今日已更新 80 条资讯 | 累计 20052 条内容
关于我们

标签:#tools

找到 637 篇相关文章

AI 资讯

Why AI code review hallucinates — and the two gates that fix it

CCA-Audit — open source (MIT) AI code review has a trust problem, and it's not that it misses bugs. It's that it invents them. If you've run an LLM over a diff, you've seen it: a "possible null dereference" on a value that's guarded three lines up. A "SQL injection" your ORM already parameterizes. A "race condition" that can't happen. And then — worse — it confidently rewrites working code to "fix" the thing that was never broken. The real bug, meanwhile, sits quietly in the noise. The problem isn't intelligence. It's that most AI reviewers report their first impression as a verdict. A model reads a diff, pattern-matches "this looks like X," and emits a finding — without ever going back to check whether X is actually reachable in this code. Humans do a second pass ("wait, is price validated upstream?"). Most AI-review pipelines skip it. Here are two gates that add that second pass — and a stress test showing what they catch. Gate 1: verify findings before you fix (anti-hallucination) The idea is simple: no finding is allowed into the fix plan until a separate step re-checks it against the real code. After the auditors produce findings, a verification pass takes each one and asks three questions: Does the issue actually exist at the cited line? Is it in the code that changed, or a pre-existing thing outside the diff? Is the stated impact real, or already mitigated elsewhere — a guard upstream, a value validated before this point, a config defined in another module? The key design choice: bias the verifier toward refuting. A wrongly-confirmed finding causes a needless (sometimes harmful) fix; a wrongly-dropped one is cheap to recover. So when the evidence isn't clear, drop it or escalate to a human — don't fix on a hunch. This one step kills the majority of hallucinated findings, because hallucinations rarely survive contact with "show me the exact line, and prove the impact can occur." Gate 2: prove the fix maps to the finding (anti-regression + provenance) Catching

2026-07-07 原文 →
AI 资讯

My AI agent tried to ship a mistake we'd already reverted

A month ago we added a card_token column to the users table so a background job could retry failed Pro charges. It lasted about two days. Storing card data in your own database drops you into PCI-DSS (the compliance standard that kicks in the moment card data touches your systems), so we pulled it and moved to Stripe-managed payment methods. Last week the charges started failing again. New Claude Code session, no memory of any of that. Its plan? Add a card_token column to users and retry. I don't really blame the agent. It had the context the first time and it was right. The problem is that context died when the session closed. That's the part I never see mentioned about building with agents: the code sticks around, the reasoning doesn't. People leave a trail without trying. A commit message, a PR comment, the Slack thread before it. Agents don't, and the prompt that explained everything is gone by morning. So I built Selvedge to hold onto the reasoning. What happened the second time Selvedge is a local MCP server the agent calls as it works. There's a four-line block in our CLAUDE.md that says, roughly: before you touch an entity, check if we've been here before. $ selvedge prior-attempts users.card_token users.card_token Prior attempt 28 days ago ( reverted after 2 days ) Reasoning Added to store card tokens for one-click retries. Outcome REVERTED — kept card data out of our own DB to stay clear of PCI-DSS scope ; moved to Stripe-managed methods. So it didn't add the column. It charged off_session against the saved Stripe PaymentMethod instead. Charge retried, no card data in our database, done. We paid for that lesson once. How it works The agent writes down why live, in the moment, from the same context that made the change. That's the whole trick. A lot of the "git blame for AI" tools take your diff afterward and ask a second model to explain it. That's a guess. It reads well, but you can't really build on it. Selvedge stores what the agent actually meant, in i

2026-07-06 原文 →
AI 资讯

I’m building Euro Toolhub: a German-first index of European software alternatives

I’m building Euro Toolhub , a German-first index of European software, SaaS, cloud and AI alternatives. The idea is simple: many companies, agencies, developers and privacy-conscious users want alternatives to common tools when they care about things like data residency, open source, self-hosting, European jurisdiction or reducing dependency on non-European providers. But most existing lists stop at listing tools. I want Euro Toolhub to go one step further. Each provider profile can include: country and jurisdiction category alternative-to mappings open source status self-hosting availability EU data residency DPA availability certifications where known target audience strengths and limitations a transparent sovereignty score embeddable badges for providers The project starts in German because the first target market is DACH, but the structure is prepared for more languages later. The long-term vision is to build a practical decision platform for digital sovereignty: not just “which European alternatives exist?”, but “which one fits my actual use case?” Current categories include web analytics, cloud and hosting, newsletter tools, CRM, email, password managers, AI APIs, project management, video conferencing and e-signatures. I’m looking for feedback from developers, SaaS founders, privacy people and self-hosting communities: Which European tools should be added? Which categories matter most? What would make a sovereignty score trustworthy? Should the provider dataset be opened through GitHub for corrections and submissions? Project: https://www.euro-toolhub.eu/de Provider submission: https://www.euro-toolhub.eu/de/anbieter-eintragen ``

2026-07-05 原文 →
AI 资讯

Osloq — ให้ AI reproduction เวลาเกิด bug

Osloq — ใช้ AI หาสาเหตุ bug แทน เวลา AI coding tools เสนอจะ "fix bug ให้" — เราได้แต่กด Accept หรือไม่ก็ Reject สองปุ่ม สองทางเลือก แต่เราไม่เคยรู้ว่า: AI รู้ได้ยังไงว่า bug เกิดจากตรงนี้? มัน reproduce แล้วหรือแค่อ่านโค้ดแล้วเดา? ถ้าเรา accept — มันจะพังของอย่างอื่นไหม? Osloq เลือกทางที่สาม: ไม่ใช่ "fix ให้" — แต่ " หาให้เจอแล้วบอกว่าเกิดอะไรขึ้น " Osloq คืออะไร Osloq เป็น AI agent ที่ทำหน้าที่ "นักสืบ bug" มีคนเปิด GitHub Issue → Osloq อ่าน → trace โค้ด → reproduce ใน sandbox → ส่งรายงานพร้อมหลักฐาน ┌─────────────────────────────────────────────────────┐ │ GitHub Issue: "ปุ่ม submit กดไม่ติดบน Safari" │ └─────────────────────┬───────────────────────────────┘ ▼ ┌─────────────────────────────────────────────────────┐ │ Osloq: │ │ 1. อ่าน issue → เข้าใจว่า "ปุ่มไม่ทำงาน" │ │ 2. trace โค้ด: จาก handler → service → DOM event │ │ 3. reproduce: รัน Safari ใน sandbox → ปุ่มไม่ติดจริง │ │ 4. จับหลักฐาน: logs, screenshots, call stack │ │ 5. สรุป: "event listener ใช้ 'click' แต่ Safari │ │ บน iOS 18 ไม่ bubble event — ต้องใช้ 'pointerdown' │ └─────────────────────┬───────────────────────────────┘ ▼ ┌─────────────────────────────────────────────────────┐ │ Report บน GitHub Issue: │ │ 📸 screenshot ของ Safari ที่ปุ่มไม่ทำงาน │ │ 📋 console error: "Unhandled Promise Rejection" │ │ 🔗 code path: handler.ts:42 → form.ts:17 │ │ 💡 suggestion: เปลี่ยน event type │ └─────────────────────────────────────────────────────┘ คุณอ่าน report → เข้าใจปัญหา → ตัดสินใจเอง ว่าจะแก้ยังไง ต่างจาก "AI Fix Everything" ยังไง Devin / Sweep AI Osloq แนวคิด "Fix the bug" "Find the cause" ทำงานยังไง เขียนโค้ดใหม่ → เปิด PR Reproduce → รายงาน evidence เราเห็นอะไร PR diff ภาพ, log, call stack, บทสรุป ใครตัดสินใจ AI (เราแค่ merge) เรา (AI บอกว่าอะไรผิด) ถ้าผิดพลาด โค้ดผิดเข้า main Report ผิด — ไม่กระทบโค้ด ความเสี่ยง สูง — AI แก้โค้ดโดยตรง ต่ำ — AI แค่แนะนำ ทำไมถึง "สบายใจกว่า" 1. คุณเห็นหลักฐาน — ไม่ใช่แค่ diff ❌ "Fixed button click handler — please review" → review 300 บรรทัด — ไม่รู้ว่าแก้ถูกไหม ✅ "Button

2026-07-05 原文 →
AI 资讯

5 Free Browser-Based Dev Tools: GraphQL Formatter, Docker Compose Validator, Dockerfile Linter, and More

I just shipped 5 new tools to DevNestio — a hub of 172 free, browser-only developer utilities. All tools are zero-signup, zero-upload, and work offline. 1. GraphQL Query Formatter & Minifier https://devnestio.pages.dev/graphql-formatter/ Paste any GraphQL operation and get: Pretty-print — consistent indentation Minify — strips comments and whitespace for smaller request payloads Validation — brace/parenthesis balance check Operation detection — lists all named query , mutation , subscription , fragment Useful for quick query cleanup before pasting into code reviews or API docs. 2. Protobuf (.proto) Formatter & Validator https://devnestio.pages.dev/protobuf-formatter/ Online formatter and validator for Protocol Buffer .proto files: Duplicate field number detection Message and enum structure validation Syntax-highlighted output One-click copy Great for a sanity check before pushing .proto changes in a gRPC service. 3. Docker Compose Validator https://devnestio.pages.dev/docker-compose-validator/ Paste your docker-compose.yml to catch: Missing services section Services without image or build Invalid port mappings ( 80:80 , 127.0.0.1:8080:80 , 53:53/udp , ranges…) depends_on referencing non-existent services Circular dependency detection (A→B→A) Unknown restart policies # This will flag errors: services : web : ports : - " abc:xyz" # invalid port depends_on : - missing_service # unknown service 4. Dockerfile Analyzer & Linter https://devnestio.pages.dev/dockerfile-analyzer/ Analyzes your Dockerfile for best practice violations across three categories: Security sudo usage inside RUN Container running as root (no USER instruction) Secrets baked into ENV / ARG (password, secret, token, key) Image size :latest base image tag apt-get update in a separate RUN (stale cache risk) apt-get install without --no-install-recommends apt cache not cleaned ( rm -rf /var/lib/apt/lists/* ) ADD used for local files instead of COPY Layer optimization Consecutive RUN instructions (suggest c

2026-07-05 原文 →
AI 资讯

CodeZero publishes new canary release with AI flow generation

Explore the latest CodeZero canary release featuring AI-powered flow generation, a brand-new module system, and a new execution results view in the IDE. We are excited to announce the release of our latest canary version, one of the biggest steps in the development of CodeZero so far. This update brings artificial intelligence into the platform for the first time, introduces a completely new module system, and gives you full insight into your flow runs with a new execution results view in the IDE. Build flows with AI CodeZero can now generate flows for you. Simply describe what your automation should do, pick one of the available AI models, and watch your flow being built in real time. This is the first milestone on our journey to make backend automation accessible to everyone, whether you prefer building visually or simply describing your idea in plain language. A smarter way to organize: modules With this release, the entire platform has been restructured around modules. Functions, flow types, and data types are now neatly bundled and delivered as modules, making it much clearer which capabilities are available in your project at any time. You can see all available modules at a glance, configure them individually for each project, and when adding a new step to a flow, suggestions are now conveniently grouped by module. The result is a tidier, more intuitive building experience that scales with your projects. Execution results at a glance Understanding what your flows are doing just got a lot easier. The IDE now features a new execution results view that shows you the outcome of every run, step by step, so finding and fixing problems takes seconds instead of guesswork. Results are saved as well, letting you revisit previous runs whenever you need them. Behind the scenes, this release also lays the complete groundwork for test executions, so soon you will be able to start test runs directly from the IDE. A better building experience The IDE has received plenty of lo

2026-07-04 原文 →
AI 资讯

Bruno — API Client แบบ Git-Native ที่เก็บทุกอย่างเป็นไฟล์

Bruno — API Client แบบ Git-Native ที่เก็บทุกอย่างเป็นไฟล์ เวลา dev team ต้องเทส API — เครื่องมือที่ทุกคนนึกถึงคือ Postman กับ Insomnia แต่ปัญหาคลาสสิกที่เจอกันแทบทุกทีม: "Postman collection อยู่ไหน?" — "ใน account ผมไง" "ขอ invite หน่อย" — "เดี๋ยวส่ง link ให้... เอ๊ะ หมด free tier แล้ว" นี่คือ pain point ที่ทำให้คนจำนวนมากมองหาเครื่องมือใหม่ — และหนึ่งในนั้นคือ Bruno Bruno คืออะไร Bruno เป็น API client แบบ desktop app (มีทั้ง macOS, Linux, Windows) ที่มีแนวคิดแตกต่างจาก Postman โดยสิ้นเชิง: Postman Bruno เก็บข้อมูลที่ไหน Cloud account ไฟล์ใน project (Git repo) ต้อง login ไหม ✅ ต้อง ❌ ไม่ต้อง Collection format JSON (binary-ish) Plain text (Bru files) Collaborate ผ่าน Postman cloud ผ่าน Git (PR, diff, review) Open source ❌ ✅ (GitHub: 45K+ stars) Offline ไม่ค่อยได้ ✅ ทำงานออฟไลน์ได้เต็มที่ หัวใจของ Bruno คือ "API Client ไม่ใช่ Platform" — มันคือเครื่องมือธรรมดาที่เก็บข้อมูลเป็นไฟล์ — เหมือนที่ dev ทั่วไปเก็บโค้ด จุดเด่น 1. Collection คือไฟล์ — เก็บใน Git ได้ my-project/ ├── src/ ├── bruno/ │ ├── users/ │ │ ├── GET users.bru │ │ ├── POST create user.bru │ │ └── DELETE user.bru │ ├── auth/ │ │ └── POST login.bru │ └── bruno.json └── .git/ ทุก API request เป็นไฟล์ .bru — plain text — diff ได้, PR review ได้, merge ได้ — เหมือนโค้ด meta { name: GET users type: http seq: 1 } get { url: https://api.example.com/users body: none auth: bearer } 2. ไม่มี Cloud — ข้อมูลอยู่กับคุณ Bruno ไม่เคยส่งข้อมูลขึ้น server — ทุกอย่างอยู่บนเครื่องคุณ ทั้ง request, response, environment variables สำหรับทีมที่ทำงานกับข้อมูล sensitive (banking, healthcare, government) — ข้อนี้สำคัญมาก 3. ใช้ Git เป็น Collaboration Tool แทนที่จะ "invite teammate เข้า workspace" (แบบ Postman) — คุณแค่: git add bruno/ git commit -m "add user API collection" git push เพื่อน git pull → เปิด Bruno → เห็น collection เดียวกันทันที 4. Environment Variables — แบบเดียวกับที่ dev ใช้ # environments/production.bru vars { base_url : https : //api.production.com api_key : {{ PROD_API_KEY }} } เปลี่ยน environment ด้วยการคลิก —

2026-07-04 原文 →