You’re not really that far behind.
My non-tech friends still don’t get it. Despite what you’d believe from Twitter, most people still...
找到 3769 篇相关文章
My non-tech friends still don’t get it. Despite what you’d believe from Twitter, most people still...
The AI Engineer World's Fair has attracted a lot of adults, and they brought their kids too, for...
The AI Engineer World’s Fair returns to Moscone West in San Francisco from June 28 through July 2,...
Flexion Robotics, a startup founded by ex-Nvidia engineers, has a clever way of training robots to do useful work.
GitLab's 2026 AI Accountability Report highlights an AI Paradox: although 78% of developers say they code faster, overall software delivery has not accelerated due to downstream testing and review bottlenecks and new challenges for enterprise governance and traceability. By Sergio De Simone
How I ended up running a local LLM to generate my git commit messages
Protocol adapters are one of the easiest places for agent-commerce architecture to drift. An adapter begins with the narrow responsibility of translating an external protocol request into something the commerce platform understands. For example, an MCP-style tool may ask for return terms, an ACP-style interaction may ask whether checkout can be prepared, an AP2-related flow may carry payment authority information, and an internal feed may publish product capabilities. Those are adapter concerns at the boundary. The problem starts when the adapter does more than translate. It checks product availability from catalog fields. It interprets policy text. It decides whether checkout is ready. It treats a payment artifact as authority. It turns a domain blocker into a softer protocol response. Each shortcut may solve an integration problem locally, but it also creates a second place where commercial meaning is decided. When several adapters exist, those local decisions begin to diverge. The MCP tool may block return-policy quotation, the ACP adapter may expose the product as purchasable, the feed may publish it as checkout-ready, and the AP2-related flow may reject delegated payment. At that point, the platform does not only have multiple integrations. It has multiple interpretations of the same commercial state. This is the adapter problem in agent-ready commerce: semantic drift at the protocol boundary. The adapter should know how to speak the protocol. It should not decide product truth, policy meaning, eligibility, checkout validity, or payment authority. Those decisions belong inside the commerce platform, where they can be shared, tested, evidenced, and audited. This is the fifth article in the Agent-Ready Commerce series. Part 1 introduced the broader architecture model: Facts → Eligibility → Authority → State transition → Evidence → Audit Part 2 focused on commercial truth. It argued that catalog data is not enough. A platform needs source-backed, freshness-aware p
How to Create an AI Agent: A Production Walkthrough The first agent I shipped to production failed at 3am on a Sunday. It looped on a tool call, burned through $40 in tokens before my budget alarm fired, and left a half-written draft in the database with no way to resume. That night taught me more about agent design than any framework tutorial. Since then I have built a pattern I trust enough to leave running unattended for weeks at BizFlowAI, where agents research, write, optimize and publish content without me touching them. This is that pattern, stripped down to what actually matters. Start with the job spec, not the framework Before you pick LangGraph, CrewAI, or roll your own, write the agent's job spec like you would for a junior engineer. One paragraph. What it owns, what it must never do, what "done" looks like, and which signals tell you it failed. Here is the spec for one of my production agents: The Topic Researcher owns generating a ranked list of 20 content topics per site per week. It reads from keyword_pool and search_console_perf , writes to topic_queue . It must never publish, never call paid APIs more than 8 times per run, and must finish in under 6 minutes. Done = 20 topics with score >= 0.6 and zero duplicates against the last 90 days. Failure signal = empty queue after a run, or any topic flagged by the dedupe check. If you cannot write this paragraph, do not build the agent. You will end up with a "do everything" prompt that hallucinates its way through ambiguous tasks. The job spec becomes your evaluation rubric later, so write it carefully. Rule of thumb I use : if the spec needs more than 5 tools or more than 3 decision branches, it is two agents, not one. Design the tools before you write the prompt Most agent failures I have debugged were not prompt failures. They were tool failures. The model called a tool with wrong arguments, the tool returned a 4MB JSON blob, or two tools had overlapping responsibilities and the model picked the wrong
