惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Troy Hunt's Blog
F
Fortinet All Blogs
D
DataBreaches.Net
Google DeepMind News
Google DeepMind News
Y
Y Combinator Blog
The Register - Security
The Register - Security
T
Tailwind CSS Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
月光博客
月光博客
V
Vulnerabilities – Threatpost
S
Securelist
S
SegmentFault 最新的问题
T
Threat Research - Cisco Blogs
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
P
Privacy International News Feed
S
Schneier on Security
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
L
LangChain Blog
GbyAI
GbyAI
Apple Machine Learning Research
Apple Machine Learning Research
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
美团技术团队
Cyberwarzone
Cyberwarzone
C
Cisco Blogs
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Google Online Security Blog
Google Online Security Blog
M
MIT News - Artificial intelligence
U
Unit 42
V
V2EX
C
CERT Recently Published Vulnerability Notes
云风的 BLOG
云风的 BLOG
B
Blog
博客园 - 叶小钗
Attack and Defense Labs
Attack and Defense Labs
Security Archives - TechRepublic
Security Archives - TechRepublic
aimingoo的专栏
aimingoo的专栏
Hacker News: Ask HN
Hacker News: Ask HN
博客园 - Franky
Engineering at Meta
Engineering at Meta
Schneier on Security
Schneier on Security
C
CXSECURITY Database RSS Feed - CXSecurity.com
酷 壳 – CoolShell
酷 壳 – CoolShell
T
The Blog of Author Tim Ferriss
IT之家
IT之家
W
WeLiveSecurity
Cisco Talos Blog
Cisco Talos Blog
K
Kaspersky official blog
Martin Fowler
Martin Fowler
SecWiki News
SecWiki News

Hacker News - Newest: "AI"

AI can't read an investor deck AI as an attorney? Student uses ChatGPT, Gemini to sue UW over alleged racial discrimination Hacking MCP Servers in AI Systems – The Rug Pull: Tool Changes After Approval GitHub - MeepCastana/KubeezCut: Free Web based video editor GitHub - GenAI-Gurus/awesome-eu-ai-act: Curated tools, official sources, OSS, templates, and guides for EU AI Act compliance. Can AI judge journalism? A Thiel-backed startup says yes, even if it risks chilling whistleblowers Coming soon: 10 Things That Matter in AI Right Now DARPA built an AI to fact-check enemy weapons claims What explains heterogeneity in AI adoption? When AI Meets Muscle: Context-Aware Electrical Stimulation Promises a New Way to Guide Human Movements - Department of Computer Science AI Changed How We Build. It Did Not Change What Matters. Linux rules on using AI-generated code - Copilot is OK, but humans must take 'full responsibility for the… Meta spins up AI version of Mark Zuckerberg to engage with employees Code Mode: Let Your AI Write Programs, Not Just Call Tools | TanStack Blog GitHub - Delavalom/graft: Go framework for building AI agents. Type-safe tools, multi-provider (OpenAI, Anthropic, Gemini, Bedrock), zero vendor SDKs. India's TCS tops estimates, says new AI models did not dent services demand Gen Z's fading AI hype Strong feeling: we are in a folded AI reality GitHub - machinarii/total-recall-catalog: A reference catalog of latest knowledge retrieval, memory & RAG systems GitHub - mensfeld/code-on-incus: Give each AI agent its own isolated machine with root, Docker, and systemd. Active defense detects and stops threats automatically.. Quantization, LoRA, and the 8% Problem: Benchmarking Local LLMs for Production AI Iran war: We spoke to the man making Lego-style AI videos that experts say are powerful propaganda Powell, Bessent discussed Anthropic's Mythos AI cyber threat with major U.S. banks GitHub - immartian/bellamem: Persistent belief-graph memory for AI agents. Retrieves decisive context by importance — not recency, not RAG, not /compact. recursive-mode: The Repo-Native Operating System for AI Engineering After the attack on Sam Altman's home, will AI CEO's go on the offensive? The biggest advance in AI since the LLM Opus 4.6 vs GPT 5.4 One Prompt Unity World Generation Test “AI polls” are fake polls Client Challenge Can AI be a 'child of God'? Inside Anthropic's meeting with Christian leaders How to Switch AI Chatbots and Why You Might Want To GitHub - MattMessinger1/agentic_refund_guardrail: Safe refund policy layer for AI agents — Python + TypeScript. Same behavior, shared tests. Adam/papers/emergent_values_whitepaper.md at master · strangeadvancedmarketing/Adam Ask HN: How do you stop playing 20 questions with your AI coding tools How far can automation and AI support psychotherapy? - @theU GitHub - stagas/rtdiff: realtime git diff gui and AI-assisted commits A Mac Studio for Local AI — 6 Months Later A History of the Early Years of AI at the University of Edinburgh Why AI Coding Tools Still Feel Stuck on Localhost MSN AI Datacenters Are Becoming Strategic Targets twitter.com Penn Researchers Use AI to Surface Unreported GLP-1 Side Effects in Reddit Posts Show HN: MoodSense AI (ML and FastAPI and Gradio, Deployed on Hugging Face) Moodsense Ai - a Hugging Face Space by aman179102 AI models are terrible at betting on soccer—especially xAI Grok GitHub - xialeistudio/echoic GitHub - HimashaHerath/github-dev-wrapped: AI-powered weekly GitHub activity reports deployed to GitHub Pages GitHub - alejandrobalderas/claude-code-from-source: Architecture, patterns & internals of Anthropic's AI coding agent — reverse-engineered from source maps AI and Tech brief: Ireland ascendant GitHub - Titovilal/context0: Context0 - Never Surrender Training for a Marathon with an AI Coach: What Worked and What Didn't Cyber Pulse: Agentic Intel - Apps on Google Play I Built an AI PR Reviewer That Catches Bugs by Not Looking for Bugs Gen Z workers are so fearful AI will take their job they’re intentionally sabotaging their company’s AI rollout | Fortune How AI Is Reimagining the Game of Golf–For Both Players and Courses GitHub - nattergabriel/reseed: A CLI tool for managing and distributing agent skills across projects Is SVG the final frontier? My AI workflow evolved from prompts to a near-autonomous workflow MLSharp Help - 3DGS Viewer & Generator I put my cognitive field based AI's runtime on GitHub Is Numble the first AI-proof game? A3: Kubernetes for autonomous AI agent fleets | Emergent Principles Deepali Vyas ("The Elite Recruiter") GitHub - msmarkgu/RelayFreeLLM: A restful API designed to route user prompts to various AI model providers. Unionized ProPublica staff are on strike over AI, layoffs, and wages Unleashing the Advantage of Quantum AI We're heading for an AI-fueled 'dementia crisis,' brain scientist warns The AI-Assisted Breach of Mexico's Government Infrastructure [pdf] GitHub - stef41/lmscan: 🔍 Detect AI-generated text and fingerprint which LLM wrote it. Open-source GPTZero alternative. Zero dependencies, works offline. MSN GitHub - visionscaper/collabmem: Enabling long-term collaboration with Agentic AI - building up episodic and world model memory over time with in-context awareness We gave an AI a 3 year retail lease in SF and asked it to make a profit | Andon Labs AI Code is Hollowing Out Open Source, and Maintainers are Looking the Other Way What leaked "SteamGPT" files could mean for the PC gaming platform's use of AI AI is the boss at this retail store. What could go wrong? GitHub - Wuzu11517/agentic-proxy: Local proxy meant to help reduce With Drones, Geophysics and ArtificiaI Intelligence, Researchers Prepare to Do Battle Against Land Mines A Single Operator, Two AI Platforms, Nine Government Agencies: The Full Technical Report 在 Steam 上购买 FriedrichAI: Offline AI 立省 10% GitHub - inevolin/resume-cli: Hit Claude usage limits? Resume any AI coding session elsewhere. Switch tools at zero friction. GitHub - atripati/ark: AI Runtime Kernel — a context operating system for AI agents. Eliminates tool bloat, loads only what’s needed, and gives LLMs their reasoning space back. How to Build a Secure AI PR Reviewer with Claude, GitHub Actions, and JavaScript This Startup Wants You to Pay Up to Talk With AI Versions of Human Experts Intel Arc Pro B70 Brings 32GB VRAM to Local AI for $949 WordPress 7.0: The Good, the AI, and the Still Missing AI on the couch: Anthropic gives Claude 20 hours of psychiatry IatroBench: Pre-Registered Evidence of Iatrogenic Harm from AI Safety Measures AI Agents Know About Supabase. They Don't Always Use It Right. The history and future of AI at Google, with Sundar Pichai Inside an AI‑enabled device code phishing campaign How Meta Used AI to Map Tribal Knowledge in Large-Scale Data Pipelines AI for Systems: Using LLMs to Optimize Database Query Execution Forecasting the Economic Effects of AI Introducing Tinker: Play with AI, bring your ideas to life AI sheds light on an ancient gaming mystery People really hate AI but not as much as Iran—or Democrats | Fortune What is an AI Product Engineer? Phoebe Gates wants her $185 million AI startup to succeed with 'no ties to my privilege or my last name': 'I have a chip on my shoulder' | Fortune
GitHub - xryv/DoneSpec: Deterministic validation for AI agent task completion.
brunocerquei · 2026-05-11 · via Hacker News - Newest: "AI"

