惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

WordPress大学
WordPress大学
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
博客园 - 三生石上(FineUI控件)
雷峰网
雷峰网
爱范儿
爱范儿
P
Proofpoint News Feed
Security Archives - TechRepublic
Security Archives - TechRepublic
Latest news
Latest news
The Hacker News
The Hacker News
Cyberwarzone
Cyberwarzone
博客园 - 【当耐特】
Project Zero
Project Zero
小众软件
小众软件
T
Tailwind CSS Blog
量子位
博客园 - 聂微东
I
Intezer
美团技术团队
S
SegmentFault 最新的问题
T
Tor Project blog
Spread Privacy
Spread Privacy
V
Vulnerabilities – Threatpost
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Jina AI
Jina AI
罗磊的独立博客
B
Blog RSS Feed
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
T
Troy Hunt's Blog
有赞技术团队
有赞技术团队
Google DeepMind News
Google DeepMind News
宝玉的分享
宝玉的分享
C
Cisco Blogs
L
LINUX DO - 热门话题
Last Week in AI
Last Week in AI
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
AI
AI
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Microsoft Azure Blog
Microsoft Azure Blog
L
LINUX DO - 最新话题
Know Your Adversary
Know Your Adversary
GbyAI
GbyAI
Engineering at Meta
Engineering at Meta
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Recent Commits to openclaw:main
Recent Commits to openclaw:main
L
Lohrmann on Cybersecurity
The Register - Security
The Register - Security
L
LangChain Blog
博客园 - 叶小钗
T
Tenable Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC

Show HN

GitHub - steveking-gh/firmion: Firmion is DSL and engine for firmware image generation. GitHub - villagesql/villagesql-skills: Agent skills for VillageSQL - gemini-cli-extension; claude-code-plugin GitHub - flightdeckhq/flightdeck: Observability and control plane for AI agents. CSP Radar GitHub - Light-Heart-Labs/DreamServer: Turn your PC, Mac, or Linux box into an AI server. LLM inference, chat UI, voice, agents, workflows, RAG, and image generation. GitHub - Diplomat-ai/diplomat-agent-ts: What can your TypeScript AI agent do to the real world? Scan your code. See which tool calls have zero checks Code Block Selector - Visual Studio Marketplace Prometheus dependency graph — interactive showcase | Riftmap Show HN: I made a vi-like modal keyboard plugin for Figma GitHub - run-llama/liteparse: A fast, helpful, and open-source document parser GitHub - dalemyers/Roar: A macOS CLI tool for notifications GitHub - district-solutions/open-agent-tools-coder: Enables small-to-large self-hosted ai models to use local source code when running tool-calling agentic workloads. We actively data mine 20,900+ (2+ TB) popular github repos using large and small ai models to create reuseable: json, markdown and parquet files for local-first tool-calling models. GitHub - progapandist/stripeek: A local TUI proxy for real-time Stripe API debugging, built for navigating complex payloads fast. GitHub - sir1st/hermes-desktop: All-in-one cross-platform desktop app for Hermes Agent — bundles Python + hermes-agent + hermes-web-ui GitHub - astefanutti/shaderbang: Shebang for Shaders Show HN: Generate Claude Code Workflows using Spec Driven Development approach GitHub - nixys/nxs-universal-chart: The Helm chart you can use to install any of your applications into Kubernetes/OpenShift Show HN: AI agents for UK GDAD PCF roles and their skills The Two Pillars: Mixer Mode and Meta-Software in the Reorganization of Software Work After AI GitHub - JaiCode08/teleport-env What 1,000+ Harness Experiments Taught Me About Self-Improving Agents Show HN: Liiists, a Markdown-first, iOS and CLI list app SwiperTab – Get this Extension for 🦊 Firefox (en-US) GitHub - kouhxp/fftext: Summarize, explain, fact-check, or translate any text, URL, or file. No GPU. No cloud. One command GitHub - sweetpad-dev/sweetpad: Develop Swift/iOS projects using VSCode GitHub - dogmaticdev/IRON: IRON a.k.a. Intermediate Representation Object Notation is a Interpreter/Database that is used to create Programming Languages. GitHub - sjhalani7/vaen: Package your AI coding harness into a portable .agent file, and share it across repos, teams, & the community without ever having to copy-paste instructions, skills, MCP config, or secrets. Show HN: Gandalf the Grader Show HN: Citadeld – replay any CI failure locally from a single file GitHub - tdortman/cuSBF: High-Performance GPU Super Bloom Filter coral-ai/claude-code-token-xray at main · Coral-Bricks-AI/coral-ai GitHub - ulyssestenn/funes: Funes is a Git-based framework for LLM-managed knowledge work: an AI Librarian ingests raw sources, builds an interlinked Markdown knowledge base, and uses it to produce cited reports, analyses, and other outputs. GitHub - ThatXliner/gah: Git Add Hunk, built for agents to use GitHub - harmont-dev/harmont-cli: Command-line client for the Harmont CI platform GitHub - brooksmcmillin/mcp-authflow: OAuth 2.0 Authorization Server framework for MCP servers GitHub - javaid-codes/audit-supply-chain-agents GitHub - amorey/gochan: A small library of common channel architectures for Go, inspired by Rust GitHub - arifozgun/OpenGem: Free, Open-Source AI API Gateway with Gemini, OpenAI & Anthropic Compatibility in 1 file GitHub - Pranesh950/BioPetals: 🌸 Run BIOxAI models at home, BitTorrent-style. Fine-tuning and inference up to 10x faster than offloading GitHub - cnguyen14/bounty-doctor: Diagnose a GitHub bounty issue before you waste hours: detects honeypot scam repos, AI-bot attempt swarms, and stale contests. Show HN: CoreMCP – MCP Server for On-Prem DBs Show HN: KittyHTML – Render HTML/CSS as an inline image in your terminal GitHub - bingud/filemat: Web-based file manager Show HN: TruthLens – Free multi-signal deepfake image detector GitHub - apexlocal-jz/claude-usage-tray: Windows system-tray app showing your Claude Code rate-limit usage at a glance. Zero deps, ~300 lines of PowerShell. Cross-IDE (works regardless of VS Code, Cursor, plain terminal). Release v0.1.2.1 · kouhxp/yapsnap GitHub - noopolis/moltnet: Self-hostable chat network for AI agents. Pre-built bridges for Claude Code, Codex, and the Claws. Rooms, DMs, history. No Slack bots, no Matrix, no glue code. GitHub - tamerh/enju: Coordinating Humans, AI Agents, and Compute as Peers on a Shared Workflow Graph Show HN: Continuity-auth – Respect-weighted rate limits for the open web GitHub - luml-ai/luml: AI lifecycle platform where engineers and agents track experiments, train models, and ship to production. GitHub - mrdanielcasper/CoreTex: A UNIX-inspired, biomimetic, flat-file AI harness and knowledge engine. GitHub - clemg/pierre-github: Pierre's diffs.com and trees.software for Github GitHub - lyriks-io/unspaghettit: Behavior-driven AI development without prompt spaghetti. GitHub - sofumel/claude-handoff-revive: Resume Claude Code work after rate/usage/context limits without replaying the prior transcript. Auto-saves at 90%/95% usage. Plugin-installable, 10 languages. GitHub - dotexorg/saferpc: Typed, end-to-end encrypted RPC over any bidirectional channel. GitHub - BeeZeeAgent/beezee: Agent harness orchestration Legato Next.js Boilerplate for Internal Tools · CoreUI GitHub - clark-labs-inc/clark-hash: Clark Hash, 32x smaller searchable sketches for embeddings GitHub - ZeroPointRepo/youtube-mcp: The fastest YouTube transcript + YouTube search MCP for AI agents. Try for free. Typing Mastery — climb toward 100+ WPM, deliberately GitHub - Andebugulin/Awareen GitHub - fayzan123/claude-workflow-composer: Visual desktop app for composing multi-agent coding workflows. Drag agents, attach skills and MCPs, wire handoffs, export to .claude/ GitHub - harshaneel/humanize: Best static AI text humanizer. Two research-grounded skills that work in any LLM (Claude, ChatGPT, Gemini, Codex): humanize beats perplexity-based detectors, ai-check produces forensic scoring with evidence-quoted flags. Nine levers, 50+ peer-reviewed sources, 2024-2026 detection literature. GitHub - StackOneHQ/stack-nudge GitHub - nodes-app/swift-markdown-engine: A native AppKit Markdown editor for macOS, built on TextKit 2 and bridged to SwiftUI. We hardened an LLM agent. Each defense we added made it more exploitable. GitHub - alkait/WhatsKept: Agent-queryable WhatsApp history from an iOS backup — a single Go binary. GitHub - octelium/cordium: Open-source, general-purpose sandbox platform for devs and AI agents that provides identity-based secure access to infrastructure without credentials. WAR.GOV/UFO Microfilm5 GitHub - scosman/videowright: Build animated explainer videos with your coding agent GitHub - dipankar/dscode: The code editor you can take apart. GitHub - zoharbabin/web-researcher-mcp: MCP server (Go) for AI assistants: web search, content extraction, academic/patent/news research. Multi-provider routing, 4-tier scraping, search lenses. Works with Claude, Cursor, and any MCP client. GitHub - ruvnet/RuView: π RuView turns commodity WiFi signals into real-time spatial intelligence, vital sign monitoring, and presence detection — all without a single pixel of video. GitHub - scanaislop/aislop: Catch the slop AI coding agents leave in your code: narrative comments, swallowed exceptions, as-any casts, dead code, oversized functions. 50+ rules across 7 languages (TypeScript, JavaScript, Python, Go, Rust, Ruby, PHP). Sub-second, deterministic, no LLM at runtime. MIT-licensed. GitHub - kouhxp/cheap-im: CPU-only voice agent approximating Thinking Machines' Interaction Models demo GitHub - unprovable/OrchidMantis: Orchid Mantis — standalone framework for Zero-Knowledge Proofs of eXploit (ZKPoX). GitHub - MarcellM01/TinySearch: Shrink the web for your local LLMs! GitHub - TangibleResearch/Halgorithem: A Algo designed to detect AI Hallucitions GitHub - DO-SAY-GO/freelang: I love freelang GitHub - CarpseDeam/Aura-IDE: An AI coding harness that shaped itself - Planner/Worker agents, repo awareness, surgical edits, validation, recovery, and safe diff approvals. GitHub - chojs23/concord: A feature-rich TUI client for Discord GitHub - tommyjepsen/awesome-ux-skills: UX & AI Product designs skills you can use today in Claude Code GitHub - aerf-spec/aerf: Agent Evidence Receipt Format (AERF) — an open specification for tamper-evident, independently verifiable records of AI agent actions. GitHub - kklimuk/docx-cli: CLI for AI agents (Claude, Codex) to read, edit, and comment on .docx files with full format fidelity. GitHub - Jwrede/tokentoll: Catch LLM cost changes in code review. Infracost for LLM spend. GitHub - samchon/ttsc: A `typescript-go` toolchain for compiler-powered plugins and type-safe execution + 500x faster lint integrated into compiler GitHub - Higangssh/homebutler: 🏠 Manage your homelab from chat. Single binary, zero dependencies. GitHub - olalie/tapmap: See where your computer connects and what stands out on a live world map. GitHub - Diplomat-ai/diplomat-agent: What can your AI agent do to the real world? Scan your code. See which tool calls have zero checks GitHub - Bajusz15/beacon: Open-source agent for secure remote access, monitoring, and deploys across home-lab and self-hosted machines like Raspberry Pi, N100, or any Linux server. Open web based TTY or tunnel Home Assistant and other local services securely without opening ports. BigTech AI News - Chrome 应用商店 GitHub - vinhnx/VTCode: VT Code is an open-source coding agent with LLM-native code understanding and robust shell safety. Supports multiple LLM providers with automatic failover and efficient context management. GitHub - michaelaz774/decision-engine: A decision operating system for startup founders, powered by Claude Code. Synthesizes wisdom from 25+ legendary founders and investors into interactive AI-driven decision frameworks. GitHub - Chrilleweb/dotenv-diff: Validate environment variable usage in your codebase GitHub - Lumen-Labs/brainapi2: BrainAPI is a knowledge graph–powered AI memory layer that transforms unstructured data into structured knowledge, enabling intelligent search, recommendations, and contextual memory for AI agents and applications. GitHub - familiar-software/familiar: Let AI watch you work. Familiar lets your AI update its memory, skills, and knowledge by watching your screen. GitHub - skorotkiewicz/rudo: A small, elegant dock for Wayland GitHub - muxshed/shed: One stream in, or many. Every destination, simultaneously. No cloud middleman, no per-channel fees, no limits. make sidebar/address bar rounded corner toggleable
GitHub - breadMSA/pytest-tia: Test Impact Analysis for pytest: run only the tests your change actually affects. Method-level, tracks non-.py deps, CI-ready, and honest about its limits.
BreadWasEate · 2026-06-20 · via Show HN

Run only the tests your changes actually affect. Big suites spend most of their CI time re-running tests that couldn't possibly have broken; tia builds a per-test coverage map once, then uses your git diff to select the minimal set of tests to run.

This is the same idea Google/Meta run internally (Test Impact Analysis).

Honest disclosure (read this first)

Test selection has exactly one cardinal sin: skipping a test that would have failed. A tool you can't trust on that is worse than no tool. So before any feature list, here is where this project earned — or failed to earn — that trust.

While benchmarking on Flask, an early run reported a median skip rate of 73%. It looked great. It was a lie. coverage.py's default measurement core on Python 3.12+ (sysmon) records only the first test to hit each line and silently drops the rest, so any test that reused a shared helper was never mapped — and changing that helper would have skipped them. The high number was false negatives wearing a costume. We forced the C tracer (COVERAGE_CORE=ctrace), every test mapped, and the number fell to the truth: median ~21% skip on Flask (≈40% mean; cosmetic commits 99%+). The toy demo could never have shown this — only a real codebase did.

So the Flask number is deliberately the lower bound: Flask is small and tightly coupled, near the worst case for test selection. We'd rather publish the honest floor than a cherry-picked ceiling. But a floor alone is misleading too, so we measured the other end: on boltons, a modular utility library, the honest median skip on real logic changes is ~96%. Same tool, same rules — the variable is how decoupled your tests are. The truth is a range, ~21% (worst case) ↔ ~96% (modular), and both ends are measured on real third-party suites, not toys. Per-commit tables and the "I distrusted this number first" audits: Flask · boltons.

How it works

  1. tia record runs the full suite once with a pytest plugin that switches coverage.py's dynamic context to each test's nodeid, then maps every executed line to its enclosing function via the AST. The result is a method-level map {test -> {file -> {qualnames}}} saved to .tia/map.json, stamped with the git ref it was recorded at. Because coverage is dynamic, the whole call chain a test exercises (controller → service → repo → utils) is captured for free.
  2. tia run diffs your tree against that ref, reading the old side of each hunk (same coordinate system as the map), then parses each file as it existed at that ref (git show) to resolve changed lines to changed functions.
  3. It selects tests by three rules (see tia/select.py) and runs only those via pytest.

Selection rules

  1. Function hit — a test executed a function whose body changed. Immune to line shifts elsewhere in the file (the whole point of going method-level).
  2. Module-level fallback — a file had a module-level modification (constant, import, class body). Runs every test touching that file. Module-level insertions (a new function/test) are ignored so they don't drag the whole file in.
  3. Data dependency — a non-.py file changed (config, fixture, template). Runs every test that opened that file while recording. These reads are captured with a sys.addaudithook on the open event, so dependencies coverage can't see don't become silent false negatives.
  4. New test — any collected test not in the map has never been measured, so it always runs.

A dynamic-safety modifier sits on top of rules 1–2: a file flagged at record time as using reflection (getattr by computed name, eval, importlib, __getattr__) is widened from method-level to file-level when it changes — coverage can't be trusted to have captured every edge in/out of it. --trust-dynamic opts out. This is mitigation, not a solution; nothing resolves dynamic dispatch precisely (it's undecidable in general), so still run the full suite on a cadence.

A cosmetic-change filter sits underneath everything: before selecting, a changed .py file whose edit is only comments, whitespace, or docstrings is dropped entirely. The test is the AST — comments and formatting aren't in it, docstrings are stripped before comparing — and it compares the old and new trees, so uncommenting a line still counts as real. So a "fix typo" / "add docstring" / "run black" commit on a core file selects nothing instead of half the suite. --all-changes opts out. Safe by construction: it only removes false positives.

The same filter also drops type-only edits — but only the kind that is provably dead at runtime, because the common belief that "type hints don't run" is false: dataclasses, pydantic and attrs all read __annotations__. So it strips exactly two things: the body of an if TYPE_CHECKING: block (never executed at runtime — where most hint churn lives) and function-local annotations (PEP 526: never evaluated nor stored). It deliberately keeps a change to a function signature or a class/module-level annotation as real, because a dataclass field's type genuinely changes behavior. Stripping those would be a false negative — the one sin this tool won't commit. So "added the type hints" stops triggering tests, without ever hiding a dataclass field-type change.

Usage

pip install -e .

tia record [PATH]          # build the map (run from the repo root)
tia run [PATH]             # run only affected tests
tia run --since main       # diff against another ref
tia run --list             # show the selection, don't run
tia run --report -         # also print a Markdown summary (see CI mode)
tia status                 # summarize the recorded map

tia serve --dir ./maps     # run the bundled map store (zero deps)
tia push --to  <dir|url>   # publish the local map (for CI)
tia pull --from <dir|url>  # fetch a published map

Remotes for push/pull/--remote can be a directory, an http(s):// URL (the bundled store), or native object storage: s3://bucket/prefix (pip install pytest-tia[s3]) or gs://bucket/prefix (pytest-tia[gcs]). The cloud SDKs are imported lazily, so the core install stays dependency-light unless you actually use those URLs.

