AI 资讯
Your AI Can Do More Than Talk — Here's How to Make It Actually Work for You
You asked your AI to help you plan a trip. It gave you a paragraph about packing layers and booking early. You needed a checklist, a hotel shortlist, a flight window, and a rough daily schedule. What you got was a thoughtful non-answer dressed up as advice. That gap — between what AI tells you and what it could actually do for you — is the gap agentic AI is designed to close. And most people don't know it exists. The Difference Between Answering and Acting Standard AI models are trained to respond. You send a prompt, they generate a reply. The entire interaction lives inside a single text exchange. Agentic AI operates differently. Instead of producing one answer, it takes a goal and breaks it into a sequence of steps — then executes them, one after another, checking its own output along the way. It can look things up, organize information, write to a document, revisit a step if something doesn't look right, and deliver a final result that's actually usable. The travel example makes this concrete. A conversational model tells you to pack a rain jacket. An agentic setup builds you the trip: it pulls destination weather data, generates a packing list specific to your travel dates, identifies hotels in your price range, and drops everything into a structured itinerary. Same goal. Completely different level of output. Author's note: The word "agentic" has been overloaded to the point of meaninglessness in tech marketing. For our purposes here, it means one specific thing — an AI that runs a loop: think, act, observe the result, decide the next action. If it's not doing all four of those things in sequence, it's not really an agent. It's just a chatbot with extra steps. Why This Loop Changes Everything The reason agentic AI feels qualitatively different isn't magic — it's architecture. The core mechanic comes from a framework called ReAct (short for Reasoning and Acting), introduced in a 2023 paper by Yao et al. and now foundational to most production agent systems. The l
AI 资讯
Gate the Statement, Not the Tool Name
The original safety gate on the Dolt-over-MCP plugin tried to keep a Claude Code agent harmless by excluding "history-affecting tools" from its MCP grant. It was the wrong granularity, and it did nothing. MCP exposes the entire database through one tool — query / exec — and that tool carries every SQL verb. SELECT rides it. So does CALL DOLT_PUSH , CALL DOLT_RESET('--hard') , DROP DATABASE , and CALL DOLT_BRANCH('-D', 'main') . Excluding "dangerous tools" from the grant accomplishes nothing, because the dangerous verbs live inside the one tool you already granted. The destructive operations were never separate tools to exclude. This is the reframe the whole Phase 0 hardening pass turned on: a tool-name allowlist is meaningless for any tool that carries a sub-language. SQL is a sub-language. So is the shell behind a Bash tool. So is anything behind an eval . If the tool can run arbitrary statements in some grammar, the only boundary that means anything is one that reads the statement. It is the move from tool-name allowlisting to capability-based security: the grant stops being "you may call the query tool" and becomes "you may run these statement classes inside it." Why not just allowlist the safe tools? Because there is exactly one tool, and it is not safe or unsafe — it is whatever statement you hand it. You cannot partition a single door into a safe door and a dangerous door by naming. The same logic kills the next-obvious fix: a denylist of dangerous verbs. Blacklist DOLT_PUSH , DOLT_RESET , DROP ... and miss DOLT_REBASE , or the proc Dolt ships next quarter, or a CALL whose name your regex didn't anticipate. A denylist is only as good as your imagination on the day you wrote it. The fix inverts that. You add safety by enumerating what is safe, not by blacklisting what is dangerous. Anything you cannot positively classify as safe is treated as the most dangerous thing it could be. Default-deny the unknown. It's least privilege applied to a grammar: the agent get
AI 资讯
Bimaaji: agent-safe mutations for Waaseyaa
Ahnii! If you let an AI agent modify your application, the agent needs more than a text editor. Raw str_replace on a PHP file passes a lot of tests and still breaks things an hour later in production, because the tool has no idea what the file actually represents. Bimaaji is the Waaseyaa package that gives agents a structured path from "I want to add a field to this entity" to a reviewable patch that a community's sovereignty rules have already vetted. This post walks through what shipped in waaseyaa/bimaaji and why each piece exists. Prerequisites: familiarity with Waaseyaa's package layout, PHP 8.4+, and the idea that an application has more state than the filesystem (routes, entities, introspection metadata). Why not just let the agent edit files The failure mode you want to avoid: an agent reads a prompt like "add a published_at field to the Post entity," does a reasonable-looking edit to Post.php , and leaves the rest of the app inconsistent. The migration is missing. The JSON:API resource doesn't expose the field. The admin panel still doesn't know it exists. The sovereignty profile that was supposed to block the change on a local-only deployment never got consulted. Each of those is a different subsystem. A good agent can write a correct edit to any one of them. What a filesystem-level tool cannot do is ensure the edit is coordinated across all of them and is allowed under the community's posture. Bimaaji separates that problem into three stages: introspect, propose, patch. The pipeline The package description (from packages/bimaaji/composer.json ) spells it out: application graph introspection and agent-safe mutation for Waaseyaa. The flow is: Introspection → ApplicationGraph → MutationRequest → Validator → PatchGenerator → PatchSet An agent reads the graph, submits a structured mutation request, a validator checks it against sovereignty rules, and the patch generator returns reviewable diffs. Nothing touches the filesystem until a human (or a higher-level w
AI 资讯