AI agents say tasks are done.

DoneSpec verifies they actually are.

The deterministic completion layer for AI coding agents.

Current release: v1.0.0.

CI Cross-platform verification Package verification PyPI Python versions

DoneSpec turns "done" into a local, repeatable, machine-checkable contract.

DoneSpec terminal demo showing deterministic validation failure and success


The Problem

AI coding agents can claim completion while tests fail, required files are missing, forbidden paths changed, or documentation was skipped.

DoneSpec makes completion explicit: a task is not done until done.json passes.

Done means deterministically verified.

Demo

The core demo is a forbidden-file scenario:

  1. An agent modifies a file protected by done.json.
  2. donespec validate done.json fails.
  3. The issue is fixed.
  4. DoneSpec passes.

Run it locally:

./scripts/demo-forbidden-file.sh

Windows PowerShell:

.\scripts\demo-forbidden-file.ps1

See:


Install

pip install donespec

Check the installed version:

donespec --version

PyPI:

https://pypi.org/project/donespec/

Upcoming v1.0.0 release tag:

https://github.com/xryv/DoneSpec/releases/tag/v1.0.0

60-second quickstart

Create a completion contract:

donespec init --yes

Validate it:

donespec validate done.json

Use strict mode for serious agent workflows:

donespec validate done.json --strict

Inspect the contract without executing checks:

donespec explain done.json

Add a check safely:

donespec add-check done.json --type file_exists --name "README exists" --path README.md

Example done.json

{
  "$schema": "done.schema.json",
  "version": "1.0",
  "task_id": "ship-safe-change",
  "must_pass": [
    {
      "type": "file_exists",
      "name": "README exists",
      "path": "README.md"
    },
    {
      "type": "command",
      "name": "tests pass",
      "run": "pytest -q"
    },
    {
      "type": "regex_in_file",
      "name": "README explains DoneSpec",
      "path": "README.md",
      "pattern": "deterministic completion layer"
    }
  ],
  "must_not": [
    {
      "type": "file_not_modified",
      "name": "lockfile untouched",
      "path": "uv.lock"
    }
  ]
}

The contract is plain JSON. Agents, humans, hooks, and CI can all read the same definition of completion.


Example CLI Output

Passing:

DoneSpec validation: ship-safe-change

+ README exists  (0.4ms)
+ tests pass  (812.4ms)
+ README explains DoneSpec  (0.6ms)

Validation passed. 3 checks passed.
Exit code: 0

Failing:

DoneSpec validation: ship-safe-change

+ README exists  (0.4ms)
x lockfile untouched  (31.5ms)
  Forbidden path modified: uv.lock

Validation failed.
1 check failed.
Exit code: 1

DoneSpec uses Unicode status symbols when the output stream supports them and ASCII fallback when it does not.


GitHub Actions

Use DoneSpec as a completion gate in CI:

name: DoneSpec

on:
  pull_request:
  push:
    branches:
      - main

jobs:
  donespec:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - uses: xryv/DoneSpec@v1.0.0

      - name: Validate completion contract
        run: donespec validate done.json --strict

The same contract runs locally, in git hooks, in CI, and inside agent workflows.


Why deterministic validation matters

DoneSpec validates explicit contracts, not confidence.

It does not replace tests, CI, or human review. It gives them a small deterministic interface:

agent claim -> done.json -> deterministic checks -> exit code

That means:

  • completion requirements are inspectable
  • failures are machine-readable and repeatable
  • CI can enforce the same contract agents see locally
  • reviewers can inspect what "done" actually means

AI Agent Integration

DoneSpec works with coding agents because it has no agent runtime, API key, SaaS service, memory layer, or LLM dependency.

