今日已更新 215 条资讯 | 累计 21081 条内容
关于我们

标签:#rce

找到 1496 篇相关文章

AI 资讯

I Pointed a Skill Linter at a 52k-Star Repo. Here Is What 84/100 Looks Like.

Every AI agent skill you write burns context on every turn. Not just when the skill is running. On every turn. The agent keeps each skill's name and description loaded permanently so it knows when to invoke them. A vague description is not just a documentation problem. It is a tax you pay per message, forever. That is the problem I built skillscore to catch. When addyosmani/agent-skills hit 52,000 stars and went to #1 trending on GitHub, I had my benchmark. 24 production-grade skills written by people who clearly know what they are doing. If a static linter has anything useful to say at this level, this is where to find out. So I ran it. One command. 24 skills. Two seconds. This is what skillscore 0.2.0 can do now: skillscore /path/to/agent-skills/ One command scores everything in the tree. Here is the output: Three skills from addyosmani/agent-skills scored in one command, then a drill-down into the lowest scorer. The full results Skill Score Grade spec-driven-development 91 A browser-testing-with-devtools 91 A deprecation-and-migration 91 A frontend-ui-engineering 91 A test-driven-development 88 B code-review-and-quality 88 B interview-me 86 B ci-cd-and-automation 85 B code-simplification 85 B context-engineering 85 B documentation-and-adrs 85 B incremental-implementation 85 B security-and-hardening 85 B shipping-and-launch 85 B source-driven-development 85 B using-agent-skills 85 B doubt-driven-development 80 B observability-and-instrumentation 80 B planning-and-task-breakdown 80 B api-and-interface-design 78 C debugging-and-error-recovery 77 C git-workflow-and-versioning 77 C idea-refine 77 C performance-optimization 77 C Average: 84/100 (B) To be clear: 84 across 24 production skills is excellent. No failures. No D grades. Most skill libraries I have tested do not get close to this. The instruction content inside these skills is genuinely good. What the linter found is at the edges, not in the core. Two gaps. Five skills. Every single C. I drilled into all five

2026-06-13 原文 →
AI 资讯

AI should do the implementation. You should own the decisions.

The default for AI-assisted development is one of two failure modes. Either you're babysitting the agent line by line — approving each diff, re-explaining context it dropped three messages ago — or you've handed it the wheel and you're hoping the PR that lands at the end resembles what you asked for. Son of Anton is neither. It's a delivery orchestrator built on a single claim: there are exactly three moments where a developer's judgment is irreplaceable. The orchestrator owns everything in between. The three gates Every project moves through three human decision points. Nothing important happens without you signing off. Gate 01 — Approve the WHAT ( /soa plan ) A grill-me session forces the AI to surface its assumptions, constraints, and scope decisions back to you before a single ticket exists. You say yes or you refine. It does not proceed until you have. Gate 02 — Approve the HOW ( /soa decompose ) The approved plan becomes a ticket stack — ordered, dependency-aware, sized for review. Architectural judgment stays with you. Ticket authorship goes to the agent. Gate 03 — Approve DONE ( /soa closeout ) An adversarial subagent reviews every ticket before its PR opens. When the phase is complete, you decide whether to accept. Closeout squash-merges the stack onto main. Nothing merges without you. Between the gates, you are not needed That's the whole point. Once you've approved the plan and the tickets, the orchestrator runs the loop:

