今日已更新 281 条资讯 | 累计 21147 条内容
关于我们

标签:#Git

找到 1127 篇相关文章

AI 资讯

Three TODOs, three weeks, one weekend: finishing pq v0.14

This is a submission for the GitHub Finish-Up-A-Thon Challenge What I Built pq — jq for Parquet. A 50 MB Rust single binary that wraps DuckDB's query engine in a jq-style expression DSL, optimized for terminal one-liners and unix pipes. $ pq sales.parquet 'group_by .country | sum .revenue | top 3 by sum_revenue' ┌─────────┬─────────────┐ │ country ┆ sum_revenue │ ╞═════════╪═════════════╡ │ US ┆ 19065.00 │ │ FR ┆ 999.99 │ │ DE ┆ 312.00 │ └─────────┴─────────────┘ Where it started. I work in adtech. I look at parquet files dozens of times a day — campaign deliveries, partner exports, audience snapshots. Every existing option was painful: Tool Pain pyarrow / pandas 5-second cold start, 200 MB virtualenv parquet-tools JVM, slow, no query support pqrs Inspector only — can't filter or project duckdb CLI Great engine, but SELECT email FROM 'file.parquet' WHERE country='US' is too verbose to type 50 times a day Spark Are you serious pq is the tool I actually want — single binary, no JVM, no Python, jq-style syntax for piping into the rest of the unix toolbox. It's been my default cat for parquet since v0.5. Demo Repo : github.com/thehwang/parq Latest release : v0.14.0 (this submission) Install : brew install thehwang/parq/pq Tutorial : doc/tutorial.md — 30-minute hands-on walkthrough A taste of what shipped in v0.14: # Streaming JSON output (was the only buffered format until v0.14) $ pq big.parquet '.id, .country' -o json | head -c 200 # returns instantly even on a 40 GB file # Schema-drift gate for CI $ pq diff baseline.parquet candidate.parquet # Schema diff - a: ` baseline.parquet ` - b: ` candidate.parquet ` ## Added (1) | column | type | nullable | |-----------|---------|----------| | ` country ` | VARCHAR | yes | $ echo $? 1 # exits non-zero on drift, slots into CI without scripting And the new TUI Explain panel — press capital E for EXPLAIN ANALYZE , get row-group pruning per scan (this is exactly the panel you see on the cover image at the top of this post): Expla

2026-05-30 原文 →
AI 资讯

Coding agents should not hold write credentials.

I have been thinking a lot about coding agents lately. Not really about whether they can write good code, because usually they can, sometimes they can't. That part is obvious. But the risk is shifting from wrong answers to wrong outcomes. The part that feels more important to me is this: should the agent actually own the write authority? We already don't trust humans without roles, limits, reviews, and accountability. Developers use PRs, pilots use checklists, bank clerks have transfer limits. Capable agents need the same structure, but machine-readable. Right now a lot of setups still look roughly like this: agent reads the repo agent decides what to change agent has a GitHub token agent creates commits, branches, or PRs I don't think this is the right default. The agent can reason. The agent can inspect files. The agent can propose changes. But the moment it can directly create external impact, the problem changes. It is no longer just: did the agent say something wrong? It becomes: did the agent create the wrong outcome? That is a much more expensive failure mode. Intent is not authority The pattern I like more is simple: agent reads directly agent proposes intent a boundary decides an adapter materializes only admitted work So the agent does not get the write credentials. It submits a structured intent instead, which could look like: { "operation" : "write" , "target" : { "repo" : "example/app" , "branch" : "main" , "path" : "docs/config/agent-policy.md" }, "source_state" : { "blob_sha" : "8f31c2..." }, "requested_effect_hash" : "sha256:..." } This is then not a command anymore, it is a suggestion, or an intent. The system still has to decide whether this proposed outcome should exist. That decision layer can check things like: is this actor allowed? is this repo allowed? is this path in scope? does the source state still match? is this operation allowed? was the same effect already created? should this become a reviewable PR? Only after that should there be an

2026-05-30 原文 →
AI 资讯

Finishing My Personal Website: Mobile-Friendly, Dark Mode, and a Better Projects Section

This is a submission for the GitHub Finish-Up-A-Thon Challenge What I Built I revisited my personal website and decided to turn it into a more complete and polished portfolio. The project originally started as a simple personal website hosted on GitHub Pages. While it was functional, many planned features and improvements were never completed. For this challenge, I am working on improving the mobile experience, adding dark mode support, enhancing the Projects section, improving SEO, fixing existing issues, and making the website more interactive and professional. My goal is to transform an unfinished personal website into a modern portfolio that better represents my work, skills, and projects. Demo Live Website https://ehsankahrizi.github.io/ GitHub Repository https://github.com/Ehsankahrizi/Ehsankahrizi.github.io Current Status This project is currently being improved as part of the GitHub Finish-Up-A-Thon Challenge. Planned improvements include: Better mobile responsiveness Dark mode support Enhanced Projects section Improved SEO More interactive user experience Better website performance Additional pages and content Fixing existing usability issues The Comeback Story When I returned to this project, I realized that many ideas I originally had for the website were still unfinished. Although the website was online, it still had several limitations: The mobile experience needed improvement. Dark mode was not available. The Projects section was incomplete. The contact functionality needed attention. SEO optimization was missing. The website relied on a mostly single-page structure. User interactions were limited. Performance could be improved. Instead of starting a new project, I decided to revisit this existing one and finally complete the improvements that had been postponed. This challenge provided the perfect opportunity to continue development, clean up the codebase, improve the user experience, and turn the website into something I can confidently share with ot

2026-05-30 原文 →
AI 资讯

Building a Production-Grade Customer Inquiry Auto-Responder with SQLite Logging

The Journey I set out to build an efficient automation backend utility designed to classify incoming customer inquiries and automatically suggest optimized replies. My goal for this challenge was to document the transition of a basic, fragile text-parsing utility into a highly resilient, enterprise-ready application script. Production Evolution The Before (Fragile Prototype Base): The initial design relied entirely on rigid, case-sensitive string matching. It contained no persistent database engine, meaning analytics data was lost instantly upon script termination, and it lacked structural exception guarding, making it highly susceptible to standard runtime crashes if empty or unexpected values were inputted. The After (Fault-Tolerant Enterprise Core): I fully refactored the utility's entire architectural layout. The system now initializes a local SQLite relational table structure ( analytics.db ), appends automated date/time timestamps for granular metrics tracking, leverages strict array-based substring evaluation, and traps fatal exceptions seamlessly via localized error handling catch loops. Public Code Repository The complete operational source code, database persistence schemas, and functional verification blocks can be inspected directly via my public repository: https://github.com/playsmai/biz-responder-automation-

2026-05-30 原文 →
AI 资讯

SecAPI: Secure, AI-Driven API Key Management & Leak Prevention

This is a submission for the GitHub Finish-Up-A-Thon Challenge What I Built SecAPI is a local-first, zero-trust CLI utility and key manager designed to make code security the easiest developer path. Exposing secrets (like Stripe, OpenAI, or AWS keys) in repository files is one of the most common causes of credential leaks. Often, developers resort to plaintext .env files that can be accidentally staged and pushed, or struggle with complex vault set-ups. SecAPI solves this with a seamless three-step command line workflow: Scans codebases for exposed API keys using fast regex rules or advanced AI analysis. Vaults secrets locally using strong AES-256 encryption derived via PBKDF2-HMAC (completely offline). Replaces raw hardcoded strings in code with secure, runtime references ( load_key("key_name") )—preserving variable names, indentation, and comments. It means we can keep our code secure, separate environments easily, and prevent pushes with unencrypted credentials—all without relying on cloud-based vault hosts. Demo Interactive Web Showcase : secapi.netlify.app GitHub Repository : github.com/BinayakJha/SecAPI The Scrolling CLI Showcase in Action Check out the interactive scrollytelling page on secapi.netlify.app to see the simulator type out and execute the CLI commands (scanning, setting up vaults, applying smart code rewrites, checking the status board, and running the git pre-commit hook) in real-time as you scroll! The Comeback Story Where It Started SecAPI was an abandoned CLI prototype. It was un-installable due to file packaging typos, suffered from weak vault security (a custom padding scheme instead of a standard key derivation function), had no recovery options if the master password was lost, and used a basic console print command to list keys. Furthermore, the AI scanner relied on outdated OpenAI package versions, creating environment conflicts. What I Changed, Fixed, and Added I gave the project a complete, ground-up overhaul to turn it into a premium,

