惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

爱范儿
爱范儿
P
Palo Alto Networks Blog
月光博客
月光博客
H
Hackread – Cybersecurity News, Data Breaches, AI and More
I
InfoQ
aimingoo的专栏
aimingoo的专栏
腾讯CDC
T
Threatpost
D
DataBreaches.Net
Vercel News
Vercel News
F
Fortinet All Blogs
Engineering at Meta
Engineering at Meta
C
Cybersecurity and Infrastructure Security Agency CISA
Forbes - Security
Forbes - Security
U
Unit 42
C
Check Point Blog
Blog — PlanetScale
Blog — PlanetScale
O
OpenAI News
量子位
TaoSecurity Blog
TaoSecurity Blog
Microsoft Azure Blog
Microsoft Azure Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
V
Visual Studio Blog
Recorded Future
Recorded Future
云风的 BLOG
云风的 BLOG
Security Archives - TechRepublic
Security Archives - TechRepublic
The Last Watchdog
The Last Watchdog
S
Security Affairs
Attack and Defense Labs
Attack and Defense Labs
罗磊的独立博客
Stack Overflow Blog
Stack Overflow Blog
Microsoft Security Blog
Microsoft Security Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
V
V2EX
小众软件
小众软件
S
SegmentFault 最新的问题
www.infosecurity-magazine.com
www.infosecurity-magazine.com
W
WeLiveSecurity
AI
AI
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 聂微东
I
Intezer
Know Your Adversary
Know Your Adversary
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
P
Proofpoint News Feed
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
The Cloudflare Blog
博客园_首页
NISL@THU
NISL@THU
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
Why I Built matthiasmeyer.tech and What Lives Inside
Matthias | S · 2026-05-06 · via DEV Community

I shipped another domain last week. Not a sub-page, not a subdomain, a separate site at matthiasmeyer.tech that exists for one purpose: to explain the open-source repos I publish, on their own terms, without competing with the studio that pays the bills. It went live in one Sunday session. The story is partly a build report, partly an argument for why solo founders running a company should keep their personal-brand surface separate from the company surface, and partly a walk through what is actually inside: twenty-two repositories, six explainer essays, a 3D force graph as the hero, build-time GitHub stats so the numbers stay fresh, and the AI-ready discovery layer that every site I touch now ships by default.

There was a moment around midnight where the live URL came up clean for the first time, all twenty-two repos visible in the graph, the cyan particles flowing along the edges, and I realised the site was both technically tighter than studiomeyer.io and smaller in scope. That is the whole point. Studio is for clients. Academy is for learners. matthiasmeyer.tech is for the open-source half of the work, and that work has been getting cluttered as a sub-page on the company site for too long.

This article is a walk through what got built, why it lives where it lives, and the patterns I lifted from the studio stack that made the whole thing fit in a single session.

Why a second domain

The argument for separating personal from company surface is not new. Guillermo Rauch runs rauchg.com next to vercel.com. Lee Robinson runs leerob.com next to vercel.com too. Dax Raad runs dax.dev next to sst.dev. The pattern works for them because their personal voice and their company voice serve different audiences. Vercel sells deployment. Rauch writes about systems thinking and React internals. The two reinforce each other without diluting either.

For me the split looks like this. studiomeyer.io is a German-Spanish-English studio site that sells custom websites and AI systems to clients in DACH and on Mallorca. It has 1500 Bing Copilot citations, a long form blog with three locales, a concrete pricing page. studiomeyer.academy is the learning side, recipes and lessons for builders who want to understand the AI stack we use. matthiasmeyer.tech is the third leg. It is the open-source half. The repos themselves, explained in first person, with architecture notes and trade-offs, without the sales scaffolding that makes the studio site work.

The SEO purists will tell you to consolidate everything into subdirectories under studiomeyer.io for authority. They are right about authority transfer in the abstract. They are wrong about audience. A developer who lands on local-memory-mcp via npm and clicks through to read about the architecture is not the same person who books a custom website project. Putting both in the same surface forces compromises in both directions. Two domains with explicit cross-links in headers and footers solve the audience problem and accept the small authority hit as a cost.

What is actually inside

Twenty-two repositories sit on the GitHub org. Eight of them are cornerstones in the sense that everything else extends or pairs with one of them. The other fourteen are conformance harnesses, n8n bridges, SaaS connectors and security extensions that hang off the cornerstones.

