AI 资讯
The Evolving Agent: How Jean2 Learns Across Sessions
I've been coding with AI agents for about two years. Every major one. Cursor, Copilot, Codex, OpenCode. They're good at generating code. They all share one problem. They forget everything. You finish a session, close the window, and the agent resets. Next time you open it, you're starting from zero. "We use pnpm, not npm." "The database is SQLite, not Postgres." "Don't touch the migrations folder." You repeat yourself. Every. Single. Time. Some tools added memory features. Usually as an afterthought. A pinned file. A custom instruction. A context window that grows until it hits a wall and everything old gets silently dropped. I didn't want a bigger context window. I wanted an agent that accumulates knowledge the way a colleague does. Not by being retrained. By taking notes, writing down what it learned, and reading those notes next time. That's what Jean2 can do. Not through fine-tuning. Not through vector embeddings. Through files on disk that the agent reads and writes itself. But here's the thing: none of this is on by default. By default, Jean2 is as bare as Codex or OpenCode. A blank prompt. No memory. No skills. No session search. You opt in to each layer in workspace settings . That's the point. You build the agent you want, layer by layer. The Four Layers If you turn them on, Jean2's agent has four knowledge layers that persist across sessions. They're not features bolted on top. They're part of the system prompt that gets composed every time a session starts. 1. Workspace Memory Turn on workspace memory in workspace settings , and the workspace gets two files: MEMORY.md for shared knowledge and USER.md for your personal preferences within that workspace. Both live at <workspace>/.jean2/ . The concept is simple. Shared knowledge that's useful for any agent working in that workspace. "We use pnpm." "The database is SQLite." "Don't touch the migrations folder." Whatever agent you bring in, coding specialist, reviewer, docs writer, they all get the same context
AI 资讯
Git tells you what changed. Causari tells you why.
AI coding agents are becoming good enough to touch real codebases. They can refactor files, write tests, change architecture, move logic around, and sometimes modify more code in ten minutes than a human would in an afternoon. That is powerful. But it creates a new debugging problem. Git can tell you what changed . When an AI agent was involved, you often need to know something deeper: Why did this change happen? Which prompt caused this line? Which model produced it? What files did the agent read before writing it? What later changes depended on this agent action? That is the problem I wanted to solve with Causari . Causari is a local CLI for intent-addressable code . It records AI agent actions as causal events: prompts, models, reads, writes, diffs, reasoning, cost, and relationships between actions. The goal is simple: Git tracks bytes. Causari tracks intent and causality. Repository: https://github.com/croviatrust/causari Website: https://causari.dev The problem When a human developer changes code, there is usually some context. A commit message. A pull request. A ticket. A discussion. A design decision. With AI coding agents, the workflow is different. You ask something like this: Refactor the auth flow and add JWT refresh logic. The agent reads files, makes assumptions, writes code, maybe fixes tests, maybe changes something unrelated, then moves on. At the end, you have a diff. But the diff does not tell the full story. A suspicious line appears in auth.ts . Git can show when the line appeared. But Git cannot answer: which prompt produced this exact line? what completion did it come from? did the agent read the right files first? was this part of the original request or an accidental side effect? if I revert this, what downstream work am I also undoing? That gap becomes bigger as agents become more autonomous. The more work agents do, the more we need provenance. Not only code provenance. Intent provenance. The idea: intent-addressable code Causari treats an
AI 资讯
Routing Down Is Easy. Knowing When Not To Is Hard: Why Cheap Models Break Your Coding Agent
Disclosure: I maintain Lynkr , an open-source router whose design decisions this post explains. The failure modes described are patterns widely reported across router issue trackers and local-LLM forums — the examples are representative reconstructions, not captured transcripts. The problem is real either way; ask anyone who's routed a coding agent to a 7B model. Everyone who gets their first LLM router working does the same thing within the hour: point the expensive coding agent at a free local model and watch the bill drop to zero. Then the agent tries to edit a file. The graveyard of downgraded sessions If you browse the issue tracker of any Claude Code router — or r/LocalLLaMA on any given week — you'll find the same story in a hundred variations. The routing works perfectly. The session dies anyway. The killers, in rough order of frequency: 1. Malformed tool arguments. The agent decides to call Edit , and the model produces arguments that are almost JSON: { "file_path" : "src/auth.js" , "old_string" : "if (token) {" , "new_string" : "if (token && !expired) {" One missing brace. The harness rejects the call, the model retries, produces a different malformation, and you're three turns deep into fixing nothing. Frontier models emit structurally valid tool calls with boring reliability; sub-10B models do it most of the time — and "most of the time," at 30 tool calls per session, means every session breaks. 