今日已更新 80 条资讯 | 累计 20052 条内容
关于我们

标签:#ens

找到 1392 篇相关文章

AI 资讯

The Myth of the Post-Documentation Era

There is a growing sentiment in engineering circles right now that documentation is a relic of the past. The argument usually goes something like this: We’re living in the era of agent-driven development. If an AI agent can read the raw source code or parse an OpenAPI specification instantly, why waste human engineering hours writing prose? Code churns too fast anyway, and human-written docs are outdated the second they’re committed. It’s an attractive, black-and-white view of the world. It’s also completely wrong. Chasing strict determinism in your source of truth is a pipe dream. Code and specs tell a system how something works, but they are fundamentally incapable of explaining why it was built that way in the first place. The Intent Gap: Why Code Isn't Enough Even if you’re building entirely for a downstream consumer of AI agents, there is a massive, structural gap between a raw API specification and an operational reality. Agents are phenomenal at pattern matching and syntax execution, but they struggle with architectural philosophy and human intent. We still need words to contextualize the boundaries. A spec can define an endpoint, its parameters, and its payload. What it can't capture is the nuance of why a specific architectural trade-off was made, or the implicit historical context of a legacy edge case. Prose provides the guardrails for non-deterministic systems. Even if that prose is ultimately consumed by a machine rather than a human, the written word remains the highest-leverage way to transmit intent. The Danger of Slop Describing Slop This doesn't mean we need to return to the days of manually maintaining massive, static wiki pages. Automation has a massive role to play here. Cascading automation—where documentation is dynamically generated alongside code changes—is incredibly powerful. But there’s a trap here: slop describing slop is entirely useless. If we completely hand off documentation generation to unchecked LLMs, we end up with a feedback loo

2026-07-13 原文 →
AI 资讯

The AI Skill Registry at 5,776: A Deep Dive into Reusable Modules for Code Review, Terraform, and Database Migrations

The AI Skill Registry at 5,776: A Deep Dive into Reusable Modules for Code Review, Terraform, and Database Migrations TormentNexus’ skill registry has surpassed 5,776 reusable modules. This post dissects three high-impact skill categories—code review, Terraform generation, and database migration—with real code examples, performance metrics, and architectural constraints. Learn how to leverage these modules to accelerate development pipelines. From Silos to Synergy: Why 5,776 Skills Matter In late 2023, TormentNexus crossed the 5,000-module threshold. As of February 2025, we’re at 5,776 verified, runnable AI skills—each one a `SKILL.md`-defined unit that maps to a specific task, parameter set, and output schema. The registry isn’t a flat list; it’s a dependency graph where skills chain together. For example, a `terraform-generate` skill calls a `code-review` skill internally to validate the generated HCL before output. This modular architecture means a single prompt can sequence up to 3.2 skills on average (median depth: 2), with a measured 94% success rate for execution with no human intervention. The registry spans 37 domains, from frontend component generation to Kubernetes manifests. The top three categories—code review, infrastructure as code, and database operations—account for 1,308 skills collectively. Each skill is stored as a JSON schema in the registry, with an average execution latency of 1.42 seconds (GPU-accelerated, single A100). Let’s examine three representative modules in detail. // Metadata from an actual registered skill: code-review-python v2.1 { "name": "code-review-python", "registryID": "SKI-PYTHON-REVIEW-1729", "version": "2.1", "outputSchema": { "type": "object", "properties": { "issues": { "type": "array", "items": { "$ref": "#/definitions/Issue" } }, "complexityScore": { "type": "number", "minimum": 0, "maximum": 100 }, "refactoredSnippet": { "type": "string" } }, "required": ["issues", "complexityScore"] }, "defaultPromptTemplate": "Revie