Run from the repository root (where pyproject.toml / .git live) so nodeids and file paths stay consistent.

CI mode

The map a base-branch job builds has to reach the PR job that consumes it. Publish it to a shared remote keyed by the git ref it was recorded at. The remote can be a directory (a cache volume / artifact dir), an http(s):// URL served by the bundled store, or a native s3:// / gs:// bucket:

# one zero-dependency map store for the team / CI (stdlib only)
python -m tia.server --dir ./tia-maps --port 8000     # or: tia serve ...

# base branch job
tia record && tia push --to s3://my-company-ci/tia-maps

# PR job — no local map needed; pulls by base ref, falls back to latest
tia run --remote s3://my-company-ci/tia-maps --since "$(git merge-base origin/main HEAD)"

In a GitHub Actions PR job, tia run auto-detects $GITHUB_STEP_SUMMARY and posts a Markdown table to the check page — which files changed, the impact of each, and exactly which tests were selected and why. No flag needed; it's the same explanation as the terminal output, rendered for the PR. (--report <path>, or --report - for stdout, forces it anywhere.)

A ready-to-copy GitHub Actions workflow is in examples/ci/github-actions.yml.

run resolves the diff against line→function tables baked into the map at record time, so it never needs git show on the base blob — which is what makes it safe under shallow clones (clone --depth=1), where that blob may not be fetched. The diff itself still needs the base commit; in a shallow checkout, fetch just that ref first (git fetch --depth=1 origin <base-sha>).

Known limitations (honest list)

  • Insertion anchoring. Appending a function/test right after an existing one anchors on that one's last line, pulling it in as one extra test. A bounded false positive, never a false negative.
  • Coordinate sync. The map is stamped with the ref it was recorded at and run diffs against it automatically. Re-run tia record after you commit so the map stays fresh.
  • Subprocess / other-thread execution isn't traced. We attribute a test's setup, call, and teardown (so fixture work and fixture file reads count), but code that runs in a child process or a non-measured thread is invisible to coverage and can hide a dependency.
  • Needs coverage's C tracer. On Python 3.12+ coverage defaults to the sysmon core, which records only the first test to hit each line and silently drops the rest — a false negative for any shared helper. tia forces COVERAGE_CORE=ctrace during recording to get correct per-test contexts; don't override it back to sysmon.
  • Dynamic dispatch / reflection / subprocesses aren't traced by coverage and can hide a real dependency. tia detects reflection and degrades to file-level there (see the dynamic-safety modifier), but a getattr target in one file pointing at a function in another is still beyond it. Re-record periodically and run the full suite on a cadence.

Roadmap

  • Method-level analysis (AST) — done.
  • Silent dependencies — track non-.py files each test reads.
  • CI mode — remote map storage + shallow-clone-safe diffing.
  • Static fallback for dynamic dispatch / DI frameworks — detect-and-degrade (mitigation, not a precise solution).
  • Industrialize — zero-dep HTTP map store (tia serve) + GitHub Actions template, so adopting it is a few lines, not a project.
  • Real-repo benchmark, both ends of the range — Flask (worst case, ~21%, RESULTS.md) and boltons (modular, ~96% on logic changes, RESULTS-boltons.md). The Flask run also caught a recorder false-negative bug (the sysmon core dropping contexts).
  • Cosmetic-change filter — ignore comment/docstring/format-only edits so they select nothing instead of a whole file.
  • Type-only filter (v1.1) — also ignore if TYPE_CHECKING: and function-local annotation edits; keep signature/dataclass-field type changes (provably-safe subset only — no false negatives).
  • Native S3 / GCS remotes (v1.1)s3:// / gs:// map stores via lazily-imported SDKs; core install stays dependency-light.
  • CI step summary (v1.1) — auto-post a Markdown impact table to the PR via $GITHUB_STEP_SUMMARY.
  • Not planned: precise cross-file dynamic dispatch. Resolving a getattr/eval target across files is undecidable in general; the detect-and-degrade modifier plus periodic full runs is the honest answer, not a static call graph that drowns in edge cases.

Demo

examples/calc/ is a tiny suite that proves the behavior end to end. See the scenarios in the project history.