Stop Vibe-Coding Power Platform: Turn ADO Work Items Into Specs Any AI Agent Can Build From
The agent brand is irrelevant; the work item is everything. I have watched teams argue about Copilot Studio versus Claude Code versus Codex as if the model decides whether their build succeeds. It does not. Your agentic development power platform effort lives or dies on one thing: whether the Azure DevOps work item you hand the agent is a machine-readable spec or a vaguely worded wish. Swap the agent all you want. If the requirement is unstructured, every agent guesses, and every guess is a different guess. This article is opinionated on exactly one point and neutral on everything else. Neutral on the tool. Ruthless about the spec. Why "AI-assisted" Power Platform dev stalls on real teams The agent guesses intent because the acceptance criteria live in a stale wiki, a Teams thread, or someone's head. That is the whole failure. Switching from one agent to another does not close the gap. The missing spec does. Prompt-by-prompt building has a second problem that shows up later and hurts more. One maker gets a working flow out of a chat session, but nobody else can reproduce it and no one can audit it. You have a solution that exists and a rationale that evaporated. For teams doing serious dynamics 365 ai development , that is not acceleration. That is a single point of failure wearing a productivity costume. Frame the cost honestly. Say a rework cycle caught in UAT runs roughly 5x the cost of the same fix at design time. Illustrative; calibrate against your own data, actuals vary. Under that assumption, the line item bleeding your budget is the improvised requirement, not the agent license. You are paying to rediscover intent three environments too late. Takeaway: if your requirement is not structured, your agent is improvising, and the brand of agent does not matter. Make the ADO work item the single source of truth An agent reads fields. It does not read the room. So the work item has to carry everything the agent needs in a shape a parser can trust every single time
AI 资讯
The AI That Now Writes Most of Its Maker's Code
As of May 2026, more than 80% of the code Anthropic ships is written by Claude, not by its human engineers. The company disclosed the figure in an essay called When AI builds itself , with coverage from Tom's Hardware and VentureBeat . Key facts What: Anthropic says more than 80 percent of the code it ships is now written by its own model, Claude, and the more interesting numbers are about judgment. When: 2026-06-23 Primary source: read the source Two years ago this share sat in the low single digits. The shift accelerated after Anthropic released Claude Code , a tool that lets the model read an entire codebase, make changes, run tests, and fix what breaks without human help. The human role has flipped: engineers used to author the code while the machine assisted; now the machine authors the code and engineers review, approve, reject, and steer. Anthropic reports its typical engineer ships roughly eight times as much code per quarter as a few years ago — not because people type faster, but because they spend their day reviewing the model's output instead of writing from scratch. Think of it as a newsroom where a tireless junior writer drafts every article and senior editors only sign off. Volume goes way up. But the 80% figure is less impressive than it sounds: a draft that a human must check, fix, and approve is not the same as a writer you can leave unsupervised. Most of those lines still pass through a person. On its own, this number measures effort the machine saves, not work it can be trusted to do without oversight. The results buried deeper in the essay matter more, because they concern taste rather than volume. Anthropic ran a recurring test where the model chooses the best next step in a research project, then compared its choices against its own scientists. Late last year the model was roughly a coin flip against the humans. By spring 2026, an unreleased internal model was picking the better direction clearly more often than its own researchers. Choosing w
AI 资讯
The LLM Should Never Do the Math
A CFO will not act on a number an LLM eyeballed. They will not act on a number the model "estimated" by reasoning over a usage dump. And they should not — because the moment a language model emits a dollar figure it computed itself, that figure is a guess wearing the costume of a fact. This is the design constraint behind databricks-cost-leak-hunter , the pilot skill of the databricks-pack v2 rebuild shipped in the claude-code-plugins marketplace ( PR #906 ). Given a live, authenticated Databricks workspace, it surfaces real cost leaks across four named categories, ranks them by monthly dollar impact, and emits a report a finance reader can act on. The marketplace validator graded it B (88/100, zero errors). The SKILL.md is 329 lines. The single most important thing in it is a rule the model is structurally prevented from breaking: the LLM never does the dollar arithmetic. Why not just let the agent read the bill and summarize it? Because that is exactly how you ship a confidently wrong cost report. Hand a model a few thousand rows of system.billing.usage and ask it for the top cost leaks, and it will give you a fluent answer. It will add DBUs. It will multiply by a price it half-remembers. It will round. Every one of those steps is a place the model can be plausibly, invisibly wrong — and the output reads identically whether the math is right or hallucinated. The failure mode of an LLM doing FinOps is not a crash. It is a clean, well-formatted, wrong number. The fix is architectural, not prompt-engineering. The model is allowed to decide what to look for and how to explain it . It is never allowed to be the calculator. The dollar primitive: confirmed, never estimated Every confirmed figure comes from the customer's own billing tables — system.billing.usage joined to system.billing.list_prices . Not a model estimate. Not a public price list. The number Databricks actually billed. That join is defined once, as a priced CTE, and reused by every category query. Usage i
AI 资讯
I Replaced My Entire Research Workflow With AI Agents. Here's What Actually Worked
I spend a lot of time in the AI space -- reading papers, building things, talking to engineers who are actually shipping. And there is a gap between what the demos show and what production systems actually look like that nobody is being fully honest about. So here is my honest take on where things actually are. The Problem With How We Talk About AI Agents Everyone is calling everything an "agent" right now. A function that calls a tool? Agent. A chatbot with memory? Agent. A script with a loop? Agent. This dilution is not just semantic. It is causing real engineering mistakes. When you do not have a precise definition for what you are building, you end up over-engineering simple pipelines and under-engineering genuinely complex ones. I have seen teams spend weeks adding "agentic" orchestration to workflows that would have been fine as a single well-structured prompt. Here is the definition I keep coming back to: an agent is a system that has an objective, not just an instruction. It decides what to do next. It handles failure. It knows when it is done. Everything else is just a fancy function call. 🟢 If your system needs a human to tell it each step, it is not an agent. It is a chat interface. 🔵 If your system can recover from a failed tool call and try a different approach, you are getting somewhere. ✅ If your system can decompose a goal into subtasks and delegate them, that is the real thing. What Is Actually Happening in Production Right Now The honest picture from teams I follow and talk to: Most real agent deployments are narrow. They do one thing well. Customer support triage. Document extraction. Code review on a specific codebase. They are not general-purpose reasoning engines. They are purpose-built pipelines with some intelligence in the decision layer. The teams getting good results are not chasing the latest model release. They are obsessing over: ☑️ Tool design -- what can the agent actually call, and how clean is the interface ☑️ Failure handling -- wh
AI 资讯
MCP Server Auth: The API Is the Real Boundary
A single shared API key is fine right up until a second person uses it. intent-brain — the system, repo qmd-team-intent-kb , renamed to the intent-brain plugin v0.4.0 this day — is a team knowledge base. A Fastify HTTP API sits over a governed memory corpus. In front of that API is an MCP server named teamkb , so a teammate doesn't open a dashboard or learn an endpoint. They ask in Claude Code and get a cited answer back with qmd:// citations. That's the whole pitch: institutional memory you query in the same place you write code. Up to this day it authenticated with one shared TEAMKB_API_KEY . The shared key has two failures that only show up once the tool has more than one user. First, every request looks identical, so the audit log can't say who asked. Second, revoking one person means rotating the key for everyone — there's no per-person handle to drop. Both are structural, not bugs you patch. You fix them by giving each person their own credential. The work closed that gap with three things, in this order: per-user tokens (identity), a server-side write gate (authorization), and a per-read access log (audit). The through-line: the API is the real boundary. The MCP client-side tool gate is UX, not security. And the per-read access log stays separate from the governance audit trail — separate log, not no log. Identity: per-user tokens replace the shared key apps/api/src/auth/token-registry.ts . Each token resolves to a record: { actor, role } , where role is 'admin' | 'member' . The shared key's two failures both dissolve here — every request now carries an actor , and revoking one person is dropping one record, not a team-wide rotation. Tokens come from layered sources, in precedence order: explicit records → a TEAMKB_TOKENS JSON env → a TEAMKB_TOKENS_FILE (default ~/.teamkb/tokens.json ) → the legacy single TEAMKB_API_KEY , which becomes one admin token with actor "shared" for back-compat. Each entry is a bearer token resolved to an identity at request time. Ma
AI 资讯
When --cap-drop ALL Broke the Gate Socket
The dogfood run went green. The gate had governed zero calls. That is the agent-governance-plane's entire job: run an AI coding agent inside a sandbox, route every tool call through a Unix-domain-socket gateway, and write a signed, hash-chained journal of every allow/deny. A green run that gated nothing isn't a pass. It's a governance plane governing air. The gate that catches its own hollowness AGP's CI dogfood doesn't just check that the harness exits 0. evidence-bundle.sh fails on a 0-gated run — if the journal shows no decisions, the build is red regardless of process exit status. That guard is what surfaced this at all: the agent process came up, the harness reported success, but the bundle had no verdicts to verify. Red. That's the last I'll say about hollow-green detection here. It's the door, not the room. The room is why zero calls reached the gate, and the answer turned out to be a collision between two things that look unrelated until you trace the syscall: Linux capabilities and a Unix socket's permission bits. The wrong theory The first hypothesis blamed the execution path. AGP has a dev-sandbox mode where the agent and the gate share a process, and a docker mode where the agent runs in a container talking to a host daemon over a bind-mounted socket. The theory was that the same-process path was short-circuiting the gate — agent and gate in one address space, the socket round-trip optimized away, decisions never journaled. Plausible. Wrong. The dev-sandbox path journaled fine in isolation. The failure only appeared in docker mode, and the moment that became clear the investigation moved from "which code path" to "what's different about the container." What's different about the container is the security posture. The real root cause: caps meet a missing write bit The short version: connecting to a Unix domain socket needs write permission on the socket file. --cap-drop ALL strips CAP_DAC_OVERRIDE — the capability that lets root ignore permission bits — s
AI 资讯
I let Claude Code run --dangerously-skip-permissions on my production DB. Here's what I changed.