The memory cluster has one repo. local-memory-mcp is a thirteen-tool MCP server that gives Claude, Cursor and Codex persistent memory backed by SQLite, FTS5 and a small knowledge graph. It runs locally, no cloud, no API keys. The hosted SaaS variant is studiomeyer-memory at memory.studiomeyer.io for builders who want multi-tenant.

The agent cluster has three cornerstones plus one connector. mcp-personal-suite is a forty-nine-tool kit covering email, calendar, messaging, search and image generation, BYOK, no signup. agent-fleet is the orchestrator that runs specialised agents in parallel for research, critique and analysis. darwin-agents is the experimentation layer that evolves prompts via A/B testing and judge-arbitrated scoring. The connector mcp-studiomeyer-agents lets Pro-tier customers of the StudioMeyer Agents service read their audit data and tweak agent configs from their own Claude or Cursor.

The security cluster has two cornerstones, plus the new Python port and an attestation layer. ai-shield is a zero-dependency LLM security toolkit, prompt injection detection, PII masking, cost tracking, tool policies, sub-25ms scans. ai-shield-py is the Python port that I shipped two days ago for FastAPI and LangChain projects, same defense surface, different framework hooks. mcp-armor is the Rust sidecar that wraps any MCP server and validates Ed25519-signed manifests, sub-5ms p99 overhead, defends against supply-chain CVEs that the OX Security advisory documented in April. mcp-server-attestation is the TypeScript companion to mcp-armor for teams that prefer staying in Node.

The media cluster has one repo. mcp-video wraps ffmpeg and Playwright behind eight tools for recording, editing, captions, TTS and smart screenshots. It is the last MCP server I would have predicted writing two years ago and ended up being the most useful for marketing automation.

The workflow cluster has one cornerstone, two extensions. n8n-templates ships hardened workflows with cross-session memory baked in, voice agents, customer support, personal assistants, multi-provider LLM routing. n8n-nodes-studiomeyer-memory is the n8n community node that bridges those templates to the memory backend. n8n-workflows is the memoryless production-pattern variant for teams that do not need cross-session state.

The factory cluster is three test harnesses that exist because shipping MCP servers to a marketplace turned out to require more discipline than the spec implies. mcp-protocol-conformance validates JSON-RPC 2.0, OAuth 2.1 PKCE, tool schemas and capabilities across spec versions 2024-11-05, 2025-03-26 and 2025-06-18. mcp-hook-conformance audits Claude Code v2.1.118 lifecycle hooks for idempotency, latency and side-effects. mcp-tenant-pair is the foundation library for multi-user tenancy with bi-temporal storage and SQLite plus Postgres adapters, used by anything multi-user we ship.

The SaaS-connector cluster is six docs-only mirrors of the four hosted SaaS products plus the marketplace and the academy. studiomeyer-memory, studiomeyer-crm, studiomeyer-geo and studiomeyer-crew each have a public read-only mirror with the documentation and tool reference. studiomeyer-marketplace bundles all four for Claude Code via Magic Link auth. mcp-academy is the npm-distributed connector for the StudioMeyer Academy lesson and recipe API.

That is the full landscape. Twenty-two repos, nineteen total stars at launch, five different programming languages, all MIT or Apache.

A 3D force graph as the hero

A list of repos is not a hero. A list of repos is the part that nobody reads. The hero is the thing that signals what kind of site this is, and a personal hub for open-source tools should signal that the tools are interconnected, that they belong to a coherent stack, that picking one of them puts you in conversation with the others.

The hero on matthiasmeyer.tech is a 3D force graph rendered with Three.js and the 3d-force-graph library. Twenty-two nodes, twenty-two edges. Hero repos are larger and saturated, secondary repos are smaller and softer. Group colours map to function: cyan for memory, amber for agents, red for security, purple for media, emerald for workflow, slate for factory tooling, blue for SaaS connectors. Cyan particles flow along the edges in the direction of the dependency. Hovering a node opens a preview panel with name, group and description. Clicking pins it. Auto-rotate is on by default at zero point four radians per second. Filter chips above the canvas toggle clusters on and off, plus a search box that filters by name and tagline.

Crawlers see a screen-reader-only repo list immediately below the canvas with all twenty-two entries as plain text. The graph is interactive but not exclusionary. Bingbot and ClaudeBot read the same content as a sighted user with a mouse.

