惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

H
Heimdal Security Blog
P
Privacy International News Feed
S
Schneier on Security
P
Proofpoint News Feed
L
Lohrmann on Cybersecurity
Spread Privacy
Spread Privacy
P
Privacy & Cybersecurity Law Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Scott Helme
Scott Helme
K
Kaspersky official blog
大猫的无限游戏
大猫的无限游戏
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
aimingoo的专栏
aimingoo的专栏
Simon Willison's Weblog
Simon Willison's Weblog
S
Securelist
Help Net Security
Help Net Security
B
Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Security Archives - TechRepublic
Security Archives - TechRepublic
云风的 BLOG
云风的 BLOG
The GitHub Blog
The GitHub Blog
N
News and Events Feed by Topic
Hacker News: Ask HN
Hacker News: Ask HN
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
M
MIT News - Artificial intelligence
雷峰网
雷峰网
博客园 - 司徒正美
V
V2EX
AWS News Blog
AWS News Blog
Know Your Adversary
Know Your Adversary
N
News | PayPal Newsroom
T
Tor Project blog
Cisco Talos Blog
Cisco Talos Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
PCI Perspectives
PCI Perspectives
Google DeepMind News
Google DeepMind News
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
U
Unit 42
C
Cybersecurity and Infrastructure Security Agency CISA
P
Palo Alto Networks Blog
G
Google Developers Blog
T
Threat Research - Cisco Blogs
博客园 - Franky
I
InfoQ
D
DataBreaches.Net
爱范儿
爱范儿
Y
Y Combinator Blog
博客园 - 叶小钗
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
I built an agent health checker, then it flunked itself — here's the audit
AOS Architect · 2026-06-22 · via DEV Community

What you get: The AOS v0.2 post named four ways production agents fail quietly—and patterns to stop them. This follow-up ships a CLI that scores agents 0–100 on four axes, then shows the real stdout when that scanner failed its own directory. No slide-deck scores; numbers from a live run.


Local green, production silent — why you want a meter

I've lost count of how many times I've seen this play out: teams are building LLM agents, everything looks good on the surface.

  • Local smoke tests pass with flying colors.
  • Your CI/CD pipeline keeps flashing green.
  • But in production, you're still hitting those invisible, structural holes. Maybe there are no timer units to wake it up, no rebirth loop files to bring it back from the brink, or just no persistent evidence on disk that it's actually doing anything. Sound familiar?

Just being polite with your prompts won't surface these deeper issues. What you really need is something that can walk through your agent's directories, read-only, and give you a concrete number. A kind of x-ray vision for your agent's health, if you will.

What tool 1066 does

That's precisely what the AOS Agent Health Reporter (internal id 1066) does. It scans an agent folder and spits out an AOS score (0–100) and a certified status (true when score ≥ 80), delivered either as Markdown or JSON.


Four axes × 25 points

Now, about how we tally those points. The scoring is heuristic, designed to align directly with the AOS v0.2 §10 implementation patterns. We're not aiming for a formal proof of compliance here; think of it more as a practical flashlight guiding you to potential issues, rather than a courtroom audit.

Here’s a quick overview of what each section scrutinizes:

Section What it checks (summary)
manifest_declared Checks for a manifest.json present +12.5, and then for an aos_compliance or aos_compliant field +12.5. (That's 25 total, in two distinct steps.)
systemd_runtime Looks for a .service or .timer file within services/ or playwright/. (It's either 25 or 0 points here.)
immune_loop Scans for a death_detector.py or any rebirth_ritual* file on disk. (Again, a binary 25 or 0.)
physical_evidence Verifies at least one .md file exists under docs/reports/. (Yep, 25 or 0.)

You'll notice that only manifest_declared is staged, meaning it can award partial points. The other three axes are binary—you either get the full 25 points or none at all. This is by design. For example, in the code, score_manifest() first gives 12.5 points just for the file being present, and another 12.5 when a compliance field is correctly set. So, if you see live totals like 37.5 (12.5 + 25) in the self-audit table, don't be surprised; that's exactly what we expect, not a bug.

The core idea in the code is straightforward:

def score_sections(tool_dir: Path) -> dict[str, float]:
    return {
        "manifest_declared": score_manifest(tool_dir),
        "systemd_runtime": score_systemd(tool_dir),
        "immune_loop": score_immune(tool_dir),
        "physical_evidence": score_physical_evidence(tool_dir),
    }

Before we get too excited, I always find it crucial to set the stage with a few hard truths about what this tool doesn't do. For instance, systemd_runtime strictly looks at unit files inside the agent tree – it won't peek into your user-level systemd. And with immune_loop, remember, we're just checking for filename presence; it's not proof a rebirth actually ran. Honestly, I've seen folks trip up on this, expecting an oracle when it's really just an honest meter.


The punchline: self-scan scored 50/100

With those caveats in mind, I put the tool to a real test. My self-scan scored 50/100—not a mock run, but a live walk on 2026-06-18 with no --mock:

**AOS Score: 50.0/100** | Tool: 1066 | Scanned: 2026-06-18T12:06:00+00:00

## Section Scores

- **manifest_declared**: 25.0/25
- **systemd_runtime**: 0.0/25
- **immune_loop**: 0.0/25
- **physical_evidence**: 25.0/25

Not certified (< 80).

I built the health gate; the first patient failed the exam. Reproduce locally:

python3 main.py --bypass-payment --tool-id 1066

(--bypass-payment is for local trials; production wiring uses a separate payment path.)

Why systemd and immune_loop are zero

When I look at our internal 1066 system, these two axes always jump out. Honestly, the "zero" scores might surprise you at first glance. But there's a good reason for it, as I've tried to capture below:

Axis Physical fact on 1066 How I read it in the open
systemd_runtime Zero .service / .timer under services/ or playwright/ 1066 is an on-demand MCP/CLI tool, not one of those always-on timer agents. The rubric, as I understand it, targets long-running production workhorses.
immune_loop Zero death_detector.py / rebirth_ritual* files We preach death→rebirth in v0.2, yet our read-only scanner doesn't implement that loop yet. Yeah, it's straight technical debt, plain and simple.

I've personally made sure the manifest declares aos_compliance: "v0.1", which does get us full manifest points. And yes, reports exist under docs/reports/, giving us full evidence points there. But here's the kicker: the two axes we talk about most are the two we score zero on ourselves. Isn't that a bit of a wry chuckle? It's the honest article, not a bug in the scorer.


--self-audit: one table for the whole repo

I've found single-tool scans useful, but bulk audit is the hook that maps to your monorepo mental model:

python3 main.py --bypass-payment --self-audit

Real filesystem walk (excerpt, same date):

**AOS Self-Audit** | total_tools: 68 | avg_score: 39.2/100

| tool_id | aos_score | certified |
|---------|-----------|-----------|
| 0051 | 37.5 | no |
| 0058 | 37.5 | no |
| 1064 | 37.5 | no |
| 1066 | 50.0 | no |

When I look at the scores, a row showing 37.5 (for example, tool 0051) usually tells me we're looking at manifest half-credit (that's 12.5 points for a missing or incomplete compliance field) alongside full physical evidence (25 points). A 50.0 on 1066, on the other hand, means we've hit full manifest (25) and full evidence (25), even if systemd and immune are still sitting at zero.

Honestly, 1066 isn't some unique outlier with a special problem. What I've found is that the average across 68 tools hovers around 39.2, and frankly, nobody is certified yet. It's a stark reminder that the rubric we're aiming for is, well, pretty aspirational compared to how our agents are currently configured. Are we just chasing a phantom, or is this a roadmap?

Do not mix --mock with this story

Here's a common trap I've seen people fall into, and it's vital to get this straight: don't confuse --mock data with what's happening in the real world. Our CI pipelines and Playwright tests rely on --mock—it generates deterministic stub scores, essentially a fixed score derived from a hash of the tool_id. So, if you're looking at a thirty-cycle report and see tool 0051 at a high 94 under mock, understand this clearly: that's not the live environment. It's a snapshot, a simulation, not the pulse of the actual system.

Why does this matter so much? Because when we talk about audits or the data in this very post, we're always looking at the live scan.

Mode Use Example for 1066
--mock CI / fixed regression hash-driven (e.g. 41.0)
Live scan audits, this post 50.0 (canonical here)

To be absolutely clear, every number and observation I've shared so far comes directly from a live scan.


precedent_id — provenance on the report

Whenever I'm digging into a report, one of the first things I look for is the precedent_id. It's essentially the provenance for the data, giving us the full lineage of that particular run. Each execution attaches this crucial piece of metadata:

{
  "precedent_id": "07f3c9ae-dd41-494a-8e77-43a1e9c6a72c",
  "tool_id": "1066",
  "created_date": "2026-06-18T12:06:01+00:00",
  "source_signal_hash": "eab8ff11"
}

Structured fields beat "trust me, I ran a check" in chat logs. While we're not talking a full chain-of-custody system just yet, it's a crucial step away from simply taking an agent's self-report at face value. What's been your experience trying to verify agent claims without solid data?


Thirty Playwright cycles (30/30)

When we started this, I approached it with the same philosophy that guided our 1027 ad-copy demo (#004). It's all about robust CLI evaluations, and in this case, we replayed the exact same scenario bundle for thirty full cycles. The result? Every single one came up green, which honestly, was a relief.

Item Value
Cycles 30
Successes 30
Failures 0
Scenarios per cycle 6 (SC1–SC5 + stub)

I've seen too many 'one-off' demos fall apart, so hitting these benchmarks was key. Specifically, we confirmed that payment gate rejections happened without any sneaky bypasses, that our mock path worked exactly as expected, and that the stdout always contained both "AOS Score" and "total_tools". Even the precedent_id consistently matched the expected UUID shape. Look, anyone can get one green run on their laptop once; achieving 30/30 is how we truly de-risk things and move beyond wishful thinking.


Takeaways

Through this process, a few critical takeaways became crystal clear for me.

First, after you've laid out your specifications, you absolutely must add measurement. Those v0.2 patterns we've been talking about? They only truly mean something when a simple directory walk actually spits out a verifiable score. What's the point of defining good if you can't measure it?

Second, and this one's a bit of a gut-check: you have to eat your own rubric. Our scanner itself landed at 50/100, and honestly, that's the real story. Trying to hide that number or pretend it was perfect would have been far worse than owning it.

Third, it's crucial to keep your mock environments distinct from live ones. Demo stubs are not the same as actual production audit stdout. Mixing them up can lead to some truly misleading results, and I've seen that bite teams before.

Finally, when you're looking for insights, always prefer the structured table over a single 'hero' tool id. A proper self-audit, laid out clearly, gives you a far better picture of where your repo might be weak than just pointing to one shining example.

We've even got an MCP package (aos-health-mcp) for easier editor integration, but remember, the CLI we discussed earlier is always your reproducible entry point.


Wrapping up

Looking back, v0.2 did an excellent job describing common failure modes and outlining physical fixes. But the real challenge, what 1066 aims to tackle, is the next layer: “does this tool actually embody those patterns we're pushing?” It's one thing to write it down, another to live it.

Our first subject for this deeper dive was the scanner itself. We gave it 50 points, not certified. Yes, it scored a zero on systemd and immune while we're still out there recommending those very patterns. But for me, that gap isn't a reason to distrust the numbers; it is the roadmap. It clearly shows us where we need to focus our efforts next, and honestly, that clarity is invaluable.


Next layer — external MCP blast radius (1067)

1066 scores your own agent directories against structural patterns (manifest, systemd units, immune-loop files, physical reports). A different question shows up when you pip install someone else's MCP server: does shipping code match what you assumed? A "filesystem" server might still call requests.get() or subprocess.run() in src/.

MCP Blast-Radius Auditor (PyPI: mcp-blast-radius; internal ID 1067) answers that with static analysis — capability inventory with file/line references even when no manifest exists; divergence detection when one does.

pip install mcp-blast-radius
mcp-blast-radius-gate --target-dir /path/to/mcp-server/src --gate-mode advisory

If 1066 is structural health inside your repo, 1067 is pre-install blast-radius for third-party MCP servers. A follow-up post will run this gate on a real external server and share the audit as a public GitHub issue.


AOS specification (GitHub)

Our heuristic rubric is directly derived from AOS-spec v0.2.

👉 AOS-spec
👉 physical-agent-patterns

We're building this in the open, so please, throw us some ⭐ stars, open issues, or send in your PRs. We genuinely welcome your contributions. And just to be clear, you won't find any paid checkout links here; it's all about the work.