开源项目
🔥 OthmanAdi / planning-with-files - Persistent file-based planning for AI coding agents and long
GitHub热门项目 | Persistent file-based planning for AI coding agents and long-running agentic tasks. Crash-proof markdown plans that survive context loss and /clear, plus a deterministic completion gate and multi-agent shared state on disk. Manus-style. Works with Claude Code, Codex CLI, Cursor, Kiro, OpenCode and 60+ agents via the SKILL.md standard. | Stars: 24,557 | 61 stars today | 语言: Python
AI 资讯
🤖 I Built 100 Claude Code Subagents. These Are The 12 That Actually Earn Their Context.
Everyone's building armies of AI "specialists" inside Claude Code. Most of them never trigger, collide with each other, and quietly bloat the very context window they were supposed to protect. I built and stress-tested 100 subagents — official built-ins, the big community collections, and a pile of my own — to find the handful that genuinely earn their keep. Here are the 12 I actually delegate to, the ones I deleted, and the uncomfortable truth about what a subagent is really for. Why I Went Down This Rabbit Hole This is the third time I've done this to myself. First it was 100 Claude Skills . Then 100 MCP servers . Now: subagents. Together they're the three pillars of the Claude Code stack — Skills give an agent competence , MCP servers give it capability , and subagents give it delegation . I'd covered two. The trilogy demanded the third. And subagents are where the hype is loudest right now. Open GitHub and you'll find collections with hundreds of them: VoltAgent's awesome-claude-code-subagents ships 154+ agents across 10 categories with 22.9k stars ; wshobson's marketplace packs 194 agents, 158 skills, and 16 orchestrators into 37.5k stars . The pitch is intoxicating: assemble a team of AI specialists — a security-auditor , a react-specialist , a kubernetes-specialist , a quant-analyst — and let Claude Code dispatch the right expert for every task. So I did the obvious thing. I installed, wired up, and actually used 100 subagents across real work: code review, debugging, test runs, security audits, database analysis, incident triage. I watched which ones Claude actually delegated to, which ones sat inert, and which ones quietly made my main conversation worse . Most got deleted. Not because they were badly written — many were excellent — but because I'd fundamentally misunderstood what a subagent is for . That misunderstanding is the whole point of this article, and I'll get to it before the list. This is the shortlist that survived. Twelve subagents. Out of a h
AI 资讯
Detecting Speaker Changes with Pyannote Segmentation 3.0 and ONNX Runtime
Hello, everyone. When listening to a conversation, we naturally keep track of who is speaking. A program has a harder job: beyond finding speech, it must also determine where one speaker gives way to another. Today, I will use an ONNX version of Pyannote Segmentation 3.0 to detect speaker changes in a two-person conversation and split the recording into one WAV file per utterance. What I Tested This lab uses FFmpeg to decode a roughly 14-second conversation into a 16 kHz mono waveform. It then combines the Pyannote segmentation model with simple post-processing to produce contiguous speaker segments. I wanted to verify: Whether six alternating utterances can be separated into six segments Whether the detected speaker indexes remain consistent throughout the recording Whether ONNX Runtime can process the audio faster than real time using only its CPU execution provider Whether every segment can be saved as a separate WAV file The complete code and reproducible environment are available in the pyannote-scd lab in kiarina/labs . This test performs segmentation using the model's speaker indexes. It does not compare speaker embeddings or run clustering, so it is not a complete speaker diarization pipeline that identifies the same person throughout a long recording. Reproducing the Lab You will need: mise uv FFmpeg curl The following commands fetch only this lab, download the shared test audio, and run it: git clone --depth 1 --filter = blob:none --sparse \ https://github.com/kiarina/labs.git cd labs git sparse-checkout set .gitignore .mise/tasks Makefile mise.toml \ 2026/07/04/pyannote-scd make download-test-assets mise -C 2026/07/04/pyannote-scd run On the first run, the task downloads the full-precision onnx/model.onnx file from onnx-community/pyannote-segmentation-3.0 on Hugging Face. uv then prepares the Python dependencies and runs the detector. How Speaker Segments Are Detected The input is this shared test asset: assets/mp3/conversation_2speaker_14s_16k.mp3 The re