The pattern is a direct lift from our Memory 3D demo on studiomeyer.io. The Three.js scene, the hover-pin pattern with a 350ms auto-close timer, the sr-only fallback, the cinema background gradient with corner glows in cyan and purple. None of it is original to matthiasmeyer.tech. All of it is reused, which is the point of having a studio stack in the first place.

The concept layer

Six explainer essays sit alongside the repos. They are repo-agnostic, written in first person, no marketing wrapper. What is MCP, actually explains the protocol without the marketing layer. Stdio vs HTTP for MCP is a transport decision tree based on real deployment scars. Memory architectures compared walks through three systems I shipped this year and which architecture fits which agent shape. Agent-to-Agent protocol v1.0 RC is a short note on what an agent-card.json buys you and what it does not. WebMCP for browser agents is the hygiene-play piece on the W3C Community Group Draft. Agent orchestration patterns breaks down single agent versus sequential pipeline versus parallel fleet versus judge-arbitrated, with cost-of-orchestration heuristics from production traffic.

The concept layer is the part of the site I expect to perform best in AI citations. Repo-pages have natural traffic from npm and GitHub. Concept posts have to earn their traffic from search and from links, and the way they earn it is by being the answer to a question that someone is going to type into ChatGPT or Perplexity. Each post leaves with a takeaway, names libraries by name, gives concrete numbers when there are concrete numbers to give.

The AI-Ready layer

Every site I build ships the same discovery chain on day one. matthiasmeyer.tech is no exception. Layer one is semantic HTML5, header main article section nav footer, no div-soup wrapped in ARIA. Layer two is JSON-LD in the head, Person plus WebSite plus twenty-two SoftwareSourceCode entries plus Article schema on every concept post. Layer three is /llms.txt as the plain-text site overview with cross-references to the rest of the discovery chain. Layer four is /.well-known/agents.json with three callable tools for AI agents, plus /.well-known/agent-card.json for the A2A v1.0 RC skill descriptors, plus /.well-known/webmcp for the W3C CG draft browser-agent manifest. Layer five is /robots.txt with explicit Allow for fourteen AI bot user agents from GPTBot to MistralAI-User. Layer six is /sitemap.xml with the discovery URLs included so crawl-based agents can find the endpoints.

The pattern is documented in our internal AI-ready brand bible. Every customer site we ship runs it. matthiasmeyer.tech runs it because not running it would mean the AI half of the open-source story is invisible to the AI tools that are supposed to find it.

Build-time GitHub stats

The repos in lib/repos.ts have descriptions, taglines, group assignments, edge relationships. Those are editorial decisions. They do not change unless I rewrite a paragraph. The stars, the last-updated date, the primary language and the tool count change all the time. Hardcoding those would mean updating a TypeScript file every time someone stars a repo. Not acceptable.

The fix is a pre-build script. A small Node script in scripts/fetch-github-stats.ts shells out to the gh CLI, pulls the latest twenty-two repos for the studiomeyer-io org, writes the result to data/github-stats.json. The lib/repos.ts module imports that JSON at module load and merges the live values into the editorial base. Every build picks up fresh stars and fresh updated-at timestamps. The script also runs a drift check by reading the slug list out of lib/repos.ts with a regex and warning when GitHub has a new repo that is not yet in the editorial layer. The first time I ran the drift check it told me ai-shield-py was missing. Two minutes later it was added.

The script is gated by gh CLI availability so the build does not break when run somewhere without auth, like inside a Docker container. The build sequence is npm run fetch-stats followed by docker compose build, with the JSON committed to the repo so a fresh clone has data on day one even before fetching.

Where this goes next

The site is live, the discovery chain is wired, the search engines have the sitemap, the tracking is in place. What it does not have yet is sustained content. Six concept posts is a starting set. Each one needs to earn its traffic, and the way that happens is by writing more of them as new patterns surface in the work. The next batch is queued: a deeper dive on Memory architectures, a stdio-trap post on the failure modes I have hit twice, a piece on agent orchestration cost-of-complexity from production data.

The repos themselves keep growing. Two days ago ai-shield-py joined the family. Whatever ships next will get added to lib/repos.ts in five lines and to the graph as a new node, the Python or Rust port slotted next to its sibling, the edges drawn through the cousin-of relationship. The build-time fetch script picks up the rest.

If you are running a company site and you have an open-source half that has been getting cluttered as a sub-page, separate it. Two domains, clear cross-links in headers and footers, AI-ready stack on both sides. The audiences sort themselves out and the writing finds its right voice in each place.