今日已更新 63 条资讯 | 累计 20533 条内容
关于我们

标签:#AI

找到 3636 篇相关文章

AI 资讯

用 FROST 五维元模型构建可治理的多 Agent 系统:从零到一的代码教程

用 FROST 五维元模型构建可治理的多 Agent 系统:从零到一的代码教程 作者 :FROST Team 日期 :2026-07-09 主题 :代码教程 | 周四轮换 项目 :FROST + FROST-SOP 前言 2026 年,Agent 框架百花齐放——LangChain、CrewAI、AutoGen 各有各的好。但它们都有一个共同的盲区: 治理能力 。 当你的 Agent 系统从 1 个变成 10 个,从跑 Demo 变成跑生产,你会发现: 谁有权做什么?没有答案 这个决策是谁做的?无法追溯 Agent 越权了怎么办?事后才能发现 FROST(Fractal Runtime of Orchestrated Skills & Tasks)的 五维元模型 就是为解决这些问题而设计的。 今天这篇教程,我们用代码从零构建一个完整的多 Agent 治理系统。 FROST (教学框架)提供理论基础 → Gitee 仓库 FROST-SOP (工程平台)提供工程落地 → Gitee 仓库 一、五维元模型是什么? FROST V4.0 引入了五个核心维度,每个维度解决 Agent 治理的一个关键问题: 维度 模块 解决的问题 类比 武器 Armory Agent 有哪些能力? 武器库清单 任务 TaskRegistry 工作如何编排? 作战计划 事件 EventCatalog 发生了什么? 战场态势 平台 PlatformRegistry 外部资源在哪? 后勤补给 规则 RuleRegistry 什么能做/不能做? 交战规则 五个维度 各自独立又相互咬合 ——就像五角星的五个角,缺一个就不完整。 二、环境搭建 # 克隆 FROST 教学框架 git clone https://gitee.com/liao_liang_7514/frost.git cd frost # 安装依赖 pip install -r requirements.txt # 验证环境 python -m pytest test_core.py -v FROST 的设计哲学是 零外部依赖 ——核心只需要 Python 标准库。五维元模型的模块也遵循这个原则。 三、维度一:Armory(武器注册表) Armory 管理 Agent 所有能力的元数据。不是简单的方法注册,而是带元信息的 能力目录 。 from core.armory import Armory , SkillMetadata # 创建武器库 armory = Armory () # 注册一个技能(带完整元数据) armory . register ( SkillMetadata ( name = " summarize_text " , category = " nlp " , description = " 将长文本压缩为摘要 " , input_schema = { " text " : " string " , " max_length " : " int " }, output_schema = { " summary " : " string " }, cost_estimate = 0.002 , # 每次调用预估成本 latency_ms = 500 , # 预估延迟 tags = [ " summarization " , " compression " ] ) ) armory . register ( SkillMetadata ( name = " search_web " , category = " retrieval " , description = " 联网搜索获取最新信息 " , input_schema = { " query " : " string " , " top_k " : " int " }, output_schema = { " results " : " list[dict] " }, cost_estimate = 0.01 , latency_ms = 2000 , tags = [ " search " , " real-time " ] ) ) # 发现可用技能 nlp_skills = armory . discover ( category = " nlp " ) print ( f " NLP 技能: { [ s . name for s in nlp_skills ] } " ) # 输出: NLP 技能: ['summarize_text'] # 按标签发现 search_skills = armory . discover ( tags = [ " real-time " ]) print ( f " 实时技能: { [ s

2026-07-09 原文 →
AI 资讯

The Hidden Cost of Multi-Model Workflows

The AI race is quietly changing Months ago, most discussions revolved around one question: "Which model is the smartest?" Today, I'm seeing a different pattern. The conversation is shifting toward: How do we orchestrate multiple models, tools, and workflows effectively? Look at where the industry is investing. It's no longer just about improving the model itself. The focus is increasingly on long-running tasks, delegated execution, tool use, coding assistants, planning, memory, and specialized sub-tasks working together. That's not a coincidence. The model is becoming one component of a much larger system. As engineers, we're spending less time debating benchmarks and more time designing the layer around the model: • Context management • Routing requests to the right model • Memory and continuity • Tool orchestration • Verification and evaluation • Recovery and fallback strategies This is why I believe the next competitive advantage won't simply be having access to the "best" LLM. It will be building the best AI Harness—the engineering layer that coordinates models, tools, context, and decision-making into a reliable system. Cloud computing went through a similar evolution. Eventually, the infrastructure became a commodity, while orchestration became the differentiator. I think AI is heading down the same path. In a few years, we may stop asking: "Which model are you using?" and start asking: "What's your orchestration architecture?" I'm curious—are you seeing the same shift in your AI workflows, or do you think model capability will remain the primary differentiator?

