今日已更新 412 条资讯 | 累计 19972 条内容
关于我们

标签:#aiops

找到 10 篇相关文章

AI 资讯

As SpaceX deal looms, Cursor partners with Chainguard to secure open-source dependencies in AI-built code

Cursor has spent the past week in headlines after confirming a partnership with SpaceX that could eventually lead to a $60 billion acquisition . The deal, for now, centres on training more capable coding models using SpaceX’s compute infrastructure. Alongside that push on model performance, however, Cursor is now addressing a separate issue: the reliability of the code those models produce. Cursor has partnered with Chainguard , which provides verified open-source packages, to route dependencies through its curated repositories, aiming to reduce the risk of compromised components entering AI-built applications. The announcement lands as AI coding tools push more software into production with less human review, raising questions about how much of that code can be trusted. Supply chain risks in the agentic era The partnership addresses a problem developers know all too well. Modern applications depend heavily on open-source libraries and container images, most of which are pulled from public registries such as npm, PyPI, and Docker Hub. Those registries operate on openness, with limited checks in place. Developers — and now AI agents — often install dependencies without knowing who built them or whether they have been tampered with. Recent incidents have underlined the risk . In March, projects such as Trivy, LiteLLM, Telnyx, and Axios were compromised, with attackers using poisoned packages to steal credentials and spread malware. For teams using AI-generated code, the exposure increases. Agents can select and install dependencies automatically, making trust decisions at a pace that outstrips manual review. As Chainguard co-founder and CEO Dan Lorenc put it, generating code is becoming routine — checking its integrity is where the pressure now sits. “AI agents are making dependency decisions at a scale and speed no security team can manually review,” he wrote in a blog post . “As organizations adopt agentic development, the biggest blocker is no longer how fast code

2026-07-06 原文 →
AI 资讯

How context travels in a multi-agent world

Engineering teams building with AI agents have largely solved the single-agent problem. The harder challenge arrives when capabilities get split across multiple independently deployed agents — each owned by a different team, each running on its own release cadence. Keeping a coherent conversation alive across those boundaries turns out to be one of the messier architectural questions in production agent systems today, and one that Tessl's own work on context engineering and skill sprawl has been circling from a different angle. Microsoft's Industry Solutions Engineering ( ISE ) team, which embeds with clients on complex technical engagements, has published a detailed account of how they tackled that context problem in a recent engagement. Working with Agent2Agent (A2A ) — an open agent communication protocol originally developed by Google and now maintained by a cross-vendor technical steering committee at the Linux Foundation — they needed coordinator agents to hand off conversational history to domain agents that held no shared infrastructure and no persistent memory. Where the Model Context Protocol ( MCP ) standardises how agents connect to tools and data, A2A operates at a different level : it defines how agents communicate with each other as peers, passing tasks and messages across service boundaries. Shared storage creates dependencies agents shouldn't have Microsoft says it evaluated three core approaches before settling on the one that worked best. The first option entailed domain agents reading from a shared storage layer, using a common identifier to retrieve conversation history. The appeal with this is minimal message size and a single source of truth, but it requires every domain agent to have credentials and connectivity to storage owned by another team — a dependency that becomes unwieldy fast when agents cross organisational lines. A second option makes each domain agent stateful, maintaining its own record of the conversation. However, the operatio

2026-07-02 原文 →
AI 资讯

Why Warp is betting engineering leaders are done picking a favourite coding agent

Engineering leaders have spent the past year trying to get their teams to adopt AI coding tools as quickly as possible. Now, a new set of questions has taken over: how do you measure whether any of it is worth the money, and how do you stop agents from running unchecked on production systems? Developer tooling company Warp , an open agentic development environment built from the terminal up, thinks the answer isn't picking a single agent and standardising on it — it's giving teams a way to run several at once, compare them, and govern all of them from a single control plane. As Tessl wrote back in February, orchestration has emerged as a discipline in its own right — a dedicated layer of tooling for coordinating, supervising and directing multiple agents running in parallel. Back in February, Warp launched Oz as a cloud platform for running and managing coding agents at scale. Now, Warp is taking things a step further. In May, the company expanded Oz into what it's calling the first multi-harness control plane — meaning teams can now run Claude Code, Codex and Warp Agent simultaneously through a single interface, rather than committing to any one of them. Tessl caught up with Warp CEO Zach Lloyd to discuss how engineering leaders are thinking about agent fleets, what the harness layer actually changes, and where the lines between autonomy and human oversight are really being drawn. "The wild west": how the agent gold rush became a budget problem Zach spent several years at Google, leading engineering on Docs and Sheets before co-founding photo-editing startup SelfMade . He later served as interim CTO at Time, before founding Warp in 2020, raising north of $70 million in funding from the likes of Sequoia, Google Ventures, Figma co-founder Dylan Field, and Salesforce’s co-founder Marc Benioff. That background — building collaborative tools at Google scale, then navigating the startup world — gives Zach a particular vantage point on how quickly the engineering tooling

2026-06-29 原文 →
AI 资讯

How Small Can an Agent Model Get? The Nemotron Floor

Most model comparisons ask which model is best. This one starts with a model that never even produced a single result. We tested NVIDIA's open-weight Nemotron family, from the 30B Nano to the 120B Super, on a benchmark of real-world coding tasks: the kind of models an indie developer on a tight budget, or an enterprise cutting inference cost and keeping data in-house, would run. The main finding is that model size is not a dial you turn for a little more quality, it is a threshold. Below a certain capability floor a model cannot drive an agent loop at all, which is why the smallest variant we tried, Nano 12B, produced nothing to score. Above the floor, the question stops being which model is cheapest and becomes which one clears the bar your work actually needs: Nano 30B is an extremely cheap workhorse for narrow, well-scoped jobs, while Super 120B is the size that holds up on demanding multi-step agent work. An agent size floor is the minimum model capacity below which a model cannot reliably complete the act-observe-decide loop an agent depends on. Below it you don't get a slower or sloppier agent, you get a non-agent: a model that reads the task, takes a few steps, and never converges. For anyone choosing a model, this changes the question from "which is cheaper" to "which clears the floor for my work", and that is the question to answer first. Where the numbers come from Every scenario in the evaluation is a real-world agent task tied to a published skill, scored on two axes: instruction-following (does the agent do what it was told, in the way it was told) and task-completion (does it reach the goal). The overall score weights instruction-following at 4 and task-completion at 3, then divides by 7. Each task runs with and without the skill, so the lift from the skill is visible directly. The tasks and skills are public, in the task-evals-for-skills dataset , so you can inspect any scenario yourself. This design is deliberate. The tasks are derived from published

2026-06-27 原文 →
AI 资讯

Common Pitfalls of Skills Development (And How to Fix Them)

I recently gave a version of this talk at AI Engineer Europe in London. What follows is the fuller story — what we found when we looked at thousands of skills, what goes wrong, and how to fix it. You know that scene in The Matrix? Neo gets a spike in the back of his head, they upload kung fu directly into his brain, and he just... knows it. That's what a skill is for an AI coding agent. You write a markdown file — a SKILL.md — and the agent loads it when the task matches. Suddenly it knows your team's deployment process, or how your API handles pagination, or that you never use semicolons. It's not code. It's context. Procedural knowledge, injected at the right moment. The thing is — Neo's upload worked perfectly. Ours? Not always. Skills are everywhere now We spent some time analysing essentially all of public GitHub. In November last year, 12 repos had SKILL.md files. By March — five thousand four hundred and sixty. That's 450x growth in fourteen weeks. Skills went from zero to 27% of all agent config activity in three months. Faster adoption than CLAUDE.md , AGENTS.md , or any of the dotfile formats before them. And 1 in 12 merged PRs on GitHub now touches an agent config file — 8.4%, up from basically zero eighteen months ago. This is not a niche thing anymore. This is how people are working. Watch on YouTube But are they electrifying? Ninety percent of agent config files are never updated after creation. Write once, forget forever. Your codebase evolves every day. Your dependencies change. Your API contracts shift. But the instructions you gave your agent? Frozen in time. For Gemini files it's even worse — 97% are write-once. And the purpose-built "skill-as-product" repos? Over half are under 50 kilobytes. Wrapper repos. Many are AI-generated. High churn, low staying power. We have this explosion of skills, and most of them are going stale the moment they're committed. What we did about it The DevRel team at Tessl spent a couple of months doing something pretty

2026-06-23 原文 →
AI 资讯

Evaluating Kimi 2.5 vs Kimi 2.6: What happens to agent skills when the model gets smarter?

When a stronger model ships, there are two questions every skill author should want answered, and evals are the only honest way to answer either: Which skills just got absorbed? A model that now knows how to do X natively does not need a skill telling it to do X. Fewer skills to maintain, leaner context, lower cost. Which skills still matter? Behaviour-level guidance (conventions, preferences, project-specific workflows) is not something pretraining will fill in for you. Those skills should keep paying. Moonshot gave us early access to Kimi K2.6. We ran the Tessl agent skill evaluation harness on the same 21 skills and 100 paired scenarios against three solvers: Kimi K2.5, Kimi K2.6, and Claude Sonnet 4.5. A solver is the model whose output the grader scores; a paired scenario is the same task run twice per solver, once without the skill installed and once with it. These are early signals from one pre-release on one skill set. A deeper cross-model analysis with clean baselines across the board is in progress and will be its own piece. What does our setup look like? Scenarios and rubrics are held fixed across the two Moonshot runs. The only variable is the solver. Solver A: Kimi K2.5 Solver B: Kimi K2.6 Scenario generator: Claude Sonnet 4.5, up to 5 scenarios per skill, derived from each skill's SKILL.md Grader: Claude Sonnet 4.5, weighted-checklist rubric derived from the same SKILL.md Per skill × per solver: every scenario solved twice, baseline (no skill installed) and with-skill Per-skill n=5 is noisy; the aggregate over 100 scenarios is where the signal lives. Three findings: Kimi 2.6 is a better model than K2.5: Without skills, K2.6 sits ~2 pp (percentage points) above K2.5 in aggregate, with double-digit moves on specific skills. Kimi 2.6 holds its own against Sonnet 4.5. We picked Sonnet 4.5 as a competitive baseline, and found in this evaluation set that the K2.6 performed better both in the with/without skill scenario by around ~8 p.p . Skills remain a dura

2026-06-21 原文 →
AI 资讯

From Invoice to Owner: A Practitioner's Guide to Request-Level AI Cost Attribution

TL;DR Provider invoices aggregate by model and billing period. They cannot tell you which team, product, or agent caused a cost spike. Request-level AI cost attribution links every API call to structured owner metadata (team, product, environment, trace ID) so investigations take minutes, not days. Three approaches exist: provider dashboard, gateway log enrichment, and application trace attribution. They differ sharply in setup cost and query granularity. Gateway log enrichment is the highest-leverage first step for most teams. It requires no changes to application code and covers all traffic behind the gateway. Real example: a platform team at a 60-person AI company discovered that 31% of their $18k/month spend came from a misconfigured retry loop in a background job, identified in under 20 minutes once request-level logs were searchable. Why Your Invoice Is Lying to You Your OpenAI invoice for last month shows $22,400. Your Anthropic invoice shows $6,800. Total: $29,200. Your CFO wants to know which business unit owns each line. You forward the invoices to your finance partner, who forwards them to three engineering managers, who reply with estimates that sum to $24,000 and do not match any real allocation. This is the standard state of LLM spend governance at companies between $5k and $50k per month in AI API costs. The invoices arrive, the spend is real, and attribution is a spreadsheet exercise done with guesses. The problem is structural. Provider billing aggregates by model and by billing period. It has no concept of your internal ownership model, your product boundaries, your tenant hierarchy, or your agent topology. A single gpt-4o line in your invoice might represent spend from a customer-facing chat feature, an internal summarization service, a nightly batch job, and three developers running experiments against production endpoints. You get one number. You have four or more owners. Request-level AI cost attribution is the practice of enriching every API c

2026-06-16 原文 →
AI 资讯

Playwright CLI for agent-driven workflows: sessions, debugging, and CI Sharding

Playwright has excellent tooling around browser automation, but most of the ecosystem still treats it as a test framework. For teams running AI coding agents and automated browser workflows, there is a different set of requirements: browser automation ↓ session persistence across runs ↓ debuggable traces when things go wrong ↓ parallel execution across CI shards The Playwright CLI directly addresses these gaps. It ships as a standalone npm package and exposes every browser operation as a CLI command; open, click, type, snapshot - without requiring a Node.js script or test runner. npm package: @playwright/cli GitHub: https://github.com/microsoft/playwright-cli The current implementation focuses on: session persistence with named instances and portable state video and trace recording built into every session CI sharding for parallel execution at scale session persistence The default behaviour keeps browser state in memory. Cookies and localStorage are preserved between CLI calls within the session, but cleared when the browser closes. For repeatable workflows, that breaks down fast — logging into an application before every run wastes time and introduces flakiness. Named sessions let you run multiple browser instances simultaneously and address them by name: playwright-cli -s=admin open https://app.example.com/admin playwright-cli -s=checkout open https://app.example.com/checkout Each session is an isolated browser instance. An agent can orchestrate workflows across multiple authenticated contexts without state leaking between them. The goal is straightforward: the same CLI binary should be able to maintain independent browser contexts for parallel workflows without requiring environment-specific configuration. The critical piece for CI and agent reuse is state persistence: log in once playwright-cli -s=admin open https://app.example.com/login playwright-cli -s=admin fill "#username" "admin" playwright-cli -s=admin fill "#password" "$ADMIN_PASS" playwright-cli -s=admi

2026-06-11 原文 →
AI 资讯

JaisCloud — A Free, Single-Binary AWS Emulator in Go

Why We Built JaisCloud — A Free, Single-Binary AWS Emulator in Go If you've ever tried to test AWS-dependent code locally, you've probably reached for LocalStack. It works — but it comes with baggage: Python runtime, Docker dependency, and the features most teams actually need locked behind a Pro subscription. JaisCloud is our answer to that problem. What is JaisCloud? JaisCloud is a free, open-source local AWS cloud emulator written entirely in Go. It implements the exact AWS wire protocols — Query/XML, JSON/Target, REST — so your existing SDK code points at JaisCloud and works unmodified. No shims, no proxy rewrites, no SDK patches. # Start it jaiscloud-aws start # Point your SDK at it export AWS_ENDPOINT_URL = http://localhost:4566 export AWS_ACCESS_KEY_ID = test export AWS_SECRET_ACCESS_KEY = test export AWS_REGION = us-east-1 # Your existing code works — no changes needed aws s3 mb s3://my-bucket aws sqs create-queue --queue-name my-queue The Problem With Existing Solutions JaisCloud LocalStack Community Moto Single static binary Yes No - Python + Docker No - Python library Zero runtime deps Yes No No Postgres persistence Yes Pro only No Real Spark/EMR execution Yes No No Apache Iceberg Yes No No Prometheus metrics Yes Pro only No State export / import Yes No No Deterministic time control Yes No No Written in Go Yes No No License Apache-2.0 Apache-2.0 Apache-2.0 Key Features Single Static Binary JaisCloud ships as a single Go binary per cloud. No Python, no Docker, no Node — just download and run. Works on laptop, CI runner, or Kubernetes pod. # Download and run — that is it ./jaiscloud-aws start # Or with Docker docker run --rm -p 4566:4566 rjaisval/jaiscloud-aws:latest Portable State Snapshots Export the complete emulator state — every resource, every account, every region to a single gzip tarball and restore it anywhere in milliseconds. # Capture a baseline jaiscloud-aws export -o baseline.tar.gz # Restore on a teammate's machine or CI runner jaiscloud-aws i

2026-05-28 原文 →