2026-07-13 原文 →
AI 资讯

Complete AI Agent Lockdown: 21 Policy Types for Maximum Security

Complete AI Agent Lockdown: 21 Policy Types for Maximum Security Giving an AI agent a wallet without guardrails is like giving a toddler a credit card — technically functional, potentially catastrophic. If you're building AI agents that interact with crypto wallets, the security model you choose isn't an afterthought. It's the difference between a useful autonomous system and one that drains your funds on a bad inference. This post is about exactly how WAIaaS handles that problem. Not vague promises about "enterprise-grade security" — specific mechanisms, specific policy types, and specific code you can run today. The Actual Risk Model Let's be honest about what can go wrong when you give an AI agent wallet access: The agent misinterprets a prompt and sends funds to the wrong address A compromised session token gets used by an attacker The agent executes a DeFi action with parameters outside your intended range Gas fees spike and the agent submits transactions at costs you'd never accept manually The agent approves an unlimited token allowance to a contract you didn't vet None of these require a malicious agent. They can all happen with a well-intentioned model operating outside the boundaries you forgot to define. The solution isn't to avoid giving agents wallet access — it's to define exactly what they're allowed to do, and nothing more. WAIaaS approaches this with three distinct security layers, a default-deny policy engine with 21 policy types across 4 security tiers, and multiple channels for human approval when transactions exceed your defined thresholds. Layer 1: Authentication — Three Separate Keys for Three Separate Roles The first layer is role separation. WAIaaS uses three authentication methods that map to three distinct principals: masterAuth (Argon2id) — The system administrator role. Creates wallets, manages sessions, configures policies. This credential never touches the agent. sessionAuth (JWT HS256) — The AI agent's credential. Scoped to a specific

2026-07-13 原文 →
AI 资讯

Real-Time AI Observability: Dashboards That Show Actual Database Rows

Real-Time AI Observability: Dashboards That Show Actual Database Rows Discover how TormentNexus shatters the status quo by rendering real SQLite rows in your agent monitoring dashboards—no mock data, no synthetic graphs. Learn why live database visibility is the cornerstone of effective debugging AI workflows and how our real-time dashboard exposes every query, state, and anomaly as it happens. Why Mock Data Undermines Debugging AI Every developer has experienced the disconnect: a polished dashboard displays smooth latency curves and flawless agent trajectories, yet the underlying system is silently generating corrupted embeddings or leaking PII into production logs. Traditional observability platforms—Datadog, Grafana, New Relic—aggregate metrics into averages, percentiles, and precomputed time series. They intentionally discard raw row-level data to conserve storage and processing. This works fine for server uptime or HTTP status codes, but for AI agent monitoring, it’s a catastrophic abstraction. Consider a LangGraph agent processing user queries against a SQLite knowledge base. A mock-data dashboard would show "3,200 rows processed per minute" and "95% query success rate." But what if 12% of those "successful" queries return stale or hallucinated responses because a background thread silently reindexed tables without updating vector hashes? With aggregate metrics alone, you’d never know. You’d see a green status indicator while your AI feeds garbage to users. That’s the reality of debugging AI without raw row visibility. TormentNexus solves this by exposing every INSERT, UPDATE, and DELETE that occurs within your SQLite databases—in real time. Our real-time dashboard doesn’t poll for snapshots. It streams row-level mutations directly from WAL (Write-Ahead Log) files, giving you the exact data your agents are producing, not a statistically smoothed version. How TormentNexus Streams Live Database Rows Under the hood, TormentNexus leverages SQLite’s built-in replic

