直近1週間の更新
7/9 (木)
How GitHub Copilot enables zero DNS configuration for GitHub Pages
The GitHub Blog
Go from an empty repository to a live custom domain with HTTPS in about 14 minutes, without manually editing a single DNS record.The post How GitHub Copilot enables zero DNS configuration for GitHub Pages appeared first on The GitHub Blog.
44分前
7/8 (水)

How to Make an Interactive Element Invisible but Accessible
Master.dev Blog RSS Feed
The attribute `hidden="until-found" can be quite useful in HTML, but we'll need another unexpected bit of CSS to ensure space is reserved.
3時間前

Introducing Meerkat: an experiment in global consensus
1
The Cloudflare Blog
Cloudflare Research is building a global consensus service called Meerkat that uses a new consensus algorithm called QuePaxa. We plan to use Meerkat to build a strongly consistent, fault-tolerant key-value store, and other applications.
4時間前

pnpm 11.10 Hardens Registry Authentication to Block Token Redirection
Socket
pnpm 11.10 hardens registry auth to block token redirection, tightens pack-app and deploy, and makes the Rust port (v12) installable.
12時間前

Flags SDK now evaluates flags 10x faster
Vercel News
and now evaluate multiple feature flags in bulk around 10x faster. Flags SDKVercel FlagsFlag evaluation time improved by reducing microtask queue overhead and creating fewer promises. The improvement scales with the number of flags.Use instead of to benefit from these optimizations:await evaluate([flagA, flagB])Promise.all([flagA(), flagB()])You can also pass an object to evaluate flags with named keys automatically benefits from these improvements as well.precompute()Upgrade and to the latest v
17時間前

Use any Chat SDK adapter with eve
Vercel News
now supports Chat SDK adapters with the new .eveChat SDK channelOne channel connects your eve agent to Facebook Messenger, WhatsApp, Resend, Liveblocks, and any other surface with an . You write normal Chat SDK handler code, and calling inside a handler hands the message to your agent.adaptersendRegister handlers on exactly as you would in a standalone Chat SDK app.botOut of the box, the channel:Supply your own handlers to override any of these defaults.eventsRead the documentation to get starte
17時間前

Chat SDK now supports Vercel Connect
Vercel News
You can now use to manage credentials for your bots, with no tokens or signing secrets to store or rotate yourself.Vercel ConnectChat SDKThe new subpath provides adapter helpers for Slack, GitHub, and Linear. Each helper takes a connector UID and returns a config you spread into the matching adapter factory.@vercel/connect/chatOutbound bot calls use a function-form token field backed by , so each API request gets a fresh, short-lived token that Vercel Connect rotates for you.getTokenInbound use
17時間前

Chat SDK adds Dial support
Vercel News
Chat SDK now supports Dial with the new .vendor-official adapterBuild bots that send and receive SMS, MMS, and iMessage on a real phone number, with bidirectional media and inbound voice-call transcripts. Replies use the standard Chat SDK thread and message APIs, with HMAC-verified webhooks and stable per-conversation threading.Each phone conversation becomes a Chat SDK . Texts and media arrive as messages on that thread, and when a voice call ends, its transcript appears there too. Subscription
17時間前

Chat SDK adds Photon support
Vercel News
Chat SDK now supports Photon with the new .vendor-official adapterBuild bots that send and receive iMessages directly and in group chats, share media, and react with native tapbacks. Run the adapter against Spectrum Cloud, your own server, or directly on a Mac.Each Photon conversation becomes a Chat SDK thread, and tapbacks come through as reactions. Handlers, posts, and subscriptions work the same as with any other adapter. Webhooks are HMAC-verified, and your bot can reply to a DM straight fro
17時間前

The Prototype Trap: Shipping AI-written Code Before It’s Ready
CKEditor Ecosystem Blog
Fast AI prototypes are slipping into production. Learn why vibe coding creates risk—and how leaders can stop the prototype trap.
18時間前

GitHub Secret Scanning Public Monitoring for Enterprises: Coverage and Gaps
Step Security Blog
GitHub's new public monitoring finds your enterprise's leaked secrets anywhere on github.com. Here is what it covers, what it cannot see, and how to close the exfiltration gap
19時間前

sqlite-utils 4.0, now with database schema migrations
Simon Willison's Weblog
<p>This morning I released <a href="https://sqlite-utils.datasette.io/en/stable/changelog.html#v4-0">sqlite-utils 4.0</a>, the 124th release of that project and the first major version bump since <a href="https://sqlite-utils.datasette.io/en/stable/changelog.html#v3-0">3.0</a> in November 2020. In addition to some small but significant breaking changes (described in <a href="https://sqlite-utils.datasette.io/en/stable/upgrading.html">this upgrade guide</a&...
21時間前

LLM Model Fallback Is a Product Strategy
CKEditor Ecosystem Blog
When Anthropic's Fable 5 went offline with no warning, products on a single LLM broke. Why model fallback and provider abstraction is product strategy.
1日前

Top Burp Suite alternatives for web application security testing
Aikido Security's Blog
Compare the top Burp Suite alternatives for DAST and AI pentesting, including Aikido, Caido, ZAP, and Invicti.Category: DevSec Tools & Comparisons
1日前

Coordinated npm and PyPI Campaign Typosquats Popular Secure Payment Apps
Socket
Socket uncovered 17 malicious npm and PyPI packages typosquatting Paysafe, Skrill, and Neteller SDKs to steal developer secrets.
1日前

sqlite-migrate 0.2 Simon Willison's Weblog
<p><strong>Release:</strong> <a href="https://github.com/simonw/sqlite-migrate/releases/tag/0.2">sqlite-migrate 0.2</a></p> <p>The version that retires the library, instead implementing a compatibility shim against the new sqlite-utils 4.0 dependency.</p> <p>Tags: <a href="https://simonwillison.net/tags/sqlite-utils">sqlite-utils</a></p>
1日前

github-code Web Component Simon Willison's Weblog
<p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/github-code-component">github-code Web Component</a></p> <p>An experimental Web Component built using GPT-5.5 and <a href="https://gist.github.com/simonw/0e3db21947b5ae7e29e8a4f69a0b0617">the following prompt</a>:</p><blockquote><p><code>let's build a Web Component for embedding code from GitHub</code></p><p><code>&lt;github...
1日前

Q1 2026 Innovation Graph update: Open source collaboration is accelerating worldwide
The GitHub Blog
New Innovation Graph data shows global developer communities growing faster than ever, with collaboration reaching new highs across many economies.The post Q1 2026 Innovation Graph update: Open source collaboration is accelerating worldwide appeared first on The GitHub Blog.
1日前

sqlite-utils 4.0 Simon Willison's Weblog
<p><strong>Release:</strong> <a href="https://github.com/simonw/sqlite-utils/releases/tag/4.0">sqlite-utils 4.0</a></p> <p>See <a href="https://simonwillison.net/2026/Jul/7/sqlite-utils-4/">sqlite-utils 4.0, now with database schema migrations</a> for details.</p> <p>Tags: <a href="https://simonwillison.net/tags/sqlite-utils">sqlite-utils</a></p>
1日前

Get Ready For the Powerful CSS border-shape Property!
CSS-Tricks
We recently got the shape() function and corner-shape property. What else could we possibly need as far as making shapes in CSS? Let me tell you: the border-shape property!Get Ready For the Powerful CSS border-shape Property! originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.
1日前

Boundary-Aware Styling in CSS
Master.dev Blog RSS Feed
You might think of the view() function as used in scroll-driven animations, but really it just pairs @keyframes animation with the current position of an element.
1日前
7/7 (火)

Cloudflare proudly joins the UK government's Cyber Resilience Pledge
The Cloudflare Blog
The pledge is a voluntary framework inviting organizations to commit to foundational cyber security governance, board-level accountability, and supply chain rigor. For over a decade, Cloudflare has pioneered the core pillars of this framework: democratizing security, leadership accountability, and radical transparency.
1日前

Top Chainguard alternatives 2026
Aikido Security's Blog
Comparing the best Chainguard alternatives in 2026, from Aikido Security to Docker Hardened Images, Minimus, RapidFort, and Echo.Category: DevSec Tools & Comparisons
1日前

JetBrains AI for Teams and Organizations: From Fragmented AI Usage to Coordinated Software Development
Company | The JetBrains Blog
We’re about to start rolling out a new set of AI capabilities that provide shared context, reusable agentic workflows, organization-level governance, and cost control for software production. Developers use different AI tools depending on the task – from JetBrains IDEs to terminal-based agents such as Claude Code, Codex, and other emerging solutions. That freedom is […]
1日前

Meet Kirki: WordPress’s First Visual Builder With An Infinite Canvas
Articles on Smashing Magazine — For Web Designers And Developers
We have been building websites inside boxes for years on WordPress. Let’s take a closer look at [Kirki](https://kirki.com/), the first freeform visual builder with an infinite canvas, and explore how it redefines the experience with cleaner performance, full design freedom, and zero plugin dependency.
1日前

You can now view the Activity Log at a project-level
Vercel News
Project Settings now includes its own project-specific A. This view pulls the relevant user events from the Activity Log in Team Settings. Review project-level activity without leaving your project settings. ctivity LogVisit to try it out.your project settingsRead more
1日前

Vercel acquires Better Auth to accelerate open source auth
Vercel News
Vercel is acquiring , the company behind the open source , which has 4.7M+ weekly npm downloads and more than 850 contributors. Founder Bereket Engida and the core team are joining Vercel to continue their work on Better Auth and agent identity.Better AuthTypeScript authentication libraryLast year, we behind Next.js, AI SDK, and Nuxt: software that's open by default, loosely coupled, and portable to any platform.published our approachBetter Auth applies it to authentication: framework-agnostic,
1日前

sqlite-utils 4.0rc4
Simon Willison's Weblog
<p><strong>Release:</strong> <a href="https://github.com/simonw/sqlite-utils/releases/tag/4.0rc4">sqlite-utils 4.0rc4</a></p> <p>The last RC before the 4.0 stable release. Mainly <a href="https://github.com/simonw/sqlite-utils/issues/769#issuecomment-4900034150">implements feedback</a> from a detailed review by Claude Fable 5.</p> <p>Tags: <a href="https://simonwillison.net/tags/sqlite-utils">sqlite-utils</a>, <a h...
1日前

PR TIMES は PHP Conference Japan 2026 に協賛・登壇します!
PR TIMES 開発者ブログ
こんにちは。バックエンドエンジニアの筒井 (@tsuttsun_wind)です。PR TIMESは、PHP Conference Japan 2026 にゴールドスポンサーとして協賛します。 PHP Conference […]
2日前

「Tech-Verse 2026」Keynote LINEヤフー Tech Blog (LY Corporation Tech Blog
2026年6月29日、LINEヤフーグループ最大の技術カンファレンス「Tech-Verse 2026」が開催されました。ここではKeynoteをアーカイブ動画と書き起こしテキストでご紹介します。アーカ...
2日前

AWS DevOps Agentの新機能カスタムエージェントで週次SREレポートをつくる
CyberAgent Developers Blog | サイバーエージェント デベロッパーズブログ
本記事は、DevOps Agentの新機能のカスタムエージェントをつかって週次のSREレポートをつく ...
2日前

Gemini Embedding 2で作るネイティブマルチモーダルRAG
CyberAgent Developers Blog | サイバーエージェント デベロッパーズブログ
本記事では、この「ネイティブ」なマルチモーダル埋め込みを活用したRAGの構築方法を解説します。
2日前

More granular observability for Vercel Sandbox
Vercel News
observability now includes detailed resource metrics, giving you deeper visibility into how your sandboxes consume compute and networking.Vercel SandboxFrom the in your dashboard, you can now monitor:Observability tabEach metric can be grouped by Sandbox Name and Sandbox Session ID, so you can drill down from aggregate usage to the individual sandbox responsible.You can also query and visualize metrics via the Vercel CLI:Metrics are available at both the team and project level and align directly
2日前

Better Auth is joining Vercel
Better Auth Blog
Better Auth is joining Vercel. We're joining to accelerate our work on open-source auth and securing agent workflows.
2日前
Give your eve agent GitHub tools
Vercel News
now ships an toolset through the new subpath. One file in can register every GitHub tool, or use a preset such as , so you can build a complete GitHub agent in nine lines of code.GitHub Toolseve@github-tools/sdk/eveagent/tools/maintainerGet started by following the .knowledge base guideRead more Every write tool, such as , requires approval unless you opt out. Gate individual tools with , , or an input-dependent predicate; pauses survive restarts and deploys.Safe by default:mergePullRequestalway
2日前

tencent/Hy3
Simon Willison's Weblog
<p><strong><a href="https://huggingface.co/tencent/Hy3">tencent/Hy3</a></strong></p>New Apache 2.0 licensed model from Tencent in China:</p><blockquote><p>Hy3 is a 295B-parameter Mixture-of-Experts (MoE) model with 21B active parameters and 3.8B MTP layer parameters, developed by the Tencent Hy Team. Following the Hy3 Preview launch in late April, we gathered feedback from 50+ products and scaled up post-training with higher quality data. To...
2日前

Git 感覚で AWS / Google Cloud / Azure のシークレットを管理できる CLI/GUI ツール「suve」を作った
ゆめみのフィード
はじめにAgentic AI 全盛期の昨今,コードを書くのも,テストを書くのも,リファクタリングするのも,かなりの部分を AI に任せられるようになりました。ところが,そんな時代においても シークレットや設定値の管理だけは,いまだに手作業でクラウドコンソールをぽちぽちするのが普通 ではないでしょうか?AWS マネジメントコンソールにログインして,SSM Parameter Store の画面を開いて,該当のパラメータを探して,「編集」ボタンを押して,テキストエリアに値を貼り付けて,保存する「あれ,この値いつ誰が変えたんだっけ?前の値なんだったっけ?」となっても,履歴画面は貧弱...
2日前

Predicting MongoDB ObjectId() continuously in Rocket.Chat
Aikido Security's Blog
Aikido's AI pentester found this file-access flaw in Rocket.Chat. A closer look at MongoDB's ObjectId() showed the weak randomness that makes it exploitable.Category: Vulnerabilities & Threats
2日前
7/6 (月)

Getting Started with Anchor Positioning
Josh Comeau's blog
For decades, one of the most notoriously-challenging problems on the web has been sticking one element to another element, for things like tooltips and nested menus. The CSSWG has decided to provide a first-class solution to this problem, and it’s pretty friggin’ cool! In this tutorial, I’ll share the most useful parts I’ve found from this modern CSS feature.
2日前

Your Worker can now have its own cache in front of it
The Cloudflare Blog
We are launching Workers Cache, a regionally tiered cache that sits directly in front of your Worker entrypoints. Infinitely composable, configured via standard HTTP headers
2日前

sqlite-utils 4.0rc3 Simon Willison's Weblog
<p><strong>Release:</strong> <a href="https://github.com/simonw/sqlite-utils/releases/tag/4.0rc3">sqlite-utils 4.0rc3</a></p> <p>I hoped to release <code>sqlite-utils 4.0</code> stable this weekend, but as I worked through the backlog of issues and PRs with a combination of Claude Fable 5 and GPT-5.5 the changelog since rc2 <a href="https://sqlite-utils.datasette.io/en/latest/changelog.html#rc3-2026-07-05">kept getting bigger</a>...
2日前

Node.js Considers Public Workflow for Security Reports Amid AI-Driven Surge
Socket
Node.js is debating whether AI-driven security report volume warrants moving more vulnerability reports into public workflows.
3日前

レガシープロジェクトからAI主導型プロジェクトへの転換、AXロードマップ LINEヤフー Tech Blog (LY Corporation Tech Blog
はじめに「AIを導入すれば生産性が上がるらしいが、私たちのチームはどこから手をつければいいのだろう?」と悩んだことはありませんか?既存のレガシープロジェクトをAI主導型プロジェクト(AI-driven...
3日前

ヤフーのiOSアプリにおけるローカル認証を活用した独自のデバイス認証からパスキー認証への移行対応 LINEヤフー Tech Blog (LY Corporation Tech Blog
こんにちは。Yahoo! ID連携のiOS SDKの開発・運用を担当している矢倉です。現在、多くのヤフーのiOSアプリでは、ローカル認証を活用した独自のデバイス認証による再認証機能を搭載しています。こ...
3日前

Keep Shipping Through Docker Hub Outages and Rate Limits
Nx Blog
Docker Hub outages and 429 Too Many Requests rate limits break CI pipelines. A read-through cache is the fix the infrastructure vendors recommend, and Nx Cloud offers it for your agents.
3日前
7/5 (日)

sqlite-utils 4.0rc2, mostly written by Claude Fable (for about $149.25) Simon Willison's Weblog
<p>I wrote about the <a href="https://simonwillison.net/2026/Jun/21/sqlite-utils-40rc1/">sqlite-utils 4.0rc1</a> release a couple of weeks ago. Since we only have Claude Fable on our Max subscriptions for a few more days, I decided to see if it could help me get to a 4.0 stable release that I felt truly comfortable about, since I try to keep to <a href="https://semver.org">SemVer</a> and like my incompatible major versions to be as rare as possible.</p><p&...
4日前

sqlite-utils 4.0rc2 Simon Willison's Weblog
<p><strong>Release:</strong> <a href="https://github.com/simonw/sqlite-utils/releases/tag/4.0rc2">sqlite-utils 4.0rc2</a></p> <p>See <a href="https://simonwillison.net/2026/Jul/5/sqlite-utils-fable/">sqlite-utils 4.0rc2, mostly written by Claude Fable (for about $149.25)</a>.</p>
4日前

moon v2.4 - Task checks, Ruby toolchain, storage APIs, and much more
moonrepo Blog
This release is all about control and trust. We're giving tasks a way to gate, skip, and
4日前

pnpm 11.10
pnpm Blog
pnpm 11.10 adds the _auth setting for CI-friendly registry authentication, new pnpm prefix and pnpm issues commands, and the ability for pnpm self-update to install pnpm v12 (the Rust port). It also improves pnpm up accuracy, speeds up resolution against registries that ignore abbreviated metadata, and hardens global package management, pnpm deploy, and pnpm pack-app.
4日前

Building a World Map with only 500 bytes Simon Willison's Weblog
<p><strong><a href="https://www.experimentlog.com/blog/building-a-world-map-with-only-500-bytes">Building a World Map with only 500 bytes</a></strong></p>Iwo Kadziela (assisted by Codex) figured out a way to generate a credible ASCII world map using 445 bytes of data:</p><p><img alt="A map of the world rendered as black asterisk ASCII characters, it looks very good" src="https://static.simonwillison.net/static/2026/world-map-ascii.png" /><...
4日前

Better Models: Worse Tools Simon Willison's Weblog
<p><strong><a href="https://lucumr.pocoo.org/2026/7/4/better-models-worse-tools/">Better Models: Worse Tools</a></strong></p>Armin reports on a weird problem he ran into while hacking on Pi:</p><blockquote><p>The short version is that newer Claude models sometimes call Pi’s edit tool with extra, invented fields in the nested <code>edits[]</code> array. And not Haiku or some small model: Opus 4.8. The edit itself is usually correc...
4日前
7/4 (土)

Safari MCP サーバーでエージェントが Safari ブラウザを操作できるようにする
azukiazusa のテックブログ2
Web アプリケーションの開発には実ブラウザでの動作確認が必要不可欠です。Playwright CLI や chrome-devtools-mcp などエージェント向けのブラウザ操作ツールは多くが Chromium に依存しています。Safari Technology Preview 247 の MCP サーバーは、エージェントを Safari に接続し操作できるようにします。
4日前

AI SDK の MCP Apps 対応でインタラクティブな UI を返す
azukiazusa のテックブログ2
AI SDK の v7 では MCP Apps 対応が追加されました。AI モデルはツールを呼び出す際に `ui://` リソースが紐付けられていれば、アプリケーション側でその UI をサンドボックス化された環境でレンダリングすることができます。この記事では AI SDK の MCP Apps 対応を試してみた内容を紹介します。
4日前

Authentication Bypass in the default configuration phpBB
Aikido Security's Blog
Our AI pentest agents found a critical phpBB auth bypass (CVE-2026-48611): one unauthenticated request logs you into any account. See the exploit and the fix.Category: Vulnerabilities & Threats
5日前

Open Source AI Gap Map Simon Willison's Weblog
<p><strong><a href="https://map.currentai.org">Open Source AI Gap Map</a></strong></p><a href="https://www.currentai.org">Current AI</a> is "a global partnership building a public option for AI", founded as a non-profit at the AI Action Summit in Paris in February 2025 and backed by serious capital ($400m already committed).</p><p>They <a href="https://www.currentai.org/blogs/introducing-the-gap-map-v0-1">launched their Gap Map&l...
5日前

Quoting Josh W. Comeau Simon Willison's Weblog
<blockquote cite="https://bsky.app/profile/joshwcomeau.com/post/3mkxyqgrp2d2t"><p>I just launched my third course, Whimsical Animations, and so far, it’s on track to sell roughly ⅓ as many copies as a typical course launch.</p><p>It’s a similar story with my two existing courses. Sales are down significantly from last year.</p><p>There are likely a lot of reasons for this, but I think the biggest is AI. There’s sort of a double whammy with AI:</p><ol...
5日前

Fable's judgement Simon Willison's Weblog
<p>One of the most interesting tips I got from <a href="https://www.ai.engineer/worldsfair/schedule?session=asn_slot_2026_06_30_main_stage_1230_2026_06_08t09_35_43_039z">the Fireside Chat</a> I hosted with Cat Wu and Thariq Shihipar from the Claude Code team at AIE on Wednesday was to let Fable (and to a certain extent Opus) use their own judgement rather than dictating how they should work.</p><p>The example they gave was testing. You can tell Fable "only use auto...
5日前
7/3 (金)

June 2026 newsletter Simon Willison's Weblog
<p>The June edition of my <a href="https://github.com/sponsors/simonw/">sponsors-only monthly newsletter</a> is out. If you are a sponsor (or if you start a sponsorship now) you can <a href="https://github.com/simonw-private/monthly/blob/main/2026-06-june.md">access it here</a>.</p><p>This month:</p><ul><li>Claude Fable 5, GPT-5.6, and US export restrictions</li><li>GLM-5.2 is the new best open weights model</li><l...
5日前

The Field Guide to Grid Lanes
Master.dev Blog RSS Feed
The WebKit gang did a good job with The Field Guide to Grid Lanes showcasing what kind of layouts are now achievable with display: grid-lanes;. Basically: Masonry layout, with arbitrary column widths, and proper tabbing order, is now progressive-enhanceable and HTML/CSS only.
5日前

Users Don’t Need More Tools: They Need Seamless Integrations
Articles on Smashing Magazine — For Web Designers And Developers
A closer look at why users don’t need more tools in their daily lives. What they need are seamless integrations of useful features to match already existing, established mental models. Brought to you by Design Patterns For AI Interfaces, **friendly video course on UX** and design patterns by Vitaly.
5日前

The Index: Issue #189
Piccalilli - Everything
Fixing full-bleed CSSA rather deep dive into how some of the newer CSS can make this age old pattern even better.Where’s the holistic AI productivity data?It’s hard to find anything other than anecdata from individuals telling us how AI has made them individually more productive. If AI really was creating measurable improvements in productivity across entire organisations, wouldn’t we be seeing that data?[nods]The Goldilocks customizable select heightEven the new custom <select> capabiliti...
5日前

Vercel Sandbox now supports FUSE-based filesystems
Vercel News
now supports FUSE, letting you mount remote storage and custom filesystems inside a running Sandbox. Use it to attach S3 buckets, network filesystems, or any other FUSE-compatible driver as a regular path.Vercel SandboxThis makes it possible to stream large datasets directly from object storage, share state across Sandboxes through a common filesystem, or run tools that expect POSIX paths against remote sources without copying data into the Sandbox first.Learn more about in the documentation.rem
6日前

You have been invited to the 0xInsider.com Discord server!
Trevor I. Lasn, Building 0xinsider
Join the 0xInsider.com Discord community — talk markets, odds, and predictions with fellow prediction market traders in real time.
6日前

Manage Vercel Flags segments with Vercel CLI
Vercel News
segments can now be managed from the with the new command.Vercel FlagsVercel CLIvercel flags segmentsA segment is the targeting primitive a flag uses to decide who sees what. Membership composes from three repeatable tokens: , , and . Pass them to or for incremental edits. For full replacement, takes the entire segment definition as raw JSON.include:exclude:rule:--add--remove--dataAll segment commands support output, making them scriptable from CI, local workflows, and agent-driven pipelines tha
6日前

Agent Runs now available in the Vercel MCP and CLI
Vercel News
Your agent can now inspect via the Vercel MCP and CLI for , the open-source agent framework.Agent Runseveeve traces are automatically ingested when deployed to Vercel and available as Agent Runs. The new and let you find projects with runs, list recent runs, and retrieve full traces, including reasoning, tool calls, and token usage.Vercel MCP toolsVercel CLI commandsVercel MCP tools:Vercel CLI commands:Every CLI subcommand supports for machine-readable output, and traces render as markdown when
6日前

BigQuery未使用テーブルをData Lineage APIで検出する監視システム
CyberAgent Developers Blog | サイバーエージェント デベロッパーズブログ
はじめに ABEMA の Data Platform チームに所属している河野です。 ...
6日前

StepSecurity Maintained Actions Are Now Free for Public Repos
Step Security Blog
StepSecurity Maintained Actions are now free for public repos. Secure, drop-in replacements for risky third-party GitHub Actions, reviewed and actively maintained.
6日前

10 Layers Deep: How StepSecurity Stops TeamPCP's Trivy Supply Chain Attack on GitHub Actions
Step Security Blog
TeamPCP weaponized 76 Trivy version tags overnight. The KICS attack followed the same playbook days later. One security control is not enough. Here is how the StepSecurity platform's ten independent security layers work together to prevent credential exfiltration, detect compromised actions at runtime, and respond to incidents across your entire organization before attackers can succeed.
6日前

llm-coding-agent 0.1a0 Simon Willison's Weblog
<p><strong>Release:</strong> <a href="https://github.com/simonw/llm-coding-agent/releases/tag/0.1a0">llm-coding-agent 0.1a0</a></p> <p>Another Fable 5 experiment. Now that my <a href="https://llm.datasette.io/">LLM library</a> has evolved into more of an agent framework it's time to see what a simple coding agent would look like built on it.</p><p>I started a <a href="https://github.com/simonw/llm-coding-agent/tree/2466fa03ba8...
6日前

Using DSPy to evaluate and improve Datasette Agent's SQL system prompts Simon Willison's Weblog
<p><strong>Research:</strong> <a href="https://github.com/simonw/research/tree/main/dspy-datasette-agent-prompts#readme">Using DSPy to evaluate and improve Datasette Agent&#x27;s SQL system prompts</a></p> <p>One of this morning's AIE keynotes covered <a href="https://github.com/stanfordnlp/dspy">dspy</a>, which reminded me I've been meaning to see if it could help me improve the system prompt used by <a href="https://agent.datasette....
6日前

Cloudflare Workers and Hyperdrive with TanStack Start
Master.dev Blog RSS Feed
In Part 2 of the series on using Cloudflare with Web Apps, the focus is on setting up a database and addressing key issues like performance and connection management.
6日前

Understand to participate Simon Willison's Weblog
<p>I saw Geoffrey Litt speak at <a href="https://www.ai.engineer/worldsfair/2026">AIE</a> yesterday, and one framing he used particularly resonated with me:</p><p><strong>Understand to participate</strong></p><p>Geoffrey was talking about the challenge of collaborating with coding agents as they construct increasingly large and sophisticated changes, and the need to avoid taking on <a href="https://simonwillison.net/tags/cognitive-debt/"&...
6日前

Toolbox App 3.6: Smarter Storage Cleanup, Windows installation diagnostics, and More
Company | The JetBrains Blog
Toolbox App 3.6 gives you better control over local storage and makes Windows installation failures easier to diagnose. Clean up removable Toolbox App data from Settings The Toolbox App now shows how much removable data it can safely clean up, providing a breakdown for the download cache, previous versions, temporary leftovers, and leftover tool directories. […]
6日前

How GitHub used secret scanning to reach inbox zero
The GitHub Blog
GitHub had 20,000+ secret scanning alerts across 15,000 repositories. Here's how we separated signal from noise, built remediation workflows, and reached inbox zero in nine months.The post How GitHub used secret scanning to reach inbox zero appeared first on The GitHub Blog.
6日前
7/2 (木)

AI Pentesting for Compliance
Aikido Security's Blog
Learn which compliance frameworks accept AI pentesting Category: Compliance
6日前

Personal website redesign project post: Rendering AT protocol posts on my /feed
Piccalilli - Everything
I'm again, going to be doing a lot of the same sort of work I did for the WordPress integration, but as this is the first iteration of the AT protocol, it's going to be a lot simpler than that.Just like with the WordPress integration, I used Astro's pagination capabilities to build a paginated "feed" of posts, to satisfy the "Basic rendering of my AT protocol posts" part of the core features I outlined at the beginning of this series.Let's get stuck into that bit first. I created a pages/feed/[.
6日前

Matching AI Modality To User Intent: Designing The Right Interface
Articles on Smashing Magazine — For Web Designers And Developers
We’ve fallen into conversational tunnel vision, defaulting every AI capability into a chat-based interface simply because LLMs are trained on dialogue data. But great UX is about matching modality to users’ context, intent, and cognitive load, so the interface adapts to the user, not the other way around.
6日前

生成AIの利活用事例に関するLT会を開催しました! Hacking Fest 2026 Spring 開催レポート LINEヤフー Tech Blog (LY Corporation Tech Blog
2026年5月某日、生成AI利活用を推進する有志による「Hacking Fest 2026 Spring」が開催されました。Hacking Festとは?Hacking Festは、ゴールデンウィーク...
7日前

理論をどう実運用に乗せるのか。メディア領域のレコメンド最適化で問われる、実装可能性と事業価値への翻訳 LINEヤフー Tech Blog (LY Corporation Tech Blog
レコメンドや最適化の仕事は、モデルの精度を上げることだと思われがちです。しかし、実サービスではそれだけで価値になるとは限りません。ユーザー体験を良くしたい。セッション数を伸ばしたい。広告収益も維持した...
7日前

Changelog - July 2, 2026
Val Town Blog
Townie 5x cheaper, HTTP analytics, scoped blob, agent plugin, ...
7日前

Announcing Vite+ Beta
VoidZero
TL;DR: Vite+ is now in beta. It unifies the runtime, package manager, and frontend tools every web project needs behind one fast, consistent workflow. Start a new project with vp create, or adopt it in an existing project with vp migrate.
7日前

Electron 43
Electron Blog
Electron 43 has been released! It includes upgrades to Chromium 150.0.7871.46, V8 15.0, and Node v24.17.0.
7日前

Routing rules now available on AI Gateway
Vercel News
now supports .Vercel AI Gatewayrouting rulesRouting rules are firewall-style rules that control which models your team can use, applied at the gateway level instead of in your application code.When a model goes down or gets retired, you usually have to ship a code change to move off it. With routing rules, you push one rule and every request reroutes instantly. There are two types:Rules apply to every request made with your team's AI Gateway credentials. You manage them with the .Vercel CLICreat
7日前

Introducing the Safari MCP server for web developers
WebKit
In Safari Technology Preview 247, we’re introducing the Safari MCP server — a Model Context Protocol server for web developers that makes your web development and debugging workflow faster and more powerful.
7日前

Release Notes for Safari Technology Preview 247
WebKit
Safari Technology Preview Release 247 is now available for download for macOS Golden Gate and macOS Tahoe.
7日前

Totally Free Course: Claude Code
Master.dev Blog RSS Feed
Lydia Hallie from Anthropic spends a couple of hours with us, helping us level up what we’re doing with Claude Code. Learn to customize Claude Code for your codebase, using CLAUDE.md, plan mode, and permissions that adhere to your team’s standards. Build reusable skills tailored to your processes and wire up hooks so Claude behaves […]
7日前

The Missing Governance Layer in AI Document Editing
CKEditor Ecosystem Blog
Frontier AI models corrupt around 25% of content in long edits. See how an enterprise AI governance layer makes every AI change reviewable.
7日前

Secure internal communication between services (beta)
Vercel News
Service Bindings make it easy for one Vercel service to securely call another within the same deployment.When a service declares a binding for another service, Vercel automatically injects the configured environment variable. That means user code can fetch that URL normally, while Vercel handles the internal rewrite, routing, authentication, and TLS behind the scenes.This enables multi-service applications on Vercel, like a Next.js frontend calling a FastAPI backend, while preserving service iso
7日前

Secure Registry now tells you which machine pulled a compromised package
Step Security Blog
Secure Registry now traces every npm and PyPI install back to the developer machine or CI pipeline behind it, so you can scope a compromised package in minutes.
7日前

Multiple @immobiliarelabs Backstage Plugins Compromised on npm
Step Security Blog
Compromised versions run a malicious payload at npm install time through a binding.gyp node-gyp hook, harvesting credentials from sources like GitHub Actions secrets, cloud provider keys, and package registry tokens, while trying to persist in AI coding assistant configs. Static analysis of version 2.1.2 against the clean 2.1.1 release revealed a new 5 MB index.js and an added binding.gyp, both absent from earlier releases.
7日前

Maven Support Comes to GitHub Checks and OSS Package Search
Step Security Blog
StepSecurity now supports Maven in GitHub Checks and OSS Package Search, blocking compromised and freshly published Java dependencies in your pull requests.
7日前

Mass npm Supply Chain Attack: 20 Leo Platform Packages Compromised
Step Security Blog
On June 24, 2026, an attacker published malicious versions of 20 npm packages belonging to the Leo Platform ecosystem in a coordinated burst spanning less than three seconds. All 20 packages carry an identical CI/CD attack toolkit that steals secrets from GitHub Actions runners, cloud credential stores, package registries, and password managers, then exfiltrates them via the victim's own GitHub token. Together these packages receive approximately 13,600 downloads per week.
7日前

simonecorsi/mawesome GitHub Action has been compromised
Step Security Blog
On June 24, 2026, an attacker compromised the simonecorsi/mawesome GitHub repository. They force-pushed malicious commits and repointed several version tags to that commit. As a result, any workflow running against those tags after that time executed the attacker's code inside its GitHub Actions runner.
7日前

codfish/semantic-release-action GitHub Action has been compromised
Step Security Blog
On June 24, 2026, an attacker compromised the codfish/semantic-release-action GitHub repository. At 15:39:06 UTC they force-pushed a malicious commit and repointed several version tags to that commit. As a result, any workflow running against those tags after that time executed the attacker's code inside its GitHub Actions runner.
7日前

15 Malicious JetBrains Plugins Stole AI API Keys from 70,000 Developers
Step Security Blog
A coordinated 8-month supply chain attack planted credential-stealing code inside fake AI coding assistants on the JetBrains Marketplace, quietly exfiltrating OpenAI, DeepSeek, and SiliconFlow API keys to an attacker-controlled server in Beijing -- which our investigation found still operational today.
7日前

PolinRider: North Korea-Linked Supply Chain Campaign Expands Across Open Source Ecosystems
Socket
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.
7日前




