今日已更新 156 条资讯 | 累计 20626 条内容
关于我们

标签:#dev

找到 2564 篇相关文章

AI 资讯

PWA with React + Leaflet: lessons from a 31-city map app

Notes from shipping a real-world PWA in Korea: Vite SSG is worth it. SPAs lose Korean SEO because Naver's crawler doesn't fully render JS. Leaflet > Mapbox for cost-sensitive projects. Free OSM tiles + zero cost. Firebase Hosting rewrites let you have deep URLs (/city/suwon) without a backend. KakaoTalk share is non-negotiable in Korea — 70%+ of social traffic. PWA install banner: don't auto-prompt, let the user discover. Project: https://gyeonggi-currency-map.web.app?ref=devto&utm_source=devto&utm_medium=social&utm_campaign=multi-site-bot

2026-07-04 原文 →
AI 资讯

How to Test OAuth Recovery Emails Without Exposing Real Inboxes

OAuth recovery emails look harmless until you test them the lazy way. A team sends password reset links or recovery codes into one shared mailbox, confirms that something arrived, and marks the job done. From a security view, that test is too weak. It can hide token reuse, wrong-user delivery, or log retention that exposes sensitive account events. For non-production checks, I like using a disposable email address that belongs to one test run. Some teams build that inbox layer themselves, some use tempmailso, but the core principle is the same: isolate the recovery event, inspect it quickly, and delete the evidence you no longer need. That is helpful when Authentication and OAuth changes ship together. Why OAuth recovery emails deserve their own threat model Recovery email tests are not just "did the mail send?" checks. They sit on the edge of account takeover risk, so the message itself matters almost as much as the login flow. A decent threat model for these emails should ask: did the message reach only the intended inbox for this run? does the link or code expire when the product says it does? is the message revealing too much user data in subject lines or previews? can an older token still be used after a new recovery request? do logs or test fixtures keep the recovery secret longer than they should? This is where shared inboxes become dangerous in a subtle way. Even if nobody has bad intent, mixed test data makes it harder to prove which token belonged to which request. The same operational confusion shows up in email change confirmation checks , and it gets worse when the email can restore account access. OWASP recommends testing authentication recovery features with the same care as sign-in and session controls, because weak recovery paths are a common bypass route for stronger primary login defenses: https://cheatsheetseries.owasp.org/cheatsheets/Forgot_Password_Cheat_Sheet.html A safer test flow for recovery links and codes The cleanest pattern is one inbox

2026-07-04 原文 →
AI 资讯

iOS and Android Have Different Goals for PWAs: The Real Difference Beyond Support or No Support

This is a reprint from my tips blog. You can find the original article here: [ https://tips.ojapp.app/en/ios-android-pwa-goal-difference-3/ ] Android vs. iPhone: Different Goals for PWAs When people talk about PWAs, the explanation often sounds like this: Android supports PWAs. iPhone does not support PWAs very well. If you only look at the PWA specifications, this explanation is easy to understand. Android Chrome supports manifest.json, Service Worker, installation, notifications, shortcuts, and many other PWA features quite strongly. iPhone Safari, on the other hand, does not behave the same way as Android. But after testing PWAs on both iPhone and Android many times, I started to see the difference in another way. More accurately, Android and iPhone have different goals for PWAs. That is the biggest difference I noticed while testing repeatedly. Android tries to turn web pages into apps Android PWAs are clearly designed in the direction of making web pages feel closer to native apps. The idea is to take a website opened in the browser and move it toward a native-app-like experience. This direction is very strong on Android. That is why many PWA-related features are well supported. manifest.json Service Worker Push notifications Install Prompt Shortcuts theme_color background_color maskable icons display modes orientation Of course, it is not perfect. Manifest cache can be stubborn, multiple PWAs on the same domain can become confusing, and real-device testing can still create plenty of traps. Even so, when you build according to the PWA specification, Android usually responds in a fairly straightforward way. For example, if you set display: fullscreen , the app feels much more full-screen. theme_color is often reflected in the toolbar color. orientation also works quite strongly on Android. In other words, for Android, a PWA is an app made from the Web . iPhone starts from the experience of placing web pages on the home screen iPhone is different. Even before the