2026-07-09 原文 →
AI 资讯

The 10 Most Expensive Software Failures in History — and the One Thing They Share

The biggest losses in software history were, with one deliberate exception, not attacks. They were silent, correlated, self-inflicted — and they teach the exact risk autonomous AI agents are about to make expensive again. At 9:30 in the morning on August 1, 2012, Knight Capital Group was one of the largest trading firms in the United States, executing a sixth of all the volume on the New York Stock Exchange. By 10:15 it was, for practical purposes, finished. In those forty-five minutes a piece of its own trading software (not a hacker's, its own) fired more than four million unwanted orders into the market, accumulating roughly $7 billion in positions the firm never meant to hold and a loss of about $440 million by the time humans understood what their machine was doing. The cause, documented in the SEC's administrative proceeding, was almost insultingly small: a deployment that updated seven of eight servers. The eighth still carried a dormant piece of code called Power Peg, retired years earlier, and the new release reused the old feature flag that woke it up. No one attacked Knight Capital. The market data was accurate, the exchange functioned perfectly, and every system reported itself healthy while the company bled ten million dollars a minute. That shape (no adversary, no alarm, one change propagating everywhere at once) turns out to be the shape of almost every entry on the list below. We've written before about the biggest bug-bounty payouts in history , the ledger of what it costs when someone does attack. This is the other ledger, the bigger one: what software has cost when nobody attacked at all. Every figure below states what it counts, and comes from a primary or authoritative source (inquiry boards, SEC filings, statutory inquiries) linked at the end. The ledger 1. CrowdStrike outage (2024) — roughly $5.4 billion in direct losses to Fortune 500 companies alone (estimate). One faulty content update to the Falcon Sensor security agent blue-screened Windo

2026-07-09 原文 →
AI 资讯

oh-my-agent: Angular support and stateful configuration merges

Shared tool configurations drift when developers run local agents. Adding a new MCP server to a team setup usually fails to reach existing local configurations, leaving developers with outdated toolsets. We resolved this in our latest CLI release by introducing stateful configuration back-filling. The update merges new servers into local environments while preserving custom developer adjustments. What's new Angular stack integration : Added frontend domain detection for angular.json and @angular/* packages in the /stack-set command. The oma-frontend skill now includes angular-rules.md to enforce standalone components, OnPush change detection, and signals. API evolution patterns : Added API lifecycle patterns based on the MAP framework to oma-architecture . This includes Sajaniemi's 11 variable-role taxonomy to guide naming rules in oma-refactor . Windows scheduling updates : The schtasks adapter now maps weekly cron ranges like 1-5 or lists like 1,3,5 directly to Windows task scheduler formats. Model validation : Added vendor validation to the schedule:add command. The CLI now rejects unknown models at registration time rather than failing during execution. Keeping local environments synchronized across diverse OS targets requires strict validation. These fixes ensure configuration changes flow correctly without disrupting developer-specific settings. What's fixed MCP server synchronization : Fixed an issue where SSOT servers added to .agents/mcp.json were only copied if .mcp.json was entirely absent. The CLI now reads the source of truth on every run and merges missing entries. Test execution reliability : Restructured the project root resolution tests to mock the filesystem walk. This isolates test runs from ambient files on CI runners and avoids false failures. Market diversity flags : Corrected the --diversity-threshold flag documentation to reflect that the default threshold is not enforced unless the flag is explicitly set. Cleaning up obsolete protocols reduc

2026-07-09 原文 →
AI 资讯

The Complete Redbelly EligibilitySDK Integration Guide: Widget to Backend to On-Chain

