AI 资讯
Designing an Async Image API Client That Does Not Lie About Completion
Image generation is where a seemingly simple API client starts to accumulate production bugs. A request may finish inline for one model, return a task for another, or take a longer path when the input includes edits and uploaded files. Treating every successful HTTP response as a completed image is the fastest way to ship broken retry logic and incorrect user-facing status. This post adapts the TokenLab article TokenLab Async Image Generation Tasks for Production Apps . The canonical article contains the full implementation discussion; this version focuses on the contract decisions that matter when building an integration. The response is a delivery decision, not just a payload An image endpoint can return either a completed representation or an asynchronous task. The client should inspect the response envelope and normalize the delivery mode before it touches application state: type Delivery = | { mode : " sync " ; terminal : true } | { mode : " async " ; task_id : string ; status : string ; terminal : false }; The important invariant is that mode and terminal state come from the API contract. Do not infer completion from a missing progress field, a truthy data property, or a fast response time. Progress is useful when present, but it is not the completion signal. Poll by task identity, not by the original request When the server returns an async task, persist the task ID and the provider-neutral status. A worker can then poll the task endpoint with bounded backoff: async function waitForTask ( id : string ) { for ( let attempt = 0 ; attempt < 60 ; attempt += 1 ) { const task = await getTaskStatus ( id ); if ( task . status === " succeeded " ) return task . result ; if ([ " failed " , " cancelled " , " expired " ]. includes ( task . status )) { throw new Error ( `Media task ${ id } ended as ${ task . status } ` ); } await sleep ( Math . min ( 1000 * 2 ** Math . min ( attempt , 5 ), 30 _000 )); } throw new Error ( `Media task ${ id } exceeded the polling budget` );
科技前沿
What is Eclipsa Video, and how does it compare to Dolby Vision and HDR10?
The new format is coming to a device near you -- Here's why it matters.
AI 资讯
Your Background Subagents Can Leak Secrets — Build the Isolation Model
Developers flagged a freshly filed, reproducible issue that should make anyone running background agents pause: Claude Code's background Opus subagents intermittently stall on their first turn and, instead of producing useful work, emit system-prompt fragments — including text shaped like authorization data — as their only output. It's labeled a security issue, it has a reproduction, and it's open. That's enough to treat it as a real, if intermittent, class of failure. Here's the mental model that matters: a subagent is not a trusted subprocess. It's an autonomous loop with access to a context window, a toolset, and — too often — the same credentials as its parent. When that loop stalls and dumps its prompt instead of its result, anything that was in context is now in output. Authorization-shaped text leaking is the canary: if the prompt carried a token, a session string, or an internal endpoint, that's what surfaces. The fix is structural, not reactive. Three rules: 1. Scope credentials per subagent, not per session. A background agent that only needs to read a repo shouldn't hold deploy keys. Hand it the narrowest token that completes its task and revoke it when the task ends. If the tooling can't scope credentials, that's a gap to close before you scale subagents. 2. Treat subagent output as untrusted. Anything a subagent returns — including error text, logs, and especially "stalled" dumps — should be parsed and sanitized before it touches shared state. Don't pipe raw subagent output into a context that feeds other agents or into any log that leaves your machine. 3. Separate the system prompt from the working context. The leak happened because authorization-shaped content sat in the same window the subagent could echo. Keep credentials and internal routing data out of the prompt that a stalled loop might surface. Put them in a side channel the model can call, not text it can print. The deeper lesson is about failure modes, not one bug. Most agent setups assume th
AI 资讯
Tencent's Hy3 Coding AI Puts Input Tokens at $0.14 Per Million
The feed showed a new entrant worth watching: Tencent has launched Hy3, a coding-focused AI model, with input tokens priced at $0.14 per million. For developers who live in the terminal running coding agents, that price point lands well below the per-token rates most frontier models charge, and it puts a major lab's coding model into the "cheap enough to leave running" category. What makes this interesting isn't just the number — it's the positioning. Hy3 is being pitched specifically as a coding AI, not a general chatbot, which suggests vendors are starting to carve out developer-facing models with their own pricing tiers rather than forcing coders to pay general-purpose rates. Developers spotted the launch in the daily AI news roundup and immediately started comparing it against the cost of running their existing agents. The catch, as always, is what the headline price doesn't tell you: output token cost, context-window limits, and how the model actually performs on real repository tasks all remain open questions. A low input price is meaningless if output is expensive or if the model needs five retries to get a diff right. Still, a credible cheap coding model from a major player is exactly the kind of pressure that nudges the whole category toward per-token transparency. If nothing else, it gives every other vendor a new number to justify theirs against.
