惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

WordPress大学
WordPress大学
L
LangChain Blog
D
Docker
G
Google Developers Blog
aimingoo的专栏
aimingoo的专栏
S
Secure Thoughts
AI
AI
T
The Blog of Author Tim Ferriss
月光博客
月光博客
U
Unit 42
M
MIT News - Artificial intelligence
P
Proofpoint News Feed
N
News and Events Feed by Topic
酷 壳 – CoolShell
酷 壳 – CoolShell
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
腾讯CDC
Last Week in AI
Last Week in AI
B
Blog
Stack Overflow Blog
Stack Overflow Blog
F
Full Disclosure
博客园 - 司徒正美
博客园 - 三生石上(FineUI控件)
H
Hacker News: Front Page
博客园 - 叶小钗
S
SegmentFault 最新的问题
S
Security @ Cisco Blogs
H
Help Net Security
Recorded Future
Recorded Future
MyScale Blog
MyScale Blog
大猫的无限游戏
大猫的无限游戏
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
P
Privacy & Cybersecurity Law Blog
阮一峰的网络日志
阮一峰的网络日志
Recent Commits to openclaw:main
Recent Commits to openclaw:main
T
Tenable Blog
Jina AI
Jina AI
云风的 BLOG
云风的 BLOG
P
Privacy International News Feed
T
Threat Research - Cisco Blogs
Cloudbric
Cloudbric
爱范儿
爱范儿
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
O
OpenAI News
SecWiki News
SecWiki News
Latest news
Latest news
T
Tor Project blog
The Cloudflare Blog
C
Cisco Blogs
Security Archives - TechRepublic
Security Archives - TechRepublic
L
Lohrmann on Cybersecurity

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
Enterprise AI Agents Are Leaving the Server | Focused Labs
Austin Vance · 2026-06-17 · via DEV Community

Enterprise AI agents are leaving the server boundary.

A boundary that looks deceptively small until the agent starts acting on behalf of a person inside a browser tab, a desktop application, a row on a grid, a locally saved draft, a clipboard, a device permission, an approval flow, and the rest of the mess. That person’s work does not always translate into a server-side record, so server-only agent tools are insufficient as the primary integration model.

Backend tools cannot see the product moment

A server tool can update an account, search a knowledge base, create a ticket, or call an ERP workflow. This is the “record after” the product has turned intent into a stored fact.

The product moment arrives earlier.

A user selects three bullets from a proposed set of actions in a workflow. A sales engineer is editing the pricing for a set of products and has made unsaved changes to the discount for each. A support rep is viewing an incident timeline of incidents for a set of customers. A product manager has selected a cohort of customers for analysis. The client knows where the cursor is, what the user has selected, the scroll position in the product, the current route the user is on, the unsaved form data for the current step in the workflow, the dimensions of the current viewport, the current browser permission state, and the last UI action that the user performed. The server knows nothing, or it knows a stale object model for a set of records.

That gap is why LangChain's architecture for headless tools is so important. To the model, the tool is just another normal tool with a name, description, schema for the parameters, and result. The significant aspect of this is that the tool is being executed on the client.

This also shifts the focus of integration in the enterprise significantly. As we wrote about CRM integration moving into the agent runtime, identity, approval, retry, idempotency and tracing decide whether the integration is safe. And as we laid out this week, that same model is now crossing over into the browser as well. The backend runtime is still the place to put enterprise integration for that backend service. But the selected object in Figma, unsaved field in a CRM modal, or even more simply, the browser permission prompt are all now in the agent’s execution path.

The client runtime becomes part of the execution surface.

Side-by-side architecture diagram comparing server-only agent tools with client-runtime frontend tools.

The client runtime becomes part of the execution surface when the agent has to act on state that only exists in the application.

Frontend tools are contracts, not UI glue

The lazy approach is the side channel: serialize application state, send that off to the server as a big ol’ binary blob, let the model generate a reply, then ask the app to patch the UI from the result. Sure, that works the first time. Then the shape of the serialized data changes in a way that is not obvious even to the author of the code, the model starts operating off stale context, and nobody knows whether the current UI came from a user action, a tool execution, or the model making a blind guess while the app team followed it.

Frontend tools make the contract explicit. AG-UI describes tools as frontend-defined functions passed to the agent at runtime with a name, description and a JSON Schema for the parameters. The frontend implements the argument validation, invocation of the tool after the call has completed, and insertion of the tool’s result into the conversation history. Simple.

The important part is the control the frontend has over the capabilities passed to the agent. For each tool, the frontend can decide whether it should be added or removed from the runtime based on user permissions, application context, and state (AG-UI tools).

A quote editor for example might decide to allow insertApprovedClause only when the record the quote is for is editable, the clause was chosen from the approved library and the user has permission to change quotes. A support console on the other hand might allow draftCustomerReply freely but require sendCustomerReply to be approved. A design tool might allow summarizeSelectedFrame without approval but require replaceSelectedFrameCopy to be approved.