2. Stale string matching. Edit -style tools require the old_string to match the file exactly. Small models paraphrase from memory instead of quoting — they'll "remember" the line as if (token) { when the file says if (accessToken) { . The edit fails, the model re-reads the file, burns 2,000 tokens, tries again with a different paraphrase. This is the single most reported failure, because it looks like the router's fault and is actually a capability cliff. 3. Hallucinated context. Ask a small model to run tests and it may confidently call Bash with npm test -- --g
AI 资讯
Chrome for Developers a Berlino: cosa aspettarsi dall’ecosistema web nel 2026
Tra performance, piattaforma e toolchain: i temi che contano davvero per chi costruisce frontend oggi. Il frontend nel 2026 è diventato una disciplina sempre più “di prodotto”: non basta far funzionare l’interfaccia, serve che sia veloce, stabile, accessibile e misurabile in produzione. E quando l’ecosistema Chrome parla di “connessione” tra developer e piattaforma, il messaggio utile per chi lavora sul web è semplice: capire dove investire tempo per ottenere impatto reale sugli utenti . Di seguito, una lettura pratica dei temi che continuano a emergere come prioritari per chi costruisce applicazioni e siti moderni. 1) Performance: meno benchmark, più realtà La performance non è più un esercizio di ottimizzazione a fine progetto. È un requisito continuo che va gestito con strumenti, metriche e processi. Cosa significa “misurabile” oggi Metriche di campo (real user monitoring) : le prestazioni che contano sono quelle che arrivano dai dispositivi reali, su reti reali. Metriche di laboratorio : restano utili per regressioni e CI, ma vanno interpretate come “segnali” e non come verità assolute. Implicazione pratica Imposta una pipeline dove: le metriche sintetiche bloccano regressioni evidenti (build/PR), le metriche reali guidano le priorità (release e backlog). 2) DevTools: dal debug al controllo qualità Gli strumenti di sviluppo non servono più solo a “trovare il bug”, ma a ridurre il rischio : regressioni di layout, memory leak, risorse inutili, dipendenze pesanti. Abitudini che fanno differenza Profilare prima di ottimizzare: CPU, rete e rendering hanno colli di bottiglia diversi. Isolare i cambiamenti: una variazione di bundling o di immagini può ribaltare il profilo prestazionale più di una micro-ottimizzazione in JS. 3) La piattaforma web continua a crescere (e chiede scelte più consapevoli) La Web Platform oggi offre API potenti, ma la parte difficile non è “usarle”: è scegliere quando usarle. Un criterio utile Se una feature riduce complessità (meno librerie,
AI 资讯
Why Online DevTools Are the Next Big Thing for Developer Productivity
Every developer has been there: you need to format a JSON blob, decode some Base64, or convert a timestamp. You open your terminal, look for the right npm package, or — worse — write a quick script. I used to do this too. Then I discovered a better pattern. The Problem with Local CLI Tools Local tools have real drawbacks: Installation overhead : npm install -g some-tool for a one-time task Version rot : tool stops working after OS update No sharing : you format JSON but cant send the result to a colleague Environment drift : works on your machine, not on staging Online Tools as a Pattern Opennomos Json (reachable via opennomos.com/en/project/01KJ850Z7PNGXHXESBM68HE12Y) represents a shift: developer tools as a platform , not as utilities you install. What makes this different: Zero install — browser tab, done Cross-device — phone, laptop, any OS Shareable results — formatted output has a URL you can send to teammates Timestamp converter built in — ms, seconds, ISO 8601, bidirectional Base64 codec — no need for a separate site The Bigger Trend We are seeing the same pattern across the dev ecosystem: GitHub Codespaces (IDE in browser), Replit (runtime in browser), Vercel (deployment in browser). The next frontier is utility tools in browser . Why run jq locally when a well-designed online tool does it faster and gives you a share link? Try It Head to opennomos.com/en/project/01KJ850Z7PNGXHXESBM68HE12Y — the JSON tools are free, fast, and part of a broader contributor rewards system that makes open-source tooling sustainable. Built as part of the Nomos Build-in-Public series.