2026-06-13 原文 →
AI 资讯

Show HN: NeuralBridge - Self-Healing SDK for LLM-Powered AI Agents

Show HN: NeuralBridge — We Built a Self-Healing SDK for LLM-Powered Agents After months of production experience running LLM calls at scale, we realized something uncomfortable: every AI agent eventually crashes . Not because the code is wrong, but because LLM APIs fail in ways you can't predict. Timeouts. Rate limits. Empty responses. Schema violations. Drift. These aren't edge cases — they're the norm. So we built NeuralBridge: an embedded SDK that makes LLM calls self-healing. The Problem Try running 100,000 LLM calls through any single provider. You'll see: 2-5% failure rate from timeouts and 5xx errors Rate limits that cascade through your pipeline Schema violations when models change behavior Provider-specific quirks that require custom error handling 30-200ms of unnecessary latency from gateway proxies Most teams solve this by building their own retry logic, circuit breakers, and fallback chains. It works — until it doesn't. Because the next failure is always the one you didn't anticipate. Our Approach: Embedded Self-Healing Instead of a gateway (which adds latency and infrastructure), we embedded the reliability logic directly into the SDK: from neuralbridge import SelfHealingEngine engine = SelfHealingEngine () result = engine . call ( " Write a Python function for binary search " ) if result . recovered : print ( f " Fault: { result . diagnosis } " ) print ( f " Recovery: { result . recovery_action } " ) When a call fails, the engine: Diagnoses the fault type in ~19us (P50) Escalates through 4 layers: retry -> degrade -> failover -> learned rule Validates the output across 5 dimensions Learns from the experience for next time Production Results Metric Value Auto-recovery rate 84.1% of faults Fault patterns recognized 280+ Recovery strategies 30+ Learned rules (flywheel) 88+ Diagnosis latency 19us P50 Install size 375 KB Why Open Source? We went Apache 2.0 because reliability infrastructure should be a commodity. The SDK is free and open. Pro features (ente

2026-06-13 原文 →
AI 资讯

NeuralBridge: Self-Healing SDK for LLM-Powered AI Agents - Getting Started in 5 Minutes

What is NeuralBridge? NeuralBridge is an embedded SDK (not a gateway) that makes your AI agents resilient against LLM failures. It runs inside your Python process — zero infrastructure, zero HTTP proxy, one dependency. pip install neuralbridge-sdk Your First Call import neuralbridge as nb result = nb . run ( " Explain quantum computing in one sentence " ) print ( result . text ) That's it. NeuralBridge auto-discovers your API keys from environment variables and handles multi-provider routing, self-healing, and drift detection automatically. What Makes It Different? Self-Healing Engine — When an LLM call fails (timeout, rate limit, bad response), NeuralBridge doesn't just retry. It diagnoses the fault type, degrades gracefully, fails over to another provider, and learns from the experience. from neuralbridge import SelfHealingEngine engine = SelfHealingEngine () result = engine . call ( " Write a Python function for binary search " ) print ( result . flight ) # Shows diagnosis, recovery action, latency print ( result . recovered ) # True if self-healing was activated 84.1% of production faults are auto-recovered. 19us diagnosis time P50. Why Not a Gateway? Every gateway (LiteLLM, etc.) adds 30-200ms of network latency. NeuralBridge runs in-process, adding zero additional latency. Approach Latency Dependencies Deployment Gateway (LiteLLM) +30-200ms Docker + PostgreSQL Ops team SDK (NeuralBridge) +0ms 1 (httpx) pip install Key Features 4-Layer Self-Healing : L1 retry -> L2 degrade -> L3 failover -> L4 flywheel 5-Dimension Validation : JSON Schema, semantic, entity, taboo, composite Multi-Provider Routing : DeepSeek, OpenAI, Anthropic, and 12+ more Drift Detection : Catch model regressions before users do Carbon Tracking : Per-provider carbon footprint per call Open Core : Apache 2.0 license, 375 KB install size See It in Action import neuralbridge as nb result = nb . run ( " Hello " , providers = [ " openai " , " deepseek " ]) print ( f " Used provider: { result . prov

2026-06-13 原文 →
AI 资讯

What Nobody Told Me About Maintaining an Open Source Project

I am a solo learner. I started coding last year with the help of AI and sometimes without any tutorials or courses. At first, I thought this journey would be easier. But soon I realized something important — no AI or tool can fully solve the real problems I was facing as a developer. I used AI a lot. It explained things with confidence and even provided code. But when I ran that code in my terminal, many times it didn’t work. That’s when I understood something important: AI can guide, but it cannot replace understanding. After facing these issues, I changed my way of learning. Instead of blindly trusting AI, I started: Finding real open-source projects Studying how they were built Listing important topics from those projects Reading documentation carefully Asking AI to explain specific lines of code This helped me understand real-world code better. From this learning journey, I realized something: I should also build my own open-source projects. At first, I believed that creating a powerful project could automatically bring attention and users. But I was wrong. I made a mistake — I was not active on any platform. I was just coding inside VS Code, without communication or sharing my work anywhere. Then I realized: Being a developer is not only about coding. Visibility and communication are also important. After that realization, I started being active on platforms like Dev.to, LinkedIn, and other developer communities. I started posting my work and sharing my progress. Even though I didn’t get many comments, I started getting reactions and engagement. That small feedback gave me motivation. From this journey, I learned something important: Open source is not only about code. It is about helping other developers, sharing knowledge, and being consistent and visible. A developer should not only code silently but also participate in the community. Now I understand that coding is only one part of being a developer. Community, communication, and consistency are equally imp

2026-06-13 原文 →
AI 资讯

Your agent finished at 3 a.m. Where did the report go?