AI 资讯
OpenAI's head of safety is reportedly leaving as part of company reorganization
The role will be replaced by an executive in charge of both research and safety teams.
AI 资讯
Learning Xahau: HookOnV2, NamedHooks, and Transaction Simulation. More Control Over When and How Hooks Fire.
Welcome to Learning Xahau, a series of articles dedicated to helping developers, builders, and blockchain enthusiasts better understand the Xahau ecosystem. Whether you're just getting started or already building advanced applications, these posts will explore Xahau's features, architecture, and best practices through practical examples and real-world use cases. If you've been building with Hooks on Xahau, you know the basic loop: write a C program, compile it to WebAssembly, install it on an account, and it fires automatically when that account is involved in a transaction. Simple and powerful, but until the 2026.6.21 major release, there were some friction points that made real-world hook architectures more complicated than they needed to be. This release ships three improvements that directly address those friction points: HookOnV2 : split the single HookOn bitmask into separate HookOnIncoming and HookOnOutgoing controls NamedHooks : assign a human-readable name to each hook slot, so senders can choose which hook to activate Simulate RPC : preview a transaction including all hook executions without spending fees or changing ledger state None of these require rewriting your hook logic. They are configuration and tooling improvements at the SetHook and transaction level. But they fundamentally change what you can build cleanly. All code in this article targets the Xahau Testnet ( wss://xahau-test.net ) and requires xahau.js 4.1.1 or later. Clone the companion repository: git clone https://github.com/Ekiserrepe/learningxahau20260621.git cd learningxahau20260621 npm install Copy .env.example to .env and fill in the seeds used across these examples: cp .env.example .env HUB_SEED = # account that installs the directional hook (07, 08, 09) NAMED_HUB_SEED= # account that installs and owns the named hooks (10, 11, 13, 14) SENDER_SEED = # account that sends payments targeting a named hook (12, 14) All accounts need testnet funds from the Xahau Testnet Faucet . HookOnV2: Di
AI 资讯
How to Add Evals to an LLM Feature
Learning how to add evals to an LLM feature is the difference between shipping a demo and shipping a reliable product. When you embed an LLM into a real feature — a chatbot, a voice agent, a document summarizer — you’re not just calling a model. You’re betting your user’s experience on a non‑deterministic system that can silently break with every prompt tweak, model update, or edge case. That’s why we instrument every LLM feature we build with a purpose‑built eval suite. Here’s how we did it for an outbound AI calling agent and how you can do the same. Why Evals Are Not Optional LLMs are non‑deterministic: give them the same input twice, and you’ll get two different responses. That means unit tests that check for exact string matches are useless. As Pragmatic Engineer notes , you need evals to verify that the solution works well enough — because there’s no guarantee it will. When you’re building a feature that speaks to real customers, like the AI Calling Agent dashboard we built, a regression in tone or missed booking intent can cost revenue immediately. Evals turn that uncertainty into signal. How to Add Evals to an LLM Feature: A 4‑Step Workflow We’ll walk through the exact process we followed, from defining success to automating checks in CI, using the DeepEval framework as an example. You can swap in Evidently AI or build your own, but the pattern is the same. Step 1: Define Success for Your Feature Takeaway: Before you pick a metric, write down the one thing that makes the feature “done” — usually a business outcome, not a technical measure. For the AI Calling Agent, the core feature was an outbound call that books a meeting. The success criterion wasn’t “the LLM replied politely.” It was “the agent scheduled a meeting with the right time and date.” This is a reference‑based evaluation: you compare the output to a known ground truth. Evidently AI’s guide calls this pattern out as essential for regression testing and experimentation. From that criterion, we der
AI 资讯
From Passwords to Private Keys: Understanding Identity on Solana
