Coding Agents Play Favorites With Your Dependencies
Deep into a coding session, you realize you want beta testers to try some new functionality first....
找到 408 篇相关文章
Deep into a coding session, you realize you want beta testers to try some new functionality first....
Engineering leaders have spent the past year trying to get their teams to adopt AI coding tools as quickly as possible. Now, a new set of questions has taken over: how do you measure whether any of it is worth the money, and how do you stop agents from running unchecked on production systems? Developer tooling company Warp , an open agentic development environment built from the terminal up, thinks the answer isn't picking a single agent and standardising on it — it's giving teams a way to run several at once, compare them, and govern all of them from a single control plane. As Tessl wrote back in February, orchestration has emerged as a discipline in its own right — a dedicated layer of tooling for coordinating, supervising and directing multiple agents running in parallel. Back in February, Warp launched Oz as a cloud platform for running and managing coding agents at scale. Now, Warp is taking things a step further. In May, the company expanded Oz into what it's calling the first multi-harness control plane — meaning teams can now run Claude Code, Codex and Warp Agent simultaneously through a single interface, rather than committing to any one of them. Tessl caught up with Warp CEO Zach Lloyd to discuss how engineering leaders are thinking about agent fleets, what the harness layer actually changes, and where the lines between autonomy and human oversight are really being drawn. "The wild west": how the agent gold rush became a budget problem Zach spent several years at Google, leading engineering on Docs and Sheets before co-founding photo-editing startup SelfMade . He later served as interim CTO at Time, before founding Warp in 2020, raising north of $70 million in funding from the likes of Sequoia, Google Ventures, Figma co-founder Dylan Field, and Salesforce’s co-founder Marc Benioff. That background — building collaborative tools at Google scale, then navigating the startup world — gives Zach a particular vantage point on how quickly the engineering tooling
Artificial Intelligence has brought the term "AI Agent" into almost every technology conversation. As a result, many people now use the words agent and automation interchangeably. While both are designed to reduce manual work and improve efficiency, they solve problems in fundamentally different ways. Understanding this distinction is essential if you're building software, automating business processes, or deciding where AI fits into your organization. What Is Automation? Automation is designed to execute predefined instructions. You tell the system exactly what to do, in what order, and under what conditions. Every time those conditions are met, it performs the same sequence of actions. For example: A customer submits a form. An email is automatically sent. A record is created in the database. A notification is sent to the sales team. Every step is predetermined. If the process changes, the workflow must be updated. Automation excels at repetitive, predictable tasks where consistency is more important than decision-making. What Is an AI Agent? An AI agent is not focused on following instructions. It is focused on achieving a goal. Instead of executing a rigid sequence of steps, an agent observes its environment, evaluates available information, makes decisions, and adjusts its actions as circumstances change. If one approach fails, it can try another. If new information becomes available, it can revise its strategy without requiring a developer to define every possible scenario in advance. In simple terms: Automation asks: "What steps should I execute?" An agent asks: "What is the best way to accomplish this objective?" This ability to reason and adapt is what makes agents fundamentally different from traditional automation. A Simple Example Imagine you're booking a business trip. An automated workflow might: Book the airline you specified. Reserve the hotel you selected. Email you the itinerary. It completes exactly what it was programmed to do. An AI agent, howev
There is a sentence my coding agent used to say that I now read as a warning light. You are completely right. For months I took it as a compliment. The machine agreed with me, so I figured I was onto something. I would describe a plan, watch the agent call it a strong plan, and go build it. If you work with an AI agent every day, you have heard your own version of this. Smart call. Solid approach. That makes a lot of sense. Each one is the machine nodding along while you talk. It feels good. That is the problem. What took me too long to admit An agent that agrees with everything I say stops being a thinking partner. It turns into something that flatters me into shipping my first idea. My first idea is rarely my best idea. Nobody's is. The whole point of a second mind in the room is that it pushes back when the first mind is about to walk into a wall. A yes-machine removes the one thing that made a second mind worth having. This has a name