今日已更新 166 条资讯 | 累计 20138 条内容
关于我们

标签:#Agents

找到 408 篇相关文章

AI 资讯

Friday Fixes: The Fix That Wasn't

Three bugs this month. All three looked fixed before they broke. The date was quoted in 51 out of 52 posts. The model was pinned to a specific version. The upload feature had been working in production for weeks. Each one passed the obvious checks and failed somewhere else. That's the theme for this Friday Fixes: the fix that wasn't. Not bugs that went unnoticed, but bugs where a defense existed and the failure found its way around it. 1. The Unquoted Date, Part Two If this one sounds familiar, it should. I wrote an entire Friday Fixes post about this exact bug class five weeks ago. An unquoted YAML date. gray-matter parsing it as a Date object instead of a string. A crash downstream. Last time it took down /admin/drafts . The fix hardened formatDate() to coerce Date objects before calling .includes() . I verified it. I shipped it. I wrote 2,000 words about it. I moved on. This time it took down the homepage. The symptom: vibescoder.dev loaded for a split second, then flashed to Chrome's "This page couldn't load" screen. Every browser, every profile, every device. The site was completely dead to visitors. The twist: curl returned HTTP 200 with ~900KB of fully rendered HTML. The server was fine. The crash was happening during React hydration in the browser, invisible to any server-side test. The cause: A new post had date: 2026-06-19 in its frontmatter. No quotes. gray-matter parsed it as a Date object. In posts.ts , the code does const meta = data as PostMeta and then spreads ...meta into the return value. The as PostMeta cast told TypeScript the date was a string . At runtime, it was a Date . That Date object flowed through the server component, through the RSC serialization boundary, and into PostListWithFilters , a "use client" component. React couldn't hydrate it. No global-error.tsx existed to catch the crash. Dead page. Why the May fix didn't prevent this: Because the May fix was in the wrong layer. It hardened formatDate() , the function that happened to cras

2026-06-26 原文 →
AI 资讯

Stop using the model as your memory

I run Claude Code most of the day. The thing that kept biting me wasn't the model getting dumber. It was the model forgetting what we'd already settled, then confidently redoing it wrong. You've probably hit it. You write a CLAUDE.md , you keep notes, you tell it "we decided X." A few prompts later it relitigates X, or quietly breaks something it fixed an hour ago. Bigger context windows didn't fix it for me either. A 1M window just means more room for stale instructions to rot in. Here's the reframe that actually held: stop treating the model as the place the state lives. The model is a worker, not a filing cabinet A context window is working memory, not a record. It's lossy, it drifts, and every new turn re-derives the world from whatever's in front of it. If "what's done and what's half-broken" only exists in that window, you're trusting the most forgetful part of the system to remember the most important thing. So I moved the state out of the model and into the work. Two pieces did most of it: A frozen spec the agent re-reads. Not a chat message it might compress away. An actual file that says what we're building and what's already decided. When it starts drifting, the spec is the source of truth, not its memory of the conversation. A checklist it can only tick after something is verified. [ ] becomes [x] when a test passes or I've confirmed the change, never because the model "thinks" it's done. The checklist carries the progress. The model just moves it forward one verified step at a time. The difference is subtle but it's the whole game. Before, the work was a side effect of the conversation. After, the conversation is a side effect of the work. The agent can lose the whole thread and reload from the spec plus the checklist and basically pick up where it left off. A number that surprised me When I actually measured my own sessions, almost none of my tokens were fresh input. The bulk was cache reads and re-reading instructions that hadn't changed. So the "cont

2026-06-26 原文 →
AI 资讯

MCP Server Auth: The API Is the Real Boundary

A single shared API key is fine right up until a second person uses it. intent-brain — the system, repo qmd-team-intent-kb , renamed to the intent-brain plugin v0.4.0 this day — is a team knowledge base. A Fastify HTTP API sits over a governed memory corpus. In front of that API is an MCP server named teamkb , so a teammate doesn't open a dashboard or learn an endpoint. They ask in Claude Code and get a cited answer back with qmd:// citations. That's the whole pitch: institutional memory you query in the same place you write code. Up to this day it authenticated with one shared TEAMKB_API_KEY . The shared key has two failures that only show up once the tool has more than one user. First, every request looks identical, so the audit log can't say who asked. Second, revoking one person means rotating the key for everyone — there's no per-person handle to drop. Both are structural, not bugs you patch. You fix them by giving each person their own credential. The work closed that gap with three things, in this order: per-user tokens (identity), a server-side write gate (authorization), and a per-read access log (audit). The through-line: the API is the real boundary. The MCP client-side tool gate is UX, not security. And the per-read access log stays separate from the governance audit trail — separate log, not no log. Identity: per-user tokens replace the shared key apps/api/src/auth/token-registry.ts . Each token resolves to a record: { actor, role } , where role is 'admin' | 'member' . The shared key's two failures both dissolve here — every request now carries an actor , and revoking one person is dropping one record, not a team-wide rotation. Tokens come from layered sources, in precedence order: explicit records → a TEAMKB_TOKENS JSON env → a TEAMKB_TOKENS_FILE (default ~/.teamkb/tokens.json ) → the legacy single TEAMKB_API_KEY , which becomes one admin token with actor "shared" for back-compat. Each entry is a bearer token resolved to an identity at request time. Ma

2026-06-26 原文 →
AI 资讯

When --cap-drop ALL Broke the Gate Socket

The dogfood run went green. The gate had governed zero calls. That is the agent-governance-plane's entire job: run an AI coding agent inside a sandbox, route every tool call through a Unix-domain-socket gateway, and write a signed, hash-chained journal of every allow/deny. A green run that gated nothing isn't a pass. It's a governance plane governing air. The gate that catches its own hollowness AGP's CI dogfood doesn't just check that the harness exits 0. evidence-bundle.sh fails on a 0-gated run — if the journal shows no decisions, the build is red regardless of process exit status. That guard is what surfaced this at all: the agent process came up, the harness reported success, but the bundle had no verdicts to verify. Red. That's the last I'll say about hollow-green detection here. It's the door, not the room. The room is why zero calls reached the gate, and the answer turned out to be a collision between two things that look unrelated until you trace the syscall: Linux capabilities and a Unix socket's permission bits. The wrong theory The first hypothesis blamed the execution path. AGP has a dev-sandbox mode where the agent and the gate share a process, and a docker mode where the agent runs in a container talking to a host daemon over a bind-mounted socket. The theory was that the same-process path was short-circuiting the gate — agent and gate in one address space, the socket round-trip optimized away, decisions never journaled. Plausible. Wrong. The dev-sandbox path journaled fine in isolation. The failure only appeared in docker mode, and the moment that became clear the investigation moved from "which code path" to "what's different about the container." What's different about the container is the security posture. The real root cause: caps meet a missing write bit The short version: connecting to a Unix domain socket needs write permission on the socket file. --cap-drop ALL strips CAP_DAC_OVERRIDE — the capability that lets root ignore permission bits — s

2026-06-26 原文 →
AI 资讯

The Wrapper Got Heavy: Why ChatGPT Clones Are Runtime Problems Now

A year ago, "it's just a ChatGPT wrapper" was a dismissal. You'd hear it about a startup and know what it meant: an LLM API call, a little RAG, file upload, a chat box on top. Thin. Replaceable. Probably dead the next time the base model shipped a feature. I keep coming back to that phrase, because it stopped being true in a way I didn't notice happening. The thing you'd be wrapping is no longer a model with a chat UI. It's a fast, stateful web application with its own agent loop, its own sandbox, its own artifact system. The wrapper didn't get easier to build as the models got better. It got heavier . The simple interface hides the hard part. A ChatGPT-shaped product is not just an API call with a chat box around it; it's the accumulation of many product and infrastructure decisions that make execution feel safe, stateful, and immediate. The model is the part you can buy. The surrounding runtime is the part people had to design. What gets me is the timescale. It's been roughly a year, and the question actually worth arguing about has moved out from under us — from "is this just a wrapper?" to "where does the sandbox even run?" The pace is faster than I can comfortably track. And the part I keep finding fun is that it all bends toward the practical, not away from it: every one of these shifts makes the tools more usable, more real, closer to something you'd actually ship. Surprising and, honestly, a good time to be building. This isn't a "wrappers are over" argument, and it isn't advice. It's me writing down where my thinking has drifted while trying to build these things myself — partly so I can find out where it's wrong. Read it as one person's notes. What "wrapper" used to mean The old shape was honestly small. Roughly: prompt → LLM API → (RAG retrieval) → response + file parsing on the side The whole game was prompt design, a retrieval index, and some glue. You could stand it up in a weekend. The reason "wrapper" was an insult is that the surface area was tiny —

