惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

The Cloudflare Blog
Microsoft Security Blog
Microsoft Security Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
L
LangChain Blog
W
WeLiveSecurity
P
Proofpoint News Feed
月光博客
月光博客
NISL@THU
NISL@THU
L
LINUX DO - 最新话题
Webroot Blog
Webroot Blog
T
Threatpost
Y
Y Combinator Blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
T
Threat Research - Cisco Blogs
Vercel News
Vercel News
Jina AI
Jina AI
阮一峰的网络日志
阮一峰的网络日志
S
Schneier on Security
J
Java Code Geeks
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
小众软件
小众软件
MyScale Blog
MyScale Blog
N
News and Events Feed by Topic
Stack Overflow Blog
Stack Overflow Blog
有赞技术团队
有赞技术团队
The Hacker News
The Hacker News
Schneier on Security
Schneier on Security
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Help Net Security
Help Net Security
Recent Announcements
Recent Announcements
S
Security @ Cisco Blogs
C
CXSECURITY Database RSS Feed - CXSecurity.com
S
Securelist
T
The Exploit Database - CXSecurity.com
云风的 BLOG
云风的 BLOG
C
Cisco Blogs
雷峰网
雷峰网
量子位
Google DeepMind News
Google DeepMind News
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Spread Privacy
Spread Privacy
L
Lohrmann on Cybersecurity
I
Intezer
T
The Blog of Author Tim Ferriss
G
GRAHAM CLULEY
D
DataBreaches.Net
V
Vulnerabilities – Threatpost
P
Privacy & Cybersecurity Law Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
罗磊的独立博客

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
The primary reader changed
jucelinux · 2026-05-15 · via DEV Community

How agents actually read code, why re-derivation cost has a unit, and why this doesn't go away when context windows grow.

series: Grounded Code

Second of five articles in the **Grounded Code* series. The first one showed the cost. This one shows the mechanism underneath.*

I. The receipt, and what's underneath it

In the manifesto I showed a number: 7.5x more tokens for the same feature, with the same final verification on both sides. That's the receipt. This article is about what produced it.

The short version is that code has a new primary reader, and the new reader works with a completely different set of tools, a completely different memory model, and a completely different way of recognizing patterns. The patterns we adopted over twenty years answered the old reader's needs. The cost in the new reader's mode of reading wasn't on anyone's chart, because there was no reader to charge it to.

There is now.

II. How a human reads code

For a moment, ignore the agent. Look at what your IDE has been doing for you.

When you open a feature in a clean codebase, you carry roughly five to ten files in working memory at any time. Your tooling lets you jump between them in a fraction of a second. Cmd+P, fuzzy match, you're in the file. Cmd+click on a symbol, you're at its definition. The IDE follows path aliases, computes type inference, resolves imports, highlights related symbols, all silently.

You recognize patterns by similarity. Two functions that "look like they do the same thing" register as related even if they share no literal substring. A PaymentService and a UserService register as parallel because of conceptual symmetry, not because of any string they share.

You carry the project's mental model across days. The feature you worked on Tuesday is still in your head Thursday morning. You don't need to re-derive what the system does every time you open the editor.

Domain language helps you bridge files. When you read Aggregate in one file and EntityRoot in another, you know they belong to the same DDD vocabulary even if neither imports the other. The vocabulary is in your head, not in the code.

Clean Code, DDD, Clean Architecture, hexagonal: every pattern in that family was tuned to this reader. The trade-offs they made (some indirection, some boilerplate, some abstraction) were paid in exchange for a real benefit: this reader's mental load went down.

The reader is still you. The reader is still real. But on the codebases that ship features regularly with an agent in the loop, this reader is not doing most of the work anymore.


III. How an agent reads code

An agent reading code does not scroll. It does not Cmd+P. It does not Cmd+click. It has none of the silent IDE machinery you take for granted.

What it has is three primitives:

  • grep, to find files containing a literal pattern.
  • glob, to find files matching a path pattern.
  • read with offset and limit, to load a slice of a file into context.