The Redbelly Network EligibilitySDK is the compliance backbone for any dApp that needs to verify user eligibility (KYC, KYB, investor accreditation) before letting a wallet in. The official documentation covers each piece well on its own reference page, but there is no single walkthrough connecting the frontend widget to the backend verifier to the on-chain permission check to a production deployment. This guide is that walkthrough. Everything here was verified against the live documentation at https://docs.redbelly.network/ in July 2026: contract addresses, route names, config fields, issuer DIDs and every error string in the reference section. Every code example was then compiled against the published SDK package (v0.0.31) on React 19 with Vite and on Next.js 16 with the App Router, and the backend verifier was booted and exercised for real. Where the docs and reality diverge (a quickstart repo that is not publicly visible, a credential faucet still under development, three undocumented behaviours the builds surfaced), the guide says so and gives you the workaround. What you will build, in order: A mental model of the two verification mechanisms (and why conflating them costs you a day) A working backend verifier with the three routes the widget demands A plain React integration with full loading and error states A production-grade Next.js App Router setup: secure proxy, SIWE sessions, request gating, and both static and dynamic rendering approaches An end-to-end test run on Redbelly Testnet The decision logic for choosing between the three SDK flows, and the pattern for combining them A complete error reference: every documented error, its cause, and its fix A developer following this guide should have the widget running inside an existing dApp within about four hours. 1. Overview and Architecture What the EligibilitySDK actually is The Redbelly "Onboarding and Eligibility Kit" ( @redbellynetwork/eligibility-sdk ) is a set of React components and hooks for provin

2026-07-09 原文 →
AI 资讯

Crushing 5GB of XML: Building a Blazing Fast Apple Health Parser with Rust and ClickHouse

We’ve all been there. You click "Export Health Data" on your iPhone, wait ten minutes, and receive a massive, bloated export.xml file. If you've tracked your fitness for years, this file can easily exceed 5GB. Try opening that in Python’s ElementTree or even pandas , and your RAM will cry for mercy. This is a classic Data Engineering challenge: transforming high-volume, semi-structured XML into actionable insights without waiting an eternity. In this tutorial, we are going to build a high-performance parser using Rust performance techniques, Rayon for parallelism, and ClickHouse for lightning-fast OLAP queries. By leveraging Rust's zero-cost abstractions, we'll turn a 20-minute Python slog into a sub-30-second sprint. 🚀 The High-Level Architecture Handling 5GB of XML requires a streaming approach. We cannot load the whole file into memory. We will stream the XML, parse segments in parallel, and ship them to ClickHouse using Protocol Buffers for maximum serialization efficiency. graph TD A[Apple Health export.xml] --> B[Streaming XML Reader] B --> C{Chunking Logic} C -->|Batch 1| D[Rayon Worker 1] C -->|Batch 2| E[Rayon Worker 2] C -->|Batch N| F[Rayon Worker N] D & E & F --> G[Protobuf Serialization] G --> H[(ClickHouse DB)] H --> I[Grafana / SQL Insights] Prerequisites To follow along, you'll need: Rust (Stable) Tech Stack : quick-xml (for streaming), serde (serialization), rayon (data parallelism), and clickhouse-rs . A running ClickHouse instance. 1. Defining the Data Schema Apple Health data (specifically Record types) consists of types, dates, and values. Since we want high performance, we'll use Protocol Buffers to define our intermediate format, ensuring minimal overhead when moving data through the pipeline. // Simplified representation of a Health Record use serde ::{ Deserialize , Serialize }; #[derive(Debug, Serialize, Deserialize, Clone)] pub struct HealthRecord { #[serde(rename = "@type" )] pub record_type : String , #[serde(rename = "@startDate" )] pub

