惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

P
Proofpoint News Feed
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Microsoft Security Blog
Microsoft Security Blog
云风的 BLOG
云风的 BLOG
MongoDB | Blog
MongoDB | Blog
Know Your Adversary
Know Your Adversary
K
Kaspersky official blog
人人都是产品经理
人人都是产品经理
IT之家
IT之家
Recorded Future
Recorded Future
Recent Announcements
Recent Announcements
D
DataBreaches.Net
C
CXSECURITY Database RSS Feed - CXSecurity.com
U
Unit 42
博客园 - 【当耐特】
I
Intezer
Cisco Talos Blog
Cisco Talos Blog
Spread Privacy
Spread Privacy
L
LINUX DO - 热门话题
H
Help Net Security
L
LangChain Blog
T
The Exploit Database - CXSecurity.com
P
Palo Alto Networks Blog
Scott Helme
Scott Helme
The GitHub Blog
The GitHub Blog
博客园_首页
P
Proofpoint News Feed
大猫的无限游戏
大猫的无限游戏
S
Secure Thoughts
The Register - Security
The Register - Security
Engineering at Meta
Engineering at Meta
T
Threatpost
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Blog — PlanetScale
Blog — PlanetScale
C
Cybersecurity and Infrastructure Security Agency CISA
T
Troy Hunt's Blog
罗磊的独立博客
腾讯CDC
Simon Willison's Weblog
Simon Willison's Weblog
Security Latest
Security Latest
Last Week in AI
Last Week in AI
P
Privacy & Cybersecurity Law Blog
Latest news
Latest news
The Cloudflare Blog
Jina AI
Jina AI
小众软件
小众软件
Cloudbric
Cloudbric
TaoSecurity Blog
TaoSecurity Blog
F
Full Disclosure
V
V2EX

Hacker News - Newest: "AI"