2026-06-26 原文 →
AI 资讯

plugin marketplaces are the new endpoint policy for coding agents

GitHub added an enterprise setting this week that looks like the kind of thing most developers will never read about unless it breaks their editor. Enterprise managed settings now support strictKnownMarketplaces for VS Code and GitHub Copilot CLI. In plain English: an organization can restrict which extension and plugin marketplaces are known and allowed inside the developer tools people actually use. That sounds like desktop management. I think it is more interesting than that. If coding agents can discover tools, install plugins, call commands, read repositories, modify files, and run workflows from the IDE or terminal, then plugin marketplace policy is no longer a minor preference. It is part of the runtime boundary. The agent does not only need permission to think. It needs permission to reach for tools. And the place where those tools come from is now a security surface. the tool catalog moved closer to the developer For a long time, extension marketplaces felt like productivity infrastructure. You installed a formatter, a theme, a language server, a test explorer, a Docker helper, a cloud plugin, a database browser, maybe three things you forgot existed. Some companies cared a lot. Many mostly hoped the endpoint security product would notice anything truly bad. That world was already risky, but the blast radius was usually framed around the human developer. A plugin could read files, run code, exfiltrate data, or weaken the local environment. Bad, but familiar. Agents change the framing. An AI coding assistant sitting in the IDE or CLI may use plugins as capabilities. It may call into developer tooling, use installed extensions as context, or depend on local integrations to perform work. Even when the agent itself does not directly install anything, the available tool environment shapes what it can do. So the question stops being "which extensions are developers allowed to install?" It becomes "which tool supply chains are allowed to become part of our automat

2026-06-26 原文 →
AI 资讯

Three Loops, No Ship

I spent three iterations on an auto-fix pipeline that still doesn't work reliably. Here's what I learned. Loop 1 Wrote a background script. Pull tickets from Azure DevOps, run them through a local model, hand to a coding agent, push the result. Poll → triage → fix → push. Worked 40% of the time on trivial tickets. Anything that crossed file boundaries or needed real context — stalled or hallucinated. I shipped it anyway. That was naive. Loop 2 Made it smarter. Pre-selected relevant files. Broke big tickets into subtasks. Turned complex edits into atomic steps with verification between each. Got it to 55% or so. But every fix created two new edge cases. The complexity was compounding faster than the reliability. Loop 3 Went all in. Embeddings for dedup. Multi-repo routing. Auto-revert. A learning loop that fed failures back into future runs. The model server started dying. 890 memory errors in a day. Root cause: two independent consumers hitting the same local model server, each with its own retry loop. When memory filled up, retries amplified instead of staggering. The system was making itself worse. Fixes were simple in hindsight — stop retrying OOM, serialize access, use the local binary not npx. But the pattern kept repeating: add more to fix the last thing, break something else. Where I'm At The pipeline still only works on easy tickets. Hard ones need a human. After three rounds, the main thing I learned is that local models hit a wall before your ambition does — not in quality, in working memory. And adding features doesn't fix reliability gaps. It just moves them around. The 507 retry spiral taught me more than any successful deploy this year. Because it was entirely my fault. Not the model's, not the framework's. I built concurrent consumers with independent retry loops and expected them to coordinate. They didn't. What's Next I'll do a fourth loop. Smaller. A dedicated fast model for cheap work, the big model only for editing. One consumer at a time. Might

2026-06-26 原文 →
AI 资讯

Unit Prices Are Falling, So Why Are the Bills Going Up? Tokenomics for AI Platform Owners

"Model unit prices keep falling, yet our monthly AI bill keeps climbing." If you use AI personally, you can feel the creep of your subscription and metered charges. If you own AI usage inside a company, the gap is even more pronounced. Overseas, this feeling has started getting a name: Tokenomics . On June 3, 2026, the Linux Foundation announced its intent to launch the Tokenomics Foundation , dedicated to open standards for AI cost management. Google, Microsoft, Oracle, JPMorganChase, and others — both providers and large buyers — are on board. https://www.linuxfoundation.org/press/linux-foundation-announces-the-intent-to-launch-the-tokenomics-foundation-to-establish-open-standards-for-ai-cost-management This post isn't an explainer of the word itself. It's an account of what changes for the people who own internal generative AI usage — the platform owners, the FinOps practitioners, the engineering leaders watching the bills — once you have this word in your vocabulary. What Tokenomics gives you isn't another saving technique. It changes the unit of measurement and the lens through which you read AI cost. Why Tokenomics, why now Tokenomics sits in the lineage of cloud FinOps. The FinOps Foundation now classifies Tokenomics as the "AI Value" dimension within FinOps for AI . Where cloud FinOps tracked the variable infrastructure costs (compute, storage, networking) against value, Tokenomics tracks the variable cost of intelligence itself. It's not a replacement; it adds a probabilistic, non-deterministic layer of variable cost on top. Tokens here means what you see on every API price sheet and usage dashboard — the smallest unit a language model reads and writes, the unit of compute. The word "tokenomics" also exists in the crypto world, but that one is about issuance, distribution, and incentives on a blockchain — tokens as units of ownership. Same word, different economies. https://www.finops.org/insights/token-economics-the-atomic-unit-of-ai-value/ The term gained