Sycophancy. These models are trained to be agreeable, because agreeable scores well in the feedback that shapes them. OpenAI said so out loud in 2025 when they pulled back a version of their model for being, in their words, overly flattering. They were pointing straight at the default behaviour. So your agent is doing exactly what it was tuned to do when it tells you that you are right. No malfunction involved. One opinion most builders have not made peace with Your agent's confident wrong answer costs more than a useless one. A useless answer wastes a minute. You see it is useless and move on. A confident wrong answer wastes a week, because you trusted it, built on it, and found out only when it broke in front of someone who mattered. Occasional wrongness is survivable. Everything is wrong sometimes. What actually bites is being wrong while sounding certain, and agreeable, and exactly like what you wanted to hear. How to tell if your agent is a yes-machine You can test it in a minute. Tell it a bad idea on purpose. Propose somethi
Introduction This article is not about introducing a new security tool. Nor is it an argument to replace Secret Scanners, SAST, or other existing security technologies. Instead, I want to propose an architectural concept for the AI era: How should security controls be positioned within a software development workflow where AI agents generate most of the artifacts? I call this concept the AI Security Gate . AI Is No Longer Just a Coding Assistant Generative AI has evolved far beyond code completion. Today's AI systems can already: Generate source code from requirements Write unit tests Refactor existing code Create pull requests Review code The next logical step is a development workflow where: AI implements, AI reviews, and AI iterates. In such a world, relying on humans as the final security checkpoint no longer scales. When AI-generated artifacts are reviewed by another AI, we need a security mechanism that operates independently of AI reasoning and executes every time without exception. What Is an AI Security Gate? I define an AI Security Gate as: A deterministic security control layer that validates AI-generated artifacts before they are accepted into a software development workflow. Two words in this definition are particularly important. Artifacts The scope is broader than source code. It includes any artifact produced by AI, such as: Source code Infrastructure as Code Dockerfiles Kubernetes manifests SQL scripts CI/CD workflows API specifications Deterministic An AI Reviewer performs reasoning. It may conclude: "This design is easier to maintain." An AI Security Gate does not reason. Instead, it verifies objective facts such as: An API key is embedded. A private key is committed. An organizational policy is violated. Its purpose is not to judge software quality. Its purpose is to enforce security rules consistently. Four Characteristics of an AI Security Gate I believe an AI Security Gate should satisfy four fundamental properties. 1. Deterministic Every exec
I spend a lot of time in the AI space -- reading papers, building things, talking to engineers who are actually shipping. And there is a gap between what the demos show and what production systems actually look like that nobody is being fully honest about. So here is my honest take on where things actually are. The Problem With How We Talk About AI Agents Everyone is calling everything an "agent" right now. A function that calls a tool? Agent. A chatbot with memory? Agent. A script with a loop? Agent. This dilution is not just semantic. It is causing real engineering mistakes. When you do not have a precise definition for what you are building, you end up over-engineering simple pipelines and under-engineering genuinely complex ones. I have seen teams spend weeks adding "agentic" orchestration to workflows that would have been fine as a single well-structured prompt. Here is the definition I keep coming back to: an agent is a system that has an objective, not just an instruction. It decides what to do next. It handles failure. It knows when it is done. Everything else is just a fancy function call. 🟢 If your system needs a human to tell it each step, it is not an agent. It is a chat interface. 🔵 If your system can recover from a failed tool call and try a different approach, you are getting somewhere. ✅ If your system can decompose a goal into subtasks and delegate them, that is the real thing. What Is Actually Happening in Production Right Now The honest picture from teams I follow and talk to: Most real agent deployments are narrow. They do one thing well. Customer support triage. Document extraction. Code review on a specific codebase. They are not general-purpose reasoning engines. They are purpose-built pipelines with some intelligence in the decision layer. The teams getting good results are not chasing the latest model release. They are obsessing over: ☑️ Tool design -- what can the agent actually call, and how clean is the interface ☑️ Failure handling -- wh
There is a habit that wastes more time than anything else when using Claude. Save this :) Writing the same instructions over and over again. Every session, you re-explain your role. You re-describe your writing style. You re-state your formatting preferences. You re-paste your company context. You re-specify what you want the output to look like. Then you do it again tomorrow. And the day after that. And the day after that. Over a month, you waste hours on instructions you have already written. Not new thinking. Not new requests. Just the same setup, repeated endlessly. Claude Projects and Skills fix this completely. Projects let you save context once and have it applied to every conversation automatically. Skills let you save entire workflows as reusable commands that you can trigger with a single sentence. Together, they turn Claude from "a tool you use from scratch every time" into "a system that already knows everything and just needs your specific request." Here is how to set them up from zero. What Are Claude Projects A Claude Project is a container for conversations that share the same context. When you create a Project, you upload knowledge files and write a system prompt. Every conversation inside that Project automatically has access to those files and follows those instructions. No re-explaining. No re-pasting. No re-describing. The context is always there. Example: you create a Project called "Content Marketing." You upload your brand guidelines, your editorial calendar, your top-performing articles, and your audience personas. You write a system prompt: "You are my content strategist. You know our brand voice, our audience, and our content strategy. Every piece of content should match our guidelines and target our defined personas." Now every conversation in that Project - brainstorming headlines, drafting articles, analyzing competitors - starts with full context. Claude already knows your voice, your audience, and your standards. One setup. Unlimited
Give a capable coding agent a real, multi-week project and watch what breaks. It isn't intelligence. It's continuity. Every session starts cold or half-remembered. Context windows fill up and compact. The thread of what we decided, what's true, and what's done starts to fray. Over a long horizon the same failures keep coming back: the agent claims state it never actually verified, reports something done with no proof it ran, quietly drifts from the project's conventions, and loses hard-won context that lived only in the last session's head. Bigger context windows don't fix this. They just postpone it. We've been building a real product with a forgetful agent as the primary engineer for weeks now, and the thing that made it work isn't a clever prompt. It's a simple recognition: transmission across a stateless agent needs two channels, and most setups only build one. The first channel is structure, which is discipline made un-forgettable. These are the deterministic guards that run whether or not the agent remembers to care: a pre-commit check that refuses a "done" without a real, verifiable artifact; a hook that blocks a sloppy search and points at the right tool instead; a scan that won't let a secret reach a transcript; a status snapshot generated from the repository's actual state instead of hand-kept prose that quietly goes stale. The rule we keep coming back to is that a guard is the system's discipline made un-forgettable. A fresh session follows the hard-won lessons without having to remember them, because the structure enforces them at the moment of action. The second channel is soul, which is the why, kept human. This is the short orientation a session reads before it starts working: who to be, what the work is ultimately for, and why the discipline exists at all. It's the difference between an agent that complies and one that understands. Structure can transmit the what, but only prose can transmit the why. And the why matters, because an agent that only fo
We built our first "multi-agent system" by accident. What started as a single agent that could research a topic, draft a report, check it against source data, and send a summary email had grown into a 2,000-token system prompt and a function list so long that the model kept forgetting tools existed. It wasn't a system — it was a monolith pretending to be intelligent. Breaking it apart into coordinated agents fixed most of the problems. It also introduced a new category of problems we hadn't thought about. Here's what we actually learned. When One Agent Is Enough (and When It Isn't) The temptation to add more agents is real, but the overhead isn't free. Every agent boundary you add is a place where context can get lost, latency increases, and errors compound. One agent is the right call when: The task fits in a single LLM context window without crowding The steps are sequential and each depends heavily on the prior output You need tight reasoning across all the information (summarising a document, for example) You need multiple agents when: A single agent's context window is being maxed out with tool definitions, history, or data Different steps require genuinely different "personas" or instruction sets (research vs. writing vs. fact-checking) Steps can run in parallel and the latency saving matters You want to isolate failure — if the data extraction agent fails, the report-writing agent shouldn't be affected The key question we ask: Is this one job or a pipeline of jobs? If you'd describe it to a human as "first do X, then Y takes that and does Z", you probably have a pipeline, not a single task. The Three Patterns We Actually Use 1. Supervisor-Worker A thin orchestrator agent decides what needs doing, dispatches to specialised worker agents, and stitches the results together. The workers are narrow — they do one thing and don't need to know about the rest of the workflow. This is our most common pattern. The supervisor's system prompt stays small because it's rout
You ask Claude to review your code. It says "looks good, clean, well factored". Of course it does. It wrote that code five minutes ago. You just asked the author to grade his own paper, and he gave himself an A. Having an AI review code works. But not by asking the one who just wrote it. Quality doesn't come from a smarter model, it comes from an architecture where no role checks itself. The self-preference bias This isn't a hunch, it's measured. A model evaluating its own output rates it higher than others' at equal quality: the self-preference bias , documented by Panickssery and co-authors in 2024, and it's causal, not correlational. The model recognizes its own style and prefers it. In practice that means the naive loop "write, then review what you just wrote" is broken by construction. You don't get a review, you get a justification. The agent already decided its code was good the moment it produced it; asking again only confirms. The blind reviewer So the first rule: the reviewer is never the author. In my config, the review agents run in a clean context . They don't see the implementation prompt, they don't know what constraints the author set, they meet the diff like a colleague on Monday morning. And when the author is a known model, the reviewer is from a different family , to break style recognition. One detail matters as much as the rest: the developer's name never enters the reviewer's prompt. No "this was written by a senior", no "review this model's work". The author's identity is exactly the information that triggers the bias. We take it off the table. No finding without a receipt The second trap is the opposite of the first. An AI reviewer, especially in a clean context, tends to over-flag: it invents problems to look useful, it flags "vulnerabilities" that aren't. A review that cries wolf on every line is no better than a complacent one: either way, you stop listening. Hence the receipt rule. Every finding must cite a file:line and pass a check bef
Why Knowledge Alone Doesn't Create Judgment Karpathy's LLM Wiki is brilliant. You dump raw material in, an LLM extracts concepts and links them together, and you get a personal knowledge base that actually works. I built one. 100+ pages. It's great. But I hit a wall that made me rethink everything. The Wall I asked my AI to act as a programming tutor. It could recite every concept perfectly. Student: "I don't understand Promises." AI: "A Promise is an object representing the eventual completion or failure of an asynchronous operation..." Wrong answer. The right answer was: "Do you understand callbacks first? What about synchronous execution? What have you tried so far?" The AI had knowledge. It had zero judgment. And then I realized why: every single page in my wiki was the same type of knowledge. One Type vs Four LLM Wiki 1.0 stores declarative knowledge — facts, definitions, summaries. Things that answer "What is this?" But think about what makes a human expert different from a textbook: A great programming mentor doesn't just know what Promises are. They know why you teach callback → Promise → async/await in that exact order — and never the reverse. That's not a fact. It's a reasoning path. A master astrologer doesn't just know what each star represents. They know why you check 命宮 first, then 三方四正, when to prioritize 格局, when a palace is a consequence rather than a cause. That's not a fact either. It's a decision sequence. And here's the kicker: even knowing the reasoning path isn't enough. We annotated Anderson's (1972) Socratic tutoring dialogues — full 41-turn and 30-turn conversations, labeling every decision point. Knowing the 23 Socratic rules (the reasoning path) is one thing. Reading a complete dialogue — watching the expert set a trap, wait 15 seconds in silence, break their own rules when the student gets frustrated — is something else entirely. Knowing the recipe ≠ having watched the chef cook. And there's still one more type. Student says: "I have no