When I first started learning Solana, one of the biggest questions I had was: "If there are no usernames or passwords, how does the blockchain know who I am?" As a Web2 developer, I was used to creating accounts with an email address, choosing a password, and relying on a company to manage my identity. After spending several days learning Solana, I realized blockchain approaches identity in a completely different way. Identity in Web2 Think about all the accounts you have today. GitHub Gmail Facebook LinkedIn Your bank Every service asks you to create another account. Each company stores your username and password in its own database. Your identity exists because they say it exists. If they suspend your account or delete it, your access disappears. In other words, your identity is owned by the platform. Identity on Solana On Solana there are no usernames. There are no passwords. There isn't even an account registration page. Instead, your identity begins with one thing: A cryptographic keypair. A keypair consists of: A Public Key A Private Key When I generated my first wallet using the Solana CLI, I immediately had a new blockchain identity. For example: Public Key: AxfVXDX7jsCw7vSnwut9hA7oX4UykE3ZeiNF6cxCKvpf This public key becomes my wallet address. Anyone can send tokens to it. Anyone can view its transactions. But nobody can spend funds from it. Why? Because only I possess the private key. Think of SSH Keys The easiest comparison for Web2 developers is SSH. When connecting to a Linux server: the server knows your public key you prove ownership using your private key Solana works almost exactly the same way. Except instead of logging into one server... you're interacting with an entire blockchain. Every transaction I make is digitally signed using my private key. Validators verify the signature before accepting the transaction. No password is ever transmitted. No administrator approves my login. The mathematics prove my identity. Why Wallets Matter One thing I f
AI 资讯
737x faster LangGraph checkpoints, and the case where Rust lost
Run a LangGraph agent long enough and the model call stops being your bottleneck. The plumbing takes over. Every step, the graph serializes its state to a checkpoint so you can resume, replay, or recover. LangGraph does that with Python's deepcopy . For a small dict that is fine. For a 250KB agent state with nested messages, tool outputs, and accumulated context, deepcopy is brutally slow, and you pay it on every single step of a long run. So I built fast-langgraph : a set of Rust accelerators for the hot paths in LangGraph, packaged as drop-in components that keep full API compatibility. Lead with the numbers, including the ones that hurt Here is what the Rust paths actually buy you, measured against the Python equivalents: Operation Speedup Where Complex checkpoint (250KB) 737x faster than deepcopy Large agent state Complex checkpoint (35KB) 178x faster Medium state Sustained state updates 13-46x Long-running graphs, many steps LLM response caching 10x at 90% hit rate Repeated prompts, RAG End-to-end graph execution 2-3x Production workloads with checkpointing And the automatic mode, the one that needs zero code changes, lands around 2.8x for a typical invocation. Now the honest part. These are not "Rust is faster at everything" numbers. The checkpoint speedup scales with state size. It is a serialization story. For a small, flat dict, Python's built-in dict is implemented in C and already fast. Rust does not win there, and the README says so plainly. The 737x is a large complex-state number, not a headline you get on a toy graph. The core idea: reimplement the critical paths, keep the API LangGraph is good. I did not want to fork it or replace it. I wanted to swap out the three operations that dominate a real workload: Checkpoint serialization. deepcopy on complex nested state is the single biggest cost in a long run. Rust does a structured serialize instead. State management at scale. High-frequency updates accumulate overhead. A Rust merge path handles append-h
AI 资讯
FL Studio head Constantin Koehncke turns to Reddit for feedback and fun
If you're a music maker of a certain age, then you probably once dabbled with a pirated copy of a little app called Fruity Loops. These days it's called FL Studio, and Constantin Koehncke, is the man responsible for shepherding the pioneering digital audio workstation (DAW) through the modern age. As CEO of Image Line, […]
AI 资讯
OpenAI bets on families as ChatGPT goes deeper into households
ChatGPT is hiring a dedicated product manager to build experiences for families, caregivers, and older adults, according to a job posting.