Overnight agents do good work, then dump it in a log file or a noisy Slack channel. Here's a pattern for delivering their output to a private, end-to-end encrypted inbox you read with your coffee. You point an agent at a nightly job — audit the dependencies, summarize yesterday's support tickets, check the infra, scan the repo for regressions. It runs at 3 a.m. and does good work. Then the work goes... where? Usually one of three bad places: A log file you'll never open. A Slack channel that's already 200 messages deep by the time you wake up. A plaintext file on a server , which is fine until the report contains a leaked key, a customer name, or a security finding — and now it's sitting in cleartext on a box you don't fully trust. And the fix you'd reach for first — "just email the report to me" — is the one that bites hardest. You can do it cleanly: a locked-down, send-only API key sends mail and nothing else. But the path of least resistance is "connect your email account," and that grant is far wider than the job needs — now the agent can read and send your mail, not just hand you a file. I learned this the hard way. I once connected an agent to my email so it could send me updates — and it took that as license to start replying to my incoming messages on its own, without my ever asking. Mail went out under my name that I never wrote. The job was "send me a file." The access I'd handed over was "run my inbox." The work is good. The delivery is the broken part. Here's a pattern that fixes it: your overnight agent delivers its report to a private, end-to-end encrypted inbox, and you read it with your coffee — decrypted in your browser, with a passkey. What we're building cron, 3 a.m. ↓ agent does the work ↓ encrypted delivery ↓ your inbox (read at 8 a.m.) The agent produces a report (Markdown, PDF, a CSV, whatever), hands it to the Agent Relay CLI, and the CLI encrypts it locally before it ever leaves the machine. The server stores only ciphertext. When you open t

2026-06-13 原文 →
AI 资讯

How I Fixed Bugs in 30+ Open Source Projects (And What I Learned)

How I Fixed Bugs in 30+ Open Source Projects (And What I Learned) Over the past few months, I've been contributing to open source as an independent developer. No big company backing, no team — just me, a laptop, and a lot of caffeine. Along the way, I've submitted pull requests to 30+ repositories across the Python, JavaScript, TypeScript, and Rust ecosystems. Here's what I learned from the process — the good, the bad, and the "I wish someone told me this earlier." Why Contribute to Open Source? Let's get the obvious out of the way: it's not about the money (at least not directly). Most bounties pay $50-$500, and you'll spend 10-20 hours on a single PR if it involves deep codebase exploration. The real value is: Reputation — Each merged PR is a public signal that you can read, understand, and improve other people's code Learning — You'll see how major projects are structured, tested, and maintained Network — Maintainers remember helpful contributors. Jobs come from these relationships Scratching your own itch — Fix a bug that annoys you? Everyone benefits My Process: Finding Good Issues Step 1: Pick the Right Projects Not all projects are equally welcoming to new contributors. Here's my filter: Signal Good ✅ Bad ❌ Response time < 7 days > 30 days or never Issue labels good first issue , help wanted None CI/CD Green, fast builds Broken, 30min+ builds PR merge rate > 60% of open PRs merge < 20% merge Step 2: Find Issues You Can Actually Fix I look for: Bug reports with clear reproduction steps — Someone already did the hard work of identifying what's wrong Issues labeled easy-fix or similar — The maintainer thinks it's approachable Issues in domains I know — Don't pick a C++ compiler bug if you've never written C++ Step 3: Before Writing Code This is where most beginners fail. Don't start coding yet! Read the CONTRIBUTING.md — Every project has different style, commit message format, and PR requirements Look at recent merged PRs — What do good PRs in this project look

