今日已更新 213 条资讯 | 累计 20683 条内容
关于我们

标签:#opensource

找到 1368 篇相关文章

开发者

git diff on JSON is mostly noise. So I built a structural diff.

You change one value in a JSON config, run git diff , and get a wall of red and green — because a formatter reflowed the file, or the serializer reordered the keys, or the indentation shifted by two spaces. The one thing you actually changed is buried in there somewhere. Good luck finding it in review. The problem is that git diff and diff work on lines . JSON isn't lines — it's a tree. So I built jdelta : it compares the data , ignores key order and whitespace entirely, and tells you exactly which values changed, addressed by path. Zero dependencies, no network. What it looks like $ jdelta config.before.json config.after.json Added (1) + features.darkMode true Changed (2) ~ auth.required true → false ~ server.port 8080 → 3000 +1 -0 ~2 auth.required flipped to false and you can see it instantly — no scrolling past 200 lines of reindented braces. Why not git diff / diff ? Because they diff text. Run a formatter, sort your keys, change two spaces of indent, and a line differ lights up the whole file while reporting zero semantic change. jdelta parses both sides and walks the trees: Object keys show as user.profile.age ; array elements as items[2].price . Odd keys fall back to quoted brackets ( ["order-id"] ). A key on only one side is added / removed ; a key on both with a different value is changed . A type change ( number → string , object → array ) is one changed entry tagged with the kinds — not a confusing add + remove. Reordered keys and whitespace produce nothing , because they aren't data changes. Great for reviewing config changes, API-response snapshots, tsconfig / settings.json , lockfile-adjacent files, and test fixtures. In scripts and CI jdelta a.json b.json --json # machine-readable: {added, removed, changed, summary} jdelta a.json b.json --quiet # just the +a -r ~c line jdelta a.json b.json --exit-code # exit 1 if they differ — gate a pipeline on it Install npx jdelta a.json b.json # Node build (npm) pip install jdelta # Python build — same behavior Tw

2026-06-17 原文 →
AI 资讯

I put my Claude Code sessions on Discord — and now it's a one-line plugin

About 7,000 developers install a little tool of mine every month. It has 7 GitHub stars. I think about that gap a lot — but it also means thousands of these cards are quietly running in Discord right now, which is the whole point. It's called claude-rpc , and as of today you can install it from inside Claude Code itself. What it is claude-rpc is a small Node daemon that takes the lifecycle events Claude Code already fires — session start, each tool call, token counts — and turns them into a live Discord Rich Presence card on your profile: current model, project, what tool is running, plus lifetime stats. Your friends see what you're building; you get a year heatmap of your own work. It's free, open source, and has zero runtime dependencies — the Discord IPC client is hand-rolled, so the entire supply chain fits in a single review. The new part: a Claude Code plugin Two lines, in the editor: /plugin marketplace add rar-file/claude-rpc /plugin install claude-rpc@claude-rpc The card shows up on your next session. That's it. The plugin itself is deliberately thin — one SessionStart hook that runs the same installer you'd run by hand ( npx claude-rpc@latest setup ) once, in the background, then gets out of the way. Claude Code measures it at ~0 tokens of context per session. The real package still does the real work: wiring hooks, holding Discord's local socket, starting at login. It's now the fifth way to install the same tool — npx , a curl one-liner, Homebrew, a Windows exe, and now this — so pick whatever fits your setup. How it actually works No magic: 5 hooks, one small state file, and a daemon that holds Discord's local socket. No polling, no network calls, no telemetry you didn't opt into. If you want to read it, start with src/discord-ipc.js . Try it Site + build log: https://claude-rpc.vercel.app Source: https://github.com/rar-file/claude-rpc Built solo, on weekends. If one of those 7,000 cards ends up being yours, a GitHub star is the cheapest possible way to

2026-06-17 原文 →
AI 资讯

Fixing AI Observability: How I Added GenAI Semantic Support for RAG Embedding Spans in Mastra

OpenTelemetry has become the standard for observing modern systems. But when you start building AI applications, traditional traces aren't enough. You don't just want to know that a request happened. You want to know: Which model generated the output? Which provider was used? How many tokens were consumed? What embedding model processed the documents? How much did the operation cost? These questions become even more important when building Retrieval-Augmented Generation (RAG) systems. Recently while contributing to Mastra, I discovered an observability gap involving RAG embedding operations. This led me to open a pull request that introduced proper OpenTelemetry GenAI semantic mappings for RAG_EMBEDDING spans. The Problem Mastra already exported rich metadata for several AI operations. However, RAG embedding spans were missing standardized GenAI semantic attributes. As a result, observability tools could see that an embedding operation occurred, but they couldn't easily understand: Model information Provider information Token usage Embedding-specific metadata Without standardized semantic conventions, dashboards and tracing systems lose valuable context. This becomes a bigger issue in production environments where teams need visibility into AI workloads. Understanding RAG Embedding Spans A typical RAG pipeline looks like this: Documents ↓ Chunking ↓ Embedding Model ↓ Vector Database ↓ Similarity Search ↓ LLM Generation The embedding stage is critical. Every document chunk gets transformed into a vector representation. If observability data from this stage is incomplete, debugging performance issues becomes significantly harder. Why OpenTelemetry Semantic Conventions Matter OpenTelemetry doesn't just define traces. It also defines semantic conventions. These conventions create a common language for telemetry data. Instead of every framework inventing custom field names, everyone follows the same standard. For GenAI workloads this means tools can automatically underst

