今日已更新 80 条资讯 | 累计 20052 条内容
关于我们

标签:#devto

找到 108 篇相关文章

AI 资讯

Pull OTP and 2FA codes from email with Nylas

One-time passcodes are everywhere: sign up for a service, log in from a new device, confirm an action, and a six-digit code lands in your email. A human glances at it and types it in. An automated flow, a signup script, an end-to-end test, or an AI agent connecting to a third-party service, can't glance at anything. It has to pull the code out of the mailbox programmatically, and that's a surprisingly fiddly job: the code arrives seconds after a trigger, it's buried in a templated email, and every sender formats it differently. This post covers extracting verification codes from two angles: the nylas CLI , which does it for you in one command, and the Email API pattern you build when it's part of a larger flow. I work on the CLI, so the terminal commands below are the ones I reach for when I just need the code. Two ways to get the code There are two paths depending on what you're building. For terminal workflows, local testing, or scripting a login, the CLI has a dedicated nylas otp command that finds the latest code in a mailbox and hands it to you. For an application or an agent that reacts to incoming mail, you build the extraction into your own flow: catch the message when it arrives, pull the body, and parse the code out. The difference is who drives. The CLI is pull-based: you ask for the latest code when you need it. The API pattern is push-based: a webhook tells you a message arrived, and your code extracts the value as part of handling it. Both end at the same place, a string of digits you feed into whatever's waiting for it, but the CLI is the fast path for a developer and the API pattern is the durable path for a product. In practice you use both: the CLI to learn which sender and code format you're dealing with during development, then that same understanding baked into the application pattern for production. Grab the latest code from the CLI When you've just triggered a code and want it now, nylas otp get finds the most recent one in your default accoun

2026-06-24 原文 →
AI 资讯

Verify Nylas webhook signatures to trust your data

A webhook endpoint is a public URL sitting on the internet, and anything on the internet can send it a POST . If your app acts on whatever lands there, an attacker who guesses the URL can forge events: fake an inbound email, trigger a workflow, or feed your system garbage. The fix is to confirm two things before you trust a request, that you own the endpoint and that Nylas actually sent the payload, and both are built into how webhooks work. This post covers verifying webhooks from two angles: the HTTP mechanics your endpoint implements, and the nylas CLI for testing a signature without standing up a server. I work on the CLI, so the terminal commands below are the ones I reach for when I'm debugging a signature mismatch. Two layers of webhook trust There are two separate checks, and they happen at different times. The first is a one-time endpoint challenge: when you register or activate a webhook, Nylas sends your URL a request with a challenge value you echo back, proving you control the endpoint. The second runs on every notification afterward: each delivery carries a cryptographic signature you verify against a shared secret, proving the payload is genuine and wasn't tampered with. You need both because they defend against different things. The challenge stops you from accidentally registering an endpoint you don't own and confirms the URL is live. The signature stops anyone else from posting forged events to that URL once it's known. Skip the signature check and your public endpoint will trust any POST that reaches it, which is the most common webhook security mistake. Pass the endpoint challenge The first time you set up a webhook or flip one to active , Nylas sends a GET request to your endpoint with a challenge query parameter. Your endpoint has to return the exact value of that challenge in the body of a 200 OK response, within 10 seconds, or the webhook won't verify. It's a quick handshake that proves the URL is yours and reachable. // Express: echo the ch

