今日已更新 393 条资讯 | 累计 20863 条内容
关于我们

标签:#AI

找到 3709 篇相关文章

AI 资讯

GitHub Copilot's enterprise managed-settings.json is now GA

GA in a sentence GitHub moved its enterprise managed-settings.json to general availability on July 1, giving GitHub Enterprise Cloud admins a single JSON file that overrides Copilot behaviour in VS Code and Copilot CLI for anyone holding a Copilot Business or Copilot Enterprise seat issued from the enterprise or one of its organizations. The changelog frames it as a place to define AI standards for the tenant. In practice it is a supported home for Copilot policy that shipped one setting at a time in beta up to this point. The five keys the file accepts Five keys are documented at GA: extraKnownMarketplaces , enabledPlugins , strictKnownMarketplaces , disableBypassPermissionsMode , and model . Together they configure trust for extra plugin marketplaces, the enabled-plugins list, strict enforcement of the known-good marketplace list, whether Copilot CLI and the VS Code extension can run in bypass-permission mode, and which model a user is allowed to pick. Value shapes are not enumerated in the changelog itself; the docs page is the reference for the schema. How the file reaches a client The file lives at copilot/managed-settings.json inside the .github-private repository of the organization the enterprise nominates for the role. There is a backward-compatible path at .github/copilot/settings.json for tenants already using the older layout. Copilot clients fetch the file from the server on every authentication, hold it in memory, and refresh it hourly, per the changelog. That server-side file takes precedence over the file-based config a user may have on their own machine. Setup runs through the AI Controls tab in enterprise settings, or the equivalent API endpoint, where an admin picks the hosting organization. Anyone who followed the June rollouts of disableBypassPermissionsMode and strictKnownMarketplaces will recognise the same file and the same repo. GA is what turns the plumbing into a supported product surface. Where it will trip you Two operational details are

2026-07-05 原文 →
AI 资讯

Stop Overtraining: Build an AI Agent to Auto-Sync Your Fitness Plan with Your Heart Rate (LangGraph + Notion)

We’ve all been there. You have a "Leg Day" scheduled in your Notion database, but you woke up feeling like a truck hit you. Your Apple Watch says your Heart Rate Variability (HRV) is in the gutter, but your rigid calendar doesn't care. Usually, you’d either push through and risk injury or manually move cards around in Notion—which is a friction-filled nightmare. In this tutorial, we are building a Self-Optimizing Health Agent using LangGraph , Notion API , and HealthKit . This agent acts as a closed-loop system: it analyzes your physiological recovery data, reasons about your physical state using an LLM, and automatically rewrites your training schedule. By mastering AI agents , LLM orchestration , and fitness automation , you’ll turn your static "To-Do" list into a dynamic "Should-Do" list. 🥑 The Architecture: The Bio-Feedback Loop Using LangGraph , we can treat our fitness logic as a state machine. Unlike a linear script, a graph allows our agent to decide whether it needs to fetch more context (like yesterday's sleep) before making a final decision on your workout. graph TD Start((Start)) --> FetchHRV[Fetch HRV Data via HealthKit] FetchHRV --> CheckRecovery{LLM: Analyze Recovery} CheckRecovery -- "Low Recovery (Fatigued)" --> ModifyNotion[Action: Downgrade Workout Intensity] CheckRecovery -- "High Recovery (Fresh)" --> KeepNotion[Action: Maintain/Boost Intensity] ModifyNotion --> UpdateNotion[Update Notion Page] KeepNotion --> UpdateNotion UpdateNotion --> End((Done)) style CheckRecovery fill:#f96,stroke:#333,stroke-width:2px style FetchHRV fill:#bbf,stroke:#333 Prerequisites Before we dive into the code, ensure you have: Python 3.10+ LangChain & LangGraph installed ( pip install langgraph langchain_openai ) Notion Integration Token (with access to your workout database) HealthKit SDK (Note: Since we are in a Python environment, we'll simulate the HealthKit fetcher, though in a real-world scenario, this would be bridged via a FastAPI endpoint from an iOS app). St

2026-07-05 原文 →
AI 资讯

Summary — Your Next Steps as an AI Architect

What We Built in This Guide In the previous guide, we went from RAG to cloud deployment. In this guide, we systematically implemented everything needed to take that system to production . evals/ dataset.py # Evaluation dataset eval_rag.py # Context Recall · Relevancy · Faithfulness observability/ traced_rag.py # RAG pipeline tracing with @observe() (Langfuse v4) traced_agent.py # Trace each Agent step security/ input_validator.py # Prompt injection detection output_validator.py # PII masking and leakage detection guardrails.py # Rate limiting, security log integration secure_rag.py # RAG with guardrails llmops/ prompt_registry.py # Prompt version management (v1.0–v1.2) ci_eval.py # Quality gate (Overall ≥ 75% to deploy) cost_tracker.py # API cost tracking finetuning/ prepare_dataset.py # Convert to Alpaca format train_lora.py # LoRA fine-tuning (r=8, 2 min on CPU) inference.py # Compare with base model multiagent/ search_worker.py # Search specialist worker quality_worker.py # Quality check specialist worker orchestrator.py # Task decomposition and result integration 14_multiagent.py # Execution script governance/ ai_registry.py # AI system inventory risk_assessor.py # Risk assessment (score 0.18 → LOW) audit_logger.py # Audit log (Article 12 compliant) compliant_rag.py # RAG with AI disclosure (Article 50 compliant) Key Design Decisions from Each Chapter Chapter 2: Evals Combining rule-based (Context Recall, Answer Relevancy) with LLM-as-a-Judge (Faithfulness) strikes the right balance between speed, cost, and coverage. Chapter 3: Observability (Langfuse v4) Adding @observe() decorators is all it takes to start recording traces. The critical v4 change: you must call get_client() after load_dotenv() . Chapter 4: Security Defense in Depth is the principle: Input validation → System prompt → Output validation → Rate limiting — four layers of protection. Chapter 5: MLOps / LLMOps On every push to GitHub, Evals run automatically. Only when the quality threshold (Overall

2026-07-05 原文 →
AI 资讯

The Fractional CTO Guide: How to Audit Your Business for AI Automation ROI

It's an exciting time to be in tech, with AI making headlines daily and business leaders eager to leverage its power. Yet, as a Senior IT Consultant and Digital Solutions Architect with over a decade of experience, I've observed a recurring pattern: many companies enthusiastically adopt AI tools, only to find their balance sheets reflect increased software licensing costs but no tangible improvement in core operational metrics like processing times, customer support turnaround, or error rates. This is what I call the AI adoption gap . The issue isn't the capability of Large Language Models (LLMs) or automation tools themselves; it's the absence of a structured integration strategy. Simply purchasing individual tool licenses rarely translates into automated business processes or measurable value. True transformation requires a deeper, more thoughtful approach. My role as a Fractional CTO often involves guiding businesses through this challenge—moving them from mere AI adoption to strategic AI integration. Over the years, I've refined a step-by-step audit framework that helps identify high-leverage automation points and design integrations that genuinely deliver measurable business returns. Let's dive into how you can apply this framework within your organization. 1. Step 1: Mapping High-Volume, Linear Workflows Before you can automate anything, you need a crystal-clear understanding of the process itself. This initial phase of an automation audit is all about documenting your existing business workflows. You cannot effectively automate what hasn't been precisely mapped. When identifying candidates for automation, I look for workflows that exhibit specific characteristics, as these offer the highest potential for immediate and impactful ROI: High Volume : Focus on tasks that are performed dozens, hundreds, or even thousands of times per week. Automating a task that happens once a month, while potentially valuable, won't move the needle on overall operational efficienc

2026-07-05 原文 →
AI 资讯

AI Governance — EU AI Act Compliance, Risk Assessment, and Audit Logging

Introduction Through Chapter 7 (Multi-Agent) , we have a complete, functioning AI system. The final step is building organizational infrastructure to operate AI safely over time. [Before] Technical safety Security → Block malicious input Evals → Measure quality [Now] Organizational / regulatory safety Governance → Know what AI systems are in use Risk mgmt → Classify and assess risks Audit logs → Record who did what, when EU AI Act → Regulatory compliance EU AI Act Status (as of June 2026) The EU AI Act came into force on August 1, 2024, with full enforcement on August 2, 2026 . Transparency rules (disclosing when users are interacting with AI, labeling AI-generated content) also take effect on that date. AI systems are classified into three risk tiers: Risk Level Description Examples Prohibited Not permitted Social scoring, manipulative AI High Risk Strict regulation Hiring, credit scoring, law enforcement Limited Risk Transparency obligations Chatbots, AI-generated content Minimal Risk No regulation Spam filters, game AI Our RAG system's classification: Limited Risk (chatbot). We are required to disclose to users that they are interacting with AI. Directory Structure pgvector-tutorial/ ├── existing files └── governance/ ├── ai_registry.py # ★ AI system inventory ├── risk_assessor.py # ★ Risk assessment ├── audit_logger.py # ★ Audit logging └── compliant_rag.py # ★ Governance-compliant RAG 1. AI System Inventory — governance/ai_registry.py Most organizations lack a systematic inventory of their AI systems, making risk classification and compliance planning difficult. Knowing what you have is the essential first step. # governance/ai_registry.py """ AI system inventory Centrally manage all AI systems in use across the organization. Forms the foundation for technical documentation required by EU AI Act Annex IV. """ from datetime import datetime from dataclasses import dataclass , asdict from enum import Enum class RiskLevel ( Enum ): UNACCEPTABLE = " prohibited " HIG

