今日已更新 386 条资讯 | 累计 20358 条内容
关于我们

标签:#rce

找到 1450 篇相关文章

AI 资讯

Codegarden 2026 - a little late, because it gave me something to build

A few weeks ago I was in Copenhagen for my first Codegarden, and one quiet thought has stuck with me since. It didn't come from a keynote. It came from the bit the keynote leaves out. I've worked with Umbraco for years, but I'd never been to Codegarden, and I turned up without much of a fixed idea of what the two days would be. I kept that open on purpose. I wanted to take it in rather than measure it against something I'd decided in advance. What struck me most was that the value came from two places at once. The sessions were a fantastic source of inspiration; everything from keynotes to guest speakers all seemed to resonate in some way or another. The conversations in between the sessions - drifting around the event space and finding common ground with anyone and everyone - proved just as valuable. I came home more energised than I've been in a while, with a notebook full of half-formed ideas and a better feel for the community I'm part of. But the thing I kept turning over afterwards was that bit the keynote leaves out. That's what I want to write about. The easy half and the hard half Every major Umbraco release gets the same treatment. A polished keynote, a clean demo, a feature that looks effortless on stage. There's plenty in 18, and which part matters most depends on what you're building. For me it's Elements: a new Library section where you manage reusable content and reference it through a new element picker. Create once, use everywhere. It's a genuinely good direction. Reusable content has lived awkwardly in the content tree for years, and Library finally gives it a proper home. What the demos don't show you is the part I've been playing around with for the past few weeks. Taking a real Umbraco 17 site, with content pickers threaded through block lists, block grids, rich text blocks and base document properties, and getting all of it to point at the new Library without an editor ever noticing anything moved underneath them. The feature is the easy half.

2026-07-01 原文 →
AI 资讯

Building an Identity System for AI Agents: AgentCard and Work Records

Here's a scenario that plays out in engineering teams every day: you spin up a conversation with an AI tool to analyze some code, get a useful response, copy-paste the output, and close the tab. An hour later, you need a follow-up analysis — and you're starting from scratch. No context, no history, no continuity. Now multiply that by five tools running in parallel. ChatGPT for drafting, Claude for analysis, Copilot for code, a local model for sensitive data, maybe a custom agent for domain-specific tasks. The outputs are scattered across browser tabs, Slack threads, and clipboard history. Nothing connects. The AI tools themselves are capable enough. What's missing is the infrastructure to treat them as actual team members — with identities, workspaces, and accountability. The Identity Problem Every AI interaction today is anonymous. You talk to "the model," it responds, the session ends. There's no persistent identity, no accumulated context, no track record. This works fine for one-off questions. It breaks down the moment AI needs to participate in a sustained workflow — the kind where you need to know who did what, when, and how well. We've been building an open-source project called Octo (Apache 2.0, GitHub ) that approaches this problem by giving AI agents a proper identity system. In Octo, each AI agent is a Bot — a first-class entity with a name, a creator, a capability card, and a work history. A Bot isn't a chatbot wrapper. It's a structured identity: Creator binding : Every Bot is created by a human user and inherits a scoped subset of that user's permissions. The Bot acts on behalf of its creator, not autonomously. AgentCard : A structured capability declaration — what the Bot can do (coding, analysis, translation, design), at what level, in what domains, and with what constraints. Think of it as a resume that other team members can inspect before assigning work. Work history : Every task a Bot participates in gets recorded — completion status, quality sco

2026-07-01 原文 →
AI 资讯

I Made TS Compiler Graph MCP: 10x Fewer Tokens in Claude Code

TL;DR codegraph , codebase-memory-mcp , and serena all got there first, handing a coding agent code intelligence over MCP so it stops grepping. On my own open-ended questions the token bill didn't budge: the agent kept sliding back to grep, and no amount of forceful prompting could stop it. So I built @ttsc/graph . It gives the agent an index the TypeScript compiler already resolved, never the source bodies, through a single tool with a forced chain-of-thought. On "how does this work?" questions that works out to roughly 10× fewer tokens, and the answers are no worse. That figure is a median, and a conservative one. Repository: https://github.com/samchon/ttsc Benchmark: https://ttsc.dev/docs/benchmark/graph 1. Preface 1.1. What @ttsc/graph Is On the left, the agent is lost in a maze of files, chasing dashed arrows dozens deep. On the right, it's reading a single compiler-built graph of nodes and edges, with the file:line anchors it can open and check. You're new to a TypeScript repo, so you ask the agent for a tour: what's the main runtime flow, from the public API down to the code that does the work, and what should you read first? You know how it goes. It opens a file, follows an import into another, then another, and a few dozen files later it gives you an answer. @ttsc/graph cuts that crawl short. Over MCP, it hands your agent a graph of your TypeScript codebase that the compiler itself drew: what calls what, what depends on what, and where each piece lives. The agent answers structural questions straight from the graph instead of spelunking through files, and every claim it makes points at an exact file:line the compiler resolved. Nothing invented, just a location you can open and check for yourself. It's the same question and the same agent in every case, and only @ttsc/graph stays flat across the repos no matter how big they get. The other three, codegraph, codebase-memory, and serena, swing all over the place, and a few even spend more than the baseline does