That's the whole toolset for navigating a codebase. Every operation that an IDE does for you in milliseconds becomes a tool call. Every tool call costs tokens (for the call, for the result, for the model to parse the result). Every file the agent reads stays in context until something pushes it out. There is no persistent project memory. The session is the memory.

This changes pattern recognition completely. The agent doesn't see similarity the way you do. It recognizes patterns by co-located names and exact shapes. If two files have parallel filenames (user.ts and user.test.ts) and parallel structure inside, the agent will pattern-match them. If one is models/user.ts and the other is __tests__/user-tests.ts, the relationship is invisible until something explicit ties them together.

Domain language doesn't bridge files for an agent the way it does for you. If Aggregate is mentioned in domain/order/aggregate.ts and EntityRoot is mentioned in infra/repository.ts, the agent has no automatic understanding that these terms are part of the same vocabulary. It might learn the connection by reading a glossary if one exists and is in context. But the vocabulary doesn't live in the agent's head between sessions, because there is no head.

Each turn, the agent rebuilds enough of the project model to do the next action. The model is rebuilt from what's currently in context, plus what it fetches with its three primitives. Everything not in context has to be re-fetched, which means re-paid in tokens.

This is the new primary reader. None of this is a deficiency of the model. It is the structural reality of how a stateless reasoning system, equipped with grep, navigates a codebase.


IV. Three places the cost shows up

Let me make this concrete with three patterns from the original article and show what they actually cost.

A. Path aliases

// services/user.ts
import { User } from '@models/user'

export async function getUser(id: string): Promise<User> {
  // ...
}

Enter fullscreen mode Exit fullscreen mode

Human path. You Cmd+click on @models/user. Your IDE knows the alias config from tsconfig.json and lands you in src/models/user.ts in one keystroke.

Agent path. The agent reads services/user.ts and sees @models/user. It does not know what that resolves to. It reads tsconfig.json. The tsconfig.json may extend a base config, so it reads that too. It identifies the paths entry that maps @models/* to src/models/*. Now it can glob for src/models/user.ts. Then it reads it.

Three file reads where the IDE did one keystroke. Multiply by every import in every file the agent has to navigate during a task.

The fix is one line of change per import:

// services/user.ts
import { User } from '../models/user.ts'

Enter fullscreen mode Exit fullscreen mode

Now the path is the path. No tsconfig hop. The agent reads services/user.ts, sees ../models/user.ts, globs it, reads it. Two operations instead of three or four.

B. Deep dependency injection

function process(deps: ProcessDeps) {
  const user = deps.db.users.findById(deps.context.userId)
  deps.logger.info('processed', { user })
  deps.metrics.increment('process.success')
  return user
}

Enter fullscreen mode Exit fullscreen mode

Human path. You read process(deps: ProcessDeps). You know how the app wires deps together because you wrote it. You move on.

Agent path. The agent reads process(deps: ProcessDeps). It does not know what ProcessDeps contains. It greps for ProcessDeps. It finds the interface, with eight fields, each typed as another interface. For each field used in the function body (db, logger, metrics, context), it greps for the interface definition. For each interface, it greps for the implementation. For each implementation, it may have to load multiple files to understand the actual call shape at runtime.

What started as "what does process do?" has become five to ten file reads, just to understand the four lines of code.

The fix is concrete dependencies for first-party code:

import { findUserById } from '../db/users.ts'
import { logger } from '../logging/logger.ts'
import { metrics } from '../metrics/metrics.ts'

function process(userId: string) {
  const user = findUserById(userId)
  logger.info('processed', { user })
  metrics.increment('process.success')
  return user
}

Enter fullscreen mode Exit fullscreen mode

Now the function is self-evident. The imports name the actual call shape. The agent reads one file and understands.

I want to mark this case carefully, because it's the most contested in the set. Genuine multi-implementation abstractions (a StorageAdapter with S3, Local, and InMemory implementations) still earn their place. The cost they incur on the agent is real, but the benefit (the ability to swap implementations) is also real. The pattern to drop is ad-hoc DI that wraps first-party code without a multi-implementation justification. That's the version that adds five greps and gives back nothing the runtime structure didn't already say.

C. Inheritance

class PaymentProcessor extends BaseProcessor {
  // override of handle() not visible here, lives in BaseProcessor or grandparent
}

Enter fullscreen mode Exit fullscreen mode

Human path. Cmd+click on paymentProcessor.handle() at the call site. The IDE jumps to the actual override location, or if there isn't one, follows the chain up.

Agent path. The agent greps for class PaymentProcessor. It reads the class definition. There is no handle() method visible. It identifies the extends BaseProcessor. It greps for class BaseProcessor. It reads that file in full. Maybe handle() is there; maybe BaseProcessor also extends something. The chain continues. Each class file gets opened in full because the agent doesn't know up front which one has the method.

To understand a single method call, the agent may read three to five class files. The MRO that your IDE renders in one click is invisible to the agent until it walks the chain itself.

The fix is composition. A function that takes the data it needs. A small file. One read instead of five.


V. Re-derivation cost has a unit

What these three examples have in common: every architectural decision now has a token receipt attached.

That's the move that matters. For thirty years, architectural cost was a soft variable. You could talk about "complexity," "cognitive load," "maintainability." These were real, but they were estimated, not measured. Two engineers could disagree about whether a layer was worth it, and there was no way to settle the argument except by accumulated experience.

Now there is. The unit is the token. Every architectural choice has a measurable receipt: how many tokens does the agent need to extend the average feature on this architecture? You can run the experiment in your own repo. You can compare the receipt across two organizations of the same code.

I want to name what we are measuring:

Re-derivation cost. The total tokens spent re-establishing a fact that the architecture didn't make immediately available. Cross-file inferences, alias hops, interface chases, MRO walks. Everything the agent has to do to know something the codebase didn't put where it could be read.

The 7.5x in the manifesto is re-derivation cost being measured. The 8.5x in cache reads is re-derivation cost compounding (the agent reloads what it already had, because something pushed it out of context). The 4.4x in output tokens is re-derivation cost spreading into the agent's own reasoning (more turns, more thinking, more rationalization).

When architectural cost has a unit, architectural decisions become testable. That changes the conversation.


VI. "But context windows are growing"

The most common objection I hear when I lay this out: "Sure, but context windows are getting bigger. 200K today, a million next year, ten million after that. Won't this whole problem just go away?"

It's a fair objection and the answer is "no, and here's why."

Context window size and attention quality are two different things. A model with a million-token context can technically read your entire repo into one prompt. The question is what the model actually does with that mass of tokens.

Attention quality on compact, self-contained contexts is what models are good at. A 4K-token window with everything the model needs and nothing it doesn't: that's where you get clean reasoning and reliable outputs. The reasoning works because the relevant facts are not buried under irrelevant ones.

Attention quality on diffuse, sprawling contexts is where things degrade. A million-token context full of cross-references, mostly-irrelevant background, and only a thin thread of what's actually needed: the model has to filter, and filtering is where mistakes leak in. The needle in the haystack problem is real even when the haystack fits.

The architectures that score well on re-derivation cost happen to be the same architectures that produce compact, self-contained contexts. Co-located feature directories. Files under three hundred lines. Imports without indirection. These principles aren't about saving raw bytes. They are about giving the model a context that's tight, relevant, and self-contained, regardless of how big the window technically is.

So no, I don't think context-window growth deprecates this. If anything, it makes the principles more durable. Because as windows grow, the temptation is to throw more of the codebase at the model. The temptation is wrong. The same principles that minimized re-derivation cost on a small window minimize attention spread on a large one.


VII. What comes next

Now we have the mechanism. The next article gets prescriptive: which specific patterns score badly on the new axis, and what to do about them.

I want to flag the framing upfront. The next article is not "delete these patterns from your codebase." It is "these patterns paid for themselves on the old axis, and the trade-off changed on the new one." Surgical, not demolition. You will keep some of them. You will drop others. The point of the article is to let you make that choice with the cost made visible.

If you want to try the experiment from the manifesto before the next article ships, do. The principle is the same: pick a feature, ask the agent to extend it, count the tokens. The receipt is the argument.


Next in the series: "What to unlearn: the most expensive patterns from the human era."