2026-07-09 原文 →
AI 资讯

LLM cost optimization for real products

LLM features are cheap to prototype and surprisingly expensive to run at scale. A demo that costs pennies becomes a five-figure monthly bill once real users arrive, because every request pays per token and it's easy to send far more tokens than you need. The good news: most AI bills are bloated, and a handful of tactics reliably cut them without users noticing any drop in quality. Right-size the model per task The most expensive mistake is using your biggest, smartest model for everything. Most work in a product doesn't need it. Route by difficulty: Small, fast models for classification, extraction, routing, and simple rewrites. Frontier models only for genuinely hard reasoning or high-stakes output. Implement a model router : a cheap first pass decides how hard the task is, and only the hard cases escalate to the premium model. This single change often cuts spend dramatically because the long tail of easy requests stops paying frontier prices. Cache aggressively Many requests are repeats or near-repeats. Don't pay twice: Exact-match caching — identical prompts return a stored response instantly and for free. A simple PostgreSQL or Redis lookup keyed on the request works. Prompt caching — most providers let you cache a large, stable prefix (system prompt, retrieved context) so you're only billed full price for the changing part. Semantic caching — for questions that are similar but not identical, match on embeddings and reuse an answer when confidence is high. Trim the tokens You pay for every token in and out, so waste is literal money: Compress prompts. Cut boilerplate, redundant instructions, and bloated few-shot examples. Shorter prompts that keep quality are pure savings. Retrieve less, better. In RAG, don't stuff twenty chunks in when three well-chosen ones answer the question. Re-rank and send only what's needed. Cap output. Ask for concise responses and set a max length; unbounded generations quietly inflate bills. Batch and stream For work that isn't real-t

2026-07-09 原文 →
AI 资讯

I replaced the chat window for my local AI agent with a face

I run a local LLM agent (Hermes) on my own machine. The problem was never the model — it was the interface . I had a Telegram tab open all day just to talk to it: type a command, wait, read a wall of text back, scroll. It felt like texting a very capable stranger. So I built Ghost Vessel — a monitor-resident, video-call-style avatar that fronts the agent. The name is the whole idea: the ghost is your agent, the vessel is the body it borrows. It's not a waifu toy; it's a real agent client that happens to have a face. Here's what actually turned out to be interesting to build. The reply is a script, not a string The core idea is an output contract . Instead of treating the agent's reply as text to print, I split every reply into three planes: dialogue → spoken via local TTS data → code, logs, files → rendered as chat cards, never read aloud action → emotion beats that drive the avatar Emotion beats are inline tags the model emits in-band with its answer: [working] — the avatar puts on glasses and takes notes while a task runs [confirm] deploy to prod? — pops a human-in-the-loop approve/cancel, and the agent blocks on your keypress [happy] / [concerned] / … — fine-grained facial expressions So "run the build, and if it passes, deploy" becomes a little performance : it looks busy while working, shows you the log as a card, then leans in and asks before the irreversible step. The text you'd have skim-read becomes something you glance at. No runtime GPU for the avatar The obvious way to animate a face is live inference. I didn't want that — the GPU is busy running the actual model. Instead the avatar is ~30 pre-rendered clips , and the emotion beats just select and blend between them (blink-aligned seamless idle loops, a head-pose "settle gate" so an expression only reveals when the head is frontal). The avatar's runtime cost is basically video playback. Your GPU stays 100% on your LLM. The tradeoff: no real-time lip-sync. I decided a believable talking mouth loop + expre

2026-07-09 原文 →
开发者

Try out IsItCrashing.com

Hi everyone! I recently launched IsItCrashing.com How often do you deploy a website only to discover later that: ❌ A page is returning a 404 or 500 error ❌ Images or assets aren't loading on some random pages ❌ A route is completely blank ❌ JavaScript crashes are breaking the page ❌ Customers find the problem before you do IsItCrashing.com helps you catch these issues before your users do. Simply enter your website URL, and the tool scans your site to identify: ✅ Broken pages (404/500) ✅ Broken links ✅ Missing assets ✅ Blank pages ✅ JavaScript errors ✅ Website health issues Get a clean, easy-to-read report so you can fix problems quickly and deploy with confidence. Whether you're a developer, QA engineer, agency, or website owner, IsItCrashing.com makes website testing faster and easier. try out here : 🌐 https://isitcrashing.com

2026-07-09 原文 →
AI 资讯

From Prompts to Pipelines: How I Use Agentic Coding as an Engineering Workflow

I am interested in agentic coding for the same reason I care about good engineering process in general: I want work to move forward in a way that is inspectable, repeatable, and resilient once the task gets messy. A lot of AI-assisted coding still feels like improvisation. You ask for something, get a result, adjust the prompt, try again, and hope the useful reasoning is still somewhere in the scrollback. That can work for tiny edits. It gets much less convincing when the task starts touching architecture, tests, review, or pull requests. What I want instead is a workflow where the model helps me think and execute, but inside a structure I can inspect afterwards. I want artifacts, gates, and something I can resume tomorrow without reconstructing the entire mental state from memory. That is why I use po8rewq/agentic-skills . It gives me a practical way to do agentic coding as an engineering workflow rather than as a long sequence of chat turns. A task moves through requirements, architecture, implementation, checks, review, and pull request creation. Each stage leaves something I can read, verify, and challenge. What makes this interesting to me The interesting part is not just that there is a CLI. Plenty of tools have a CLI. What matters to me is that it turns AI-assisted coding into a staged system: requirements force the task to become explicit architecture makes risks visible before code is written implementation happens against a plan instead of against a vague prompt checks and review happen as part of the flow, not as an afterthought runs are resumable, so interruptions do not destroy context That changes the feel of the work quite a bit. Instead of asking "what should I prompt next?", I am usually asking "what stage is this task in, and what should exist before I move on?" Where this really clicked for me was when I noticed I was spending less energy trying to preserve context in my head and more energy evaluating actual outputs. What the repository actually

2026-07-09 原文 →
开发者

Decoding JWT: It's Not Encryption, It's a Signature

Every API request needs to answer: who is this, and are they allowed? Session auth answers it by having the server remember every login. JWT answers it by making the client carry its own proof — no server memory needed. What's inside a token Header . Payload . Signature. Header and payload are just base64-encoded — readable by anyone, not encrypted. The signature is what matters: a hash of the header + payload, made with a secret key only the server knows. Change one character of the payload, the signature breaks, the server rejects it. Trust comes from the math, not from hiding the data. Client logs in with credentials Server verifies them, signs a token, sends it back Client attaches the token to every future request Server checks the signature — no database lookup Valid + not expired → request proceeds No session table anywhere. The auth state lives inside the token itself. The trade-off Can't instantly revoke a token — it's valid until it expires. Fix: short-lived access tokens + a revocable refresh token. Payload is readable, so never put sensitive data in it. Security comes from HTTPS + safe client-side storage, not secrecy. One-liner to remember it by Session auth: remember who logged in, check memory each time. JWT: remember nothing, verify the proof each time.

2026-07-09 原文 →
AI 资讯

The Evolving Agent: How Jean2 Learns Across Sessions

I've been coding with AI agents for about two years. Every major one. Cursor, Copilot, Codex, OpenCode. They're good at generating code. They all share one problem. They forget everything. You finish a session, close the window, and the agent resets. Next time you open it, you're starting from zero. "We use pnpm, not npm." "The database is SQLite, not Postgres." "Don't touch the migrations folder." You repeat yourself. Every. Single. Time. Some tools added memory features. Usually as an afterthought. A pinned file. A custom instruction. A context window that grows until it hits a wall and everything old gets silently dropped. I didn't want a bigger context window. I wanted an agent that accumulates knowledge the way a colleague does. Not by being retrained. By taking notes, writing down what it learned, and reading those notes next time. That's what Jean2 can do. Not through fine-tuning. Not through vector embeddings. Through files on disk that the agent reads and writes itself. But here's the thing: none of this is on by default. By default, Jean2 is as bare as Codex or OpenCode. A blank prompt. No memory. No skills. No session search. You opt in to each layer in workspace settings . That's the point. You build the agent you want, layer by layer. The Four Layers If you turn them on, Jean2's agent has four knowledge layers that persist across sessions. They're not features bolted on top. They're part of the system prompt that gets composed every time a session starts. 1. Workspace Memory Turn on workspace memory in workspace settings , and the workspace gets two files: MEMORY.md for shared knowledge and USER.md for your personal preferences within that workspace. Both live at <workspace>/.jean2/ . The concept is simple. Shared knowledge that's useful for any agent working in that workspace. "We use pnpm." "The database is SQLite." "Don't touch the migrations folder." Whatever agent you bring in, coding specialist, reviewer, docs writer, they all get the same context

2026-07-09 原文 →