2026-06-24 原文 →
AI 资讯

Connect a user's mailbox with Nylas hosted OAuth

Every Nylas request you make on a user's behalf needs one thing first: their permission. Before you can list a mailbox, send on someone's behalf, or read a calendar, the user has to authorize your application through their provider, and that authorization is what's called a grant. Doing the OAuth dance yourself means registering with Google and Microsoft separately, handling each provider's consent screen, token exchange, and refresh quirks. Hosted OAuth collapses that into one flow that works the same across every provider. This post walks through connecting an account from two angles: the HTTP API your web app uses in production, and the nylas CLI for connecting a test account from the terminal. I work on the CLI, so the terminal commands below are the ones I reach for when I need a grant to develop against. What a grant is A grant is an authenticated connection to a single user's account. When a user authorizes your application, Nylas stores the connection and hands you a grant_id , a stable identifier you pass on every subsequent request to act on that user's email, calendar, or contacts. The grant is the unit of access: one user who connected one mailbox is one grant, and everything you build addresses /v3/grants/{grant_id}/... . Keep two credentials distinct here. Your API key authenticates your application to Nylas and goes in the Authorization header on every request; the grant_id identifies which connected user that request acts on. The API key is yours and stays on your backend, while a grant_id is minted per user when they connect. The grant is also where provider differences disappear. A Gmail grant and a Microsoft grant have different OAuth scopes and token mechanics underneath, but once connected, both are just a grant_id you use the same way. That's the point of hosted OAuth: you run one flow, the user picks their provider, and you get back the same kind of identifier regardless of who hosts the mailbox. Hosted OAuth supports Google, Microsoft, Yahoo,

2026-06-24 原文 →
AI 资讯

I was tired of heavyweight dev tools — so I built my own

I'll be honest — I didn't set out to build a developer tool. I'm an engineer by trade. I build structural and forensic engineering software. C++, WinUI 3, heavy desktop apps. But a big chunk of my prototyping and internal tooling happens in Python — and every time I sat down to spin up a quick Python desktop app, I hit the same wall. Every launcher, every hot-reload tool, every dev cockpit I found wanted something from me. Install this. License that. Set up a virtual environment. Add five dependencies just to watch a file change. I just wanted to run my app, see it update when I changed something, and get back to work. So I built ILX Launcher. The rule I gave myself was simple: pure Python stdlib and tkinter. Nothing else. If it couldn't be done with what Python already ships with, I didn't need it. What came out of that constraint surprised me. No pip install. No virtual environment required. No licensing headaches. You clone it, you run it, it works. That's it. It's a developer cockpit for Python desktop apps — run, hot-reload, test, profile, and ship, all from one place. The kind of tool I wished existed six months ago. It's early. It's rough around the edges. But it works, and it's already saving me time every single day. If you've ever felt like your dev tooling was getting in the way of actually building — I'd love for you to try it and tell me what you think. 👉 github.com/ilxstudio/ILX-Launcher And if it saves you even five minutes — drop a ⭐ on the repo. It genuinely helps others find it.

2026-06-24 原文 →
AI 资讯

Find meeting times with the Nylas Availability API

"What time works for everyone?" is a surprisingly hard question to answer in code. You have to read each person's calendar, line up the busy blocks, respect working hours and time zones, leave buffer time between meetings, and only then find the gaps everyone shares. The Nylas Availability API does all of that in one request: hand it a list of participants and a window, and it returns the time slots that actually work. This post covers finding meeting times from two angles: the HTTP API for your backend, and the nylas CLI for the terminal. I work on the CLI, so the terminal commands below are the ones I reach for when I'm checking a calendar. Availability versus Free/Busy There are two endpoints here, and picking the right one saves you work. The Availability endpoint finds bookable slots across a group of participants, applying working hours, buffers, and meeting duration to return times you can actually book. Free/Busy is simpler: it returns the raw busy blocks for one or more email addresses over a window, leaving the slot math to you. Reach for Availability when the question is "when can these people meet?" and you want the answer as a list of open slots. Reach for Free/Busy when you only need to see when calendars are busy, for example to gray out times in a custom UI. Availability is a POST /v3/calendars/availability , an application-level call that takes participants by email, while Free/Busy is grant-scoped at POST /v3/grants/{grant_id}/calendars/free-busy . This post focuses on Availability, since that's the one that answers the scheduling question directly. Find a time across participants The core request lists the participants and the window to search. Each participant is identified by email and must be associated with a valid Nylas grant, since the endpoint reads their calendars. You set start_time and end_time as Unix timestamps for the search window, duration_minutes for how long the meeting is, and interval_minutes for how the candidate start times ar

