惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Threatpost
The Hacker News
The Hacker News
AWS News Blog
AWS News Blog
Spread Privacy
Spread Privacy
T
Tenable Blog
C
CERT Recently Published Vulnerability Notes
Cisco Talos Blog
Cisco Talos Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
S
Securelist
P
Privacy & Cybersecurity Law Blog
Know Your Adversary
Know Your Adversary
T
The Exploit Database - CXSecurity.com
Latest news
Latest news
D
Darknet – Hacking Tools, Hacker News & Cyber Security
I
Intezer
F
Fortinet All Blogs
Engineering at Meta
Engineering at Meta
Simon Willison's Weblog
Simon Willison's Weblog
The Register - Security
The Register - Security
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
L
Lohrmann on Cybersecurity
C
Cyber Attacks, Cyber Crime and Cyber Security
Microsoft Azure Blog
Microsoft Azure Blog
P
Proofpoint News Feed
H
Help Net Security
T
Threat Research - Cisco Blogs
D
DataBreaches.Net
S
Schneier on Security
Cyberwarzone
Cyberwarzone
Google DeepMind News
Google DeepMind News
P
Privacy International News Feed
S
Secure Thoughts
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Recorded Future
Recorded Future
C
Cybersecurity and Infrastructure Security Agency CISA
MyScale Blog
MyScale Blog
M
MIT News - Artificial intelligence
Stack Overflow Blog
Stack Overflow Blog
IT之家
IT之家
人人都是产品经理
人人都是产品经理
NISL@THU
NISL@THU
博客园 - Franky
T
Tor Project blog
G
GRAHAM CLULEY
博客园 - 【当耐特】
Jina AI
Jina AI
Security Archives - TechRepublic
Security Archives - TechRepublic
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
A
About on SuperTechFans
Hacker News - Newest:
Hacker News - Newest: "LLM"

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
The Token Tax Problem: How I Built a Super Memory Layer for AI Coding Assistants using LLM Wiki
parupati mad · 2026-05-07 · via DEV Community

The Token Tax Problem: How I Built a Super Memory Layer for AI Coding Assistants

We Solved the Wrong Problem First

When AI coding assistants arrived, we celebrated. Faster delivery. Less repetitive work. Developers doing more meaningful things.

Then the invoices arrived.

Token utilization had quietly become one of the fastest-growing line items in engineering costs. Every session, every agent, every code suggestion — all of it burning through context tokens. And the root cause was embarrassingly simple: we were paying for AI tools to re-learn our codebase from scratch, over and over again.


Round One: The Obvious Fixes

We started with the basics. Things that genuinely helped:

  • Context window hygiene — Being deliberate about what goes into context rather than dumping entire file trees at every agent invocation
  • Model switching — Using faster, cheaper models for repetitive low-complexity tasks and reserving powerful models for architecture decisions and complex debugging
  • Preprocessed context — Writing structured markdown instruction files that encode team conventions once and reuse them everywhere, instead of expecting agents to infer them from raw code
  • Scoped agents — Purpose-built agents for specific tasks (test generation, code review, planning) rather than one general-purpose agent doing everything

These helped. But they didn't solve the fundamental issue. Agents were still spending tokens exploring the codebase before doing any real work.

We needed something closer to a cache layer.


The Core Idea: A Super Memory Layer

The inspiration came from Andrej Karpathy's concept of the LLM Wiki — the idea that an AI system benefits enormously from a persistent, structured knowledge index rather than re-reading raw source on every request.

Think of it like CloudFront or Redis in front of your origin server.

Instead of every agent making expensive round trips into raw source code, they read from a pre-built knowledge graph. That graph becomes a shared memory layer — a single source of architectural truth accessible by any AI tool: Copilot, Factory, Claude, Cursor, or whatever comes next.

For the implementation, I used Graphify (github.com/safishamsi/graphify), an open-source tool that converts a codebase into a knowledge graph:

  • Nodes — functions, components, hooks, utilities
  • Edges — relationships between them (imports, calls, dependencies)
  • Output — a plain-language report, interactive visualization, and GraphRAG-ready JSON

The POC: Steps We Actually Followed

Step 1 — Full Codebase Attempt (Hit a Wall)

First instinct: run it on the entire codebase at once.

The corpus exceeded the tool's recommended limits immediately (~900+ files). This is actually a healthy constraint — feeding an LLM a massive undifferentiated codebase produces poor graph quality anyway.

Lesson: Large codebases need a per-module strategy.


Step 2 — Module-by-Module Analysis

We split the codebase by independent modules and ran the graph pipeline on each one separately.

Each run was completely free — Graphify's AST extraction is pure static analysis with zero LLM API calls. The graph structure emerged from the code itself:

Module Source Files Nodes Edges
Module A 354 606 1,599
Module B 318 549 1,501
Module C 166 248 509
Module D 108 193 514
Module E 27 37 60

Step 3 — Debugging the Tool Itself

During a couple of runs, report generation failed due to API signature changes between Graphify versions. We patched the calls and kept moving.

Lesson: Pin your open-source tooling versions. APIs shift.


Step 4 — Merging Module Graphs

With individual module graphs ready, we wrote a merge script to combine them into a single unified knowledge graph.

First attempt had a subtle bug — the script accidentally read the same module's extract file multiple times (once per module), producing a graph full of duplicates. We caught it because all sets of nodes were identical.

Fix: Rebuilt the merge from each module's actual AST cache files, prefixing node IDs with the module name to prevent collisions:

node_id = f'{module_name}::{original_node_id}'

Enter fullscreen mode Exit fullscreen mode

Correct merged result:

  • 1,600+ unique nodes across all modules
  • 4,000+ edges
  • 28 structural communities detected
  • Zero LLM tokens consumed to build it

Step 5 — Discovering the God Nodes

The most valuable output wasn't the graph itself — it was what the graph revealed.

God nodes are the most connected abstractions in the codebase. The functions, utilities, and components that everything else depends on. Most experienced developers know these intuitively but have never seen them mapped explicitly.

Once you know your god nodes, you can:

  • Prioritise documentation specifically for these high-impact functions
  • Instruct agents to proceed carefully whenever changes touch them
  • Use them as architectural anchors in any context window

Step 6 — Wiring the Graph into Agent Instructions

We updated the agent instruction files used by each tool (GitHub Copilot, Factory/droid, etc.) to point at the merged graph report as their primary architecture reference:

Before answering architecture or codebase questions,
read the merged graph report at graphify-out/GRAPH_REPORT_MERGED.md

Enter fullscreen mode Exit fullscreen mode

This means any agent that loads these instructions starts with architectural knowledge already loaded — without scanning source files to build that understanding themselves.

A 9KB markdown report replacing several megabytes of source scanning. Every session.


Step 7 — Running the Token Experiment

To quantify the impact, we set up an A/B test. We commented out the graph instructions from all agent configuration files, then ran identical tasks in both configurations and compared token consumption.

<!-- graphify section disabled for token utilization analysis
     re-enable when experiment is complete -->

Enter fullscreen mode Exit fullscreen mode

Results from the experiment will follow in a separate post.


The Three Outputs: What Agents Actually Consume

Every Graphify run produces three files, each serving a different consumer:

File Typical Size Best For
GRAPH_REPORT.md ~9 KB Copilot, Cursor, any LLM reading markdown
graph.json ~1 MB GraphRAG queries, programmatic traversal, MCP tools
graph.html ~1 MB Human review, architecture walkthroughs

For token efficiency, agents read only the markdown (~9KB). The JSON is available for tools that can query it selectively.


Honest Pros and Cons

✅ What Works

  • Zero build cost — AST extraction consumes no LLM tokens
  • Tool-agnostic — Works with any tool that reads files (Copilot, Factory, Claude, Cursor)
  • Shared memory — One knowledge base, many consumers; no duplication of analysis
  • God node awareness — Agents automatically know which abstractions are highest-impact
  • Community detection — Related code clusters surface naturally without manual documentation

⚠️ What Doesn't

  • Stale risk — Graph must be regenerated after structural changes; a stale graph actively misleads agents
  • Velocity tension — Codebases with rapid daily structural changes will find frequent regeneration expensive in time, even if not in tokens
  • Corpus size limits — Large repos must be split by module; cross-module edges are inferred, not extracted
  • No semantic understanding — AST-only extraction misses business intent and domain meaning; semantic extraction adds LLM cost
  • Merge complexity — Combining module graphs requires care; duplicate nodes and ID collisions are easy mistakes to make

Suggestions to Take This Further

  1. Incremental updates — Re-extract only changed files after each commit, not the full module
  2. Automate in CI — Regenerate affected module graphs as a post-merge pipeline step, triggered only when source files change
  3. Selective semantic enrichment — Run LLM-assisted extraction only on shared utilities and god nodes, not on every file
  4. Add a wiki navigation layer — Generate a navigable index.md so agents load only the relevant section of the graph rather than the full report
  5. Commit only the report — The markdown report is the token-saver; the JSON and HTML can stay gitignored to avoid bloating the repo

The Bigger Picture

Token cost is the new technical debt of the AI-assisted development era.

Every pattern that reduces it — pre-processed context, structured instructions, scoped agents — points in the same direction:

Give agents knowledge, not raw data.

A project knowledge graph is one concrete implementation of that principle. It is not magic, and it is not free to maintain. But as a cache layer between your codebase and your AI tools, it fundamentally changes the economics of agent-assisted development.

The experiment is ongoing. I'll share the token comparison numbers once the A/B test wraps up.

If you're working on similar token efficiency problems or have taken a different approach, I'd love to hear about it in the comments.


Resources

  • 🔧 Graphify on GitHub
  • 💡 Concept inspiration: Andrej Karpathy — LLM Wiki
  • 📊 Token experiment results: coming soon