AI 资讯
I Made a Free AI Tool That Plans Your PQQ Responses
If you've ever bid on a public sector contract, you know the PQQ drill. Someone sends you a Word document with 47 questions spread across 6 sections. Company info. Technical capability. Financial standing. Health & safety. References. Maybe something about modern slavery or carbon reporting because it's 2026 and everything has to check everything. You have to: Read every question Figure out what category it falls under Decide which ones are easy and which will take a week Dig up the right evidence for each one Track word limits And you're doing this at 10pm because the submission deadline is Friday. I got tired of doing this manually, so I built a free tool that does it in one click. What it does PQQCheck takes any PQQ document — pasted raw, formatting and all — and runs it through an LLM that understands procurement documents. It returns: Every question extracted — no more re-reading the document to check you didn't miss one Category tags — Technical, Financial, H&S, Insurance, etc. Difficulty ratings — Easy / Medium / Hard at a glance so you know where to start Suggested evidence — what to prepare for each question Word limits — pulled straight from the document Here's what the output looks like: | Question | Category | Difficulty | Suggested Evidence | Limit | |-----------------------------------|-------------|------------|----------------------------|-------| | Provide your registered name & no | Company | Easy | Certificate of Incorporation | 50 | | Describe IT managed services exp | Technical | Hard | 3 case studies + CVs | 500 | | Provide H&S policy | H&S | Easy | Current policy document | — | | ISO 27001 certification details | Technical | Medium | Certificate + scope doc | 200 | Why this matters for procurement teams Most PQQ response planning is reactive. You read the document, start answering, and discover mid-way that a question needs a certificate you don't have or a reference you can't get in time. PQQCheck flips that. You know before you start writing
开发者
CodeNearby 2.0
Tinder for developers! Find coding partners & build together Discussion | Link
AI 资讯
EQK
Mac app with dynamic AI EQ Discussion | Link
AI 资讯
GDPR retention and erasure for an agent mailbox
Most "AI email" demos never think about deletion. The agent reads, replies, files things away, and the inbox just grows. That's fine in a demo. It is a problem the first time a real person emails your agent, because the moment that mailbox holds someone else's name, address, order history, or support complaint, you've taken on a data-protection obligation — and "we kept everything forever" is not a defensible retention policy. An Agent Account on Nylas accumulates personal data you have to be able to purge. It's a mailbox the agent owns — support@yourcompany.com answering to a model instead of a human — and every inbound message lands in it. Under GDPR that data needs two things you can prove: a retention window so it doesn't live forever, and an erasure path so you can delete a specific person's mail when they ask. This post builds both, with the curl and the CLI for each step. A quick, honest caveat before any of it: this is a docs-and-demo walkthrough, not legal advice. The Nylas primitives below cover the mail held in the mailbox . Any derived copy you made — rows in your own database, lines in your application logs, a vector store you embedded the message into — is yours to purge separately. The API can delete the message; it can't reach into your Postgres. Keep that in mind throughout. What the platform gives you Nothing new to learn on the data plane. An Agent Account is just a grant with a grant_id , so everything you already know about Messages and Threads applies directly — listing, reading, and deleting mail run against the same grant-scoped endpoints any other Nylas integration uses. Retention and erasure split cleanly into two layers: Retention is a control-plane setting. It lives on a policy — an application-scoped resource that bundles limits and spam settings — attached to the workspace your Agent Account belongs to. Two fields cap how long mail survives: limit_inbox_retention_period and limit_spam_retention_period . Set them once and Nylas deletes a
AI 资讯
Keep your agent's mail out of spam traps
Spam traps are the failure mode nobody puts in the demo. A bounce is loud — you get a 5.x.x back, your code logs it, you move on. A complaint at least gives you a webhook. A spam trap gives you nothing . The message gets accepted, no error comes back, and somewhere a mailbox provider quietly writes your domain down as a spammer. By the time you notice, your inbox placement has already cratered and you have no single bounce to point at. That's the trap, literally. And it's the one that bites autonomous agents the hardest, because the whole appeal of an agent is that it acts without a human watching every send. Point a model at a list it scraped, let it loop, and it'll happily mail a recycled address that's been a trap for two years. The agent never sees a problem. You only see the aftermath in your deliverability dashboard a week later. I work on the Nylas CLI, so the terminal commands below are the exact ones I reach for when I'm wiring up an Agent Account to not do this. The good news is that an Agent Account is just a grant — a grant_id that works with every grant-scoped endpoint you already know — so there's nothing new to learn on the data plane. The defense is mostly discipline: validate before you send, honor every complaint, and age out the addresses that never wanted to hear from you. What a spam trap actually is, and why it's not a bounce It's worth being precise here, because the three things people lump together behave completely differently. A bounce is a rejected delivery. The receiving server tells you the address is bad, you get a message.bounced event, and you stop. Bounce handling is a solved problem — you listen, you suppress, you're done. A complaint is a recipient hitting "report spam." The mailbox provider relays that back as a feedback loop, and you get a message.complaint event. The address is real and reachable; the human just doesn't want your mail. If you keep mailing them, you're training the provider to filter you. A spam trap is neither.