2026-07-05 原文 →
AI 资讯

Identity Is the New Perimeter: Why AI Agents Break Zero Trust

For years, Zero Trust architectures were designed around one assumption: Humans make the decisions. That assumption is breaking apart. Autonomous AI agents can now query databases, trigger workflows, call APIs, and interact with other systems without direct human involvement. Modern AI systems no longer just generate text. They execute actions inside enterprise environments. When an AI agent can operate on behalf of a user inside your cloud infrastructure, its identity becomes just as critical as any human identity. And that fundamentally changes the security model. The Rise of Tool Calling Platforms like Amazon Bedrock Agents have changed the architecture of enterprise AI. These systems can now interpret a user request, decide which tools are required, and autonomously execute backend operations through Lambda functions, APIs, databases, and external services. A simple prompt can trigger an entire chain of actions. Example Workflow User Prompt: "Summarize customer complaints from the last 30 days." Agent Actions: Query the CRM database Call the analytics API Pull support ticket data Generate a report Powerful for productivity. Extremely dangerous if not properly secured. The New Attack Surface A single successful prompt injection can completely hijack an agent’s behavior. With overly broad permissions, an attacker can force it to: Access sensitive customer data Execute unauthorized API calls Modify records Trigger privileged backend workflows The risk becomes even worse in multi-agent systems. A compromised customer-facing agent can pass malicious instructions to a highly privileged backend agent. Traditional network perimeters and security tools often miss this entirely because the traffic comes from a trusted internal service. Why Traditional Zero Trust Falls Short Classic Zero Trust was designed for human behavior and relatively predictable access patterns. AI agents operate differently: They act autonomously and at machine speed They make decisions without real

2026-07-05 原文 →
AI 资讯

Someone Built a Physical Gear Shifter for Claude — and It's a Better UX Lesson Than Most Software Ships

A few days ago, Vaibhav Sisinty posted something on X that stopped my scroll: someone had wired up an actual, physical stick shift to switch between Claude models. Not a settings menu. Not a dropdown. A gear shifter, like the one in a car, sitting on a desk. Fable 5 in one gear. Sonnet in another for daily driving. Opus when the problem needs real depth. Slam the stick into position, and the model underneath your workflow changes. The detail that makes this more than a novelty: he built the shifter with Claude, specifically to make his own use of Claude faster. That's a nice little loop — using the model to remove friction from using the model. Why this is a smarter idea than it sounds On the surface it's a gimmick. Under the surface, it's solving a real problem that every heavy AI user runs into: model selection is a decision tax . Every time you open a chat and have to think "is this a Sonnet task or an Opus task?", you're spending attention on meta-work instead of the actual problem. It's a tiny cost, but it's a cost you pay dozens of times a day, and it never shows up on any productivity dashboard. A physical control collapses that decision into a single motor action — the same way a car driver doesn't consciously reason about gear ratios, they just feel the road and shift. That's the actual insight here: the best interface for a decision you make constantly is the one that requires the least conscious thought. A menu makes you look, read, decide, click. A physical lever makes you feel and move. For something you do fifty times a session, that difference compounds fast. A plausible look at how something like this comes together Nobody's published exact wiring diagrams here, but the architecture almost writes itself if you've worked with hobbyist hardware and API-based model switching. Here's roughly what a build like this involves: 1. The physical input layer A repurposed automotive or sim-racing shifter has a set of positions, each one closing a different switc

2026-07-05 原文 →
AI 资讯

Choosing the Right Backend Framework: Django vs. Gin vs. Ruby on Rails.