2026-06-17 原文 →
AI 资讯

WSL UI, WSL Dashboard, and a "Counterfeit" Claim That Doesn't Survive the Timeline

There is now a second free WSL management tool out there called WSL Dashboard , published by a developer who goes by owu on GitHub. It is open source, it has more GitHub stars than WSL UI, and it is clearly the product of real effort. I have no problem with any of that. Competition is good for users, and WSL deserves more than one good GUI. What I do have a problem with is this notice, which appears both on wslui.com and in the WSL Dashboard README: "This software is not distributed through the Microsoft Store. Any application listed there under the same name is unauthorized and may be counterfeit. Please do not download it to avoid potential scams." WSL UI is on the Microsoft Store. It has been since January. So that notice is, in plain terms, telling people that the genuine, certified, earlier WSL tool is a counterfeit scam. It isn't. And the entire claim falls apart the moment you look at the dates — all of which are public, timestamped, and independently verifiable. What this post is, and what it isn't This is not a "my project is better than yours" post. I'm not going to pick apart WSL Dashboard's features or pretend it's a bad piece of software. It isn't. This is a correction of one specific, factual claim: that the version of WSL UI on the Microsoft Store is unauthorized or counterfeit. That claim is demonstrably false, and because it's aimed at a tool people trust, it's worth setting straight properly — with evidence, not adjectives. The timeline Every date below comes from a public record. I've linked the sources so you don't have to take my word for any of it. Date Event How to verify 2008-12-11 octasoft.co.uk registered. Octasoft Ltd has existed for well over a decade. Nominet WHOIS for octasoft.co.uk 2025-12-14 The octasoft-ltd/wsl-ui repository is created. GitHub API ( created_at ) 2026-01-10 WSL UI's first public release, v0.2.0. WSL UI releases 2026-01-13 WSL UI v0.14.0 is published to the Microsoft Store. The announcement post 2026-01-18 The owu/wsl-

2026-06-17 原文 →
AI 资讯

The two causes of your token bill

Originally published on the Sieve blog . Sieve is an open-source (Apache 2.0) context-reduction proxy — I work on it, and I've tried to keep this post about the problem rather than the tool. If you run an LLM agent for real work, the bill is the part nobody warned you about. It starts small, it grows with use, and the worst of it is invisible — most of what you pay for on any given turn is text the model has already seen, or text you never meant to send. There's a temptation to treat this as one problem with one fix. It isn't. An agent's token bill has two distinct causes, and they need two genuinely different kinds of tool. This post is about telling them apart — because once you can, the question stops being "which tool wins" and becomes "which of my two problems am I looking at right now." The bill is mostly things you didn't choose Start with where the tokens actually go, because it's rarely where people assume. When your agent calls a tool, the model doesn't just pay for your request — it pays for the machinery of asking. Anthropic's own pricing documentation spells this out: the tools parameter alone adds hundreds of tokens of schema to every request, the bash tool adds a fixed overhead, and a single web fetch pulls the fetched page straight into your context — "Average web page (10 kB): ~2,500 tokens... Research paper PDF (500 kB): ~125,000 tokens". A tool result you glance at once and never need again can cost more than the entire conversation around it. Now add the part that repeats. On every turn, a typical agent re-sends its system prompt, its full tool catalogue, its persona, and the conversation so far. The variable part of the request — what you actually typed — is often the smallest thing in the payload. The fixed overhead, multiplied across every turn of a long session, is the bill. So the cost has two shapes, and they're not the same shape: Verbose machine output — JSON tool results, logs, search dumps, fetched pages, code listings. Big, one-off, an

2026-06-17 原文 →
AI 资讯

Fire-and-forget AI engineering: letting agents ship a production app unsupervised

"An AI agent just built a production landing page, with GDPR audit logs and encryption baked in. I wasn't even at my desk." That is not a lucky one-shot. It is a repeatable workflow. Piotr Karwatka recorded a full tutorial showing how to go from idea to a production-ready app on Open Mercato - the AI-Engineering Foundation Framework for CRM/ERP - with no babysitting and no ping-pong prompting. This is the technical version: what the loop actually looks like, why it doesn't fall apart, and which patterns you can lift into your own stack. The problem with conversational coding The default AI coding loop is single-threaded and human-bound: prompt -> generate -> you spot a bug -> correct -> re-prompt -> repeat It holds for snippets. It collapses the moment the task touches real architecture - multi-tenancy, RBAC, event flow, encryption, audit logging. Corrections pile up in the context window, the agent loses the thread, and you are back to typing. You are the bottleneck, sitting in the inner loop. The workflow in the tutorial moves you to the outer loop : you review a finished, tested PR instead of every keystroke. goal -> agent: branch + implement + test + open PR -> you: review PR The reason this is even possible on Open Mercato is that the hard architectural decisions are already encoded as conventions, specs and agent-readable skills ( AGENTS.md , task routing, spec skills). The agent is not inventing how RBAC or GDPR logging should work - it reads the foundation and follows it. 1. Fire-and-forget: the autonomous PR loop The execution agent owns the full unit of work: 1. git checkout -b feat/lead-capture-landing 2. implement against framework conventions 3. run the test suite (Playwright integration tests included) 4. open a structured PR: what changed, why, how it was verified You are no longer correcting tokens. The deliverable is a reviewable artifact. In the tutorial the output is concrete: a live site capturing leads straight into the Open Mercato CRM, with GD

