惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Project Zero
Project Zero
Security Archives - TechRepublic
Security Archives - TechRepublic
C
Cyber Attacks, Cyber Crime and Cyber Security
Security Latest
Security Latest
Scott Helme
Scott Helme
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
V
Vulnerabilities – Threatpost
C
CERT Recently Published Vulnerability Notes
S
Schneier on Security
G
GRAHAM CLULEY
L
Lohrmann on Cybersecurity
D
Darknet – Hacking Tools, Hacker News & Cyber Security
I
Intezer
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
F
Full Disclosure
T
The Exploit Database - CXSecurity.com
P
Proofpoint News Feed
WordPress大学
WordPress大学
Microsoft Azure Blog
Microsoft Azure Blog
H
Help Net Security
大猫的无限游戏
大猫的无限游戏
MyScale Blog
MyScale Blog
Hacker News: Ask HN
Hacker News: Ask HN
G
Google Developers Blog
H
Heimdal Security Blog
O
OpenAI News
Hugging Face - Blog
Hugging Face - Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
L
LangChain Blog
C
Cisco Blogs
云风的 BLOG
云风的 BLOG
IT之家
IT之家
Cyberwarzone
Cyberwarzone
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Know Your Adversary
Know Your Adversary
博客园 - 聂微东
The Cloudflare Blog
C
Check Point Blog
K
Kaspersky official blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
月光博客
月光博客
T
Tor Project blog
T
Threat Research - Cisco Blogs
T
Tailwind CSS Blog
P
Proofpoint News Feed
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
A
About on SuperTechFans
小众软件
小众软件
Cloudbric
Cloudbric
A
Arctic Wolf

Hacker News - Newest: "AI"