Swimlane diagram showing a frontend tool call lifecycle across agent, server runtime, client runtime, user approval, local action, and trace receipt.

A client-side tool call carries validation, approval, execution, and evidence through one lifecycle.

We argued earlier that agent UI is runtime infrastructure because event streams give products typed handles for tools, state, approvals, subagents, errors, and observability. Client-executed tools make that argument less theoretical. A product UI is no longer merely a shell around an agent. It owns executable capabilities the agent cannot safely fake from the server.

AG-UI is the protocol layer showing up on schedule

MCP provides a standard interface to Tools and Data for Agents, A2A provides a standard interface for Agents to interact with other Agents. AG-UI is targeting the Agent-to-user-facing-application interface. In this space, events (programmed or human triggered) and the streaming of updates to the UI, as well as, multi-modal input (e.g., speech and ink), shared state, frontend tool calls, and human-in-the-loop interrupts all need to be dealt with by the UI. This is the scope of the functionality currently defined by AG-UI.

There’s a clear boundary in the system at the point where the user-facing application can determine the facts of runtime: who is currently present; what has the user selected; what has changed locally on the user’s workstation that will affect the tool results; what can be undone on the user’s workstation; and what, on the user’s workstation, requires a human click before a particular set of side effects can occur on the server. The agent-operable interface is the product once the tool moves from brochureware integration within the product to production action within the product.

Microsoft's Agent Framework AG-UI integration points in the same direction. Its documentation lists real-time streaming, session and thread management, state synchronization and sharing, human-in-the-loop approval workflows, custom and generative UIs, tool execution, and tool-result streaming for web and mobile clients.

Demos can rely on a program that sends out text, for example “Approved,” to a panel and then checks whether the approved text shows up in the right place. Production-grade enterprise AI agents have to account for the client action requested, the user's approval, the data under execution, and whether the action was actually sent somewhere else.

Visual builders will not own this boundary

OpenAI's AgentKit page now says that Agent Builder and Evals will wind down after November 30, 2026 (OpenAI AgentKit update). The same update points teams toward the Agents SDK for workflows that should continue as code and Workspace Agents for natural-language prompting. Visual builders can still sketch intent. Durable agent integration keeps returning to application-owned code.

A canvas can sketch a workflow. It cannot check whether the active browser selection still matches the tool call arguments. It cannot own a local permission rule unless the application gives it one. It cannot prove that an approval prompt reflected the side effect about to occur. For enterprise AI agents, the durable boundary is application architecture: typed tools, scoped credentials, state synchronization, reviewable side effects, and traces that follow the action.

This is why AI agent governance follows the execution path. Governance for AI agents, using tools such as LangGraph, AG-UI, headless tools and SDKs, follows the execution path of the application running under the control of the AI agent. It does not follow the server path, and thus is distinctly different from governance of server-side applications. As before, the key to successful governance of AI agents, is the same as for any application: the application and its AI, must be owned by a product team, who can define the capabilities of the AI, and review the runtime facts of the AI operated by the application.

Client actions have to be observable

Backend-only traces don’t work when the browser is executing part of the agent’s plan. That means the agent can send a command to a client tool. The client tool can then validate local state. The user can approve the action. The browser can then call an external API. And the backend can store the result of the action. If these spans do not form a connected trace, then incident review turns into screenshots and Slack messages read one at a time in reverse chronological order.

The Honeycomb blog recently published a write-up on using OpenTelemetry in the browser (Honeycomb on OpenTelemetry in the browser). As the author points out, instrumenting frontend code is a difficult, messy problem because the code runs in surprise environments (i.e. under simultaneous and unpredictable user input). The post describes how browser instrumentation can propagate trace context to subsequent backend requests, and discusses the use of session IDs as a way to correlate together traces generated by the frontend code of different users within the same session.

Honeycomb’s frontend observability GA post pushes end-to-end user flows, high-cardinality data, user interaction context, custom attributes, and debugging specific user-impacting behavior. Add an agent to the frontend and the trace has to carry agent identifiers, tool-call IDs, approval decisions, permission outcomes, state versions, and receipt IDs for every action executed on the client.

A good result from a tool running on the client is more than just “ok: true”. It needs to include information about the command that was executed, the state that the tool read, the permission that was opened, who approved the action, the change that was made, the actions that can be undone, and the trace id.

Own the client runtime before the agent does

The production checklist is straightforward.

Define client tools as code, which means typed contracts, not callback-style functions buried inside a component. Use the permission rules of the tool rather than heuristics in system prompts. Include the latest state version in each tool call so the client can reject stale requests. Route approvals through the product workflow with exact side-effect descriptions. Record a receipt for every client-executed action. Follow the execution path across browser, agent runtime, backend service, and external API. Build undo paths for actions that modify local or remote state. Someone has to own the interface.

Enterprise AI agents are leaving the server because the work was never only on the server. The work is in the messy middle where application state, user intent, approval, and side effects meet. This is where AI agent integration lives now.

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。