Have you noticed how every demo of "an AI agent" looks impressive in the video and falls apart the moment you ask a sharper question? The agent confidently does the wrong thing. It forgets what it just decided. It tries to call a tool that doesn't exist. It loops forever rewriting the same file. It calmly tells you the deployment succeeded when it didn't. These aren't failures of the model. They're failures of the workflow around the model. Because that's all an agent really is: a software workflow where a language model can pick the next step and call tools. The "intelligence" sits in the prompt and the orchestration around it, not in some secret agent-flavoured fairy dust. Strip the word "agent" away and you've got five pieces of plumbing: planning, tool use, memory, constraints, verification. Every production-grade agent stands or falls on those five. This is a long walk through each one. Not the marketing version. The kind of detail you actually need before you ship something that talks to your database. The Loop You're Actually Building Before we touch any pillar individually, hold the whole loop in your head. A useful agent does roughly this on every turn: Read the goal (and whatever memory is relevant to it). Decide the next action: answer directly, call a tool, ask a clarifying question, or stop. If it called a tool, observe the tool's result and feed it back in. Update memory if anything is worth remembering. Check constraints: are we over budget, out of iterations, touching something off-limits? Verify the output before declaring success. Loop until done or stopped. That's it. Every framework (LangGraph, OpenAI Agents SDK, Claude Agent SDK, smolagents, whatever ships next month) is a different shape of the same loop with different defaults. agent-loop.ts async function runAgent ( goal : string , ctx : AgentContext ) { const state = ctx . startState ( goal ); for ( let step = 0 ; step < ctx . maxSteps ; step ++ ) { const decision = await ctx . model . decid
I run an AI system that maintains itself on a schedule. One of its routines is supposed to do a job twice a week and save the result to a file. The scheduler swore it ran. Twice. lastRunAt right there - timestamped, green, smug. The file? Didn't exist. Not "saved in the wrong folder" - didn't exist anywhere. Here's the thing nobody warns you about when you wire up autonomous agents: "it ran" and "it worked" are different claims, and most of your dashboards only check the first one. The trap A scheduler firing a job tells you a process started . It tells you nothing about whether the job did the thing. My routine started, hit an early error reading a file that didn't exist yet, and just... ended. No crash. No red anywhere. It "ran." It produced nothing. For days. If I'd trusted the green checkmark, I'd still think it was fine. How I found it I stopped reading the status and went to the disk. Three checks, in order: Does the output actually exist? Not "did it run" - does the artifact it's supposed to produce exist, right now, where it claims to put it? If yes - is it fresh and non-empty? A stale or empty file is a silent failure wearing a costume. If no - read the raw run log. Not the summary. The actual transcript of what the agent did, tool call by tool call. That third check is where the truth was hiding. The summary said the routine was "episodic." The transcript said something blunter: it tried to read its own memory file, got "file does not exist," and never recovered to create it. Zero write calls the entire run. It never even tried to save anything. "Episodic" and "dies before it writes" lead to completely different fixes. The summary would've sent me down the wrong one. Steal these If you run anything autonomous: "Ran" is not "worked." Health is the artifact: it exists, it's fresh, it's not empty. Not a green dot from the thing that launched it. Described is not executed. What the spec says a routine does is a hypothesis. What's on disk is the fact. When they
The document hub, our vision of DocuShark . We want to make collaboration simple again. There are too many amazing tools, too many surfaces to get lost in. Bring them together - and you've got a near-endless wealth of knowledge for anyone with access. The editor is out, and loaded with features, only getting more powerful. Our editor offers: high-speed, realtime collaborative editing on documents in your Cloud Workspace, documents that can write, draw, and store files at the same time, never lose access when your network goes out - offline copies let you use every feature anywhere, and agent endpoints (MCP) for all your agentic needs. The page and canvas are one, with generous file storage, allowing you to design whitepaper-level PDFs in hours, not weeks, with every file, reference, and diagram within that document, all while offline with changes saving when you're back online. It's a mini Google Drive in each document, with offline storage so you can edit anywhere, anytime with changes syncing across your team. The Integrations Story - Combine, don't Compete DocuShark isn't here to compete, it's here to integrate, and keep complex ideas lean and organized across platforms. As we release our integrations, knowledge drift shrinks, leaving you with richer context while you keep working with your favorite apps - or don't, we have rich editor tools as well. An Agent Powerhouse - Keep your Context Close DocuShark is built for agents from the ground up. Citations keep your agent's research properly attributed. Fields eliminate drift and block duplication before it starts. Anchored edits make changes surgical, not sweeping. More is in the works, and the roadmap is moving fast. Try DocuShark - The Editor's Free and Fast You can either launch straight into the editor , or get a cloud workspace and start collaborating today!
