今日已更新 281 条资讯 | 累计 21147 条内容
关于我们

标签:#ens

找到 1453 篇相关文章

AI 资讯

How I stopped hardcoding business rules in PHP - and built a rule engine to fix it

Every PHP developer knows this situation: a client calls and says "I want free shipping for VIP customers on weekends, but only if the cart total is above €100." You open your code. You find the shipping module. You add an if. You deploy. Three weeks later: "Actually, make it €80. And also for the 'Premium' group." You open your code again. This loop : client request -> find logic in code -> modify -> deploy, was costing me a lot of time. And it's not just shipping. I build custom ecommerce solutions: payment modules, synchronization systems, pricing calculators. Business rules are everywhere, and they change constantly. The obvious solution I didn't want Symfony's ExpressionLanguage exists and it's impressive. But it pulls in dependencies, it can traverse objects and call methods (which is a security concern when rules are authored by users), and when something goes wrong, it doesn't tell you why. It's a black box. I needed something smaller, stricter, and transparent. So I built php-ruler I started with the classic pipeline: Lexer → AST → Evaluator. Strict typing from the start — 1 = '1' is a type error, not true. No silent coercion. Then I added features one real problem at a time. Problem: when something fails, why? -> I built an explain mode that returns the full evaluation tree: which sub-conditions passed, which failed, which were short-circuited, and why a variable was missing. Problem: in production, the context is sometimes incomplete -> I built a safe mode that doesn't throw on missing variables — it collects them all and lets you decide what to do. Problem: customer.group.name is not user-friendly -> I built an alias resolver. As a developer, I expose what I want: $resolver = ( new AliasResolver ()) -> add ( 'customer.group' , 'customer group' ) -> add ( 'cart.total' , 'cart amount' ); Now a non-developer can write: customer group = 'VIP' AND cart amount > 100 And I control exactly what variables are available to them. A real example Here's the shipping

2026-06-09 原文 →
AI 资讯

🚀 GSoC 2026 Weekly Update: Week 2 — Establishing Contracts & System Design

Another productive week of Google Summer of Code with OWASP BLT is in the books! Building on the visual blueprints from last week, this week was focused on locking down our structural foundations and diving deeper into the system architecture. Here is a simple breakdown of the progress made and what lies ahead. Milestones The primary goal for this phase was setting up the structural guardrails for how data travels through our app. Finalized Security Contract Structures: Successfully established the foundational security contract structures. This ensures that our application components have a uniform, strict schema to communicate safely and predictably. trying to figureout some missing point on the security_alerts with the help of my mentor. Merge request updates: Glad to share that the initial setup has been done across our repository through these milestones: 🔗 Merge Request #3 🔗 Merge Request #4 🔗 Merge Request #5 🔗 Merge Request #6 🧠 Current Focus: System Design & UI Polish With the basic structures merged, my day-to-day focus has shifted toward high-level engineering and refining the user experience. Architecture & System Designing: Spending time mapping out the data flows to ensure our local-first storage design works seamlessly with minimal, encrypted web updates. Ongoing UI Revamp: Continuing to polish the user interface layouts based on our initial feedback, ensuring the experience feels clean, intuitive, and highly minimal. ⚡ The Next Step: Building the Workers Now that the structural blueprints are active in the project, it is time to make them functional. ⚙️ Contract Workers: Moving forward, the next step is to start creating the edge contract workers. These workers will handle the actual validation and processing logic for the security contracts we just established. The structural groundwork is officially laid, and the architecture is shaping up beautifully. Excited to bring the core backend logic to life next week! 💻🛡️

2026-06-09 原文 →
AI 资讯

AWS Releases Next Generation of Amazon OpenSearch Serverless

Amazon Web Services has recently announced the general availability of the next generation of Amazon OpenSearch Serverless, with a redesigned architecture that enables 20 times faster resource provisioning than the previous serverless architecture, true scale-to-zero capability, and up to 60% lower cost than a provisioned cluster for peak loads. By Gianmarco Nalin

2026-06-09 原文 →
AI 资讯

ContextLens — py-spy/pprof but for what's inside your LLM prompt

In multi-turn agent loops, the full context re-sends on every API call. A tool result added at turn 3 gets billed again at turns 4, 5, 6, 7... forever. Most of it is never read again. Standard observability tools tell you the total token count. They never tell you what's in there or how much of it is waste . That's what ContextLens fixes. What it does ContextLens is a diagnostic profiler for LLM agent context windows. It: Decomposes the context window into regions: system prompt, tool schemas, tool results, retrieved chunks, user messages, assistant messages Tracks which blocks get re-billed across turns using SHA-256 content hashing Runs 5 waste detectors and ranks findings by dollar cost Prints a concrete one-line fix for each finding Renders an interactive D3 treemap report as a self-contained HTML file No API key required. Works offline on saved traces. The five detectors Detector What it finds Duplicate Same block re-sent verbatim across multiple turns Near-Duplicate >85% Jaccard similarity between distinct blocks Stale Tool Result Tool output never referenced by a later assistant message Unused Tool Schema Tool defined every turn but never called Redundant Retrieval Retrieved chunk with <15% overlap with model output ---Run the built-in demo (simulates a 30-turn agent loop, no API key needed): python -c "import contextlens; contextlens.demo()" python examples/demo.py Live capture — Anthropic import anthropic import contextlens as cl client = anthropic.Anthropic() with cl.capture_anthropic(client, model="claude-3-5-sonnet-20241022") as collector: for turn in range(20): client.messages.create( model="claude-3-5-sonnet-20241022", max_tokens=1024, system="You are a helpful assistant.", messages=build_messages(turn), ) report = cl.analyze_trace(collector.build_trace()) print(f"Recoverable waste: {report.recoverable_tokens:,} tokens (${report.recoverable_cost_usd:.4f})") Live capture — OpenAI import openai import contextlens as cl client = openai.OpenAI() with cl.ca