2026-06-26 原文 →
AI 资讯

Southwest Airlines Embraces Cloud and AI Architecture. Are They Setting a New Standard for the Industry?

Table of Contents Overview Southwest and AWS From On-Prem to Cloud AI Comes Into Play Kiro Why This Matters? Closing Thoughts Overview Southwest Airlines is one of the largest carriers in the world. Other than having by far my absolute favorite airplane livery, it's a massive enterprise based in Dallas, Texas, with more than 72,000 employees, over 4,000 daily flights during peak travel periods, roughly 134 million customers annually, and service across 120+ airports in 12 countries. At this scale, what really matters is operational reliability and speed. Because in aviation, slow operations cause delays, delays cause unhappy customers, and unhappy customers aren't particularly great for the company's revenue. A few minutes of latency in one system can turn into hours of disruption in the real world. So... can cloud and AI solve it? Absolutely, if done right. Southwest and AWS Southwest has selected Amazon Web Services (AWS) as its primary cloud partner to help modernize its technology stack and transform how the airline runs, develops systems, and serves its customers. Through this collaboration, Southwest plans to move away from a predominantly on-premises infrastructure toward a cloud-based, AI and agent-enabled architecture on AWS by 2028 . 2028 is not far away from now (Jun 25, 2026). This is very ambitious considering the amount of work that needs to be done. From On-Prem to Cloud Moving an enterprise of this size from on-prem infrastructure to the cloud is way more complex than it sounds. It doesn't sound easy either. It's one of the hardest things you can ever do as a software engineer, DevOps engineer, architect, engineering manager, or anyone else involved in it. It involves a lot of steps, including but definitely not limited to: Assessing existing systems, dependencies, and infrastructure to understand what needs to move and how Defining a migration strategy (lift-and-shift, replatforming, or full refactoring to cloud-native architecture) Designing and bu

2026-06-26 原文 →
AI 资讯

I Let My AI Agent Build a Bedrock RAG Knowledge Base, Here Are the 2 Mistakes the AWS Agent Toolkit Caught

Provisioning a Bedrock RAG knowledge base with S3 Vectors, without the hallucinated API calls. If you've asked an AI coding agent to set up AWS, you've seen it confidently invent a parameter, reach for a deprecated service, or burn ten minutes retrying against a service it never saw in training. The failure mode that bites hardest is the silent one: the agent thinks it succeeded, and you find out an hour later. I hit two of these while standing up the retrieval layer for a LangGraph support bot, an Amazon Bedrock Knowledge Base backed by Amazon S3 Vectors. I'd love to say I caught both with deep AWS expertise. I caught them because the Agent Toolkit for AWS read the docs I hadn't. Both would have shipped, and neither did. The 30-second setup The goal: take a folder of markdown product docs and make them queryable by meaning, so an agent can answer "is this safe for color-treated hair?" from the real docs instead of guessing. Think of it as giving the agent a library it can search instead of making things up. That's the retrieval half of RAG, the foundation a LangGraph agent will later call as a tool. Four moving parts, wrapped in one managed service: Source bucket : an S3 bucket holding the docs. Embeddings : Amazon Titan Text Embeddings V2 (1024-dim vectors). Vector store : Amazon S3 Vectors. I chose it over OpenSearch Serverless because it has no always-on compute, the difference between cents and a monthly surprise for a demo that sits idle. Knowledge Base : Amazon Bedrock Knowledge Bases ties it together into one thing you can query with a retrieve call. To follow along, you need an AWS account, a non-root IAM identity with credentials configured locally, uv installed, and the toolkit installed in your agent. The fastest path across Kiro, Claude Code, Cursor, and Codex is the AWS CLI installer, aws configure agent-toolkit ; in Kiro you can instead add the AWS MCP Server to .kiro/settings/mcp.json (pin the mcp-proxy-for-aws version) and run npx skills add aws/age