Introduction This article is not about introducing a new security tool. Nor is it an argument to replace Secret Scanners, SAST, or other existing security technologies. Instead, I want to propose an architectural concept for the AI era: How should security controls be positioned within a software development workflow where AI agents generate most of the artifacts? I call this concept the AI Security Gate . AI Is No Longer Just a Coding Assistant Generative AI has evolved far beyond code completion. Today's AI systems can already: Generate source code from requirements Write unit tests Refactor existing code Create pull requests Review code The next logical step is a development workflow where: AI implements, AI reviews, and AI iterates. In such a world, relying on humans as the final security checkpoint no longer scales. When AI-generated artifacts are reviewed by another AI, we need a security mechanism that operates independently of AI reasoning and executes every time without exception. What Is an AI Security Gate? I define an AI Security Gate as: A deterministic security control layer that validates AI-generated artifacts before they are accepted into a software development workflow. Two words in this definition are particularly important. Artifacts The scope is broader than source code. It includes any artifact produced by AI, such as: Source code Infrastructure as Code Dockerfiles Kubernetes manifests SQL scripts CI/CD workflows API specifications Deterministic An AI Reviewer performs reasoning. It may conclude: "This design is easier to maintain." An AI Security Gate does not reason. Instead, it verifies objective facts such as: An API key is embedded. A private key is committed. An organizational policy is violated. Its purpose is not to judge software quality. Its purpose is to enforce security rules consistently. Four Characteristics of an AI Security Gate I believe an AI Security Gate should satisfy four fundamental properties. 1. Deterministic Every exec
Last month, I had a problem with a popular mobile banking app in Southeast Asia. Nothing exotic. A transaction didn't go through, and my support ticket had been sitting untouched for two weeks. So I opened the app's chatbot. It greeted me warmly, asked how it could help, and then couldn't do a single useful thing. It couldn't look up my transaction. It couldn't check the status of my ticket. It couldn't tell me why my issue was unresolved. It could answer FAQ questions, and that was it. I called the hotline instead. Spent an hour navigating prompts, got bounced between menus, and every path ended the same way: "Please contact our chatbot or check your existing ticket." The system was built for deflection, not resolution. The ticket that nobody had touched for fourteen days. I gave up. And somewhere in that company's dashboard, my interaction counted as a successful AI chatbot deflection. The uncomfortable part: if you shipped a deflection-optimized bot this quarter, a customer somewhere is living this exact loop right now. Your dashboard is calling it a win. The Deflection Metric Everyone Loves (and Nobody Questions) Deflection rate measures the percentage of customer contacts handled without a human agent. It's cheap to track, easy to celebrate, and it maps directly to cost savings. Industry benchmarks citing McKinsey's 2026 service operations data put AI resolutions at $0.62 per ticket versus $7.40 for human agents. That's a 12x cost difference. Of course executives love this number. But deflection doesn't measure whether the customer's problem got solved. It measures whether the customer stopped asking. Those are very different things. This is Goodhart's Law applied to customer experience: when a measure becomes a target, it ceases to be a good measure. Deflection is cheap and easy to optimize. Resolution is hard and expensive to track. So companies optimize the proxy and stop looking at the goal. Gartner data, as reported by Forbes , confirms the gap: only 14% o
Key takeaways Summarizing conversation history can reduce costs by up to 60%. Implementing an effective summarization algorithm is key to efficiency. Balancing detail and brevity in summaries is crucial for context. Optimized context windows lead to faster response times and lower latency. The problem Startups leveraging large language models (LLMs) often face significant costs associated with managing context windows during conversations. Each token processed incurs a cost, and as conversations grow, replaying entire histories can lead to runaway expenses. Founders and engineers encounter this issue particularly during customer support interactions or chatbots, where lengthy dialogues require constant context retention, drastically inflating operational costs. What we found Our research indicates that instead of replaying the entire conversation history, summarizing the dialogue can maintain context while drastically reducing token usage. By distilling key points and intents into a concise summary, we can effectively minimize the number of tokens processed, leading to major cost savings without sacrificing the quality of interaction. This non-obvious insight repositions how we approach conversation management in LLMs. How to implement it Start by selecting a summarization algorithm suitable for your use case. Techniques like extractive summarization (e.g., using TextRank) can identify and retain essential sentences from conversations, while abstractive methods (e.g., fine-tuning a transformer model) rephrase the content. Next, integrate this summarization step into your workflow: after each interaction, generate a summary that captures the main points. Ensure that the summary is stored and utilized as context for subsequent interactions, replacing the need for the entire conversation history. Monitor token usage before and after implementation to quantify cost savings. How this makes life easier By summarizing conversation history, startups can see a reduction in c
When the enemy is too strong to attack directly, attack what they hold dear. They will come to you...
According to ChartMogul's 2026 analysis of 200 B2B software products, the median free-to-paid...