AI can't read an investor deck AI as an attorney? Student uses ChatGPT, Gemini to sue UW over alleged racial discrimination Hacking MCP Servers in AI Systems – The Rug Pull: Tool Changes After Approval GitHub - MeepCastana/KubeezCut: Free Web based video editor GitHub - GenAI-Gurus/awesome-eu-ai-act: Curated tools, official sources, OSS, templates, and guides for EU AI Act compliance. Can AI judge journalism? A Thiel-backed startup says yes, even if it risks chilling whistleblowers Coming soon: 10 Things That Matter in AI Right Now DARPA built an AI to fact-check enemy weapons claims What explains heterogeneity in AI adoption? When AI Meets Muscle: Context-Aware Electrical Stimulation Promises a New Way to Guide Human Movements - Department of Computer Science AI Changed How We Build. It Did Not Change What Matters. Linux rules on using AI-generated code - Copilot is OK, but humans must take 'full responsibility for the… Meta spins up AI version of Mark Zuckerberg to engage with employees Code Mode: Let Your AI Write Programs, Not Just Call Tools | TanStack Blog GitHub - Delavalom/graft: Go framework for building AI agents. Type-safe tools, multi-provider (OpenAI, Anthropic, Gemini, Bedrock), zero vendor SDKs. India's TCS tops estimates, says new AI models did not dent services demand Gen Z's fading AI hype Strong feeling: we are in a folded AI reality GitHub - machinarii/total-recall-catalog: A reference catalog of latest knowledge retrieval, memory & RAG systems GitHub - mensfeld/code-on-incus: Give each AI agent its own isolated machine with root, Docker, and systemd. Active defense detects and stops threats automatically.. Quantization, LoRA, and the 8% Problem: Benchmarking Local LLMs for Production AI Iran war: We spoke to the man making Lego-style AI videos that experts say are powerful propaganda Powell, Bessent discussed Anthropic's Mythos AI cyber threat with major U.S. banks GitHub - immartian/bellamem: Persistent belief-graph memory for AI agents. Retrieves decisive context by importance — not recency, not RAG, not /compact. recursive-mode: The Repo-Native Operating System for AI Engineering After the attack on Sam Altman's home, will AI CEO's go on the offensive? The biggest advance in AI since the LLM Opus 4.6 vs GPT 5.4 One Prompt Unity World Generation Test “AI polls” are fake polls Client Challenge Can AI be a 'child of God'? Inside Anthropic's meeting with Christian leaders How to Switch AI Chatbots and Why You Might Want To GitHub - MattMessinger1/agentic_refund_guardrail: Safe refund policy layer for AI agents — Python + TypeScript. Same behavior, shared tests. Adam/papers/emergent_values_whitepaper.md at master · strangeadvancedmarketing/Adam Ask HN: How do you stop playing 20 questions with your AI coding tools How far can automation and AI support psychotherapy? - @theU GitHub - stagas/rtdiff: realtime git diff gui and AI-assisted commits A Mac Studio for Local AI — 6 Months Later A History of the Early Years of AI at the University of Edinburgh Why AI Coding Tools Still Feel Stuck on Localhost MSN AI Datacenters Are Becoming Strategic Targets twitter.com Penn Researchers Use AI to Surface Unreported GLP-1 Side Effects in Reddit Posts Show HN: MoodSense AI (ML and FastAPI and Gradio, Deployed on Hugging Face) Moodsense Ai - a Hugging Face Space by aman179102 AI models are terrible at betting on soccer—especially xAI Grok GitHub - xialeistudio/echoic GitHub - HimashaHerath/github-dev-wrapped: AI-powered weekly GitHub activity reports deployed to GitHub Pages GitHub - alejandrobalderas/claude-code-from-source: Architecture, patterns & internals of Anthropic's AI coding agent — reverse-engineered from source maps AI and Tech brief: Ireland ascendant GitHub - Titovilal/context0: Context0 - Never Surrender Training for a Marathon with an AI Coach: What Worked and What Didn't Cyber Pulse: Agentic Intel - Apps on Google Play I Built an AI PR Reviewer That Catches Bugs by Not Looking for Bugs Gen Z workers are so fearful AI will take their job they’re intentionally sabotaging their company’s AI rollout | Fortune How AI Is Reimagining the Game of Golf–For Both Players and Courses GitHub - nattergabriel/reseed: A CLI tool for managing and distributing agent skills across projects Is SVG the final frontier? My AI workflow evolved from prompts to a near-autonomous workflow MLSharp Help - 3DGS Viewer & Generator I put my cognitive field based AI's runtime on GitHub Is Numble the first AI-proof game? A3: Kubernetes for autonomous AI agent fleets | Emergent Principles Deepali Vyas ("The Elite Recruiter") GitHub - msmarkgu/RelayFreeLLM: A restful API designed to route user prompts to various AI model providers. Unionized ProPublica staff are on strike over AI, layoffs, and wages Unleashing the Advantage of Quantum AI We're heading for an AI-fueled 'dementia crisis,' brain scientist warns The AI-Assisted Breach of Mexico's Government Infrastructure [pdf] GitHub - stef41/lmscan: 🔍 Detect AI-generated text and fingerprint which LLM wrote it. Open-source GPTZero alternative. Zero dependencies, works offline. MSN GitHub - visionscaper/collabmem: Enabling long-term collaboration with Agentic AI - building up episodic and world model memory over time with in-context awareness We gave an AI a 3 year retail lease in SF and asked it to make a profit | Andon Labs AI Code is Hollowing Out Open Source, and Maintainers are Looking the Other Way What leaked "SteamGPT" files could mean for the PC gaming platform's use of AI AI is the boss at this retail store. What could go wrong? GitHub - Wuzu11517/agentic-proxy: Local proxy meant to help reduce With Drones, Geophysics and ArtificiaI Intelligence, Researchers Prepare to Do Battle Against Land Mines A Single Operator, Two AI Platforms, Nine Government Agencies: The Full Technical Report 在 Steam 上购买 FriedrichAI: Offline AI 立省 10% GitHub - inevolin/resume-cli: Hit Claude usage limits? Resume any AI coding session elsewhere. Switch tools at zero friction. GitHub - atripati/ark: AI Runtime Kernel — a context operating system for AI agents. Eliminates tool bloat, loads only what’s needed, and gives LLMs their reasoning space back. How to Build a Secure AI PR Reviewer with Claude, GitHub Actions, and JavaScript This Startup Wants You to Pay Up to Talk With AI Versions of Human Experts Intel Arc Pro B70 Brings 32GB VRAM to Local AI for $949 WordPress 7.0: The Good, the AI, and the Still Missing AI on the couch: Anthropic gives Claude 20 hours of psychiatry IatroBench: Pre-Registered Evidence of Iatrogenic Harm from AI Safety Measures AI Agents Know About Supabase. They Don't Always Use It Right. The history and future of AI at Google, with Sundar Pichai Inside an AI‑enabled device code phishing campaign How Meta Used AI to Map Tribal Knowledge in Large-Scale Data Pipelines AI for Systems: Using LLMs to Optimize Database Query Execution Forecasting the Economic Effects of AI Introducing Tinker: Play with AI, bring your ideas to life AI sheds light on an ancient gaming mystery People really hate AI but not as much as Iran—or Democrats | Fortune What is an AI Product Engineer? Phoebe Gates wants her $185 million AI startup to succeed with 'no ties to my privilege or my last name': 'I have a chip on my shoulder' | Fortune
GitHub - simonhansedasi/ai_glue
vigcneiugh · 2026-05-16 · via Hacker News - Newest: "AI"

