Codename One? Codename One is an open-source framework for building native iOS, Android, desktop, and web apps from a single Java or Kotlin codebase. Learn more at codenameone.com . Commerce does not replace IAP and never will. Purchases still go through Apple, Google, or the payment processor you chose. Codename One does not process the payment, does not touch the money, and does not take a percentage. PR #5300 adds infrastructure around the annoying backend work that comes after a purchase: validation, entitlement checks, subscription lifecycle, webhooks, and reporting. That backend work is real. Anyone who has shipped subscriptions knows the trap. Buying a SKU is not the same as knowing whether the user has the right to a feature right now. Renewals, grace periods, refunds, billing retry, product changes, trials, family sharing and store server notifications all show up later. The device has one view. The store has another. Your backend usually needs a third. Commerce is the optional service that turns that mess into an entitlement. Entitlements Instead Of SKU Branches Your app should not need to know every SKU that grants pro . It should ask for pro . CommerceManager cm = CommerceManager . getInstance (); cm . setAppUserId ( accountId ); if ( cm . isEntitled ( "pro" )) { unlockProFeatures (); } Purchases are still delegated to the existing Purchase API: cm . subscribe ( "pro_monthly" ); // or cm . purchase ( "remove_ads" ); After a purchase, or when the app starts, refresh off the EDT: new Thread (() -> { CommerceManager cm = CommerceManager . getInstance (); cm . refresh (); CN . callSerially (() -> { if ( cm . isEntitled ( "pro" )) { unlockProFeatures (); } }); }). start (); refresh() validates the current receipts with the cloud when the build has a build_key and commerce is enabled. In a local build or simulator, it safely falls back to the normal

Shai Almog 2026-07-13 23:39 6 原文
AI 资讯 Dev.to

Skip LinkedIn/Indeed: most companies' job boards have a public JSON API

If you've ever tried to pull job listings by scraping LinkedIn or Indeed, you know the pain: anti-bot systems, CAPTCHAs, rotating proxies, and scripts that silently break every few weeks. Here's the thing — you usually don't need any of that. Companies don't post jobs on LinkedIn first. They post them in their ATS (Applicant Tracking System) — Greenhouse, Lever, Ashby, Workday, etc. — and most ATS platforms expose the company's board as a public JSON endpoint . No key, no login, no browser. It's the company's own source of truth, so it's cleaner and fresher than any aggregator. The endpoints A few that work with a plain GET ( {company} = the company's slug): Greenhouse — https://boards-api.greenhouse.io/v1/boards/{company}/jobs?content=true Lever — https://api.lever.co/v0/postings/{company}?mode=json Recruitee — https://{company}.recruitee.com/api/offers/ Breezy HR — https://{company}.breezy.hr/json SmartRecruiters, Ashby, BambooHR and Personio have their own equivalents. Workday is the one annoying exception — it's a POST and needs the full board URL (tenant + datacenter + site), so you can't guess it from a bare company name. Example: pulling Stripe's open roles (Python) Stripe uses Greenhouse: import requests company = " stripe " url = f " https://boards-api.greenhouse.io/v1/boards/ { company } /jobs?content=true " jobs = requests . get ( url ). json ()[ " jobs " ] for j in jobs [: 5 ]: print ( j [ " title " ], " — " , j [ " location " ][ " name " ]) That's it. No Selenium, no proxy, no CAPTCHA solver. Runs in ~200ms and won't break next Tuesday because Cloudflare changed something. Auto-detecting the ATS If you don't know which ATS a company uses, just try them in order and take the first one that returns jobs. A bare 404 means "not this ATS, try the next." Greenhouse → Lever → Ashby → SmartRecruiters → Recruitee → Breezy covers a huge chunk of tech companies. Gotchas Rate limits are lenient but real — be polite, set a User-Agent . Descriptions : Greenhouse/Leve

Noble Ronin 2026-07-13 23:33 3 原文
AI 资讯 Dev.to

The Solana Program Security Checklist I Wish I'd Had on Day One

I spent the last two weeks thinking like an attacker. I wrote tests whose only job was to make my own programs fail. I ran a fuzzer across thousands of generated inputs looking for the lamport value nobody would choose by hand. And I rebuilt the missing owner check that was at the center of the $326M Wormhole exploit, in a throwaway program, in a test, so I could watch it work and then watch the one-line fix stop it cold. This checklist is what I would hand to past me on day one of that work. Run it top to bottom before any Anchor program goes to mainnet. Who this is for You are writing Solana programs in Anchor. You understand accounts, PDAs, and CPIs. You have read the Anchor docs. What you do not yet have is a systematic way to check that you have not missed the failure modes that are specific to Solana's runtime, an account model where any account can be passed into any instruction, arithmetic that wraps silently in release builds without protection, and cross-program calls that trust whatever program ID you hand them. This checklist is that systematic check. It is not a substitute for a professional audit on high-value programs. It is the thing you run before you even consider requesting one. The Wormhole anchor Before the list, the story that explains why account validation sits at the top. In February 2022, an attacker drained $326M from the Wormhole bridge. The root cause was a single deprecated function, load_instruction_at — that read a sysvar account's contents without first checking that the account was actually the real instructions sysvar. The attacker passed in a forged account they controlled. The program read it, trusted it, and authorized a mint it should have refused. The fix was a single word: switch to load_instruction_at_checked , which verifies the account's address before reading it. Every item in this checklist traces back to that same principle: never read an account's contents until you have confirmed its identity. The items below are just

Lymah 2026-07-13 23:32 4 原文
AI 资讯 Dev.to

Building an Agentic FinOps Platform — Development Environment Setup, Google Antigravity, MCPs and Skills, and ADK Bootstrapping with Agents CLI

TL;DR — This article is going to be jam-packed with useful information, tips, tricks and hacks for setting up an agentic development in the Google ecosystem. This one isn’t really about the FinOps! Welcome to Part 2 Welcome back, friends! In the first part , I described the purpose of the FinSavant FinOps solution, the motivation for creating it, its overall architecture and tech stack, and how it works. In this part, we’ll use FinSavant as a case study in how to set up a development environment for the purposes of building such an ADK-based agentic solution. Even if you’re not particularly interested in FinSavant itself, I hope you’ll find a bunch of useful information and tips here that will help you build your own agentic solutions more effectively and quickly. We’ll cover: Using Antigravity IDE Overall project workspace structure Setting up agent skills for your coding agent My project’s GEMINI.md (or if you prefer, AGENTS.md ) My documentation approach Setting up MCP servers for your coding agent, such as BigQuery MCP Scaffolding the initial ADK agent using Google Agents CLI and its supporting skill Getting started with a Makefile Sound good? Let’s get cracking! Series Orientation Let’s see where we are in this series. Goals, Architecture, and Tech Stack: Capabilities, project goals, target architecture, technology stack, and design decisions. Development Environment Setup, Google Antigravity, MCPs and Skills, and ADK Bootstrapping with Agents CLI 📍 You are here. Building the ADK Agent and API Designing and Building the UI with Google Stitch and A2UI Deployment with Gemini Enterprise Agent Platform, Agent Runtime, Cloud Run and IAP Automating Deployment with CI/CD and Terraform Agent Observability, Evaluation, and Tuning with Gemini Enterprise Agent Platform Getting Started with Antigravity IDE These days, my favourite coding environment for any significant project is Antigravity IDE. This is Google’s agent-first integrated development environment. You get a lo

Darren "Dazbo" Lester 2026-07-13 23:31 3 原文