2026-07-13 原文 →
AI 资讯

MCP Protocol Deep-Dive: How Tool Discovery Actually Works Under the Hood

MCP Protocol Deep-Dive: How Tool Discovery Actually Works Under the Hood Uncover the mechanics of Model Context Protocol (MCP) tool discovery—from JSON-RPC handshake to progressive injection. A technical walkthrough of capability negotiation and dynamic endpoint enumeration with real code examples and traffic flow analysis. The Handshake That Sets the Stage: JSON-RPC Initiation Tool discovery in MCP doesn't start with a simple “list tools” call. It begins with a structured JSON-RPC 2.0 handshake that negotiates protocol version, transport layer, and supported extensions. The client (e.g., an agent or IDE) sends an initialize request with its capabilities object, including fields like supportsToolDiscovery and maxToolCount . The server responds with its own capabilities, and only after this mutual agreement does the real enumeration begin. Real-world implementations—like those in the official MCP SDKs—use a ClientCapabilities struct that flags whether the client can handle dynamic tool lists, streaming updates, or batch discovery. For instance, a lightweight edge agent might set supportsToolDiscovery: false , forcing the server to pre-bundle tools into the initial handshake, while a full-featured IDE sends supportsToolDiscovery: true with a maxToolCount: 50 to throttle large tool registries. // Example initialize request (client → server) { "jsonrpc": "2.0", "id": 1, "method": "initialize", "params": { "protocolVersion": "2024-11-05", "capabilities": { "supportsToolDiscovery": true, "maxToolCount": 50, "supportsStreaming": false } } } The server responds with its own capabilities—advertising tool discovery endpoints, supported JSON-RPC methods, and any custom extensions. This two-way handshake ensures both sides speak the same dialect before a single tool name is exchanged. Tool Enumeration: Beyond the “listTools” Metho Once handshaken, the client issues a tools/list call—but the real depth lies in pagination and chunking. A production MCP server with hundreds of too

2026-07-13 原文 →
AI 资讯

Beyond Synchronous Hell: Why Your Multi-Agent System Needs an Event-Driven Backbone

Beyond Synchronous Hell: Why Your Multi-Agent System Needs an Event-Driven Backbone Explore how event-driven architecture (EDA) transforms multi-agent coordination. Learn to build a Pub/Sub backbone where Planner, Implementer, and Critic agents stay synchronized without blocking—using the Swarm event bus for async AI patterns in production. The Synchronization Crisis in Multi-Agent Systems Every developer who has scaled a multi-agent system beyond two agents has hit the same wall: synchronous calls create deadlocks, timeouts, and cascading failures. Imagine a Planner agent dispatching tasks to five Implementer agents while a Critic agent evaluates output in parallel. In a naive request-response system, the Planner blocks until every Implementer returns—and the Critic can't even start until the Planner finishes its orchestration loop. Latency compounds, memory pressure spikes, and a single slow agent halts the entire pipeline. In production benchmarks at TormentNexus, we observed that synchronous coordination between just three agents increased end-to-end latency by 340% compared to an event-driven equivalent. The root cause? The Planner spent 78% of its time waiting on I/O—listening for responses instead of doing actual work. This is where event-driven AI (EDA) becomes not just an optimization, but a necessity. The Pub/Sub Pattern: Decoupling Agents with an Event Bus Event-driven architecture inverts the control flow. Instead of one agent calling another, agents publish events onto a shared bus (the Swarm event bus) and subscribe to the events they care about. The Planner doesn't wait—it emits a "TaskAssigned" event and immediately moves on to the next task. Implementer agents pick up tasks asynchronously, and the Critic monitors a "TaskCompleted" stream without ever polling the Planner. // Example: Swarm event bus subscription for a Critic agent const eventBus = new SwarmEventBus(); eventBus.subscribe('TaskCompleted', async (event) => { const { taskId, implementati

2026-07-13 原文 →
AI 资讯

Why Your Team's AI Assistant Acts Like It's the First Day on the Job, Every Single Time

Anyone who has used AI tools for a while has probably run into this annoyance. You ask it to write a weekly report in the morning and it doesn't know your KPI framework was overhauled last week. You ask for a technical proposal in the afternoon and it has no idea you spent three months locking down your tech stack. Every new conversation means re-explaining the project background, which decisions were made and why. In multi-person collaboration the problem scales up fast. Five people each interacting with AI separately; the AI's understanding of each person is isolated. A discusses an architecture decision with the AI, B has no idea that conversation happened. Five people are repeating the same explanations and none of them know the others already did. Context Fragmentation Has Nothing to Do with Model Capability Current mainstream AI tools store memory as conversation history stuffed into a context window. When the window fills up, older messages get truncated. That works fine for a single conversation but falls apart in cross-day, cross-week team collaboration. Even with 128K token support, cramming all project history in there causes information density to collapse and the model loses the ability to focus on what matters. Team collaboration needs memory across several layers. Project background, tech stack choices, the reasons behind past pivots; this long-term context doesn't appear in any single conversation but affects every task. One team member prefers concise communication while another wants detailed reasoning; the AI should remember these differences instead of outputting the same format for everyone. Last week's design decision and why it went that way, how that choice affects this week's sprint planning; if the AI can't see these connections, its suggestions will clash with earlier direction. Some products use vector retrieval to extend memory, storing past conversations as embeddings and recalling relevant snippets by semantic similarity when needed. T