2026-07-01 原文 →
AI 资讯

Introducing correctover-patronus: 6-Dimensional Verification for Patronus AI

The Problem LLM evaluation tools like Patronus AI excel at hallucination detection, toxicity checks, and semantic relevance. But they don't catch the structural failures: A JSON response missing required fields A function call with malformed parameters Output that violates schema constraints Latency budget overruns silently degrading UX Cost explosions from runaway token usage These aren't hallucinations. They're verification failures. The Solution correctover-patronus is an adapter that runs Correctover's 87 deterministic verification rules as native Patronus evaluators. Every verdict comes with a recomputable proof hash — meaning you can verify the verifier. pip install correctover-patronus The 6 Dimensions Dimension What It Checks Example Structure Output format validity JSON parses correctly Schema Field presence & types Required fields exist Identity Semantic relevance to input Response addresses the question Integrity Forbidden pattern absence No Tracebacks or error messages Latency Response time budget Under 30s threshold Cost Token usage budget Under 10k token limit Usage Full 6-Dimension Verification from correctover_patronus import CorrectoverEvaluator , CorrectoverConfig config = CorrectoverConfig ( min_confidence = 0.7 , latency_rules = { " max_ms " : 5000 }, cost_rules = { " max_tokens " : 4000 } ) evaluator = CorrectoverEvaluator ( config = config ) result = evaluator . evaluate ( task_input = " Summarize this article... " , task_output = " The article discusses... " , task_context = { " source " : " article " , " word_count " : 1500 } ) print ( f " Overall: { result . score : . 2 f } ( { ' PASS ' if result . pass_ else ' FAIL ' } ) " ) print ( f " Proof hash: { result . metadata [ ' proof_hash ' ] } " ) for dim , info in result . metadata [ ' dimensions ' ]. items (): print ( f " { dim } : { info [ ' status ' ] } (score= { info [ ' score ' ] : . 2 f } ) " ) Individual Dimensions from correctover_patronus import correctover_structure , correctover_inte

2026-07-01 原文 →
AI 资讯

I Built 5 Free AI Tools That Replace $200/month in SaaS Subscriptions

The Subscription Fatigue is Real I was paying $47 for ChatGPT Plus, $29 for Jasper, $19 for Grammarly, $16 for Copy.ai, and $15 for an SEO tool. That's $126/month just for AI writing tools. So I built my own. Five tools, one dashboard, completely free to start. Here's how each one works and what it replaces. 1. AI Content Writer (Replaces Jasper, Copy.ai — $66/month combined) The content writer generates blog posts, articles, product descriptions, and marketing copy. You pick: Content type : blog post, article, product description, marketing copy, newsletter Tone : professional, casual, friendly, authoritative, humorous, persuasive Length : short (100-200 words), medium (300-500 words), or long (800-1200 words) The key difference from Jasper: no templates, no "brand voice" setup. You just describe what you want and get it. Simpler, faster. 2. AI Email Composer (Replaces Grammarly Business — $16/month) This one handles the emails I hate writing: Cold outreach to potential clients Follow-up emails after meetings Professional inquiries Customer support replies You set the formality level (formal, semi-formal, casual) and urgency. It writes the subject line AND the body. I've used it for 50+ cold emails last month. 3. Social Media Caption Generator (Replaces Later + caption tools — $29/month) Generates 3 caption variations per request. Platform-specific: Instagram : emojis, hashtags, engagement hooks Twitter/X : concise, thread-ready LinkedIn : professional, thought-leadership style TikTok : casual, trend-aware Options for emojis, hashtags, and CTAs are toggleable. You can mix and match from the 3 generated options. 4. AI Code Helper (Replaces GitHub Copilot Chat — $10/month) Five modes: Generate : write code from description Debug : find and fix errors in pasted code Explain : break down complex code Refactor : improve code quality Convert : translate between 20+ languages Supports Python, JavaScript, TypeScript, Java, C++, Go, Rust, SQL, and more. Not as deeply integr

2026-07-01 原文 →
AI 资讯

I built a "context OS" that stops AI agents from drowning in your codebase

The problem every AI coding session hits You open Claude or Copilot, paste in your task, and immediately hit the wall: the codebase is too big. You either: Dump everything and burn 80% of your context window on irrelevant files Hand-pick files and miss the one import that breaks everything Pay for a bigger context window and repeat the problem at scale I got tired of this and built ContextOS — a local CLI that acts as an intelligent context layer between your repo and your AI agent. What it does pip install rm-contextos cd your-project contextos scan contextos pack --task "add rate limiting to the auth endpoint" --budget 8000 Output: a Markdown (or JSON) context pack with only the files that matter for that task — ranked by keyword match, import graph centrality, AST symbol overlap, and git churn. Secrets redacted automatically. Token savings report on every pack: Packed 12 files · ~6,840 tokens · saved ~47,200 tokens (87%) vs full repo How ranking works Five signals combine into a score per file: Signal What it catches Keyword match Files whose content/name overlap with your task Import graph centrality Files that everything else imports (critical shared modules) AST symbol overlap Function/class names, not just grep strings Git churn score Recently modified files are probably active code Secret penalty Credential files silently excluded No LLM calls. No cloud. Fully offline. MCP server (for Claude Desktop / Claude Code) pip install "rm-contextos[mcp]" contextos serve --stdio Register in claude_desktop_config.json and your AI agent can call pack_context , scan_repo , list_files , get_file , churn_report directly as tools — no CLI needed. What's shipped 980 tests, 96% coverage Apache-2.0, no telemetry, no accounts Python 3.11–3.13, Linux + macOS Export formats: Claude, Codex, Cursor, Aider, JSON Incremental scan cache — re-scans only changed files pip install rm-contextos pip install "rm-contextos[mcp]" # + MCP server pip install "rm-contextos[all]" # everything Git

2026-07-01 原文 →
AI 资讯

从思想到工程:FROST 与 FROST-SOP 的双生之旅

从思想到工程:FROST 与 FROST-SOP 的双生之旅 你知道吗?每一个伟大的工程背后,都有一个简单而深刻的起点。 引言:从 500 行到 5000 行的演进 在开源世界里,我们见过太多"大而全"的框架——它们功能丰富,却让人望而生畏。今天我想分享一个反其道而行之的项目: FROST 。 FROST (Fractal Runtime of Orchestrated Skills & Tasks)最初只是一个 500 行的教学框架,用最朴素的代码讲述 Agent 的本质。它的核心哲学只有一句话: 细胞会死,但谱系会存续。Agent 会消亡,但宪法会传承。资产会永存。 而今天我要介绍的,是 FROST 思想"开花结果"后的工程实践—— FROST-SOP ,一个拥有 5000+ 行代码的完整 Agent 工程平台。 FROST:理解 Agent 的钥匙 FROST 不是什么复杂的框架。它的设计哲学是 最小原子集 + 分形宪法 : 四个原子,理解一切 原子 职责 生物学类比 Store 记忆容器,只做 save/load/delete 细胞核 Skill 纯能力单元,无状态无副作用 蛋白质 Agent 膜包裹的细胞,拥有 Store + Skills 神经细胞 SOP 有序步骤列表,可教学、校验、优化 宪法文本 from core import Store , Agent , skill_set , skill_get store = Store () agent = Agent ( " cell " , store , skills = { " set_context " : skill_set , " get_context " : skill_get }) result = agent . run ( sop_steps = [ " set_context " , " get_context " ], initial_context = { " key " : " message " , " value " : " FROST is alive " } ) # result["_result"] == "FROST is alive" 5 行代码,你就能理解整个 Agent 系统的运作原理。这就是 FROST 的魔力—— 用最少的代码,讲述最深的道理 。 五维元模型(V4.0/V5.0) FROST V4.0 引入的五维元模型,将框架从扁平升级为多维度 Agent 编排系统: 武器注册表 :能力的元数据管理与发现 任务注册表 :DAG 任务编排与图谱 SOP 事件编目 :态势感知与双模式事件分析 平台注册表 :外部能力的发现、调用与健康检查 规则注册表 :可版本化的治理约束与合规检查 197 个测试用例保障质量,最新 Release: FROST v5.0.0 FROST-SOP:思想的工程化 FROST 教会我们理解,FROST-SOP 教会我们构建。 事件驱动的 Agent 家族 FROST-SOP 实现了完整的 祖辈 → 父辈 → 子辈 三层递归架构: import asyncio from core.event_bus import get_async_event_bus , Event , EventType from agents.ancestor import create_ancestor from agents.parent import create_parent async def main (): bus = get_async_event_bus () # 创建事件驱动的 Agent 家族 ancestor = create_ancestor ( constitution , asset , event_driven = True ) parent = create_parent ( " parent-1 " , store , event_driven = True , asset_store = asset , sop_id = " DEV-001 " ) # 发布任务,Agent 家族自动响应 await bus . publish ( Event ( event_type = EventType . TASK_CREATED , source = " user " , data = { " task_id " : " task-001 " , " task_description " : " 开发一个用户登录功能 " } )) await asyncio . sleep ( 10 ) asyncio . run ( main ()) 完整的工程特性 特性 说明 19 个内置 Skill