2026-06-13 原文 →
AI 资讯

How We Cut Magento Checkout Drop-off by 34% with a React Frontend

When a Magento store feels slow, merchants usually notice it first on the homepage. When revenue actually slips, we usually find the damage deeper in the funnel. That was the case on a recent mid-market Magento 2 build we inherited. Product pages were acceptable. Search worked. But checkout analytics told a different story. Mobile users were stalling after address entry, re-clicking shipping methods, and abandoning before payment finished rendering. The merchant described it in business terms: "traffic is fine, but checkout feels fragile." They were right. The store was running a fairly typical Magento checkout stack: Luma fallback checkout, several shipping customizations, two payment methods, tax recalculation on step changes, and a handful of third-party scripts that had quietly accumulated over time. Together, they created a familiar Magento problem: too much JavaScript, too many render passes, and too much waiting on the highest-stakes route in the store. Over a 90-day measurement window after launch, checkout completion improved by 34%. Mobile completion improved by 39%. Lab metrics got much better immediately, and field metrics followed. This article covers why we chose React instead of Hyva Checkout, how we implemented the frontend, what moved the numbers, and what we would do differently next time. The problem with Magento's default checkout Magento's default Luma checkout is functional, but performance is rarely its strength. The architecture was designed around Knockout.js components, RequireJS modules, and a lot of UI behavior being layered in over time. Once a real merchant adds shipping estimation, fraud tooling, tax logic, payment widgets, analytics, and address validation, the route becomes busy in all the wrong ways. In this project, our baseline looked like this on a throttled mobile profile: Metric Before (Luma checkout) After (React checkout) Initial checkout route payload 1.8 MB transferred 486 KB transferred LCP 4.2s 1.1s INP 280ms 92ms CLS 0.1

2026-06-13 原文 →
AI 资讯

The Chicago Magento Agency's Guide to Hyvä Theme Migration

We've been a Magento agency in Chicago since 2008. When Hyvä Themes hit the ecosystem, we were skeptical—another theme promise. Then we measured Core Web Vitals on client stores and the case became obvious: Hyvä is the most practical path to a fast Magento storefront without a full replatform. This is the migration framework we use at Towering Media for US and Canadian merchants moving off Luma (or aged custom frontends) onto Hyvä. Why Hyvä now (not next year) Google's CWV thresholds affect ad quality and organic visibility. Luma checkout and catalog pages often ship 1.5–2+ MB of JavaScript before you add analytics, chat, and personalization. Hyvä replaces Knockout/RequireJS on the storefront with Alpine.js and Tailwind. Typical results on our projects: 50–70% less frontend JS on category and product pages LCP improvements of 1–3 seconds on mobile field data (highly variable by hosting and images) Lower maintenance — fewer JS conflicts between theme and extensions Delaying migration means paying for performance twice: once in emergency fixes, again in the eventual theme project. Phase 1: Discovery (1–2 weeks) Extension audit List every module that touches the frontend: bin/magento module:status | grep -v "Module is disabled" Flag anything with view/frontend , RequireJS , or Knockout in: Layered navigation and search Checkout and cart Page Builder widgets Blog and CMS enhancements Hyvä maintains a compatibility module ecosystem; unsupported extensions need replacements or custom Hyvä templates. Towering Media includes extension compatibility mapping in every Hyvä migration engagement. CWV baseline Capture before metrics from: Google PageSpeed Insights (origin-level) Chrome UX Report for key templates: home, category, product, cart Real-user monitoring if the client has it (GA4, SpeedCurve, etc.) Store screenshots. Stakeholders forget how slow the old site felt. Business constraints Document: Peak seasons (do not launch in November without war room

2026-06-13 原文 →
AI 资讯

Why We Rebuilt Our Magento Checkout with React: Performance Results

Magento's default Luma checkout loads a heavy Knockout.js stack, dozens of RequireJS modules, and payment iframes that fight for the main thread. For merchants where checkout is the conversion bottleneck, shaving seconds off load and interaction time pays back faster than another homepage hero image. We rebuilt checkout in React— React Checkout Pro —for Magento 2 and Hyvä stores that needed Shopify-like speed without leaving Adobe Commerce. Here is what we measured, what surprised us, and what we would do differently. The problem: checkout is where Core Web Vitals go to die Homepage optimizations are table stakes. Checkout is different: More JavaScript. Payment methods, validators, shipping step observers, and third-party scripts stack on one route. More layout shift. Address suggestions, shipping method lists, and tax updates re-render large DOM regions. More input delay. Autocomplete plugins, reCAPTCHA, and BNPL widgets compete on keydown handlers. On a representative Luma checkout (mid-size US retailer, ~80 SKUs in catalog, 4 payment methods), lab tests before migration showed: Metric Luma checkout (before) React checkout (after) LCP (lab, 4G) 4.8s 2.1s INP (field interaction) 320ms 95ms CLS (full flow) 0.18 0.04 JS transferred (checkout route) ~1.9 MB ~420 KB Time to interactive (est.) 6.2s 2.8s Field data from CrUX lagged lab wins by 4–6 weeks but trended the same direction once cache and CDN rules settled. Your numbers will differ. The pattern we see repeatedly: the biggest win is shipping less JavaScript to checkout , not micro-optimizing the JavaScript you keep. Architecture: React island, Magento brain We did not headless the entire storefront. Magento still owns: Quote totals and tax calculation Shipping rate requests Payment tokenization and order placement APIs Customer session and cart persistence React owns the UI layer: step navigation, form state, validation UX, and optimistic updates while Magento APIs catch up. High-level flow: Browser → React Chec

2026-06-13 原文 →
AI 资讯

No Suggest - distraction-free YouTube client

I have been frustrated with YouTube for a while. Not the content, but the everything around it. The homepage full of bait, the auto-play into things I didn't ask for, the Shorts that hijack your scroll, the recommendations that somehow know exactly what will keep you there longest. So I built NoSuggest. What it is A YouTube feed reader that shows you only the channels you follow, nothing else. No algorithm, no recommendations, no Shorts, no homepage, no auto-play, no endless side cards of videos. You add a channel, it fetches their latest videos, done. It lives at nosuggest.com and installs as a PWA on any device — iPhone, Android, desktop — straight from the browser. No app store. The interesting technical constraint: one HTML file The entire app is a single index.html. No account setup, no sign-in, no data collection. Everything that needs to persist — your channel list, saved videos, settings — lives in localStorage. No search history. No watch history. No "you might also like." No trending section. No notification badges designed to create anxiety. No dark patterns anywhere. Every time I was tempted to add something convenient, I asked: does this serve the user's intention, or does it serve engagement? If it was the latter, it didn't make the cut. Try it nosuggest.com — Source Available here , free forever. Curious what others think about this as useful. Thank you.

2026-06-13 原文 →
AI 资讯

Shopify GraphQL Pagination: How to Handle Large Datasets Without Slowing Down Your App

When you build Shopify apps or integrations, pagination becomes important very quickly. A small test store may have a few products and orders. A real merchant store can have thousands of products, variants, orders, customers, inventory items, metafields, and fulfillment records. You cannot fetch all of that data in one Shopify GraphQL request. You need pagination. More importantly, you need pagination that performs well. Poor Shopify GraphQL pagination can create slow syncs, API throttling, timeout errors, duplicate processing, and incomplete exports. This post explains how Shopify GraphQL pagination works and how to handle large Shopify datasets in a practical way. What Shopify GraphQL Pagination Solves Pagination lets your app retrieve data in smaller chunks. Instead of asking Shopify for 50,000 products at once, your app asks for 100 or 250 products per request. Shopify returns the data and gives your app information about the next page. This protects your app from huge responses and protects Shopify from heavy requests. It also gives your integration more control over retries, progress tracking, and background processing. Shopify Uses Cursor-Based Pagination Shopify GraphQL uses cursor-based pagination. That means you do not request data using page numbers. You request the next page using a cursor from the previous response. A basic product pagination query looks like this: query GetProducts ( $cursor : String ) { products ( first : 100 , after : $cursor ) { nodes { id title handle updatedAt } pageInfo { hasNextPage endCursor } } } The first time you run this query, pass cursor as null. Shopify returns the first 100 products and gives you an endCursor . Use that endCursor as the after value in the next request. Keep doing this until hasNextPage is false. Why Cursors Work Better Than Page Numbers Offset pagination usually works like this: page=1 page=2 page=3 or: offset=5000&limit=100 This approach becomes inefficient when datasets grow. The system may need to sk

2026-06-13 原文 →