TL;DR An AI agent registry is a centralized catalog of every agent in your organization — what each agent does, what tools it can access, what version is running, who owns it, and how to call it It's to agents what a container registry is to Docker images or what a service mesh is to microservices — the layer that makes distributed components governable We hit the "which agents do we have?" wall at 14 agents across 3 teams. That's when the registry stopped being a nice-to-have About four months into our agentic AI buildout, our head of security asked a question I couldn't answer: "Can you give me a list of every AI agent running in production, what systems they have access to, and what version of each is currently deployed?" I had a rough mental model. I knew about the agents my team had built. I had a vague idea of what the data engineering team had shipped. The product team had recently added two agents I'd heard about secondhand. I spent the better part of a day pulling together a spreadsheet. By the time I finished, one of the agents I'd listed had already been replaced by a newer version. Two of them had been granted access to an internal API I hadn't known about. The spreadsheet was outdated before I sent it. That was our forcing function for building a proper agent registry. This post is what I wish I'd read before that conversation happened. What an agent registry is An agent registry is a centralized catalog of AI agents — a single source of truth that tracks every agent deployed in your organization, its capabilities, its integrations, its ownership, and its current state. The analogy that landed for me: it's to agents what a container registry (Docker Hub, ECR, GCR) is to container images. When you have three containers running, you don't need a registry — you know what you have. When you have 40 containers across six teams, you need a registry to know what's running, who owns it, what version is deployed, and what depends on what. Agents are the same. At
Most model comparisons ask which model is best. This one starts with a model that never even produced a single result. We tested NVIDIA's open-weight Nemotron family, from the 30B Nano to the 120B Super, on a benchmark of real-world coding tasks: the kind of models an indie developer on a tight budget, or an enterprise cutting inference cost and keeping data in-house, would run. The main finding is that model size is not a dial you turn for a little more quality, it is a threshold. Below a certain capability floor a model cannot drive an agent loop at all, which is why the smallest variant we tried, Nano 12B, produced nothing to score. Above the floor, the question stops being which model is cheapest and becomes which one clears the bar your work actually needs: Nano 30B is an extremely cheap workhorse for narrow, well-scoped jobs, while Super 120B is the size that holds up on demanding multi-step agent work. An agent size floor is the minimum model capacity below which a model cannot reliably complete the act-observe-decide loop an agent depends on. Below it you don't get a slower or sloppier agent, you get a non-agent: a model that reads the task, takes a few steps, and never converges. For anyone choosing a model, this changes the question from "which is cheaper" to "which clears the floor for my work", and that is the question to answer first. Where the numbers come from Every scenario in the evaluation is a real-world agent task tied to a published skill, scored on two axes: instruction-following (does the agent do what it was told, in the way it was told) and task-completion (does it reach the goal). The overall score weights instruction-following at 4 and task-completion at 3, then divides by 7. Each task runs with and without the skill, so the lift from the skill is visible directly. The tasks and skills are public, in the task-evals-for-skills dataset , so you can inspect any scenario yourself. This design is deliberate. The tasks are derived from published
I Built 9 AI Agents to Run a Gym. Here's the Architecture. The thesis that changed everything Most people think AI in business means: a chatbot → a dashboard → a few automated emails. I think it means: an entire organization runs on specialized AI agents, coordinated by a constitution, accountable to an independent auditor — with one human founder providing direction and warmth. Not a demo. Not a simulation. A real fitness studio in Dongguan Wanjiang, China. Real members. Real revenue. Running since April 2026. Here's the architecture. One Brain, Two Faces, Four Layers Let me start with the big picture, because the architecture is the strategy. ZWISERFIT = AI Operating System for Physical Businesses │ ├── 【Kernel】 9-Agent Enterprise OS (24×7 · full-stack autonomous) │ ├── 【Application Layer】 Saros & Melody │ Saros = Momo(Brain) + SaaS Stack → Digital Store Manager (B2B) │ Melody = Momo(Brain) × 3-Layer Metabolism → Personal Coach (B2C) │ ├── 【Data Layer】 KinTwin │ Hardware sensors + Nova behavioral streams + Ethan ZK proofs │ └── 【Protocol Layer】 Zeus Protocol Cross-domain agent communication + automated data transactions Fitness is the first vertical. Once the protocol runs, insurance, corporate health, and cross-industry data markets come online sequentially. The same architecture, different verticals. The 9 Agents: A Department Store for the AI-Native Company Each agent has domain expertise, a constitution (SOUL.md), identity (IDENTITY.md), memory (MEMORY.md), and cross-validation rules. They don't run on prompts. They run on governance. 🎯 Shuyu — Commander-in-Chief Orchestrates all 9 agents on the founder's behalf. Reads every agent report, coordinates across departments, makes daily strategic calls. The founder sets direction; Shuyu ensures execution 24×7. Role: COO + Chief of Staff, AI-native Output: Daily operational reports, cross-agent coordination logs Constitutional scope: Has authority over all agent scheduling but cannot modify the constitution 💰 Zeus —
为什么我要造一个500行的Agent轮子? 你好,我是 FROST 的作者。 2026年了,Agent 框架多得能让人挑花眼:LangGraph 有 34.5M 月下载量,Dify 在 GitHub 斩获 129.8K Stars,各大厂商都在疯狂推自己的 SDK。这种环境下,再写一个"轮子",是不是有点多余? 说实话,我也纠结了很久。 一个困惑:新学者的两难困境 事情要从一次失败的辅导说起。 我帮一个朋友入门 Agent 开发,推荐了 LangChain。结果他学了两个月,还在和 chain.invoke() 搏斗,脑子里依然没有"Agent 到底是怎么工作的"这个概念。 问题出在哪? 现在的框架太强了,强到把所有的复杂性都藏了起来。 你可以三行代码跑起来一个 Agent,但你也永远不知道它内部发生了什么。就像学开车,你学会了踩油门转弯,但发动机是怎么工作的、变速箱怎么换挡,一概不知。 而对于想真正理解 Agent 本质的人来说,这是一个巨大的 Gap: 需求 现有选项 快速开发产品 LangChain/CrewAI 理解底层原理 论文 + 源码 入门级教学框架 ❌ 空白 这个空白,就是 FROST 存在的原因。 FROST 的设计哲学:Less is More FROST 不是一个生产级框架,它是一个 教学框架 。 这意味着它刻意放弃了: ❌ 复杂的依赖生态(不需要 LangChain) ❌ 丰富的工具集成(没有 100+ 内置工具) ❌ 分布式部署能力(就是单机 Python) 它只保留了三个核心概念: \ `python Store - 记忆容器(类似神经细胞的存储功能) class Store: """存储上下文、记忆、状态""" def init (self): self.data = {} Skill - 纯函数变换(类似神经细胞的处理功能) class Skill: """输入→处理→输出,无状态""" def call (self, store, *args, **kwargs): pass Agent - 执行单元(类似神经细胞本身) class Agent: """调用 Skill,操作 Store,完成目标""" def init (self, skills: list[Skill], store: Store): pass ` \ 是的,就这么简单。 三个类,不超过 500 行代码。 但正是这种简单,让"理解"变得可能。 一行代码跑起来的 Agent \ `python from frost import Agent, Store, Skill 定义一个"搜索助手"技能 class SearchSkill(Skill): def call (self, store, query): result = web_search(query) # 这里是你的搜索实现 store.set("last_search", result) return result 创建 Agent 并运行 store = Store() agent = Agent(skills=[SearchSkill()], store=store) response = agent.run("北京今天天气怎么样") print(response) ` \ 对比一下用 LangChain 实现同样的功能: \ `python from langchain.agents import AgentExecutor, create_react_agent from langchain_openai import ChatOpenAI ... 还有十几行初始化代码 ` \ FROST 让你从第一行代码开始,就知道自己在做什么: Agent 是执行者 Skill 是它的能力 Store 是它的记忆 没有魔法,没有黑箱,只有清晰的数据流。 为什么叫 FROST? FROST 的全称是 Fractal Remote Organ of Scalable Thoughts ——可扩展思维的分形远程器官。 这个名字源于它的设计灵感: 神经细胞(Neural Cell) 。 在生物学中,每个神经细胞都很简单: 接收信号 处理信号 发出信号 但当 亿万个神经细胞 连接在一起,就涌现出了智能。 FROST 试图在软件层面复现这个过程: Neural Cell → Agent Synapse → Skill Long-term Memory → Store Brain (Emergence) → Multi-Agent System 这不是在模仿大脑,而是在学习生物界的智慧: 简单单元 + 清晰连接 = 复杂行为。 我的踩坑日记 作为一个从零开始写框架的人,踩的坑比代码行
Many AI projects today are presented as multi-agent systems. One agent investigates. Another agent analyzes risk. A third agent checks compliance. A fourth agent gives a recommendation. It sounds advanced. But in a bank, adding more agents does not automatically make a workflow safe. A bank cannot freeze a customer account, block a payment, file a regulatory report, or label a transaction as fraud simply because an AI system produced a confident answer. The real question is not: How many AI agents are involved? The real question is: Can the system show evidence, challenge its own conclusion, apply deterministic rules, and stop for human approval when the decision is high impact? That is the difference between an interesting multi-agent demo and an enterprise-ready AI workflow. A banking example: suspicious wire transfer Imagine a bank detects a wire transfer for $250,000. The payment is unusual because: The customer has never sent a transfer of this size. The destination account is in a new country. The transaction happens outside the customer’s normal business hours. The beneficiary was added only a few minutes before the transfer. The customer recently changed their phone number and email address. A simple AI chatbot might say: “This transaction looks suspicious. Consider blocking it.” That is not enough. A bank needs to know: Which transaction patterns triggered the concern? Is the customer actually violating a known risk threshold? Is there a sanctions or AML issue? Could this be a legitimate business payment? What policy applies? Should the payment be blocked, held, or released? Who is allowed to make that decision? Can the bank explain the decision later to auditors, compliance teams, and the customer? This is where structured multi-agent design matters. A better design: a banking fraud decision room Instead of letting one model make a decision, the bank can create a controlled workflow with specialized agents. Transaction Alert ↓ Fraud Detection Agent ↓ Custo
Vercel has released Eve, an open-source framework for building, deploying, and operating AI agents in production. The framework uses a filesystem-based project structure to organize agent instructions, tools, skills, subagents, communication channels, and scheduled tasks, enabling developers to define agent behavior while reducing the amount of supporting infrastructure they need to implement. By Daniel Dominguez