今日已更新 166 条资讯 | 累计 20138 条内容
关于我们

标签:#ens

找到 1396 篇相关文章

AI 资讯

Stop Triaging. Start Fixing. Introducing VigilOps

You've seen the alert. You've opened the PR. You've read the changelog. Then you realize: your code doesn't even call the vulnerable function. Every week. Hundreds of teams drowning in CVE notifications for packages sitting dormant in their node_modules — dependencies they pulled in years ago, bundled by a transitive library, and never actually executed. Meanwhile, the real vulnerabilities get buried. VigilOps is a free Node.js CLI that fixes this. How VigilOps Works VigilOps does three things: Scans dependencies against OSV.dev — the open vulnerability database used by GitHub, PyPI, and npm Runs static reachability analysis to filter out unreachable vulnerabilities (packages in your tree but never called by your code) Auto-opens a GitHub PR with the fix The result: you get one PR with one real vulnerability. Not a spreadsheet. Not a wall of Slack messages. A fix. Demo Here's a quick scan: npx vigilops scan examples/vigilops-demo-lodash And to see everything including suppressed (unreachable) deps: npx vigilops scan examples/vigilops-demo-express --all The --all flag shows what's in your dependency tree but not actually reachable from your code. That's what the noise looks like — and that's what VigilOps filters out. Why This Is Different Dependabot and Snyk scan your entire lockfile. They report every CVE in every package, regardless of whether your code ever touches the vulnerable surface. This creates alert fatigue that causes teams to eventually... stop reading. VigilOps inverts the model: only surface vulnerabilities in code you actually call. Dependabot: "Your project has 47 vulnerabilities" (but 40 are unreachable noise) VigilOps: "Your project has 1 reachable vulnerability. PR is ready." Quick Start npm install -g vigilops npx vigilops scan . Authenticate with GitHub: https://github.com/Vigilops/vigilops npx vigilops auth That's it. The first run will scan, analyze, and open a PR if there's a fixable reachable vulnerability. What's Included OSV.dev integrati

2026-07-10 原文 →
AI 资讯

I'm Building Claude Basecamp — an Open-Source OS for Everything Claude Code (and I Need Help)

Quick confession: this started as "let me stop babysitting my tests and just make them stay green," and it turned into something a lot bigger. I want to be upfront about where I'm actually trying to take it. I built Claude Basecamp, and as of today it's open source. The reconciliation loop (declare "tests always green," it holds that true) is the part you'll notice first, but it's not really the point. The point is I want this to become the operating system for everything you do with Claude Code, one place that knows about every repo, every session, every routine, every connector, every skill, and every mistake it's ever made, instead of all of that living scattered across terminal windows and dead transcripts. Right now it already covers a decent chunk of that: npx claude-basecamp No install, no config. It finds the projects Claude Code already knows about and opens at http://localhost:4747 . Standing checks , the reconciliation loop. "Tests always green," "dependencies current," "the README documents every CLI flag" — say it once, Basecamp keeps it true, dispatches a fix run when it drifts, and only bugs you for the decisions that actually need a human. Reflexes. It goes back through your old transcripts, finds every time you said "no, don't do that," and turns it into a standing memory that every Claude Code session on your machine checks before touching Bash, Write, or Edit. A mistake made once doesn't get to happen a third time. Session Rescue. Resumes the actual dead session, same session ID, full context, when Claude Code dies mid-task, instead of starting over from scratch. A manager for every repo you just talk to: "keep the tests green," "track this goal," "what's the state of this repo?" Plus routines, background runs, an activity feed, stats, GitHub issue and PR hooks, notifications, webhooks, and a one-click catalog for connectors and skills. That's where it is today. What I actually want it to become is the default place you open whenever you're workin

2026-07-10 原文 →
AI 资讯

Pure ReAct is expensive and fragile. Sparsi lowers costs and increases reliability.

If you’ve built AI applications in production recently, you’ve probably hit the "Agent Wall." You build a ReAct agent, give it 10 granular tools (search, extract, route, format), a massive system prompt, and tell it to go to work. It feels like magic...until you look at your latency metrics and token bills. Today’s agents act as interpreters. They re-derive the exact same routines from scratch on every single request . They embed massive tool schemas and reasoning histories into every loop. It's slow, it's incredibly token-hungry, and occasionally, they hallucinate tool calls, drop constraints, or get stuck in endless reasoning loops. In a production environment, even occasional errors can be critical failures that waste time and tokens. The problem isn't the ReAct pattern itself. The problem is that we are forcing the LLM to orchestrate low-level, predictable logic that should be deterministic code. We got tired of paying the "reasoning tax" for sub-routines that don't need it. So, we built Sparsi —a framework for shifting complex logic out of your ReAct agent's prompt and into deterministic "Macro-Tools" built as DAGs (Directed Acyclic Graphs). The Macro-Tool Pattern There are two ways to use Sparsi: as an end-to-end solution for a specific task, or to create higher-level tools that plug into your existing agents. The latter is where the magic happens. Instead of giving your ReAct agent 10 tiny, flaky tools and hoping it chains them correctly, you build one highly reliable, deterministic Sparsi DAG to handle that specific sub-routine. You then expose that DAG to your agent as a single Model Context Protocol (MCP) tool. The overall agent still drives the conversation, but it delegates the heavy lifting to a reliable macro-tool. We chose the DAG architecture for three main reasons: Deterministic & Testable: The graph is made of plain code. You only run AI where natural language understanding is strictly required. Parallel by Architecture: Independent branches run co

2026-07-10 原文 →
AI 资讯

Schola Interlingua: Free Software for Learning Interlingua IALA

Schola Interlingua: Free Software for Learning Interlingua IALA Schola Interlingua is a free, open-source platform for learning Interlingua IALA. A practical place to learn The platform is designed around an educational path that brings together lessons, readings, review tools, and progress tracking. Rather than treating learning as a single activity, Schola Interlingua supports a rhythm of studying, reading, reviewing, and returning to the material. Its focus is Interlingua IALA: a language with transparent vocabulary and morphology that rewards attention to structure and usage. Free software and accessible learning Schola Interlingua is developed as open-source software. Its code is available through the Schola Interlingua GitHub organization , making the project available for examination, collaboration, and continued improvement. The platform is available across devices, so learners can use the same educational materials and study tools in the settings that work for them. Explore Schola Interlingua Schola Interlingua website Source code on GitHub Schola Interlingua on the App Store Schola Interlingua on Google Play Chety, for Mandarin Chinese etymology and morphology Ian Blas is a developer based in Buenos Aires, Argentina, building educational software for Mandarin Chinese, Interlingua IALA, etymology, morphology, writing systems, and open-source language learning.

2026-07-10 原文 →
AI 资讯

I Open-Sourced Claude Basecamp — Come Help Me Build a Reconciliation Loop for Claude Code

Kubernetes changed infrastructure forever with one idea: you declare desired state, and the system continuously reconciles reality to match it. I wanted that for my codebase, so I built Claude Basecamp and I'm open-sourcing it today. If you're running Claude Code across more than one repo, I'd genuinely love for you to try it, break it, and help me build it out. Try it in one command npx claude-basecamp No install, no database, no config. It discovers the projects Claude Code already knows about and opens at http://localhost:4747 . Runs on macOS, Linux, and Windows. What it does Standing checks, the reconciliation loop. Declare what must always be true, and Basecamp holds it: tests always green -> runs your suite on a cadence; failures dispatch a fix run that commits dependencies current -> npm outdated; safe updates applied, majors escalated to you issue backlog triaged -> gh-powered labeling and stale-closing anything in plain English -> "the README documents every CLI flag" checked read-only, fixed on drift Checks run against deterministic local facts (your real test suite, real npm outdated) wherever possible, zero tokens spent checking. Drift launches a bounded, budgeted, approval-gated convergence run. Repeated failure escalates to a decision card on Home instead of retrying forever. Reflexes, an immune system for your AI. Basecamp mines every transcript for the moments you pushed back (interruptions, "no, don't", permission denials) and turns each into an antibody. Once armed, every Claude Code session on your machine consults that memory before every Bash/Write/Edit action, so a mistake made twice gets blocked machine-wide before it happens a third time. Session Rescue. Notices when a Claude Code session died mid-task and lets you resume the actual dead session, same session ID, full context, as a background run that finishes the job and commits. A persistent manager for every repo. Each project gets an agent with full Claude Code tools plus control over Bas

2026-07-10 原文 →
AI 资讯

Progress Bar Is Not an API

When a CLI becomes useful, someone eventually tries to automate it. That is where a progress bar can quietly become a problem. For a person, this kind of output is helpful: Translating markdown files 12/40 30% docs/intro.md It tells me that the command is alive, how far it has moved, and which file it is working on. But when another system starts reading that same output, the progress bar stops being only a user interface. It becomes an accidental contract. That was the real problem behind one of the changes in Co-op Translator v0.20.0. The release added a Rich-powered CLI progress UI, but it also added structured translation events. At first, those may look like two separate improvements. They are really two surfaces for the same state: Rich output gives a person something readable, while structured events give integrations something stable. This article is about three things: First, why console output is tempting to parse. Second, how Co-op Translator separated the Rich UI from the event stream. Third, why that separation matters for CLI, Python API, MCP, and product integrations such as Localizeflow. The problem appears when logs become state Console output is written for people. When I run a translation command, I want a quick answer to a few practical questions: Is the command still running? Which stage is active? Which file is being processed? How much work is left? Did anything fail? A progress bar is good for that. It compresses the state of the run into something I can scan quickly. But a product integration needs a different kind of information. Imagine Localizeflow running Co-op Translator as part of a larger workflow. It does not only need to know that text was printed. It needs durable state: Which translation job started Which target language is active Which stage is running Which file completed Which file failed How many items are done Whether the run succeeded If all of that only exists inside console text, the integration has to parse human language

2026-07-10 原文 →
AI 资讯

I tracked every trending AI repo's stars daily for 3 weeks. The growth is not where I expected

I run a small AI trends site, and three weeks ago I started doing something simple: every day, snapshot the star count of every repo that crosses my GitHub trending scan for AI. No judgment, no curation, just append-only rows in a database. 611 repos and 2,671 data points later (June 19 to July 10), the picture of what's actually growing looks pretty different from what my feeds told me was hot. Here's what the data says. Before publishing this I re-checked every number below against GitHub's live API. Star counts drift by the hour, so treat them as of July 10. The top 10 risers, by raw stars gained Repo Gained Window From → To calesthio/OpenMontage +30,253 21 days 5,899 → 36,152 DeusData/codebase-memory-mcp +20,483 19 days 7,516 → 27,999 mattpocock/skills +19,053 15 days 137,485 → 156,538 obra/superpowers +16,887 20 days 232,908 → 249,795 NousResearch/hermes-agent +14,896 21 days 197,297 → 212,193 Panniantong/Agent-Reach +14,334 14 days 34,780 → 49,114 usestrix/strix +13,243 12 days 26,363 → 39,606 addyosmani/agent-skills +12,685 21 days 63,156 → 75,841 asgeirtj/system_prompts_leaks +11,720 21 days 43,415 → 55,135 msitarzewski/agency-agents +11,055 10 days 118,241 → 129,296 Windows differ because I only hold snapshots for the days a repo appeared in my scan; each row states its own real window. Three things in this data genuinely surprised me. 1. "Skills" are eating agent frameworks Four of the top ten are not agent frameworks. They are collections of packaged expertise that plug into an existing agent: obra/superpowers (still compounding at roughly 840 stars a day on a 250k base), mattpocock/skills, addyosmani/agent-skills, msitarzewski/agency-agents. A year ago this table would have been full of new frameworks. Now the framework layer looks settled and the growth is in what you load INTO the agent. The moat moved from orchestration code to encoded judgment. 2. The sharpest climbs are applications, not infrastructure The steepest sustained climb from a newcomer in

2026-07-10 原文 →
AI 资讯

Building Educational Software for Mandarin Chinese and Interlingua IALA

Building Educational Software for Mandarin Chinese and Interlingua IALA Language-learning software is most useful when it makes structure visible. I’m Ian Blas, a developer based in Buenos Aires, Argentina, and I build educational tools around Mandarin Chinese, Interlingua IALA, etymology, morphology, writing systems, and open-source language learning. Two projects, one educational approach My work currently takes two complementary forms. Chety is an educational app for Mandarin Chinese. It approaches characters and words through their structure, etymology, morphology, historical development, and use in context. Schola Interlingua is a free, open-source learning platform for Interlingua IALA. It brings together lessons, readings, review tools, and progress-oriented study on multiple platforms. The languages are different, but the design question is similar: how can software help a learner notice the patterns that make a language readable and memorable? Learning through structure For Mandarin Chinese, a character is not only a unit to memorize. It can open a path into components, historical forms, pronunciation, word formation, and reading. That perspective guides Chety’s tools for exploring characters and vocabulary. For Interlingua IALA, the focus shifts toward transparent vocabulary, reading, morphology, and sustained practice. Schola Interlingua is designed to make that learning path approachable without separating learners from the materials and tools that support it. In both projects, the goal is practical: make language learning more legible. Etymology and morphology are useful when they give learners better ways to connect forms, meanings, and usage. An open educational practice I care about software that can be examined, shared, and improved. Schola Interlingua’s development is available through its GitHub repository , and my broader work can be found on GitHub . I also write and share updates through Medium and Substack . Explore the projects Chety — Chines

2026-07-10 原文 →
AI 资讯

CubeSandbox: Tencent Cloud Open-Sources an Ultra-Fast Secure Sandbox for AI Agents

Sandboxing Untrusted Code: Meet CubeSandbox As AI agents become capable of writing, compiling, and running code dynamically, a major security issue has surfaced: how to run this code safely . If a coding agent runs a malicious script or makes an error, it could access files on the host computer or break the entire server. Standard software containers are not always secure enough to prevent escape. CubeSandbox is an open-source, high-performance sandbox service designed specifically to solve this problem. Developed by Tencent Cloud and written in Rust, it provides isolated, secure, and ultra-fast environments for running code generated by AI. What is CubeSandbox? CubeSandbox is a lightweight virtualization system. It spins up a tiny, isolated "virtual machine" for each AI agent task. This ensures that the code runs inside its own virtual bubble, completely separated from the main server. Key Features 1. Hardware-Level Isolation Unlike standard Docker containers that share the same kernel, CubeSandbox uses KVM (Kernel-based Virtual Machine) and RustVMM to give each sandbox its own dedicated Guest OS kernel. This prevents untrusted code from breaking out of the container and accessing your primary server. 2. Under 60ms Cold Starts Traditional virtual machines take seconds to boot. CubeSandbox starts in under 60 milliseconds . This speed is crucial for real-time AI agents that need to execute code instantly. 3. High Density (Low Memory) Each sandbox instance has a memory overhead of less than 5MB . This allows developers to run thousands of concurrent, fully isolated sandboxes on a single physical machine without running out of RAM. 4. Drop-in E2B Replacement For developers currently using E2B (the popular cloud sandboxing SDK), CubeSandbox is fully API-compatible. You can migrate your setup to local hosting by simply changing an environment variable, saving you massive cloud subscription fees. How to Get Started Developers can deploy CubeSandbox locally or in a cluster

2026-07-10 原文 →
AI 资讯

Ingeniería de Datos aplicada a la Biodescodificación: Presentando Bio-Mapping Engine 🧬

Ingeniería de Datos aplicada a la Biodescodificación: Presentando Bio-Mapping Engine 🧬 ¿Es posible aplicar ingeniería de datos de alta fidelidad a campos de conocimiento no estructurados? La respuesta es un rotundo sí. Hoy quiero presentarles Bio-Mapping Engine , un framework diseñado para resolver un problema clásico de la extracción de información: convertir literatura densa y desorganizada en una base de conocimientos semántica, estructurada y totalmente navegable. El Problema: El caos de la información no estructurada En campos como la Biodescodificación , la información suele residir en libros o archivos PDF donde los conceptos (síntomas, emociones, zonas anatómicas) están entrelazados de forma narrativa. Para un investigador o un desarrollador de herramientas de salud alternativa, extraer relaciones precisas entre un síntoma físico y su conflicto emocional mediante métodos tradicionales es una tarea manual, lenta y extremadamente propensa a errores. La Solución: Bio-Mapping Engine Bio-Mapping Engine no es un simple scraper . Es un motor de segmentación semántica y mapeo topológico. Su propósito es transformar un PDF bruto en un grafo de conocimiento estructurado en formato JSON, permitiendo realizar consultas multidimensionales con precisión quirúrgica. 🚀 Características Principales Segmentación Semántica Avanzada: Implementa un parsing topológico que distingue inteligentemente entre encabezados de síntomas, contenido emocional y el "ruido" estructural (como índices o números de página). Mapeo Relacional Multidimensional: Realiza una extracción de alta fidelidad a través de tres vectores fundamentales: Síntomas Canónicos: Estandarización de la nomenclatura de síntomas y condiciones. Jerarquía Anatómica: Mapeo inteligente que escala desde Sistemas $\rightarrow$ Regiones $\rightarrow$ Órganos. Arquetipos Emocionales: Extracción estructurada de modelos mentales y conflictos (ej. "Causa probable" , "Bloqueo emocional" ). Consultas Multi-Eje (CLI): Una potente inte

2026-07-10 原文 →
AI 资讯

Our Journey to GSSoC 2026: Omnikon's Repository Has Been Selected! 🎉

Open source has always been at the heart of what we do at Omnikon. Today, we're excited to share a milestone that means a lot to our entire community. Our repository, maintained by Sourabh, has been officially selected for GirlScript Summer of Code (GSSoC) 2026. For us, this isn't just another achievement—it's a step toward building a stronger open-source ecosystem where students and developers can learn, collaborate, and create meaningful software together. About Omnikon Omnikon is a student-led open-source organization focused on building high-quality developer tools, educational resources, and community-driven projects. Our mission is simple: Build impactful open-source software. Help new contributors get started. Create projects that solve real problems. Foster a welcoming developer community. Every repository we build is designed with collaboration in mind, making it easier for contributors of all experience levels to participate. What GSSoC Means GirlScript Summer of Code is one of India's largest open-source programs. Every year, thousands of contributors participate by solving issues, improving documentation, fixing bugs, and implementing new features across selected repositories. Being selected means our project will become part of this collaborative ecosystem, giving contributors an opportunity to make meaningful contributions while learning industry-standard development workflows. A Special Thanks This achievement wouldn't have been possible without Sourabh, who maintained and prepared the repository throughout the selection process. A huge thank you to everyone who contributed ideas, reviewed code, reported issues, improved documentation, and supported the project. Open source is never the work of one person—it grows because of a community. What's Next? We're preparing the repository for contributors by: Organizing beginner-friendly issues. Improving documentation. Creating contribution guides. Enhancing project structure. Mentoring new contributors thro

2026-07-10 原文 →
AI 资讯

Control before, proof after: an accountability primitive for AI agents

There's a pattern I kept seeing. A team gives an agent real capability, like moving money, shipping a change, or resolving a ticket that touches a customer's account. For a while it's great. Then the agent does one thing nobody can explain or defend after the fact, and the entire program snaps back to a human clicking approve on everything. The blocker was almost never the model. It was that there was no clean way to do two things at once. You couldn't bound what the agent was allowed to do before it acted, and you couldn't prove what it did after, in a form that survives contact with an auditor, a regulator, or a customer dispute. You can assemble that from parts today. Use a policy engine to authorize, and an audit log to record. The problem is they're two systems, and two systems drift. Six months later, when someone is actually asking "was this action allowed, and can you prove it," the policy engine and the log disagree about what the policy even was at the time. Now you're reconstructing intent from two sources that were never the same object. That's the gap. Not authorization by itself, and not observability by itself. The thing that authorizes an action and the thing that proves it should be the same object, bound to the exact policy version in force when the decision was made. The primitive Two verbs, one primitive. Control before. You mint a capability, which is a policy scoped to one agent: a spend cap, a counterparty allowlist, an expiry, whatever the action needs. Every consequential action the agent takes gets checked against the committed policy state and returns an allow or deny in the request path. An over-budget or out-of-policy action is refused before it happens, not flagged after. Refused is the operative word. The enforcement point commits no state change for a denied action, no matter how the agent reasons, how it's prompted, or whether it's been compromised. You've turned unbounded irreversible harm into bounded irreversible harm. Prove after

2026-07-10 原文 →
AI 资讯

I built a CLI to drive every AI coding agent from one interface

TLDR; I got tired of babysitting N terminal tabs of five different coding-agent CLIs. So I built agentproto — one daemon that drives Claude Code, Codex, Hermes, opencode, and Mastra through the same lifecycle, and actually supervises them. Why I built a daemon to drive every AI coding agent from one interface I have a confession: at any given moment I have Claude Code, Codex, and Hermes running in parallel terminal tabs, and I cannot remember which flag spawns which, which one eats --prompt , which one needs --cwd vs cd , and which one will hang forever if I close the laptop lid. simonw described the feeling on Hacker News recently — "Today I have Claude Code and Codex CLI and Codex Web running, often in parallel" — and called it a real jump in cognitive load compared to a year ago. aantix asked, also on HN: "how does everyone visually organize the multiple terminal tabs open for these numerous agents in various states?" I didn't have a good answer. So I built one. It's called agentproto . It is one daemon and one CLI that drives any coding-agent CLI — Claude Code, Codex, Hermes, opencode, Mastra, and a few more — through the same start / prompt / monitor / kill lifecycle, so you stop memorizing five different CLIs. On top of that lifecycle it adds the supervision layer people keep hand-rolling by hand: durable policy gates, nested orchestration, and multiplexed fan-in monitoring. MIT, no paid tier, the daemon itself is an MCP server. This is the story of why it exists. The hand-rolled watchdog The sharpest signal while I was building this came from other people independently re-inventing the same primitives in tmux scripts. On r/ClaudeAI, Confident_Chest5567 posted a writeup of orchestrating agents via tmux panes with a watchdog that resets dead sessions — "a swarm of agents that can keep themselves alive indefinitely." In the same thread, IssueConnect7471 (18 upvotes) described wiring a Redis pub/sub heartbeat plus dead-letter respawn between tmux panes, and arriv

2026-07-09 原文 →
AI 资讯

Dev Log: 2026-07-09 — one source of truth, three times over

TL;DR Three unrelated repos, one recurring theme: derive from a single source of truth instead of duplicating it. Shipped a registry-driven sidebar section switcher (public), converged a multi-system password flow, and pushed on a customer-data identity engine. Details on the first two live in their own posts today. 1. Registry-driven sidebar switcher (public) Added a section switcher to the kickoff starter kit. The sidebar, the switcher, and breadcrumbs all read the same config/menu.php list, and the active section is picked by longest URL-prefix match — so a detail page like /admin/roles/42/edit keeps its parent selected. Full write-up in the focused post. 2. One canonical password flow Converged two apps that each rolled their own password-change/reset logic onto a single shared engine, with a fixed order (directory → external DB → local app) and no config-toggle to skip backends. A password that syncs to some systems is worse than one that fails outright, so partial success is now impossible by construction. Also fixed a subtle status bug — an unreachable backend reports skipped (a runtime fact), not disabled (a config state that no longer exists) — and added an audit log so "did it sync?" is a query, not a guess. Separate post today goes deeper. 3. Identity resolution engine (customer data work) Steady progress on a CDP-style identity layer: an idempotent, header-versioned ingest endpoint that queues incoming records, then a resolution engine that can resolve, merge, unmerge, and quarantine profiles. Two things I care about here: PII handling: sensitive identifiers are encrypted at rest with a blind index for lookups, and masked in audit trails — you can search on a value without storing it in the clear. Right-to-erasure: an erasure cascade plus an erasure log, so a deletion request actually propagates and leaves a defensible record that it did. ingest -> queue -> resolve -> profile | +-> merge / unmerge / quarantine No code from this one here — it's teaching t

2026-07-09 原文 →