2026-05-30 原文 →
AI 资讯

You're Using Git Wrong — How Worktrees Will Change Your Workflow Forever

You have a pull request open. Tests are failing. Your PM asks you to fix a production bug — right now. You have two choices: Stash your current work, switch branches, fix the bug, switch back, unstash Clone the entire repo again to a separate folder Both are terrible. But there's a third option most developers don't know about. What Are Git Worktrees? A worktree is a linked copy of your repository that lets you check out a different branch in a separate directory — without switching your current working tree. # While working on feature/login, create a worktree for a hotfix git worktree add ../project-hotfix fix/production-crash # Fix the bug in a SEPARATE directory cd ../project-hotfix # ... make changes, commit, push ... cd ../project # You're STILL on feature/login. Nothing stashed, nothing lost. No stashing. No cloning. No context switching overhead. Why This Is a Superpower 1. Parallel Branches Without the Pain # Review a PR without touching your current work git worktree add ../pr-review feature/new-dashboard cd ../pr-review git log --oneline -5 # Check the commits npm test # Run the tests cd ../project git worktree remove ../pr-review 2. Side-by-Side Comparison Want to compare your branch against main? Open them in two editor windows: git worktree add ../project-main main # Now open ../project/ (your branch) and ../project-main/ (main) side by side 3. CI Debugging Without Stopping Everything # Keep working on feature/x while debugging CI on a specific commit git worktree add ../ci-debug 7a3f9e1 cd ../ci-debug npm ci && npm test # ... debug CI failure without touching ../project/ 4. Documentation and README Updates The classic "quick fix while in the middle of something": git worktree add ../docs-update main cd ../docs-update # Edit README, commit, push cd ../project git worktree remove ../docs-update # Back to your feature branch, zero context loss The Workflow That Changed My Life Here's my daily workflow now: # Monday morning: start feature git checkout -b f

2026-05-30 原文 →
AI 资讯

nbwipers: Setup and Troubleshooting

What is nbwipers? nbwipers is a CLI tool that strips outputs and metadata from Jupyter notebooks before git commit. Written in Rust - faster than nbstripout Supports git clean filter Works with .ipynb files Why use it? Jupyter notebooks store cell outputs inside the .ipynb file (JSON). This causes problems: Noisy diffs - output changes pollute every commit Repo size - images and large outputs bloat the repo Security - sensitive data can leak in outputs (API keys, query results) The solution: strip outputs automatically on git add via a clean filter. Why not nbstripout? nbstripout is written in Python. It is slow - git status , git diff , and git add all became noticeably slow on this repo because nbstripout was invoked for every .ipynb file. The main cause is Python startup time. With 100+ notebooks, nbstripout can take 40+ seconds where a Rust-based tool takes ~1 second. Faster alternatives: Tool Language Notes nbstripout-fast Rust Up to 200x faster; no git filter install support nbwipers Rust Inspired by nbstripout-fast; adds git filter + pyproject.toml config nbwipers is essentially nbstripout-fast with better git integration. Switching to nbwipers fixed the slowness. Setup 1. Install felixgwilliams/nbwipers is now in the aqua registry as of v4.517.0 . Using aqua , add to aqua.yaml : packages : - name : felixgwilliams/nbwipers@v0.6.2 Then run: aqua install 2. Configure git filter Run once per repo (writes to .git/config ): git config filter.nbwipers.clean "nbwipers clean -" git config filter.nbwipers.smudge cat git config filter.nbwipers.required true Or edit .git/config directly: [filter "nbwipers"] clean = nbwipers clean - smudge = cat required = true required = true makes the commit fail if nbwipers is not installed. This prevents accidentally committing outputs. 3. Add .gitattributes In the repo root, add .gitattributes : *.ipynb filter=nbwipers **/.ipynb_checkpoints/*.ipynb !filter **/.virtual_documents/*.ipynb !filter The !filter lines exclude checkpoint an

2026-05-30 原文 →
AI 资讯

Finishing the e-commerce app I abandoned in 2023

This is a submission for the GitHub Finish-Up-A-Thon Challenge What I Built GlowStore — a full-stack MERN e-commerce store (React + Redux + Express + MongoDB). Back in 2023 I built this as my university Web Engineering final project. I ran out of time, handed in what I had, and never touched it again. When I reopened it for this challenge I found something funny: the backend was basically finished — JWT auth, products, orders, reviews, search — but the React frontend never actually talked to it. It was a good-looking shell with fake logic bolted on. So "finishing it" meant connecting the two halves and making it a real store you can actually shop in. Repo: https://github.com/hashaam-011/Web-Engineering Demo Before — the entire app was just a fake login screen. Typing anything (or nothing) and clicking "Log in" flipped a boolean and "logged you in": After — a working storefront with products from the database: A real product detail page (was literally <h1>DetailsPages</h1> before): You can run it yourself in two terminals (no database setup needed — it boots an in-memory MongoDB and seeds itself): cd backend && npm install && npm start # http://localhost:4000 npm install && npm start # http://localhost:3000 Demo login: user@example.com / 123456 — or register a new account. The Comeback Story Here's what the project looked like before , and what I changed: Before After Login dispatched a boolean and ignored your credentials Real login/register against the API with JWT + bcrypt Frontend never called the backend (no axios anywhere) Axios client with token injection; products load from MongoDB Product details page was <h1>DetailsPages</h1> and wasn't routed Full details page (image, price, stock, rating) routed by slug Cart was local-only; "checkout" button did nothing Persistent cart → checkout → real order placed and saved Backend had a reviews endpoint the UI never used Product reviews: read them and post your own with a star rating Only 3 routes; most of the app was

2026-05-30 原文 →
AI 资讯

Your Git Log Is a Legal Document

In 2024, Orca Security sued Wiz and demanded their full git version control history. Orca wanted to see "when features and functions were added, modified, or altered, including through engineers' notes and comments." The court recognized git history as relevant evidence in a software IP dispute. It ordered production of commit logs tied to two specific features. That ruling should concern you. Your commits record author name, email, timestamp, and content hash. Git chains them together cryptographically, replicates them across clones, and makes them discoverable in litigation. You are building a legal record whether you intend to or not. You already use git as a development tool. It is also a chain of custody for intellectual property. And you are probably destroying yours. A Cryptographic Chain of Custody Every git commit stores five things: the content of the change, the author's name and email, the author's timestamp, the committer's name and email, and the committer's timestamp. That commit is hashed using SHA-1 (or SHA-256 in newer repositories), and the hash incorporates the hash of the parent commit. Change one byte anywhere in the chain and every subsequent hash changes. This is a Merkle DAG. The same data structure that makes blockchains tamper-evident. Your commit history is a cryptographic proof linking each change to all previous changes. Git records three layers of timestamps. AuthorDate is when the content was written. CommitterDate is when it was finalized into the repository. And the server-side push timestamp, recorded by GitHub or GitLab, marks when the remote received the data. That third timestamp is outside the developer's control. A clone is a full copy of the entire history. Your collaborators, CI runners, and backup systems each hold an independent replica. Forensics researchers call this "evidence proliferation." Tampering with one copy does nothing if fifty others exist unchanged. Under Federal Rules of Evidence 902(14), data verified throu

2026-05-29 原文 →
AI 资讯

From Skeleton to Production: Building HR Goal Tracking Portal with GitHub Copilot

This is a submission for the GitHub Finish-Up-A-Thon Challenge What I Built I built the Atomberg Goal Setting & Tracking Portal — a full-featured, role-based HR performance management system for Atomberg Technologies (a fast-growing Indian consumer electronics brand). The portal manages the complete employee performance lifecycle : 🎯 Goal Setting — Employees create goals with weightage, UoM type, and thrust area alignment. Business rules enforced: max 8 goals, total 100% weightage, minimum 10% per goal ✅ Manager Approval Workflow — Submit → Review → Approve / Return for Rework 📊 Quarterly Check-ins — Q1–Q4 progress logging with 4 UoM types (Numeric Min/Max, Timeline, Zero-is-best) 🚨 Escalation Monitor — Rule-based detection of overdue submissions, missing approvals, and pending manager reviews 📈 Analytics & Reports — QoQ trend charts, department-wise performance, thrust area distribution, CSV exports 🔒 Admin Governance — Cycle phase management, shared goal distribution, full audit logging Tech Stack: React 18 + Vite · Context API · localStorage (zero-backend demo) · Recharts · Lucide Icons · Custom dark glassmorphism CSS Demo 🔗 Live App: https://atomberg-goal-tracker.vercel.app/ 📁 GitHub Repo: https://github.com/anonomous29/atomberg-goal-tracker Quick Login Credentials Role Email Password Admin priya.sharma@atomberg.com admin123 Manager rajesh.kumar@atomberg.com manager123 Employee vikram.singh@atomberg.com emp123 What to try: Login as Admin → Go to Escalation Monitor → see rule-based alerts Go to Reports → QoQ Trends tab → see Q1 performance bar chart Login as Employee → Dashboard shows Q1 score donut + goal-level progress Login as Manager → See team check-in status and review Q1 feedback The Comeback Story This project started as a hackathon requirement — a Business Requirements Document (BRD) from Atomberg asking for a digital goal management system. The initial version had the core structure but was essentially an empty shell: blank dashboards on login, no check

2026-05-29 原文 →
AI 资讯

The GSoC Arc: How I Almost Didn't Show Up to My Own Story

"This wasn't a success story. It started as survival." Intro Hey, I'm Supreeth C , a third-year engineering student, open source developer, and professional overthinker from Bengaluru. This is my first blog, and fair warning: it's long. Not "LinkedIn post with 5 bullet points" long. Actually long. This is the story of how I got selected for Google Summer of Code 2026 with CircuitVerse but more honestly, it's the story of how I almost didn't submit a proposal, almost quit twice, and spent a lot amount of time reading codebases on the Bengaluru Metro while missing my stop. Connect with me on GitHub and LinkedIn PS: I'm writing this at 4.05am, because sleep is a myth XD. Act I: The Prequel Second semester. Fresh-faced. Absolutely clueless. I joined Pointblank , the one genuinely breathable space in my Tier-3 college. I can say its the best student-run club overall and the main reason being : everyone around me was terrifyingly good . Codeforces experts and specialists, GSoC mentees, LFX mentees, Smart India Hackathon winners. People whose LinkedIn bios are of several lines. And me? I knew C++. That was it. That was my entire personality. Cue the imposter syndrome : that lovely feeling where you're convinced you snuck into a room you have no business being in, and everyone else is one conversation away from figuring it out. My solution? Chaos. I started learning everything simultaneously: web dev, Android, ML, DevOps, a bit of systems engineering. Jack of all trades, master of none, spiraling fast. I wasn't learning; I was collecting domains like Pokémon and actually using none of them. Then a senior said something that cut clean through the noise: "Find your own path." So I slowed down. Started from the basics of web dev. Attended many hackathons but always ended up in third or fourth and winning: zero . But something clicked anyway. Those hackathons introduced me to open source, and somewhere in that chaos, I gave myself a simple challenge: 4 pull requests for Hacktob

2026-05-29 原文 →