2026-06-23 原文 →
AI 资讯

Generate email drafts with Nylas Smart Compose

Writing a clear, well-structured email takes time, and it's the kind of task an LLM is genuinely good at. But wiring up your own prompt-to-email pipeline means picking a model, threading the original message in as context, handling streaming, and keeping it all behind your API keys. The Nylas Smart Compose endpoints do that for you: send a natural-language prompt, get back a written message body, and the reply variant pulls in the original email as context automatically. This post walks through Smart Compose from two angles: the HTTP API for your backend, and the nylas CLI for the terminal. I work on the CLI, so the terminal commands below are the ones I reach for when I'm testing a prompt. How Smart Compose works Smart Compose is two endpoints that turn a prompt into a message body. You send a natural-language prompt , and the response comes back with a suggestion field holding the generated text. There's a POST /messages/smart-compose for writing a brand-new message, and a POST /messages/{message_id}/smart-compose for writing a reply, where the original message is folded into the context so the response actually answers it. The key thing to understand is that Smart Compose generates text, it doesn't send anything. The suggestion it returns is a message body you do something with: pass it straight to the Send Message endpoint , or pre-fill it into a draft for a human to review and edit first. That separation is deliberate, since it lets you put a person between the AI's output and the recipient, which is usually what you want for anything an LLM wrote. Two things to know before you start. Smart Compose runs against connected OAuth grants only, not Agent Accounts. The prompt also has a ceiling: up to 1,000 tokens, and a longer prompt returns an error. Generate a new message To write a fresh email, POST /v3/grants/{grant_id}/messages/smart-compose takes a single prompt describing what you want. The response carries the generated body in suggestion , which you then se

2026-06-23 原文 →
AI 资讯

Send and download email attachments with Nylas

Email is how most files still move between people: the signed contract, the PDF invoice, the logo embedded in a newsletter. If your app sends or processes mail, it has to handle attachments, and doing that against each provider means Gmail's attachment encoding, Microsoft Graph's, and raw MIME for IMAP. The Nylas Email API gives you one model for both directions: attach files to outbound messages with the same call you use to send, and pull files off inbound messages with a read-only Attachments API. This post covers both halves from two angles: the HTTP API for your backend, and the nylas CLI for the terminal. I work on the CLI, so the terminal commands below are the ones I reach for when I'm checking a file came through. Two APIs: one to attach, one to read There's a split worth understanding up front. You add attachments through the Messages or Drafts API, as part of sending or saving a message, and you read existing attachments through the dedicated Attachments API. The Attachments API is read-only: it downloads bytes and returns metadata, but it never adds files. That division keeps the model simple, since attaching is part of composing a message and reading is a separate concern. The size of what you're attaching decides how you encode it on the way out. Small files ride inline in the JSON request, larger ones move to a multipart request, and very large files use a separate upload step. On the way in, every attachment, regardless of how it was sent, is fetched the same way: by its attachment_id together with the message_id it belongs to. Get those two ideas straight and the rest is mechanical. Attach a small file inline with Base64 For files that keep the whole request under 3 MB, the simplest path is the application/json schema. You pass each attachment in an attachments array with its content_type , filename , and the file bytes as a Base64-encoded content string. The 3 MB ceiling covers the entire HTTP request, not just the file, so it's the right path for

2026-06-23 原文 →
AI 资讯

Chrome I/O 2026: tre direttrici che contano davvero per chi fa frontend

Web MCP, DevTools per agenti e Modern Web Guidance: meno hype, più strumenti e metodo. Negli annunci recenti di Chrome è emersa una cosa interessante: al netto delle novità “appariscenti”, ciò che resta più utile per il lavoro quotidiano è quello che migliora workflow, diagnosi e decisioni tecniche . Tre filoni, in particolare, disegnano una direzione chiara: Web MCP , DevTools per agenti e Modern Web Guidance . Di seguito una sintesi ragionata di cosa significano, perché contano per il frontend, e come prepararsi a sfruttarli. 1) Web MCP: il ponte tra agenti e Web (senza incollaggi fragili) Se stai lavorando con assistenti/agentic workflow, oggi il collo di bottiglia è quasi sempre lo stesso: far sì che un agente capisca e usi le capacità del browser e delle app web in modo affidabile. Web MCP punta a risolvere questo punto creando un linguaggio/protocollo comune per esporre “capacità” (capabilities) e strumenti (tools) che un agente può invocare in modo strutturato, invece di basarsi su prompt lunghi, scraping o integrazioni ad hoc. Perché è importante per chi fa frontend Automazioni più robuste : meno script fragili che si rompono al primo refactor del DOM. Integrazioni più standard : se più strumenti parlano lo stesso “dialetto”, il costo di collegare agenti e applicazioni scende. Esperienze utente nuove : assistenti che completano task complessi dentro l’app (es. compilazioni, ricerca guidata, operazioni amministrative) con maggiore affidabilità. Implicazione pratica Inizia a ragionare sull’app come su un insieme di azioni esplicite (es. “crea ordine”, “esporta report”, “filtra dataset”), non solo come UI. Questa mentalità ti rende pronto a esporre capacità in modo sicuro e controllato, quando lo stack lo renderà semplice. 2) DevTools per agenti: debugging e performance nell’era dell’automazione Se Web MCP è il “ponte”, DevTools per agenti è la cassetta degli attrezzi per controllare quel ponte: osservabilità, diagnosi e iterazione rapida su flussi in cui non è

2026-06-23 原文 →
AI 资讯

The Myth of Specialized Integrations and Why Protocols Win

I’ve been shipping code since before most people even knew what Git was. I've seen entire architectures built around point-to-point API integrations that were beautiful for a quarter, and then became unmaintainable monoliths by the second year. If you spend any time in enterprise software development—especially anything touching customer data or HR pipelines—you run into integration hell. The modern AI agent promises to be this universal connective tissue, right? It sounds simple enough: give it access, and boom, productivity magic. But let’s be real about what that means under the hood. When an LLM is given a tool schema, how does it get data from five wildly different systems—Salesforce for contacts, Workday for employees, Zendesk for tickets, Greenhouse for candidates? The naive approach, and frankly, most teams still take it this way, is to build bespoke orchestration services. You create a microservice that accepts an input query (e.g., 'What did Jane do last month?') and then contains specialized logic: if the name format looks like a CRM record, call salesforce_api ; if it sounds HR-related, hit workday_endpoint , etc. This is debt acceleration disguised as architecture. You are not building an integration layer; you are building a brittle routing table that requires human intervention every time one of the underlying APIs changes its schema or rate limit structure. It’s glue code for glue code's sake, and it has a massive maintenance overhead. The core problem is that most agents see data sources as functional silos , not integrated components of a single operational truth. Your CRM thinks about accounts; your HRIS thinks about job codes; your ATS tracks keywords. They all speak different dialects of 'person' or 'business unit.' When an agent needs to know, say, which employees (HRIS) are currently candidates in the pipeline (ATS) who also have a linked account record (CRM), you hit a wall. The solution isn't more specialized microservices. The solution is s

2026-06-23 原文 →
AI 资讯

How to check whether AI recommends your site — the honest AEO audit I run for clients

Author: Alex Isa (Webappski). This is the dev-tutorial cut of a longer piece on the Webappski blog — terminal-first, fewer words on the why. If a buyer asks ChatGPT "best CDN providers 2026" and your product is not in the answer, you lose the sale before you ever see the lead. The only honest way to know whether that is happening is to ask the engines the questions your buyers ask and read the raw answers — not trust a single dashboard score. Here is the loop we at Webappski run for a client, with the open-source tool aeo-platform (MIT, zero runtime deps). 1. Install and point it at the client's domain npm install -g aeo-platform cd client-audit && aeo-tracker init init writes a .aeo-tracker.json . The three things that matter: { "brand" : "Northwind CDN" , // illustrative, fictional brand "domain" : "northwind.example" , // registrable domain — subdomains count, spoof hosts don't "engines" : [ "openai" , "gemini" , "anthropic" ], // ChatGPT, Gemini, Claude "queries" : [ "best CDN providers 2026" , "best low-latency video streaming CDN 2026" , "alternatives to the market-leading CDN 2026" ] } The questions ARE the audit. A basket of vanity phrases produces a flattering, useless number; a basket of the buyer's real decision questions produces a number that predicts revenue. Freeze it, so next month's run is comparable. 2. Run it — sampled, not one noisy shot AI answers are non-deterministic: ask the same question twice and you can get a different list. A single pass turns that noise into a fake-precise number. So run each cell several times and let the score carry a confidence interval instead of pretending one shot is the truth: # plain single-shot run aeo-tracker run # sample each cell N times — the score comes back with a Wilson confidence interval aeo-tracker run --samples = 5 With --samples=5 , every (query × engine) cell is queried five times; the headline presence rate is then reported as a Wilson interval, and small samples are flagged as small rather than so