AI 资讯
The Ultimate Claude Masterclass: 13 Power Features Changing the AI Game
The Ultimate Claude Masterclass: 13 Power Features Changing the AI Game Artificial Intelligence is no longer just about asking questions and getting text answers. Anthropic’s Claude has evolved from a simple chatbot into a fully autonomous, visual, and connected AI ecosystem. If you are still using it just to draft emails, you are barely scratching the surface. Whether you are a developer, content creator, or business professional, here is your definitive guide to the 13 powerhouse features of Claude, packed with practical examples, formatted specifically for Dev.to. 🧩 Part 1: Smart Onboarding & Personalization 1. Introduction to Claude Claude stands out in the crowded AI landscape because of its advanced reasoning, high emotional intelligence, and natural, human-like writing style. From parsing complex codebases to writing creative narratives, Claude feels less like a machine and more like a brilliant colleague. 2. Import Memory From ChatGPT To Claude Switching platforms shouldn't mean losing your progress. With this feature, you can instantly migrate your entire persona, past context, and custom instructions from ChatGPT straight into Claude with a single click. Example: If ChatGPT already knows your coding style or specific brand rules, importing it means Claude hits the ground running without you having to re-explain everything. 3. Add User Preferences Tired of typing "Act as a Senior Developer" or "Keep it casual" in every single prompt? User Preferences lets you set permanent system-level instructions that Claude remembers across all new conversations. Example: You can set a preference like: I manage a technology brand. Always keep explanations direct, modular, and optimized for scalability. 🎨 Part 2: Visuals, Coding & Apps 4. Create Apps & Artifacts Using Claude For Free Claude’s Artifacts feature opens a dedicated, interactive window right next to your chat. When you ask Claude to write code, a webpage, or a game, it doesn't just show you lines of text—it re
AI 资讯
How to Thrive (Not Just Survive) as a Developer in the Age of AI
The narrative around Artificial Intelligence and software engineering has shifted dramatically. We are no longer asking if AI will change development, but rather how we change with it. If your value as a developer is tied solely to how fast you can churn out boilerplate code, write standard API endpoints, or memorize syntax, the landscape is becoming challenging. AI can do those things in seconds. However, this isn't a death sentence for the engineering career—it is an evolution. The industry is moving away from pure "code generation" and shifting toward system architecture, integration, and governance. To remain indispensable, you need to know exactly where to direct your energy and what pitfalls to avoid. Where to Focus Your Energy To stay relevant, you must position yourself in the areas where AI struggles: high-level abstraction, complex contextual reasoning, and human leadership. 1. System Design and Enterprise Architecture AI is excellent at writing isolated functions, but it struggles with massive, interconnected systems. Focus on how components interact at scale. Understanding how to slice a monolithic application into resilient microservices, orchestrate microfrontends, or design cloud-native solutions is where the high-value work lies. 2. Code Governance and Quality Assurance With AI generating code at unprecedented speeds, codebases are expanding faster than ever. The world doesn't just need people who can create code; it needs gatekeepers who can validate it. Your role will increasingly focus on setting quality standards, establishing robust CI/CD pipelines, and ensuring that AI-generated code adheres to strict security, compliance, and performance metrics. 3. Mentorship and Team Leadership The influx of AI tools means junior engineers can produce code much earlier in their careers, but they often lack the foundational experience to spot subtle architectural flaws or security vulnerabilities. Senior developers must step up as leaders, guiding less experi
AI 资讯
How to Prove a Prediction Was Made Before the Event (with OpenTimestamps)
Everyone who has ever been right about something loud enough to remember it will tell you they called it. The screenshot arrives after the match, after the candle, after the election. And there is no way to know whether it was written on Monday or edited on Friday. This is the quiet rot at the center of most "track records": a prediction you cannot date is not a prediction at all. It is a memory with good lighting. The technical name for the problem is look-ahead . If a forecast can be created, tweaked, or cherry-picked after the outcome is known, then it carries zero information about skill. The only fix is to make the timing of a prediction independently checkable вАФ to prove a document existed in a specific form before a specific moment, without asking anyone to trust