Every application we use today—from banking apps to social media platforms—has something working behind the scenes. That hidden engine is called the backend. The backend is responsible for processing requests, storing data, handling authentication, enforcing business rules, and ensuring everything works as expected when users interact with an application. One of the first decisions backend developers make is choosing a framework. A framework provides the tools, structure, and best practices needed to build applications faster and more securely. Today, let's look at three popular backend frameworks: Django, Gin, and Ruby on Rails. Django (Python) Django is one of the most mature and feature-rich backend frameworks available. Built using Python, it follows the philosophy of "batteries included." This means many features developers need are already built into the framework, including: User authentication Admin dashboard Database ORM Security protections URL routing Form validation Because so much comes ready to use, developers can spend more time solving business problems instead of rebuilding common features. Best for: Content management systems E-learning platforms Business applications APIs Startups building products quickly Advantages: Fast development Excellent security features Large community Extensive documentation Scales well for many applications Trade-offs: The framework includes many components, so it can feel heavier than minimalist frameworks. Gin (Go) Gin is a lightweight web framework built for the Go programming language. Unlike Django, Gin keeps things minimal. It gives developers speed and flexibility while letting them choose many of the additional tools they want to use. One reason many developers enjoy Gin is its impressive performance. Since Go is a compiled language designed for concurrency, Gin can efficiently handle many requests simultaneously while using relatively few system resources. Best for: REST APIs Microservices High-performance syst

2026-07-05 原文 →
AI 资讯

I analyzed 292 open Forward Deployed Engineer jobs. Here is the data.

"Forward Deployed Engineer" went from a Palantir-specific title to one of the hottest roles in AI in about eighteen months. But nobody had actually counted the market, so I did. I pulled every open FDE role I could find from public ATS job boards (Greenhouse, Lever, Ashby) across 11 companies and analyzed all 292 of them. Here is what the data says. Who is hiring Three companies account for 250 of the 292 openings: Palantir: 95 (they coined the title, and still call many of these roles "Deployment Strategist") Databricks: 85 OpenAI: 70 Then a long tail: Cohere and Scale AI (13 each), Sierra, Writer, Modal, Baseten, Ramp, and Sardine. What it pays Of the 40 roles that disclosed a US pay band, the median ran $197K to $294K , topping out at $390K plus equity at OpenAI and Sierra, with a floor around $137K. That is senior-software-engineer money for a role a lot of engineers have never heard of. International and most Palantir roles did not publish bands, so the true market is likely even broader. Three things that surprised me 1. 98% of these roles are customer-facing. This is the defining trait. It is not a backend role with occasional meetings. It is an engineer who lives in the customer's world, and if that sounds terrible to you, this is not a role you would enjoy occasionally. It is the whole job. 2. The title is chaos. The same role goes by at least four names: Forward Deployed Engineer (152), Forward Deployed Software Engineer (58), AI or Deployment Engineer (43), and Deployment Strategist (36). If you only search one term, you miss most of the market. 3. The job descriptions undersell the technical bar. JDs emphasize customer-facing work, cloud (AWS/GCP/Azure), Python, and integrations. But SQL and algorithms show up in only about a third of them, even though every FDE loop I have seen tests live coding and SQL under time pressure. The description sells the breadth. The interview tests the depth. The other details Geography: about 48% USA, but genuinely global

2026-07-05 原文 →
AI 资讯

The Beginner App Idea Checklist Before You Ask AI To Code In 2026

The most dangerous moment in an AI-built app project is not when the code breaks. It is earlier. It is the moment where your idea is still blurry, the AI coding tool is sitting there politely, and you type: Build me an app that... That sentence feels productive. It also gives the tool permission to make a pile of decisions you have not made yet. Who is the app for? What is version one? Which workflow matters first? What data has to exist? What should not be built yet? What would make the first version successful? If those answers are missing, AI has to guess. And AI guessing at product shape is how beginners end up with a login system, dashboard, profile editor, notifications panel, admin area, billing flow, and settings page before one real user problem has been solved. That is not momentum. That is software confetti. I like AI coding tools. I use them heavily in real app work. But the tool gets much better when the project has boundaries before code starts changing. So before you ask AI to code your first app, run the idea through a checklist. Not a giant business plan. Not a pitch deck. Not a 47-tab spreadsheet that makes you feel like you joined a corporate strategy retreat by accident. A practical beginner checklist. The goal is simple: turn a rough app idea into something AI can help you build without inventing the whole product for you. 1. Can You Name The Person? Do not start with "users." Start with one person you can picture. Bad: This app is for people who want to be more productive. Better: This app is for freelance designers who need one place to track client feedback, revision status, and final file delivery. Bad: This app is for musicians. Better: This app is for guitarists who want to capture riff ideas quickly on their phone without opening a full mobile studio app. Bad: This app is for students. Better: This app is for college students who want to scan textbook chapters and turn them into study notes before an exam. When you name the person, the ap