2026-06-23 原文 →
AI 资讯

Manage email drafts with the Nylas API and CLI

Sometimes an email shouldn't go out the instant your code runs. A human needs to review it first, or the user wants to compose now and hit send later, or an AI agent proposes a reply that a person approves before it ships. The mechanism for all three is the same: a draft. Build that against providers directly and you're juggling Gmail's draft resource, Microsoft Graph's, and an IMAP APPEND to the Drafts folder, each with its own shape and quirks. The Nylas Email API collapses that into one draft resource. You create a draft on the user's account, it lands in their real Drafts folder, and you send it later with a single request, the same way across Gmail, Microsoft 365, Yahoo, iCloud, IMAP, and Exchange. This post walks the full draft lifecycle from two angles: the HTTP API for your backend, and the nylas CLI for the terminal. I work on the CLI, so the terminal commands below are the ones I reach for. One draft resource across every provider A draft in the Nylas model is a real object in the user's mailbox, not a staging area on the side. When you create one, it saves to the user's own Drafts folder on their provider, so it shows up in their normal mail client exactly like a draft they started themselves. That's the property that makes drafts useful for review workflows: a person can open the mailbox and see the pending message before it sends. Because drafts are real provider objects, edits flow both ways. A draft you create through the API appears in the user's mail client within the provider's sync window, and a change the user makes there alters the same draft you'd fetch back through the API. The operations split across two paths: create and list live on /v3/grants/{grant_id}/drafts , while fetch, update, send, and delete act on a specific draft at /v3/grants/{grant_id}/drafts/{draft_id} . They behave the same across all six providers, so you write the integration once. Create a draft Creating a draft is a POST /v3/grants/{grant_id}/drafts with the same message

2026-06-23 原文 →
AI 资讯

Give your AI agent its own calendar to book meetings

An AI agent that can email but can't hold a calendar slot is only half useful. The moment a conversation turns into "let's meet Thursday at 2," the agent needs a real calendar — one that sends invitations people accept in Google Calendar or Outlook, receives invites at its own address, and RSVPs back so the organizer sees a real response next to everyone else's. Bolting a scheduling library onto a shared mailbox doesn't get you there; the agent needs a calendar identity of its own. An Agent Account ships with exactly that. Every account gets a primary calendar that hosts events, accepts invitations over standard iCalendar, and RSVPs with yes, no, or maybe. To a participant, the agent is just another attendee on the invite. This post walks through using that calendar from two angles: the HTTP API for your backend, and the Nylas CLI for the terminal. I work on the CLI, so the terminal commands below are the ones I reach for. The calendar an Agent Account comes with When Nylas provisions an Agent Account, it creates a primary calendar that belongs to the account. You reach it through the same Calendars and Events endpoints at /v3/grants/{grant_id}/... that any other grant uses, so calendar code you've written for a connected Google or Microsoft account works here unchanged. Each account gets: A primary calendar , provisioned automatically. It can't be deleted while other calendars exist on the account. Additional calendars , up to your plan's cap, for separating concerns — a sales-calls calendar and an internal one on the same agent. Free/busy queries , so the agent can check its own availability before proposing a time. Event webhooks — event.created , event.updated , and event.deleted fire on every change, whether it came from the agent or from someone responding to an invitation. List the calendars from the terminal with nylas calendar list , or over the API with GET /v3/grants/{grant_id}/calendars . Both return the primary calendar plus any you've added. List what'

2026-06-23 原文 →
AI 资讯

Keep your AI agent's email replies in the right thread

An AI agent sends an email, a reply lands three hours later, and the agent has to answer two questions before it can do anything useful: which conversation is this, and what did I last say? Get the first one wrong and the agent's reply shows up in the recipient's inbox as a brand-new message instead of slotting into the existing thread. To the person on the other end, that looks broken — like the agent forgot the conversation it started. Threading is the part of agent email that's easy to get almost right and quietly wrong. The fix lives in a few email headers most developers never touch, and in the Threads API that groups messages into conversations for you. This post walks through both, from two angles: the HTTP API for your backend, and the Nylas CLI for the terminal. I work on the CLI, so the terminal commands below are the ones I reach for when I'm testing a reply loop. The three headers that make threading work Threading runs on three email headers, not on subject lines. Every message carries a Message-ID — a globally unique identifier the sending server stamps on it. When someone replies, their mail client adds In-Reply-To (the Message-ID of the message being answered) and References (the full chain of Message-ID values, oldest to newest). Those two headers are how every mail client decides which messages belong together. Here's what the chain looks like across one exchange. The agent's first message gets a Message-ID ; the reply points back at it; the agent's follow-up references both: # The agent's outbound message Message-ID : <abc123@agents.yourcompany.com> Subject : Following up on your demo request # The recipient's reply Message-ID: <def456@gmail.com> In-Reply-To: <abc123@agents.yourcompany.com> References: <abc123@agents.yourcompany.com> Subject: Re: Following up on your demo request # The agent's follow-up Message-ID: <ghi789@agents.yourcompany.com> In-Reply-To: <def456@gmail.com> References: <abc123@agents.yourcompany.com> <def456@gmail.com> The Ref

2026-06-23 原文 →
AI 资讯

Give your AI agent a real email address on your own domain

Most "AI agent that emails for you" demos point a language model at a human's Gmail inbox over OAuth. That works until the agent needs its own identity: an address people reply to, a calendar that accepts invites, a mailbox your application owns end to end. Borrowing a human's inbox means inheriting their OAuth scopes, their rate limits, and the awkwardness of an agent sending mail as a person who didn't write it. A Nylas Agent Account flips that around. It's a real name@yourcompany.com mailbox that you create and control entirely through the API — it sends, receives, hosts calendar events, and RSVPs, and it's indistinguishable from a human-operated account to anyone on the other end. Under the hood it's just a grant , so the grant_id you get back works with the same grant-scoped endpoints — Messages, Threads, Folders, Drafts, Attachments, Contacts, Calendars, and Events — you've already used for connected accounts, plus the standard webhook triggers. This post is a working tour of provisioning one, from two angles: the HTTP API for your backend, and the Nylas CLI for the terminal and quick experiments. I work on the CLI, so the terminal commands below are the exact ones I reach for. Why an Agent Account beats borrowing a human inbox An Agent Account is a first-class sender, not a delegated one. When the agent owns support@yourcompany.com , people reply to it directly, calendars invite it as a normal participant, and its mail authenticates as coming from you. A few concrete differences from pointing an agent at someone's existing mailbox: No OAuth flow to babysit. Creation needs only an email address on a domain you've registered — there's no refresh token to store or rotate, and the grant rarely expires because there's no OAuth token to refresh. Its own reputation. The account sends on your domain, and a new domain establishes its sender reputation over roughly four weeks of gradual sending. That reputation is yours to protect, not a shared corporate inbox's. Per-t

2026-06-23 原文 →
AI 资讯

SQL Formatter: a data tool that earns its tab

Developers inheriting sprawling SQL codebases or revisiting queries from weeks earlier know the frustration: a dense, unformatted block that obscures joins, filters, and logical flow. Readable SQL isn’t cosmetic — it directly affects debugging speed, peer review accuracy, and long-term maintainability. What it is SQL Formatter restructures raw SQL into clear, conventionally formatted code, running entirely in the browser. It applies consistent indentation, capitalisation of keywords, and logical line breaks — all without altering the query’s semantics. The formatter understands the syntax of all major database engines, including PostgreSQL, MySQL, SQL Server, and Oracle, so it preserves dialect-specific functions and operators rather than flattening them into a generic style. The tool is one of 200+ free browser utilities on DevTools. It processes all input entirely on your machine — no data ever leaves the browser, no account is required, and no analytics track your usage. That privacy-first design means you can safely format queries that contain proprietary business logic embedded in production SQL. The engine handles the full spectrum of SQL complexity: basic SELECT statements, multi-table joins, Common Table Expressions (CTEs), correlated subqueries, window functions, and DML operations like INSERT or UPDATE . Because it parses the input rather than applying regular expressions, deeply nested constructs retain their hierarchy, with each subquery or CTE level indented to show ownership. How to use it Paste any SQL fragment into the left-hand editor and the formatted result appears instantly in the output panel. A live preview updates as you switch formatting options, so you can tune the output without re-pasting. The primary configuration controls help you match your team’s conventions or personal preference: Dialect : selecting a specific database ensures that functions such as PostgreSQL’s STRING_AGG or MySQL’s GROUP_CONCAT are not inadvertently mangled, and th

2026-06-23 原文 →
AI 资讯

Your AI Agent Doesn't Understand Your System

Everyone is asking whether AI can write code. That question is already answered. The more important question is: Can AI understand the system it is changing? The biggest limitation of AI coding tools isn't code generation. It's system understanding. That is no longer the interesting question. AI can already generate APIs, tests, database migrations, infrastructure files, and entire services. The better question is: Does your AI understand the system it is changing? For most engineering teams, the answer is no. And that is where many AI-assisted workflows quietly fail. The illusion of understanding Ask an AI assistant to: create a new endpoint add a background worker generate a service layer write a migration Most models will produce something that looks correct. The code compiles. The tests may even pass. But production systems are not collections of files. They are collections of relationships. The real questions are: Which service owns this capability? Which projects depend on it? Which runtime executes it? Which release gates are affected? Which verification steps must pass? What breaks if this change is wrong? These questions are rarely visible in source code. They exist in architecture, operational knowledge, deployment rules, contracts, and team conventions. That is why an AI agent can generate valid code and still make the wrong change. Bigger context windows won't solve this The common response is: Give the model more context. But more context is not the same as better context. A million tokens of source code still do not explicitly answer: What projects exist? Which commands are safe? What evidence is trusted? What is currently blocked? What is ready for release? The issue is not missing tokens. The issue is missing structure. The missing layer Most AI tools understand: files functions repositories Production systems require understanding: ownership architecture dependencies operational boundaries verification requirements change impact This is the gap betw

2026-06-22 原文 →
AI 资讯

88% of orgs hit an AI agent security incident — and half their agents run with no boundaries. That's an architecture problem.

A stat from 2026 that should stop you cold: 88% of organizations reported a confirmed or suspected AI agent security incident in the past year (92.7% in healthcare). And more than half of all agents run with no security oversight and no logging — naked. The problem isn't that the AI isn't smart enough. It's that almost nobody welded boundaries around it. And boundaries are exactly where rigor lives. The incident list: speed flooring it, boundaries naked The last couple of weeks of security signals line up scarily well: 88% of orgs reported confirmed/suspected AI agent incidents in the past year; healthcare 92.7% ; over half of agents have no security oversight or logging. Supply chain is the front door. A plugin-ecosystem supply-chain attack harvested agent credentials from 47 enterprise deployments ; attackers used them to reach customer data, financial records, and proprietary code — undetected for six months. A public skills marketplace at one point hosted 824 of 10,700 malicious "skills." Config is an attack surface. Check Point disclosed remote code execution in a popular coding agent via poisoned repository config files ; MCP (Model Context Protocol) is the connective tissue across nearly every incident this year — poisoned configs, malicious marketplace skills, unauthenticated exposed MCP servers. By early 2026, at least ten public incidents across six major AI coding tools were attributed to " agents acting with insufficient boundaries. " The industry's own summary: AI agent security in 2026 is a supply chain problem first, a prompt-injection problem second. And every one of these shares a single root cause — the agent can act, but there's no architectural boundary on what it can touch, change, or call. Why "naked" is inevitable: bolt-on boundaries always leak Why do half the agents run with no oversight? Because in the mainstream approach, boundaries are bolt-ons : an allow-list here, a gateway there, logs you read after the fact. The trouble: The tools an

2026-06-22 原文 →