惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

酷 壳 – CoolShell
酷 壳 – CoolShell
aimingoo的专栏
aimingoo的专栏
Microsoft Security Blog
Microsoft Security Blog
NISL@THU
NISL@THU
T
Threatpost
T
The Exploit Database - CXSecurity.com
T
Threat Research - Cisco Blogs
S
Securelist
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
人人都是产品经理
人人都是产品经理
B
Blog RSS Feed
S
Secure Thoughts
MyScale Blog
MyScale Blog
O
OpenAI News
P
Palo Alto Networks Blog
美团技术团队
C
Cyber Attacks, Cyber Crime and Cyber Security
TaoSecurity Blog
TaoSecurity Blog
量子位
L
Lohrmann on Cybersecurity
G
GRAHAM CLULEY
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
T
Tailwind CSS Blog
Know Your Adversary
Know Your Adversary
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Simon Willison's Weblog
Simon Willison's Weblog
宝玉的分享
宝玉的分享
PCI Perspectives
PCI Perspectives
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
C
Cybersecurity and Infrastructure Security Agency CISA
T
Tenable Blog
I
InfoQ
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Microsoft Azure Blog
Microsoft Azure Blog
Recent Announcements
Recent Announcements
S
Security @ Cisco Blogs
S
Schneier on Security
B
Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
The Cloudflare Blog
AWS News Blog
AWS News Blog
IT之家
IT之家
V
Vulnerabilities – Threatpost
The Hacker News
The Hacker News
H
Heimdal Security Blog
I
Intezer
A
Arctic Wolf
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
H
Help Net Security
W
WeLiveSecurity

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
I built a release intelligence agent in 4 days with Coral, Groq, and Claude Code. Here's the exact route
jitendra bhati · 2026-06-01 · via DEV Community

5 days. Solo. First hackathon. One dashboard that tells you whether to ship.

This is not a polished retrospective. This is the actual route I took — wrong turns, late debugging sessions, and the one query that made the whole thing feel real.


The problem I kept hitting

Before every release I open four tabs.

GitHub to check if the PRs are actually merged. Linear to check which sprint items are done. Sentry to check if anything is actively broken. Slack to scroll through #releases and see if anyone mentioned a concern.

Then I try to hold all of that in my head at once and make a decision.

It takes about 40 minutes. And I've still shipped things I shouldn't have — because a PR merged, an error appeared six hours later in Sentry, and I didn't connect the two. The error was sitting right there. I just wasn't looking at both at the same time.

That's not a process problem. That's a missing JOIN.


What Coral actually does

I was going into this hackathon looking for an excuse to use Coral. The short version: Coral is a local CLI that turns developer APIs into SQL tables.

You run coral source add github, hand it a token, and now github.pulls is a real table you can SELECT from. Same for linear.issues, sentry.issues, slack.channels. You can JOIN across them. You can do date arithmetic. You can pipe the result straight to an LLM without writing a single API client.

That last part is what I kept coming back to. It's not "you can query GitHub in SQL" — there are GraphQL proxies that do that. It's that the JOIN works across sources. Completely different APIs, completely different auth, one result set.


The agent: ShipMind

I built ShipMind — a release intelligence agent that answers five questions before every deploy:

  • 🔴 Release blockers — unresolved Sentry errors that would break production
  • 🟡 Readiness check — Linear tickets marked done vs PRs actually merged in GitHub
  • 🟠 Risk assessment — GitHub PRs cross-joined with Sentry errors introduced after each merge
  • 💬 Team signals — Slack messages from #releases surfaced and analyzed automatically
  • 📈 Sprint velocity — Linear cycle completion rate against planned scope

All five run together. An LLM (Llama 3.3 70B via Groq, or Claude if you prefer) reads the combined results and outputs a score from 0 to 100 with a verdict: SHIP, SHIP WITH CAUTION, or HOLD.

🔗 GitHub: github.com/Jeetubhati/shipmind


The architecture

Browser  →  Flask (web/app.py)
                  ↓
     Groq · Llama 3.3 70B  (or Anthropic Claude)
                  ↓
          Coral CLI  (coral sql ...)
                  ↓
   github · linear · sentry · slack · slack_messages · devto
   bundled  bundled  bundled  bundled     custom        custom

The agent detects which LLM you have at startup — GROQ_API_KEY set means Groq, ANTHROPIC_API_KEY means Anthropic, neither means a deterministic stub that still renders the dashboard correctly so you can demo without any credits. The header shows a coloured pill — "Groq · Llama 3.3 70B" or "Anthropic · Claude Sonnet" — so you always know which model answered.

The web layer is Flask plus a single HTML file. No CDN. No build step. No framework. The whole dashboard — HTML, CSS, JavaScript, the SVG score gauge — is one file you can grep. In a 4-day solo project that was the right call and I'd make it again.


The key SQL queries

Release blockers:

SELECT s.title, s.level, s.count, s.first_seen, s.project
FROM sentry.issues s
WHERE s.status = 'unresolved'
  AND s.level IN ('fatal', 'error')
ORDER BY
  CASE s.level WHEN 'fatal' THEN 0 WHEN 'error' THEN 1 END,
  s.count DESC
LIMIT 20;

Release readiness — Linear vs GitHub:

SELECT
  l.identifier,
  l.title,
  l.state_name,
  p.number    AS pr,
  p.state     AS pr_state,
  p.merged_at
FROM linear.issues l
LEFT JOIN github.pulls p
  ON p.owner = 'your-org'
  AND p.repo  = 'your-repo'
  AND lower(p.title) LIKE '%' || lower(l.identifier) || '%'
WHERE l.state_name IN ('In Progress', 'In Review', 'Done', 'Todo')
ORDER BY l.priority, l.state_name
LIMIT 25;

A LEFT JOIN from Linear into GitHub is exactly the right shape for "is everything that's planned actually shipped?" If the PR column is null on a Done ticket, that's a risk worth surfacing before you press deploy.

Team signals from Slack:

SELECT m.text, m.ts, m.user
FROM slack_messages.messages m
WHERE m.channel = 'YOUR_CHANNEL_ID'
  AND (
    lower(m.text) LIKE '%release%'
    OR lower(m.text) LIKE '%deploy%'
    OR lower(m.text) LIKE '%blocker%'
    OR lower(m.text) LIKE '%broken%'
  )
ORDER BY m.ts DESC
LIMIT 25;

I'll come back to why this query needed a custom source spec.


The cross-source JOIN that made it feel real

This is the risk assessment query. The one that made me think the project was actually worth something.

SELECT
  p.title       AS pr,
  p.merged_at,
  p.user__login AS author,
  s.title       AS error_after_merge,
  s.level,
  s.count
FROM github.pulls p
JOIN sentry.issues s
  ON CAST(s.first_seen AS TIMESTAMP) >= CAST(p.merged_at AS TIMESTAMP)
  AND CAST(s.first_seen AS TIMESTAMP) <=
      CAST(p.merged_at AS TIMESTAMP) + INTERVAL '7 days'
  AND s.level IN ('fatal', 'error')
WHERE p.owner = 'withcoral'
  AND p.repo   = 'coral'
  AND p.state  = 'closed'
  AND p.merged_at IS NOT NULL
  AND CAST(p.merged_at AS TIMESTAMP) >= current_timestamp - INTERVAL '30 days'
ORDER BY p.merged_at DESC
LIMIT 20;

This returned 20 real rows on the first run against the withcoral/coral repo. Every recent PR, cross-referenced with the Sentry errors that first appeared within seven days of that PR merging.

When I saw a community source PR correlated with an AttributeError that appeared one day later, I realised: this isn't ShipMind-specific. This is a pattern every team can run against their own repo tomorrow. The query is completely generic. The JOIN is the feature.

In normal Python this would be 30+ lines of pagination, timestamp parsing, and rate-limit handling across two separate API clients. Here it's 18 lines of SQL.


Three things I learned about Coral the hard way

1. Table functions are not tables

The bundled Slack source has slack.channels and slack.users as plain tables — but messages live in a table function: slack.messages(channel => 'C0...'). I checked coral.tables on day one, saw no messages table, and nearly dropped Slack from the project entirely.

The fix was running SELECT * FROM coral.table_functions too. The deeper fix was writing a slack_messages custom source spec so I could write WHERE channel = '...' like any other table. Much cleaner SQL and the LLM generates it correctly on the first attempt.

2. Column names don't match the API docs

Linear's GraphQL returns state.name. Coral exposes it as state_name (single underscore). GitHub's REST returns user.login. Coral exposes it as user__login (double underscore — nested field separator). Every query I wrote on day two failed on the first run because I used the API field names.

The fix every time was:

SELECT column_name, data_type
FROM coral.columns
WHERE schema_name = 'linear'
  AND table_name  = 'issues';

After the third time I created a CORAL_CONTEXT constant in agent/config.py listing the canonical column names for every source and injected it into every LLM system prompt. Claude and Llama now generate correct Coral SQL on the first try.

3. LIMIT is not pushed down to the API

When I queried devto.articles WHERE username = 'ben' LIMIT 5, Coral fetched every article Ben has published — over 3,000 — and then took the first five locally. My source spec had max_pages: 50 set, which was not enough and the query failed hard.

The fix was bumping per_page from 30 to 1000 so a typical user's full feed fits in a single fetch. Every source author needs to think about this tradeoff when choosing between page-mode and cursor-mode pagination. Cursor-mode with a first parameter handles large datasets much more cleanly and should be the default for anything that could have hundreds of pages.


Writing the custom sources

I wrote two source specs as part of this project.

slack_messages — wraps Slack's conversations.history endpoint so messages become a regular filterable table instead of a table function call. Purely internal to ShipMind but it makes the SQL uniform across all five queries.

devto — exposes the dev.to (Forem) public API as two tables: devto.articles and devto.tags. Auth is a single api-key header, no OAuth. Submitted as a community contribution:

🔗 PR: withcoral/coral #1067 — feat(sources/community/devto): add dev.to source

Writing a source spec taught me something useful: it's just a YAML file that names a table, points at an HTTP path, declares auth, and maps response fields to typed columns. The hardest part isn't the YAML syntax — Coral's linter is friendly and tells you exactly what's wrong. The hardest part is discovering the actual field shapes. I ended up reading the source manifest JSON schema directly and everything clicked after that.


How to run it yourself

Clone and install

git clone https://github.com/Jeetubhati/shipmind
cd shipmind
python -m venv venv

Activate the virtualenv

On Windows PowerShell:

.\venv\Scripts\Activate.ps1

On macOS or Linux:

source venv/bin/activate

Then install dependencies:

pip install -r requirements.txt

Connect the four Coral sources

export GITHUB_TOKEN=ghp_...
export LINEAR_API_KEY=lin_api_...
export SENTRY_AUTH_TOKEN=sntryu_...
export SENTRY_ORG_SLUG=your-org-slug
export SLACK_TOKEN=xoxb-...

coral source add github
coral source add linear
coral source add --interactive sentry
coral source add --interactive slack
coral source add --file sources/slack_messages/slack_messages.yaml

Configure the agent

cp .env.example .env

Open .env and add one LLM key:

GROQ_API_KEY=gsk_...        # free at console.groq.com — recommended for speed
ANTHROPIC_API_KEY=sk-...    # alternative if you have Claude credits

Add your project identifiers too:

GITHUB_ORG=your-org
GITHUB_REPO=your-repo
SENTRY_ORG_SLUG=your-org-slug
SLACK_CHANNEL_ID=C0XXXXXXXXX

Start the dashboard

python web/app.py

Open http://localhost:5000 and click Run Full Release Check.

The README has a complete walkthrough including how to seed demo data if you're setting up fresh accounts.


What I'd build next

PagerDuty integration. Sentry tells you what's broken. PagerDuty tells you what's actively paging right now. That's a different urgency signal and the same JOIN pattern applies directly.

Push-down filter contribution upstream. Coral's GitHub source doesn't currently push WHERE state = 'closed' down to the GitHub API, so on a repo with 500+ PRs it fetches everything before filtering locally. Fixing that on the bundled source would speed up the readiness query for every Coral user, not just ShipMind.

Slack digest on cron. Run the full check on a schedule, post the verdict as a Slack thread 30 minutes before every planned deploy window. That's roughly 20 extra lines of Python.


The thing I'll actually remember

I spent day one worrying about the LLM prompts. Day two worrying about the dashboard layout. The thing that made the demo land was a single SQL query where GitHub and Sentry answered one question together — "show me the PRs and the errors they caused" — and returned real rows in 30 seconds without me writing a single API client.

Everything else in ShipMind is in service of that query.

The JOIN is the feature.


Links


Jitendra Bhati · Built solo for Pirates of the Coral-bean · Track 1: Enterprise Agent · May 2026