2026-07-05 原文 →
AI 资讯

LOOM: a language that proves what AI-written code is allowed to do

▶ Try it live (in your browser): https://umbraaeternaa.github.io/loom/play.html Built solo, in the open, from Ukraine 🇺🇦. The problem nobody can scale their way out of AI now writes a large and growing share of the code that runs in the world. The uncomfortable part isn't that the code is often wrong — it's that the same model frequently writes both the code and the tests that check it. When one intelligence authors the solution and the criteria, "it passed" quietly stops meaning "it's safe." The gate becomes foolable. You can make the model bigger, but a bigger model that grades its own homework is still grading its own homework. The honest answer isn't "trust a smarter model." It's: trust only what can be independently proven — and make that proof mechanical, not a matter of hope. That is the whole idea behind LOOM. What LOOM is LOOM is a small, open-source, effect-typed language that acts as a machine-checked trust layer for AI-written code. It doesn't just run code — it proves, at a gate, exactly what the code is allowed to do, before a single line executes. If the code lies about what it does, the compiler refuses it. The slogan is: AI proposes, the compiler disposes. Today it is a research kernel with 385 self-verifying checks, all green — every feature added only with an adversarial test, so the language can only ever get greener. There's a live browser playground where a stranger can paste a program and watch the checker accept or reject it in under a minute. What it can actually do Effect honesty. Every function declares its effects — Pure, IO, Net, Alloc, FFI, Rand. Declared effects must cover what the code actually does; the lie is caught transitively through calls, branches, recursion — not just straight-line code. Capabilities, not ambient power. A foreign call has no ambient authority — un-wrapped, it's refused. A seam is the only thing that grants authority, so (seam (Pure) (ffi untrusted)) makes that code's I/O physically impossible. Reinterpreting h

2026-07-05 原文 →
AI 资讯

Your Guardrails Are a Firewall. Your Failures Are a Cascade

TL;DR— Most production AI teams build safety layers using the content-moderation mental model: classify input, classify output, block or pass. But the incidents that actually take down AI systems in production look like distributed-systems failures— retries amplifying bad state, cascading errors across agent steps, silent drift with no rollback path. Guardrails need to borrow from SRE, not from trust-and-safety. Ask a team how they handle AI safety in production and you'll get the same answer almost every time: an input classifier, an output classifier, maybe a moderation API bolted on the side. This is the content-moderation mental model— filter bad stuff in, filter bad stuff out. It's borrowed wholesale from trust-and-safety teams who spent a decade building spam filters and abuse detectors. It's also the wrong model for most of what actually breaks AI systems in production. The incidents that page you at 2am rarely look like a jailbreak slipping past a classifier. They look like distributed-systems failures: a retry loop that amplifies a bad tool call, a hallucinated intermediate result that poisons every downstream step, a silent shift in output distribution that nobody notices until a customer complains three weeks later. These are not content problems. They're systems problems, and they need systems solutions. The Cascade, Not the Jailbreak Consider a typical agent pipeline: retrieve context, call a model to plan, call tools, call a model again to synthesize, maybe loop if a tool fails. Each step has some non-zero error rate. In a single-call chatbot, that error rate is the whole risk surface. In a five-step agent chain, errors compound, and worse, they compound non-linearly because failed steps often trigger retries, and retries on a stateful action are not free. A model that hallucinates a tool argument doesn't just produce one bad output— it produces a bad state that the next step reasons over as if it were true. If that next step is another LLM call, it wi