2026-07-01 原文 →
AI 资讯

GitHub Trending Digest — 2026-06-30

GitHub Trending Digest: Optimasi Agent, Parsing Gambar Skala Besar, dan Evolusi Sistem Operasi Selamat datang di edisi digest GitHub Trending minggu ini (30 Juni 2026). Pasar pengembangan perangkat lunak di tengah tahun 2026 menunjukkan pergeseran menarik dari sekadar "membuat model AI lebih pintar" menjadi "membuat sistem AI lebih efisien dan terintegrasi secara mendalam". Tren utama minggu ini didominasi oleh dua tema besar. Pertama, optimasi biaya dan komputasi untuk AI Agents . Kita melihat alat-alat yang berfokus pada pengurangan latency dan peningkatan efektivitas kode yang dihasilkan, dengan filosofi bahwa kode terbaik adalah kode yang tidak perlu ditulis sama sekali. Kedua, kemampuan pemrosesan visual skala enterprise yang melampaui batas konvensi image-to-text tradisional, memungkinkan parsing dokumen kompleks dalam satu langkah ( one-shot ). Di sisi infrastruktur, ada gerakan balik menuju sistem operasi yang minimalis dan deterministik, yang ditunjukkan oleh meningkatnya minat terhadap dokumentasi dan basis kode dari proyek Astrid OS. Berikut adalah lima repository paling populer minggu ini yang merefleksikan tren tersebut. 1. DietrichGebert/ponytail (JavaScript) Star: 68,413 | Tagline: Makes your AI agent think like the laziest senior dev. Repository ponytail telah mengambil alih posisi puncak dengan jumlah bintang yang sangat signifikan. Seperti namanya, alat ini bekerja untuk membuat agen AI berpikir seperti "senior developer termalas" di ruangan tersebut. Filosofi intinya sederhana namun revolusioner: The best code is the code you never wrote (Kode terbaik adalah kode yang tidak pernah Anda tulis). Kenapa Trending? Di era di mana penggunaan LLM untuk generating code sudah menjadi standar, bottleneck baru muncul: hasil generate yang terlalu verbose, kurang efisien, atau bahkan redundan. Ponytail bertindak sebagai lapisan optimasi yang agresif. Alat ini tidak hanya menghasilkan kode, tetapi juga meragukan kebutuhan akan kode tersebut, mencari celah untuk

2026-07-01 原文 →
AI 资讯

Stop re-flagging the same finding — without going silent

A reviewer that flags the same known issue on every run trains you to ignore it. The fix can't be "hide findings," because a tool that silently drops things is worse than one that nags. CommitBrief has two ways to accept a finding and move on — a per-developer baseline and an in-source suppression marker — and both are built so that what they remove is always counted, never quietly swallowed. The interesting part is how a finding keeps its identity when the code around it moves. TL;DR Baseline ( .commitbrief/baseline.json , gitignored): accept the current findings once; later runs drop anything whose fingerprint is already in the file. Inline suppression : a commitbrief-ignore: <reason> comment on or above a line removes that finding — and lives in committed source, so a reviewer sees it. A finding's fingerprint deliberately excludes its line number , so accepting it survives the code drifting up and down the file. Both are TRUE removals — they affect --fail-on and the JSON findings[] , not just the display — and both print what they removed. The limit. The baseline is per-developer, not a shared team policy; it quiets your runs, not CI's. The fingerprint that survives code drift The whole design rests on one question: when is a finding "the same finding" you already accepted? If the answer included the line number, a baseline would evaporate the moment you added an import above the issue. So it doesn't. A finding's identity is three fields, hashed: func normalizeTitle ( title string ) string { return strings . ToLower ( strings . Join ( strings . Fields ( title ), " " )) } func Fingerprint ( f render . Finding ) string { h := sha256 . New () h . Write ([] byte ( f . File )) h . Write ([] byte { 0 }) h . Write ([] byte ( f . Severity )) h . Write ([] byte { 0 }) h . Write ([] byte ( normalizeTitle ( f . Title ))) return hex . EncodeToString ( h . Sum ( nil )) } File, severity, and a normalized title — and nothing else. Line is out, so the same issue keeps its finger

2026-07-01 原文 →