you, your server clock, or your database. That is precisely what OpenTimestamps does, using the Bitcoin blockchain as a shared, tamper-evident clock. Why timing is the whole game A forecast is a bet against the future. Its value comes entirely from the fact that the future was unknown when the forecast was fixed. The instant you allow post-hoc editing, every desirable property collapses: calibration becomes meaningless, Brier scores become fiction, and "I predicted this" becomes unfalsifiable. So an honest forecasting system needs one hard guarantee before anything else: this exact text existed at this exact time, and has not changed since. Note what that guarantee does not require. It does not require publishing the forecast publicly in advance (you might want it sealed). It does not require a notary, a lawyer, or a trusted timestamping company that could be subpoenaed, hacked, or simply go out of business. It requires a clock that nobody controls and nobody can wind backward. What "proof of existence" actually means The building block is a cryptographic hash вАФ typically SHA-256. Feed any file into it and you get a 64-character fingerprint. Change a single comma and the fingerprint changes compl
AI 资讯
The IPv6 email mirage: 55.2% of MX "support" it, but two companies carry the entire story
By the team at MailTester Ninja — a real-time email verification API that stores nothing. Everyone says "IPv6 is here." For the web, mostly true. For email , it is a mirage. We resolved the MX records of 50,000 of the most-linked domains and checked whether any of their mail servers publish an AAAA record, meaning they can actually receive over IPv6. No sending, no personal data, just DNS. 55.2% of mail-enabled domains have at least one IPv6-capable MX. That sounds healthy. It is not, because two companies carry almost the whole number: Email provider IPv6 MX Other / self-hosted ██░░░░░░░░ 18.4% Google Workspace / Gmail ██████████ 100% Microsoft 365 / Outlook █████████░ 91.3% Proofpoint ░░░░░░░░░░ 0.6% Mimecast ░░░░░░░░░░ 0% Tencent QQ ░░░░░░░░░░ 4.2% Namecheap ░░░░░░░░░░ 0.2% Cisco IronPort ░░░░░░░░░░ 4.5% Zoho ░░░░░░░░░░ 0% Barracuda ░░░░░░░░░░ 0% Google ( 100% ) and Microsoft ( 91.3% ) run IPv6 on nearly every inbox. Remove those two, the providers that already anchor most of the world's mail, and IPv6 email adoption falls from 55.2% to 12.9% . The enterprise security gateways that gate corporate mail, such as Proofpoint, Mimecast and Barracuda, are effectively not on IPv6 at all. Why it matters for deliverability. IPv6-only sending is a dead end. It reaches Gmail and Outlook and little else. Dual-stack is not optional. IPv4 is still the backbone of email, and that is where blocklists, FCrDNS and IP reputation are mature. The takeaway: IPv6 email is not adopted. Google and Microsoft adopted it for you. Plan your sending for an IPv4 world with two big IPv6 exceptions. Check any domain yourself — our free deliverability analyzer shows a domain's MX / SPF / DMARC in one click (no signup, nothing stored). Need to confirm whether a specific mailbox actually exists and is deliverable? That is exactly what MailTester Ninja's email verifier does in real time — and we store no data. Source: MailTester Ninja's open Email Infrastructure Index — a live DNS scan of 50,000 of
AI 资讯
GDPR retention and erasure for an agent mailbox
Most "AI email" demos never think about deletion. The agent reads, replies, files things away, and the inbox just grows. That's fine in a demo. It is a problem the first time a real person emails your agent, because the moment that mailbox holds someone else's name, address, order history, or support complaint, you've taken on a data-protection obligation — and "we kept everything forever" is not a defensible retention policy. An Agent Account on Nylas accumulates personal data you have to be able to purge. It's a mailbox the agent owns — support@yourcompany.com answering to a model instead of a human — and every inbound message lands in it. Under GDPR that data needs two things you can prove: a retention window so it doesn't live forever, and an erasure path so you can delete a specific person's mail when they ask. This post builds both, with the curl and the CLI for each step. A quick, honest caveat before any of it: this is a docs-and-demo walkthrough, not legal advice. The Nylas primitives below cover the mail held in the mailbox . Any derived copy you made — rows in your own database, lines in your application logs, a vector store you embedded the message into — is yours to purge separately. The API can delete the message; it can't reach into your Postgres. Keep that in mind throughout. What the platform gives you Nothing new to learn on the data plane. An Agent Account is just a grant with a grant_id , so everything you already know about Messages and Threads applies directly — listing, reading, and deleting mail run against the same grant-scoped endpoints any other Nylas integration uses. Retention and erasure split cleanly into two layers: Retention is a control-plane setting. It lives on a policy — an application-scoped resource that bundles limits and spam settings — attached to the workspace your Agent Account belongs to. Two fields cap how long mail survives: limit_inbox_retention_period and limit_spam_retention_period . Set them once and Nylas deletes a