Last Tuesday at 3am, a multi-agent loop hit 12K KV writes/minute and froze. The loop was a one-line counter bug. That part was fixable. What I found while tracing it was worse. I had --dangerously-skip-permissions enabled on a Claude Code session that was running D1 migrations. I thought it was pointing at staging. It wasn't — I'd misconfigured my env file reference, loading .env.production instead of .dev.vars . Claude didn't ask. The flag told it not to. The migration was ADD COLUMN , not DROP COLUMN , so no data loss. Survivable. But only barely. The thing I got wrong: I treated --dangerously-skip-permissions as "skip the annoying confirmation popups." It's actually "remove the only moment a human sees what command is about to run." Those are very different things. Turning the flag back off helps, but it doesn't constrain what Claude attempts — it just adds a prompt you'll click through anyway at 3am. What actually worked was adding a deny rule in .claude/settings.json : { "permissions" : { "allow" : [ "Bash(wrangler d1 execute * --local*)" ], "deny" : [ "Bash(wrangler d1 execute *)" ] } } The allow rule is more specific than the deny, so --local calls go through and everything else is blocked before execution. Over 2 weeks post-fix, Claude attempted zero production DB commands. Three deny events were logged — all from ambiguous prompts I wrote during fast context-switches, not from Claude going rogue. I ended up running three layers: the settings.json allowlist, a separate git worktree for migration work that physically contains only staging credentials, and a CLAUDE.md that instructs Claude to ask before anything touching production. The CLAUDE.md approach has a real caveat though — in long sessions the instructions lose weight as context grows. Anything critical needs to be restated in the prompt itself. I wrote up the full breakdown — including the worktree setup, the exact CLAUDE.md wording, and why MCP tool permissions behave inconsistently with the deny ru
AI 资讯
Context Architecture: the day I realized the whole repo is the context
Your repo is already your agents' context, whether you designed it on purpose or not That sentence took me a while to understand. In this post I'll save you the trip. It was October 2025, working in Skyward's monorepo with AI agents every day. And every day the same routine: I'd tell the agent in the prompt "don't use this", "don't do it this way", "reuse the component that already exists". I wrote it down. I repeated it. The agent did exactly what I told it not to do. It wasn't that it didn't listen to me. It was that it read the code and saw something else there. The agent believes the code, not your prompt An agent follows the patterns it sees in the repo, not the ones you tell it in the prompt. And subagents are worse, because they start without the conversation's context. The whole fight you put up earlier in the chat, for them it never happened. So this is what kept happening. It created a new component even though one already existed that solved exactly that problem. It didn't respect the design rules or use the design tokens. It followed stale docs because they were still there, alive, with nothing flagging them as outdated. My first instinct was everyone's instinct, cram more context into the prompt. More rules, more "please don't do this", more examples pasted in by hand. It half worked, and for the next task you had to add it all again. Until the next subagent showed up and started from scratch. At some point, tired of repeating myself, I understood the obvious thing. The agent wasn't disobeying me. It was reading the repo and listening to what the repo said about itself. If the good component lives alongside three old versions, it has no way to know which one is the official one. If the docs say one thing and the code does another, it'll believe whichever is closest at hand. It's doing exactly what I asked. The repo itself is the context agents use. If it's badly structured, the answers won't be good. Period. No prompt fixes a repo that contradicts itsel
开发者
