今日已更新 386 条资讯 | 累计 20358 条内容
关于我们

标签:#python

找到 615 篇相关文章

AI 资讯

AgentTrust ID is live

This weekend, AgentTrust ID went live in production. As of today, all five SDKs are published: pip install agenttrustid npm install @agenttrustid/sdkgo get github.com/agenttrustid/sdk/go cargo add agenttrustid # Maven / Gradle # id.agenttrust:agenttrustid:0.3.0 The SDKs are open source under Apache 2.0 at github.com/agenttrustid/sdk . The hosted platform is running at app.agenttrust.id in a controlled beta. Why I built this AI agents broke the assumptions that machine-to-machine security was built on. An API key answers one question: who is calling. It asks it once, at the door. An agent decides its next action at runtime, from context nobody wrote by hand. The same agent that summarized a document a second ago might now try to email it, delete it, or chain a task to another agent. A credential that only proves identity has no opinion about any of that. Agents need a decision at the action boundary : should this specific action happen, right now, on whose behalf . Answered at runtime, every time, with an audit trail and a kill switch. What's running Everything below is live in production today, not a roadmap: Per-action authorization. Every consequential action passes a pre-flight check. The Guardian pipeline routes each action by risk: deterministic rule checks for the common path, a policy engine for mutations, and AI-backed review for destructive operations. Fail-closed where it counts. Opaque, instantly revocable tokens. Credentials are at_ references with no standing authority of their own . The server decides on every use, so revocation is one call, effective immediately. Scoped delegation. When one agent hands work to another, the grant narrows instead of copying : subset scopes, independent TTLs, independently revocable, bounded chain depth. Read-only sessions with time-boxed elevation. Sessions start safe and rise only on approval, for a bounded window, then revert on their own. One model across surfaces. MCP tools, agent-to-agent calls, and direct API inte

2026-06-08 原文 →
AI 资讯

I Built a GDPR Compliance Scanner Using the Claude API - Here's How It Works

I Built a GDPR Compliance Scanner Using the Claude API - Here's How It Works A few months ago I noticed something that kept bugging me. I was building and handing off websites for clients and every single time, GDPR compliance was either an afterthought or a panic right before launch. Privacy policies copied from templates, cookie banners slapped on at the last minute, no one really sure if the contact form was actually compliant. The bigger problem: there was no quick, affordable way to check . Enterprise compliance tools cost hundreds per month. Legal consultants cost more. Most small businesses just crossed their fingers. So I built ClearlyCompliant - an automated GDPR compliance scanner that analyses a website and delivers a detailed PDF report for a one-off fee. No subscription, no jargon, just a clear picture of where a site stands. Here's how it actually works under the hood. The Stack Django (Python) - backend and web app BeautifulSoup + requests - crawling and HTML parsing Python threading - async scanning without the overhead of Celery/Redis Anthropic Claude API (Haiku) - AI-powered policy analysis ReportLab - PDF report generation Stripe - payments IONOS SMTP - email delivery Gunicorn + Nginx on an IONOS VPS The Scanning Pipeline When a user submits a domain and completes payment, the scan kicks off immediately. Rather than making them wait on a loading screen, the scan runs asynchronously in a background thread and the report gets emailed when it's done. I deliberately avoided Celery and Redis here. For the scale I needed, Python's built-in threading module was more than sufficient and kept the infrastructure simple. One less thing to maintain, one less thing to break. import threading def run_scan_async ( domain , order_id , customer_email ): thread = threading . Thread ( target = run_full_scan , args = ( domain , order_id , customer_email ) ) thread . daemon = True thread . start () The scan itself runs 23 individual GDPR checks across several categori