AI 资讯
Invisible DevTools: Why the Best Tools Disappear
The best developer tools share one quality: you forget you are using them. Think about it. Your IDE fades into the background when you are in flow. Your terminal becomes muscle memory. These tools are invisible because they match your mental model so perfectly that there is zero friction between thought and action. This is exactly what online developer utilities should aspire to. The Problem with Fragmented DevTools Most developers have a bookmarks folder full of single-purpose websites: One for JSON formatting One for timestamp conversion One for Base64 encoding One for URL decoding Every switch between these tabs is a context loss. Every tool has a slightly different UI, different copy-paste format, different quirks. The Invisible Toolkit Opennomos Json (opennomos.com/en/project/01KJ850Z7PNGXHXESBM68HE12Y) consolidates timestamp conversion, JSON formatting, and Base64 encoding into a single workspace. No install. No accounts. No pricing tiers. Just open a tab and work. This is the north star for developer tools: make them so simple that the user never has to think about the tool itself — they only think about their actual task. The Trend Is Clear We have seen this pattern across the dev ecosystem: GitHub Codespaces made local IDE setup invisible Vercel made deployment invisible Replit made runtime environment invisible The next frontier is utility tools. The sooner they become invisible, the better. Try it: opennomos.com/en/project/01KJ850Z7PNGXHXESBM68HE12Y Part of the Nomos Build-in-Public series.
AI 资讯
Fudge MCP
Give your AI agents design taste from existing websites Discussion | Link
AI 资讯
Stop Triaging. Start Fixing. Introducing VigilOps
You've seen the alert. You've opened the PR. You've read the changelog. Then you realize: your code doesn't even call the vulnerable function. Every week. Hundreds of teams drowning in CVE notifications for packages sitting dormant in their node_modules — dependencies they pulled in years ago, bundled by a transitive library, and never actually executed. Meanwhile, the real vulnerabilities get buried. VigilOps is a free Node.js CLI that fixes this. How VigilOps Works VigilOps does three things: Scans dependencies against OSV.dev — the open vulnerability database used by GitHub, PyPI, and npm Runs static reachability analysis to filter out unreachable vulnerabilities (packages in your tree but never called by your code) Auto-opens a GitHub PR with the fix The result: you get one PR with one real vulnerability. Not a spreadsheet. Not a wall of Slack messages. A fix. Demo Here's a quick scan: npx vigilops scan examples/vigilops-demo-lodash And to see everything including suppressed (unreachable) deps: npx vigilops scan examples/vigilops-demo-express --all The --all flag shows what's in your dependency tree but not actually reachable from your code. That's what the noise looks like — and that's what VigilOps filters out. Why This Is Different Dependabot and Snyk scan your entire lockfile. They report every CVE in every package, regardless of whether your code ever touches the vulnerable surface. This creates alert fatigue that causes teams to eventually... stop reading. VigilOps inverts the model: only surface vulnerabilities in code you actually call. Dependabot: "Your project has 47 vulnerabilities" (but 40 are unreachable noise) VigilOps: "Your project has 1 reachable vulnerability. PR is ready." Quick Start npm install -g vigilops npx vigilops scan . Authenticate with GitHub: https://github.com/Vigilops/vigilops npx vigilops auth That's it. The first run will scan, analyze, and open a PR if there's a fixable reachable vulnerability. What's Included OSV.dev integrati
AI 资讯
Build an AI Changelog Generator in Python
Writing changelogs is one of those developer tasks that sounds simple until you are staring at a messy commit history. Some commits matter to users. Some are internal cleanup. Some are merge commits. Some are meaningful only if you already know the codebase. I built a small Python example that turns commit messages or git diffs into structured changelog JSON using Telnyx AI Inference. Code: https://github.com/team-telnyx/telnyx-code-examples/tree/main/changelog-generator-python What it does The Flask app exposes: POST /generate POST /generate/from-diff GET /changelogs GET /changelogs/<id> GET /health POST /generate accepts a list of commit messages: { "version" : "v1.4.0" , "repo_name" : "billing-service" , "commits" : [ "feat: add Stripe webhook retry with exponential backoff" , "fix: correct tax calculation for EU VAT exemption" , "docs: update API reference for invoice endpoint" ] } The app asks Telnyx AI Inference to return grouped changelog JSON with sections like: Features Bug Fixes Improvements Breaking Changes Documentation Other There is also a POST /generate/from-diff endpoint if you want to summarize a git diff instead of commit messages. Why structured output matters For a changelog tool, plain text is useful, but structured output is more flexible. If the response comes back as JSON, you can: render it in a docs site save it in a release database post it into a PR comment send it to Slack open a release-note review workflow let a human approve it before publishing The example stores generated changelogs in memory and gives each one an ID, so you can list recent changelogs or retrieve a specific one. Run it Clone the examples repo: git clone https://github.com/team-telnyx/telnyx-code-examples.git cd telnyx-code-examples/changelog-generator-python Create your .env file: cp .env.example .env Add your Telnyx API key: TELNYX_API_KEY=your_telnyx_api_key AI_MODEL=moonshotai/Kimi-K2.6 HOST=127.0.0.1 Install and run: pip install -r requirements.txt python app.py
AI 资讯
I built a privacy-first alternative to jwt.io, regex101 and every other dev tool that phones home
The dirty secret of online dev tools Every dev tool lives on a different website. jwt.io for JWT decoding. regex101 for regex testing. Some random site for JSON formatting. Another for diff checking. Another for curl → code. Another for SQL formatting. You end up with 10 bookmarks, 10 different UIs, and 10 different servers that just received your most sensitive data — and you never think twice about it. I didn't either. Until I did. What actually happens when you use these tools Let's take jwt.io as an example. Your JWT contains: Your auth algorithm Your user ID Your roles and permissions Your token expiry Sometimes your email, name, org ID When you paste it into jwt.io — it hits their server. It's in their request logs. Maybe forever. The same goes for regex101. Your regex patterns often encode business logic — validation rules, data formats, internal naming conventions. That goes to their database. And every online JSON formatter, diff checker, SQL tool, .env checker you've ever used? Same story. You're not just sharing data. You're sharing the shape of your system. Most of the time nothing bad happens. But "most of the time" is a terrible security posture for a developer who knows better. I got tired of it The more I thought about it, the more it bothered me. I was pasting production JWTs. Real API keys. Actual .env files with database URLs. Into random websites I knew nothing about. So I built DevTab - devtab.in One tab. 110+ dev tools. Zero server calls. Everything runs 100% in your browser via client-side JavaScript and WebAssembly. Open DevTools → Network while using it. Nothing fires. That's not a marketing claim. It's verifiable in 10 seconds. What's inside JSON tools JSON formatter & validator — real-time, error highlighting with line numbers JSON minifier JSON stringify & parse JSON → TypeScript / Pydantic / Go / Zod types Auth & security JWT decoder — header, payload, expiry countdown, issued-at in human time. Zero network requests. .env diff checker —
AI 资讯
I built a CLI to drive every AI coding agent from one interface
TLDR; I got tired of babysitting N terminal tabs of five different coding-agent CLIs. So I built agentproto — one daemon that drives Claude Code, Codex, Hermes, opencode, and Mastra through the same lifecycle, and actually supervises them. Why I built a daemon to drive every AI coding agent from one interface I have a confession: at any given moment I have Claude Code, Codex, and Hermes running in parallel terminal tabs, and I cannot remember which flag spawns which, which one eats --prompt , which one needs --cwd vs cd , and which one will hang forever if I close the laptop lid. simonw described the feeling on Hacker News recently — "Today I have Claude Code and Codex CLI and Codex Web running, often in parallel" — and called it a real jump in cognitive load compared to a year ago. aantix asked, also on HN: "how does everyone visually organize the multiple terminal tabs open for these numerous agents in various states?" I didn't have a good answer. So I built one. It's called agentproto . It is one daemon and one CLI that drives any coding-agent CLI — Claude Code, Codex, Hermes, opencode, Mastra, and a few more — through the same start / prompt / monitor / kill lifecycle, so you stop memorizing five different CLIs. On top of that lifecycle it adds the supervision layer people keep hand-rolling by hand: durable policy gates, nested orchestration, and multiplexed fan-in monitoring. MIT, no paid tier, the daemon itself is an MCP server. This is the story of why it exists. The hand-rolled watchdog The sharpest signal while I was building this came from other people independently re-inventing the same primitives in tmux scripts. On r/ClaudeAI, Confident_Chest5567 posted a writeup of orchestrating agents via tmux panes with a watchdog that resets dead sessions — "a swarm of agents that can keep themselves alive indefinitely." In the same thread, IssueConnect7471 (18 upvotes) described wiring a Redis pub/sub heartbeat plus dead-letter respawn between tmux panes, and arriv
AI 资讯
OpenSuperWhisper 评测:macOS 上最被低估的开源语音转文字工具?
OpenSuperWhisper 评测:macOS 上最被低估的开源语音转文字工具? 30秒结论 :OpenSuperWhisper 是一个基于 OpenAI Whisper 模型的 macOS 原生听写(dictation)应用。如果你受够了 macOS 自带听写的间歇性抽风,或者不想每月交钱给 Otter.ai,这个免费开源项目值得一试。 但别期待开箱即用 ——你需要自己配置模型、处理依赖,而且目前只支持 macOS。 适合人群:macOS 重度用户、需要离线语音转文字、对隐私敏感、愿意折腾配置的开发者。 不适合:Windows/Linux 用户、不想碰终端的人、需要实时流式转写(目前不支持)。 核心功能:代码实操 1. 安装部署 # 克隆仓库 git clone https://github.com/Starmel/OpenSuperWhisper.git cd OpenSuperWhisper # 安装依赖(需要 Python 3.10+) pip install -r requirements.txt # 直接运行 python app.py 坑点1 : requirements.txt 里没写版本号,我踩了 numpy 版本冲突的坑。建议手动指定: pip install numpy == 1.26.0 torch == 2.1.0 whisper == 20231117 坑点2 :macOS 14 Sonoma 上需要手动授权麦克风权限。第一次运行会 crash,因为没处理 PermissionError 。workaround:在 System Settings > Privacy & Security > Microphone 里手动勾上终端或 Python 的权限。 2. 基本使用 启动后会在菜单栏出现一个小图标(类似 macOS 原生听写)。快捷键是 Option + Space (可自定义)。 核心逻辑:按下快捷键 → 录音 → 松开 → 调用 Whisper 转写 → 结果写入当前光标位置。 代码层面 ,核心函数在 whisper_handler.py 里: # 简化版核心逻辑 import whisper import sounddevice as sd import numpy as np class WhisperHandler : def __init__ ( self , model_size = " base " ): self . model = whisper . load_model ( model_size ) self . sample_rate = 16000 def transcribe_from_mic ( self , duration = 5 ): # 录音 recording = sd . rec ( int ( duration * self . sample_rate ), samplerate = self . sample_rate , channels = 1 ) sd . wait () audio = recording . flatten (). astype ( np . float32 ) # 转写 result = self . model . transcribe ( audio , language = " zh " ) return result [ " text " ] 实测 :默认 model_size="base" 时,中文准确率约 85%。换成 "large-v3" 能到 92%,但首次加载要 2GB 内存,转写一条 10 秒语音需要 8-12 秒(M1 Pro 芯片)。 3. 自定义快捷键 config.yaml 里可以改: hotkey : modifier : " option" key : " space" model : size : " base" # 可选: tiny, base, small, medium, large-v3 device : " cpu" # 或 "mps" (Apple Silicon) output : paste_delay : 0.3 # 转写后粘贴延迟,防止焦点丢失 注意 : device: "mps" 在 macOS 14.2 上会报 MPS backend not available 。需要安装 PyTorch 的 MPS 版本: pip install torch torchvision torchaudio --index-url https://download.pytorch.org/whl/nightly/cpu 性能测试 测试环境:MacBook Pro M1 Pro (
AI 资讯
Debug the AI API route before you switch models
When an AI API call fails, the tempting reaction is to switch models or providers. That is often premature. A large share of 401, 429, model_not_found, timeout, and confusing billing issues are not model-quality problems. They are route-evidence problems. The request moved through a key, base URL, model ID, retry rule, fallback path, and billing record. If those pieces are not visible, changing the model can hide the real cause. Before you replace the model, debug the route. A practical route checklist Confirm the key scope. Is the API key attached to the right project, environment, and quota rule? A key that works in one workspace can fail in another because the limit, budget, or allowed model set is different. Confirm the base URL. Many OpenAI-compatible errors start with a request going to the wrong host, version path, or proxy. Check the exact Base URL used by the client, not the one written in a README from memory. Confirm the model ID. A model_not_found error is not always a provider outage. It can be a copied alias, a retired ID, a route that does not support that model, or a mismatch between public model names and API model IDs. Separate 401, 403, 404, and 429. These errors ask different questions: 401: is the key present and valid? 403: is the key allowed to use this route or model? 404/model_not_found: is the exact model ID available on this route? 429: is the limit coming from the user, key, project, provider, retry loop, or budget rule? Treating all of them as provider instability wastes time. Look for retry and fallback behavior. A single user action may trigger more than one model call. Agents, RAG pipelines, streaming clients, and SDK retries can quietly multiply traffic. If fallback is enabled, the served route may differ from the requested model. Check the usage and charge record. A successful response is not the end of the test. You should be able to explain which key made the call, which model was requested, which route served it, how many tokens