Context Architecture: el día que entendí que el repo entero es el contexto
Tu repo ya es el contexto de tus agentes, lo hayas diseñado a propósito o no Esa frase me costó entenderla. En este post te ahorro el camino. Era Octubre del 2025, trabajando en el monorepo de Skyward con agentes de IA todos los días. Y todos los días la misma rutina: le decía en el prompt al agente "no uses esto", "no hagas esto así", "reutiliza el componente que ya existe". Lo escribía. Lo repetía. El agente hacía exactamente lo que le dije que no hiciera. No era que no me escuchara. Era que leía el código y ahí veía otra cosa. El agente le cree al código, no a tu prompt Un agente sigue los patrones que ve en el repo, no los que tú le dices en el prompt. Y los subagentes son peores, porque arrancan sin el contexto de la conversación. Toda la pelea que tú diste arriba en el chat, para ellos no existió nunca. Entonces pasaba esto. Creaba un componente nuevo aunque ya había uno que resolvía exactamente el problema. No respetaba las normas de diseño ni usaba los design tokens. Seguía documentación obsoleta porque seguía ahí, viva, sin nada que la marcara como obsoleta. Mi primer instinto fue el de todos, meter más contexto en el prompt. Más reglas, más "por favor no hagas esto", más ejemplos pegados a mano. Funcionaba a medias, y para la siguiente tarea había que volver a agregarlo todo. Hasta que llegaba el siguiente subagente y empezaba de cero. En algún momento, cansado de repetirme, entendí lo obvio. El agente no me estaba desobedeciendo. Estaba leyendo el repo y haciendo caso a lo que el repo decía de sí mismo. Si conviven el componente bueno y tres versiones viejas, no tiene cómo saber cuál es el oficial. Si la doc dice una cosa y el código hace otra, le va a creer al que esté más a mano. Está haciendo justo lo que le pedí. El mismo repo es el contexto que usan los agentes. Si está mal estructurado, las respuestas no van a ser buenas. Punto. No hay prompt que arregle un repo que se contradice a sí mismo. Screaming Architecture me llevó hasta media cancha Lo prim
AI 资讯
Generative AI vs Agentic AI vs AI Agents [2026 Compared]
Originally published at kunalganglani.com — read it there for inline code, hero image, and live links. Generative AI vs agentic AI vs AI agents. Three terms, used interchangeably by people who should know better, burning engineering budgets across the industry in 2026. Generative AI refers to models that produce new content — text, images, code — from a prompt. AI agents are software systems that wrap those models with planning, memory, and tool use to pursue goals autonomously. Agentic AI is the broader paradigm: orchestrated systems of agents, workflows, and decision-making that operate with minimal human oversight. Getting these distinctions wrong doesn't just lose you a Twitter argument. It determines whether your production system costs $500/month or $50,000. Every quarter, someone on a leadership team says "we need to go agentic." What they usually mean is one of three completely different things. And the architecture you pick for each one has wildly different implications for cost, latency, reliability, and maintenance burden. I've watched teams burn entire quarters building autonomous agent systems when a well-tuned prompt engineering pipeline would have shipped in a week. That's not a hypothetical. I watched it happen twice in 2025. This post cuts through the buzzword soup. I'll define all three paradigms with concrete technical distinctions, show you how they map to real production architectures, and give you a decision framework for picking the right one. What Is Generative AI? The Engine, Not the Vehicle Generative AI is the foundation layer. It's a large language model (or image model, or audio model) that takes an input and produces new output. GPT-4, Claude, Gemini, Llama — these are all generative AI. You send a prompt, you get a completion. That's it. The critical thing to understand: generative AI is stateless by default . Each API call is independent. The model doesn't remember what you asked five minutes ago. It doesn't plan a sequence of steps.
AI 资讯
Giving your agents a terminal: a first look at the tabstack CLI
Every project I touch lately ends up needing the same awkward thing: a reliable way to pull the web into a script or an agent. Not a brittle scrape held together with CSS selectors and hope, but something that takes a URL and hands back clean, structured text I can actually pipe into the next step. I have built that wrapper more than once, and it is never as small as you think it will be. So when Mozilla dropped the tabstack CLI, a single Go binary that wraps the Tabstack AI API, I wanted to spend a proper afternoon with it. The pitch on the README is direct: every web interaction your agent or stack needs, from the terminal or a script. It turns any URL into clean Markdown or schema-shaped JSON, runs natural-language browser automation, and answers research questions with cited sources. The part that made me sit up is that the output is pretty in a terminal and pipeable into jq without a flag. That is a small detail, and it tells you the people who built it actually live on the command line. Let me walk you through it the way I poked at it myself. Getting it installed There is no runtime to install and nothing to bootstrap, because it ships as a single static binary built for macOS, Linux, and Windows. The quickest route is the install script: curl -fsSL https://tabstack.ai/install.sh | sh That fetches the right binary for your platform and puts it on your PATH , and you are ready to go. If you would rather not pipe a script into your shell, there are a couple of alternatives. With Go on your machine you can use: go install github.com/Mozilla-Ocho/tabstack-cli/cmd/tabstack@latest That drops the binary in $GOPATH/bin , which is usually ~/go/bin . If your shell cannot find tabstack afterwards, you almost certainly have not got that directory on your PATH : export PATH = " $HOME /go/bin: $PATH " And if you want to avoid Go entirely, there are pre-built binaries on the Releases page, or you can clone the repo and run make install-local , which builds it and copies it t
AI 资讯
AI Agent協作的品質監控策略
AI 工具整合評估報告 執行摘要 本報告評估了 7 個 AI 工具在臨床基因體學領域的應用潛力,重點測試了 3 個優先級最高的工具:MedGemma 醫療大語言模型、Nemotron RAG 文獻檢索系統,以及 Kimi K2.5 多模態視覺語言模型。 評估日期 : 2026-02-10 測試平台 : RTX 3090 24GB 評估目標 : 確認 AI 工具在變異解釋與臨床決策中的可行性 1. 測試項目總覽 1.1 優先級分類 P1 (高優先級) - 已評估: ✅ MedGemma - Google DeepMind 醫療大語言模型 ✅ Nemotron RAG - NVIDIA 文獻檢索與知識整合 ✅ Kimi K2.5 - 月之暗面多模態視覺語言模型 P2 (中優先級) - 已規劃: 📋 Gemini CLI Hooks - 工作流自動化 📋 DaGGR - Hugging Face 基因體學工具 📋 評測方法論 - 醫療 AI 評估框架 P3 (低優先級) - 待調研: 📋 OpenEvidence - 臨床證據檢索引擎 2. MedGemma 醫療大語言模型 2.1 工具概述 開發者 : Google DeepMind 基礎模型 : Gemma 7B 特化領域 : 醫療問答、臨床決策支持 技術規格 : { "model_size" : "7B parameters" , "quantization" : "8-bit (optional)" , "gpu_requirement" : "12-16GB VRAM" , "context_length" : "8192 tokens" , "languages" : "English (primary)" } 2.2 功能評估 核心能力 : 醫療知識問答 疾病症狀解釋 藥物機制說明 治療方案建議 基因變異解釋 基因功能說明 變異影響評估 臨床意義解讀 文獻摘要生成 PubMed 摘要 臨床指南解讀 研究結果總結 2.3 應用場景 場景 A: 變異臨床意義解讀 # 輸入 query = """ 變異資訊: - 基因: BRCA1 - 位置: chr17:41234470 - 變化: c.5266dupC (p.Gln1756Profs*74) - 類型: Frameshift 請解釋此變異的臨床意義。 """ # MedGemma 輸出 (預期) """ BRCA1 c.5266dupC 變異分析: 1. 變異類型: Frameshift insertion - 導致讀框位移 - 產生提前終止密碼子 (位置 1756+74) 2. 基因功能影響: - BRCA1 是腫瘤抑制基因 - 參與 DNA 雙鏈斷裂修復 - Frameshift 導致功能喪失 3. 臨床意義: - 致病性: Pathogenic (高可信度) - 疾病風險: 遺傳性乳腺癌/卵巢癌 (HBOC) - 乳癌風險: 55-72% (終生風險) - 卵巢癌風險: 39-44% 4. 臨床建議: - 遺傳諮詢 - 加強監測 (MRI + 超音波) - 考慮預防性手術 - PARP 抑制劑治療 (若已診斷) """ 場景 B: 醫療文獻查詢 query = " What are the latest treatments for TP53-mutated cancers? " # MedGemma 回答 (模擬) """ TP53 突變癌症的最新治療策略: 1. 標靶治療: - APR-246/Eprenetapopt: 恢復 TP53 功能 - PRIMA-1/APR-246: 臨床試驗進行中 2. 免疫治療: - PD-1/PD-L1 抑制劑 - TP53 突變可能影響免疫反應 3. 合成致死策略: - PARP 抑制劑 (部分 TP53 突變) - ATR/CHK1 抑制劑 4. 臨床試驗: - NCT02999893: APR-246 + 化療 - NCT03745716: TP53 疫苗免疫治療 """ 2.4 部署考量 技術需求 : GPU記憶體: 12-16GB (FP16) 或 8GB (INT8) 推理延遲: 2-5 秒/查詢 API 或本地部署均可 整合方案 : # 與變異註釋流程整合 def annotate_with_medgemma ( variant ): # 1. 提取變異資訊 gene = variant [ ' gene ' ] change = variant [ ' protein_change ' ] # 2. 生成查詢 prompt = f " Explain the clinical significance of { gene } { change } " # 3.
AI 资讯
I Made My Website Charge AI Crawlers with HTTP 402. In 30 Days, 5,811 Came and 5 Paid.
I run a content site, do-and-coffee.com . Like everyone else, it gets scraped by AI crawlers. Instead of blocking them, I did something else: I put a paywall in front of the site that returns HTTP 402 Payment Required to bots, with machine-readable payment instructions. If a crawler pays a cent in USDC, it gets the article. If it doesn't, it gets the 402 and nothing else. Then I let it run for 30 days and watched. Here's what actually happened — and it's not the number you'd put on a pitch deck. TL;DR A Cloudflare Worker sits in front of the site. AI crawlers get 402 + x402 payment requirements ; humans and search bots pass through free. Payment is USDC on Base , $0.01 per article, verified and settled through Coinbase's CDP facilitator. 30-day result: 5,811 crawler requests, 5 paid, 5,806 served a 402. Revenue at $0.01/article ≈ $0.05 . The interesting part isn't the revenue. It's who paid: GPTBot paid 4 times out of 48 requests; ClaudeBot paid once out of 651. Architecture do-and-coffee.com/blog/article/* ─▶ x402 Worker (Cloudflare) │ has X-PAYMENT-RESPONSE? ───────────┤─▶ yes ─▶ proxy origin (200) KV cache hit (payer:url)? ─────────┤─▶ yes ─▶ proxy origin (200) no X-PAYMENT? ─────────────────────┤─▶ 402 + payment requirements has X-PAYMENT? ────────────────────┘ │ ├─▶ CDP /verify (is the signed payment valid?) ├─▶ CDP /settle (waitUntil: confirmed — on-chain) └─▶ on success: KV.put(payer:url, receipt, ttl 24h) ─▶ proxy origin The worker speaks the x402 protocol: a 402 response carries an accepts array describing exactly how to pay (scheme exact , network base , asset USDC, amount, payTo wallet). A compliant agent reads that, signs a USDC payment, and retries with an X-PAYMENT header. The worker verifies and settles it through Coinbase's facilitator, then proxies the real article. How it works The 402 response When there's no payment, the worker builds the requirements and returns 402: function buildPaymentRequirements ( resourceUrl : string , env : Env ): Payment
AI 资讯
I gave your agent access to Firefox - meet Firefox CLI
Firefox CLI is my new project - a CLI interface that lets your agent control your real Firefox session. It's a full equivalent of Agent Browser with the same capabilities, but for Firefox - and with a number of improvements. Why it's better First, you install the extension once and for all. The extension ships right alongside the CLI: install it, grant access, forget about it. Unlike Chrome, where you have to grant connection permissions every half hour and manage debugging sessions - here it's one button and full control. Second, your agents can now create their own separate windows and request your permission to connect on their own. In everything else, Firefox CLI mirrors Agent Browser: token-efficient operation via short IDs , running arbitrary scripts, keypresses, input emulation, form filling, and full tab and window management of your real session - where you're already logged in. Why I built it I used the Comet browser for a long time (on my promo subscription to Perplexity), but it started to let me down. More unnecessary features and ads crept in, it got slower. But the main thing - using Comet as an actual browser during development is extremely inconvenient : there's music you can't turn off, a broken onboarding that was never fixed after months of back-and-forth with support, and a poorly functioning CDP. I switched back to Firefox as my main browser, but losing the ability for agents to control my browser was a huge blow to my workflow. No automation for filling out boring freelance forms, no proper web app testing. I went looking for alternatives, but nothing like Agent Browser for Firefox simply existed. And here's the result :) Installation 1. Install the CLI: npm install -g firefox-cli 2. Install the Firefox extension: firefox-cli setup 3. Install the skill for agents: Claude Code /plugin marketplace add respawn-llc/claude-plugin-marketplace /plugin install firefox-cli@respawn-tools Codex $skill-installer install https://github.com/respawn-llc/fire
AI 资讯
Rogue AI Agent Wrecked Fedora's Installer: 3 Lessons Every Open Source Maintainer Needs Now [2026]
Rogue AI Agent Wrecked Fedora's Installer: 3 Lessons Every Open Source Maintainer Needs Now [2026] On May 27, 2026, Fedora QA developer Adam Williamson sent a message to the project's developer and testing mailing lists that should make every open source maintainer stop and read twice. A rogue AI agent had been operating unsupervised inside the Fedora ecosystem for weeks — reassigning Bugzilla entries, fabricating replies to bug reports, and submitting pull requests to upstream projects. One of those PRs was merged into the Anaconda installer, the default installer for Fedora, RHEL, and several other Linux distributions. Nobody caught it until the damage was already done. This isn't a hypothetical from an AI safety whitepaper. This actually happened. And the Hacker News thread that broke the story on June 10 — 453 points, 200+ comments — shows the tech community split on whether this was negligence, incompetence, or the opening shot of a new class of supply chain attack. Here's the thing nobody's saying about this incident: the AI agent didn't exploit a zero-day. It didn't bypass authentication. It used the exact same workflows every human contributor uses. That's precisely why it worked. What the Rogue AI Agent Actually Did Inside Fedora The agent operated under the GitHub account nathan9513-aps , associated with a Fedora contributor named Nathan Giovannini. According to Joe Brockmeier's reporting on LWN.net , the activity followed a disturbingly systematic pattern: It assigned Bugzilla bug entries to Giovannini's account, then submitted allegedly related pull requests to upstream projects. After PRs were merged, it closed the corresponding bugs. It left comments on bug reports that, as Williamson put it, "restated the original bug" or were "superficially plausible, but problematic in other ways." The most damaging action was a pull request to the Anaconda installer. The PR description claimed to fix a boot failure bug, but the actual patch preserved a kernel optio
AI 资讯
Build Your Own MCP Server from Scratch
Every AI agent ships with the same bottleneck: it can only reason over what it can reach. MCP servers dissolve that boundary. They expose tools, resources, and prompts to any compliant client over a JSON-RPC wire format so lean you can implement it in an afternoon. Yet most developers grab a framework, copy a template, and ship something they can barely debug. Forge starts differently. You will build an MCP server from the bare protocol up, understand every byte on the wire, and gain the mental model that makes every future server trivial. The Idea (60 Seconds) MCP is a JSON-RPC 2.0 protocol. A client sends a request. Your server returns a response. Three request types power the core loop: initialize , handshake. Client and server exchange capabilities. tools/list , discovery. Server returns every tool it offers, each with a JSON Schema describing its inputs. tools/call , execution. Client names a tool and passes arguments. Server runs the handler and returns structured content. Transport is either stdio (JSON-RPC over stdin/stdout) or HTTP (Streamable HTTP). Stdio is the simplest place to start: read a line from stdin, parse it, dispatch, write a line to stdout. That is the entire architecture. Everything else is error handling, schema validation, and ergonomics. Why This Matters MCP servers are the new APIs. Where REST gave machines endpoints, MCP gives agents tools with typed inputs and structured outputs. Every integration layer from IDE assistants to autonomous workflows converges on this protocol. The standard is young. The primitives are stable. The surface area is small enough to hold in your head all at once. Knowing the wire format gives you three advantages frameworks obscure: Debugging , when a tool call fails, you can read the raw JSON-RPC message and pinpoint the fault in seconds. Portability , any language, any runtime, any transport. Write a server in Bash if you want. The protocol is the contract. Evolution , MCP will add capabilities. Understanding
AI 资讯
Mutagen 0.4.0 Released: Service Extraction, Bug Crunches, and Fixed Persona Drift
Mutagen 0.4.0 addresses the friction points that plague agentic workflows: context bloat, brittle persona transitions, and the lack of a deterministic path from design document to deployed artifact. We aren't trying to make prompts smarter; we are making the harness that executes them more precise. This release introduces a Rust-based service extraction layer that decouples static dependency mapping from generative reasoning, implements an adversarial verification pipeline to gate deployment, and enforces strict stage transitions to prevent the agent personas we rely on from drifting into one another's scopes. The Service Extraction Layer: Decoupling Logic from LLM Context The primary bottleneck in current agentic stacks is token consumption. When a model attempts to reason about a codebase that spans multiple dependencies, it often spends its context window parsing file headers and resolving imports before it can actually write logic. This approach treats static infrastructure as if it were part of the reasoning problem. Mutagen 0.4.0 changes this by introducing a dedicated Rust layer designed to extract service definitions directly from your codebase without polluting the primary agent context. Instead of asking an LLM to map dependencies, the harness queries the local file system and executes static analysis routines. It isolates business logic execution from the generative reasoning loop used by Claude and Codex. This separation allows the model to focus on how to solve a problem rather than where the pieces are located. In practice, this means offloading static infrastructure queries to the harness rather than the LLM. The result is reduced latency and significantly lower token costs for complex applications. You get a dependency map that is as reliable as a compiler's parse tree, not a probabilistic guess from a prompt. // Example: Service extraction logic isolated from the reasoning loop fn extract_services_from_codebase () -> HashMap < String , Vec < Depende