2026-07-13 原文 →
AI 资讯

Why I Built an Adversarial Co-Generation Engine

I spent a chunk of last year around legacy modernization work — the kind of project where a bank or an insurer is taking twenty years of accumulated code and rebuilding it as modern services, one system at a time. Every one of those systems starts the same way: a PRD or a requirements document says what the business needs, that gets translated into a spec precise enough for an AI to implement, and eventually someone tests what came out. What struck me, watching this happen at scale, wasn't that the code was bad. It was that nobody was testing the thing that actually determined whether the code would be bad: the spec itself — the technical description handed to the model, not the PRD that motivated it. Every security tool I looked at — SAST scanners, DAST tools, even the AI coding assistants themselves — waited until an implementation existed before doing anything adversarial. Attack the code, once it's there. That's the whole industry's model, and it's worked fine for forty years because the volume was always survivable. A team ships a handful of PRs a week, a human reviews them, and eventually a pentest catches whatever slipped through. That math falls apart at modernization scale. When you're regenerating a few million lines of code, you're also generating a few thousand specs, faster than any review process was ever built to absorb. Testing after the fact doesn't just get slower under that load — it quietly stops happening, spec by spec, until the aggregate exposure is enormous and nobody can point to when it happened. So I built GAUNTLEX to test the thing that happens before the code does: the spec. This is also where I want to be precise about a word that gets overloaded. "Spec-driven development" — the broader industry shift toward writing structured, agent-facing specs instead of prompting an AI free-form — is exactly the world GAUNTLEX lives in. But a spec (what to build, precise enough for a model to implement) and a PRD or requirements doc (why it's needed

