惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
W
WeLiveSecurity
O
OpenAI News
N
News and Events Feed by Topic
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Webroot Blog
Webroot Blog
Google Online Security Blog
Google Online Security Blog
云风的 BLOG
云风的 BLOG
N
News | PayPal Newsroom
H
Hacker News: Front Page
博客园_首页
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
The Last Watchdog
The Last Watchdog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
H
Heimdal Security Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
S
Schneier on Security
宝玉的分享
宝玉的分享
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Y
Y Combinator Blog
Cyberwarzone
Cyberwarzone
Microsoft Security Blog
Microsoft Security Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
GbyAI
GbyAI
Cloudbric
Cloudbric
TaoSecurity Blog
TaoSecurity Blog
人人都是产品经理
人人都是产品经理
P
Palo Alto Networks Blog
M
MIT News - Artificial intelligence
G
GRAHAM CLULEY
C
Check Point Blog
Apple Machine Learning Research
Apple Machine Learning Research
Last Week in AI
Last Week in AI
T
Troy Hunt's Blog
L
Lohrmann on Cybersecurity
www.infosecurity-magazine.com
www.infosecurity-magazine.com
P
Proofpoint News Feed
Blog — PlanetScale
Blog — PlanetScale
量子位
博客园 - 聂微东
S
Securelist
博客园 - 三生石上(FineUI控件)
F
Full Disclosure
G
Google Developers Blog
L
LINUX DO - 热门话题
P
Proofpoint News Feed
AI
AI
PCI Perspectives
PCI Perspectives