AI 资讯
Keep your agent's mail out of spam traps
Spam traps are the failure mode nobody puts in the demo. A bounce is loud — you get a 5.x.x back, your code logs it, you move on. A complaint at least gives you a webhook. A spam trap gives you nothing . The message gets accepted, no error comes back, and somewhere a mailbox provider quietly writes your domain down as a spammer. By the time you notice, your inbox placement has already cratered and you have no single bounce to point at. That's the trap, literally. And it's the one that bites autonomous agents the hardest, because the whole appeal of an agent is that it acts without a human watching every send. Point a model at a list it scraped, let it loop, and it'll happily mail a recycled address that's been a trap for two years. The agent never sees a problem. You only see the aftermath in your deliverability dashboard a week later. I work on the Nylas CLI, so the terminal commands below are the exact ones I reach for when I'm wiring up an Agent Account to not do this. The good news is that an Agent Account is just a grant — a grant_id that works with every grant-scoped endpoint you already know — so there's nothing new to learn on the data plane. The defense is mostly discipline: validate before you send, honor every complaint, and age out the addresses that never wanted to hear from you. What a spam trap actually is, and why it's not a bounce It's worth being precise here, because the three things people lump together behave completely differently. A bounce is a rejected delivery. The receiving server tells you the address is bad, you get a message.bounced event, and you stop. Bounce handling is a solved problem — you listen, you suppress, you're done. A complaint is a recipient hitting "report spam." The mailbox provider relays that back as a feedback loop, and you get a message.complaint event. The address is real and reachable; the human just doesn't want your mail. If you keep mailing them, you're training the provider to filter you. A spam trap is neither.
AI 资讯
Every Sports App Resets Your Streak Eventually. Mine Can't. 🔒⚡
This is a submission for Weekend Challenge: Passion Edition What I Built Loyalty Ledger — a fan loyalty tracker where your check-in streak, badges, and history live on Solana instead of some app's database. Live app: https://loyalty-ledger-blond.vercel.app Here's the problem I kept coming back to. Every sports app wants you to check in, engage, "prove your loyalty" — collect points, build a streak, unlock a badge. Cool. Except every single one of them throws that history away the second you stop opening the app. Switch apps and your streak resets to zero. Get banned, or the app shuts down, or they just quietly decide to wipe inactive accounts one day — and your history is just... gone. Because it was never actually yours. It was a number sitting in someone else's database, and they could reset it, inflate it, or delete it whenever they felt like it. You had zero say in it. And that bugged me way more than it probably should have. Like — we figured out how to make ownership portable for money, for domain names, for digital art. But "I've supported Argentina since 2019" 🇦🇷 still lives and dies inside one company's backend, and nobody's really questioned that. So I kept the weekend scope deliberately small: prove one fan's loyalty to one team, for real, end to end — instead of sketching ten features that are all half-fake. You connect a wallet, pick a sport and team, and check in. FIFA World Cup is the fully working path here ⚽ — that check-in sends an actual transaction that creates or updates a program-owned account, not a row in my database somewhere. Your streak count, your badge tier, the actual badge tokens — none of it exists anywhere I control. Which honestly felt a little weird to build, in a good way. Once that core loop worked, I built the rest of the identity around it: a Fan Passport that shows your streak, a derived "Fan Score," your tier (Rookie → Devoted → Veteran → Legend 🏆), a progress bar toward the next tier, an achievements grid with locked/unlocke
科技前沿
Who needs scalpers when GameStop is marking up Pokémon cards by more than 300 percent?
Is paying a reasonable price for colorful cardboard too much to ask?
产品设计
A tasty RPG that will make you very hungry
Roleplaying games are often defined by excess. Storylines that span dozens of hours, side quests so big they could be their own game, massive worlds that require complex maps to explore, and casts so big you start forgetting character names. That's part of what makes these games feel like epic adventures, but it can also […]