2026-07-13 原文 →
AI 资讯

FROST周报 | 为什么智能体需要「谱系」?从生物学隐喻看AI治理新范式

FROST周报 | 为什么智能体需要「谱系」?从生物学隐喻看AI治理新范式 作者按 :本文是 FROST 开源项目的每日推广系列文章,周一深度篇。 一、一个被忽视的根本问题 当我们谈论 AI Agent 时,大多数讨论都聚焦于「能力」:能不能写代码?能不能调用工具?能不能规划任务? 但有一个根本问题很少被触及: 当一个 Agent 执行了错误的决策时,谁来负责?当它消亡后,它的经验能否被传承? 就像一个没有记忆的人,每次醒来都是白纸一张——这不叫智能体,这叫复读机。 FROST 正是为了解决这个「治理真空」而诞生的。 二、从细胞分裂到 Agent 家族 FROST 的核心哲学只有一句话: 细胞会死,但谱系会存续。Agent 会消亡,但宪法会传承。资产会永存。 这不是文学修辞,而是一套完整的技术架构。 四个原子:最小可行集合 FROST 只定义了四个原子,却能构建任意复杂度的智能体系统: 原子 职责 生物类比 Store 记忆容器,只做 save/load/delete 细胞核 Skill 纯能力单元,无状态无副作用 蛋白质 Agent 膜包裹的细胞,拥有 Store + Skills 神经细胞 SOP 有序步骤列表,可教学、校验、优化 宪法文本 from core import Store , Agent , skill_set , skill_get # 创建一个最小 Agent store = Store () agent = Agent ( " cell " , store , skills = { " set_context " : skill_set , " get_context " : skill_get }) # 执行任务 result = agent . run ( sop_steps = [ " set_context " , " get_context " ], initial_context = { " key " : " message " , " value " : " FROST is alive " } ) # result["_result"] == "FROST is alive" 关键洞察 :Store、Skill、Agent、SOP 这四个概念彼此正交,可以自由组合。就像乐高积木,从简单到复杂,始终保持可解释性。 三、家族治理:超越扁平架构 传统的多 Agent 系统通常是扁平的:所有 Agent 平等对话,没有层级,没有记忆,没有责任边界。 FROST 引入了「家族治理模型」——一个三层递归结构: 祖辈 (Ancestor) :定义不可违背的宪法与长期目标 父辈 (Parent) :领域协调者,可递归委托 孙辈 (Leaf) :执行具体原子任务,瞬态存在 四个协议保障治理闭环 : 层级 Store 继承 :祖先记忆只读,后代自动继承 SOP 宪法校验 :祖辈审核后代 SOP,拒绝违规执行 编排层级限制 : max_spawn_generation 硬编码,禁止越级 spawn 选择性持久化 :父辈收割有价值产出,淘汰冗余 Agent 四、V5.0 五维元模型:多维治理架构 2026年7月发布的 V5.0 引入了一个重大升级—— 五维元模型 : 维度 模块 核心职责 武器注册表 Armory 能力的元数据管理与发现 任务注册表 TaskRegistry DAG 任务编排与图谱 SOP 事件编目 EventCatalog + Strategist 态势感知与双模式事件分析 平台注册表 PlatformRegistry 外部能力的发现、调用与健康检查 规则注册表 RuleRegistry 可版本化的治理约束与合规检查 197 个测试用例 保障了每个维度的质量。 五、与现有框架的差异 维度 LangChain CrewAI FROST 状态管理 链式传递 角色记忆 层级 Store 权限边界 无 提示词软约束 代码强制只读 治理可审计 无 对话日志 结构化执行历史 架构无关 ✅ ✅ ✅ FROST 不重复造轮子。它填补的是「治理」这个空白地带: 让多智能体系统真正可控制、可追溯、可进化 。 六、快速体验 # 克隆仓库 git clone https://gitee.com/liao_liang_7514/frost.git cd frost # 运行测试 python -m pytest # 查看示例 python frost_run.py 完整文档: https://gitee.com/liao_liang_7514/frost 七、写在最后 AI Agent 的下一阶段,不是更强的模型,而是 更好的治理 。 当我们把 100 个 Agent 放在一起时,如果没有宪法、没有层级、没有记忆传承

2026-07-13 原文 →
AI 资讯

Dev log #12 Hardening WebRTC and Polishing the UI: A Week of Networking and Refinement

Spent the week balancing deep p2p networking work in Python with some much-needed UI polish on my personal site. 11 commits and 6 PRs later, I hit a perfect 7-day streak and made the codebase a bit more secure. TL;DR This week was all about the "invisible" work that makes software feel solid. I spent a good chunk of time in the weeds of p2p networking, specifically hardening WebRTC implementations, while also carving out time to refine the typography and feel of my personal portfolio. With 11 commits across 5 repos and 6 PRs in flight, I managed to keep the momentum going every single day of the week. WHAT I BUILT Most of my direct commit activity this week was split between keeping my dev environment sharp and making my portfolio feel a bit more "me." Portfolio & Personal Branding I spent some quality time in yashksaini-coder/portfolio . If you're like me, you can't leave your personal site alone for more than a month. I pushed a few updates to the blog content, but the real fun was in the UI/UX tweaks. I swapped out the primary typography for JetBrains Mono —there’s just something about a good monospace font that makes a dev portfolio feel right. I also went through a "make-interfaces-feel-better" phase. I refactored the selectedwork section, specifically dropping a cursor-follow preview tile that felt a bit too "heavy" and replaced it with something more streamlined. I also polished the index rows to make the transitions feel snappier. It’s about +452/-279 lines of code, which is a healthy amount of churn for a week that was supposed to be about "minor" updates. The Maintenance Grind My nvim config is basically a living organism at this point. I have CI set up to automatically track plugin updates, and this week was particularly noisy with 6 commits just keeping the toolchain current. It’s [skip ci] territory, but it ensures that when I sit down to actually write code, my editor isn't lagging behind the latest Lua API changes. I also did a quick version bump for

2026-07-13 原文 →