AI can't read an investor deck AI as an attorney? Student uses ChatGPT, Gemini to sue UW over alleged racial discrimination Hacking MCP Servers in AI Systems – The Rug Pull: Tool Changes After Approval GitHub - MeepCastana/KubeezCut: Free Web based video editor GitHub - GenAI-Gurus/awesome-eu-ai-act: Curated tools, official sources, OSS, templates, and guides for EU AI Act compliance. Can AI judge journalism? A Thiel-backed startup says yes, even if it risks chilling whistleblowers Coming soon: 10 Things That Matter in AI Right Now DARPA built an AI to fact-check enemy weapons claims What explains heterogeneity in AI adoption? When AI Meets Muscle: Context-Aware Electrical Stimulation Promises a New Way to Guide Human Movements - Department of Computer Science AI Changed How We Build. It Did Not Change What Matters. Linux rules on using AI-generated code - Copilot is OK, but humans must take 'full responsibility for the… Meta spins up AI version of Mark Zuckerberg to engage with employees Code Mode: Let Your AI Write Programs, Not Just Call Tools | TanStack Blog GitHub - Delavalom/graft: Go framework for building AI agents. Type-safe tools, multi-provider (OpenAI, Anthropic, Gemini, Bedrock), zero vendor SDKs. India's TCS tops estimates, says new AI models did not dent services demand Gen Z's fading AI hype Strong feeling: we are in a folded AI reality GitHub - machinarii/total-recall-catalog: A reference catalog of latest knowledge retrieval, memory & RAG systems GitHub - mensfeld/code-on-incus: Give each AI agent its own isolated machine with root, Docker, and systemd. Active defense detects and stops threats automatically.. Quantization, LoRA, and the 8% Problem: Benchmarking Local LLMs for Production AI Iran war: We spoke to the man making Lego-style AI videos that experts say are powerful propaganda Powell, Bessent discussed Anthropic's Mythos AI cyber threat with major U.S. banks GitHub - immartian/bellamem: Persistent belief-graph memory for AI agents. Retrieves decisive context by importance — not recency, not RAG, not /compact. recursive-mode: The Repo-Native Operating System for AI Engineering After the attack on Sam Altman's home, will AI CEO's go on the offensive? The biggest advance in AI since the LLM Opus 4.6 vs GPT 5.4 One Prompt Unity World Generation Test “AI polls” are fake polls Client Challenge Can AI be a 'child of God'? Inside Anthropic's meeting with Christian leaders How to Switch AI Chatbots and Why You Might Want To GitHub - MattMessinger1/agentic_refund_guardrail: Safe refund policy layer for AI agents — Python + TypeScript. Same behavior, shared tests. Adam/papers/emergent_values_whitepaper.md at master · strangeadvancedmarketing/Adam Ask HN: How do you stop playing 20 questions with your AI coding tools How far can automation and AI support psychotherapy? - @theU GitHub - stagas/rtdiff: realtime git diff gui and AI-assisted commits A Mac Studio for Local AI — 6 Months Later A History of the Early Years of AI at the University of Edinburgh Why AI Coding Tools Still Feel Stuck on Localhost MSN AI Datacenters Are Becoming Strategic Targets twitter.com Penn Researchers Use AI to Surface Unreported GLP-1 Side Effects in Reddit Posts Show HN: MoodSense AI (ML and FastAPI and Gradio, Deployed on Hugging Face) Moodsense Ai - a Hugging Face Space by aman179102 AI models are terrible at betting on soccer—especially xAI Grok GitHub - xialeistudio/echoic GitHub - HimashaHerath/github-dev-wrapped: AI-powered weekly GitHub activity reports deployed to GitHub Pages GitHub - alejandrobalderas/claude-code-from-source: Architecture, patterns & internals of Anthropic's AI coding agent — reverse-engineered from source maps AI and Tech brief: Ireland ascendant GitHub - Titovilal/context0: Context0 - Never Surrender Training for a Marathon with an AI Coach: What Worked and What Didn't Cyber Pulse: Agentic Intel - Apps on Google Play I Built an AI PR Reviewer That Catches Bugs by Not Looking for Bugs Gen Z workers are so fearful AI will take their job they’re intentionally sabotaging their company’s AI rollout | Fortune How AI Is Reimagining the Game of Golf–For Both Players and Courses GitHub - nattergabriel/reseed: A CLI tool for managing and distributing agent skills across projects Is SVG the final frontier? My AI workflow evolved from prompts to a near-autonomous workflow MLSharp Help - 3DGS Viewer & Generator I put my cognitive field based AI's runtime on GitHub Is Numble the first AI-proof game? A3: Kubernetes for autonomous AI agent fleets | Emergent Principles Deepali Vyas ("The Elite Recruiter") GitHub - msmarkgu/RelayFreeLLM: A restful API designed to route user prompts to various AI model providers. Unionized ProPublica staff are on strike over AI, layoffs, and wages Unleashing the Advantage of Quantum AI We're heading for an AI-fueled 'dementia crisis,' brain scientist warns The AI-Assisted Breach of Mexico's Government Infrastructure [pdf] GitHub - stef41/lmscan: 🔍 Detect AI-generated text and fingerprint which LLM wrote it. Open-source GPTZero alternative. Zero dependencies, works offline. MSN GitHub - visionscaper/collabmem: Enabling long-term collaboration with Agentic AI - building up episodic and world model memory over time with in-context awareness We gave an AI a 3 year retail lease in SF and asked it to make a profit | Andon Labs AI Code is Hollowing Out Open Source, and Maintainers are Looking the Other Way What leaked "SteamGPT" files could mean for the PC gaming platform's use of AI AI is the boss at this retail store. What could go wrong? GitHub - Wuzu11517/agentic-proxy: Local proxy meant to help reduce With Drones, Geophysics and ArtificiaI Intelligence, Researchers Prepare to Do Battle Against Land Mines A Single Operator, Two AI Platforms, Nine Government Agencies: The Full Technical Report 在 Steam 上购买 FriedrichAI: Offline AI 立省 10% GitHub - inevolin/resume-cli: Hit Claude usage limits? Resume any AI coding session elsewhere. Switch tools at zero friction. GitHub - atripati/ark: AI Runtime Kernel — a context operating system for AI agents. Eliminates tool bloat, loads only what’s needed, and gives LLMs their reasoning space back. How to Build a Secure AI PR Reviewer with Claude, GitHub Actions, and JavaScript This Startup Wants You to Pay Up to Talk With AI Versions of Human Experts Intel Arc Pro B70 Brings 32GB VRAM to Local AI for $949 WordPress 7.0: The Good, the AI, and the Still Missing AI on the couch: Anthropic gives Claude 20 hours of psychiatry IatroBench: Pre-Registered Evidence of Iatrogenic Harm from AI Safety Measures AI Agents Know About Supabase. They Don't Always Use It Right. The history and future of AI at Google, with Sundar Pichai Inside an AI‑enabled device code phishing campaign How Meta Used AI to Map Tribal Knowledge in Large-Scale Data Pipelines AI for Systems: Using LLMs to Optimize Database Query Execution Forecasting the Economic Effects of AI Introducing Tinker: Play with AI, bring your ideas to life AI sheds light on an ancient gaming mystery People really hate AI but not as much as Iran—or Democrats | Fortune What is an AI Product Engineer? Phoebe Gates wants her $185 million AI startup to succeed with 'no ties to my privilege or my last name': 'I have a chip on my shoulder' | Fortune
GitHub - maioio/genesis-architect: Claude skill for strategic project scaffolding with pre-build market research
maioio · 2026-05-12 · via Hacker News - Newest: "AI"

Why Genesis Architect is different

Every other tool - create-t3-app, bolt.new, Copilot Workspace, Cookiecutter - assumes you already know what to build and how. They generate code from templates, not from evidence. They have no idea what broke in production for the 50,000 developers who built the same thing before you.

Genesis Architect treats every new project as a research problem first. It acts as a Senior Staff Engineer who spent a week studying the ecosystem before writing a single line.

You describe a vision
       ↓
Genesis scans 15-20 real repos, deeply analyzes top 5-8
       ↓
It mines their GitHub Issues for what broke in production
       ↓
It builds a scaffold that avoids those mistakes
       ↓
Three security gates activate on the first commit: secret scanning, SAST, quality gate
       ↓
It stays active as a research partner while you build

How it works

flowchart TD
    A([You describe a vision]) --> B

    subgraph P0["Phase 0 - Probe"]
        B[Detect OS, package manager\nScan nearby projects for conventions]
    end

    subgraph P1["Phase 1 - Align"]
        C[Archetype · Scale · Language\n3 focused questions]
    end

    subgraph P2["Phase 2 - Research ×3 parallel"]
        D1[Stream A\nGitHub repos]
        D2[Stream B\nExa ecosystem]
        D3[Stream C\nIssue mining]
        D1 & D2 & D3 --> E[Merge results]
    end

    subgraph P3456["Phases 3-6 - Build"]
        F[Architecture synthesis] --> G[Pitfall identification]
        G --> H[A/B architecture choice]
        H --> I[Scaffold + tests + CI\nProduction defaults + ADR\nSelf-validating smoke test]
    end

    subgraph P7["Phase 7 - Companion"]
        J[genesis help · genesis research · genesis check]
    end

    B --> C --> E --> F
    I --> J

    style P0 fill:#1e3a5f,color:#fff
    style P1 fill:#1e3a5f,color:#fff
    style P2 fill:#1a472a,color:#fff
    style P3456 fill:#4a1942,color:#fff
    style P7 fill:#7a3b00,color:#fff
    style A fill:#333,color:#fff
Loading

Note

Three hard gates protect you: Phase 2 stops if fewer than 5 repos found. Phase 5 requires an explicit A/B/C/D choice. Phase 6 blocks git commit until the smoke test passes.


Install

# Claude Code (recommended)
git clone https://github.com/maioio-projects/genesis-architect ~/.claude/skills/genesis-architect

# Via skills.sh (any agent)
npx skills add maioio-projects/genesis-architect

# Cursor
# Copy SKILL.md to .cursor/rules/genesis-architect.md

# Codex CLI
git clone https://github.com/maioio-projects/genesis-architect ~/.codex/skills/genesis-architect

No build step, no dependencies.


Usage

Explicit commands
genesis init a REST API in TypeScript
genesis init a Python CLI for batch image processing
genesis init a Chrome extension that does X
genesis init --from-prd PRD.md          # read a product spec, skip Phase 1
genesis init --from-team-config          # restore a teammate's research
genesis audit ./my-existing-project      # audit existing code, no scaffold
genesis harden ./my-existing-project     # inject security gates into any project
Natural triggers - just describe what you want
I want to build a Telegram bot
scaffold a new project for web scraping
start building a VS Code extension
I need to build a data pipeline from scratch
create a tool that converts CSV to JSON

What every project gets

Deliverable Contents
RESEARCH.md 15-20 repos scanned, top 5-8 deeply analyzed, sources linked, ecosystem velocity signals
PITFALLS.md 3-7 real pitfalls from GitHub Issues with root causes and mitigations
ROADMAP.md 5-10 phase development plan calibrated to research complexity
src/ Functional boilerplate - not empty stubs
tests/ Passing unit tests for core logic
.github/workflows/ci.yml 4 parallel jobs: tests, secret scanning, SAST, code quality gate
docs/adr/001-initial-architecture.md Every architectural decision explained with evidence
.gitignore Language-appropriate, hardened against secrets and build artifacts
sonar-project.properties Code quality gate config, ready to activate with one secret
.pre-commit-config.yaml Local pre-commit hook - blocks secrets before they reach GitHub

Production-readiness defaults baked into every scaffold:

Default What it does
Structured logging pino/winston/slog from line 1 - no console.log in production
Non-root Dockerfile USER 1001 - never runs as root
Env validation Fails loudly at startup if required vars are missing
GET /health Returns {"status":"ok"} (Web Service archetype)
No wildcard CORS Explicitly listed origins only
Secret Zero .env.example with generation hint, validated at startup
Secret scanning CI Every push scanned - build fails on exposed credentials
SAST analysis CI Static analysis catches injection and path traversal on every push
Code quality gate Merge blocked on maintainability or security regressions

Languages and archetypes

Languages auto-detected from research:

TypeScript / JavaScript    Python    Go    Rust

Archetypes - each shapes the entire scaffold differently:

Archetype Entrypoint Has server Has Dockerfile Test runner
✅ CLI Tool bin / [project.scripts] No Optional pytest / jest
📦 Library/SDK Public API, no main() No No pytest / jest
🌐 Web Service/API Router Yes Yes + /health pytest / jest
🖥️ Frontend App Component tree No (SSR optional) Optional vitest / jest

Why not just use X?

Capability Genesis Architect create-t3-app bolt.new Cursor Rules madison/scaffolding
Research from real GitHub Issues
Validates citations (no hallucinated repos) n/a n/a
Anti-hallucination CVE check (OSV.dev)
Research Quality Signal (FULL/PARTIAL/THIN)
Hard gates before file creation
Secret scanning + SAST on every scaffold
Retrofit security into existing projects (genesis harden)
Drift detection (endpoint inventory) Planned
Quality rubric with measured score
Works without any MCP n/a n/a n/a n/a
PRD-driven flow (--from-prd)
WSL detection

Works at every level of MCP setup

Setup Research quality Speed
No MCPs Web search - real repos, shallower issue data Normal
GitHub MCP Deep repo scan + real Issue extraction Normal
GitHub + Exa Full parallel: repos + Reddit/HN/SO context ~3x faster
GitHub + Exa + Firecrawl Full parallel + targeted page scraping ~3x faster

Tip

The skill never blocks on a missing tool. It reports what it's using and continues.


Development Companion Mode

After scaffolding, Genesis Architect stays active for the rest of your session:

genesis help I need to add rate limiting      → searches Phase 2 repos for how they solved it
genesis research authentication patterns      → targeted scan with 1-3 ranked approaches
genesis check                                 → freshness audit: CVEs, outdated deps, CI versions
genesis harden ./existing-project             → inject secret scanning + SAST + quality gate into any project

In a new session, it reads RESEARCH.md from your project to restore context automatically.


Real output - not fabricated

From an actual TypeScript CLI project:


Project structure

Full layout
genesis-architect/
├── SKILL.md                        # Skill definition (400 lines)
├── plugin.json                     # Marketplace manifest
├── scripts/
│   ├── scaffold_generator.py       # Creates project structure from language + tier
│   ├── research_validator.py       # Validates RESEARCH.md has all required sections
│   └── eval_runner.py              # Measures trigger rate (target: ≥90%)
├── evals/
│   ├── test_queries.json           # 36 trigger/no-trigger test cases (100% accuracy)
│   └── README.md
├── examples/
│   └── typescript-cli/             # Real output from a real project
│       ├── RESEARCH.md
│       ├── PITFALLS.md
│       └── ROADMAP.md
├── assets/
│   ├── RESEARCH.template.md        # Source of truth for validator
│   ├── PITFALLS.template.md
│   └── ROADMAP.template.md
├── references/
│   ├── architecture-patterns.md    # Boilerplate per language/tier + production defaults
│   ├── mcp-strategy.md             # MCP tool strategy and fallback logic
│   └── security-templates.md       # secret scanning, SAST, quality gate, pre-commit templates
├── .github/
│   └── workflows/
│       └── ci.yml                  # Tests, secret scanning, SAST, quality gate (4 parallel jobs)
├── CHANGELOG.md
└── CONTRIBUTING.md

Quality Score

Measured against the quality rubric (100-point, 4 dimensions):

Run Type Score
typescript-cli example TypeScript CLI 78/100 (measured)
Python CLI - 70/100 (projected)
Go service - 68/100 (projected)
Rust CLI - 67/100 (projected)
React app - 69/100 (projected)

Average: 78/100 (measured on v2.0.0 release). Primary gap: Section 4 (Phase Correctness) requires session transcripts for full scoring. Go/Rust scaffold parity with TypeScript/Python added in v2.1.0.


Quality Shield

Four independent CI jobs run on every push and pull request:

Job What it gates Secret required
secrets-scan Exposed credentials, API keys, tokens in every commit none (public repos)
security-scan Dependency CVEs (HIGH+); SARIF uploaded to GitHub Code Scanning SNYK_TOKEN
quality-gate Maintainability, Reliability, Security Hotspots; blocks merge on fail SONAR_TOKEN
quality-gates SKILL.md constraints, template validity, eval accuracy, smoke test, em-dash check GITHUB_TOKEN (built-in)

To activate: add SNYK_TOKEN and SONAR_TOKEN in repository Settings > Secrets and variables > Actions. Secret scanning works out of the box on public repos.

Important

After connecting SonarCloud, disable Automatic Analysis in the SonarCloud project settings (Project Settings > Analysis Method). Running both Automatic Analysis and CI-based analysis simultaneously causes the quality-gate job to fail with a conflict error.

Badge Meaning
Known Vulnerabilities No high/critical CVEs in Python deps
Quality Gate Code quality gate status
Security Rating Security rating (A = best)
Maintainability Maintainability rating
CI All 4 CI jobs passing

Built on open-source security tooling. See security-templates.md for implementation details.


Roadmap

Priority Feature Status
1 Interactive CLI with progress bars and pretty output Planned
2 5 real-world example projects with before/after comparisons In progress
3 VS Code extension with MCP deep integration Planned
4 Templates gallery: Next.js + Supabase, FastAPI + React, T3 Stack Planned
5 Benchmark report vs. competing tools (speed, quality, cost) Planned
6 Hosted version with web UI for non-terminal users Future

Community contributions welcome - see CONTRIBUTING.md.


Honest Limitations

Limitation Details
Issue mining depth Scans 50 most-recent issues across 5-8 repos. Low-traffic projects or issues closed years ago may not surface.
Web-search-only mode Without GitHub MCP, issue extraction is shallow. RESEARCH.md will note this automatically.
Quick experiment trigger Natural-language triggers ("I want to build X") now ask intent first - but genesis init always runs the full flow.
Issue URL authenticity Run python scripts/research_validator.py RESEARCH.md --verify-issues to HTTP-check every cited GitHub issue URL. CI does format-check only; live verification is opt-in to avoid rate limits.
WSL On Windows, if you're running inside WSL, Linux paths and package managers are used - Windows PATH fixes do not apply.

Support this project

Genesis Architect is free and open-source. If it saved you from a bad architecture decision, a production incident, or hours of research - consider supporting continued development:

GitHub Sponsors Buy Me a Coffee

Sponsorship funds: additional language templates, deeper MCP integrations, real-world example projects, and VS Code extension development.


Contributing

See CONTRIBUTING.md.

New language templates, improved MCP strategies, and workflow refinements are welcome.

Important

Keep SKILL.md under 400 lines. No em dashes anywhere. All code, filenames, and comments in English.

Note

This project is part of a portfolio demonstrating production-grade AI skill engineering: research-driven scaffolding, self-validating output, multi-layer quality gates, and measurable outcome quality. View all projects

License

MIT - Maio Eshet


If Genesis Architect saved you from a bad architecture decision, a ⭐ helps others find it.