惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

TaoSecurity Blog
TaoSecurity Blog
博客园 - 司徒正美
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
博客园 - 【当耐特】
M
MIT News - Artificial intelligence
罗磊的独立博客
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Stack Overflow Blog
Stack Overflow Blog
The GitHub Blog
The GitHub Blog
Google DeepMind News
Google DeepMind News
Security Archives - TechRepublic
Security Archives - TechRepublic
宝玉的分享
宝玉的分享
N
News and Events Feed by Topic
The Hacker News
The Hacker News
Google DeepMind News
Google DeepMind News
C
CERT Recently Published Vulnerability Notes
F
Full Disclosure
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
S
Security @ Cisco Blogs
H
Hacker News: Front Page
L
LangChain Blog
Microsoft Security Blog
Microsoft Security Blog
Y
Y Combinator Blog
B
Blog RSS Feed
H
Heimdal Security Blog
Google Online Security Blog
Google Online Security Blog
Apple Machine Learning Research
Apple Machine Learning Research
博客园 - 三生石上(FineUI控件)
V2EX - 技术
V2EX - 技术
V
Vulnerabilities – Threatpost
Help Net Security
Help Net Security
Hacker News - Newest:
Hacker News - Newest: "LLM"
T
Tailwind CSS Blog
W
WeLiveSecurity
T
Tenable Blog
D
DataBreaches.Net
Martin Fowler
Martin Fowler
Cyberwarzone
Cyberwarzone
Cisco Talos Blog
Cisco Talos Blog
S
Secure Thoughts
O
OpenAI News
L
LINUX DO - 热门话题
Vercel News
Vercel News
阮一峰的网络日志
阮一峰的网络日志
Jina AI
Jina AI
J
Java Code Geeks
Know Your Adversary
Know Your Adversary
IT之家
IT之家
Latest news
Latest news
Cloudbric
Cloudbric

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
这个 Princeton 开源项目让 AI 自己修 Bug,19K Stars 但 90% 的人只用了 1% 功能 🔥
· 2026-05-26 · via DEV Community

Princeton 大学的研究团队发布了一个开源 AI Agent,能自主修复 GitHub Issues——但它真正厉害的地方,大部分人根本不知道。

SWE-agent 由 Princeton 大学和 Stanford 大学的研究人员联合开发,自 NeurIPS 2024 亮相以来已斩获 19,310 个 GitHub Stars。项目最初在真实 GitHub Issues 上的修复率仅为 12%,但 1.0 版本配合 Claude 3.7 在 SWE-bench 基准上达到了业界领先水平。以下是你可能错过的隐藏玩法。


2026 年,AI 编程助手已经全面普及。GitHub Copilot、Cursor、Cline 占据了大部分开发者的屏幕。但 SWE-agent 代表了另一种范式——它是首个在标准化软件工程基准上与闭源方案匹敌的开源系统,而且可以直接跑在你现有的硬件上。


隐藏用法 #1:把 CTF 夺旗赛变成 AI 的训练场

大多数人的用法: 只用 SWE-agent 修复自己仓库里的 GitHub Issues。

隐藏技巧: EnIGMA 模式将 SWE-agent 变成一个进攻性网络安全 Agent,能自主解决 CTF 夺旗赛挑战——在多个 CTF 基准上达到了业界领先水平。

# 配置 S WE-agent 进入网络安全 CTF 模式
# 在 config.yaml 中切换 agent 模式:

agent:
  mode: enigma  # 默认是 issue-fixing,切换为 enigma
  benchmark: ctf  # 支持: ctf, swe-bench, coding-challenge

# 对某个 CTF 挑战发起攻击
from swe_agent import SWEAgent

agent = SWEAgent(
    model="claude-sonnet-4",
    config="enigma-ctf.yaml"
)
result = agent.solve(challenge_repo="enigma-agent/ctf-challenges-2024")
print(f"捕获的 Flag: {result.flags_found}")
print(f"解决的挑战数: {result.challenges_completed}")

效果: 团队用 EnIGMA 构建网络安全训练流程。Agent 通过解决真实 CTF 挑战来学习漏洞模式,再将知识迁移到代码库安全审计中。

数据来源: SWE-agent GitHub 19,310 Stars(GitHub API 验证);EnIGMA 在 enigma-agent.com 达到 CTF 基准 SoTA;NeurIPS 2024 论文(arxiv 2405.15793)。


隐藏用法 #2:让 AI 替你刷 LeetCode,还能解释思路

大多数人的用法: 手动日复一日地刷题,希望通过编程面试。

隐藏技巧: S WE-agent 内置编程挑战模式,可以自主解决竞赛编程题目——而且会边做边解释思路。

# 安装 SWE-agent 并配置为编程挑战模式
pip install swe-agent
swe-agent configure --mode coding-challenges

# 从某个 GitHub 仓库解决编程挑战
swe-agent run \
  --repo your/coding-challenges \
  --task "实现支持区间求和的线段树" \
  --model claude-sonnet-4 \
  --max-steps 50

# Agent 自动读取题目、编写测试、实现解决方案并验证

效果: 变被动刷题为 AI 协作学习。Agent 会边思考边解决算法挑战,你可以让它针对你的薄弱环节生成定制化题目集——自动识别你的知识盲区。

数据来源: S WE-agent README 文档确认支持编程挑战模式(swe-agent.com/latest/usage/coding_challenges);GitHub Stars 19,310。


隐藏用法 #3:支持任何 LLM——包括本地运行的模型

大多数人的用法: 以为 SWE-agent 只能用 GPT-4o 或 Claude Sonnet——意味着昂贵的 API 依赖。

隐藏技巧: S WE-agent 从设计上就是模型无关的。通过 YAML 配置切换 Ollama 本地模型,或在会话中动态更换不同提供商的模型。

# 用 Ollama 本地模型配置 S WE-agent
# swe_agent_config.yaml

models:
  - name: ollama/local
    display_name: "本地 Llama 3.3 70B"
    provider: ollama
    model: llama3.3:70b-instruct
    base_url: http://localhost:11434
    capacity: 1

