惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Threatpost
aimingoo的专栏
aimingoo的专栏
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
T
Tailwind CSS Blog
J
Java Code Geeks
博客园_首页
Google Online Security Blog
Google Online Security Blog
Hugging Face - Blog
Hugging Face - Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
I
Intezer
P
Palo Alto Networks Blog
V
Vulnerabilities – Threatpost
雷峰网
雷峰网
O
OpenAI News
SecWiki News
SecWiki News
小众软件
小众软件
酷 壳 – CoolShell
酷 壳 – CoolShell
美团技术团队
N
News | PayPal Newsroom
Project Zero
Project Zero
Forbes - Security
Forbes - Security
IT之家
IT之家
A
Arctic Wolf
WordPress大学
WordPress大学
Jina AI
Jina AI
T
Tor Project blog
博客园 - 三生石上(FineUI控件)
S
Secure Thoughts
Google DeepMind News
Google DeepMind News
Attack and Defense Labs
Attack and Defense Labs
博客园 - 聂微东
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
P
Privacy International News Feed
Cloudbric
Cloudbric
G
GRAHAM CLULEY
博客园 - 叶小钗
H
Hacker News: Front Page
腾讯CDC
量子位
Help Net Security
Help Net Security
人人都是产品经理
人人都是产品经理
C
Cyber Attacks, Cyber Crime and Cyber Security
月光博客
月光博客
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
宝玉的分享
宝玉的分享
爱范儿
爱范儿
L
Lohrmann on Cybersecurity
Hacker News - Newest:
Hacker News - Newest: "LLM"
Recorded Future
Recorded Future
C
CERT Recently Published Vulnerability Notes

Hacker News - Newest: "AI"

AI can't read an investor deck AI as an attorney? Student uses ChatGPT, Gemini to sue UW over alleged racial discrimination Hacking MCP Servers in AI Systems – The Rug Pull: Tool Changes After Approval GitHub - MeepCastana/KubeezCut: Free Web based video editor GitHub - GenAI-Gurus/awesome-eu-ai-act: Curated tools, official sources, OSS, templates, and guides for EU AI Act compliance. Can AI judge journalism? A Thiel-backed startup says yes, even if it risks chilling whistleblowers Coming soon: 10 Things That Matter in AI Right Now DARPA built an AI to fact-check enemy weapons claims What explains heterogeneity in AI adoption? When AI Meets Muscle: Context-Aware Electrical Stimulation Promises a New Way to Guide Human Movements - Department of Computer Science AI Changed How We Build. It Did Not Change What Matters. Linux rules on using AI-generated code - Copilot is OK, but humans must take 'full responsibility for the… Meta spins up AI version of Mark Zuckerberg to engage with employees Code Mode: Let Your AI Write Programs, Not Just Call Tools | TanStack Blog GitHub - Delavalom/graft: Go framework for building AI agents. Type-safe tools, multi-provider (OpenAI, Anthropic, Gemini, Bedrock), zero vendor SDKs. India's TCS tops estimates, says new AI models did not dent services demand Gen Z's fading AI hype Strong feeling: we are in a folded AI reality GitHub - machinarii/total-recall-catalog: A reference catalog of latest knowledge retrieval, memory & RAG systems GitHub - mensfeld/code-on-incus: Give each AI agent its own isolated machine with root, Docker, and systemd. Active defense detects and stops threats automatically.. Quantization, LoRA, and the 8% Problem: Benchmarking Local LLMs for Production AI Iran war: We spoke to the man making Lego-style AI videos that experts say are powerful propaganda Powell, Bessent discussed Anthropic's Mythos AI cyber threat with major U.S. banks GitHub - immartian/bellamem: Persistent belief-graph memory for AI agents. Retrieves decisive context by importance — not recency, not RAG, not /compact. recursive-mode: The Repo-Native Operating System for AI Engineering After the attack on Sam Altman's home, will AI CEO's go on the offensive? The biggest advance in AI since the LLM Opus 4.6 vs GPT 5.4 One Prompt Unity World Generation Test “AI polls” are fake polls Client Challenge Can AI be a 'child of God'? Inside Anthropic's meeting with Christian leaders How to Switch AI Chatbots and Why You Might Want To GitHub - MattMessinger1/agentic_refund_guardrail: Safe refund policy layer for AI agents — Python + TypeScript. Same behavior, shared tests. Adam/papers/emergent_values_whitepaper.md at master · strangeadvancedmarketing/Adam Ask HN: How do you stop playing 20 questions with your AI coding tools How far can automation and AI support psychotherapy? - @theU GitHub - stagas/rtdiff: realtime git diff gui and AI-assisted commits A Mac Studio for Local AI — 6 Months Later A History of the Early Years of AI at the University of Edinburgh Why AI Coding Tools Still Feel Stuck on Localhost MSN AI Datacenters Are Becoming Strategic Targets twitter.com Penn Researchers Use AI to Surface Unreported GLP-1 Side Effects in Reddit Posts Show HN: MoodSense AI (ML and FastAPI and Gradio, Deployed on Hugging Face) Moodsense Ai - a Hugging Face Space by aman179102 AI models are terrible at betting on soccer—especially xAI Grok GitHub - xialeistudio/echoic GitHub - HimashaHerath/github-dev-wrapped: AI-powered weekly GitHub activity reports deployed to GitHub Pages GitHub - alejandrobalderas/claude-code-from-source: Architecture, patterns & internals of Anthropic's AI coding agent — reverse-engineered from source maps AI and Tech brief: Ireland ascendant GitHub - Titovilal/context0: Context0 - Never Surrender Training for a Marathon with an AI Coach: What Worked and What Didn't Cyber Pulse: Agentic Intel - Apps on Google Play I Built an AI PR Reviewer That Catches Bugs by Not Looking for Bugs Gen Z workers are so fearful AI will take their job they’re intentionally sabotaging their company’s AI rollout | Fortune How AI Is Reimagining the Game of Golf–For Both Players and Courses GitHub - nattergabriel/reseed: A CLI tool for managing and distributing agent skills across projects Is SVG the final frontier? My AI workflow evolved from prompts to a near-autonomous workflow MLSharp Help - 3DGS Viewer & Generator I put my cognitive field based AI's runtime on GitHub Is Numble the first AI-proof game? A3: Kubernetes for autonomous AI agent fleets | Emergent Principles Deepali Vyas ("The Elite Recruiter") GitHub - msmarkgu/RelayFreeLLM: A restful API designed to route user prompts to various AI model providers. Unionized ProPublica staff are on strike over AI, layoffs, and wages Unleashing the Advantage of Quantum AI We're heading for an AI-fueled 'dementia crisis,' brain scientist warns The AI-Assisted Breach of Mexico's Government Infrastructure [pdf] GitHub - stef41/lmscan: 🔍 Detect AI-generated text and fingerprint which LLM wrote it. Open-source GPTZero alternative. Zero dependencies, works offline. MSN GitHub - visionscaper/collabmem: Enabling long-term collaboration with Agentic AI - building up episodic and world model memory over time with in-context awareness We gave an AI a 3 year retail lease in SF and asked it to make a profit | Andon Labs AI Code is Hollowing Out Open Source, and Maintainers are Looking the Other Way What leaked "SteamGPT" files could mean for the PC gaming platform's use of AI AI is the boss at this retail store. What could go wrong? GitHub - Wuzu11517/agentic-proxy: Local proxy meant to help reduce With Drones, Geophysics and ArtificiaI Intelligence, Researchers Prepare to Do Battle Against Land Mines A Single Operator, Two AI Platforms, Nine Government Agencies: The Full Technical Report 在 Steam 上购买 FriedrichAI: Offline AI 立省 10% GitHub - inevolin/resume-cli: Hit Claude usage limits? Resume any AI coding session elsewhere. Switch tools at zero friction. GitHub - atripati/ark: AI Runtime Kernel — a context operating system for AI agents. Eliminates tool bloat, loads only what’s needed, and gives LLMs their reasoning space back. How to Build a Secure AI PR Reviewer with Claude, GitHub Actions, and JavaScript This Startup Wants You to Pay Up to Talk With AI Versions of Human Experts Intel Arc Pro B70 Brings 32GB VRAM to Local AI for $949 WordPress 7.0: The Good, the AI, and the Still Missing AI on the couch: Anthropic gives Claude 20 hours of psychiatry IatroBench: Pre-Registered Evidence of Iatrogenic Harm from AI Safety Measures AI Agents Know About Supabase. They Don't Always Use It Right. The history and future of AI at Google, with Sundar Pichai Inside an AI‑enabled device code phishing campaign How Meta Used AI to Map Tribal Knowledge in Large-Scale Data Pipelines AI for Systems: Using LLMs to Optimize Database Query Execution Forecasting the Economic Effects of AI Introducing Tinker: Play with AI, bring your ideas to life AI sheds light on an ancient gaming mystery People really hate AI but not as much as Iran—or Democrats | Fortune What is an AI Product Engineer? Phoebe Gates wants her $185 million AI startup to succeed with 'no ties to my privilege or my last name': 'I have a chip on my shoulder' | Fortune
Preparing Specs for AI Coding Agents - Forkline Blog
Forkline Team · 2026-06-18 · via Hacker News - Newest: "AI"

What a good coding-agent spec includes

Specs are becoming more important because AI coding agents are no longer only answering questions. They are reading repositories, editing files, running commands, producing branches, and asking humans to review the result. That changes what a prompt needs to become.

When an assistant only answers a question, a private prompt can be enough. When an agent changes a shared codebase, the prompt becomes an assignment. And an assignment needs more than good wording. It needs the right context, boundaries, examples, and a way to judge whether the work matched the original intent.

That is the practical reason to prepare a spec before sending a coding agent into a repository. The spec does not need to be long. It does need to tell the agent what problem it is solving, what behavior should change, what must not change, and how the result will be reviewed.

At minimum, a good coding-agent spec should give the agent five things:

  • the context behind the task
  • the behavior that should change
  • the constraints the agent should preserve
  • examples or scenarios that define correctness
  • the validation evidence a reviewer should inspect

This is the useful idea behind spec-driven development, behavior scenarios, issue templates, lightweight design docs, OpenSpec, GitHub Spec Kit, and many internal engineering proposal formats. The specific framework matters less than the shape of the spec: the agent should receive enough context to act, and the team should receive enough structure to review the result.

The spec is not a nicer prompt. It is the prepared assignment between human intent and machine execution.

Prompts are good at starting work. Specs are better at carrying it.

A private prompt is optimized for immediacy. It lives in a chat session. It can include shorthand, missing context, and assumptions the author understands but nobody else sees.

That can work for a local explanation or a throwaway script. It is weaker for team engineering work.

The problem is not that prompts are informal. Informality is often useful. The problem is that private prompts usually disappear from the workflow after the agent starts. They do not naturally become review criteria. They are hard to compare against a pull request. They do not help the next person understand why the change exists.

Specs solve a different problem. They give the assignment a visible shape the team can keep inspecting.

That spec can live in different places. It can be a repo-local spec, an issue with acceptance criteria, a BDD scenario, a small design note, a change proposal, or a pull request description that names the behavior being changed. OpenSpec is one useful implementation of this pattern, but it is not the only one. GitHub Spec Kit, Gherkin-style scenarios, team RFC templates, and ordinary issue templates can all carry the same discipline when they make context and review criteria explicit.

That is the shift teams should care about. A good spec does not merely instruct the agent. It gives humans and agents something shared to inspect before, during, and after implementation.

FIG 01 Assignment shape

Private prompt

fix thismake it cleanerprobably auth?you know what I mean

Useful for starting thought, weak as a shared review object.

Team-visible spec

Visible before implementation, useful during review, durable after the session ends.

Private prompts are fast but unstable. Team-visible specs give the assignment a structure reviewers can inspect later.

The assignment layer separates intent from execution

The strongest specs behave like small behavior contracts. Requirements say what the system should do. Scenarios give concrete examples, often in a Given/When/Then style. Design notes and task lists can describe the technical approach and implementation checklist, but those are not the same thing as the requirement.

This separation is one of the most useful disciplines for AI-assisted engineering.

If the intent and implementation are mixed together too early, the agent can optimize for the wrong thing. It may faithfully follow a suggested implementation detail while missing the behavior the team actually needed. Or it may produce a plausible design that is hard to review because the success criteria were never made explicit.

An assignment layer keeps three questions apart:

  • What behavior should change?
  • What constraints or examples define correctness?
  • What implementation path seems appropriate right now?

Those questions are connected, but they should not collapse into one blob of instructions. The implementation can evolve as the agent reads the codebase. The requirement should remain stable enough for a reviewer to ask: did the work satisfy this?

FIG 02 Behavior contract

reviewability

100%

Steer the agent · collect all four · deliver a reviewable change

A spec is not a pipeline for the agent to follow blindly. It is a boundary for valid work.

That is also why delta-oriented formats are interesting for existing codebases. Most engineering work is not greenfield. Teams are changing behavior that already exists. A good spec says: here is the current contract, and here is the proposed change to that contract. Reviewers do not need to mentally diff a whole product document. They can look at the behavior delta.

A concrete example

Consider a private prompt like this:

Fix the flaky login test and update whatever needs changing.

That might be enough for a developer working alone. It is weak as a team assignment. It does not say what failure is observed, which behavior should remain stable, which checks matter, or what kind of fix is out of scope.

A better spec would make the work narrower:

  1. Observed problem: the login test intermittently fails when the callback request arrives before the session record is visible to the test assertion.
  2. Expected behavior: login should create exactly one session and redirect the user to the original destination.
  3. Constraints: do not weaken auth checks, do not add sleeps to the test, and keep the fix local to the callback/session path unless the codebase shows a wider issue.
  4. Validation: run the affected auth test file and the relevant backend or frontend checks.
  5. Review object: compare the resulting PR against the stated behavior, constraints, and validation.

That does not remove judgment from the work. It gives the agent a boundary and gives the reviewer a relationship to inspect. When the spec is visible to the team, the reviewer can compare the pull request against the same context the agent received.

Specs are not waterfall if they stay small and revisable

Spec-driven work often triggers a reasonable objection: is this just waterfall with a new name?

It can be, if the team turns specs into ceremony. A giant document, months before implementation, is not suddenly better because an AI agent reads it.

The useful counter-pattern is lighter: fluid, iterative, easy to revise, and brownfield-first. Different frameworks express that differently. Some use proposals and delta specs. Some use issue checklists and acceptance criteria. Some use BDD scenarios. The important part is that these are actions around a change, not locked phases that delay learning.

That distinction is important. The assignment layer should reduce ambiguity, not freeze learning.

A good spec can change when implementation teaches the team something. If exploration reveals that the initial approach is wrong, the design should change. If a requirement was too broad, the scope should narrow. If a scenario exposed an edge case nobody considered, the spec should gain that scenario.

The discipline is not “write the perfect plan before code.” The discipline is “keep the visible intent and the implemented reality moving together.”

The review object changes

Without a visible assignment, reviewers mostly review the diff.

With an assignment layer, reviewers can review the relationship between four things:

  • the proposed behavior change
  • the implementation plan or task breakdown
  • the code and tests produced by the agent
  • the validation result from CI, local checks, or manual review

That relationship is where AI-assisted work becomes more manageable. The reviewer is not being asked to trust the agent’s confidence. They are comparing the spec, the implementation, and the evidence.

Different frameworks make this explicit in different ways. OpenSpec has verification concepts around completeness, correctness, and coherence. GitHub’s Spec Kit takes a stricter specification-first position. BDD workflows use examples as executable or semi-executable behavior expectations. Issue-driven teams may use acceptance criteria, labels, reviewers, and CI requirements instead.

Those are not identical philosophies. The common lesson is narrower and more useful: the more powerful coding agents become, the more important it is to preserve the assignment they were supposed to satisfy.

For teams, this changes the review question from:

“Does this diff look okay?”

to:

“Does this diff satisfy the behavior change we agreed to, under the constraints we named, with evidence we can inspect?”

That is a better question.

The right spec becomes team context

A good spec helps the agent start. A shared spec helps the team stay aligned.

A runner should not receive vague private intent, disappear into an isolated execution environment, and return a diff that reviewers have to decode from scratch. The work should start from context the team can see, then return through evidence the team already understands: branch, commits, pull request, CI result, runner summary, model audit, and human review.

No tool needs to prescribe one spec framework for every team. Some teams will use issues. Some will use repo-local specs. Some will use lightweight design docs or behavior scenarios. The important boundary is that coding-agent work should remain tied to a visible spec and a reviewable result.

That is what separates useful AI runner workflow from black-box autonomous output. Forkline follows this same principle, but the principle is broader than any one product: if agents act on shared code, the spec and the result should both be inspectable by the team.

The spec is also memory

AI coding sessions are temporary. Repositories are not.

One understated benefit of repo-local specs is that they can live with the code. They can be checked into the repository, organized by capability or change, and updated as work lands. That makes them useful to both people and agents later.

This matters because agent context is fragile. Chat history gets cleared. Context windows fill up. A different model or tool may handle the next task. The person who wrote the original prompt may not be available. If the only record of intent was a private chat, the team loses context as soon as the chat falls out of view.

Specs give that context a durable home. They do not replace code, tests, or documentation. They connect them. A new agent can read the current behavior. A new developer can understand what the system is expected to do. A reviewer can look back at an archived change and see not only what changed, but why the change was proposed.

This is not primarily an audit argument. It is a coordination argument. Teams need memory that survives individual sessions.

Bounded work is the right unit

Specs do not make every kind of work safe to delegate.

They are strongest when the work is bounded: a behavior change, a bug fix, a compatibility update, a small feature, a migration step, a CI repair, or a narrow refactor with clear constraints. In those cases, the team can describe the desired change and inspect whether the result matches it.

They are weaker when the task is mostly judgment: choose the product direction, redesign the architecture from first principles, improve the whole codebase, make the UI better, or decide what users should want.

This boundary is healthy. The point of specs is not to make human judgment disappear. The point is to move appropriate work into a form where an agent can act and a human can review.

The same applies to proof. A pull request that passes CI is not automatically a good change. An agent’s summary is not automatically sufficient. A spec is not automatically correct. Each signal helps only if it gives the reviewer something concrete to compare.

The interesting pattern is a loop, not a document

The most useful way to think about specs for coding agents is not as documents. It is as a loop:

Spec -> execution -> evidence -> review -> spec update.

FIG 03 Living loop

01 Spec Visible intent
02 Execution Agent work
03 Evidence Diff, tests, CI
04 Review Human judgment
05 Spec update Learning preserved

alignment kept visible across sessions

The useful pattern is not spec then code. It is spec, execution, evidence, review, and spec update.

The spec starts the work by making intent visible. The agent executes inside that boundary. The result creates evidence: commits, tests, CI results, review comments, summaries, or other signals depending on the toolchain. The reviewer compares the evidence against the assignment. If the implementation teaches the team something, the spec changes too.

That loop is where assignment-layer thinking becomes practical. The spec is not a one-time prompt. It is the entry point and exit point for controlled change. The same loop can also exist through other mechanisms: issue to branch to PR, scenario to implementation to test, proposal to change to archive, or task to CI to review.

This is also where teams should be careful about overclaiming. Specifications reduce ambiguity; they do not eliminate it. Agents still make mistakes. Requirements can still be incomplete. Review can still miss things. A spec-driven workflow is not a guarantee of correctness.

What it does is make disagreement visible earlier. It gives teams a place to ask better questions before the code exists, and a clearer object to review after the code exists.

What to take from spec-first assignment thinking

The lesson is not that every team needs the same folder structure or command set. OpenSpec, Spec Kit, BDD-style scenarios, issue templates, and internal planning docs all make different trade-offs.

The deeper lesson is this: when AI agents act on shared codebases, the spec that guides them should be shared too.

It should be close to the code. It should separate behavior from implementation. It should include enough examples or scenarios to make correctness discussable. It should support change without pretending every plan is final. And it should leave reviewers with a relationship to inspect, not just a diff to trust.

Private prompts will remain useful. They are fast, expressive, and low-friction. But for team engineering work, they are not enough on their own.

If your team wants to start small, do not begin with a giant specification process. Pick one bounded task and write down five things before assigning it to an agent:

  1. the behavior that should change
  2. the behavior that must not change
  3. one or two concrete examples or scenarios
  4. the checks or evidence the reviewer should inspect
  5. where the final result should appear for review

That is enough to create a useful assignment layer. The framework can come later.

The future of AI-assisted engineering is not only better models. It is better specs around those models: issues, scenarios, validation, review, and durable context that survives the chat.

That is the shift worth paying attention to.

Further reading