AI 资讯
Why AI code review hallucinates — and the two gates that fix it
CCA-Audit — open source (MIT) AI code review has a trust problem, and it's not that it misses bugs. It's that it invents them. If you've run an LLM over a diff, you've seen it: a "possible null dereference" on a value that's guarded three lines up. A "SQL injection" your ORM already parameterizes. A "race condition" that can't happen. And then — worse — it confidently rewrites working code to "fix" the thing that was never broken. The real bug, meanwhile, sits quietly in the noise. The problem isn't intelligence. It's that most AI reviewers report their first impression as a verdict. A model reads a diff, pattern-matches "this looks like X," and emits a finding — without ever going back to check whether X is actually reachable in this code. Humans do a second pass ("wait, is price validated upstream?"). Most AI-review pipelines skip it. Here are two gates that add that second pass — and a stress test showing what they catch. Gate 1: verify findings before you fix (anti-hallucination) The idea is simple: no finding is allowed into the fix plan until a separate step re-checks it against the real code. After the auditors produce findings, a verification pass takes each one and asks three questions: Does the issue actually exist at the cited line? Is it in the code that changed, or a pre-existing thing outside the diff? Is the stated impact real, or already mitigated elsewhere — a guard upstream, a value validated before this point, a config defined in another module? The key design choice: bias the verifier toward refuting. A wrongly-confirmed finding causes a needless (sometimes harmful) fix; a wrongly-dropped one is cheap to recover. So when the evidence isn't clear, drop it or escalate to a human — don't fix on a hunch. This one step kills the majority of hallucinated findings, because hallucinations rarely survive contact with "show me the exact line, and prove the impact can occur." Gate 2: prove the fix maps to the finding (anti-regression + provenance) Catching
AI 资讯
My AI agent tried to ship a mistake we'd already reverted
A month ago we added a card_token column to the users table so a background job could retry failed Pro charges. It lasted about two days. Storing card data in your own database drops you into PCI-DSS (the compliance standard that kicks in the moment card data touches your systems), so we pulled it and moved to Stripe-managed payment methods. Last week the charges started failing again. New Claude Code session, no memory of any of that. Its plan? Add a card_token column to users and retry. I don't really blame the agent. It had the context the first time and it was right. The problem is that context died when the session closed. That's the part I never see mentioned about building with agents: the code sticks around, the reasoning doesn't. People leave a trail without trying. A commit message, a PR comment, the Slack thread before it. Agents don't, and the prompt that explained everything is gone by morning. So I built Selvedge to hold onto the reasoning. What happened the second time Selvedge is a local MCP server the agent calls as it works. There's a four-line block in our CLAUDE.md that says, roughly: before you touch an entity, check if we've been here before. $ selvedge prior-attempts users.card_token users.card_token Prior attempt 28 days ago ( reverted after 2 days ) Reasoning Added to store card tokens for one-click retries. Outcome REVERTED — kept card data out of our own DB to stay clear of PCI-DSS scope ; moved to Stripe-managed methods. So it didn't add the column. It charged off_session against the saved Stripe PaymentMethod instead. Charge retried, no card data in our database, done. We paid for that lesson once. How it works The agent writes down why live, in the moment, from the same context that made the change. That's the whole trick. A lot of the "git blame for AI" tools take your diff afterward and ask a second model to explain it. That's a guess. It reads well, but you can't really build on it. Selvedge stores what the agent actually meant, in i
AI 资讯
5 Free Browser-Based Dev Tools: GraphQL Formatter, Docker Compose Validator, Dockerfile Linter, and More
