惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
C
CXSECURITY Database RSS Feed - CXSecurity.com
L
LINUX DO - 热门话题
S
Secure Thoughts
TaoSecurity Blog
TaoSecurity Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
T
Threat Research - Cisco Blogs
AI
AI
B
Blog RSS Feed
S
Schneier on Security
雷峰网
雷峰网
Schneier on Security
Schneier on Security
Help Net Security
Help Net Security
Cloudbric
Cloudbric
L
LINUX DO - 最新话题
罗磊的独立博客
有赞技术团队
有赞技术团队
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Apple Machine Learning Research
Apple Machine Learning Research
P
Proofpoint News Feed
酷 壳 – CoolShell
酷 壳 – CoolShell
The Hacker News
The Hacker News
博客园 - Franky
Attack and Defense Labs
Attack and Defense Labs
The Cloudflare Blog
Webroot Blog
Webroot Blog
Last Week in AI
Last Week in AI
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
博客园 - 叶小钗
美团技术团队
L
Lohrmann on Cybersecurity
T
The Blog of Author Tim Ferriss
The Last Watchdog
The Last Watchdog
T
Troy Hunt's Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Vercel News
Vercel News
Know Your Adversary
Know Your Adversary
O
OpenAI News
博客园 - 【当耐特】
Hacker News - Newest:
Hacker News - Newest: "LLM"
C
Cybersecurity and Infrastructure Security Agency CISA
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
www.infosecurity-magazine.com
www.infosecurity-magazine.com
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
PCI Perspectives
PCI Perspectives
H
Heimdal Security Blog
I
InfoQ
GbyAI
GbyAI
T
Threatpost
C
Cisco Blogs

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
How I finished a 4-year-old AI project using 30 libraries I wrote in the meantime
Mukunda Rao · 2026-05-22 · via DEV Community

This is a submission for the GitHub Finish-Up-A-Thon Challenge

In August 2022 I wrote a one-paragraph research proposal called Vimana.
The question was simple:

Can an AI agent autonomously provision, scale, and navigate its own
cloud infrastructure?

I built a landing page, sketched some Python, pushed it to GitHub, and
then never touched it again. The repo sat archived for four years.

This is the story of finally finishing it for the DEV.to GitHub
Finish-Up-A-Thon. The trick is that I did not finish it the way I
planned in 2022. I finished it by gluing together a stack of small
libraries I ended up shipping between then and now.

Why I gave up in 2022

Three reasons, in order of honesty.

First, the question was too big. "Self-orchestrating AI cloud
infrastructure" is a research program, not a weekend project. I did not
have a small thing I could ship.

Second, the safety story was missing. Even back then I knew that
handing an LLM an AWS account was a bad idea. There was no clean way to
say "you can spend up to fifty cents and only call these two domains".
I would have ended up either burning real money on agents that loop, or
mocking so much that the demo proved nothing.

Third, day job. I went into contractor work doing AI/ML stuff for a
big airline. The repo went quiet.

What changed between 2022 and 2026

Honestly: I built the boring parts.

Over the last year or so I shipped a bunch of small libraries on PyPI
and crates.io. They each solve one tiny problem you hit the moment you
try to run an agent for real. A short list of the ones relevant here:

  • token-budget-py: a thread-safe pool that holds a token and USD cap. Trying to record past the cap throws BudgetExceeded. Two lines to wrap any agent loop.
  • birddog: domain allowlist for outbound HTTP. Trying to fetch a host that is not in the allowlist throws DomainDeniedError. Useful for scraping agents that should not be calling random URLs.
  • agenttrace: sqlite-backed per-call tracing. Decorate a function and you get a row per invocation with args, result, and timing.
  • driftvane: drift detection on numeric streams. Compare a reference window against a current window, get a DriftSignal.

None of these are revolutionary. They are infrastructure you keep
re-implementing in every agent project. Once they were on PyPI I
realized I had everything I needed to actually answer the 2022 question
at a small but honest scale.

The finish: what Vimana v0.2.0 is now

A 50-step autonomous auto-scaler that runs against a simulated cloud,
inside a hard $0.50 USD budget, with every decision recorded.

Every tick the agent:

  1. reads aggregate metrics from a mock cloud simulator
  2. updates a drift monitor on the CPU stream
  3. records a small slice of USD against a BudgetPool (and stops if the cap would breach)
  4. asks an existing threshold-based scaler what to do
  5. executes scale-up / scale-down / hold against a mock provisioner
  6. logs a structured row

Before any of that runs, the egress allowlist proves itself by denying
a fake rogue host. The demo prints the denial so you can see it.

Code walkthrough

The smallest interesting piece is the per-decision loop. Here is the
budget check, lightly trimmed:

from token_budget import BudgetExceeded, BudgetPool

class AutoScalerAgent:
    def __post_init__(self) -> None:
        self._budget = BudgetPool(usd_cap=self.usd_cap)

    def run(self, steps: int = 50) -> AgentRunReport:
        for tick in range(1, steps + 1):
            self.simulator.step()
            agg = self.simulator.aggregate_metrics()

            try:
                self._budget.record(usd=_DECISION_COST_USD)
            except BudgetExceeded as exc:
                return self._stop_early(tick, exc)

            decision = self._decide(agg)
            self._apply(decision)

Enter fullscreen mode Exit fullscreen mode

That try/except around BudgetPool.record is the entire safety
contract. The agent literally cannot run the next decision if the
budget would breach. No clever prompt, no LLM judge, just a thread-safe
counter that refuses to go past a number.

The egress guard is even shorter:

from birddog import DomainDeniedError

class EgressGuard:
    allowed: frozenset[str] = frozenset({"metrics.simulated.local"})

    def assert_allowed(self, url: str) -> None:
        host = urlparse(url).hostname or ""
        if host not in self.allowed:
            raise DomainDeniedError(f"host {host!r} not in allowlist")

Enter fullscreen mode Exit fullscreen mode

If the agent ever decides to call something it should not, the guard
raises and the operator sees it.

Before and after

Before, 2022. Repo: course PDFs, a stub landing page, a README that
said "research on autonomous cloud-native intelligence". No runnable
code. Archived.

After, 2026. Repo: same name. A vimana Python package with a
CloudSimulator, a CloudProvisioner, an AutoScalerAgent, an
EgressGuard, a drift monitor, 62 passing tests, a CLI, and an example
script you can run in 20 seconds. Plus the 2022 landing page still
sitting at the same URL.

The demo output looks like this:

  t=  1 HOLD cpu= 29.7% replicas=2->2 cost=$1.4600/hr spent=$0.0050
  t= 18 HOLD cpu= 52.2% replicas=2->2 cost=$1.4600/hr spent=$0.0900
  t= 19 UP   cpu= 75.2% replicas=2->3 cost=$2.1900/hr spent=$0.0950
  t= 20 HOLD cpu= 86.1% replicas=3->3 cost=$2.1900/hr spent=$0.1000 drift
  t= 37 UP   cpu= 71.7% replicas=3->4 cost=$2.9200/hr spent=$0.1850
  t= 50 HOLD cpu= 26.8% replicas=4->4 cost=$2.9200/hr spent=$0.2500 drift

  scale_up decisions:   2
  scale_down decisions: 0
  drift alerts:         14
  usd spent:            $0.2500 of $0.50 cap
  budget cap held across the full run

Enter fullscreen mode Exit fullscreen mode

The agent reacts to the simulated load burst at tick 19, holds during
the cooldown, reacts to the second burst at tick 37, and never goes
past 25 cents of its 50 cent budget. The drift monitor flags ticks
where the CPU distribution shifts away from the reference window.

Pushing the budget down to five cents proves the safety story:

========================================================================
Budget enforcement check
========================================================================
Re-running with a tiny $0.05 cap. Agent must stop early.
  steps completed:  10/50
  usd spent:        $0.0500
  stopped_early:    True
  stopped_reason:   budget cap reached at tick 11

Enter fullscreen mode Exit fullscreen mode

That is the answer to the 2022 question I would have wanted in 2022.
Not "yes" and not "no". Yes, but inside a budget, with an allowlist,
with tracing on every move.

The Copilot piece

GitHub Copilot was the editor companion through the finish. I wired
it into VS Code and let it autocomplete the boring parts. The egress
guard wrapper, the test scaffolding for the auto-scaler, the doc
comments on AutoScalerAgent.step, the boilerplate for parsing CLI args
in vimana scale. Most were one or two keystrokes followed by accepting
a suggestion that was already close to what I would have typed myself.
Copilot Chat helped a few times when I forgot the exact shape of a
token-budget-py call or wanted a quick second opinion on a method
name. It was not the architect. The composition of agentleash +
birddog + agenttrace was already in my head from shipping those
libraries. What Copilot did was strip the typing friction so I could
finish what I started in 2022 without losing momentum to the small
stuff.

What is not in this version

  • No real AWS. The cloud is simulated. I am explicitly not putting an agent on a real cloud account for a hackathon demo.
  • No LLM in the loop. The decision logic is threshold-based. A future version can swap that out for an LLM call, but the budget and trace primitives mean it would be safe to do so.
  • The drift monitor inside vimana is hand-rolled. It mirrors the shape of driftvane.LatencyDrift but does not depend on it, so the demo runs cleanly without optional packages.

These are deliberate. The point was to finish something small and
honest, not to ship a fake "AI runs your cloud" demo that quietly
needs a million-dollar GPU budget to actually work.

Try it

git clone https://github.com/MukundaKatta/vimana
cd vimana
python3.12 -m venv .venv
source .venv/bin/activate
pip install -e ".[dev]"
python examples/auto_scaler.py

Enter fullscreen mode Exit fullscreen mode

The whole demo takes about a second. Tests run in under half a second.

Repo: https://github.com/MukundaKatta/vimana

Closing

The lesson I took from this finish is that big questions usually do
not need bigger answers. They need smaller infrastructure underneath
them. The 2022 me wanted a self-orchestrating AI cloud. The 2026 me
got the same thing, just bounded by a $0.50 cap and a domain
allowlist. That bound is what made the question shippable.

If you have an archived repo with a research question that was too
big four years ago, ask yourself: which boring parts have I built
since then? You might already be done.