Show HN

GitHub - steveking-gh/firmion: Firmion is DSL and engine for firmware image generation. GitHub - villagesql/villagesql-skills: Agent skills for VillageSQL - gemini-cli-extension; claude-code-plugin GitHub - flightdeckhq/flightdeck: Observability and control plane for AI agents. CSP Radar GitHub - Light-Heart-Labs/DreamServer: Turn your PC, Mac, or Linux box into an AI server. LLM inference, chat UI, voice, agents, workflows, RAG, and image generation. GitHub - Diplomat-ai/diplomat-agent-ts: What can your TypeScript AI agent do to the real world? Scan your code. See which tool calls have zero checks Code Block Selector - Visual Studio Marketplace Prometheus dependency graph — interactive showcase | Riftmap Show HN: I made a vi-like modal keyboard plugin for Figma GitHub - run-llama/liteparse: A fast, helpful, and open-source document parser GitHub - dalemyers/Roar: A macOS CLI tool for notifications GitHub - district-solutions/open-agent-tools-coder: Enables small-to-large self-hosted ai models to use local source code when running tool-calling agentic workloads. We actively data mine 20,900+ (2+ TB) popular github repos using large and small ai models to create reuseable: json, markdown and parquet files for local-first tool-calling models. GitHub - progapandist/stripeek: A local TUI proxy for real-time Stripe API debugging, built for navigating complex payloads fast. GitHub - sir1st/hermes-desktop: All-in-one cross-platform desktop app for Hermes Agent — bundles Python + hermes-agent + hermes-web-ui GitHub - astefanutti/shaderbang: Shebang for Shaders Show HN: Generate Claude Code Workflows using Spec Driven Development approach GitHub - nixys/nxs-universal-chart: The Helm chart you can use to install any of your applications into Kubernetes/OpenShift Show HN: AI agents for UK GDAD PCF roles and their skills The Two Pillars: Mixer Mode and Meta-Software in the Reorganization of Software Work After AI GitHub - JaiCode08/teleport-env What 1,000+ Harness Experiments Taught Me About Self-Improving Agents Show HN: Liiists, a Markdown-first, iOS and CLI list app SwiperTab – Get this Extension for 🦊 Firefox (en-US) GitHub - kouhxp/fftext: Summarize, explain, fact-check, or translate any text, URL, or file. No GPU. No cloud. One command GitHub - sweetpad-dev/sweetpad: Develop Swift/iOS projects using VSCode GitHub - dogmaticdev/IRON: IRON a.k.a. Intermediate Representation Object Notation is a Interpreter/Database that is used to create Programming Languages. GitHub - sjhalani7/vaen: Package your AI coding harness into a portable .agent file, and share it across repos, teams, & the community without ever having to copy-paste instructions, skills, MCP config, or secrets. Show HN: Gandalf the Grader Show HN: Citadeld – replay any CI failure locally from a single file GitHub - tdortman/cuSBF: High-Performance GPU Super Bloom Filter coral-ai/claude-code-token-xray at main · Coral-Bricks-AI/coral-ai GitHub - ulyssestenn/funes: Funes is a Git-based framework for LLM-managed knowledge work: an AI Librarian ingests raw sources, builds an interlinked Markdown knowledge base, and uses it to produce cited reports, analyses, and other outputs. GitHub - ThatXliner/gah: Git Add Hunk, built for agents to use GitHub - harmont-dev/harmont-cli: Command-line client for the Harmont CI platform GitHub - brooksmcmillin/mcp-authflow: OAuth 2.0 Authorization Server framework for MCP servers GitHub - javaid-codes/audit-supply-chain-agents GitHub - amorey/gochan: A small library of common channel architectures for Go, inspired by Rust GitHub - arifozgun/OpenGem: Free, Open-Source AI API Gateway with Gemini, OpenAI & Anthropic Compatibility in 1 file GitHub - Pranesh950/BioPetals: 🌸 Run BIOxAI models at home, BitTorrent-style. Fine-tuning and inference up to 10x faster than offloading GitHub - cnguyen14/bounty-doctor: Diagnose a GitHub bounty issue before you waste hours: detects honeypot scam repos, AI-bot attempt swarms, and stale contests. Show HN: CoreMCP – MCP Server for On-Prem DBs Show HN: KittyHTML – Render HTML/CSS as an inline image in your terminal GitHub - bingud/filemat: Web-based file manager Show HN: TruthLens – Free multi-signal deepfake image detector GitHub - apexlocal-jz/claude-usage-tray: Windows system-tray app showing your Claude Code rate-limit usage at a glance. Zero deps, ~300 lines of PowerShell. Cross-IDE (works regardless of VS Code, Cursor, plain terminal). Release v0.1.2.1 · kouhxp/yapsnap GitHub - noopolis/moltnet: Self-hostable chat network for AI agents. Pre-built bridges for Claude Code, Codex, and the Claws. Rooms, DMs, history. No Slack bots, no Matrix, no glue code. GitHub - tamerh/enju: Coordinating Humans, AI Agents, and Compute as Peers on a Shared Workflow Graph Show HN: Continuity-auth – Respect-weighted rate limits for the open web GitHub - luml-ai/luml: AI lifecycle platform where engineers and agents track experiments, train models, and ship to production. GitHub - mrdanielcasper/CoreTex: A UNIX-inspired, biomimetic, flat-file AI harness and knowledge engine. GitHub - clemg/pierre-github: Pierre's diffs.com and trees.software for Github GitHub - lyriks-io/unspaghettit: Behavior-driven AI development without prompt spaghetti. GitHub - sofumel/claude-handoff-revive: Resume Claude Code work after rate/usage/context limits without replaying the prior transcript. Auto-saves at 90%/95% usage. Plugin-installable, 10 languages. GitHub - dotexorg/saferpc: Typed, end-to-end encrypted RPC over any bidirectional