Drop-in AI observability and governance for OpenAI and Anthropic applications.

ai_glue audit dashboard

What ai_glue gives you

  • Every AI call logged — provider, model, tokens, cost, latency, project, session
  • Spend visibility by project, team, and environment
  • PII detection with per-call flag review workflow
  • Hard governance rules — block unapproved models, enforce cost caps and rate limits
  • Multi-instance aggregation — dev, staging, and prod in one unified dashboard
  • Role-split views: engineering audit log, executive spend summary, per-instance breakdown
  • Add governance to existing apps with one environment variable change — no code rewrites

What ai_glue is not

ai_glue does not replace your AI stack. It has no opinion on prompts, agents, RAG pipelines, or orchestration. It sits between your applications and model providers to add governance, auditing, spend visibility, and policy enforcement. Think of it as a transparent proxy with a dashboard — not a framework.

Deployment models

Evaluating / self-hosted — you are both the operator and the user. Clone it, add your own API key to .env, run it on your machine. The quickstart below covers this case.

Team deployment — IT deploys one ai_glue instance on a shared server with the organization's API key in .env. Individual developers never touch an API key. They change one environment variable on their machine and everything is logged, governed, and visible on the shared dashboard.

                       ┌─────────────────────────────────────┐
dev laptop             │  ai_glue server                      │
ANTHROPIC_BASE_URL ───►│  .env: ANTHROPIC_API_KEY=sk-org-...  │──► Anthropic API
                       │  dashboard: http://ai-glue.internal  │
                       └─────────────────────────────────────┘

Quickstart (local / evaluation)

git clone https://github.com/simonhansedasi/ai_glue.git
cd ai_glue
pip install -r requirements.txt
cp .env.example .env              # add your API keys
cp governance.yaml.example governance.yaml
python examples/governance_demo.py   # no API keys needed
python app.py                     # http://localhost:5010

Two integration modes

Mode 1 — Proxy (zero code changes)

Point existing apps at ai_glue instead of the real provider. One environment variable per app:

# Anthropic
ANTHROPIC_BASE_URL=http://your-host:5010/proxy/anthropic

# OpenAI
OPENAI_BASE_URL=http://your-host:5010/proxy/openai/v1

Every call is intercepted, logged, and governance-checked. The app receives the real response unchanged. Streaming is fully supported — the proxy passes the stream through and captures token counts and latency at the end.

Tag calls with optional headers for project and session labeling:

X-Aiglue-Project: hr-bot
X-Aiglue-Session: user-123

If no headers are present, calls fall back to AIGLUE_DEFAULT_PROJECT / AIGLUE_DEFAULT_SESSION from .env.

Mode 2 — Wrapper (new apps or when you control the code)

from src import GluedClient

# Anthropic — same API as anthropic.Anthropic()
client = GluedClient("anthropic", session_id="user-123", project="hr-bot")
response = client.messages.create(
    model="claude-sonnet-4-6",
    max_tokens=512,
    messages=[{"role": "user", "content": "..."}],
)

# OpenAI — same API as openai.OpenAI()
client = GluedClient("openai", session_id="user-123", project="support-bot")
response = client.chat.completions.create(
    model="gpt-4o",
    max_tokens=512,
    messages=[{"role": "user", "content": "..."}],
)

Governance

Edit governance.yaml to configure rules. Changes apply immediately — no restart needed.

model_allowlist:          # hard-block calls to unapproved models (403)
  - claude-sonnet-4-6
  - gpt-4o

pii_detection: true       # flag prompts containing emails, SSNs, phones, credit cards

pii_allowlist:            # exact strings that should never trigger a PII flag
  - admin@yourcompany.com

projects:
  hr-bot:
    daily_cost_cap_usd: 5.00     # hard-block once daily spend hits cap
    rate_limit_per_hour: 100     # hard-block sessions that exceed call frequency

PII detection is regex-based (not ML). Hard-blocking violations are never logged — the call was never made. PII flags are logged as warnings and do not block calls.

Security note: governance.yaml becomes a sensitive file if you use the team API key mapping feature (see below), since it maps key prefixes to real project names. Treat it like .env in production — restrict filesystem permissions and do not commit it. governance.yaml is gitignored by default for this reason.

Dashboard

All three views draw from the same unified dataset merged across all instances.

/ — Audit (engineers / team leads)

Full call log. Every call from every instance in one table. Summary cards, daily charts, and by-project/by-model breakdowns are all merged across instances. Per-session drilldown shows individual turns, tool calls, and highlights flagged PII inline. Filters: ?project=X, ?session=X, ?flagged=1.

/executive — Executive view (leadership)

Non-technical. No session IDs, no model names. Cards: Total AI Spend, Projects Active, Conversations, Risk Flags. Charts: Spend by Project, Daily Spend trend. Unreviewed PII flags and governance blocks surface as a risk callout with a "Mark all reviewed" action.

ai_glue executive view

/aggregate — Per-instance breakdown

One panel per instance with its individual summary, by-project table, and by-model table. Useful for comparing dev vs. staging vs. prod activity side by side.

ai_glue aggregate view

Multi-instance aggregation

Run one ai_glue instance per environment. A parent instance pulls /api/summary from each child and merges everything into a single unified view.

Dev instance    ──┐
Staging instance ─┼──► Parent instance ──► unified /, /executive, /aggregate
Prod instance   ──┘

To add a child — edit governance.yaml on the parent only, no code changes:

aggregator:
  children:
    - name: prod
      url: http://prod-host:5010
    - name: staging
      url: http://staging-host:5010

Set AIGLUE_INSTANCE_NAME on each child so it appears with a meaningful label in parent views.

Per-team API key mapping

Issue each team a synthetic key with a recognizable prefix. Teams swap their real provider key for it — no other changes needed. The proxy detects the prefix, tags all calls with the team's project name, and substitutes the real API key before forwarding. This enables centralized billing, per-team spend attribution, and chargeback models without distributing raw provider keys.

teams:
  sk-aiglue-eng:
    name: engineering
  sk-aiglue-marketing:
    name: marketing

Add spend caps or rate limits per team by adding the team name to projects: in governance.yaml.

What gets logged

Field Description
ts UTC timestamp
provider anthropic / openai
model exact model string
session_id caller-supplied, auto-detected, or default
project caller-supplied, auto-detected, or default
input_tokens from API response
output_tokens from API response
cost_usd estimated from token counts
latency_ms wall time
prompt_hash MD5 of prompt
raw_prompt full text (if AIGLUE_LOG_RAW=true)
raw_response full text (if AIGLUE_LOG_RAW=true)
gov_flags JSON array of warning strings
error exception message if call failed
reviewed_at timestamp when flags were acknowledged

Set AIGLUE_LOG_RAW=false in .env to store only the hash when prompt content is sensitive. Restrict filesystem permissions on audit.db in production — it contains call metadata and optionally raw prompts.

Training data export

ai_glue logs every prompt and response, which means your audit database doubles as a conversation dataset. The /export/training endpoint turns logged conversations into JSONL you can use for fine-tuning, content mining, or building provider-independent capability baselines.

This is particularly useful when a model you depend on is deprecated or sunsetted — if your conversations were logged through ai_glue, you have the raw material to fine-tune a replacement rather than starting from scratch.

Export a single conversation

On any session page (/session/<id>), click Export JSONL to download that conversation as a single-session JSONL record.

Via URL directly:

/export/training?format=session&session=<session_id>

Export all conversations for a project

On any project page (/project/<name>), click Export all conversations to download every session for that project.

Via URL:

/export/training?format=session&project=<project_name>

Output formats

format=session — one JSONL line per full conversation, with alternating user/assistant turns. Compatible with most fine-tuning pipelines.

{
  "session_id": "conv-a3f9b2",
  "project": "support-bot",
  "model": "claude-sonnet-4-6",
  "messages": [
    {"role": "user", "content": "How do I reset my password?"},
    {"role": "assistant", "content": "You can reset your password by..."},
    {"role": "user", "content": "I don't see that option."},
    {"role": "assistant", "content": "Try navigating to..."}
  ]
}

format=turn (default) — one JSONL line per API call, as isolated prompt/completion pairs. Useful for token-level analysis or simpler fine-tuning setups.

{"prompt": "How do I reset my password?", "completion": "You can reset your password by...", "model": "claude-sonnet-4-6", "session_id": "conv-a3f9b2", "project": "support-bot", "ts": "2026-05-15 10:00:00"}

Filters

All filters can be combined:

Param Example Effect
project ?project=hr-bot Only conversations from this project
session ?session=conv-abc Only this session
model ?model=gpt-4o Only calls made to this model
since ?since=2026-01-01 Only calls on or after this date
exclude_flagged ?exclude_flagged=true Drop calls with PII or governance flags

Notes

  • Calls are only exportable if AIGLUE_LOG_RAW=true (the default). Rows logged with AIGLUE_LOG_RAW=false are excluded from training exports.
  • The export queries the local instance's database only. Cross-instance export requires fetching from each child directly.
  • The user message for each turn is extracted from the end of the stored prompt string — the format is stable for standard single-user, single-assistant conversations.

Tests

27 tests. No API keys required. All LLM calls are mocked.

Stack

  • Python 3.7+, Flask, SQLite
  • Chart.js (CDN, no build step)
  • Anthropic SDK, OpenAI SDK

Environment variables

Variable Default Description
ANTHROPIC_API_KEY API key used by the server to forward calls. In team deployments, only the server's .env needs this — individual developers do not.
OPENAI_API_KEY Same as above for OpenAI.
AIGLUE_DB audit.db Path to SQLite audit database
AIGLUE_LOG_RAW true Store full prompt/response text
AIGLUE_DEFAULT_PROJECT proxy Project label for untagged proxy calls
AIGLUE_DEFAULT_SESSION proxy Session label for untagged proxy calls
AIGLUE_INSTANCE_NAME (AIGLUE_DEFAULT_PROJECT) Label shown in parent aggregator views

License

MIT