Circuit breakers and bulkheads are design patterns — their numbers are operational weapons. Failure ratio 50% or 30%? Max concurrent calls 25 or 100? During an outage the right answer changes hourly . Code the pattern once; tune thresholds live . Kiponos.io separates resilience structure (in Java) from resilience parameters (in live config tree). Pattern in code, numbers in Kiponos public boolean allowCall ( String downstream ) { var cfg = kiponos . path ( "resilience" , downstream ); return breaker ( downstream ) . failureRateThreshold ( cfg . getFloat ( "failure_rate_threshold" )) . waitDurationInOpenState ( cfg . getInt ( "open_seconds" )) . permittedInHalfOpen ( cfg . getInt ( "half_open_calls" )) . tryAcquire (); } Ops opens circuit sensitivity during brownout — dashboard edit, not redeploy. Resilience tree resilience/ payments-api/ failure_rate_threshold : 0.5 open_seconds : 30 half_open_calls : 5 bulkhead_max_concurrent : 40 inventory-api/ failure_rate_threshold : 0.35 open_seconds : 60 bulkhead_max_concurrent : 25 global/ force_open_all : false Extreme: coordinated degradation Platform SRE sets force_open_all: false normally. During regional disaster, flip selective open_seconds sky-high on non-critical downstreams — bulkhead by configuration , Java still executes pattern logic. Performance Breaker checks are per-call — getFloat() must be local. See rate limits article . Getting started Externalize Resilience4j YAML values to resilience/* Incident drill: tighten failure_rate_threshold live Resources: github.com/kiponos-io/kiponos-io Kiponos.io — resilience patterns with live numbers. Breakers that bend during the outage.
Angular has signals now - and as of 19.2, even a signal-based way to fetch: httpResource, built on...
Would you trust a sci-fi author to program critical AI systems for humanity? No? Yet, that's what we've been doing. Years ago, I remember hearing the argument: "Why don't we just prompt LLMs with Asimov's three laws of robotics ?" It sounds elegant. The laws were designed to constrain artificial minds. Why not use them? Because the model has already read every story where they fail. LLMs are statistical engines designed to autocomplete text. Imagine a story that starts like this: Once upon a time, there was a good little robot who followed the 3 laws of robotics to the letter. Now take human literature and complete the story. Does it end well? ‹ › (function() { var container = document.currentScript.closest('.ltag-slides--carousel'); var track = container.querySelector('.ltag-slides__track'); var slides = track.querySelectorAll('.ltag-slide'); var prevBtn = container.querySelector('.ltag-slides__nav--prev'); var nextBtn = container.querySelector('.ltag-slides__nav--next'); var dotsContainer = container.querySelector('.ltag-slides__dots'); var current = 0; var total = slides.length; for (var i = 0; i < total; i++) { var dot = document.createElement('button'); dot.className = 'ltag-slides__dot' + (i === 0 ? ' ltag-slides__dot--active' : ''); dot.setAttribute('aria-label', 'Go to slide ' + (i + 1)); dot.dataset.index = i; dot.addEventListener('click', function() { goTo(parseInt(this.dataset.index)); }); dotsContainer.appendChild(dot); } function goTo(index) { current = ((index % total) + total) % total; track.style.transform = 'translateX(-' + (current * 100) + '%)'; var dots = dotsContainer.querySelectorAll('.ltag-slides__dot'); for (var i = 0; i < dots.length; i++) { dots[i].classList.toggle('ltag-slides__dot--active', i === current); } } prevBtn.addEventListener('click', function() { goTo(current - 1); }); nextBtn.addEventListener('click', function() { goTo(current + 1); }); })(); It doesn't. Because the entire body of fiction built around those laws exists to explo
I am committed to understand how systems actually work. I'm working on a multi-node lab to follow the complete path of a request from Python APIs to Linux processes, through Docker containers, networking and observability. The idea is simple: build a system that observes another system to understand the abstraction layers behind modern infrastructure. This project is about learning by building, experimenting and understanding what happens under the hood. Link: [ https://github.com/daniloprandi/devops-network-automation-lab ] DevOps #Linux #Python #Docker #Networking #Observability #Infrastructure
I've been building with AI for a while now. I can get these tools to do what I want, but I want to go a level deeper, past "it works" into actually understanding why. So I'm sharpening the fundamentals and the applied side, and writing it down here as I go. Expect short, honest posts on what I'm learning and building.
The biggest challenge wasn't choosing a language model or designing prompts—it was managing context over time. Once an application grows beyond isolated conversations, memory becomes just as important as reasoning. An assistant that remembers previous architectural decisions, coding preferences, and project history can contribute much more effectively than one that starts from scratch every session. Runtime intelligence proved to be equally important. Not every request deserves the same computational resources. Routing tasks based on complexity, enforcing execution budgets, and maintaining an audit trail make AI systems more predictable and practical for real-world development. DevPilot AI brings these ideas together by combining Google Gemini for reasoning, Hindsight for persistent memory, and cascadeflow for runtime intelligence. While the project will continue to evolve, building it reinforced one idea above all else: the future of AI applications isn't just about generating better responses. It's about building systems that can remember, adapt, and make better decisions over time. If you're interested in the architecture or would like to explore the project further, you can find the source code here: GitHub: https://github.com/siddharthg-7/DevPilot-Ai- I'm always interested in feedback and discussions around persistent memory, runtime intelligence, and AI engineering. If you've explored similar ideas or approached these challenges differently, I'd love to hear your perspective.