I just shipped 5 new tools to DevNestio — a hub of 172 free, browser-only developer utilities. All tools are zero-signup, zero-upload, and work offline. 1. GraphQL Query Formatter & Minifier https://devnestio.pages.dev/graphql-formatter/ Paste any GraphQL operation and get: Pretty-print — consistent indentation Minify — strips comments and whitespace for smaller request payloads Validation — brace/parenthesis balance check Operation detection — lists all named query , mutation , subscription , fragment Useful for quick query cleanup before pasting into code reviews or API docs. 2. Protobuf (.proto) Formatter & Validator https://devnestio.pages.dev/protobuf-formatter/ Online formatter and validator for Protocol Buffer .proto files: Duplicate field number detection Message and enum structure validation Syntax-highlighted output One-click copy Great for a sanity check before pushing .proto changes in a gRPC service. 3. Docker Compose Validator https://devnestio.pages.dev/docker-compose-validator/ Paste your docker-compose.yml to catch: Missing services section Services without image or build Invalid port mappings ( 80:80 , 127.0.0.1:8080:80 , 53:53/udp , ranges…) depends_on referencing non-existent services Circular dependency detection (A→B→A) Unknown restart policies # This will flag errors: services : web : ports : - " abc:xyz" # invalid port depends_on : - missing_service # unknown service 4. Dockerfile Analyzer & Linter https://devnestio.pages.dev/dockerfile-analyzer/ Analyzes your Dockerfile for best practice violations across three categories: Security sudo usage inside RUN Container running as root (no USER instruction) Secrets baked into ENV / ARG (password, secret, token, key) Image size :latest base image tag apt-get update in a separate RUN (stale cache risk) apt-get install without --no-install-recommends apt cache not cleaned ( rm -rf /var/lib/apt/lists/* ) ADD used for local files instead of COPY Layer optimization Consecutive RUN instructions (suggest c
开发者
ANSI Color Code Generator: Build Terminal Escape Sequences Visually
Stop memorizing ANSI escape sequences. I built a browser tool to generate them visually — pick colors, styles, and get the code ready to paste. Try it 🔗 ANSI Color Code Generator — DevNestio Features 3 color modes : 8-color, 256-color palette, RGB truecolor (24-bit) 8 text styles : Bold, Dim, Italic, Underline, Blink, Reverse, Hidden, Strikethrough Separate FG/BG : Set foreground and background colors independently 3 output formats : Shell ( echo -e ), Python ( print ), Raw escape sequence Live preview in a simulated terminal box How ANSI sequences work ESC [ <codes> m Multiple codes are separated by ; . Reset is ESC[0m . 8-color : codes 30-37 (FG), 40-47 (BG), 90-97 (bright FG) 256-color : ESC[38;5;<0-255>m for FG, ESC[48;5;<0-255>m for BG RGB truecolor : ESC[38;2;<R>;<G>;<B>m 256-color palette calculation function get256Color ( i ) { if ( i < 16 ) return standardColors [ i ]. hex ; if ( i < 232 ) { const n = i - 16 ; const r = Math . floor ( n / 36 ) * 51 ; // 255/5 = 51 const g = Math . floor (( n % 36 ) / 6 ) * 51 ; const b = ( n % 6 ) * 51 ; return `rgb( ${ r } , ${ g } , ${ b } )` ; } const v = ( i - 232 ) * 10 + 8 ; // 24 grayscale steps return `rgb( ${ v } , ${ v } , ${ v } )` ; } Output examples # Bold red text on black echo -e " \e [1;31mHello, Terminal! \e [0m" # RGB orange (Python) print ( " \0 33[38;2;255;128;0mOrange text \0 33[0m" ) Tested with 128 assertions covering code generation, color math, and format strings. Part of DevNestio — 115 free browser-only developer tools.
开发者
Bitwise Calculator: Visual 32-bit AND/OR/XOR/NOT/Shifts in Your Browser
I built a browser-based bitwise calculator that performs AND, OR, XOR, NOT, NAND, NOR, XNOR, arithmetic/logical shifts, and rotate operations on 32-bit integers — with a live clickable bit grid. Try it 🔗 Bitwise Calculator — DevNestio Features 13 operations : AND, OR, XOR, NOT A/B, NAND, NOR, XNOR, SHL, SHR, SHRA, ROTL, ROTR Visual 32-bit grid : Click any bit to toggle Operand A on the fly Multi-base input : Auto-detect 0xFF , 0b1010 , 0o17 , or decimal 4 output formats : Hex, decimal, binary (grouped), octal — all with copy buttons No server, no upload — everything runs in-browser The JavaScript integer trap Bitwise ops in JS coerce values to signed 32-bit integers. To get unsigned results you need >>> 0 : case NOT_A : return ( ~ a ) >>> 0 ; // without >>> 0, ~0 shows as -1 case XNOR : return ( ~ ( a ^ b )) >>> 0 ; case ROTL : return (( a << s ) | ( a >>> ( 32 - s ))) >>> 0 ; Rotate without a dedicated instruction JavaScript has no ROL/ROR, so combine two shifts: // Rotate left by s bits (( a << s ) | ( a >>> ( 32 - s ))) >>> 0 Tested with 99 assertions All core logic — parsing, computing, edge cases like XNOR with ~0xFF = 0xFFFFFF00 — covered in a Node.js test file using assert . Part of DevNestio — a growing collection of 115 free browser-only developer tools.