2026-07-03 原文 →
AI 资讯

A Docker-Based AWS SES Smoke Test With Disposable Inboxes

Use Docker and a disposable mailbox to verify AWS SES delivery in CI before release without touching shared inboxes or leaking test mail. Shipping an app that "sent the email" is not the same as shipping an app that delivered a usable message. In AWS stacks, the miss usually shows up late: a container points at the wrong SES region, a preview environment uses stale credentials, or the message lands with broken links after templating. A disposable email address check is a simple final guardrail, and its easy to automate when your mail sender already runs in Docker. This is the pattern I recommend when teams are searching for temp mail com style testing, but need something cleaner for production-like CI. The goal is not to replace unit tests or the Amazon SES mailbox simulator . The goal is to prove that your real app container, with real environment wiring, can send one controlled message and that the inbox content is worth shipping. Why this check belongs in the release path AWS SES is strict in useful ways. If your account is still in the sandbox, you can only send to verified identities or the mailbox simulator . Even after production access, delivery problems still happen becuase the application layer and the cloud layer drift separately. A practical smoke test catches things that mocks often miss: wrong AWS_REGION or SES endpoint selection missing secrets in the container runtime template variables that render empty in preview builds broken confirmation links caused by bad environment URLs unexpected sender identity changes between staging and release That list looks basic, but it doesnt stay basic when three services, one worker, and a release job all touch outbound email. A small Docker pattern that keeps the test deterministic Keep the sender in the same Docker image you deploy, but trigger a narrow email scenario from CI. For example, seed a temporary user, call the notification path once, then poll a disposable inbox API for the matching subject line. servi

2026-07-03 原文 →
AI 资讯

Five Things to Check When Delivering Fast

By Vilius Vystartas This is the follow-up to What Actually Changed in Two Weeks . That one was about setting up a project for AI-speed delivery. This one is about something I keep re-learning on every fast delivery. You start shipping faster with AI. The code works, the feature lands, it feels good. Then a few weeks later the feedback comes back, and some of it catches you off guard. Not because anything is broken — but because a few things that seemed obvious to you weren't obvious to the other side. No drama. It happens. Here are five things I'm learning to check earlier. 1. What does "done" look like from their side? To me, done means working software. To someone else it might mean pixel-match with a design. Both are valid. What helps: A quick "what does good enough look like to you?" before the work starts. One sentence can save a lot of back and forth. 2. When will they actually look at it? Sending something doesn't mean it gets reviewed immediately. It lands in a queue like everything else. What helps: Naming a review date alongside the delivery date. "I'll share this Tuesday — could you take a look by Friday?" Turns silence from a mystery into a signal. 3. What needs to be perfect vs what can be improved later? Not everything in the feedback is the same weight. A label change and a broken flow are different things. Without saying so upfront, everything looks like an emergency. What helps: Two buckets agreed early. "Here's what I'll get right before it ships. Here's what I'd revisit in a follow-up." Makes the first feedback session more productive. 4. Could they see something before the full delivery? The first time someone sees your work often sets the tone. Showing one page or one flow halfway through can catch mismatches before they multiply. What helps: A mid-point check-in. "First page is ready — want to see if this matches what you had in mind?" Five minutes that can save a round of revisions. 5. Do they have the full picture? You've been living in this

2026-07-03 原文 →
AI 资讯

Voice Revive:

My father is a stroke patient. Watching him try to speak clearly again — with patience, repetition, and no small amount of courage — is what pushed me to build Voice Revive. It’s a free web app for stroke survivors and people with aphasia: pick a category, hear a word, say it back, get forgiving feedback. No accounts, no scores, no pressure. I vibecoded most of it with AI tools, but the reason behind it is deeply personal. If it helps even one person feel a little more confident speaking again, it was worth it. Let’s work together: Voice Revive is a personal project, and I’m open to: Collaboration — features, accessibility, reaching more people who need it Sponsorships — to keep the app free and accessible Part-time / freelance web development — I’m comfortable building with: What I work with today: Next.js & TypeScript Node.js (Express) Python (FastAPI) Tailwind CSS What I’ve built with before (freelance): Kotlin & Java for Android Development(previous experience - freelance) ESP32 & C++ for IOT Development Try it: https://voicerevive.online/ Connect with me: https://www.linkedin.com/in/aaron-mercado-163b02369/

2026-07-03 原文 →
AI 资讯

Vegas Amnesia: I turned Cognee's memory lifecycle into a detective game

Built for the WeMakeDevs × Cognee "The Hangover Part AI" hackathon — Cognee Cloud track. ▶ Play it free: vegas-amnesia.vercel.app · ⭐ Code on GitHub The problem with most memory demos When you give a developer a memory API, the demo almost always looks the same: add() some documents, search() over them, print the answer. Two functions. It works, it's fine, and it teaches you almost nothing about why graph-based memory is different from stuffing everything into a context window. Cognee actually has a four-stage lifecycle — remember → recall → memify → forget — and the interesting parts are the two everyone skips. memify consolidates what you know into new inferences. forget lets you delete a belief and watch the graph heal around it. Memory you can reason over and correct . So instead of writing another RAG demo, I asked: what if the memory lifecycle wasn't the plumbing — what if it was the game ? Meet HAL-9001 You play HAL-9001 , a personal AI assistant (yes, HAL 9000's slightly more helpful successor). Your owner Dev had a wild night in Vegas. At 6 AM your memory graph was corrupted. His fiancée Priya lands at noon, there's a suspicious ring on his finger, and you remember nothing . The screen boots to a "MEMORY CORRUPTED" terminal and an empty graph. Your job: reconstruct the night, catch the lies, and answer the final question — what happened, and where's the ring? — before noon. Every location you explore, every clue you examine, every witness you interrogate feeds a live 3D memory graph that you can pop open at any time. That graph isn't a visualization of the game state. It is the game state — it's your Cognee dataset, rendered. The four mechanics = the four lifecycle ops Here's the mapping I'm most proud of. Each Cognee operation is a verb the player performs: You do this in-game Cognee Cloud call What happens 🗂 File It on a clue POST /api/v1/remember The fact is ingested + auto-cognified into graph nodes that pop into view ❓ Ask HAL a question POST /api/v1/r

2026-07-03 原文 →
AI 资讯

What Makes a Source-Code Starter Kit Worth Buying?

I have been turning old code projects into sellable source-code products. The hard part is not changing the cover image. It is not renaming the ZIP. It is deciding whether the project deserves to be sold at all. A lot of old apps are useful to the person who built them. Far fewer are useful to a stranger who has never seen the repo, never heard the backstory, and only wants to know one thing: Will this save me time, or will it become another folder I regret buying? Here is the checklist I now use before treating a source-code project as a starter kit. 1. The buyer must understand the workflow "Full-stack dashboard" is not enough. A buyer should immediately understand the workflow the project helps with. For example: a review and scoring portal; a maintenance and work-order dashboard; an email-template governance tool; a runnable technical code lab. The more generic the product sounds, the harder it is to buy. I now try to answer this in one sentence: This kit helps [specific buyer] start from a working foundation for [specific workflow]. If I cannot fill that sentence honestly, the project is not ready. 2. A stranger must be able to run it "It runs on my machine" is not a product standard. A buyer needs a path from download to working state. That usually means: setup instructions; environment notes; seeded demo data; demo accounts or fixtures; expected local startup behavior; known limitations; a simple smoke-test checklist. The goal is not perfection. The goal is that a competent developer should not have to reverse-engineer the project before deciding whether it is useful. 3. The product needs proof, not adjectives Marketing adjectives are cheap: production-ready; powerful; scalable; enterprise-grade; battle-tested. Most of those words create more risk than trust if they are not backed by evidence. Better proof looks boring: screenshots; a short demo video; a verified release ZIP; install notes; architecture notes; included / not-included boundaries; a changelog;

2026-07-03 原文 →
AI 资讯

The Generative AI Learning Roadmap: My Journey from Beginner to AI Developer (2026)

Welcome to My Generative AI Learning Journey Artificial Intelligence is changing the way we work, learn, build software, and solve problems. Every day, new AI tools, models, and technologies are being released, making it difficult to know where to begin. Instead of randomly watching videos or reading articles, I've decided to follow a structured learning path—and I'm inviting you to join me. This blog marks the beginning of a long-term Generative AI learning series. Whether you're a student, software developer, freelancer, entrepreneur, or simply curious about AI, this roadmap will help you understand what we'll learn together over the coming weeks and months. The goal isn't just to understand AI theory. It's to build practical skills that can be used in real-world projects and professional development. Why Learn Generative AI in 2026? Generative AI is no longer a futuristic concept. It is already transforming industries such as: Software Development Healthcare Education Finance Marketing Customer Support E-commerce Human Resources Design and Creativity Companies are actively seeking professionals who can build AI-powered applications, automate workflows, and integrate AI into existing systems. Learning Generative AI today means preparing for the next generation of technology. What You Can Expect from This Series This series is designed for beginners but will gradually move toward advanced concepts. Each article will build upon the previous one, making the learning process simple and structured. We'll focus on: Understanding AI concepts Learning industry terminology Exploring popular AI models Writing effective prompts Building AI applications Working with APIs Using open-source models Creating AI-powered software Deploying AI projects By the end of this journey, you'll have both theoretical knowledge and practical development experience. Complete Learning Roadmap Phase 1: AI Fundamentals We'll begin by building a strong foundation. Topics include: What is Generativ

2026-07-03 原文 →
AI 资讯

Bootstrap 5 vs Tailwind CSS 2026: Which Should You Pick?

Bootstrap 5 and Tailwind CSS are the two most popular CSS frameworks in 2026. If you're starting a new project and trying to decide between them, this guide gives you an honest comparison based on real-world usage — not just feature lists. The Core Difference Bootstrap 5 gives you pre-built components. Tailwind CSS gives you utility classes to build your own. That's the fundamental difference and it drives every other comparison. With Bootstrap you get a navbar, modal, card, and dropdown out of the box. With Tailwind you build those yourself using utility classes like flex , px-4 , bg-blue . Neither is wrong. They solve different problems for different teams. When Bootstrap 5 Makes More Sense You Need to Ship Fast Bootstrap's pre-built components mean you spend less time on UI and more time on business logic. For admin dashboards, CRM panels, and internal tools — where UI consistency matters more than pixel-perfect custom design — Bootstrap is the faster choice. Your Team Knows HTML and CSS Bootstrap has a shallow learning curve. Any developer who knows basic HTML and CSS can pick up Bootstrap in a day. Tailwind requires understanding its utility-first philosophy and memorizing class names. You're Building an Admin Dashboard Admin dashboards need data tables, modals, dropdowns, sidebars, and form components — all of which Bootstrap provides out of the box. Building these from scratch with Tailwind takes significantly more time. You Want Predictable Output Bootstrap's components look consistent across browsers and screen sizes without extra configuration. Tailwind output depends heavily on how well your team implements it. When Tailwind CSS Makes More Sense You're Building a Custom Marketing Site If your design is highly custom — unique layouts, non-standard components, pixel-perfect design system — Tailwind gives you more flexibility without fighting Bootstrap's default styles. You Have a Design System Already If your team has a defined design system with specific t

2026-07-03 原文 →
AI 资讯

Day 56 – Mastering ClickHouse® AggregatingMergeTree: Build Faster Analytics with Pre-Aggregated Data

Introduction As data volumes continue to grow, running aggregation queries directly on raw datasets becomes increasingly expensive. Business dashboards, analytics platforms, and reporting systems often execute the same calculations repeatedly—such as total sales, daily active users, page views, or revenue trends. While ClickHouse® is designed to process analytical workloads at remarkable speed, repeatedly scanning billions of records still consumes valuable CPU, memory, and storage resources. This is where AggregatingMergeTree proves its value. Rather than calculating aggregates every time a query is executed, AggregatingMergeTree stores intermediate aggregation states that are merged automatically in the background. This approach allows analytical queries to read compact, pre-aggregated datasets, resulting in dramatically faster response times and reduced infrastructure costs. In this guide, you'll learn how AggregatingMergeTree works, why aggregate states matter, how to build an automated aggregation pipeline using Materialized Views, and when this engine is the right choice for your ClickHouse® workloads. What is AggregatingMergeTree? AggregatingMergeTree is a specialized ClickHouse® table engine designed to store aggregate function states instead of raw records. Unlike the standard MergeTree engine, which stores every inserted row, AggregatingMergeTree keeps partially aggregated values that ClickHouse combines during background merge operations. This significantly reduces the amount of data that must be processed when generating analytical reports. Because much of the computational work happens during data ingestion, dashboards and reporting applications can retrieve summarized information much more efficiently. Typical scenarios include: Sales reporting Website traffic analytics Financial summaries IoT sensor monitoring Business KPI dashboards Application observability metrics Why Use AggregatingMergeTree? Imagine an online marketplace processing millions of tr

2026-07-03 原文 →
开发者

How Much Tax Do Developers Actually Pay? A 2026 Breakdown

` As developers, we spend our days optimizing code, but how many of us optimize our taxes? Let's break down exactly how much tax a typical US developer pays in 2026 — with real numbers. The 2026 Federal Tax Brackets The US uses a progressive tax system with seven brackets: Rate Single Filer Married Joint 10% $0 – $11,925 $0 – $23,850 12% $11,926 – $48,475 $23,851 – $96,950 22% $48,476 – $103,350 $96,951 – $206,700 24% $103,351 – $197,300 $206,701 – $394,600 32% $197,301 – $250,525 $394,601 – $501,050 35% $250,526 – $626,350 $501,051 – $751,600 37% Over $626,350 Over $751,600 Standard deduction (2026): $16,100 (single) / $32,200 (married) Real Example: $120,000 Developer Salary Let's say you're a single developer earning $120,000 in 2026: Subtract standard deduction: $120,000 − $16,100 = $103,900 taxable Federal tax (progressive): 10% on first $11,925 = $1,192.50 12% on $11,926–$48,475 = $4,386.00 22% on $48,476–$103,350 = $12,096.28 24% on $103,351–$103,900 = $131.76 Total federal: $17,806.54 FICA (7.65%): $120,000 × 7.65% = $9,180.00 State tax varies: Texas/Florida/Washington: $0 California: ~$7,800 New York: ~$6,200 Illinois: $5,940 (4.95% flat) Take-home pay comparison: State Federal + FICA State Tax Take-Home Monthly Texas $26,987 $0 $93,013 $7,751 Florida $26,987 $0 $93,013 $7,751 California $26,987 $7,800 $85,213 $7,101 New York $26,987 $6,200 $86,813 $7,234 Illinois $26,987 $5,940 $87,073 $7,256 The difference between Texas and California? $7,800/year — that's a new MacBook Pro every year, just from choosing where to live. How to Calculate Your Exact Numbers I built a free paycheck calculator that covers all 50 US states with 2026 federal and state tax brackets. It includes: 401(k) and HSA pre-tax deductions All filing statuses (single, married, head of household) Bi-weekly, monthly, and weekly breakdowns Effective vs marginal rate display Tax-Saving Strategies for Developers 1. Max Your 401(k) The 2026 limit is $23,500 ($31,000 if 50+). At the 22% bracket, t

2026-07-03 原文 →
AI 资讯

LLM Provider Fallback in PHP: Automatic Failover in Neuron AI Router

When I published the first article about the Neuron AI Router , I expected questions about routing rules. Which rule to use for structured output, how to write a custom one, how the round robin behaves under load. Some of those questions arrived, but the most frequent one was different, and it wasn't really about routing at all. It was about failure. What happens to my agent when the provider goes down? It is a fair question, and if you are new to building AI applications it deserves a proper answer before we look at any code. Here is the short version. The new fallback strategy in Neuron AI Router lets you define an ordered list of LLM providers for your PHP agent. When an inference call fails with a transient error, such as a rate limit, a timeout, or an overloaded server, the same request is automatically retried on the next provider in the list. The failover is transparent: the agent never knows it happened, and the conversation continues without losing state. The rest of this article explains why this problem exists, why the usual solutions fall short, and how to configure it. Why LLM providers fail in production An LLM provider is an external service you talk to over HTTP. Every time your agent thinks, it is making a network call to a machine you don’t control, operated by a company that is currently serving millions of other requests. These services fail in very ordinary ways. You hit a rate limit because your traffic spiked. The provider returns an “overloaded” error because their traffic spiked. A request times out. A deployment on their side causes a few minutes of elevated error rates. None of this means you did something wrong, and none of it is rare. If you keep an agent in production long enough, you will see all of these. In a classic web application, a failed call to a third party API is usually a corner of the system. You log it, maybe retry it in a queue, and the rest of the page still works. In an agent based application the inference call is not

2026-07-03 原文 →
AI 资讯

The Shop on the Corner: How I Learned System Design Without Building Clone

The Shop on the Corner: How I Learned System Design Without Building Amazon Nephew asks his uncle — 10 years deep into building large-scale systems — to explain "system design," and all the scary jargon that comes with it. Uncle refuses to start with the jargon. Instead: "Forget servers and databases for a minute. Just imagine you're running a small shop." What follows is a thought experiment, built one problem at a time — no cloud bills, no fancy stack, just a counter, a storeroom, and a lot of common sense. Part 1: The Counter — Your First "API" 👦 Nephew: Uncle, everyone at work keeps throwing around terms — load balancer, cache, index, sharding. I nod along, but I don't actually get any of it. 👨‍🦳 Uncle: Then don't start there. Close your eyes for a second and forget servers exist. Suppose — just suppose — you're running a small shop. One counter, one small storeroom at the back. A customer walks up and asks for something. What do you do? 👦 Nephew: I'd walk into the storeroom, find it, walk back, hand it over. 👨‍🦳 Uncle: That's it. That's the entire job of a server handling a request. You don't need to understand Amazon's warehouse to understand Amazon's problems. You need a counter and a storeroom, imagined clearly, and the patience to grow them one honest problem at a time. Here's the shape of what you just described, whether you realized it or not: 🧍 Customer 🧑 You (Counter) 📦 Storeroom (Database) | | | |── "Got Maggi?" ───────>| | | |──── Walk in, search ────────>| | |<─────── Found it ────────────| |<── Hand it over, ──────| | | take payment | | 👨‍🦳 Uncle: One customer, one request, one trip to the storeroom, one response. This is fine. This is correct , even, for a shop with five customers a day. Don't let anyone tell you a single counter isn't "scalable" — a shop that small doesn't need two counters, it needs someone to stop worrying and open the shutter. 👦 Nephew: So this is just... a server handling one request at a time? 👨‍🦳 Uncle: Exactly. Customer sen

2026-07-03 原文 →
AI 资讯

How to Install VMware ESXi: Step-by-Step Bare-Metal Setup Guide

Originally published on bckinfo.com How to Install VMware ESXi: Step-by-Step Bare-Metal Setup Guide Table of Contents ESXi vs. VMware Workstation: Which One Do You Need Hardware Compatibility Check Downloading the ESXi Installer Creating a Bootable USB Installer BIOS/UEFI Preparation Installing ESXi: Step by Step Configuring the Management Network Accessing the vSphere Host Client Creating Your First Virtual Machine Post-Installation Checklist Common Issues and Quick Fixes Closing Notes If you've read our complete guide to VMware virtualization , you already know ESXi is the bare-metal hypervisor underneath vSphere. This guide is the hands-on counterpart — installing ESXi directly on physical server hardware, from hardware compatibility checks through booting your first virtual machine. ESXi vs. VMware Workstation: Which One Do You Need Before starting, it's worth confirming you actually want ESXi and not VMware Workstation. They solve different problems: VMware Workstation is a Type-2 hypervisor — it installs on top of an existing OS (Windows, Linux, macOS via Fusion). Good for running a VM or two on a laptop or desktop you also use for everything else. If that's your case, our guide on installing VMware Workstation on CentOS Stream 10 is the right starting point instead. ESXi is a Type-1, bare-metal hypervisor — it installs directly on the hardware with no host OS underneath it. This is the right choice for a dedicated server running multiple VMs, a home lab, or anything that needs to scale beyond "a VM running alongside my desktop." The rest of this guide assumes you're installing on dedicated hardware that won't run anything else. Hardware Compatibility Check This is the step most worth not skipping. ESXi has a defined Hardware Compatibility List (HCL), and installing on unlisted hardware is the single biggest source of installation failures and post-install driver issues. Check your exact server model and component list (NIC, storage controller) against VMware'

2026-07-03 原文 →
AI 资讯

GitHub Actions won't tell you your CI is getting worse. I built a zero-dep CLI that does.

GitHub Actions shows you one run at a time. Green check, red X, green check, green check, red X. You scroll the list, you re-run the flaky one, you move on. Nobody's asking the question that actually matters: is this getting better or worse? "I calculated how much my CI failures actually cost. Curious what your pipeline success rate looks like — has anyone else tracked the actual wasted compute time over time?" That's a real question from someone who did the math by hand and found their failures were burning a real chunk of their compute budget. The replies were the same story you'd expect: heavyweight CI platforms have their own dashboards for this, but nobody had a lightweight, local way to just... track it. So I built citrend : pull your GitHub Actions run history into a local file, get a trend. npx citrend sync --repo owner/name npx citrend report --repo owner/name What it actually shows you $ citrend report --repo acme/widgets acme/widgets — 812 run(s) (2 in progress) success rate: 87.4% (699/800 settled, 12 skipped) wasted runs: 101 (12.6%) total compute: 118h 42m wasted compute: 14h 6m weekly trend (oldest → newest): 2026-06-05 91.2% success, 8 wasted (58m) 2026-06-12 88.0% success, 11 wasted (1h 22m) 2026-06-19 79.4% success, 22 wasted (3h 8m) 2026-06-26 84.1% success, 15 wasted (2h 1m) That weekly column is the entire point. A single gh run list will never show you that week 3 was a cliff — you'd have to notice it got annoying to work in, which is a much slower and much less precise signal than a number going from 91% to 79%. How it works sync pulls your workflow run history from the GitHub REST API and caches it locally (deduped by run id, so you can run it on a schedule without piling up duplicates). report reads that cache — no network call — and computes: Success rate , over settled runs only (still-running runs don't count either way until they conclude, and skipped runs are excluded from the denominator since they're not a pass/fail outcome). "Wasted"

2026-07-03 原文 →