2026-06-08 原文 →
AI 资讯

AgentTrust ID is live

This weekend, AgentTrust ID went live in production. As of today, all five SDKs are published: pip install agenttrustid npm install @agenttrustid/sdkgo get github.com/agenttrustid/sdk/go cargo add agenttrustid # Maven / Gradle # id.agenttrust:agenttrustid:0.3.0 The SDKs are open source under Apache 2.0 at github.com/agenttrustid/sdk . The hosted platform is running at app.agenttrust.id in a controlled beta. Why I built this AI agents broke the assumptions that machine-to-machine security was built on. An API key answers one question: who is calling. It asks it once, at the door. An agent decides its next action at runtime, from context nobody wrote by hand. The same agent that summarized a document a second ago might now try to email it, delete it, or chain a task to another agent. A credential that only proves identity has no opinion about any of that. Agents need a decision at the action boundary : should this specific action happen, right now, on whose behalf . Answered at runtime, every time, with an audit trail and a kill switch. What's running Everything below is live in production today, not a roadmap: Per-action authorization. Every consequential action passes a pre-flight check. The Guardian pipeline routes each action by risk: deterministic rule checks for the common path, a policy engine for mutations, and AI-backed review for destructive operations. Fail-closed where it counts. Opaque, instantly revocable tokens. Credentials are at_ references with no standing authority of their own . The server decides on every use, so revocation is one call, effective immediately. Scoped delegation. When one agent hands work to another, the grant narrows instead of copying : subset scopes, independent TTLs, independently revocable, bounded chain depth. Read-only sessions with time-boxed elevation. Sessions start safe and rise only on approval, for a bounded window, then revert on their own. One model across surfaces. MCP tools, agent-to-agent calls, and direct API inte

2026-06-08 原文 →
AI 资讯

I shipped a support desk by deleting a dependency

I added a support desk to LaraFoundry this week. The first commit in the slice removed a package instead of adding one. LaraFoundry is a reusable SaaS core for Laravel that I'm extracting in public from an older app of mine. Auth, multi-tenancy, roles, activity log, notifications, billing seam, and now support tickets. The rule for every module is the same: lift the proven idea out of the old code, modernise it, harden it, and make it something you can composer require into a fresh Laravel app without inheriting a pile of assumptions. Tickets is where that rule got interesting, because the old code didn't own its ticket model. It leaned on a third-party ticket library. Why a ticket package is wrong for a reusable core A third-party ticket package is a perfectly reasonable choice when you're building one app. You get tables, a model, a status enum and a UI scaffold for free. It's the wrong choice for a core that other apps install. Pull it into the core and every host app inherits that package's migrations, its table names, its status vocabulary and its idea of what a ticket is. The dependency becomes load-bearing in projects that never asked for it, and the day it lags a Laravel release, every downstream app waits. So I cut it (decision D-4.2-1 in my notes) and wrote the model by hand. The model is about 180 lines. There is no magic. Two tables, a uuid, a status, a couple of scopes. The diff against "depend on the package" was less code in the core, not more, because I only kept the behaviour I actually use. Here's the top of the model, with the extraction notes I leave for future me: /** * A support ticket: the channel between a host user and the platform operator. * * Extracted from the donor App\Models\Ticket, which sat on a third-party * ticket package. That dependency is cut: this is a self-contained model. * Categories and labels are JSON slug arrays driven by config, not pivot * tables. The dead assigned_to column and the donor's invalid-operator * query are

2026-06-08 原文 →
开源项目

🔥 danny-avila / LibreChat - Enhanced ChatGPT Clone: Features Agents, MCP, Skills, DeepSe

GitHub热门项目 | Enhanced ChatGPT Clone: Features Agents, MCP, Skills, DeepSeek, Anthropic, AWS, OpenAI, Responses API, Azure, Groq, o1, GPT-5, Mistral, OpenRouter, Vertex AI, Gemini, Artifacts, AI model switching, message search, Code Interpreter, langchain, DALL-E-3, OpenAPI Actions, Functions, Secure Multi-User Auth, Presets, open-source for self-hosting. Active | Stars: 38,631 | 139 stars today | 语言: TypeScript

2026-06-08 原文 →
开源项目

🔥 hmjz100 / LinkSwift - 一个基于 JavaScript 的网盘文件下载地址获取工具。基于【网盘直链下载助手】修改 ,支持 百度网盘 / 阿里云盘

GitHub热门项目 | 一个基于 JavaScript 的网盘文件下载地址获取工具。基于【网盘直链下载助手】修改 ,支持 百度网盘 / 阿里云盘 / 中国移动云盘 / 天翼云盘 / 迅雷云盘 / 夸克网盘 / UC网盘 / 123云盘 八大网盘 | Stars: 15,746 | 84 stars today | 语言: JavaScript

2026-06-08 原文 →