AI 资讯
Build a vendor onboarding agent with its own email inbox
Vendor onboarding usually starts with one clean request and then turns into a messy thread. Procurement asks for a W-9, security asks for a SOC 2 report, finance asks for remittance details, legal asks for an executed agreement, and the vendor replies with four attachments across three messages because different people own different parts of the process. That is exactly the kind of workflow where a generic "AI email assistant" gets risky. You do not want a model improvising legal language, requesting bank details in the wrong channel, or forwarding a confidential report to the wrong internal alias. You want the agent to own the repetitive coordination while your application keeps the state machine, policy, audit log, and approvals. The pattern I reach for is a dedicated Nylas Agent Account: vendors@yourcompany.com . It is a real mailbox the onboarding agent owns. It receives the vendor's replies, detects what is attached, updates your vendor record, sends safe reminders, and escalates missing or sensitive items to a human. The agent is not borrowing an employee's inbox, and it is not scraping a shared procurement mailbox. It has a grant, an email address, webhooks, threads, folders, and the same Messages API you would use for any other mailbox. I work on the Nylas CLI, so the terminal examples below use the commands I would use while building and debugging this flow. I also include the raw API calls because the production version belongs in your service, not in a shell script. What the agent should own Start by drawing the boundary tightly. A vendor onboarding agent should own message handling and coordination, not business approval. Good responsibilities: Receive vendor replies at a stable address. Read message bodies and attachment metadata. Match a reply to an existing vendor record. Detect which onboarding items are complete, missing, expired, or unreadable. Draft reminders and status updates. Schedule handoff calls when the vendor asks for help. Escalate sensit
AI 资讯
Sonnet 5 launches: Opus performance at lower cost
This week was largely a Claude story: Sonnet 5 landed with enough benchmark muscle to make Opus feel redundant for most workloads, and GitLab's production data backs up the claims. Alongside that, GitHub Copilot quietly dropped its JetBrains friction, and Google's image model got cheaper and faster on Vercel's gateway. Here's what's worth acting on. Claude Sonnet 5 launches on Vercel AI Gateway Sonnet 5 is available now via Vercel AI Gateway at anthropic/claude-sonnet-5 . Launch pricing is $2/$10 per million input/output tokens—identical to Sonnet 4.6—but that rate expires August 31, after which it steps to $3/$15. The model matches Opus 4.8 on coding and agentic benchmarks, which means you can stop routing hard tasks to Opus and absorb a 50–67% cost reduction in the process. For AI SDK users, this is a one-line change. Stronger long-context handling and document parsing are the practical wins for RAG pipelines and multi-turn agent workflows—two areas where Sonnet 4.6 had real rough edges. Verdict: Ship. Update your model identifier before August 31 while the launch pricing holds. Zero breaking changes, and there's no reason to stay on 4.6 for new work. Sonnet 5 closes Opus gap at lower cost Beyond the Vercel integration, the broader Sonnet 5 release deserves its own read. The model is now the default reasoning tier replacing Sonnet 4.6 across Anthropic's plans, and the capability jump is specifically on agentic task completion—planning, multi-step tool use, brownfield code navigation. Early testers report that tasks which previously stalled midway through agent loops now finish end-to-end, which is a qualitatively different outcome from incremental benchmark gains. The economics are straightforward: Opus-level performance at Sonnet prices through August, then a modest step up to $3/$15. If you're running production agents today, the cost-per-completed-task improvement compounds because you're paying less and spending fewer cycles on failure recovery and re-promptin
AI 资讯
Stop re-flagging the same finding — without going silent
A reviewer that flags the same known issue on every run trains you to ignore it. The fix can't be "hide findings," because a tool that silently drops things is worse than one that nags. CommitBrief has two ways to accept a finding and move on — a per-developer baseline and an in-source suppression marker — and both are built so that what they remove is always counted, never quietly swallowed. The interesting part is how a finding keeps its identity when the code around it moves. TL;DR Baseline ( .commitbrief/baseline.json , gitignored): accept the current findings once; later runs drop anything whose fingerprint is already in the file. Inline suppression : a commitbrief-ignore: <reason> comment on or above a line removes that finding — and lives in committed source, so a reviewer sees it. A finding's fingerprint deliberately excludes its line number , so accepting it survives the code drifting up and down the file. Both are TRUE removals — they affect --fail-on and the JSON findings[] , not just the display — and both print what they removed. The limit. The baseline is per-developer, not a shared team policy; it quiets your runs, not CI's. The fingerprint that survives code drift The whole design rests on one question: when is a finding "the same finding" you already accepted? If the answer included the line number, a baseline would evaporate the moment you added an import above the issue. So it doesn't. A finding's identity is three fields, hashed: func normalizeTitle ( title string ) string { return strings . ToLower ( strings . Join ( strings . Fields ( title ), " " )) } func Fingerprint ( f render . Finding ) string { h := sha256 . New () h . Write ([] byte ( f . File )) h . Write ([] byte { 0 }) h . Write ([] byte ( f . Severity )) h . Write ([] byte { 0 }) h . Write ([] byte ( normalizeTitle ( f . Title ))) return hex . EncodeToString ( h . Sum ( nil )) } File, severity, and a normalized title — and nothing else. Line is out, so the same issue keeps its finger
AI 资讯
Set per-customer send quotas with agent policies
Most multi-tenant email-agent setups give every customer the same caps. Your free-tier user who signed up an hour ago and your enterprise account doing thousands of sends a day hit the exact same daily send limit, the exact same storage ceiling, the exact same retention window. That's fine right up until a free trial account starts hammering your infrastructure, or an enterprise customer files a ticket because their agent stopped sending at noon UTC and nobody can explain why. Free-tier and enterprise tenants shouldn't share the same caps. They have different risk profiles, different contractual obligations, and different billing. The trick is to make the quota a property of the tier, not a property of each individual account — so when you provision a new tenant you don't compute limits, you just drop them into the right bucket and the limits come along for free. With Nylas Agent Accounts that bucket is a workspace , and the caps live on a policy you attach to it. Set up one policy per tier, attach each to its tier's workspace, and every Agent Account in that workspace inherits the policy's send, storage, and retention limits automatically. No per-account configuration, no drift. I work on the Nylas CLI, so the terminal commands below are the exact ones I reach for when I'm wiring this up. As always, I'll show both the raw HTTP call and the CLI equivalent for every step, because half of you live in scripts and the other half live in your app code. What you actually get An Agent Account is just a Nylas grant with a grant_id — a managed mailbox that can send and receive on a domain you've registered. Everything grant-scoped works against it: Messages, Drafts, Threads, Folders, the lot. There's nothing new to learn on the data plane. A policy is a reusable bundle of limits and spam settings. One policy can govern many accounts. The limits we care about for tiering are: limit_count_daily_email_sent — how many messages an account can send per day. limit_storage_total — t
AI 资讯
I Built a QR Code Generator in Pure Vanilla JS — No Libraries, No Server, 202 Tests
QR codes look like magic — a grid of black and white squares that encodes anything from a URL to a business card. But how do they actually work? I decided to find out the hard way: implement the full QR Code Model 2 algorithm in vanilla JavaScript, zero external dependencies. The result: QR Code Generator — a free, client-side tool that generates QR codes from any text or URL. 👉 https://qr-code-generator-e83.pages.dev Why No Libraries? I maintain a collection of browser-only developer tools at devnestio . Every tool has the same rule: zero external dependencies. No npm installs, no CDN scripts, no servers. For most tools (JSON diff, Base64 encoder, UUID generator) that's easy. QR codes are different. The spec is a 126-page ISO document. Most developers just npm install qrcode and call it a day. But writing it from scratch taught me more about error-correcting codes, Galois field arithmetic, and matrix encoding than I ever expected. Worth every hour. What the Tool Does Real-time generation as you type (debounced at 80ms) Size selector — 128 × 128, 256 × 256, or 512 × 512 pixels Error correction level — L (7%), M (15%), Q (25%), H (30%) Color picker — any foreground and background color PNG download via canvas SVG download with crisp vector output at any scale How QR Codes Actually Work QR Code Model 2 (the standard you see everywhere) has six major steps. Here's the short version: 1. Data Encoding Text gets encoded into one of three modes based on content: Numeric ( 0-9 ): packs 3 digits into 10 bits — most compact Alphanumeric ( 0-9 A-Z $%*+-./:space ): 2 chars into 11 bits Byte (everything else): UTF-8, one byte per 8 bits The encoder picks the mode automatically and finds the minimum QR version (1–40) that fits the data. function detectMode ( text ) { if ( /^ \d +$/ . test ( text )) return NUMERIC_MODE ; if ( text . split ( '' ). every ( c => ALPHANUMS . includes ( c ))) return ALPHANUM_MODE ; return BYTE_MODE ; } 2. Reed-Solomon Error Correction This is the hard
AI 资讯
The New Code: Why Specifications Will Replace Programming
The agents were doing exactly what I told them to. That was the problem. I'd built a pipeline where AI agents could take a spec file, implement a feature, run the tests, review the result, and commit — without me writing a line of code. It mostly worked. Dozens of features shipped. But I kept reviewing the output and feeling like something was off. Not broken. Just subtly wrong in a way that was hard to name. I spent a while blaming the models. Then the prompts. Then the validation steps. Eventually I had to sit with the obvious: the agents were implementing exactly what I'd written. My specs were underspecified. The bottleneck was always me, at the planning stage. The thing most people throw away There's something that feels right about vibe coding. You're operating at the level of intent — describing what you want and letting the model handle the mechanics. That part is genuinely useful. But watch what most people do with the output: Traditional development: Source code → Compiler → Binary (keep the source; regenerate binary anytime) Vibe coding done wrong: Prompt → LLM → Generated code (delete the prompt; commit the code) You've shredded the source and carefully version-controlled the binary. The prompt — your structured description of what you wanted, why, and what "correct" meant — is the valuable artifact. The generated code is what compiles from it. When you discard the prompt and commit only the output, you've lost the thing that actually mattered. The practical consequence shows up six months later: you're staring at code you wrote and spending twenty minutes reverse-engineering your own intent. The spec would have been a thirty-second read. What a spec-driven pipeline is I built what I call an SDLC (Software Development Lifecycle) harness — a system where instead of writing code directly, you write a spec describing what needs to be built, and AI agents handle the implementation, testing, review, and documentation. The spec is the source. The code is what
AI 资讯
Add email signatures with the Nylas Signatures API
Here's a thing that surprises people the first time: an email sent through the API does not carry the signature the user set up in Gmail or Outlook. Provider signatures live in the provider's compose UI, and a programmatic send bypasses that entirely, so a message your app sends goes out with no signature at all unless you add one. The Nylas Signatures API is how you add it: store an HTML signature once, then attach it to a send by ID, and the signature gets appended to the message for you. This post covers signatures from two angles: the HTTP API your backend calls, and the nylas CLI for creating and testing one from the terminal. I work on the CLI, so the terminal commands below are the ones I reach for when I'm setting a signature up. Nylas signatures are separate from provider signatures The first thing to get straight is that these are not the user's existing signature. Nylas doesn't sync the signature configured in Gmail, Outlook, or any other provider, and that provider signature is never applied to mail sent through the API. If a message your app sends needs a sign-off, you create that signature with this API and attach it explicitly; there's no inheriting it from the connected account. That separation is deliberate, because a programmatic send is a different context from a person typing in their webmail. It does mean the responsibility is yours: a user who connects their mailbox expecting their familiar signature to appear on app-sent mail won't get it automatically. Stored signatures are grant-scoped, living at /v3/grants/{grant_id}/signatures , so each connected account has its own set, and they're HTML, so a branded sign-off with a logo and links works the same as a plain one. Create a signature Creating a signature is a POST /v3/grants/{grant_id}/signatures with a name and an HTML body . The name is for you, a label to find it by later; the body is the markup that gets appended to outbound mail. The response returns the signature with its ID, which is w
AI 资讯
Top Open Source Coding Agents to Replace Claude Code in 2026
Claude Code is a genuinely powerful CLI coding agent. Its context window handling and multi-file reasoning set a high bar in 2026. But it comes with real constraints - it requires an Anthropic API key, charges per token, locks you into Claude models only, and its source code is closed. For developers running local-first workflows, working in air-gapped environments, or simply preferring auditable tooling, those limitations are dealbreakers. The good news: the open-source ecosystem has matured significantly. Nine production-ready alternatives now cover every major workflow pattern - from terminal-first pair programming to fully autonomous task execution. Why Open Source Matters for AI Coding Agents AI coding agents operate at a high level of system trust. They write files, run commands, and modify your repository. That makes transparency genuinely important - not just philosophically. Open-source licensing lets you read the code, audit its behavior, self-host without sending data to a third party, and customize it for your team's needs. Beyond trust, the practical advantages are real. Open-source agents are model-agnostic by design. They connect to whichever LLM you prefer - Claude, GPT, Gemini, DeepSeek, or a local model via Ollama - letting you optimize for cost and capability on a per-task basis rather than being locked to one pricing tier. OpenCode - The Closest Open-Source Drop-In for Claude Code OpenCode has emerged as the de facto open-source answer to Claude Code in 2026, crossing 161,000 GitHub stars under an MIT license. It connects to over 75 LLM providers via Models.dev - including local Ollama models - and lets you switch providers mid-session. Internally it uses a dual-agent architecture: a Plan agent handles task decomposition while a Build agent executes changes. LSP integration brings symbol resolution into the terminal. Multi-session support lets you run parallel agents on the same project simultaneously. OpenAI Codex CLI - Auditable and Sandbox-Fir
AI 资讯
CDK Update - April/May 2026
devtools #infrastructureascode #cdk #aws Index TL;DR Major Features Bedrock AgentCore — From Alpha to Stable Fn::GetStackOutput & Weak Cross-Stack References Validations Framework Performance Improvements CloudWatch PromQL Alarms CLI Improvements New L2 Constructs Service Enhancements Community Highlights Community Content & Resources How Can You Be Involved Hey CDK community! Here's an update covering everything that shipped in April and May 2026. TL;DR Bedrock AgentCore graduated to stable — production-ready AI agent infrastructure with semver guarantees. Cross-region references got a major upgrade with native Fn::GetStackOutput support and weak cross-stack references. The new Validations framework replaces policyValidationBeta1 with a richer plugin system. And file fingerprinting is ~33% faster with persistent asset caching. These features are available in aws-cdk-lib v2.247.0 through v2.257.0 and aws-cdk CLI v2.1116.0 through v2.1125.0. Full changelogs on GitHub Releases ( Library | CLI ). Major Features Bedrock AgentCore — From Alpha to Stable The @aws-cdk/aws-bedrock-agentcore-alpha module has graduated to aws-cdk-lib/aws-bedrockagentcore — stable APIs, semver guarantees, production-ready. If you've been building AI agents with Bedrock but held off on CDK because of the alpha label, it's time to upgrade. ( #37876 ) AgentCore provides the core infrastructure for building AI agents: runtimes, gateways, identity management, observability, and online evaluation. The Policy submodule remains in alpha as it continues to evolve rapidly. ┌─────────────────────────────────────────────────────┐ │ Bedrock AgentCore (Stable) │ ├─────────────────────────────────────────────────────┤ │ │ │ ┌──────────┐ ┌──────────┐ ┌──────────────────┐ │ │ │ Runtime │ │ Gateway │ │ Identity │ │ │ │ (L2) │ │ (L2) │ │ (L2) │ │ │ └────┬─────┘ └────┬─────┘ └────────┬─────────┘ │ │ │ │ │ │ │ ▼ ▼ ▼ │ │ ┌──────────┐ ┌──────────┐ ┌──────────────────┐ │ │ │Observa- │ │Online │ │ Policy Engine │ │ │
AI 资讯
Pull OTP and 2FA codes from email with Nylas
One-time passcodes are everywhere: sign up for a service, log in from a new device, confirm an action, and a six-digit code lands in your email. A human glances at it and types it in. An automated flow, a signup script, an end-to-end test, or an AI agent connecting to a third-party service, can't glance at anything. It has to pull the code out of the mailbox programmatically, and that's a surprisingly fiddly job: the code arrives seconds after a trigger, it's buried in a templated email, and every sender formats it differently. This post covers extracting verification codes from two angles: the nylas CLI , which does it for you in one command, and the Email API pattern you build when it's part of a larger flow. I work on the CLI, so the terminal commands below are the ones I reach for when I just need the code. Two ways to get the code There are two paths depending on what you're building. For terminal workflows, local testing, or scripting a login, the CLI has a dedicated nylas otp command that finds the latest code in a mailbox and hands it to you. For an application or an agent that reacts to incoming mail, you build the extraction into your own flow: catch the message when it arrives, pull the body, and parse the code out. The difference is who drives. The CLI is pull-based: you ask for the latest code when you need it. The API pattern is push-based: a webhook tells you a message arrived, and your code extracts the value as part of handling it. Both end at the same place, a string of digits you feed into whatever's waiting for it, but the CLI is the fast path for a developer and the API pattern is the durable path for a product. In practice you use both: the CLI to learn which sender and code format you're dealing with during development, then that same understanding baked into the application pattern for production. Grab the latest code from the CLI When you've just triggered a code and want it now, nylas otp get finds the most recent one in your default accoun