channel. GitHub - BeeZeeAgent/beezee: Agent harness orchestration Legato Next.js Boilerplate for Internal Tools · CoreUI GitHub - clark-labs-inc/clark-hash: Clark Hash, 32x smaller searchable sketches for embeddings GitHub - ZeroPointRepo/youtube-mcp: The fastest YouTube transcript + YouTube search MCP for AI agents. Try for free. Typing Mastery — climb toward 100+ WPM, deliberately GitHub - Andebugulin/Awareen GitHub - fayzan123/claude-workflow-composer: Visual desktop app for composing multi-agent coding workflows. Drag agents, attach skills and MCPs, wire handoffs, export to .claude/ GitHub - harshaneel/humanize: Best static AI text humanizer. Two research-grounded skills that work in any LLM (Claude, ChatGPT, Gemini, Codex): humanize beats perplexity-based detectors, ai-check produces forensic scoring with evidence-quoted flags. Nine levers, 50+ peer-reviewed sources, 2024-2026 detection literature. GitHub - StackOneHQ/stack-nudge GitHub - nodes-app/swift-markdown-engine: A native AppKit Markdown editor for macOS, built on TextKit 2 and bridged to SwiftUI. We hardened an LLM agent. Each defense we added made it more exploitable. GitHub - alkait/WhatsKept: Agent-queryable WhatsApp history from an iOS backup — a single Go binary. GitHub - octelium/cordium: Open-source, general-purpose sandbox platform for devs and AI agents that provides identity-based secure access to infrastructure without credentials. WAR.GOV/UFO Microfilm5 GitHub - scosman/videowright: Build animated explainer videos with your coding agent GitHub - dipankar/dscode: The code editor you can take apart. GitHub - zoharbabin/web-researcher-mcp: MCP server (Go) for AI assistants: web search, content extraction, academic/patent/news research. Multi-provider routing, 4-tier scraping, search lenses. Works with Claude, Cursor, and any MCP client. GitHub - ruvnet/RuView: π RuView turns commodity WiFi signals into real-time spatial intelligence, vital sign monitoring, and presence detection — all without a single pixel of video. GitHub - scanaislop/aislop: Catch the slop AI coding agents leave in your code: narrative comments, swallowed exceptions, as-any casts, dead code, oversized functions. 50+ rules across 7 languages (TypeScript, JavaScript, Python, Go, Rust, Ruby, PHP). Sub-second, deterministic, no LLM at runtime. MIT-licensed. GitHub - kouhxp/cheap-im: CPU-only voice agent approximating Thinking Machines' Interaction Models demo GitHub - unprovable/OrchidMantis: Orchid Mantis — standalone framework for Zero-Knowledge Proofs of eXploit (ZKPoX). GitHub - MarcellM01/TinySearch: Shrink the web for your local LLMs! GitHub - TangibleResearch/Halgorithem: A Algo designed to detect AI Hallucitions GitHub - DO-SAY-GO/freelang: I love freelang GitHub - CarpseDeam/Aura-IDE: An AI coding harness that shaped itself - Planner/Worker agents, repo awareness, surgical edits, validation, recovery, and safe diff approvals. GitHub - chojs23/concord: A feature-rich TUI client for Discord GitHub - tommyjepsen/awesome-ux-skills: UX & AI Product designs skills you can use today in Claude Code GitHub - aerf-spec/aerf: Agent Evidence Receipt Format (AERF) — an open specification for tamper-evident, independently verifiable records of AI agent actions. GitHub - kklimuk/docx-cli: CLI for AI agents (Claude, Codex) to read, edit, and comment on .docx files with full format fidelity. GitHub - Jwrede/tokentoll: Catch LLM cost changes in code review. Infracost for LLM spend. GitHub - samchon/ttsc: A `typescript-go` toolchain for compiler-powered plugins and type-safe execution + 500x faster lint integrated into compiler GitHub - Higangssh/homebutler: 🏠 Manage your homelab from chat. Single binary, zero dependencies. GitHub - olalie/tapmap: See where your computer connects and what stands out on a live world map. GitHub - Diplomat-ai/diplomat-agent: What can your AI agent do to the real world? Scan your code. See which tool calls have zero checks GitHub - Bajusz15/beacon: Open-source agent for secure remote access, monitoring, and deploys across home-lab and self-hosted machines like Raspberry Pi, N100, or any Linux server. Open web based TTY or tunnel Home Assistant and other local services securely without opening ports. BigTech AI News - Chrome 应用商店 GitHub - vinhnx/VTCode: VT Code is an open-source coding agent with LLM-native code understanding and robust shell safety. Supports multiple LLM providers with automatic failover and efficient context management. GitHub - michaelaz774/decision-engine: A decision operating system for startup founders, powered by Claude Code. Synthesizes wisdom from 25+ legendary founders and investors into interactive AI-driven decision frameworks. GitHub - Chrilleweb/dotenv-diff: Validate environment variable usage in your codebase GitHub - Lumen-Labs/brainapi2: BrainAPI is a knowledge graph–powered AI memory layer that transforms unstructured data into structured knowledge, enabling intelligent search, recommendations, and contextual memory for AI agents and applications. GitHub - familiar-software/familiar: Let AI watch you work. Familiar lets your AI update its memory, skills, and knowledge by watching your screen. GitHub - skorotkiewicz/rudo: A small, elegant dock for Wayland GitHub - muxshed/shed: One stream in, or many. Every destination, simultaneously. No cloud middleman, no per-channel fees, no limits. make sidebar/address bar rounded corner toggleable
Introducing Topos: Quality is the New Currency
Jeremy Wayland · 2026-06-26 · via Show HN

Krv-Labs/topos is open source Star — or jump straight to installation.

A New Breed of Fatigue

Every engineer who has used Claude Code or let an agent loose on their repo knows the exact flavor of dread that comes next: a notification pops up, and you are staring at an 800-line diff spanning 14 files, generated in under five minutes.

The CI pipeline is blindingly green. The micro-syntax is flawless. But as you start scrolling, reality hits you: we are now approving code we don't actually understand.

The cognitive load is asymmetrical. The agent solved the immediate ticket, sure, but it did so by hallucinating a slightly worse copy of a utility module that already existed three folders away, duct-taping a bizarre abstraction around a simple function. By line 200, your eyes glaze over. Exhausted by the sheer volume, you succumb to green-light fatigue, trust the tests, and hit Squash and Merge.

“We are generating code at machine speed but reviewing it at human speed.”

The binary pass/fail of a unit test only proves the code ran; it tells you absolutely nothing about whether the agent actually grokked your system. Without structural guardrails, agentic speed is automated entropy: more code, less clarity, until review collapses under its own weight.

Topos was built to break this cycle. Instead of reviewing 60-file diffs line by line, you review structural properties—and how they evolve. We've already changed how we write code. It's time to change how we review it. By parsing programs into their underlying mathematical graphs—control flow, module dependency, and data flow—Topos measures the true cost of a diff. It turns vague demands to “clean this up” into concrete, verifiable targets your agents can actually aim for.

Beyond Pass/Fail

Agents have made code cheap. That is useful, but it changes the bottleneck. The scarce resource is no longer a first draft of the implementation; it is judgment about whether the draft belongs in the codebase.

The default evaluation loop is still binary: tests either pass or fail. That only describes two states. Production software needs a richer vocabulary: readable but tightly coupled, secure but unmaintainable, locally correct but globally awkward, and everything in between.

“Correctness is table stakes.” Passing tests tells you the code ran. It does not tell you whether the agent understood the repo.

This is the agentic spray problem: when generation outruns codebase understanding, you get more code than clarity. Duplicate modules, fragile linkages, extra wrappers, and review cycles that burn tokens explaining context the agent should have respected. Topos gives that review a measurable object: the structure of the program itself.

How Topos Works

Topos measures code quality and turns it into something you can aim at: a Code Quality Medal per file. Concrete tiers with defined structural criteria—not a vague directive to “make it better.”

Each file is scored on three independent pillars. You can pass any combination; Gold means all three pass.

  • GOLD: Passes all 3 (Simple + Composable + Secure)
  • SILVER: Passes 2 of 3 (e.g., Simple & Secure)
  • BRONZE: Passes 1 of 3 (e.g., Composable only)
  • SLOP: Passes 0 (or fails to parse)

Set preferences to tell agents which medal (or pillar mix) matters most under time and token budgets. If Gold isn't reachable, they take the next-best medal on your priority list—always a defined next step, never a dead end.

Why Structure?

Agents choke on “make it better.” They thrive on structured feedback and achievable next steps. A map of quality states—not a single pass/fail bit—is what makes the difference. That map is the quality lattice behind the medals.

Most analysis tools scan syntax—style violations, known anti-patterns, missing semicolons. Topos analyzes the shape of the program itself: its structure, independent of what language it is written in. That distinction is what makes structural medals something agents can genuinely optimize toward rather than superficially satisfy.

Time and tokens are finite. Ideal code is not always achievable in one pass—and it shouldn't have to be. Topos lets you set pillar priorities so agents pursue the best program structure you can afford without burning cycles on dimensions you don't care about yet. Those preferences induce an order on the lattice: concrete instructions for exactly how to relax, medal by medal, instead of vague “polish everything” prompts.

  • The relaxation walk: Stuck on Gold? Your preference ranking plus the lattice always defines the next medal to aim for—the highest feasible step along the path you chose.
  • Anti-gaming: Because we measure graph structure, padding comments and shuffling lines don't fool the scorer—only genuine structural improvements move the needle.

The framework draws on category theory—a branch of mathematics built to specify what we mean in messy, multi-dimensional domains. For a gentler introduction, see Getting Started with Category Theory; for the formal construction, the deep dive is below.

Why a Topos? (The Structural Motivation)

Simple, Composable, and Secure are potentially orthogonal dimensions for evaluating code quality. A topos gives us the right mathematical setting for balancing complex evaluations: the medal lattice is its subobject classifier, a Heyting algebra generated by distinct dimensions of code quality. Agents write code based on your preferences by navigating the lattice.

This maps to three natural layers in the source:

  • Objects (representations): Programs parsed into graphs—AST, CFG, CPG, MDG. These live in topos/representations/. Each graph family is the right “view” for one pillar.
  • Morphisms (probes and profunctors): Structure-preserving maps on those graphs. topos/probes/ contains point-in-time metrics on a single graph (cyclomatic complexity, Martin instability, taint reachability). topos/profunctors/ contains relational comparisons between two programs—detecting cosmetic refactors, powering structural test coverage.
  • Truth values (the medal lattice): The 8-element Heyting algebra over {Simple, Composable, Secure}. Each element is a legitimate structural state, not a degraded score. Medals are tiers of this lattice. The preference system defines a monotone path through it—so agents always have a concrete next step, even when GOLD isn't reachable.

The name isn't decoration, by the way. The topos structure is what lets you add a fourth pillar later without redesigning the medal system—you extend the algebra, and the lattice, the traversal logic, and the agent instructions all follow.

What We Measure

Topos parses code into graph representations of program structure—abstract syntax trees, control-flow graphs, and dependency graphs—and runs structural probes on those graphs. For v0.3.0 we launch with three independent pillars; the framework extends to new ones over time.

Each pillar maps to a specific graph family:

SIMPLE

AST + CFG

Code complexity. Cyclomatic complexity and token entropy on the abstract syntax tree and control-flow graph.

COMPOSABLE

MDG

Module coupling. Martin instability and fan-out on the module dependency graph (via GitNexus).

SECURE

CPG

Data-flow safety. Dangerous API reachability and taint paths from the code property graph.

These are separate dimensions of quality—like stats on a character sheet, not one blended GPA.

Three pillars expand that to eight structural quality states. Medals group them into tiers agents and humans can act on:

Fig 1/Topos quality lattice/Eight structural states grouped into Gold / Silver / Bronze / Slop tiers.

The Topos Architecture & Case Study

Topos separates structural analysis into three layers—from parsing code into graphs, to scoring a single file, to comparing versions:

  • Representations: Programs aren't just text. Topos parses source into graph representationsAST, CFG, CPG, and MDG— the same structures behind the SIMPLE, COMPOSABLE, and SECURE pillars.
  • Probes: Point-in-time metrics on a single graph—cyclomatic complexity on a CFG, Martin instability on an MDG. They answer “how is this file doing right now?”
  • Profunctors (comparisons): Relational checks between two program versions—or between code and its tests. Where probes answer “how is this file right now?”, profunctors answer “what structurally changed, and does the test suite still match the production logic?” They power topos compare and Structural Test Coverage.

Case Study: Grading Code You Already Trust

A scorer is only believable once you watch it run on code you already have opinions about. So treat this as a case study, not a calibration. The pillar thresholds themselves were set on a much larger, multi-language corpus—we'll detail that work in a future, more technical post. Here we simply point Topos v0.3.0 at three libraries developers reach for every day— requests, numpy, and pandas—and score every parseable file to see how familiar code lands against the same bar.

Each file earns three independent scores from 0 to 100(higher is better)—one per pillar:

  • Simplicity— Is complexity under control (branching, function size, structure)?
  • Secure— Does it avoid risky API patterns?
  • Composable— Are module dependencies clean, or tangled? (requires a one-time repo map via GitNexus)

Read the panels below as a sanity check: how does code we already trust land against thresholds calibrated elsewhere? The answer is reassuring—and revealing about where even well-loved libraries leave structural room to improve. Expand any panel to dig in.

numpy's COMPOSABLE score of 26 reflects its intentionally monolithic structure—acceptable for a library you fork once and pin forever, but a structural liability in code an agent regenerates weekly. High fan-out modules like numpy/core have instability scores approaching 1.0: they depend on almost everything and are depended on by almost nothing, making them cheap to write and expensive to change.

Case study: Topos v0.3.0 scored across 1,927 parseable files in requests, numpy, and pandas. Pillar thresholds were calibrated separately on a larger multi-language corpus.

Try It On Your Codebase

Topos meets you where you review code—start in your editor, drop to the terminal, or wire it into an agent. Each path stands on its own.

VS Code Extension — MCP ServerGet quality medals and pillar scores inline in VS Code—inside agents and chat, as you review.Install extensionView on GitHub

Coding agents — the MCP server exposes Topos quality targets to any coding agent. Setup guide

Terminal — install the CLI, then evaluate any repo.

curl -fsSL https://docs.krv.ai/topos/install.sh | sh

topos evaluate . -r

The Judgment Gap

The agentic era doesn't have a code shortage. It has a judgment gap. Agents ship faster than understanding travels—and the distance between generation and comprehension is exactly where debt accumulates.

Topos closes that gap concretely. An agent generates a file and Topos returns a verdict: GOLD, SILVER, BRONZE, or SLOP. Not a list of vague complaints—the same structural scorecard we just ran across production-grade libraries like numpy, pandas, and requests. If your agent lands a BRONZE on cyclomatic complexity (too many branches), the relaxation walk tells it exactly what to fix to reach SILVER: split the function, reduce nesting, or extract a helper. Every step is measurable, every target is real.

Concrete structural targets let agents build toward maintainability, not just a green test suite. You can't prompt away bad architecture—but you can measure it.

The code your agents write today is the system your team will diagnose at 2 a.m. Measure it now.

Topos v0.3.0 is live and open for exploration. Follow @krv_labs for updates.