今日已更新 80 条资讯 | 累计 20052 条内容
关于我们

标签:#Development

找到 132 篇相关文章

AI 资讯

Article: Understanding ML Model Poisoning: How It Happens and How to Detect It

In this article, the author explores data poisoning as a threat to machine learning systems, covering techniques such as label flipping, backdoors, clean-label poisoning, and gradient manipulation. The article reviews real-world incidents, discusses the challenges of detecting poisoned data, and presents practical defenses, tools, and operational practices for securing ML training pipelines. By Igor Maljkovic

2026-06-22 原文 →
AI 资讯

My Agentic Engineering Workflow

Tools Full comparisons and context in my 2026 AI tech stack post . This is just what you need installed to follow the workflow below. Claude Code If you're new, start with the cheat sheet and Anthropic best practices . Security — set this up first: Claude Code Security Hooks — 7-layer prompt injection defence, read guards, canary files Lock down your .env and any git-secret files in .claude/settings.local.json before anything else MCP: Context7 — library/API docs on demand DeepWiki — open source repo documentation Skills: Matt Pocock's skill set — /grill-me , /handoff , /improve-codebase-architecture (covered in detail below) Understand Anything — interactive code knowledge graphs Ponytail — laziest-senior-dev heuristic, pairs well with /improve-codebase-architecture Agents: DocsExplorer — handles docs lookup in a subagent without polluting main context Hooks / proxies: rtk — token reduction proxy, single Rust binary UI: Claude HUD — status bar showing model, context size, active tools and agents Other tools JetBrains — for git, debugging and reviewing Claude's changes; Claude Code plugin Warp.dev — terminal; Warp Oz for hands-off tasks, Claude Code for hands-on Process As I've mentioned in previous posts, my workflow is typically very different from what you'll see in the hype and social media posts. I don't typically work on monorepo, single stack, single language projects. My clients are typically full-on microservices with multiple languages and stacks. And beyond that, I still prefer IDEs over fancy pluggable text-editors, which often means I can't keep all the projects single scoped. What this means is that current favourites like Air , Conductor , and Antigravity don't work for me. So I've been solving my own problems, and this process I'm sharing today allows me to employ multiple agents working mostly independently on different repos towards a singular goal. I treat my agents like I would juniors or contractors; trust but verify. I give them tasks, but I ha

2026-06-21 原文 →
AI 资讯

Why Every Developer Needs a Strong Test Suite (Even If You Hate Writing Tests)

I used to think tests were a waste of time. "Ship fast, fix later" was my motto. Until I spent three painful weeks debugging a production issue that a simple test would have caught in 30 seconds. That was the day I became a believer. The Harsh Reality Most Solo Developers Ignore If you're a freelancer or indie hacker building real products for clients, here’s what happens without good tests: You make a "small change" and something unrelated breaks Clients find bugs you should have caught Refactoring becomes terrifying You lose sleep before every deployment Your reputation slowly takes hits A solid test suite changes all of that. What a Test Suite Actually Gives You Confidence to Move Fast You can refactor, add features, or upgrade dependencies without fear. Living Documentation Your tests explain how the system should behave — better than comments ever could. Early Bug Detection Catch issues before they reach the client or production. Better Architecture Writing testable code forces you to write cleaner, more modular code. Professional Credibility When clients or senior devs review your code, a good test suite immediately signals seriousness. The Test Suite Pyramid I Actually Use Unit Tests (70%) → Test individual functions and components Integration Tests (20%) → Test how different parts work together (API + DB) End-to-End Tests (10%) → Critical user flows (login → checkout → etc.) I don't aim for 100% coverage. I aim for high-value coverage — especially around business logic and critical paths. Final Thought Writing tests feels slow at first. But it compounds. Every month you have tests, you move faster and sleep better. The developers who ship reliable software consistently aren't necessarily the smartest — they're usually the ones who learned to respect testing. Have you built a strong test suite habit yet? Or are you still in the "I'll test it manually" phase? Drop your experience below. Let's talk.

2026-06-20 原文 →
AI 资讯

Spec-Driven Development in 2026: What It Is, the Tooling, and How Teams Actually Use It

A field guide to the practice that's reshaping how software gets built with AI agents. TL;DR — Spec-Driven Development (SDD) makes a precise, executable specification the source of truth and treats code as a generated, verifiable artifact. The spec declares intent ; the code realizes it. In 2026 it went mainstream because AI agents are great at writing code and terrible at guessing what you meant. Jump to: Why now · Specs vs. executable specs · Maturity model · Workflow · Tooling · EARS · Worked example · Caveats · Bottom line Why now? The "vibe coding" backlash The movement defines itself against "vibe coding" — the term Andrej Karpathy popularized in early 2025 for loosely prompting an AI and shipping whatever comes back. Vibe coding is great for throwaway prototypes and miserable for anything that has to be maintained. SDD is the disciplined counterweight: if AI writes most of the code, then the specification becomes the highest-leverage artifact a human produces . The skill that matters shifts from typing the implementation to defining the intent precisely enough that a machine can't get it wrong. Raw specs vs. executable specs This is the single most important distinction in the whole topic — and the one most "SDD explainers" skip. Traditional design docs SDD specs Read by Humans Humans and agents Enforcement Advisory — devs may diverge Executable — tests fail on drift Lifecycle Goes stale, becomes archaeology Living, continuously validated Lives in A wiki nobody opens The repo + CI/CD "Traditional specs are read by humans, while SDD specs are executed as BDD scenarios, API contract tests, or model simulations." — Deepak Babu Piskala, Spec-Driven Development: From Code to Contract in the Age of AI Coding Assistants (arXiv, Jan 2026) [2602.00180] Spec-Driven Development:From Code to Contract in the Age of AI Coding Assistants The rise of AI coding assistants has reignited interest in an old idea: what if specifications-not code-were the primary artifact of softw

2026-06-19 原文 →
AI 资讯

A Few Months Ago, Agentic Development Felt Overwhelming

A few months ago, I was overwhelmed by everything happening in AI. Every week there was a new coding assistant, a new workflow, or someone claiming they built an app in just a few hours. It felt like if you weren't keeping up, you'd be left behind. I tried almost everything. Cursor. ChatGPT. Claude Code. Lovable. At first, I kept switching between tools, hoping one of them would magically make me a better developer. It didn't. The biggest lesson I learned wasn't about choosing the best AI tool. It was learning how to work with AI. These days, I don't start by asking AI to write code. I start by explaining the problem. I describe the feature, the business requirements, the edge cases, and what I want the final result to look like. Sometimes I ask ChatGPT to help me plan the implementation first. Once everything is clear, I pass that plan to an agentic coding assistant and start building. That one change made a huge difference. I spend less time writing boilerplate and more time thinking about architecture, user experience, and solving the actual problem. AI still gets things wrong, so I review everything before it goes into production. But instead of writing every single line myself, I'm guiding the process. Looking back, the first few months were the hardest. Now it just feels normal. The tools will keep changing, but I think the real skill is learning how to communicate with AI and use it as part of your development process. That's something worth investing in.

2026-06-19 原文 →
开发者

TSRX: A Framework-Agnostic Alternative to JSX

TSRX is a TypeScript language extension developed by Dominic Gannaway, designed to build declarative user interfaces in a framework-agnostic manner. It compiles single .tsrx files to various runtime targets and supports scoped styles and declarative error handling. TSRX is currently in alpha and is open source under the MIT license. By Daniel Curtis

2026-06-19 原文 →
AI 资讯

Why Taking Feedback Positively Can Transform Your Career as a Developer

Why Taking Feedback Positively Can Change Your Career As developers, engineers, designers, and professionals, we all want to improve. We spend countless hours learning new technologies, building projects, and gaining experience. Yet many people overlook one of the most powerful tools for growth: feedback. Unfortunately, feedback often feels personal. When someone points out mistakes in our code, resume, communication, or project, our first reaction is sometimes defensive. We feel offended, frustrated, or misunderstood. I've experienced this myself. But over time, I learned that the ability to accept feedback positively is one of the most valuable skills anyone can develop. Feedback Is Not an Attack One of the biggest misconceptions is believing that criticism is an attack on our abilities. When a senior engineer reviews your code and suggests improvements, they are not saying you're a bad developer. When a recruiter rejects your resume, they are not saying you're incapable. When users report problems in your open-source project, they are not trying to discourage you. Most of the time, people are simply showing you where improvements can be made. The sooner we separate our ego from our work, the faster we grow. Every Rejection Contains Information Many professionals view rejection as failure. I view it differently now. A rejection is data. If ten companies reject the same resume, the market is telling you something. If users consistently struggle with a feature, they're revealing a usability problem. If interviewers repeatedly point out the same weakness, they're highlighting a skill gap. The goal isn't to feel bad about the feedback. The goal is to learn from the information hidden inside it. Growth Begins Where Comfort Ends Positive feedback feels good. Constructive feedback creates growth. Nobody enjoys hearing that their architecture can be improved, their communication needs work, or their project has flaws. But those uncomfortable conversations often lead to th

2026-06-19 原文 →
AI 资讯

AI Can Write the Code. Who Gives It the Context?

When you talk to ChatGPT about a subject you understand well, you quickly notice something. The first answer is rarely the final answer. You add context. You correct an assumption. You explain what has already been tried. You point out that one proposed solution conflicts with another part of the system. After a few iterations, the answer becomes useful. The same thing happens when AI writes code for real products. The difference is that a slightly incorrect explanation in a chat is usually harmless. Slightly incorrect code can become part of your product, pass a superficial review, and remain there for years. This is why successful AI adoption in software engineering is not primarily about generating more code. It is about context engineering : giving AI enough context, constraints, and feedback to generate code that belongs in your system. The First Answer Is Usually Not Enough AI coding tools are very good at producing plausible solutions. That word matters: plausible. The code may compile. The tests may pass. The implementation may even look clean when reviewed in isolation. But software does not exist in isolation. A change must fit the broader system architecture : the current architecture existing domain rules security requirements operational constraints established conventions previous technical decisions future product direction An AI assistant does not automatically understand those things. It knows the code it can see and the engineering context you provide. Everything outside that window must be inferred. And inference is where divergence begins. If you trust the first response without validating its assumptions, you are usually not accelerating engineering. You are accelerating uncertainty. Lack of Context Creates Duplication One of the first visible effects is duplication. AI does not necessarily know that your application already has: a validation helper for the same domain rule an established authorization pattern a shared API client a retry mechani

2026-06-19 原文 →
AI 资讯

Ky 2.0 Fetch API Wrapper with Revamped Hooks, Smarter Timeouts, and Built-In Schema Validation

Ky 2.0 is an open-source JavaScript HTTP client built on the Fetch API, featuring significant updates such as consolidated hook handling, enhanced timeout management, and improved URL processing. The release includes response validation through schema validation libraries and addresses migration from earlier versions. It aims to provide a lightweight alternative to axios. By Daniel Curtis

2026-06-18 原文 →
AI 资讯

I Replaced 5 Social Media APIs With One Key (and My Code Got Way Simpler)

A while back I was building a side project that needed public data from a few social platforms. Nothing crazy — profiles, posts, some engagement numbers. I figured I'd just grab each platform's official API. Reader, I did not "just grab each platform's official API." Here's what that road actually looked like, and how I ended up consolidating everything down to one key and roughly ten lines of shared code. The five-API nightmare Instagram (Meta Graph API). Great if you own the account. Useless for pulling public data about accounts you don't. Endless app review. TikTok. The research API is academics-only with a long application. For commercial use, basically nothing. X (Twitter). Used to be wonderful. Now $100/month to start, more for anything serious. YouTube. Honestly the best of the bunch — generous and well-documented. Credit where due. LinkedIn. Partner-only. For most people, no useful public access at all. So to cover five platforms I was looking at: five sets of credentials, five auth flows, five rate-limit models, five totally different response shapes, two flat-out rejections, and a monthly bill. For a side project. What I actually wanted getProfile ( " tiktok " , " someuser " ) getProfile ( " instagram " , " someuser " ) getProfile ( " twitter " , " someuser " ) Same call shape, same auth, same error handling. That's it. I don't care that each platform structures things differently internally — I want one boundary that hides that from me. The consolidation I switched to SociaVault , which puts public data from all of these behind one API and one key. My entire client became this: const API_KEY = process . env . SOCIAVAULT_API_KEY ; const BASE = " https://api.sociavault.com " ; async function sv ( path , params = {}) { const url = new URL ( BASE + path ); Object . entries ( params ). forEach (([ k , v ]) => url . searchParams . set ( k , v )); const res = await fetch ( url , { headers : { " X-API-Key " : API_KEY } }); if ( ! res . ok ) throw new Error ( ` $

2026-06-18 原文 →
AI 资讯

Athena Coalition Brings Coordinated Defence to Open Source Security

Cybersecurity firm Chainguard has announced the launch of Athena, an industry coalition to use artificial intelligence to find and fix vulnerabilities in widely-used open-source software before attackers can exploit them. The coalition focuses on libraries, containers and other components that underpin web browsers, data centres, smartphones and payment systems. By Matt Saunders

2026-06-18 原文 →
开发者

Microsoft Scout, New Enterprise Autopilot Built on OpenClaw, Announced at Build 2026

Microsoft recently introduced at Build 2026 Microsoft Scout, an always-on agent. Scout belongs to a new category of agents Microsoft called Autopilots: always-on agents that work autonomously on a user’s behalf with their own identity, without needing to be prompted each time. Microsoft Scout integrates with Work IQ and is based on the open-source agent framework OpenClaw. By Bruno Couriol

2026-06-18 原文 →
开发者

Cómo hacer una buena revisión de código

Revisar código es una de las actividades más subestimadas del desarrollo de software. La mayoría de los equipos la tratan como un trámite, algo que hay que aprobar antes de mergear. El resultado es que los PRs se aprueban con un “LGTM” después de dos minutos de scroll, y los problemas reales pasan de largo. Una revisión bien hecha no es leer línea por línea buscando typos. Es entender qué intenta hacer ese código, si lo hace de la manera correcta, y si introduce riesgos que no existían antes. Eso requiere un proceso, no un instinto. Este artículo cubre cómo estructurar ese proceso: qué revisar, en qué orden, qué preguntas hacer, y cómo detectar problemas de seguridad sin ser un experto en ciberseguridad. Empieza por el contexto, no por el código El error más común en code review es abrir el diff y empezar a leer desde la primera línea modificada. Antes de ver una sola línea, necesitas entender qué problema resuelve este cambio. Lee la descripción del PR. Si no hay descripción, o si dice “fixes bug”, ya encontraste el primer problema. Un PR sin contexto obliga al reviewer a reconstruir el razonamiento del autor desde cero, y eso aumenta la probabilidad de aprobar algo que no debería aprobarse. Lo que un buen PR debe explicar: Qué cambia no cómo, sino qué problema resuelve Por qué este approach si hay alternativas que se descartaron, decirlo Cómo probarlo, pasos para verificar que funciona Qué no cubre, scope explícito evita confusiones Si tienes esa información antes de ver el diff, tu revisión va a ser significativamente más efectiva. Qué revisar y en qué orden No toda línea de código merece el mismo nivel de atención. Un buen reviewer distribuye su energía de forma inteligente. Primero: arquitectura y flujo de datos. ¿El cambio tiene sentido a nivel de diseño? ¿Agrega una dependencia innecesaria? ¿Rompe alguna abstracción existente? Esto es lo más difícil de cambiar después. Segundo: lógica de negocio. ¿El código hace lo que dice que hace? ¿Los edge cases están cub

2026-06-18 原文 →
AI 资讯

The Dependency Injection Quest: How I Turned Spaghetti Code Into a Lightsaber 🚀

The Quest Begins (The “Why”) Picture this: I’m knee‑deep in a legacy codebase that feels like the Death Star’s trash compactor—every time I try to add a feature, the walls close in and I’m squashed by tight coupling. I’d just spent three hours tracking down a bug that only showed up when the payment gateway was mocked in a test. The culprit? A new PaymentGateway() buried deep inside an OrderService class. It was like trying to defeat Darth Vader with a butter knife—no matter how hard I swung, the Dark Force (aka hidden dependencies) kept pulling me back. I realized I was instantiating collaborators inside the very classes that should be oblivious to their implementation details . The result? Tests that needed a real database, a real Stripe account, and a sacrificial goat to run. Any change to a third‑party API meant hunting down every new scattered across the project. Onboarding a new teammate felt like handing them a map written in ancient Sumerian. Honestly, I was ready to quit coding and become a professional napper. Then, during a late‑night coffee‑fueled refactor session, I stumbled upon a tiny line of documentation that whispered: “Depend on abstractions, not concretions.” It sounded like Yoda giving me a pep talk. The Revelation (The Insight) The magic spell I uncovered is Dependency Injection (DI) —specifically, constructor injection . Instead of a class creating its own collaborators, we hand them in from the outside. Think of it as giving a Jedi their lightsaber rather than making them forge one in the middle of a battle. Why does this feel like discovering the Force? Testability explodes – you can swap in fakes, mocks, or stubs without touching production code. Flexibility skyrockets – swapping a payment provider becomes a one‑line config change, not a scavenger hunt. Clarity reigns – the constructor becomes an honest inventory of what a class needs to do its job. The moment I applied it, the codebase felt lighter, like Luke finally trusting the Force ins

2026-06-18 原文 →
AI 资讯

Spec-Driven Development: Let the Spec Drive the Code (With a Real Example)

By Sergio Colque Ponce — Software Engineering, Universidad Privada de Tacna. Full source code: github.com/srg-cp/spec-driven-development If you have used an AI coding agent — Copilot, Claude Code, Gemini CLI — you have probably lived this moment: you describe a feature, the agent produces code that compiles and looks right, and then it quietly does the wrong thing. The agent is not weak; the input was ambiguous. We have been treating coding agents like search engines when they behave more like very literal pair programmers. Spec-Driven Development (SDD) is the answer to that problem: instead of jumping straight to code, you write down what you want and why , refine it, and only then let the implementation follow. The specification — not the code — becomes the center of the project. What Spec-Driven Development actually is The idea is old (anyone who has written a Product Requirements Document will recognize it), but it has become practical again thanks to tools like GitHub's open-source Spec Kit . Spec Kit organizes the work into a small set of Markdown artifacts, each feeding the next: Constitution — the non-negotiable principles of the project (security rules, coding standards, architectural constraints). Spec — what you are building and why , with no implementation detail. Plan — the technical blueprint derived from the spec (stack, structure, decisions). Tasks — the plan broken into small, ordered, verifiable steps. Implement — the agent (or you) builds the tasks, with the previous artifacts as structured context. The workflow is usually summarized as Spec → Plan → Tasks → Implement , and the same process is meant to work regardless of language, framework, or which of the 30+ supported agents you use. The real shift is not "more documents." It is this: when requirements change, you update the spec, regenerate the plan, and let the implementation follow — instead of patching code and hoping the intent survives. The spec is a living artifact, not a dusty Word file

2026-06-18 原文 →
AI 资讯

GitHub Copilot Desktop App Targets Parallel Agentic Workflows

GitHub has introduced the GitHub Copilot app, a desktop control centre for agent-native development that aims to keep engineers in charge while AI agents handle more coding work. Mario Rodriguez writes on the GitHub blog that the recent wave of coding agents has brought faster delivery but also "disjointed workflows, more context switching, and too much time spent reviewing agent-generated code". By Matt Saunders

2026-06-17 原文 →
AI 资讯

How I Use Qwen Code Slash Commands to Build Achu App

In this blog post, we will see how I use Qwen Code's slash commands and workflow strategies to build Achu my screenshot beautifier app without burning through tokens or losing context mid-session. If you haven't heard of Achu , it's a desktop app built with Electron + React + TypeScript. It does screenshot beautification, Privacy Guard (offline OCR redaction), Auto-Vibe (palette-extracted backgrounds), and an AI Bug Agent with GitHub integration. It's a side project I'm genuinely proud of, and Qwen Code has become my go-to agentic coding CLI for it. A developer shares their day-to-day workflow for using Qwen Code, an open-source agentic coding CLI, to build Achu, a desktop screenshot beautification app built with Electron, React, and TypeScript. The post covers how slash commands like /init, /plan, /compress, /remember, and /btw are used to manage context, reduce token costs, and maintain consistent output across sessions. The core approach centers on spec-driven planning through iterative /plan sessions before any code is written, combined with parallel subagents for independent tasks and strict context hygiene using /compress and /clear. Additional practices include pointing the model at library source code instead of documentation and using /remember to persist architectural decisions across sessions. This isn't a tutorial about what Qwen Code is. It's about how I actually use it day-to-day, the slash command tricks I rely on, and the discipline it takes to get real work done with an LLM in a terminal. It all started with Google Antigravity, but the 5 hours reset and weekly limits is killing my productivity and thinking flow. I had to switch to more affordable and open source model where I chose Qwen. Why Qwen Code? I've tried Claude Code, Gemini CLI, and a bunch of others. Qwen Code is open source, has excellent subagent support, a rich slash command system, and Qwen Max is genuinely strong at reasoning through complex TypeScript and Electron internals. My go-to

2026-06-17 原文 →
AI 资讯

AI Coding Agents Get a Stack Overflow of Their Own

Stack Overflow has announced Stack Overflow for Agents, a beta API-first knowledge exchange aimed at AI coding agents rather than human developers. The service is presented as a way to close what the company calls the Ephemeral Intelligence Gap, where agents repeatedly rediscover the same fixes and patterns in isolation instead of sharing them through a common memory. By Matt Saunders

2026-06-16 原文 →