2026-06-08 原文 →
AI 资讯

I Wanted Better Insights Across My Bank Accounts, So I Built MyVault

Most side projects start with a simple frustration. Mine started with a banking app. One of my banks had a feature I really liked. It automatically categorized transactions and showed spending breakdowns in graphs and charts. For the first time, I could easily see how much I spent on restaurants, groceries, transport, subscriptions, and other categories. The problem was that only one of my banks offered this feature. Like many people, I use multiple bank accounts, credit cards, and savings accounts. Two of my other banks provided little more than a long list of transactions. If I wanted a complete picture of my finances, I had to switch between apps and manually piece everything together. As a software engineer, my first instinct was obvious: "Why don't I just build this myself?" That idea eventually became MyVault . The Original Goal The first version of the project was surprisingly simple. I wanted users to: Upload bank statements Extract transaction data Automatically categorize spending View useful charts and reports The goal wasn't budgeting. It wasn't investment tracking. It wasn't accounting. I simply wanted a single place where I could see spending across all of my bank accounts. Once I started building, however, I realized there was a much more interesting opportunity. If all transaction data was already extracted and structured, why not allow users to ask questions about their finances? Instead of searching through transactions manually, users could simply ask: How much did I spend on restaurants last year? What subscriptions am I paying for? Which categories increased the most this month? How much did I spend while traveling? That's when MyVault started evolving from a reporting tool into an AI-powered financial assistant. Building as a Solo Developer One of the biggest challenges wasn't technology. It was building everything alone. When you're working on a side project, you don't just write code. You become responsible for everything: Product decisions B

2026-06-07 原文 →
AI 资讯

What a policy gate catches in AI-generated code, and what slips through

I maintain an open-source GitHub Action called vorsken. It does one thing: scan the diff on a pull request with Semgrep, apply a fixed policy, and return BLOCK, FLAG, or PASS. No dashboard, no model that drifts over time. Rules at ERROR/HIGH/CRITICAL severity block the merge, WARNING/MEDIUM flag it, the rest pass. Same diff, same verdict. The usual pitch for a tool like this is that it catches the SQL injection your AI assistant wrote. I wanted to see what it actually catches against real assistant output, so I generated 28 functions and ran them through. The test Seven backend tasks: a FastAPI upload endpoint, a URL-fetch helper, JWT auth, a SQL filter, an ImageMagick subprocess call, a LangChain file agent, and a LangChain RAG pipeline. I generated each one four times, with ChatGPT (GPT-5.5 Instant), Claude Code (Opus 4.8), Claude Code plus the security-guidance plugin, and Cursor (Composer 2.5). Single-shot, neutral prompt, no security hints. Then I scanned all 28 with the same ruleset. I'm reporting which rule fired on which file, not whether some model thinks the code is safe. That part you can reproduce. Task ChatGPT Claude Code + plugin Cursor Verdict file upload — — — — PASS url fetch (SSRF) ssrf ssrf ssrf — FLAG / Cursor PASS jwt auth api8 api8 — — BLOCK / 2 PASS sql filter — — — — PASS imagemagick — — — — PASS fs agent — overperm — — 1 BLOCK / 3 PASS rag dangerous dangerous dangerous dangerous BLOCK 7 BLOCK, 3 FLAG, 18 PASS across 28 functions. The basics were fine SQL filter, ImageMagick, file upload: clean on every tool. The SQL was parameterized, the subprocess calls passed argument lists instead of shell strings, the uploads weren't doing anything reckless. If you still expect current models to spray SQL injection across a straightforward CRUD task, they don't. On conventional work they get it right. Two of the flags are soft. The JWT api8 hits landed on a SECRET_KEY = "CHANGE_ME" placeholder, which you can read as a false positive or as a gate doing i

2026-06-07 原文 →
AI 资讯

Building a Deterministic Security Scanner for AI-Generated Code

Building a Deterministic Security Scanner for AI-Generated Code TL;DR: I built TruffleKit , a CLI security scanner that catches 22 vulnerability classes in under 2 seconds with zero false positives. Here's how the scanning engine works under the hood. AI code generation is producing more production code than ever. But AI models are trained on public code — which means they reproduce the same security mistakes the open-source ecosystem has been making for decades. In my tests, 73% of AI-generated code snippets contain at least one security vulnerability that a standard linter would completely miss. I couldn't find a tool that was fast, deterministic, and had zero false positives. So I built one. The Architecture The scanner is a rule-based deterministic engine written in Python. Each rule is a self-contained module that pattern-matches against a file's AST or raw content. scanner/ ├── __init__.py ├── engine.py # Orchestrator ├── reporter.py # Output formatting ├── rules/ │ ├── __init__.py │ ├── secret_detection.py │ ├── sql_injection.py │ ├── path_traversal.py │ ├── weak_encryption.py │ ├── cors_misconfig.py │ └── ... (22 rules total) └── models.py Key Design Decisions 1. AST-Based Pattern Matching For languages like Python and JavaScript, we parse the file into an AST and match against structural patterns — not regex. This eliminates false positives from strings that happen to look like code. import ast class SQLInjectionRule ( BaseRule ): def check ( self , tree : ast . AST , filename : str ) -> list [ Finding ]: findings = [] for node in ast . walk ( tree ): # Match: cursor.execute(f"...{variable}...") if isinstance ( node , ast . Call ): func_name = self . _get_call_name ( node ) if func_name in ( ' cursor.execute ' , ' db.execute ' , ' connection.execute ' ): for arg in node . args : if self . _is_f_string_or_concat ( arg ): findings . append ( self . _make_finding ( severity = ' high ' , message = ' SQL injection: parameterized query required ' , line = node .

2026-06-07 原文 →
AI 资讯

Closing the execution gap: a series

Every AI coding tool can write Python — Cursor, Claude Code, Windsurf. None of them can run it safely in production. That gap between "AI wrote the code" and "the code ran safely" is exactly what I'm building jhansi.io to close. This series documents the journey. One layer of the problem at a time. The execution gap When AI generates code, four things still stand between you and prod: Dependencies — Install the right packages, with versions and licenses you trust Isolation — Run it hard-sandboxed. No host access, no outbound network, no surprises Secrets — Let AI use your API keys without ever letting it see or leak them Audit — Log every execution. Prompt, code, result, timestamp. Compliance-grade. Most teams stop at step 1. Banks and fintechs can't. FCA, SOC2, and the EU AI Act require audit trails for AI actions. You can't eval() your way through an audit. jhansi.io is the missing run() for AI-generated code. Open core, cloud sandbox, built to close each part of the gap — layer by layer. The series Part 1 — Persistent sandboxes Why "ephemeral" breaks debugging, state, and compliance. The case for giving every AI a home directory. → Read Part 1 Part 2 — Dependency management (coming soon) Detecting, installing, and locking deps across Python, Node, Go, and Java. With SBOMs and policy built in. Part 3 — Isolation (coming soon) What "hard isolation" actually means. Containers, Firecracker, zero trust networking, and the metadata service attacks you haven't thought of yet. Part 4 — Secrets (coming soon) Kernel-level proxies. AI can call Stripe without the key ever entering the sandbox. Part 5 — Audit (coming soon) Who ran what, when, with which prompt. Hash-chained logs that satisfy auditors, not just engineers. Building this in public. Follow the series on Dev.to , Linkedin , and X . Code is Apache 2.0 at github.com/jhansi-io .

2026-06-07 原文 →
AI 资讯

How I Mapped Brain Cell Changes in Alzheimer's Disease Using Single-Cell RNA Sequencing

Alzheimer's disease affects over 55 million people worldwide, yet the precise molecular changes happening inside individual brain cells remain poorly understood. I wanted to dig into that question - not at the tissue level, but at single-cell resolution. So I built a full scRNA-seq analysis pipeline in Python using Scanpy, working with a publicly available dataset of 63,608 nuclei from human prefrontal cortex tissue (sourced from CZ CELLxGENE). The donors spanned three Braak stages: 0 (cognitively normal), 2 (early Alzheimer's), and 6 (severe Alzheimer's). Here's what I found and how I found it. The Dataset The data came from a study on the molecular characterisation of selectively vulnerable neurons in AD. It covers the superior frontal gyrus, a prefrontal region known to be hit hard by neurodegeneration - and includes seven major brain cell types: Glutamatergic neurons GABAergic neurons Oligodendrocytes OPCs (oligodendrocyte precursor cells) Astrocytes Microglia Endothelial cells 31,997 genes. 63,608 cells. Three disease stages. A lot to work with. The Pipeline 1. Quality Control No dataset is clean out of the box. I filtered cells to keep only those with between 200 and 6,000 detected genes, and excluded anything with more than 20% mitochondrial gene content (high mitochondrial reads usually signal a dying or damaged cell). This removed around 2,809 low-quality cells. 2. Normalisation Library sizes were normalised to 10,000 counts per cell, followed by log1p transformation, standard practice that makes cells comparable regardless of how deeply they were sequenced. I then identified 5,607 highly variable genes to focus the downstream analysis. 3. Dimensionality Reduction PCA (50 components) → neighbourhood graph (10 neighbours, 20 PCs) → UMAP embedding. The UMAP is where the biology starts to become visible. All seven cell types separated into distinct clusters, with clear separation between neuronal subtypes and glial populations. 4. Differential Expression For t

2026-06-07 原文 →
AI 资讯

Your Scraper Collected 50 Rows. There Were 4,000.

A scraper can pass every check you wrote and still be wrong about the one thing you actually care about: how much it collected. No exception. No 500. No broken row. Exit code 0, logs green, every field valid. And the set on disk is a quarter of what the site actually has. I have run scrapers in production enough times to stop trusting a green run on its own, and this is the failure that taught me to count. TL;DR A paginated source can serve fewer rows than it claims and never throw — page caps, hidden offset limits, infinite scroll that "ends" early. Your status check (200), schema check (valid row), and byte check (you got data) all pass. None of them counts records. The tell: declared total vs unique ids collected. Or, when there's no declared total, the page that quietly repeats an earlier page. Below is a 40-line probe you can run right now. On a source that caps at 1,500 of a declared 4,000, it returned VERDICT: INCOMPLETE (missing 2500 rows) . This is a completeness check, not a correctness check. Different layer, different bug. What actually goes wrong You write the loop everyone writes. Walk ?page=1 , ?page=2 , keep going until a page comes back empty. Stop. Save. Done. The source has other plans. It says it has 4,000 records — the count is right there in the envelope, or in a "Showing 4,000 results" line in the HTML. But it only ever hands out real data for the first 30 pages. Page 31 doesn't error. It doesn't return empty either. It returns page 1 again. Still HTTP 200. Still 50 valid rows. Your loop has no reason to stop, so it grinds on until its own page budget runs out, collects a pile of rows, and exits clean. You now have 5,000 rows in hand and feel great about it. Looks like plenty. The catch: only 1,500 are unique. The page cap fed you the same first page over and over, and those duplicates hid the shortfall behind a big-looking row count. That is the exact shape of "50 rows passed every check while 4,000 existed" — the scraper saw a lot of rows an

2026-06-07 原文 →
AI 资讯

Designing a Meeting Assistant People Actually Want to Use

Most meeting tools help during a meeting, but the real challenge often starts before it. Users spend time searching for context, reviewing past interactions, and preparing discussion points. While building MeetMind, our goal was to make meeting preparation and follow-up simpler and more intuitive. As a frontend developer, I focused on designing user-friendly interfaces, building responsive components, and creating a smooth workflow from meeting preparation to post-meeting insights. In this article, I'll share the design decisions, frontend challenges, and lessons I learned while building the user experience behind MeetMind. How We Used Hindsight Memory to Make Our AI Meeting Assistant Actually Remember Things Hook I've been in too many meetings where I blanked on something a client told me weeks ago. You're sitting there, nodding, and somewhere in the back of your head you know they mentioned a budget number or a deadline — but you can't pull it up. That feeling is expensive. It erodes trust, slows decisions, and makes you look unprepared. That's the problem MeetMind was built to solve. And the hardest part of building it wasn't the AI — it was making the AI remember. What Is MeetMind — And How Does It Actually Work? MeetMind is a web application that functions as your AI-powered pre-meeting assistant. Here's the full user flow: Before a meeting: Type a contact's name, click "Get Briefing." The app retrieves everything stored about that person — notes, promises, project details — passes it to the LLM, and returns a structured briefing: a summary of past interactions, key reminders, and conversation openers grounded in your actual history with them. After a meeting: Type your notes and click "Save." The system stores them under that contact's name for next time. Under the hood: Python + Flask backend, Llama 3.3 70B on Groq's inference API, and a JSON-backed memory layer modeled on the Hindsight architecture. The interface is intentionally minimal. Two panels, two act

2026-06-06 原文 →