2026-06-26 原文 →
AI 资讯

My trading bot said it was trading for four days... he was lying

Twenty-five days on Hyperliquid. Sixty-five closed trades. P&L: -$9.21. Turns out that was the smallest wrong thing about it. The landing page showed -$7.72 because it uses a different P&L formula and excludes two open positions. Either number is small. Both numbers were also wrong about what they were telling me. I spent yesterday auditing every trade. The audit produced three findings I did not expect. Each one was a different kind of wrong. This is the first post in a series about ziom trader , my small AI-assisted crypto trading bot. "Ziom" is Polish for buddy, mate, or dude depending on who's talking. The name is unserious on purpose. The system is not. This is not a "watch me print money" series. The number is negative. Good. The point of the series is to track what happens when an LLM-assisted trading system moves from backtests and dashboards into live execution: where the bot is wrong, where the dashboard is wrong, where I am wrong, and which layer gets to prove it. Frame The natural first read of -$9.21 is "the strategy is losing money." That read assumes the displayed P&L attributes to the strategy. It does not. The number that shows up at the surface is the sum of at least three different layers: the strategy itself, the execution wrapper around it, and the monitoring layer that observes both. Each layer can author its own kind of failure. The displayed number compresses all three into a single dollar figure and loses the attribution on the way up. The framing that landed for me, from Daniel Nevoigt, is that methodology overview without forward-correlation disclosure is a log with good intentions. Same applies to P&L: total P&L without layer-attribution disclosure is a log with good intentions. You see the number. You do not see where it came from. Here is what I found when I forced the attribution. Layer 1: Shadow does not equal live Before deploying any lane, the system runs against backtested data. The shadow says "this strategy returns X over Y trade

2026-06-26 原文 →
AI 资讯

Lite-Harness SDK

AI harnesses are the new vendor lock-in. To swap across harnesses easily without rewriting your app, LiteLLM launched the Lite-Harness SDK . Run your prompt across different harnesses: from lite_harness import query , AgentOptions prompt = " Fix the failing test " # Claude Code harness async for message in query ( prompt = prompt , options = AgentOptions ( harness = " claude-code " , model = " claude-opus-4-8 " ), ): print ( message ) # Codex harness async for message in query ( prompt = prompt , options = AgentOptions ( harness = " codex " , model = " gpt-5.5 " ), ): print ( message ) To enable cost controls, fallbacks, and logging, point it to your LiteLLM AI Gateway: export LITELLM_API_BASE = https://litellm.your-company.com/v1 export LITELLM_API_KEY = sk-litellm-... Engineer's Takeaway: This SDK unifies how you invoke the agents, not how they run internally. Each harness keeps its native loop and tool-calling semantics. It is perfect for A/B testing agent performance and centralizing costs, but remember it is in public beta, so custom tool injection might require extra work! The Problem I Had My team was building an internal bot to fix failing CI/CD tests. We had three engineers advocating for three different harnesses: one wanted Claude Code, another Codex, and another Pi AI. Without an abstraction layer, we would have had to maintain three forks of the same bot , with three different SDKs, three logging systems, and three ways to track costs. It would have been an impossible maintenance burden. How Lite-Harness Helped The SDK solved that exact pain point in three concrete dimensions : 1. Unified Invocation (Time Savings) Instead of maintaining three separate implementations, I had a single query() that routed to whichever harness I wanted. Switching from Claude Code to Codex was literally just changing a string in the options. This allowed us to do real A/B testing in production for two weeks without rewriting any core logic. 2. Cost Observability (The Killer

2026-06-25 原文 →
AI 资讯

Grab Builds Secure Agentic AI Workload Platform

Grab's security team built Palana, a Kubernetes-native secure execution platform, to run autonomous AI agents safely. Unlike deterministic software, model-driven agents exhibit unpredictable tool-use, code-writing, and prompt injection risks. Palana contains these threats at the infrastructure level using isolated namespaces, out-of-process control planes, and proxy-mediated, Vault-backed secrets. By Patrick Farry

2026-06-25 原文 →
AI 资讯

MCP server for repo behavior indexing — entrypoints, impact, context packs before the agent edits (FlowIndex)