2026-06-17 原文 →
AI 资讯

The next bottleneck after AI writes your code is reviewing the docs it writes

Coding agents draft specs, architecture docs, changelogs, and README updates in seconds — but a human still has to judge the quality of all that output. The bottleneck shift A year ago, the typical workflow was: you write a spec, you get comments, you revise, then you implement and get code review. Humans did most of the writing and coding. Now, agents produce first drafts of design docs, API references, runbooks, and onboarding guides — and they do it in seconds. Code implementation and code review can now be handled by agents, so those are no longer the bottleneck. What surfaced instead is the step right before: document review. A human has to read 2,000 lines of generated markdown and decide what's wrong. The writing part got dramatically faster. LLMs can assist with document review too, but compared to code implementation and code review, the human judgment required is still larger. This asymmetry compounds fast. Every agent-assisted project now has a stack of "needs human review" documents growing in a shared folder. If you're running multiple agent loops in parallel — one for the spec, one for the implementation plan, one for the test strategy — review becomes a pipeline stall. GitHub PRs remain the right tool when you need third-party review. But the step before that — the fast local self-review loop where you and your agent iterate on a draft — doesn't belong in a PR. Branching, diffing, and assigning reviewers is a lot of process for a first draft the agent wrote in seconds. Why prose feedback is lossy The most common workaround today is to have the agent read the document and then fix things based on natural-language feedback: "The error handling in section 3.2 is too vague — be specific about what happens on timeout." This looks reasonable. The agent reads it, searches for something about error handling, and makes a change. But several things go wrong: Position is ambiguous. If section 3.2 has three paragraphs about error handling, which one did the revie

2026-06-17 原文 →
AI 资讯

Block the Merge if the Model Isn't Ready": Shifting Local AI Evaluations Left with CI Gates

We’ve all heard "it works on my machine," but when it comes to AI-driven features, that phrase is a recipe for disaster. You can have a perfectly tested agent today, but if you upgrade your base model or change your quantization strategy tomorrow, you might inadvertently kill your agent's reliability. You can’t afford to wait for production to find out your agent is hallucinating or failing its tool calls. This is why we built the headless QuantaMind CLI—to shift AI evaluation left into your CI/CD pipeline. By integrating custom eval JSON collections into your build process, you can now treat your AI agent like any other piece of code. If a model upgrade or a quantization tweak causes your agentic reliability to dip below your required threshold, your CI pipeline should block that merge. It’s not just about testing; it’s about enforcement. If you aren’t gating your deployments based on real, repeatable model performance, you aren’t shipping software—you’re shipping a guessing game.

2026-06-17 原文 →
AI 资讯

I stopped trusting curl | sh — so I built a tool that reads the script first

Every developer has done it. You hit a README, you see the install command: curl -fsSL https://example.com/install.sh | sh And you run it. Maybe you skim the script first. Maybe you don't. But you run it. I've been doing this for years. And each time, a small voice in the back of my head says: you have no idea what that script actually does. You just piped a stranger's code straight into your shell. Eventually I got tired of ignoring that voice. What the pattern actually is curl | sh is not a bad pattern — it's a fast, convenient pattern with a real trust gap. The script runs with your permissions, in your shell, right now. It can: Install something with sudo Delete files with rm -rf Write to your disk with dd Access your SSH keys or .env files Set up a cron job or a systemd service that runs again next reboot Decode and run a payload with base64 | eval Most install scripts do none of these things maliciously. But many do several of them legitimately — and you wouldn't know which ones until something went wrong. --- ## What I built instead I'm a solo founder based in Ouagadougou, Burkina Faso. I build with heavy AI pairing — I'm not a trained engineer, I work with Claude, review the output, and ship. This tool ( peek ) was AI-paired and reviewed by me before release. peek is a ~130-line POSIX shell script that sits in front of the pattern: # Instead of: curl -fsSL https://example.com/install.sh | sh # Do: peek https://example.com/install.sh Before anything runs, peek: Fetches the script Scans it for risky patterns Prints a risk score and the exact dangerous lines Asks you to confirm — and refuses to auto-run a HIGH-RISK script unless you type RUN You can also pipe into it, or run it in analysis-only mode: curl -fsSL https://example.com/install.sh | peek # analyze from a pipe peek --print ./downloaded.sh # never runs, analysis only What it flags (and what it doesn't) The patterns peek checks: Root escalation — sudo , running as root Destructive file ops — rm -rf , fi

2026-06-17 原文 →