AI 资讯
Tracking Tech Sentiment in Real-Time with VADER and Python
Tracking Tech Sentiment in Real-Time with VADER and Python What does the developer community feel about your product? Not what they say in reviews — what do they actually feel when they mention it on Hacker News or Reddit? I built a Sentiment Analyzer that fetches posts from HN and Reddit, runs VADER sentiment analysis, and outputs structured scores. Here's how it works. What It Does The tool pulls posts from two sources: Hacker News : Top or new stories via the official Firebase API Reddit : Any subreddit, sorted by hot, new, top, or rising Each post gets analysed with VADER (Valence Aware Dictionary and sEntiment Reasoner) — a rule-based model tuned for social media text. No GPU required, no API keys, no latency. What You Get Each analysed post includes: { "source" : "hackernews" , "title" : "Shadcn/UI now defaults to Base UI instead of Radix" , "sentiment" : "neutral" , "sentimentScores" : { "positive" : 0.0 , "neutral" : 1.0 , "negative" : 0.0 , "compound" : 0.0 }, "keywords" : [ "shadcn" , "ui" , "defaults" , "base" , "radix" ], "score" : 43 , "commentsCount" : 3 } The compound score ranges from -1 (very negative) to +1 (very positive). Anything below -0.05 is classified negative, above 0.05 is positive, and in between is neutral. Why VADER Instead of an LLM? Three reasons: Speed : VADER processes 10,000+ posts per second. An LLM call takes 1-2 seconds per post. Cost : VADER is free and runs locally. LLM sentiment analysis costs per token. Consistency : Rule-based models give identical results every time. LLMs can be inconsistent across runs. For high-volume monitoring tasks — like tracking every HN post mentioning your product — VADER is the right tool. Real-World Use Cases Brand Monitoring Set the analyzer to fetch posts from r/yourproduct and HN search for your brand name. Get daily sentiment reports. Catch negative sentiment before it escalates. Trend Detection Track sentiment around technologies like "AI agents", "Rust", or "WebAssembly" across both platfo
AI 资讯
A deep dive into building Text-to-SQL solutions using AI models, transforming natural language into SQL magic.
Introduction As data grows exponentially, accessing and querying databases efficiently...
开发者
Applying API Testing Frameworks: A Comparative Guide
Welcome to this comprehensive comparative guide on API testing! This article is designed to showcase...
AI 资讯
AgentGuard vs Semgrep vs CodeQL: 100 Percent vs 0 Percent on AI Agent Security
I ran the same 39 AI agent security samples through three scanners: AgentGuard, Semgrep, and CodeQL. The Results Scanner Detection Rate False Positives AgentGuard v0.6.4 100% (39/39) 0 Semgrep 0% (0/39) 0 CodeQL 0% (0/39) 0 Zero. Semgrep and CodeQL detected nothing. They have zero rules for AI agent security. AgentGuard has 17 detection rules covering all 10 OWASP ASI categories plus 4 novel attack vectors: Memory Poisoning, Tool Output Trust, Action Chain Amplification, and Multi-Agent Collusion. Real World AgentGuard found 332 critical vulnerabilities across Microsoft AutoGen and LlamaIndex. Issues reported directly: autogen#7917, autogen#7918, llama_index#22245. Reproduce git clone https://github.com/dockfixlabs/agentguard-benchmark cd agentguard-benchmark pip install dfx-agentguard python benchmark.py GitHub: https://github.com/dockfixlabs/agentguard PyPI: pip install dfx-agentguard
AI 资讯
I Opened 3 Security Issues on Microsoft AutoGen and LlamaIndex. Here Is Why
I just opened 3 security issues on two of the most popular AI agent frameworks on GitHub (combined 110K+ stars). The Issues microsoft/autogen#7917 : Docker code executor mounts host filesystem into sandboxed containers without trust boundary validation — container escape vector. microsoft/autogen#7918 : Agent self-modification patterns in Canvas memory module — agents can alter their own operating constraints during execution. run-llama/llama_index#22245 : 441 instances of unbounded recursive agent execution across 2,951 files — systemic resource exhaustion risk. All found with AgentGuard v0.6.2 (pip install dfx-agentguard), an open-source AI agent security scanner. Why Issues, Not Articles I have published 12 articles on Dev.to. Average views: 11. GitHub Issues on 50K+ star repos are read by thousands of developers and stay visible for years. This is the correct distribution channel for security findings — direct, unfiltered, and actionable. The Pattern The same vulnerability classes appear across all frameworks: Trust boundary violations (ASI10): agents crossing filesystem and network boundaries Agent recursion (ASI09): unbounded loops without circuit breakers Self-modification (ASI10): agents modifying their own state during execution These are not framework-specific bugs. They are systemic architectural gaps in how we build autonomous agents. Every framework needs guardrails for resource limits, trust boundaries, and behavioral constraints. AgentGuard detects all of them. 16 rules, 83 tests, 36 benchmark samples, 100 percent detection rate. pip install dfx-agentguard
AI 资讯
From MVP to Enterprise: Architecting AI APIs That Don't Fail at 3AM
From MVP to Enterprise: Architecting AI APIs That Don't Fail at 3AM I've been on-call for enough production incidents to know that the difference between a startup's AI integration and an enterprise one isn't just budget. It's everything downstream — your p99 latency, your failover story, the size of your blast radius when a provider has a bad Tuesday. Most guides lump these two worlds together and that's exactly why teams end up rearchitecting at the worst possible moment. Let me walk you through how I think about it now, after spending years shipping LLM-backed services for both early-stage teams and Fortune 500 procurement departments. The short version: I almost always route through Global API, and the tier I pick depends entirely on what keeps me up at night. The Question Nobody Asks First: What Breaks When? When I sit down with a founder, the conversation usually starts with "which model should we use?" That's the wrong first question. The right first question is: what's your tolerance for a 3 a.m. page? If you're a seed-stage startup with a handful of users, your answer is probably "none, but I'll deal with it." If you're a publicly traded company processing loan applications, your answer is "I need a 99.9% SLA in writing, multi-region failover, and a support escalation path that doesn't start with a Discord server." Those two answers produce two completely different architectures. Let me show you what I mean. The Startup Reality: Speed and Optionality Here's the dirty secret about direct provider integration for startups: it feels free, and then it isn't. I watched a team burn six weeks trying to wire up DeepSeek's API directly. They needed a Chinese phone number for verification, an Alipay or WeChat account for payment, and they were stuck the moment they wanted to A/B test against Qwen or another model. Their CTO told me afterward, "We spent a sprint on payment infrastructure before we shipped a single feature." That pain compounds. Every new model is a ne
AI 资讯
Stop Overtraining: Build an AI Agent to Auto-Sync Your Fitness Plan with Your Heart Rate (LangGraph + Notion)
We’ve all been there. You have a "Leg Day" scheduled in your Notion database, but you woke up feeling like a truck hit you. Your Apple Watch says your Heart Rate Variability (HRV) is in the gutter, but your rigid calendar doesn't care. Usually, you’d either push through and risk injury or manually move cards around in Notion—which is a friction-filled nightmare. In this tutorial, we are building a Self-Optimizing Health Agent using LangGraph , Notion API , and HealthKit . This agent acts as a closed-loop system: it analyzes your physiological recovery data, reasons about your physical state using an LLM, and automatically rewrites your training schedule. By mastering AI agents , LLM orchestration , and fitness automation , you’ll turn your static "To-Do" list into a dynamic "Should-Do" list. 🥑 The Architecture: The Bio-Feedback Loop Using LangGraph , we can treat our fitness logic as a state machine. Unlike a linear script, a graph allows our agent to decide whether it needs to fetch more context (like yesterday's sleep) before making a final decision on your workout. graph TD Start((Start)) --> FetchHRV[Fetch HRV Data via HealthKit] FetchHRV --> CheckRecovery{LLM: Analyze Recovery} CheckRecovery -- "Low Recovery (Fatigued)" --> ModifyNotion[Action: Downgrade Workout Intensity] CheckRecovery -- "High Recovery (Fresh)" --> KeepNotion[Action: Maintain/Boost Intensity] ModifyNotion --> UpdateNotion[Update Notion Page] KeepNotion --> UpdateNotion UpdateNotion --> End((Done)) style CheckRecovery fill:#f96,stroke:#333,stroke-width:2px style FetchHRV fill:#bbf,stroke:#333 Prerequisites Before we dive into the code, ensure you have: Python 3.10+ LangChain & LangGraph installed ( pip install langgraph langchain_openai ) Notion Integration Token (with access to your workout database) HealthKit SDK (Note: Since we are in a Python environment, we'll simulate the HealthKit fetcher, though in a real-world scenario, this would be bridged via a FastAPI endpoint from an iOS app). St