I 've been using Cursor on non-trivial repos and kept hitting the same issue: the agent finds a file but misses routes, shared modules, and tests that should run after a change. I built FlowIndex — a local CLI + MCP server that scans a repo and builds a behavior graph in SQLite (entrypoints, imports/calls, tests, git co-change). No embeddings, no SaaS, no LLM calls in the index itself. Setup: pip install "flowindex[mcp]" In your project: flowindex init flowindex scan Add to ~/.cursor/mcp.json (use your repo' s absolute path for cwd ) : { "mcpServers" : { "flowindex" : { "command" : "flowindex" , "args" : [ "mcp" ] , "cwd" : "/absolute/path/to/your/repo" } } } 4. Restart Cursor — you get tools like get_change_impact, suggest_tests, make_context_pack, explain_entrypoint, get_repo_overview. Example workflow: before editing payments/ledger code, ask the agent to use make_context_pack or get_change_impact on that file — it pulls from the local graph, not a generic file search. Honest limits: static analysis + git heuristics only. Call paths resolve via imports but aren 't compiler-grade. TS/JS is heuristic. Documented in the README. MIT · pip install flowindex · https://github.com/adu3110/flowIndex Curious if others use MCP for repo context and what tools you wish existed. Happy to fix setup issues if anyone tries it.

2026-06-25 原文 →
AI 资讯

I built a $0.0005 screenshot cropper that saves AI agents 95% on vision LLM costs

If you're building AI agents that work with browser screenshots, you already know the pain. You take a full 1920×1080 screenshot, pass it to GPT-4o or Claude, and watch your token bill climb — while the model downscales the image anyway and blurs the exact text you needed it to read. There's a better way. The problem Vision LLMs are expensive for two reasons when you feed them full screenshots: Token cost — a full screenshot can cost 10–20x more tokens than a small crop Accuracy loss — models internally downscale large images, blurring fine text, labels, and UI elements But your agent already knows where to look. Browser automation tools like Playwright and Puppeteer give you getBoundingClientRect() — the exact pixel coordinates of any element on screen. So why are you sending the whole screenshot? The solution I built a stateless pay-per-use API that takes a screenshot and pixel coordinates, and returns just the cropped element as a lossless PNG — ready to pass directly to your vision LLM. POST /crop { "image" : "<base64 screenshot>" , "x" : 120 , "y" : 45 , "width" : 640 , "height" : 80 } Returns: { "success" : true , "data" : { "base64" : "iVBORw0KGgo..." , "mime" : "image/png" , "width" : 640 , "height" : 80 , "bytes" : 4821 } } A 4KB crop instead of a 2MB screenshot. Same information. 95% fewer tokens. How payment works Here's where it gets interesting. The API uses the x402 payment protocol — HTTP's long-dormant 402 Payment Required status code, finally put to use. There are no API keys. No accounts. No subscriptions. The agent pays $0.0005 USDC per crop on Base L2 automatically. The flow: 1. Agent POSTs to /crop (no payment header) ← 402 with payment instructions in headers 2. Agent transfers 0.0005 USDC to recipient wallet on Base (near-zero gas, ~2 second settlement) 3. Agent POSTs again with x-payment-tx-hash header ← 200 with cropped PNG The entire exchange happens inside the HTTP request cycle. No human intervention. No billing dashboard. The money lands

2026-06-25 原文 →
AI 资讯

How we went from no-code agents to no-prompt agents

When we started Reach , the plan was simple. We had a bunch of small businesses we were already in touch with - real SMBs, the kind that live on WhatsApp and don't have a "tech team." We'd give each of them an AI agent that talks to their customers, hand them a clean starter template for the instructions, and let them tweak it from there. That was the whole bet: give people a good starting prompt and a template, and they'll play along. We were so wrong it's almost funny now. The part nobody warns you about Here's the thing about prompt engineering that you only learn by watching non-technical people try to do it: writing the instructions is not the hard part. The hard part is thinking about the task in the abstract . We'd hand a business owner an agent that mostly worked, and say "just adjust the instructions when it gets something wrong." Sounds easy. It is not. Sitting down and imagining all the ways a conversation could go, then writing rules for a machine to follow - that's a skill. It's basically a job. And it's a completely different job from running a flower shop or a real estate office. So they got stuck. They'd open the instructions editor, stare at it, and close it. The agent stayed mediocre because the iteration loop we designed required them to be part-time prompt engineers. A few of them just quietly left. That stung, but it taught us the actual problem. What "iteration" actually looked like We started doing the iterations for them, manually. And once we did that a few dozen times, a pattern jumped out. The feedback never led to an abstract change. It was never something that made us "rethink the agent's persona" or "restructure the system prompt." It was tiny, concrete, and tied to a real conversation: "It suggests all of our services, but honestly most customers only care about these three - push those." "It pulled our opening hours from the website and they're just wrong. We changed them months ago." These were one-line corrections. The owner knew ex

2026-06-24 原文 →