2026-07-05 原文 →
AI 资讯

Moving Beyond Chat: Why AI Agents and MCP Are the Next Big Shift for Developers

For the past two years, most of us integrated AI into our workflow using a "ping-pong" model: we write a prompt, get some code, copy-paste it, hit a bug, and paste the error back. But in 2026, the tech stack is shifting from simple chat interfaces to Autonomous AI Agents . We aren't just talking about smarter chatbots. We are talking about production-ready systems that can plan, use specialized tools, debug themselves, and interact with our local development environments. The Core Blueprint of an AI Agent Unlike a standard LLM call that finishes after a single response, an AI Agent operates in an Evaluate-Act-Learn loop. To actually build or interact with one, you need to understand its three core pillars: State & Memory: Maintaining context across complex, multi-step tasks (both short-term session state and long-term vector-based memory). Planning & Reflection: The ability to break down a high-level goal (e.g., "Scrape this e-commerce site and update our DB schema" ) into a sequence of executable tasks, and pivot if a step fails. Tools (The Game Changer): Giving the model execution capabilities via APIs, sandboxed code execution environments, and file system access. Enter MCP: The Architecture Connecting It All The biggest catalyst for this shift right now is the adoption of the Model Context Protocol (MCP) . Think of MCP as an open standard that acts like a universal adapter. Instead of writing custom, brittle glue-code for every single tool you want an AI to use, MCP provides a secure, structured way for LLMs to safely read and write to local repositories, query databases, or trigger deployment pipelines. [ AI Agent ] ──( MCP Protocol )──► [ MCP Server ] ──► [ Local Files / DB / API ] When an agent is plugged into your workspace via MCP, it doesn't just guess what your code looks like. It can scan an entire TypeScript repository, map out your Tailwind components, identify type mismatches, and apply a refactor across multiple files simultaneously. From Dev to Arch

2026-07-05 原文 →
AI 资讯

How I Built an AI-Powered Windows App to Automate Image SEO

If you've ever managed a large collection of images, you've probably experienced this. Editing the images is only half the job. After exporting them, you still need to add: Titles Descriptions Alt text Keywords IPTC/XMP metadata For a handful of images, that's manageable. For hundreds of images, it becomes one of the most repetitive tasks in the entire workflow. The Problem I searched for a Windows application that could: Generate image metadata with AI Write IPTC and XMP metadata directly into image files Process multiple images in bulk Still allow full manual editing I found tools that handled parts of the workflow. Some could edit metadata. Some could generate AI text. But I couldn't find one focused on Image SEO from start to finish. So I decided to build it myself. Building Image SEO AI The project eventually became Image SEO AI , a Windows desktop application built specifically for creators who need to optimize image metadata. Instead of replacing existing photo editors, the goal was to eliminate repetitive metadata work. Today, the application can: Generate image titles with AI Create SEO-friendly descriptions Generate alt text Suggest relevant keywords Write IPTC & XMP metadata Process up to 50 images in a single batch Support both AI-assisted and manual editing One Challenge I Didn't Expect The biggest challenge wasn't AI. It was designing a workflow that still felt familiar. Many users don't want AI to make every decision. Sometimes they just want a better starting point. That's why every AI-generated field can be edited before saving. The application is designed to speed up repetitive work—not remove user control. Lessons Learned Building this project taught me a few things. AI works best as an assistant, not a replacement. Small workflow improvements can save hours every week. Metadata management is still an underserved problem. Simplicity often matters more than adding more features. What's Next? I'm continuing to improve Image SEO AI based on user feed

2026-07-05 原文 →
AI 资讯

What Six Arguing AI Agents Taught Me About Building One That Actually Works

I broke my own project on purpose, twice, before it worked. Here's the story. Round one: the debate club My first idea for this hackathon sounded great in my head. Six AI agents, each with a "role" — security, architecture, performance, whatever — and they'd debate each other across multiple rounds before agreeing on a final answer. Like a mini panel of experts arguing it out. I built it. I ran it against some vulnerable test code. It came back with 127 findings. I got excited for about four minutes. Then I actually read them. Maybe three were real. The other 124 were the agents politely agreeing with each other about problems that didn't exist, or restating the same bug five different ways because five different agents happened to notice it. Precision was somewhere around 2%. Worse than a single model working alone. That stung a little, not going to lie. I'd spent days on the debate logic. Round two: quieter, and better So I ripped it apart. No more debate rounds. No more six agents shouting over each other. I went down to four, gave each one exactly one job, and — this is the part that actually fixed things — made them depend on each other in order instead of all firing at once. One agent maps out the code first. Two others use that map to look at security and quality separately. A last one compares what they found, throws out duplicates, and — importantly — actually checks the line numbers against the real file instead of trusting the AI's word for it. Same test file. This time: real vulnerabilities, correctly flagged, nothing made up. Point it at clean code afterward and it correctly said nothing was wrong, which honestly felt like a bigger win than finding the bugs did. The annoying lesson I wanted this project to feel impressive. More agents, more debate, more "look how sophisticated this is." What actually worked was the boring answer: fewer agents, clear roles, one checking the other's work instead of everyone talking at once. I named the final version Synod

2026-07-05 原文 →