惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

D
Docker
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
C
Cisco Blogs
Scott Helme
Scott Helme
Know Your Adversary
Know Your Adversary
NISL@THU
NISL@THU
C
Cyber Attacks, Cyber Crime and Cyber Security
D
Darknet – Hacking Tools, Hacker News & Cyber Security
C
CXSECURITY Database RSS Feed - CXSecurity.com
S
Schneier on Security
I
Intezer
Spread Privacy
Spread Privacy
AWS News Blog
AWS News Blog
V
Vulnerabilities – Threatpost
Cloudbric
Cloudbric
V2EX - 技术
V2EX - 技术
Google Online Security Blog
Google Online Security Blog
L
Lohrmann on Cybersecurity
Recent Commits to openclaw:main
Recent Commits to openclaw:main
L
LINUX DO - 热门话题
S
Secure Thoughts
T
The Exploit Database - CXSecurity.com
博客园 - 【当耐特】
Recent Announcements
Recent Announcements
Security Archives - TechRepublic
Security Archives - TechRepublic
Stack Overflow Blog
Stack Overflow Blog
罗磊的独立博客
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
K
Kaspersky official blog
阮一峰的网络日志
阮一峰的网络日志
博客园_首页
Latest news
Latest news
B
Blog
F
Full Disclosure
大猫的无限游戏
大猫的无限游戏
博客园 - 叶小钗
L
LangChain Blog
GbyAI
GbyAI
Last Week in AI
Last Week in AI
S
Security Affairs
Apple Machine Learning Research
Apple Machine Learning Research
N
Netflix TechBlog - Medium
Security Latest
Security Latest
Vercel News
Vercel News
Y
Y Combinator Blog
G
GRAHAM CLULEY
S
Securelist
T
Troy Hunt's Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
雷峰网
雷峰网

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
.klickd v4.0.0 — Portable AI memory with constraints, strict schemas, and test vectors
Davincc77 · 2026-05-26 · via DEV Community

Every new AI session starts cold. You re-explain who you are, what you're building, what constraints you're working under. If you switch models — GPT-4o to Claude to a local Llama — it's a clean slate again. This isn't a model quality problem. It's an architecture gap: there is no portable, user-owned state layer sitting between the user and the model.

developper.klickd

.klickd is an attempt to build that layer as an open format. Today v4.0.0 GA ships — the first production-stable release of the v4 track. Here is exactly what it contains, written for someone who is going to read the code.

All links:


What a .klickd file is

A .klickd file is a single JSON document, encrypted client-side. No server required. No account. The user holds the passphrase — it never leaves the device.

When loaded into a compatible client, the decrypted payload is injected as a system prompt (or context prefix) into the AI session. The model receives structured data: identity, preferences, constraints, memory items, verification gates. It resumes rather than restarts.


The crypto envelope — frozen at klickd_version: "3.0"

The wire format does not change in v4. The envelope contract was frozen in the v3.x track and is intentionally unchanged.

Parameter Value
KDF Argon2id — m=65536, t=3, p=4
Legacy KDF PBKDF2-SHA256 / 600,000 iterations (v2.x backward compat)
Cipher AES-256-GCM
IV 12 bytes, CSPRNG
Salt 16 bytes, CSPRNG
AAD RFC 8785 JCS-canonicalized over 6 envelope fields
Base64 RFC 4648 §4, standard padded
GCM tag 16 bytes, appended to ciphertext before base64

The 6-field JCS-canonicalized AAD is the detail most implementations get wrong. It binds the ciphertext to the envelope metadata — if you swap the domain field or alter KDF parameters, the GCM tag won't verify. Both reference implementations apply this on every encrypt and verify on every decrypt.

v4 is signaled inside the payload, not the wire envelope:

{
  "klickd_version": "3.0",
  "created_at": "2026-05-25T00:00:00Z",
  "encrypted": true,
  "kdf": { "id": "argon2id", "m": 65536, "t": 3, "p": 4, "salt": "<base64>" },
  "cipher": { "name": "AES-256-GCM", "iv": "<base64>", "tag_len": 16 },
  "domain": "education",
  "ciphertext": "<base64 AES-256-GCM ciphertext + 16-byte GCM tag>"
}

Enter fullscreen mode Exit fullscreen mode

A v3.x reader can open a v4 file without changes — the crypto is identical. It will see unknown payload fields and is expected to ignore them. This is the explicit versioning contract.


What's new in the v4 payload

v4.0.0 promotes five additive surface areas to GA. No v3.x field is removed, renamed, or repurposed.

1. profile_kind

A top-level enum: learner, professional, agent, family, research. Lets readers surface different UI affordances without inspecting the full payload.

2. verification_gates — the most architecturally interesting addition

A sparse, declarative map from action_class to gate level:

{
  "verification_gates": {
    "version": 1,
    "gates": [
      { "action_class": "public_post",              "level": "confirm" },
      { "action_class": "factual_claim_about_person", "level": "block" },
      { "action_class": "casual_media_generation",  "level": "silent" },
      { "action_class": "consent_change",           "level": "require-owner" }
    ]
  }
}

Enter fullscreen mode Exit fullscreen mode

Gate levels ordered by friction: silentwarnconfirmblockrequire-owner.

This is a UX friction signal, not a security boundary. The spec's design principle: verification gates must not push agents toward compliance-form UX for ordinary creative work. Unlisted action classes default to silent. The user sets the friction profile once; it travels with the file.

3. human_veto_policy — the override layer

Any action class in human_veto_policy.applies_to requires a human in the loop regardless of gate level or model confidence. The spec states this is sacred: no automatic mechanism may lower a gate past a human_veto_policy floor.

{
  "human_veto_policy": {
    "applies_to": ["public_post", "consent_change", "identity_assertion"],
    "second_party": null
  }
}

Enter fullscreen mode Exit fullscreen mode

4. claim_sources and verification_artifacts

claim_sources declares where the agent should ground factual claims. verification_artifacts is a pointer ledger — not a payload sink — of outputs already produced by expensive verification commands. The next agent can consult it and skip re-running what was already verified.

5. migration block

Audit-only metadata recording source_version, migrated_at, migration_report_ref, and backup_ref. Points to where migration reports live; does not contain migrated data.


Non-destructive v3.x → v4 migrator

Design invariant: "Never break the soul."

from klickd import migrate_klickd

with open("profile_v3.klickd", "rb") as f:
    v3_bytes = f.read()

v4_bytes = migrate_klickd(v3_bytes, passphrase="my-passphrase")

with open("profile_v4.klickd", "wb") as f:
    f.write(v4_bytes)

Enter fullscreen mode Exit fullscreen mode

import { migrateKlickd } from "@klickd/core";
import { readFileSync, writeFileSync } from "fs";

const v3Bytes = readFileSync("profile_v3.klickd");
const v4Bytes = await migrateKlickd(v3Bytes, { passphrase: "my-passphrase" });
writeFileSync("profile_v4.klickd", Buffer.from(v4Bytes));

Enter fullscreen mode Exit fullscreen mode

The migrator writes a new file. The original is never overwritten. Unknown v3.x fields are preserved verbatim — v4 readers must carry unknown fields through on round-trip, not strip them. The migrator refuses to write if the output would be lossy.


Strict JSON Schemas (Draft 2020-12)

Two schemas ship:

  • schemas/klickd-payload-v4.schema.json — validates the decrypted payload only
  • schema/klickd-v4.schema.json — unified envelope + payload

Both set additionalProperties: false on controlled sub-objects. payload_schema_version is required and enumerated.

Python validation:

from klickd import validate, validate_iter_errors, KlickdError

# Raises KlickdError(KLICKD_E_SCHEMA) on failure
validate(payload, strict=True)

# Non-raising: yields every (path, message) pair
for path, message in validate_iter_errors(payload, strict=True):
    print(f"  {path}: {message}")

Enter fullscreen mode Exit fullscreen mode

pip install "klickd[validate]"
npm install @klickd/core ajv

Enter fullscreen mode Exit fullscreen mode


Cross-implementation test vectors

v4.0.0 ships tests/verify_vectors.py and tests/verify_vectors.ts. Each vector specifies: passphrase, KDF parameters (Argon2id: m, t, p, exact salt in hex), plaintext payload (UTF-8 JSON), and expected decrypted output. Both suites run against the same vectors in CI on every push.

If you're implementing .klickd in another language, fork these and run your implementation against them. If you pass, the crypto contract is correct.


Quick start

Python:

from klickd import load_klickd, save_klickd

# Load
with open("profile.klickd", "rb") as f:
    payload = load_klickd(f.read(), passphrase="my-passphrase")

print(payload["identity"]["name"])
print(payload["memory"])

# Save
payload = {
    "payload_schema_version": "4.0",
    "identity": {"name": "Alice", "language": "en", "timezone": "Europe/Luxembourg"},
    "agent_instructions": "Be concise. Resume as if you have been here from the start.",
    "memory": [],
    "verification_gates": {
        "version": 1,
        "gates": [{"action_class": "public_post", "level": "confirm"}]
    }
}
klickd_bytes = save_klickd(payload, passphrase="my-passphrase", domain="work")

Enter fullscreen mode Exit fullscreen mode

TypeScript (Node.js >= 18):

import { loadKlickd, saveKlickd } from "@klickd/core";
import { readFileSync, writeFileSync } from "fs";

const payload = await loadKlickd(readFileSync("profile.klickd"), {
  passphrase: "my-passphrase"
});

const bytes = await saveKlickd(
  {
    payload_schema_version: "4.0",
    identity: { name: "Alice", language: "en" },
    agent_instructions: "Resume as if you have been here from the start.",
    verification_gates: {
      version: 1,
      gates: [{ action_class: "public_post", level: "confirm" }]
    }
  },
  { passphrase: "my-passphrase", domain: "work" }
);
writeFileSync("profile.klickd", Buffer.from(bytes));

Enter fullscreen mode Exit fullscreen mode

Error codes:

Code HTTP Meaning
KLICKD_E_AUTH 401 Wrong passphrase / GCM tag mismatch
KLICKD_E_VERSION 400 Unsupported klickd_version major
KLICKD_E_FORMAT 400 Malformed JSON envelope / missing fields
KLICKD_E_KDF 400 Unknown or unavailable KDF
KLICKD_E_WEAK_PASS 422 Passphrase shorter than 8 characters
KLICKD_E_SCHEMA 400 Missing or invalid payload_schema_version

About the benchmark numbers

The benchmark section shows +13.9 average score improvement (across 115 profiles) when a .klickd context file is present vs. absent, scored by qwen3-32b via Groq. Here's what that actually measures: how much better an AI's response aligns with a user's stated context when given structured context, as judged by another AI. It does not measure user outcomes, learning efficacy, or real task performance. The sample is 115 profiles across 23 subjects — directional signal, not a peer-reviewed controlled study. The methodology is published at DOI 10.5281/zenodo.20320480 for independent replication.


What .klickd is not

Taken directly from the Zenodo record and the GitHub release:

  • Not an industry standard. No standards body has ratified .klickd. It is CC0.
  • Not universally compatible. Portability depends on whether a specific AI tool accepts the system prompt injection. Known-good integrations are listed in docs/integrations/.
  • Not a security boundary. Encryption protects the file at rest and in transit. It does not replace provider-side security, model alignment, or application-level access control.

Links

License: CC0 — public domain. No permission required to implement, fork, or build on top of this format.