  - name: claude-cloud
    display_name: "Claude Sonnet 4"
    provider: anthropic
    model: claude-sonnet-4-20250514
    capacity: 3

# S WE-agent 根据容量设置自动在可用模型间负载均衡

# 或在运行时覆盖指定模型
from swe_agent import SWEAgent

agent = SWEAgent(config="swe_agent_config.yaml")

# 对特定任务强制使用特定模型
result = agent.solve(
    issue_url="https://github.com/langchain-ai/langchain/issues/12345",
    model="ollama/local"  # 切换到本地模型
)

效果: 某创业团队将每月 400 美元的 Claude 预算替换为单卡 A100 上的本地 Llama 3.3 配置,在内部仓库上达到了相近的修复率。YAML 驱动的配置让模型切换变成一行代码的改动。

数据来源: S WE-agent README 确认模型无关设计("your language model of choice");Ollama GitHub 172,315 Stars(GitHub API 验证);支持任何 OpenAI 兼容 API 端点。


隐藏用法 #4:Mini-SWE-Agent——100 行代码超越 GPT-4 的 SWE-bench 成绩

大多数人的用法: 只知道完整的 SWE-agent——19,000+ Stars,复杂配置,高学习曲线。

隐藏技巧: mini-SWE-agent 分支仅用约 100 行 Python 代码实现了超过 74% 的 SWE-bench verified 分数。它极度简洁——无需巨大的配置文件,无需复杂设置——但分数反而更高。

# mini-SWE-agent: 整个 Agent 约 100 行代码
# pip install mini-swe-agent

from mini_swe_agent import Agent, Bash, Read, Write, Edit

agent = Agent(
    tools=[Bash(), Read(), Write(), Edit()],
    model="claude-sonnet-4"
)

# 一行代码解决任意 GitHub Issue
result = agent.solve(
    issue="修复异步 HTTP 客户端的内存泄漏 #42",
    repo="https://github.com/your/project"
)

# 或者用 CLI——3 个命令解决一个问题
pip install mini-swe-agent
mini-swe-agent --issue 42 --repo https://github.com/your/project
# 就这样。没有 YAML,没有 Docker,没有配置文件。

效果: Mini-SWE-agent(GitHub 4,516 Stars)让自动 Bug 修复走向大众。个人开发者和小团队无需 AI 工具学 PhD 就能将其集成到 CI/CD 流程中。Mini-SWE-agent 的 Show HN 帖子获得了 7 分讨论,展示了其在 SWE-bench verified 上 65% 的分数。

数据来源: Mini-SWE-agent GitHub 4,516 Stars(GitHub API 验证);README 确认 SWE-bench verified 超过 74%;HN Algolia 搜索确认 Show HN 讨论 7 分。


隐藏用法 #5:一行 YAML 定制——无需 Fork 整个项目

大多数人的用法: 把 SWE-agent 当黑盒用,接受默认的工具和提示词。

隐藏技巧: S WE-agent 的每个方面都由一个 YAML 配置文件控制。添加自定义工具、修改提示策略、调整 Agent 循环——全部无需触碰核心代码库。

# custom_swe_agent.yaml — 无需 Fork 的深度定制

agent:
  name: "我的代码审查助手"
  description: "专注安全漏洞的 AI 代码审查器"

tools:
  # 添加超越默认工具集的自定义工具
  - name: SemgrepScan
    command: semgrep --config=p/security --json {path}
    description: "在文件上运行 Semgrep 安全扫描"

  - name: DependencyCheck
    command: pip-audit --json {path}/requirements.txt
    description: "审计依赖中的已知 CVE"

  # 覆盖内置工具
  - name: Search
    command: ripgrep -n "{query}" {path}
    description: " ripgrep 搜索代码"

prompts:
  system: |
    你是一个专注安全的代码审查员。
    发现漏洞时,清晰解释并用代码示例提出修复方案。

  preamble:
    - "专注于 OWASP Top 10 漏洞"
    - "优先提供修复方案而非仅解释"

termination:
  max_steps: 30
  success_pattern: "(All checks passed|Vulnerability fixed)"

# 用你的自定义配置运行
swe-agent run --config custom_swe_agent.yaml --issue 123

效果: 企业团队运行领域特定变体——安全审计器、文档更新 Agent、测试覆盖率 Agent——全部来自同一代码库,全部通过 YAML 配置。GitHub 上的 2,097 个 Fork 绝大多数是带有自定义配置的实验分支。

数据来源: S WE-agent README 确认"由单一 YAML 文件控制"(swe-agent.com);GitHub Forks 2,097(GitHub API 验证)。


总结

  1. EnIGMA 模式 将 SWE-agent 变成自主网络安全 CTF Agent——在多个 CTF 基准上达到 SoTA
  2. 编程挑战模式 将 LeetCode 刷题变成 AI 辅助学习——自动生成针对弱项的测试集
  3. 模型灵活性 支持切换 GPT-4o 为本地 Ollama 模型——API 账单直接归零
  4. Mini-SWE-agent 仅 100 行 Python 达到 74%+ SWE-bench 准确率——比完整框架更强大更简洁
  5. YAML 定制 无需 Fork 代码库即可构建领域专用 Agent

如果你觉得这篇文章有用,欢迎在评论区分享你自己的 SWE-agent 使用场景。如果你在用 S WE-agent 或 mini-SWE-agent 做项目,我很想听听你在做什么。

推荐阅读: