今日已更新 412 条资讯 | 累计 19972 条内容
关于我们

标签:#mcp

找到 134 篇相关文章

AI 资讯

My MCP Server Only Talks to APIs I Trust. That Doesn't Mean the Data Coming Back Is Trustworthy.

I built a small MCP server a while back — developer-presence , seven tools wrapping the GitHub REST API and the DEV.to API so an agent can check my repo stats, list my articles, or draft a new post without me leaving the chat. It's mine, I wrote every line, there's no third-party package doing anything sketchy under the hood. By the usual "vet your MCP servers before installing them" checklist, it passes clean. I've written that checklist article before. What I hadn't thought carefully about until recently is that vetting the server doesn't vet the data. Two of its tools go straight to the point: @mcp.tool () def get_repo_stats ( repo : str ) -> dict : """ Get stars, forks, watchers, open issues for enjoykumawat/<repo>. """ r = _gh ( f " /repos/ { GITHUB_USERNAME } / { repo } " ) return { " name " : r [ " name " ], " stars " : r [ " stargazers_count " ], " forks " : r [ " forks_count " ], " watchers " : r [ " watchers_count " ], " open_issues " : r [ " open_issues_count " ], " language " : r . get ( " language " ), " description " : r . get ( " description " ), } description is free text. Any repo owner can put anything in it. If I ever point this tool at a repo I don't control — someone else's fork, a dependency, anything — that field lands in my agent's context exactly the same way a trusted instruction would: as text in a tool result, with no marker distinguishing "this came from GitHub's database, unfiltered" from "this is something I told the agent to do." The server is safe. The channel is safe. The payload was never vetted at all, because there was nothing to vet — it's just whatever a stranger typed into a form. I only really felt this because of a task I run on a schedule: check dev.to for trending posts in a few tags, score them, and use the highest scorers as source material for what to write about next. Step one of that job is a loop over tag pages: for tag in [ " ai " , " llm " , " mcp " , " claudecode " , " agents " , " productivity " ]: url = f " http

2026-07-15 原文 →
AI 资讯

Can Claude Analyze My Portfolio?

If Claude can already search the web, read a 10-K, and explain what a rate cut does to long-duration equities, the fair question is why you would connect anything to it at all. It is the right question, and the honest answer is that for a large class of questions you should not. Raw Claude is enough. The gap is narrower and sharper than "Claude does not know finance." Claude knows finance. What it does not know is you. What raw Claude already does well Be clear about this before the sales pitch, because pretending otherwise would insult anyone who has actually used it. Claude with web search will look up a current quote, summarize an earnings call, explain a valuation multiple, walk you through how a Monte Carlo simulation works, and reason about a macro scenario better than most of the commentary you would read instead. If your question is about the world, and not about your own balance sheet, a connector adds nothing. Ask Claude directly. The trouble starts the moment the answer depends on what you actually own. Four things that break when the question is about your money 1. It starts from zero every time A chat has no memory of your holdings. You can paste them in, and many people do, and it works for exactly one conversation. There is no cost basis, no purchase date, no daily snapshot series behind it. So "how concentrated am I really", "what is my realized gain this year", and "how correlated are my top five positions over the last 90 days" are not questions it can answer. It can only answer them about the numbers you re-typed, this once, from memory. 2. The same question gives a different answer twice LLM inference is not deterministic, and it is not deterministic even at temperature zero. Thinking Machines Lab traced the cause to batch-invariance in inference kernels: the batch your request lands in varies with server load, so the arithmetic varies with it. They fixed it in a research setting and got 1,000 bitwise-identical runs, which tells you how much engi

2026-07-15 原文 →
AI 资讯

Bothread: A Free, Local Room Where Your AI Coding Agents Stop Overwriting Each Other

If you've run more than one AI coding agent on the same project, you already know the failure mode. You point Claude Code at /src/game and Cursor at /src/ui "just to be safe," and twenty minutes later one of them has quietly rewritten a file the other was mid-edit on. No error, no warning — just a diff that makes no sense and an afternoon spent figuring out which agent ate whose work. The agents aren't the problem. The problem is that multiple AI coding agents on the same codebase have no shared notion of "someone else is touching this file right now." Each one acts as if it's alone, and that assumption breaks the moment you run two, three, or four in parallel — exactly when a solo builder or vibe-coder would want to, to ship faster. I built Bothread to fix this. It's free, open-source, and runs entirely on your own machine. Why AI Coding Agents Overwrite Each Other's Files The core issue is coordination, not intelligence. One agent working alone is usually fine. Trouble starts when a second agent, unaware of the first, opens that same file and writes its own version on top. Whoever saves last wins, silently — no lock, no claim, no message saying "I'm in physics.js , give me five minutes." Multiply that by however many agents you're running and you get the pattern anyone doing multi-agent AI coding eventually hits: duplicated work, clobbered edits, and a human reconstructing what happened after the fact instead of watching it happen. Bothread's answer: give the agents a shared room, over MCP (Model Context Protocol) , where "who's working on what" is a fact everyone can see and act on — not something you guess at after a merge conflict. What Bothread Actually Does Bothread is a small local server (no cloud, no accounts) that any MCP-compatible agent can join as a participant in a shared room: Claim files before editing — a claim on a file someone else already holds gets denied and shown, instead of silently overwritten. Talk in a live thread , share a task board and

2026-07-14 原文 →
AI 资讯

The Right Way to Start Claude Code on an AWS Project

You know the drill for adding an MCP server to a project: dig the exact command string out of the docs, hand-write a .mcp.json with an absolute path you'll typo once, restart the editor, and discover no tools showed up because the server expected a config file you haven't created yet. Plenty of MCP servers lose their would-be users somewhere inside that loop. Infrawise collapses the whole loop into one command. It's an open-source tool ( npm ) that statically analyzes your codebase, AWS infrastructure, and database schemas, then exposes that context to AI coding assistants over MCP — so Claude Code knows your actual partition keys, GSIs, and indexes instead of guessing from source files. This post is about the part that usually kills tools like this before they deliver any value: setup. Section 1: One command, four steps npm install -g infrawise # or skip install and use npx cd your-project infrawise start --claude start does four things, in order: 1. Probes your environment. If there's no infrawise.yaml in the project, it generates one. It reads AWS_PROFILE if set; otherwise it looks at your configured AWS profiles — one profile means zero questions, several means one prompt asking which to use. That's the entire interview. (If you want the full guided wizard instead, infrawise start --interactive runs it.) 2. Runs the analysis. It scans your AWS services, database schemas, and codebase, builds a graph of services, tables, indexes, and query patterns, and runs rule-based analyzers over it. No LLM is involved in this step — extraction and analysis are deterministic, so the same infrastructure always produces the same graph. 3. Writes .mcp.json to your project root. This is the file you'd otherwise write by hand: { "mcpServers" : { "infrawise" : { "command" : "infrawise" , "args" : [ "serve" , "--stdio" , "--config" , "/absolute/path/to/infrawise.yaml" ] } } } 4. Opens Claude Code. Claude Code reads .mcp.json automatically and starts the session with all 21 infrawise

2026-07-14 原文 →
AI 资讯

My MCP Server Kept Crashing. Here's the Error Recovery Pattern That Saved It.

I spent three days wondering why my MCP server would just... stop. No crash logs. No error messages. Clients connected fine, then after a few hours, every tool call returned silence. Turns out the Model Context Protocol (MCP) spec doesn't force you to handle errors — it assumes you will. But the reference implementations are minimal. Your server starts healthy, then bit by bit, things go wrong. A network blip. A malformed tool argument. An external API timeout. And suddenly your AI agent is staring at a blank response. Here's the pattern I ended up with. It's not clever. It just works. The Fix Start with a wrapper around your tool handlers. Every MCP server framework has some kind of tool registration — this works for the official Python SDK, the TypeScript SDK, and most community frameworks: from mcp.server import Server from mcp.types import ErrorData , INTERNAL_ERROR , INVALID_PARAMS import traceback import json class ResilientMCPServer ( Server ): """ An MCP server that doesn ' t silently die. """ async def call_tool ( self , name : str , arguments : dict ): try : result = await super (). call_tool ( name , arguments ) return result except ( ConnectionError , TimeoutError ) as e : # Network-level issues — reconnect and retry self . _reconnect () return self . _error_response ( f " Connection lost while executing { name } : { e } " ) except ValueError as e : # Bad arguments from the client — tell them clearly return self . _error_response ( f " Invalid arguments for { name } : { e } " , code = INVALID_PARAMS ) except Exception as e : # Everything else — log, don't crash traceback . print_exc () return self . _error_response ( f " Tool { name } failed: { e } " , code = INTERNAL_ERROR ) def _error_response ( self , message : str , code : int = INTERNAL_ERROR ): return { " content " : [{ " type " : " text " , " text " : f " ERROR: { message } " }], " isError " : True } def _reconnect ( self ): """ Reset transport layer without restarting the server. """ # Your recon

2026-07-14 原文 →
AI 资讯

GPT-5.6 MCP: Testing Servers With Sol, Terra & Luna

📖 TL;DR GPT-5.6 shipped July 9, 2026 in three tiers Sol (flagship), Terra (balanced), and Luna (cheapest) all tuned for agentic tool calling. All three share a 1M-token context window , 128K max output, and native MCP support in the Responses API. Test any MCP server against Sol, Terra, or Luna in MCP Agent Studio — pick the model, connect a server, and watch each tool call live. OpenAI dropped GPT-5.6 on July 9, 2026 - and this one is aimed squarely at agents. Three models landed at once: Sol , Terra , and Luna . Each is built to call tools, not just chat . That makes testing MCP servers with GPT-5.6 a different exercise than testing a plain chat model. Tool selection is the whole game. I have spent this week pointing all three at MCP servers GitHub, Postgres, Playwright, and multi-server setups. This post is what I learned. You will see which tier to run for which workload , how the new tool-calling features change MCP, and how to test each one free in your browser. Skip it and you will overpay for Sol on jobs Luna handles fine. What Is GPT-5.6? Sol, Terra, and Luna Explained GPT-5.6 is a three-tier model family, not a single model. OpenAI split it by cost and horsepower so you match the model to the job. Here is the lineup, straight from OpenAI's pricing page: Model Built for Input / Output (per 1M) GPT-5.6 Sol Flagship — ambitious agentic work $5.00 / $30.00 GPT-5.6 Terra Balanced — efficient, high-volume work $2.50 / $15.00 GPT-5.6 Luna Fast, affordable — everyday work $1.00 / $6.00 The specs are shared across all three. Every tier gets a 1M-token context window, 128K max output, and a February 16, 2026 knowledge cutoff. So the choice is not about context or capability limits. It is about how much reasoning each task actually needs. New to the protocol these models call? Start with what is Model Context Protocol , then come back. Why GPT-5.6 Changes MCP Tool Calling Here is the part that matters for MCP. GPT-5.6 does not just call tools one at a time it can orc

2026-07-14 原文 →
AI 资讯

Stop writing Anthropic API wrappers and start using MCP

I spent the better part of the last decade writing enough boilerplate code to regret it. In the early PHP days, it was FTPing files; in the modern era, it's writing custom Python scripts just to check if a new Claude model is out or to see if my prompt is going to blow my budget on tokens. We have reached a point where we are building 'agentic workflows,' yet the first thing every developer does when they want an agent to interact with Anthropic is write an API wrapper. It's redundant work. If you're using Claude in Cursor or Claude Desktop, the model should be able to talk to its own source. The Anthropic MCP server changes this by turning the Messages API into a set of tools rather than a separate integration task. It turns your AI agent into an orchestration layer for the API itself. The problem with 'Just use the API' When you're building with LLMs, there's a hidden tax: context management and cost uncertainty. You send a prompt, it works. You send a slightly larger one, it hits a context limit or costs three times what you expected. If your agent has access to the count_tokens tool via MCP, the workflow changes fundamentally. Instead of blindly sending massive payloads and praying to the provider gods, the agent can 'pre-flight' a prompt. It can look at the messages array, calculate the input token count, and decide—without human intervention—whether it needs to truncate context or if it's safe to proceed. This isn't just about convenience; it's about building reliable, autonomous systems that don't fail halfway through a complex reasoning task because they hit a hard limit. Managing the heavy lifting: Batching as a first-class citizen The most underrated tool in this set is create_batch_message . If you've worked with Anthropic's batch API, you know it’s the only way to handle high-volume, independent requests without destroying your budget. It's 50% cheaper than standard requests. But managing batches traditionally is a pain in the neck. You have to submit th

2026-07-14 原文 →
AI 资讯

The AI Skill Registry at 5,776: A Deep Dive into Reusable Modules for Code Review, Terraform, and Database Migrations

The AI Skill Registry at 5,776: A Deep Dive into Reusable Modules for Code Review, Terraform, and Database Migrations TormentNexus’ skill registry has surpassed 5,776 reusable modules. This post dissects three high-impact skill categories—code review, Terraform generation, and database migration—with real code examples, performance metrics, and architectural constraints. Learn how to leverage these modules to accelerate development pipelines. From Silos to Synergy: Why 5,776 Skills Matter In late 2023, TormentNexus crossed the 5,000-module threshold. As of February 2025, we’re at 5,776 verified, runnable AI skills—each one a `SKILL.md`-defined unit that maps to a specific task, parameter set, and output schema. The registry isn’t a flat list; it’s a dependency graph where skills chain together. For example, a `terraform-generate` skill calls a `code-review` skill internally to validate the generated HCL before output. This modular architecture means a single prompt can sequence up to 3.2 skills on average (median depth: 2), with a measured 94% success rate for execution with no human intervention. The registry spans 37 domains, from frontend component generation to Kubernetes manifests. The top three categories—code review, infrastructure as code, and database operations—account for 1,308 skills collectively. Each skill is stored as a JSON schema in the registry, with an average execution latency of 1.42 seconds (GPU-accelerated, single A100). Let’s examine three representative modules in detail. // Metadata from an actual registered skill: code-review-python v2.1 { "name": "code-review-python", "registryID": "SKI-PYTHON-REVIEW-1729", "version": "2.1", "outputSchema": { "type": "object", "properties": { "issues": { "type": "array", "items": { "$ref": "#/definitions/Issue" } }, "complexityScore": { "type": "number", "minimum": 0, "maximum": 100 }, "refactoredSnippet": { "type": "string" } }, "required": ["issues", "complexityScore"] }, "defaultPromptTemplate": "Revie

2026-07-13 原文 →
AI 资讯

Real-Time AI Observability: Dashboards That Show Actual Database Rows

Real-Time AI Observability: Dashboards That Show Actual Database Rows Discover how TormentNexus shatters the status quo by rendering real SQLite rows in your agent monitoring dashboards—no mock data, no synthetic graphs. Learn why live database visibility is the cornerstone of effective debugging AI workflows and how our real-time dashboard exposes every query, state, and anomaly as it happens. Why Mock Data Undermines Debugging AI Every developer has experienced the disconnect: a polished dashboard displays smooth latency curves and flawless agent trajectories, yet the underlying system is silently generating corrupted embeddings or leaking PII into production logs. Traditional observability platforms—Datadog, Grafana, New Relic—aggregate metrics into averages, percentiles, and precomputed time series. They intentionally discard raw row-level data to conserve storage and processing. This works fine for server uptime or HTTP status codes, but for AI agent monitoring, it’s a catastrophic abstraction. Consider a LangGraph agent processing user queries against a SQLite knowledge base. A mock-data dashboard would show "3,200 rows processed per minute" and "95% query success rate." But what if 12% of those "successful" queries return stale or hallucinated responses because a background thread silently reindexed tables without updating vector hashes? With aggregate metrics alone, you’d never know. You’d see a green status indicator while your AI feeds garbage to users. That’s the reality of debugging AI without raw row visibility. TormentNexus solves this by exposing every INSERT, UPDATE, and DELETE that occurs within your SQLite databases—in real time. Our real-time dashboard doesn’t poll for snapshots. It streams row-level mutations directly from WAL (Write-Ahead Log) files, giving you the exact data your agents are producing, not a statistically smoothed version. How TormentNexus Streams Live Database Rows Under the hood, TormentNexus leverages SQLite’s built-in replic

2026-07-13 原文 →
AI 资讯

MCP Protocol Deep-Dive: How Tool Discovery Actually Works Under the Hood

MCP Protocol Deep-Dive: How Tool Discovery Actually Works Under the Hood Uncover the mechanics of Model Context Protocol (MCP) tool discovery—from JSON-RPC handshake to progressive injection. A technical walkthrough of capability negotiation and dynamic endpoint enumeration with real code examples and traffic flow analysis. The Handshake That Sets the Stage: JSON-RPC Initiation Tool discovery in MCP doesn't start with a simple “list tools” call. It begins with a structured JSON-RPC 2.0 handshake that negotiates protocol version, transport layer, and supported extensions. The client (e.g., an agent or IDE) sends an initialize request with its capabilities object, including fields like supportsToolDiscovery and maxToolCount . The server responds with its own capabilities, and only after this mutual agreement does the real enumeration begin. Real-world implementations—like those in the official MCP SDKs—use a ClientCapabilities struct that flags whether the client can handle dynamic tool lists, streaming updates, or batch discovery. For instance, a lightweight edge agent might set supportsToolDiscovery: false , forcing the server to pre-bundle tools into the initial handshake, while a full-featured IDE sends supportsToolDiscovery: true with a maxToolCount: 50 to throttle large tool registries. // Example initialize request (client → server) { "jsonrpc": "2.0", "id": 1, "method": "initialize", "params": { "protocolVersion": "2024-11-05", "capabilities": { "supportsToolDiscovery": true, "maxToolCount": 50, "supportsStreaming": false } } } The server responds with its own capabilities—advertising tool discovery endpoints, supported JSON-RPC methods, and any custom extensions. This two-way handshake ensures both sides speak the same dialect before a single tool name is exchanged. Tool Enumeration: Beyond the “listTools” Metho Once handshaken, the client issues a tools/list call—but the real depth lies in pagination and chunking. A production MCP server with hundreds of too

2026-07-13 原文 →
AI 资讯

Beyond Synchronous Hell: Why Your Multi-Agent System Needs an Event-Driven Backbone

Beyond Synchronous Hell: Why Your Multi-Agent System Needs an Event-Driven Backbone Explore how event-driven architecture (EDA) transforms multi-agent coordination. Learn to build a Pub/Sub backbone where Planner, Implementer, and Critic agents stay synchronized without blocking—using the Swarm event bus for async AI patterns in production. The Synchronization Crisis in Multi-Agent Systems Every developer who has scaled a multi-agent system beyond two agents has hit the same wall: synchronous calls create deadlocks, timeouts, and cascading failures. Imagine a Planner agent dispatching tasks to five Implementer agents while a Critic agent evaluates output in parallel. In a naive request-response system, the Planner blocks until every Implementer returns—and the Critic can't even start until the Planner finishes its orchestration loop. Latency compounds, memory pressure spikes, and a single slow agent halts the entire pipeline. In production benchmarks at TormentNexus, we observed that synchronous coordination between just three agents increased end-to-end latency by 340% compared to an event-driven equivalent. The root cause? The Planner spent 78% of its time waiting on I/O—listening for responses instead of doing actual work. This is where event-driven AI (EDA) becomes not just an optimization, but a necessity. The Pub/Sub Pattern: Decoupling Agents with an Event Bus Event-driven architecture inverts the control flow. Instead of one agent calling another, agents publish events onto a shared bus (the Swarm event bus) and subscribe to the events they care about. The Planner doesn't wait—it emits a "TaskAssigned" event and immediately moves on to the next task. Implementer agents pick up tasks asynchronously, and the Critic monitors a "TaskCompleted" stream without ever polling the Planner. // Example: Swarm event bus subscription for a Critic agent const eventBus = new SwarmEventBus(); eventBus.subscribe('TaskCompleted', async (event) => { const { taskId, implementati

2026-07-13 原文 →
AI 资讯

How DoorDash Built an AI Shopping Assistant That Doesn’t Rely on the LLM Alone

DoorDash details the architecture behind Ask DoorDash, its AI-powered conversational shopping assistant, combining LLMs, specialized AI agents, MCP-based tooling, and an intelligence layer with persistent consumer memory and live backend data. Early results show up to 24% higher checkout conversion, 17% larger baskets, and improved intent accuracy using memory-backed sessions. By Leela Kumili

2026-07-13 原文 →
AI 资讯

MCP Series (05): Resources and Prompts Deep Dive — Dynamic Data, Parameterized URIs, and Multi-Turn Templates

Resources vs Tools The split: Tools → actions the LLM executes (verbs) LLM decides when to call; calls may have side effects Examples: create_issue, update_status Resources → data the LLM reads (nouns) Host decides when to inject; read-only, no side effects Examples: current Sprint status, project statistics The rule: "reading a state" → Resource. "Executing an operation" → Tool. The same data can have both: get_issue as a Tool (LLM controls when to call it), jira://issue/PROJ-101 as a Resource (Host injects automatically when relevant). Pattern 1: Dynamic Resources A static Resource returns the same data every time (like a project list). A dynamic Resource returns the current state on each read — content changes as the underlying data changes. Sprint status: every read returns live data _sprint_progress_pct = 65 @server.read_resource () async def read_resource ( uri : str ) -> str : if str ( uri ) == " jira://sprint/current " : global _sprint_progress_pct _sprint_progress_pct = min ( 100 , _sprint_progress_pct + random . randint ( 0 , 3 )) return json . dumps ({ " sprint_name " : " Sprint 42 " , " progress_pct " : _sprint_progress_pct , # ← different each time " last_updated " : datetime . now ( timezone . utc ). isoformat (), # ← timestamp changes " days_remaining " : 5 , " p0_open " : count_p0_open (), # ← tracks live state }, indent = 2 ) Test output: Read 1: progress=65% last_updated=...62+00:00 Read 2: progress=67% last_updated=...04+00:00 → ✓ data changed between reads Hardcoding sprint progress in a Prompt means the LLM works from a stale snapshot. A Dynamic Resource gives it the current number on every read. Mark the Resource as dynamic in its description so the LLM knows to re-read when it needs fresh data: Resource ( uri = " jira://sprint/current " , description = ( " Live status of the active sprint: progress, issue counts. " " Read when the user asks about sprint health. " " Re-read if you need up-to-date data — content changes over time. " # ↑ explicit

2026-07-13 原文 →
AI 资讯

🧩 Runtime Snapshots #19 - We Opened the Format.

Most things that ship under "browser MCP" are the same thing wearing different names: an autonomous agent with a do-anything tool, pointed at your browser, told to figure it out. The pitch is capability. The unspoken cost is that a runtime which can do anything can be steered into doing anything. We just published the opposite, and we published it in the open. github.com/e2llm/e2llm-sifr is now the canonical home for SiFR - the format spec, the taxonomy, the MCP server manifest, real page captures, per-client configs, and the model skill. MIT-licensed. The capture engine and the server stay a hosted product; the format and the interface are open. This post is about why that split is the whole point. E2LLM is not an agent This comes first because everything else follows from it. An agent decides and acts on its own. It plans, it loops, it takes steps toward a goal with you out of the path. That autonomy is the feature - and it is also the attack surface. A runtime that can do anything is a runtime that can be talked into anything. E2LLM is a perception layer, not an agent. It gives whatever model you already use senses for the browser: structured sight, and a small set of narrow, individually-gated actuators. It does not plan, does not loop, does not decide. Your model does the reasoning. E2LLM reports what a page is and carries out one explicit instruction at a time. Nothing runs while you look away. Perception substrate versus autonomous runtime. That line is the design, not a disclaimer on top of it. What SiFR is - and the three things it isn't SiFR (Salience-Indexed Flat Relations) is the capture format at the center of E2LLM. From a distance it can look like a tidy DOM dump or an accessibility tree. Mechanically it is neither, and the difference is the entire value. Not a DOM dump. A dump serializes the tree as-is: everything, in document order, noise included. SiFR selects and ranks. It scores every node by salience, drops scaffolding, and flattens the survivor

2026-07-12 原文 →
AI 资讯

Decoupling Prompt Engineering from your Deployment Pipeline

Engineering prompts inside your source code is a recipe for deployment fatigue. If you've spent any time moving an AI feature from a prototype to production, you know the specific frustration of 'prompt drift.' You make a subtle tweak to a system instruction—perhaps changing how the model handles edge cases in JSON formatting—and suddenly you're forced into a full CI/CD cycle. A PR, a review, a build, and a deployment, all because of three words changed in a long string constant. In a mature engineering organization, your application logic should be decoupled from your prompt instructions. The code handles the orchestration, the plumbing, and the security; the prompts represent the dynamic configuration. This is what LLMOps aims to achieve, but until recently, there was a massive friction gap between managing these prompts in a dashboard and actually using them inside an agentic workflow. This is where the Humanloop MCP server changes the interaction model entirely. It's not just about having a central repository for strings; it's about bringing those strings into your execution context—your IDE, your Claude instance, or your Cursor agent—as actionable tools. The Architecture of Prompt-as-a-Service The core idea here is treating prompts as versioned assets rather than hardcoded constants. By using the Humanloop API via MCP, you're essentially turning prompt management into a service call. When I look at the toolset available in this server, the first thing that stands out isn't just the ability to read data—it's the ability to manipulate state. Take upsert_prompt for instance. You aren't just fetching text; you can create or update configurations directly from your agent. This transforms your development loop. Instead of context-switching between a browser tab with Humanloop and a terminal, you can instruct an agent to 'Refine the customer-support-reply prompt to be more concise and save it.' The agent performs the engineering work and updates the source of truth in

2026-07-12 原文 →
AI 资讯

From REST to MCP (1/2): Different Dimensions

Intro An MCP server can look like another API layer: expose existing REST endpoints as tools and call it a day. Both receive input, execute backend logic, and return a result. But they operate under different assumptions. This two-part series explains why directly wrapping REST APIs is a bad default. This first article covers the differences in their runtime environments. The second will discuss how those differences should affect MCP design (you already know how to design a good REST API ). We can see those differences more clearly by comparing the two across several dimensions. Dimensions The consumer With REST, developers encode control in application logic. The application knows when to call an endpoint, what arguments to send, and how to handle the response. Those decisions are made during development. With MCP tools, much of that control moves to the AI agent. The model interprets the request, chooses a tool, constructs its arguments, evaluates the result, and decides what to do next. The harness can restrict it, but the model is still part of the control flow. A REST client already knows why it is making a call. An agent must first decide whether a tool is relevant at all. MCP tools The context A REST application can draw from application state, cookies, memory, and user input. Code written by a developer determines which parts become request parameters. An agent can draw from the current request, conversation history, and previous tool results. The MCP server does not see this context automatically, but the model may turn parts of it into tool arguments at runtime. The difference is who selects what reaches the backend: predetermined code or a model reasoning over a changing conversation. The action model REST APIs tend to expose focused, fine-grained operations that application code can compose. Keeping endpoints simple and stable limits regressions because a developer has already written and tested the workflow that connects them. With MCP, the agent often

2026-07-12 原文 →
AI 资讯

AI Fundamentals - Part 4: Building Real AI Applications

In the previous articles, we learned how an LLM generates text and how techniques like RAG and CAG help it answer questions using external knowledge. At this point, our AI-powered Travel Planner can answer questions like "I'm visiting Japan for 7 days. Suggest an itinerary." or "Recommend vegetarian ramen near Tokyo Station." That's useful, but it's still just a chatbot. What if the user asks to "Book the cheapest flight from Mumbai to Tokyo." , "What's the weather in Kyoto this weekend?" , or "Remember that I prefer vegetarian food and always choose a window seat." ? An LLM cannot execute these actions by itself. To build real, production-ready AI applications, we need to connect the model to the outside world. Let's see how that works. Tool Calling (Function Calling): Letting AI Use External Tools Suppose the user asks: "What's the weather in Kyoto tomorrow?" Since the LLM doesn't know tomorrow's forecast, our application can provide the model with a weather API. The workflow is simple: the LLM understands the request, determines that it needs the weather tool, calls the Weather API (via the client application), receives the live weather data, and generates the final grounded response. User ──► LLM understands request ──► Application calls API ──► App sends results ──► LLM response It's critical to understand that the LLM isn't calling the API directly . It simply outputs structured instructions (typically JSON) telling the client application: "To answer this, I need you to call the weather function with parameter location='Kyoto'." Your application executes the actual API call and feeds the result back to the model. This capability is called function calling or tool calling . The tool can be anything: a weather API, a flight booking service, a calendar, a database, a payment gateway, or an internal company system. The LLM acts as the decision-maker (determining which tool to use and when ), while your application acts as the executor. 💡 Developer's Takeaway Think

2026-07-12 原文 →
AI 资讯

Week 13: a second team is now running an AI agent on atomic HTLC swaps. Here is what that validates.

Title: Week 13: a second team is now running an AI agent on atomic HTLC swaps. Here is what that validates. Tags: mcp, ai, cryptocurrency, blockchain For most of this spring, the map of the agent economy had a strange gap. Wallets to hold keys. Rails like x402 to move value. Marketplaces and reputation so an agent knows who to trust. And then, at the exact moment two parties settle a trade, a custodian: an escrow contract, an evaluator, a referee holding the money while a decision gets made. We have spent thirteen weeks arguing that the settlement layer does not need a referee, because a hash-time-locked contract can hold neither side and still guarantee the trade. This week, a second team shipped a live agent that makes the same argument in code. That is worth stopping on. The signal that mattered this week KaleidoSwap released KaleidoAgent, described as a self-sovereign trader agent on Bitcoin Layer 2s. It is fully non-custodial. It runs a Lightning and RGB wallet, executes atomic HTLC swaps on the KaleidoSwap DEX, runs DCA and portfolio strategies, manages Lightning channel liquidity, and acts as an interactive wallet assistant. The reasoning layer is an LLM (Claude or OpenAI) driving the kaleido CLI and the wallet primitives underneath. Read that list again through a settlement lens. An autonomous agent, deciding what to trade, and executing the trade over a primitive where no third party ever holds the funds. That is the exact shape of the thing we have been building. Different network, same bet. Why the mechanism is the same KaleidoSwap earlier completed what it described as the first atomic swap of an RGB asset on the Lightning Network mainnet, using tUSDT, an RGB20 version of USDT, over real Lightning channels. The detail that makes it atomic is the one that makes every HTLC atomic: The payment hash remains identical across both legs of the swap. Paying the wrapped invoice creates a Hash Time-Locked Contract in the Lightning channel, and the HTLC locks the p

2026-07-12 原文 →
AI 资讯

The week in review: agents got wallets, rails, marketplaces and escrow. They still don't have settlement.

If you only tracked one part of the agent economy this June, you'd have missed how fast the rest of the stack is being built. So here's a roundup, and one honest observation about the piece that's still missing. Four launches, one month Four things shipped in roughly four weeks, and together they sketch the shape of the machine economy: MetaMask Agent Wallet (Jun 8) - a self-custodial wallet an AI agent can drive directly. Keys for machines. Coinbase for Agents (Jun 11) - an MCP + CLI surface that connects an agent to a Coinbase account, riding on x402, which has now processed well past 160M payments. OKX.AI marketplace (Jun 30) - persistent on-chain identity, cross-job reputation, and escrow-backed dispute resolution, all in one platform. Kustodia MCP escrow - a smart-contract escrow on Arbitrum, exposed as MCP tools so an agent can create an escrow, lock funds, monitor for delivery, and release payment through natural-language calls. It also supports x402, Google's AP2, and Coinbase's AgentKit. Add the payment-rail data around all of it: across the tracked x402 flows this year, USDC is the overwhelming majority of value moved, and the median agent payment sits in the cents. This is a real economy forming, not a demo. Every one of those launches is genuine progress. And every one of them, at the moment that matters, has someone other than the two counterparties holding the asset. The pattern: hold, then decide Look at where the money physically sits during a transaction in each model. A wallet holds your keys - fine, that's custody of your own funds by design. A payment rail moves value from your account to theirs - a transfer, one direction. A marketplace with escrow holds both sides' value and releases it when a condition (often a human-designed evaluator or dispute process) says so. Kustodia is the cleanest statement of the escrow model, so it's worth being precise about it rather than vague. Their Arbitrum contract acts, in their own framing, as an impartial re

2026-07-11 原文 →
AI 资讯

Your AI coding agent will happily ship a breaking API change. I built an MCP server to catch it.

Last month I watched Cursor confidently rename a field across an entire API, commit it, and open a PR. Clean diff, tests green, looked great. It had also just broken a mobile client and a partner integration that were still reading the old field name — and neither Cursor nor I noticed until much later. That's the thing about AI coding agents and APIs: they're fast, they're fearless, and they have zero awareness of your API contract . An agent will drop an endpoint, make a request field required, or change a response type without any sense that a real consumer out there depends on the old shape. The code compiles. Your tests pass (your tests — not the consumer's). The breakage is completely silent until someone downstream feels it, usually in production, usually from an angry message rather than a failing build. We keep giving agents more power to write API changes and nothing to tell them whether a change is safe to ship . So I built that missing piece as an MCP server. The gap: there's no "is this safe?" step in the loop Think about how you'd catch this manually. You'd diff the old and new OpenAPI spec, look for removed endpoints, removed response fields, tightened request contracts, enum narrowing — the classic breaking changes — and decide whether it's safe to merge or whether you need a version bump and a heads-up to consumers. An agent never does that. It has the code in context, not the contract implications . And "did I just break a consumer?" is exactly the kind of question it should be asking before it hands you a diff. Enter MCP If you haven't used it yet: the Model Context Protocol is a standard way to give AI agents tools — little capabilities they can call. Claude, Cursor, and others all speak it. Instead of the agent guessing, it can call a tool and get a real answer. So the fix is simple to state: give the agent a tool that answers "is this API change safe to ship to my consumers?" — and have it call that before it proposes the change. That's the hero

2026-07-11 原文 →