开发者
Copresent
Turn your phone into a Google Slides remote Discussion | Link
AI 资讯
Your next model upgrade won't close this gap
There's a comfortable thing people say when they see an AI agent query a code map. "Nice crutch. For now." The logic underneath it is reasonable. Coding agents are young. Context windows are small and getting bigger. Models are dumb today and will be smart tomorrow. So a structural index, the thing that hands the agent a dependency graph it would otherwise have to reconstruct, looks like a patch over a temporary weakness. Wait two releases. The model will just hold the whole repo in its head and the map becomes a quaint workaround, like a spellchecker for someone who learned to spell. I build one of those maps Sense . I went looking for the data that would kill it. I didn't find it. I found the opposite. What a map hands an agent is a computed fact. What a better model hands you is a more confident guess . No amount of model progress turns the second into the first, because the difference between them isn't a quality gap that closes with scale. It's a difference of kind. The rest of this piece is the two findings that forced me there. The belief, stated fairly The claim at full strength, because a weak version is easy to knock over. A code map exists to compensate for what the model can't do yet. Today's agent greps, samples, and guesses at structure because it can't read the whole codebase at once. Tomorrow's agent reads all of it, reasons over all of it, and the guessing stops. Bigger windows plus better weights equal no more blind spots. The map is scaffolding you'll tear down once the building stands. If that's true, the right move is to skip the tool and wait. Both findings, in order. Proof one: the best model available was still blind The benchmark ran the same task on thirteen real Ruby repos. Pick the hub model of an app, the Inbox , the MergeRequest , the Spree::Order , and ask the agent to find every place that depends on it before a teardown change. The non-obvious dependents, the ones scattered through concerns and workers and config-string registries, w
AI 资讯
The Evolving Agent: How Jean2 Learns Across Sessions
I've been coding with AI agents for about two years. Every major one. Cursor, Copilot, Codex, OpenCode. They're good at generating code. They all share one problem. They forget everything. You finish a session, close the window, and the agent resets. Next time you open it, you're starting from zero. "We use pnpm, not npm." "The database is SQLite, not Postgres." "Don't touch the migrations folder." You repeat yourself. Every. Single. Time. Some tools added memory features. Usually as an afterthought. A pinned file. A custom instruction. A context window that grows until it hits a wall and everything old gets silently dropped. I didn't want a bigger context window. I wanted an agent that accumulates knowledge the way a colleague does. Not by being retrained. By taking notes, writing down what it learned, and reading those notes next time. That's what Jean2 can do. Not through fine-tuning. Not through vector embeddings. Through files on disk that the agent reads and writes itself. But here's the thing: none of this is on by default. By default, Jean2 is as bare as Codex or OpenCode. A blank prompt. No memory. No skills. No session search. You opt in to each layer in workspace settings . That's the point. You build the agent you want, layer by layer. The Four Layers If you turn them on, Jean2's agent has four knowledge layers that persist across sessions. They're not features bolted on top. They're part of the system prompt that gets composed every time a session starts. 1. Workspace Memory Turn on workspace memory in workspace settings , and the workspace gets two files: MEMORY.md for shared knowledge and USER.md for your personal preferences within that workspace. Both live at <workspace>/.jean2/ . The concept is simple. Shared knowledge that's useful for any agent working in that workspace. "We use pnpm." "The database is SQLite." "Don't touch the migrations folder." Whatever agent you bring in, coding specialist, reviewer, docs writer, they all get the same context
AI 资讯
Git tells you what changed. Causari tells you why.
AI coding agents are becoming good enough to touch real codebases. They can refactor files, write tests, change architecture, move logic around, and sometimes modify more code in ten minutes than a human would in an afternoon. That is powerful. But it creates a new debugging problem. Git can tell you what changed . When an AI agent was involved, you often need to know something deeper: Why did this change happen? Which prompt caused this line? Which model produced it? What files did the agent read before writing it? What later changes depended on this agent action? That is the problem I wanted to solve with Causari . Causari is a local CLI for intent-addressable code . It records AI agent actions as causal events: prompts, models, reads, writes, diffs, reasoning, cost, and relationships between actions. The goal is simple: Git tracks bytes. Causari tracks intent and causality. Repository: https://github.com/croviatrust/causari Website: https://causari.dev The problem When a human developer changes code, there is usually some context. A commit message. A pull request. A ticket. A discussion. A design decision. With AI coding agents, the workflow is different. You ask something like this: Refactor the auth flow and add JWT refresh logic. The agent reads files, makes assumptions, writes code, maybe fixes tests, maybe changes something unrelated, then moves on. At the end, you have a diff. But the diff does not tell the full story. A suspicious line appears in auth.ts . Git can show when the line appeared. But Git cannot answer: which prompt produced this exact line? what completion did it come from? did the agent read the right files first? was this part of the original request or an accidental side effect? if I revert this, what downstream work am I also undoing? That gap becomes bigger as agents become more autonomous. The more work agents do, the more we need provenance. Not only code provenance. Intent provenance. The idea: intent-addressable code Causari treats an
AI 资讯
Sim
Open-source workspace for AI agents and workflows Discussion | Link
AI 资讯
A Verdict Is Not Evidence. Test Is Where I Learned the Difference.
The call-order change came back pass-with-risk. I read the recommendation, saw it had a name and a reason, and felt the task close. Then I looked at the row under it. How was this verified: not run. Nobody had run the queue. I had a label. I did not have proof. This is Part 6 of The Contract Think produced a brief. Plan produced a gate. Build executed inside it. Review scored every requirement against a verdict instead of an impression. Review reads the diff and the plan and decides whether one satisfies the other. It does not run the queue. It cannot. Its whole job is judgment about what the code should do. Test is where someone finally checks what the code actually does. I had been treating those two as the same step. They are not. Test asks one question, and a verdict is not the answer For every active requirement, Test asks how it was verified. Command run, manual QA, or a comparison against known-good output. One of those three, or a written reason none of them ran. Not a recommendation. Not a risk level. Evidence. I built the matrix against the plan's requirements and filled in each row. Most had a command behind them. The call-order requirement had nothing. The cell read not run, and it sat directly below a pass-with-risk that already carried a name and a reason. That name had almost been enough for me. A named risk feels handled. It is not. It is a risk with a label on it, waiting for someone to actually look. So I ran the queue Three notifications, all with a real reason to fire within the same tick. The scheduler picked them up and ordered them by priority instead of arrival. Two landed in the sequence the requirement wanted. The third jumped ahead of a lower-priority notification that was still mid-processing. The change worked almost every time. Under one timing condition, it did not. That is the gap a verdict cannot see. Review had marked the requirement partial because the wording left the mechanism open. Running it found a real failure inside the mech
AI 资讯
Tasks.txt
Plain text task manager for macOS Discussion | Link