AI 资讯
Summary — Your Next Steps as an AI Architect
What We Built in This Guide In the previous guide, we went from RAG to cloud deployment. In this guide, we systematically implemented everything needed to take that system to production . evals/ dataset.py # Evaluation dataset eval_rag.py # Context Recall · Relevancy · Faithfulness observability/ traced_rag.py # RAG pipeline tracing with @observe() (Langfuse v4) traced_agent.py # Trace each Agent step security/ input_validator.py # Prompt injection detection output_validator.py # PII masking and leakage detection guardrails.py # Rate limiting, security log integration secure_rag.py # RAG with guardrails llmops/ prompt_registry.py # Prompt version management (v1.0–v1.2) ci_eval.py # Quality gate (Overall ≥ 75% to deploy) cost_tracker.py # API cost tracking finetuning/ prepare_dataset.py # Convert to Alpaca format train_lora.py # LoRA fine-tuning (r=8, 2 min on CPU) inference.py # Compare with base model multiagent/ search_worker.py # Search specialist worker quality_worker.py # Quality check specialist worker orchestrator.py # Task decomposition and result integration 14_multiagent.py # Execution script governance/ ai_registry.py # AI system inventory risk_assessor.py # Risk assessment (score 0.18 → LOW) audit_logger.py # Audit log (Article 12 compliant) compliant_rag.py # RAG with AI disclosure (Article 50 compliant) Key Design Decisions from Each Chapter Chapter 2: Evals Combining rule-based (Context Recall, Answer Relevancy) with LLM-as-a-Judge (Faithfulness) strikes the right balance between speed, cost, and coverage. Chapter 3: Observability (Langfuse v4) Adding @observe() decorators is all it takes to start recording traces. The critical v4 change: you must call get_client() after load_dotenv() . Chapter 4: Security Defense in Depth is the principle: Input validation → System prompt → Output validation → Rate limiting — four layers of protection. Chapter 5: MLOps / LLMOps On every push to GitHub, Evals run automatically. Only when the quality threshold (Overall
AI 资讯
AI Governance — EU AI Act Compliance, Risk Assessment, and Audit Logging
Introduction Through Chapter 7 (Multi-Agent) , we have a complete, functioning AI system. The final step is building organizational infrastructure to operate AI safely over time. [Before] Technical safety Security → Block malicious input Evals → Measure quality [Now] Organizational / regulatory safety Governance → Know what AI systems are in use Risk mgmt → Classify and assess risks Audit logs → Record who did what, when EU AI Act → Regulatory compliance EU AI Act Status (as of June 2026) The EU AI Act came into force on August 1, 2024, with full enforcement on August 2, 2026 . Transparency rules (disclosing when users are interacting with AI, labeling AI-generated content) also take effect on that date. AI systems are classified into three risk tiers: Risk Level Description Examples Prohibited Not permitted Social scoring, manipulative AI High Risk Strict regulation Hiring, credit scoring, law enforcement Limited Risk Transparency obligations Chatbots, AI-generated content Minimal Risk No regulation Spam filters, game AI Our RAG system's classification: Limited Risk (chatbot). We are required to disclose to users that they are interacting with AI. Directory Structure pgvector-tutorial/ ├── existing files └── governance/ ├── ai_registry.py # ★ AI system inventory ├── risk_assessor.py # ★ Risk assessment ├── audit_logger.py # ★ Audit logging └── compliant_rag.py # ★ Governance-compliant RAG 1. AI System Inventory — governance/ai_registry.py Most organizations lack a systematic inventory of their AI systems, making risk classification and compliance planning difficult. Knowing what you have is the essential first step. # governance/ai_registry.py """ AI system inventory Centrally manage all AI systems in use across the organization. Forms the foundation for technical documentation required by EU AI Act Annex IV. """ from datetime import datetime from dataclasses import dataclass , asdict from enum import Enum class RiskLevel ( Enum ): UNACCEPTABLE = " prohibited " HIG
开发者
Automating Security in Python: A Hands-On Guide to SAST with Bandit and GitHub Actions
Introduction In today's fast-paced development cycles, security can no longer be an...
AI 资讯
Database Indexing and Query Optimization for Python Developers
Introduction Fixing N+1 queries with select_related / prefetch_related or selectinload (see the previous post ) gets you down to a small, sane number of queries per request. The next bottleneck is what each query costs once the table has millions of rows — and that is almost always about indexing. An index turns "scan every row" into "look it up directly." Skip it, and a query that's instant in development takes seconds once real data volume shows up in production. How Indexes Work: The B-Tree Intuition Without an index, a WHERE clause forces a sequential scan : the database reads every row and checks the condition — O(n) , cost grows linearly with table size. An index is a separate, sorted structure (almost always a B-tree ) mapping column values to row locations. Because it's sorted and balanced, finding a value is a tree walk: O(log n) . On a 10-million-row table, that's the difference between reading 10 million rows and roughly 23 tree nodes. This isn't free: Writes get slower — every INSERT / UPDATE / DELETE on an indexed column also updates the index. Storage grows — each index is a sorted copy of (part of) the data. An index trades write cost and storage for read speed. Indexing a column you rarely filter or sort on is pure cost, no benefit. Reading Query Plans: EXPLAIN ANALYZE Postgres' EXPLAIN ANALYZE shows what the planner actually did, not an estimate. Before an index , filtering orders by customer_id : EXPLAIN ANALYZE SELECT * FROM orders WHERE customer_id = 48291 ; Seq Scan on orders (cost=0.00..21453.00 rows=42 width=96) (actual time=0.021..118.442 rows=41 loops=1) Filter: (customer_id = 48291) Rows Removed by Filter: 1199959 Planning Time: 0.112 ms Execution Time: 118.471 ms Seq Scan means Postgres read all ~1.2 million rows and discarded all but 41. actual time is real elapsed time — 118ms for one lookup. After CREATE INDEX idx_orders_customer_id ON orders (customer_id); : Index Scan using idx_orders_customer_id on orders (cost=0.42..8.53 rows=42 wid
AI 资讯
Testing Best Practices in Python
Introduction Python's testing tools are lightweight enough that it's easy to write a lot of tests without writing good ones. A suite that mocks every collaborator, duplicates the same assertion ten times with different inputs pasted in by hand, or chases a coverage number will pass in CI and still miss real bugs. pytest gives you fixtures, parametrize , and monkeypatch — the tools that make it just as easy to write the right tests as the wrong ones. This post covers how to use them well. Test at the Right Level: the Pyramid Not every test should look the same. The test pyramid is a rough guide to where your effort should go: Unit tests — the bulk of the suite. Pure functions and classes, no I/O, no real database. Milliseconds each. Integration tests — fewer of these. Verify the seams : does your ORM query actually produce correct SQL against a real database, does your HTTP client actually parse a real response. End-to-end tests — a handful. Cover the critical flows through the whole stack, accepting they're slower and more brittle. # Unit — pure logic, no database, no framework def test_applies_ten_percent_discount_for_orders_over_100 (): calculator = DiscountCalculator () total = calculator . apply ( order_total = 150.0 ) assert total == pytest . approx ( 135.0 ) # Integration — the seam that matters: our query against a real database import pytest @pytest.fixture def db_session ( postgres_container ): # real Postgres in a test container, not mocked with postgres_container . session () as session : yield session def test_finds_orders_placed_in_the_last_week ( db_session ): db_session . add ( Order ( id = " ord-1 " , placed_at = datetime . now ( UTC ))) db_session . commit () recent = order_repository . find_recent ( db_session , within = timedelta ( days = 7 )) assert len ( recent ) == 1 A unit suite that never touches a database runs in seconds and catches most logic bugs. A handful of integration tests catch what only shows up at the boundary — the query that's s
开源项目
🔥 huggingface / speech-to-speech - Build local voice agents with open-source models
GitHub热门项目 | Build local voice agents with open-source models | Stars: 5,273 | 162 stars today | 语言: Python
开源项目
🔥 ai-boost / awesome-harness-engineering - Awesome list for AI agent harness engineering: tools, patter
GitHub热门项目 | Awesome list for AI agent harness engineering: tools, patterns, evals, memory, MCP, permissions, observability, and orchestration. | Stars: 2,669 | 125 stars today | 语言: Python
开源项目
🔥 google / adk-python - An open-source, code-first Python toolkit for building, eval
GitHub热门项目 | An open-source, code-first Python toolkit for building, evaluating, and deploying sophisticated AI agents with flexibility and control. | Stars: 20,444 | 16 stars today | 语言: Python
开源项目
🔥 jiji262 / douyin-downloader - A practical Douyin downloader for both single-item and profi
GitHub热门项目 | A practical Douyin downloader for both single-item and profile batch downloads, with progress display, retries, SQLite deduplication, and browser fallback support. 抖音批量下载工具,去水印,支持视频、图集、合集、音乐(原声)。免费!免费!免费! | Stars: 8,465 | 61 stars today | 语言: Python
开源项目
🔥 hesreallyhim / awesome-claude-code - A hand-picked collection of the finest of resources for the
GitHub热门项目 | A hand-picked collection of the finest of resources for the most awesome of agents, Claude Code, the undisputed champion of coding companions, from the unstoppable team at Anthropic PBC. A delectable showcase of top tier skills, ambidextrous agents, scintillating status lines, top notch developer tooling, and also we have plugins | Stars: 47,975 | 100 stars today | 语言: Python