惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

D
Docker
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
C
Cisco Blogs
Scott Helme
Scott Helme
Know Your Adversary
Know Your Adversary
NISL@THU
NISL@THU
C
Cyber Attacks, Cyber Crime and Cyber Security
D
Darknet – Hacking Tools, Hacker News & Cyber Security
C
CXSECURITY Database RSS Feed - CXSecurity.com
S
Schneier on Security
I
Intezer
Spread Privacy
Spread Privacy
AWS News Blog
AWS News Blog
V
Vulnerabilities – Threatpost
Cloudbric
Cloudbric
V2EX - 技术
V2EX - 技术
Google Online Security Blog
Google Online Security Blog
L
Lohrmann on Cybersecurity
Recent Commits to openclaw:main
Recent Commits to openclaw:main
L
LINUX DO - 热门话题
S
Secure Thoughts
T
The Exploit Database - CXSecurity.com
博客园 - 【当耐特】
Recent Announcements
Recent Announcements
Security Archives - TechRepublic
Security Archives - TechRepublic
Stack Overflow Blog
Stack Overflow Blog
罗磊的独立博客
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
K
Kaspersky official blog
阮一峰的网络日志
阮一峰的网络日志
博客园_首页
Latest news
Latest news
B
Blog
F
Full Disclosure
大猫的无限游戏
大猫的无限游戏
博客园 - 叶小钗
L
LangChain Blog
GbyAI
GbyAI
Last Week in AI
Last Week in AI
S
Security Affairs
Apple Machine Learning Research
Apple Machine Learning Research
N
Netflix TechBlog - Medium
Security Latest
Security Latest
Vercel News
Vercel News
Y
Y Combinator Blog
G
GRAHAM CLULEY
S
Securelist
T
Troy Hunt's Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
雷峰网
雷峰网

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
I rebuilt the install for my "git blame for AI" tool — six steps became one
Mason Delan · 2026-05-01 · via DEV Community

A week ago I shipped Selvedge, an MCP server that captures why AI agents change code. The first dev.to post laid out the problem; this one is what's happened since.

Quick context if you missed the first one: AI agents write code with full intent in the moment, and then the session ends and the intent is gone. Selvedge captures that intent live, by the agent, while it's still in context. Then six months later you can ask selvedge blame users.email and get an actual sentence back about why the column exists.

The original launch did fine. A few hundred installs, a handful of stars, one post on each of dev.to and HN that converted better than I expected. Nothing dramatic. But the shape of where people dropped off was instructive, and that's what the v0.3.4 release I shipped this weekend is mostly about.

The install was the bottleneck and I was kidding myself

I knew the install wasn't great. The first version of the README walked you through six things:

  1. pip install selvedge
  2. cd your-project && selvedge init
  3. Open ~/.claude/config.json and add an mcpServers.selvedge block. Hope you got the JSON right.
  4. Open your project's CLAUDE.md (or create one). Paste in the system prompt that tells the agent to call log_change whenever it touches a column, function, env var, or dependency.
  5. selvedge install-hook so post-commit can link events to commits.
  6. Restart Claude Code, because the MCP config doesn't hot-reload.

Four flips between the README and your editor. One of those steps — number three — is "edit a JSON file by hand," which kills curiosity in about eight seconds. And number five, the post-commit hook, silently failed on macOS when you committed through a GUI client like Tower or GitKraken, because git launches with a stripped PATH and selvedge isn't on it. I wrote selvedge doctor in v0.3.2 specifically because of that bug. The bug existed because the install didn't surface that the hook was even there to fail.

What actually happened in the install metrics is roughly what you'd expect. People pip install-ed. Some ran selvedge init. A much smaller fraction ever made it to the point where tool_calls started arriving at the server, which is the only thing I actually care about. The JSON edit and the CLAUDE.md edit are where the cliff is.

Anyway. v0.3.4 collapses all of that to one command:

pip install selvedge
cd your-project
selvedge setup

Enter fullscreen mode Exit fullscreen mode

The wizard reads ~/.claude/config.json, ~/.cursor/mcp.json, and looks for .github/copilot-instructions.md — whichever of those you actually have, it configures. It writes the MCP entry. It drops the system-prompt block into your CLAUDE.md or .cursorrules, sentinel-bracketed so the next time I update the recommended block you can re-run selvedge prompt --install and it patches in place without disturbing the rest of your file. It runs selvedge init. It installs the hook. It writes a .bak next to every file it touches before any change reaches disk, so if it makes a wrong call you can revert.

Re-running on an already-set-up project is a no-op. For people running it in CI or devcontainer.json's postCreateCommand: selvedge setup --non-interactive --yes.

That's it. The "interesting" parts of Selvedge — the live reasoning capture, the entity-level history, the changesets — are useless if nobody gets past the install. Six manual steps was burning everyone who would have otherwise tried it. One command isn't.

On not being alone in the category anymore

Other thing that changed since the launch post: the "git blame for AI" space has gotten crowded fast. AgentDiff, Origin, Git AI, BlamePrompt — all real tools, all active, several of them backed by named teams. When I posted the first article a week ago I had basically one direct competitor I knew about. Now I have four or five.

That's actually fine. It means the problem is real enough that more than one person decided to work on it. But it does mean I should be specific about what's different, because if you read every tool's README in isolation you'd reasonably conclude they're all doing the same thing.

The thing that's actually different is when the reasoning gets captured.

Reasoning source Granularity Mechanism
Selvedge Captured live, by the agent in the same context that produced the change Entity (DB column, table, env var, dep, API route, function) MCP server — agent calls it as work happens
AgentDiff Inferred post-hoc by Claude Haiku from the diff at session end Line Git pre/post-commit hook
Origin Captured at commit time Line Git hook
Git AI Attribution metadata Line Git hook + Agent Trace alliance
BlamePrompt Prompt-only Line Git hook

Most of these tools wait until commit time and then ask a second LLM to look at the diff and explain what changed. That's a reasonable approach and the output looks fine on first read. But it's not the actual reasoning the agent had — the agent had the prompt, the conversation history, the user's actual ask, and a model's interpretation of all of it. The post-hoc explainer doesn't have any of that. It has the diff. So it generates something plausible.

Plausible isn't always right. If you migrated from INTEGER cents to DECIMAL(10,2) because a user reported rounding errors on international transactions, that's the actual reason. If a second LLM looks at the diff months later, it'll write something like "improved precision for monetary values" — true in a generic sense, useless when you're trying to figure out which currencies you should regression-test next time.

Selvedge's reasoning is whatever the agent that made the change wrote. It comes from the same context window that produced the change. There's no second model and no inference. And because it's whatever the agent had, an empty reasoning field is itself useful information — it means the agent didn't have explicit intent for that change, which is honestly the case you want to know about most.

Entity attribution, briefly

The other thing that's a bit different: most tools attribute lines. Selvedge attributes things. When you investigate something in your codebase you don't search "lines 40 through 48 of users.py", you search "users.email" or "STRIPE_SECRET_KEY" or "/api/v1/checkout". So that's what Selvedge stores:

users.email           DB column
users                 DB table
src/auth.py::login    Function in a file
api/v1/users          API route
deps/stripe           Dependency
env/STRIPE_SECRET_KEY Environment variable

Enter fullscreen mode Exit fullscreen mode

selvedge diff users returns events for users, users.email, and anything else under users.. Same for any prefix.

I went back and forth on whether to also attribute lines (more granular, more like what the other tools do) and decided not to. Lines drift. Renames break attribution. Refactoring a function into three files invalidates everything that referenced the original location. Entities are sticky in a way that lines aren't.

Changesets

The other thing in Selvedge I haven't seen anywhere else is changesets — a slug you can attach to any event, so later you can pull every event for a feature back, regardless of how many entities it touched or how many PRs it spanned.

The example I keep coming back to is Stripe billing. A real billing rollout in a real codebase touches new columns on users, two new env vars, three new API routes, a new dependency, four functions across the codebase, and lands as eight smaller PRs over a month because nobody wants to review one mega-diff.

Six months later somebody has to audit which lines of code touch payment data — for compliance, for an incident, for a refactor. git log is useless for this. Each PR is generic ("update billing", "wire webhook", "fix typo in migration") and the cross-cutting nature is just gone.

If every event in that work was tagged changeset:add-stripe-billing, you run selvedge changeset add-stripe-billing and get every event from every entity that was part of it, with the agent's reasoning on each. It's the rollup view. Nobody else stores it as far as I can tell, because it requires capturing reasoning at the per-change level, which only really works if you're capturing live.

Agent Trace

A few people DM'd me about Agent Trace after the first article. Cursor and Cognition put out an RFC in January for an open standard for AI code attribution traces. JSON records, file/line granularity, deliberately storage-agnostic. Cloudflare, Vercel, Google Jules, Amp, OpenCode, and git-ai are all signed on.

Selvedge isn't competing with that. It's a producer for it. Agent Trace is the wire format; Selvedge is one way to populate that wire format (live, from the agent, at the moment the change is made). The export design is at docs/agent-trace-interop.md. I'll ship the actual selvedge export --format agent-trace flag in v0.3.5 or v0.4.

Try it

pip install selvedge
cd your-project
selvedge setup

Enter fullscreen mode Exit fullscreen mode

Then start an agent session in that directory, change something non-trivial, and in a separate terminal:

selvedge watch

Enter fullscreen mode Exit fullscreen mode

You should see events stream in as the agent calls log_change. Once a few have landed:

selvedge blame <whatever_you_just_changed>

Enter fullscreen mode Exit fullscreen mode

The reasoning was captured live. That's the whole product.

If nothing arrives in selvedge watch, run selvedge doctor. It'll tell you which step is silently broken. (There are still ways for it to be silently broken. I'm working on them.)

What's next, and what I want feedback on

Phase 3 of the roadmap is the team-sync story — Postgres backend, an HTTP API, multiple developers sharing history without sharing a SQLite file. I don't have a date on it. The local SQLite version is fully featured for solo devs and small teams who are fine sharing a file.

The thing I'd actually like feedback on, if you try this: where does selvedge setup pick the wrong default? The Cursor and Copilot paths are newer than the Claude Code one — I've used them less, and the test coverage exists but isn't from real-world usage. If something in the wizard surprises you, an issue is the most useful thing.

github.com/masondelan/selvedge — issues and DMs both work.