A useful agent instruction is:

Before claiming completion, run:

donespec validate done.json --strict

If validation fails, the task is not complete.
Do not weaken done.json to make validation pass unless explicitly requested by the human.

Useful with:

  • Codex
  • Claude Code
  • Cursor
  • Aider
  • OpenAI Agents SDK
  • GitHub Actions
  • local shell workflows
  • multi-agent coding workflows

See:


Core Philosophy

DoneSpec stays small on purpose:

  • local-first
  • no cloud
  • no LLM dependency
  • no orchestration
  • no database
  • no hidden network calls
  • deterministic exit codes

It is infrastructure, not a platform.


Architecture Overview

CLI
  reads done.json
  validates JSON Schema
  optionally applies strict contract hygiene
  runs deterministic checks
  emits human or JSON output
  exits 0, 1, or 2

The main pieces are:

  • donespec CLI
  • done.json completion contract
  • deterministic checks
  • packaged JSON Schema
  • CI, git hooks, and agent instructions that call the same command

Supported checks

Check type Purpose
command Run a shell command and verify the exit code
file_exists Require a file to exist
regex_in_file Require a pattern to exist in a file
regex_absent Require a pattern to be absent from a file
file_not_modified Fail if a tracked file was modified
http_check Check an HTTP endpoint response

DoneSpec is intentionally small. The goal is not to model every workflow; it is to provide a deterministic completion contract that composes with existing tools.


Strict Mode

Strict mode validates contract hygiene before executing checks:

donespec validate done.json --strict

It catches:

  • empty contracts
  • unnamed checks
  • duplicate check names
  • duplicate check IDs
  • invalid regex patterns
  • absolute paths
  • parent traversal paths

See docs/strict.md.


CLI Commands

donespec explain done.json

Explain a contract without executing it. Supports --json. See docs/explain.md.

donespec doctor

Inspect whether a project is DoneSpec-ready. Supports --json. See docs/doctor.md.

donespec schema

Print or export the packaged JSON Schema. Schema usage and v1 stability are documented in docs/schema.md.

donespec templates

List starter contract templates. See docs/templates.md.

donespec add-check

Safely add a check and validate the updated contract before writing it. See docs/authoring.md.

donespec init

Create DoneSpec files in a project. See docs/init.md.

Editor support is documented in docs/editor-support.md.

CLI output principles are documented in docs/cli-ux.md.


Verification

DoneSpec validates itself with the same contract model it asks agents to use.

The repository is checked through done.json self-validation, strict DoneSpec validation, cross-platform GitHub Actions, package build verification, and a local wheel smoke test. Normal validation remains local-first and does not depend on hidden network calls.

See docs/cross-platform-verification.md, docs/package-smoke-test.md, docs/v1-release-candidate-audit.md, and docs/v1-release-runbook.md.


Reliability And Field Notes

DoneSpec's own failures become permanent checks.

The first real Codex + VS Code pass found practical issues around release metadata, git hooks, line endings, and Windows output encoding. Those failures were turned into tests and DoneSpec checks.

See docs/field-notes/first-codex-vscode-experience.md.

Cross-platform verification is documented in docs/cross-platform-verification.md.

Package smoke tests are documented in docs/package-smoke-test.md.

Package build and local wheel verification also run in CI.


v1.0 Readiness

DoneSpec v1.0 is a stabilization milestone, not a platform expansion.

See:


Roadmap to v1.0

The core is already capable. The path to v1.0 is stabilization:

  • README polish
  • CLI wording refinement
  • schema freeze
  • documentation hardening
  • cross-platform verification
  • release checklist
  • changelog
  • final GitHub and PyPI release
  • OSS launch assets

DoneSpec should remain tiny, local-first, deterministic, composable, and infrastructure-focused.


Contributing

See CONTRIBUTING.md.

Before opening a change, run:

python -m ruff check .
python -m ruff format --check .
python -m pytest -q
donespec validate done.json
donespec validate done.json --strict

Contributions should protect the minimal core: determinism, clear CLI behavior, stable schema, cross-platform behavior, and documentation quality.

Avoid changes that turn DoneSpec into an orchestration platform, AI framework, SaaS service, agent runtime, workflow engine, plugin marketplace, or memory layer.

v1.0 release status

DoneSpec v1.0.0 is the first stable public release.

See: