惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

G
Google Developers Blog
Jina AI
Jina AI
大猫的无限游戏
大猫的无限游戏
Martin Fowler
Martin Fowler
博客园 - 司徒正美
云风的 BLOG
云风的 BLOG
C
Cybersecurity and Infrastructure Security Agency CISA
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
S
Securelist
S
Security Affairs
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
L
LINUX DO - 热门话题
博客园 - 三生石上(FineUI控件)
T
Threatpost
T
The Blog of Author Tim Ferriss
C
CERT Recently Published Vulnerability Notes
IT之家
IT之家
P
Palo Alto Networks Blog
Microsoft Azure Blog
Microsoft Azure Blog
Spread Privacy
Spread Privacy
Cyberwarzone
Cyberwarzone
腾讯CDC
L
LangChain Blog
Know Your Adversary
Know Your Adversary
C
CXSECURITY Database RSS Feed - CXSecurity.com
GbyAI
GbyAI
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
I
Intezer
T
Tor Project blog
AWS News Blog
AWS News Blog
T
Tenable Blog
NISL@THU
NISL@THU
Security Latest
Security Latest
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
H
Hackread – Cybersecurity News, Data Breaches, AI and More
人人都是产品经理
人人都是产品经理
MongoDB | Blog
MongoDB | Blog
MyScale Blog
MyScale Blog
D
DataBreaches.Net
Microsoft Security Blog
Microsoft Security Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
量子位
美团技术团队
The Cloudflare Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
罗磊的独立博客
The GitHub Blog
The GitHub Blog
阮一峰的网络日志
阮一峰的网络日志
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Stack Overflow Blog
Stack Overflow Blog

Hacker News - Newest: "AI"

AI can't read an investor deck AI as an attorney? Student uses ChatGPT, Gemini to sue UW over alleged racial discrimination Hacking MCP Servers in AI Systems – The Rug Pull: Tool Changes After Approval GitHub - MeepCastana/KubeezCut: Free Web based video editor GitHub - GenAI-Gurus/awesome-eu-ai-act: Curated tools, official sources, OSS, templates, and guides for EU AI Act compliance. Can AI judge journalism? A Thiel-backed startup says yes, even if it risks chilling whistleblowers Coming soon: 10 Things That Matter in AI Right Now DARPA built an AI to fact-check enemy weapons claims What explains heterogeneity in AI adoption? When AI Meets Muscle: Context-Aware Electrical Stimulation Promises a New Way to Guide Human Movements - Department of Computer Science AI Changed How We Build. It Did Not Change What Matters. Linux rules on using AI-generated code - Copilot is OK, but humans must take 'full responsibility for the… Meta spins up AI version of Mark Zuckerberg to engage with employees Code Mode: Let Your AI Write Programs, Not Just Call Tools | TanStack Blog GitHub - Delavalom/graft: Go framework for building AI agents. Type-safe tools, multi-provider (OpenAI, Anthropic, Gemini, Bedrock), zero vendor SDKs. India's TCS tops estimates, says new AI models did not dent services demand Gen Z's fading AI hype Strong feeling: we are in a folded AI reality GitHub - machinarii/total-recall-catalog: A reference catalog of latest knowledge retrieval, memory & RAG systems GitHub - mensfeld/code-on-incus: Give each AI agent its own isolated machine with root, Docker, and systemd. Active defense detects and stops threats automatically.. Quantization, LoRA, and the 8% Problem: Benchmarking Local LLMs for Production AI Iran war: We spoke to the man making Lego-style AI videos that experts say are powerful propaganda Powell, Bessent discussed Anthropic's Mythos AI cyber threat with major U.S. banks GitHub - immartian/bellamem: Persistent belief-graph memory for AI agents. Retrieves decisive context by importance — not recency, not RAG, not /compact. recursive-mode: The Repo-Native Operating System for AI Engineering After the attack on Sam Altman's home, will AI CEO's go on the offensive? The biggest advance in AI since the LLM Opus 4.6 vs GPT 5.4 One Prompt Unity World Generation Test “AI polls” are fake polls Client Challenge Can AI be a 'child of God'? Inside Anthropic's meeting with Christian leaders How to Switch AI Chatbots and Why You Might Want To GitHub - MattMessinger1/agentic_refund_guardrail: Safe refund policy layer for AI agents — Python + TypeScript. Same behavior, shared tests. Adam/papers/emergent_values_whitepaper.md at master · strangeadvancedmarketing/Adam Ask HN: How do you stop playing 20 questions with your AI coding tools How far can automation and AI support psychotherapy? - @theU GitHub - stagas/rtdiff: realtime git diff gui and AI-assisted commits A Mac Studio for Local AI — 6 Months Later A History of the Early Years of AI at the University of Edinburgh Why AI Coding Tools Still Feel Stuck on Localhost MSN AI Datacenters Are Becoming Strategic Targets twitter.com Penn Researchers Use AI to Surface Unreported GLP-1 Side Effects in Reddit Posts Show HN: MoodSense AI (ML and FastAPI and Gradio, Deployed on Hugging Face) Moodsense Ai - a Hugging Face Space by aman179102 AI models are terrible at betting on soccer—especially xAI Grok GitHub - xialeistudio/echoic GitHub - HimashaHerath/github-dev-wrapped: AI-powered weekly GitHub activity reports deployed to GitHub Pages GitHub - alejandrobalderas/claude-code-from-source: Architecture, patterns & internals of Anthropic's AI coding agent — reverse-engineered from source maps AI and Tech brief: Ireland ascendant GitHub - Titovilal/context0: Context0 - Never Surrender Training for a Marathon with an AI Coach: What Worked and What Didn't Cyber Pulse: Agentic Intel - Apps on Google Play I Built an AI PR Reviewer That Catches Bugs by Not Looking for Bugs Gen Z workers are so fearful AI will take their job they’re intentionally sabotaging their company’s AI rollout | Fortune How AI Is Reimagining the Game of Golf–For Both Players and Courses GitHub - nattergabriel/reseed: A CLI tool for managing and distributing agent skills across projects Is SVG the final frontier? My AI workflow evolved from prompts to a near-autonomous workflow MLSharp Help - 3DGS Viewer & Generator I put my cognitive field based AI's runtime on GitHub Is Numble the first AI-proof game? A3: Kubernetes for autonomous AI agent fleets | Emergent Principles Deepali Vyas ("The Elite Recruiter") GitHub - msmarkgu/RelayFreeLLM: A restful API designed to route user prompts to various AI model providers. Unionized ProPublica staff are on strike over AI, layoffs, and wages Unleashing the Advantage of Quantum AI We're heading for an AI-fueled 'dementia crisis,' brain scientist warns The AI-Assisted Breach of Mexico's Government Infrastructure [pdf] GitHub - stef41/lmscan: 🔍 Detect AI-generated text and fingerprint which LLM wrote it. Open-source GPTZero alternative. Zero dependencies, works offline. MSN GitHub - visionscaper/collabmem: Enabling long-term collaboration with Agentic AI - building up episodic and world model memory over time with in-context awareness We gave an AI a 3 year retail lease in SF and asked it to make a profit | Andon Labs AI Code is Hollowing Out Open Source, and Maintainers are Looking the Other Way What leaked "SteamGPT" files could mean for the PC gaming platform's use of AI AI is the boss at this retail store. What could go wrong? GitHub - Wuzu11517/agentic-proxy: Local proxy meant to help reduce With Drones, Geophysics and ArtificiaI Intelligence, Researchers Prepare to Do Battle Against Land Mines A Single Operator, Two AI Platforms, Nine Government Agencies: The Full Technical Report 在 Steam 上购买 FriedrichAI: Offline AI 立省 10% GitHub - inevolin/resume-cli: Hit Claude usage limits? Resume any AI coding session elsewhere. Switch tools at zero friction. GitHub - atripati/ark: AI Runtime Kernel — a context operating system for AI agents. Eliminates tool bloat, loads only what’s needed, and gives LLMs their reasoning space back. How to Build a Secure AI PR Reviewer with Claude, GitHub Actions, and JavaScript This Startup Wants You to Pay Up to Talk With AI Versions of Human Experts Intel Arc Pro B70 Brings 32GB VRAM to Local AI for $949 WordPress 7.0: The Good, the AI, and the Still Missing AI on the couch: Anthropic gives Claude 20 hours of psychiatry IatroBench: Pre-Registered Evidence of Iatrogenic Harm from AI Safety Measures AI Agents Know About Supabase. They Don't Always Use It Right. The history and future of AI at Google, with Sundar Pichai Inside an AI‑enabled device code phishing campaign How Meta Used AI to Map Tribal Knowledge in Large-Scale Data Pipelines AI for Systems: Using LLMs to Optimize Database Query Execution Forecasting the Economic Effects of AI Introducing Tinker: Play with AI, bring your ideas to life AI sheds light on an ancient gaming mystery People really hate AI but not as much as Iran—or Democrats | Fortune What is an AI Product Engineer? Phoebe Gates wants her $185 million AI startup to succeed with 'no ties to my privilege or my last name': 'I have a chip on my shoulder' | Fortune
GitHub - gregario/the-rouge: Not one-shot code generation. Iterative product development: build, evaluate against external signals, fix, repeat until the quality bar is met.
gr3gario · 2026-05-05 · via Hacker News - Newest: "AI"

npm version npm downloads MIT Sponsor

In 1928, Ford opened the River Rouge Complex. Iron ore went in one end. Finished cars came out the other. Raw materials to finished product, under one roof.

Rouge is the software version. A product idea goes in. A deployed, tested, monitored application comes out.

Not one-shot code generation. Iterative product development: build, evaluate against external signals, fix, repeat until the quality bar is met. The same loop a good engineering team runs, except it runs overnight while you sleep.

Quick start

npm install -g the-rouge

rouge setup                 # First-time: install dashboard, check prerequisites
rouge dashboard start       # Start the dashboard

V3 Process Map: Rouge Spec (8 disciplines) → Foundation → Story Building Loop (with safety layer) → Ship + Self-Improvement

Rouge Dashboard — flight control tower showing project status, escalations, milestones, and build progress

Caution

Open source, experimental, runs with --dangerously-skip-permissions.

Rouge spawns Claude Code with no permission checks, no workspace boundaries, and full read/write access to your machine. It can wipe your filesystem, force-push over your git history, deploy code you didn't review, and run up thousands of dollars in Anthropic API charges in a single session. Real cloud resources. Real money. No sandbox.

Rouge has mitigations, but none of them are guarantees:

  • budget_cap_usd in rouge.config.json is supposed to halt the loop when spend exceeds the cap. Bugs in cap enforcement have shipped before and may again — treat the cap as a soft guardrail, not a circuit breaker.
  • rouge-safety-check.sh blocks some destructive Bash and Write patterns at the spawn boundary. It can't catch what it doesn't recognise.
  • Prompt-level isolation rules instruct the model not to touch other projects' infrastructure. These are convention, not enforcement.
  • Running on a dedicated machine, VM, or fresh user account limits blast radius. It doesn't prevent damage to that machine.
  • Committing your work frequently gives you git as an undo button for code changes. It does not undo cloud deploys, force-pushed remotes, or charges to your API account.

Use at your own risk.

How it works

Dashboard

The dashboard is your control plane: real-time project visibility, escalation responses, build logs, milestone progress, and seeding sessions. One process, one port (default 3001; override via ROUGE_DASHBOARD_PORT), auto-opens in your browser. Start it with rouge dashboard start (background) or rouge dashboard (foreground). Global installs ship a prebuilt Next.js standalone server — cold start is ~2s, no dev toolchain required. Pass --no-open to skip the auto-open.

A Slack integration exists in src/slack/ as a notification-only sidecar. It's no longer recommended for new setups — the dashboard is the supported control surface. Existing Slack setups can opt back into the legacy write paths via ROUGE_SLACK_ALLOW_WRITES=1 during the deprecation window. See docs/how-to/slack-setup.md.

The loop

Inspired by Karpathy's AutoResearch. No long-running process. Each phase starts fresh, reads state from the filesystem, does one thing, saves, and exits. Git is the audit trail. The loop iterates as many times as it needs to. There's no fixed limit. It's done when it's done.

Seed — you describe the product. Eight discipline-specific personas run through it (brainstorming, competition, taste, spec, infrastructure, design, legal, marketing). About 10-20 minutes of your time. Then it's autonomous. See a full seeding example.

Build — reads specs, writes code with TDD, deploys to staging. All work happens on a single branch with milestone tags per shipped feature area — no branch-per-story sprawl. State is tracked via a dual ledger: task_ledger.json for task tracking and checkpoints.jsonl for immutable cycle history.

Evaluate — five-lens assessment: test integrity, code review, browser QA, product evaluation, design review. One browser session, three evaluation lenses reading the same observation data. All evaluation prompts write output to cycle_context.json only — they never mutate the task ledger or project state directly. A strict I/O contract keeps evaluation data readable by the analyse phase without side-effects.

Analyse — reads all reports, classifies root causes, decides: fix, advance to the next feature, restructure the architecture, or ship.

The loop runs until all feature areas meet the quality bar. Then it promotes to production and notifies you via the dashboard (or Slack, if configured).

Self-improvement — after each completed product, Rouge reviews its own prompts against what worked and what didn't. Improvement proposals become GitHub issues, run in an isolated git worktree with an allowlist/blocklist, and land as PRs for human review. The running loop never modifies itself.

Linked projects — products can depend on each other. A fleet manager that needs a maps API triggers the maps project to be built first. The project registry tracks what's shipped and what each project provides. Circular dependencies are detected at seed time.

Composable decomposition

This is the core innovation. A timer app needs no decomposition. A fleet management system with trips, vehicles, a dashboard, maps, and a trip simulator needs a completely different approach.

Rouge derives a complexity profile from your spec. Measurements, not categories. How many entities share relationships? How many integrations? How dense is the dependency graph? These measurements activate composable capabilities:

Capability What it does
Foundation cycle Horizontal infrastructure pass (schema, auth, integrations) before any features
Dependency ordering DAG-resolved build order for milestones and stories. Linked project dependencies resolved at seed time — if Product B needs Product A, Rouge builds A first
Integration escalation Hard blocks on missing patterns instead of silently degrading
Foundation evaluation Structural review (schema completeness), not user journeys
Infrastructure discipline Eighth seeding discipline: resolves database vs deploy target compatibility, auth strategy, data source viability, and known-bad technology combinations at spec time — before the loop starts building. Outputs infrastructure_manifest.json that the foundation phase executes without re-deciding

A timer app produces a trivial infrastructure manifest and a single milestone. A fleet management SaaS activates everything: foundation cycles, multi-milestone dependency ordering, integration escalation, linked project resolution. Same system, different measurements.

The capability avoidance problem. Without this, the builder optimises for what it CAN build, not what the product NEEDS. No maps pattern? It substitutes a table of coordinates. Every test passes. The product is useless. Rouge's fix: hard blocking. If maps are needed and the pattern doesn't exist, Rouge blocks and escalates. It either builds the pattern autonomously (researches the API, evaluates scale trade-offs, creates a wrapper) or escalates. When it does build that pattern, it gets added to the catalogue. The next product that needs maps doesn't start from scratch.

The backwards flow. Sometimes the decomposition is wrong. The analysing phase detects the structural issue and inserts a foundation cycle mid-flight, like a startup pivot at a smaller scale. Autonomous when bounded. Escalates when it isn't.

The integration catalogue

Three tiers of patterns that grow as Rouge builds products:

  • Stacks — language, framework, runtime (Next.js on Cloudflare, Godot, etc.)
  • Services — external services with lifecycle (Supabase, Stripe, Sentry, Counterscale)
  • Integrations — code patterns within services (Stripe checkout, Supabase RLS, Sentry error boundary)

Each entry has setup guides, env vars, free tier limits, scale considerations, and working code. The catalogue ships with seed entries and grows as Rouge builds products. When a foundation cycle creates a new integration pattern, Rouge automatically drafts a catalogue entry and opens a PR to contribute it back. Every product Rouge builds potentially makes Rouge better at building the next one.

The Library

Rouge's accumulated design intelligence. Not documentation. Machine-readable context that feeds into every phase.

  • Global standards — 15 universal quality heuristics (page load, accessibility, error recovery)
  • Domain-specific taste — grows per domain (web apps, APIs, games)
  • Learned judgment — accumulated from your feedback. Your Rouge learns your taste.

Taste encoded as testable signals: "page load under 2 seconds," "core tasks in 3 clicks or fewer," "primary content in dominant visual position."

Economics

Set budget_cap_usd in rouge.config.json before any real build. The loop escalates when the cap is hit. Without a cap, a misconfigured run can burn through thousands of dollars of API credits before you notice.

Rouge runs on your Claude Code subscription or via direct API keys. Each phase consumes either session time (subscription) or token credits (API). Costs vary widely with product complexity, evaluation cycles, and how many fix stories the loop generates — these are rough order-of-magnitude estimates, not guarantees:

Product size Estimated API cost Estimated time
Small (1-3 features) $5–20 2–4 hours
Medium SaaS (5–10 features) $50–150 1–3 days
Large SaaS (10+ features) $150+ 3+ days

Rouge runs on Opus by default for every phase except milestone-check (a bookkeeping step that runs on Sonnet). Override per-phase via rouge.config.json.model_overrides.

Run rouge cost <project> for a live estimate during a build. Infrastructure on free tiers (Cloudflare, Supabase, Vercel hobby) typically adds nothing for small projects.

Built with

  • AI Factory by Greg Jackson — the factory that built Rouge
  • GStack by Garry Tan — Rouge uses GStack's headless browser for milestone evaluation, product walks, and QA
  • Superpowers by Jesse Vincent — engineering discipline skills
  • OpenSpec — product specification and task management
  • Excalidraw — hand-drawn diagrams
  • Supabase — database, auth, and storage for products Rouge builds
  • Cloudflare Workers / Vercel — deployment targets for products Rouge builds

Getting started (detailed)

npm install -g the-rouge

Or clone from source:

git clone https://github.com/gregario/the-rouge.git
cd the-rouge && npm install

Prerequisites

  • Claude Code CLI — the execution engine for every phase
    npm install -g @anthropic-ai/claude-code
    Requires a Claude subscription (Pro or Max). Verify: claude --version
  • Node.js 18+ — launcher, dashboard, scripts
  • Git — every phase commits
  • GStack — required for web product evaluation (browser QA, product walk, design review). Install: git clone --depth 1 https://github.com/garrytan/gstack.git ~/.claude/skills/gstack && cd ~/.claude/skills/gstack && ./setup. Verify: rouge doctor

Optional:

  • Wrangler CLI — Cloudflare Workers deployment
  • Supabase CLI — database, auth, storage
  • Vercel CLI — Vercel deployment

Run rouge doctor to verify all prerequisites are installed.

First-time setup

rouge setup                 # Install dashboard, check prerequisites, create dirs

This runs rouge doctor, installs the dashboard, and prepares the projects directory. Everything else is optional.

Start the dashboard

rouge dashboard start       # Background mode (persistent, survives terminal close; auto-opens browser)
rouge dashboard status      # Check if running
rouge dashboard stop        # Stop the dashboard
rouge dashboard             # Foreground mode (Ctrl+C to stop)
rouge dashboard --no-open   # Skip the auto-open

The dashboard is the primary control plane: real-time project visibility, escalation responses, build logs, milestone progress, and seeding sessions. It runs on port 3001 by default (override via ROUGE_DASHBOARD_PORT) and reads live project state from ~/.rouge/projects/. The actual URL is printed when the dashboard starts.

Set up integrations

rouge setup supabase
rouge setup stripe
rouge secrets list

Secrets stored in your OS credential store (macOS Keychain, Linux secret-service, Windows Credential Manager). Rouge never sees the values.

Alternative: Slack notification-only sidecar (legacy)

The Slack control plane is deprecated. Code stays in src/slack/ as a notification-only sidecar — incoming write commands are skipped with a deprecation warning. Existing setups can opt back into the legacy write paths via ROUGE_SLACK_ALLOW_WRITES=1 during the deprecation window. New features and bug fixes land in the dashboard only. See docs/how-to/slack-setup.md.

Build a product

rouge init my-product
rouge seed my-product       # Interactive seeding (~10-20 min)
rouge build my-product      # Start the autonomous loop
rouge status                # Check progress
rouge cost my-product       # See cost estimate

Safety

Safety is deterministic JavaScript, not LLM judgment. Every safety mechanism is enforced in the launcher — pure code that cannot be hallucinated away, argued with, or forgotten by a prompt. The LLM builds; the launcher constrains.

  • Blocked commandsrouge-safety-check.sh runs as a PreToolUse hook on every Bash and Write call. Blocks rm -rf /, git push --force to main, production deploys, Stripe live keys, destructive database operations, and writes to safety-critical files
  • Deploy blocking — only staging and preview deploys allowed by default. Deploy must succeed (with 3 retries) before milestone evaluation runs. Failed deploy → escalation, not stale evaluation
  • Cost caps — per-phase token tracking with cumulative USD budget. The loop escalates when the cap is hit — it does not silently continue
  • Spin detection — 3+ zero-delta stories, duplicate story names, or 30 minutes without meaningful progress → escalation. This is what prevented the V2 overnight 12-hour spin
  • Milestone lock — promoted milestones are locked in the checkpoint stream. The loop cannot regress to re-build a shipped milestone, even after a crash and restart
  • Story deduplication — stories completed in earlier milestones are skipped, not re-executed
  • Audit trail — every tool call logged to tools.jsonl; every state transition checkpointed to checkpoints.jsonl. Both append-only
  • Self-improvement isolation — Rouge can propose prompt improvements, but changes run in a git worktree with an allowlist/blocklist. The running loop never modifies its own launcher, config, or safety hooks

Caution

Rouge runs with --dangerously-skip-permissions (Claude Code's YOLO mode). The safety hooks above cover known-dangerous patterns, but they are not comprehensive filesystem protection. Rouge can read, write, and execute arbitrary commands within the project directory. Run it on a machine you're comfortable giving that level of access to, and keep your work committed. Git is your undo button.

For common issues, see troubleshooting.

Contributing

See CONTRIBUTING.md.

Integration catalogue entries — service adapters (Tier 2) or code patterns (Tier 3). Each product you build with Rouge can contribute patterns back. All contributions reviewed by maintainers. This is the fastest way to expand what Rouge can build.

Stack support — new deployment targets, frameworks, runtimes. This is how Rouge goes from "builds web apps" to "builds tech products."

Bug reports and prompt improvements — if Rouge produces bad output, the fix is usually in a prompt. PRs welcome.

What's next

Rouge builds products. The architecture is stack-agnostic — what it can build depends on what stacks and integrations are in the catalogue, and that surface grows with every product shipped and every community contribution.

Current priorities:

  • More stacks — Vercel, Docker Compose, additional database providers, framework support beyond Next.js
  • Dashboard polish — the dashboard ships as the primary control plane; next steps are live SSE event streaming and the onboarding wizard
  • Community patterns — every product Rouge builds can contribute integration patterns back to the catalogue, making Rouge better at building the next one

License

MIT. Use it for whatever you want — personal projects, commercial products, hosted services, reselling, anything. The only thing the license asks is that you keep the copyright notice in copies you distribute.

If Rouge is useful to you, sponsorship helps fund continued development, but it's not required.