𝚆𝚎𝚋𝚂𝚘𝚌𝚔𝚎𝚝 (and 𝚜𝚘𝚌𝚔𝚎𝚝.𝚒𝚘) now supported on Vercel, from CDN to Fluid. Special full circle moment for @vercel
现在 Vercel 已支持 𝚆𝚎𝚋𝚂𝚘𝚌𝚔𝚎𝚝(以及 𝚜𝚘𝚌𝚔𝚎𝚝.𝚒𝚘),覆盖从 CDN 到 Fluid。对 @vercel 来说,这真是一个特别的圆满时刻
The team cooked on performance. 'Everything the light touches' was optimized Simba. Painting, layout, WebGPU shaders, blocking scripts. Every frame scrutinized. The best part is that we'll be updating our with the lessons learned!
团队在性能方面下了狠功夫。凡是“阳光照到的每一处”,Simba 都做了优化。绘制、布局、WebGPU shader、阻塞脚本,全都涵盖。每一帧都经过仔细审视。最棒的是,我们还会用这些经验教训来更新我们的——!
Coding agents will squeeze every ounce of IKEA effect out of you, if you let them.
如果你放任 coding agent,它们会把你身上的每一分 IKEA effect 都榨得干干净净。
Happy Father's Day. Thankful to my dad who spent every last penny on buying our family 'the bicycle of the mind'
父亲节快乐。感谢我的父亲,把家里最后一分钱都花在给我们家买来“the bicycle of the mind”上。
Genuinely impressed, almost shocked, at how good GLM-5.2 by @zai_org is at coding. This changes things.
我真的对 @zai_org 的 GLM-5.2 在 coding(编程)方面有多厉害感到印象深刻,几乎可以说是震惊。这会改变很多事情。
The next hot programming language is… markdown. A minimal eve agent: 📂 𝚊𝚐𝚎𝚗𝚝/ 📄 𝚒𝚗𝚜𝚝𝚛𝚞𝚌𝚝𝚒𝚘𝚗𝚜.𝚖𝚍 📂 𝚜𝚔𝚒𝚕𝚕𝚜/ 📄 𝚢𝚘𝚞𝚛-𝚎𝚡𝚙𝚎𝚛𝚝𝚒𝚜𝚎.𝚖𝚍 Deployable in one command: 𝚟𝚎𝚛𝚌𝚎𝚕. It’s the most accessible programming has ever been. And likely will ever be, at least for the generation of software fully defined and controlled by us humans. (As a fun fact, one of the initial prototypes for eve was codenamed 𝚕𝚊𝚜𝚝 by @timolins, both in homage to ‘@nextjs for agents’ but also in recognition of how enduring eve’s design feels to us.)
下一个热门编程语言是……markdown。一个最小化的 eve agent:📂 𝚊𝚐𝚎𝚗𝚝/ 📄 𝚒𝚗𝚜𝚝𝚛𝚞𝚌𝚝𝚒𝚘𝚗𝚜.𝚖𝚍 📂 𝚜𝚔𝚒𝚕𝚕𝚜/ 📄 𝚢𝚘𝚞𝚛-𝚎𝚡𝚙𝚎𝚛𝚝𝚒𝚜𝚎.𝚖𝚍 只需一条命令即可部署:𝚟𝚎𝚛𝚌𝚎𝚕。这是编程有史以来最易于接触的时刻。并且很可能也将一直如此,至少对于那一代仍由我们人类完整定义并控制的软件而言是这样。(顺带一提,eve 的一个早期原型由 @timolins 命名为 𝚕𝚊𝚜𝚝,这既是在致敬“@nextjs for agents”,也体现了我们觉得 eve 的设计具有一种持久生命力。)
Agents are motivating so many healthy software habits. Open APIs, documentation (skills), tests (evals), Unix (CLIs), payment & commerce protocols, even wide 𝙰𝚌𝚌𝚎𝚙𝚝 use (markdown/json/html). The original vision of the WWW coming to life before our eyes.
Agents 正在推动许多健康的软件习惯。开放 API(应用程序编程接口)、文档(skills)、测试(evals)、Unix(CLIs)、支付与商业协议,甚至广泛使用 𝙰𝚌𝚌𝚎𝚙𝚝(markdown/json/html)。WWW 最初的愿景,正在我们眼前变成现实。
[1]
[1]
(Part of) the wonderful team that made Vercel SHIP London possible 🫶
让 Vercel SHIP London 得以成为现实的优秀团队中的一部分 🫶
React → Next.js → @aisdk is more relevant than ever, given the intense model competition landscape. Just today, GLM 5.2, an open model, surpassed Opus 4.8 in our Next.js Evals ( 🤯 But the world needs a practical solution for how to build and deploy agents. Just like React needed Next.js to solve the task of building an actual web application. And that's eve.
鉴于当下激烈的 model(模型)竞争格局,React → Next.js → @aisdk 这条演进路径比以往任何时候都更相关。就在今天,GLM 5.2 这个 open model(开放模型)在我们的 Next.js Evals 中超过了 Opus 4.8(🤯 但这个世界需要一个关于如何构建和部署 agent(智能体)的实用解决方案。就像 React 需要 Next.js 来解决构建一个真正的 web application(Web 应用)的任务一样。而这正是 eve。
Quick one to set the stage: ☑️ 30 minute function invocations 🆕 24 hour sandbox lifetimes
先快速交代一下背景:☑️ 30 分钟的 function 调用时长 🆕 24 小时的 sandbox 生命周期
v0 commits to shipping the best skills by default. Our goal is to give you the equivalent of a @vercel product engineer like @shuding and @shadcn on each prompt. But you can also now grab any skill from or add your team’s private set.
v0 承诺默认交付最佳的 skills。我们的目标是:在你的每一次 prompt 中,都相当于配备一位像 @shuding 和 @shadcn 这样的 @vercel 产品工程师。但现在,你也可以从任意 skill 集中获取 skill,或者添加你团队的私有 skill 集。
A sandbox A function A server A build Are you getting it!? These are all expressions of the same underlying compute infrastructure. With tweaks to load balancing, concurrency, persistence, overcommit… 2026 is the year serverless and servers finally converge. With no gotchas
一个 sandbox(沙箱) 一个 function(函数) 一个 server(服务器) 一个 build(构建) 你明白了吗!?这些其实都是同一底层计算基础设施的不同表现形式。只要对 load balancing(负载均衡)、concurrency(并发)、persistence(持久性)、overcommit(超额分配)等做一些调整……2026 将是 serverless(无服务器)与 servers(服务器)最终走向融合的一年。而且没有任何 gotchas(坑)。
One of our most requested features, longer Vercel function runtime, is here. What looks like an innocent tweak of a constant… is actually the conclusion a multi-year compute platform investment. Builds, Sandbox, and now Functions run on our homegrown microVM-based Fluid compute infrastructure. This investment has enabled innovations like function multi-concurrency, Active CPU pricing, and Secure Compute for private connectivity to existing cloud workloads… with lots more to come, in fact, in the coming days and weeks 😎
我们最常被请求的功能之一——更长的 Vercel function runtime(函数运行时长)——现在已经上线。看起来这只是对某个常量做了一个不起眼的调整……实际上,它是我们多年 compute platform(计算平台)投入的成果总结。Builds、Sandbox,以及现在的 Functions,都运行在我们自研的、基于 microVM 的 Fluid 计算基础设施之上。这项投入已经促成了诸如 function multi-concurrency(函数多并发)、Active CPU pricing(Active CPU 计费)以及用于私有连接到现有云工作负载的 Secure Compute 等创新……而且接下来还会有更多,实际上,就在未来几天和几周内 😎
My flight to London is Starlink-enabled 😭 The greatest advancement to air travel since the Wright brothers. God bless America
我飞往 London 的航班配备了 Starlink 😭 这是自 Wright brothers 以来航空旅行最伟大的进步。God bless America
has passed 700,000 skills. wild! all organic and community-driven. the open⎵ai ecosystem!
已经超过 700,000 个 skills 了。太夸张了!全部都是自然增长、由社区驱动的。这个开放的 ai 生态系统!
If you don’t love her at her foggiest, you don’t deserve at her sunniest
如果你不能在她最雾气蒙蒙的时候爱她,你也不配在她最阳光灿烂的时候拥有她
[1]
We just shipped 𝙷𝚊𝚛𝚗𝚎𝚜𝚜𝙰𝚐𝚎𝚗𝚝, a unified abstraction to orchestrate and integrate any agent’s “brain” into your app. @aisdk now frees you from both model and agent lock-in. (And it doesn’t just get you portability, it’s also delightful to use ofc!)
我们刚刚发布了 𝙷𝚊𝚛𝚗𝚎𝚜𝚜𝙰𝚐𝚎𝚗𝚝:这是一个统一的 abstraction(抽象层),可用来编排并集成任何 agent(智能体)的“brain”到你的 app 中。@aisdk 现在让你同时摆脱 model 和 agent lock-in(锁定)。(而且它带来的不只是 portability(可移植性),用起来也真的很顺手,ofc!)
Vercel + Shopify is too good… by @foda: ◾ 500+ orders processed in *2 minutes* ◾ Built with @v0 + @cursor_ai ◾ Fully custom @nextjs storefront on headless So long on the web. Anyone can now dream → build → ship → sell
Vercel + Shopify 实在太强了……作者 @foda:◾ 在 *2 分钟* 内处理了 500+ 笔订单 ◾ 使用 @v0 + @cursor_ai 构建 ◾ 在 headless(无头架构)上打造了完全自定义的 @nextjs storefront(店面前端) Web 的漫长周期结束了。现在任何人都可以从梦想 → 构建 → 发布 → 销售
🇬🇧 London calling Excited for Vercel Ship next week Some special announcements…
🇬🇧 London 在召唤,期待下周的 Vercel Ship,会有一些特别的公告……
What I love about Silicon Valley is that the future is up for grabs, ready for anyone to build. I get intros for angel investing to all kinds of people. I take everyone equally seriously. 2 lads & a dog, or a 5-time award-winning entrepreneur. No place more meritocratic.
我喜欢 Silicon Valley 的一点在于,未来仍有待争取,任何人都可以去创造。我会收到各种人的 angel investing(天使投资)引荐。我对每个人都一视同仁地认真看待。无论是 2 个小伙子和一条狗,还是一位 5 次获奖的创业者。没有哪个地方比这里更 meritocratic(任人唯贤)。
Vercel CLI now allows you to: ◾ create AI Gateway API keys ◾ pass a --𝚋𝚞𝚍𝚐𝚎𝚝 to cap their spend ◾ set a --𝚛𝚎𝚏𝚛𝚎𝚜𝚑-𝚙𝚎𝚛𝚒𝚘𝚍 for the quota Think of it as virtual credit cards for AI tokens 🤖💳
Vercel CLI 现在允许你:◾ 创建 AI Gateway API key ◾ 传入 --𝚋𝚞𝚍𝚐𝚎𝚝 来为其支出设置上限 ◾ 设置 --𝚛𝚎𝚏𝚛𝚎𝚜𝚑-𝚙𝚎𝚛𝚒𝚘𝚍 作为配额刷新周期 可以把它理解为 AI token(令牌)的虚拟信用卡 🤖💳
Opus wrote us a VM and then Mythos verified it
Opus 为我们写了一个 VM,然后 Mythos 对它进行了验证
Vercel AI Gateway recovers on average over 1T tokens a month 🤯 Much like Stripe recovers revenue with smart retries on failed payments or credit card updates. And we do it with 0️⃣ zero markup over the labs; adding redundancy, zero-data retention enforcement, observability, usage APIs, caps, …
Vercel AI Gateway 平均每月可挽回超过 1T tokens 🤯 很像 Stripe 通过对失败支付进行智能重试或更新信用卡信息来挽回收入。而且我们是在 labs 原价之上 0️⃣ 零加价的情况下做到这一点;同时还提供冗余、zero-data retention(零数据留存)强制执行、observability(可观测性)、usage APIs(用量 API)、上限控制,……
Agent filesystem state can now be read, written and mounted independently of Sandbox lifecycle. We’ve been developing a novel virtual storage infrastructure solution for all our compute products. Storage that’s decoupled, but attachable to Builds, Functions, Sandboxes & more.
现在,agent 的文件系统状态可以独立于 Sandbox 生命周期进行读取、写入和挂载。我们一直在为所有计算产品开发一种新颖的虚拟存储基础设施解决方案。这种存储与运行环境解耦,但可以挂载到 Builds、Functions、Sandboxes 等之上。
Shoutout to @andrewqu founder and CEO of 😁 you can just ship things
特别致敬 @andrewqu,😁 you can just ship things 的 founder 和 CEO。
Use the Skills API to make all your agents and platforms smarter. Think of it as the npm registry for agent capabilities and extensibility. Free and open.
使用 Skills API,让你的所有 agent 和平台都更智能。可以把它看作是用于 agent 能力与可扩展性的 npm registry。免费且开放。
Congrats Void team! We @vercel reaffirm our collaboration on an open platform for the web, with our investment in @nitrojsdev, open runtimes, and native support for Vite-based frameworks like Nuxt, Svelte, and TanStack Start 🫡
祝贺 Void 团队!我们 @vercel 通过投资 @nitrojsdev、推动开放 runtime,以及为基于 Vite 的框架(如 Nuxt、Svelte 和 TanStack Start)提供原生支持,重申我们在构建面向 web 的开放平台上的合作 🫡
Grok Imagine Video on @vercel AI Gateway – the top image-to-video model on
@vercel AI Gateway 上的 Grok Imagine Video——当前顶级的 image-to-video 模型,运行于
▲ + ❄️ Generating frontends on top of your business data is one of the killer apps of coding AI. The genie is out of the bottle. Never going back to clunky and rigid dashboards. @vercel already ran on Snowflake. But with @v0 and @nextjs, we’re now getting 1000x the value.
▲ + ❄️ 在你的业务数据之上生成 frontend,是 coding AI 最具杀手级应用潜力的场景之一。精灵已经出瓶了。我们再也不会回到那些笨重又僵化的 dashboard。@vercel 本来就已经跑在 Snowflake 上了。但有了 @v0 和 @nextjs,我们现在获得的价值高出了 1000 倍。
YES-CODE An entire category of software, "no-code", was built under the presumption that code is expensive, difficult, and scarce. Coding agents have forever changed the equation. Code is now cheap, easy, and abundant. I remember @cramforce being asked by an analyst long ago: "soo, is @vercel like a no-code platform?" Without hesitation he goes "no, it's the absolute opposite. It's a yes-code platform." 😁 A key thing we set out to do was to be uncompromising in quality and sophistication of the things you could host. No-code solutions took shortcuts and set hard ceilings, typically on performance and sophistication. Our mission is to create the easiest cloud for agents that you never graduate from. PS: welcome to Vercel!
YES-CODE 有整整一类软件——“no-code”——是建立在这样一个前提之上的:code 很昂贵、很困难、也很稀缺。coding agents 永远地改变了这个等式。现在,code 变得便宜、容易,而且充沛。我记得很久以前,有位分析师问 @cramforce:“所以,@vercel 算是一个 no-code platform 吗?” 他毫不犹豫地回答:“不,它恰恰相反。它是一个 yes-code platform。” 😁 我们从一开始就想做的一件关键事情,是对你能托管的东西的质量和复杂度绝不妥协。no-code 方案会走捷径,并设下很硬的上限,通常体现在性能和复杂度上。我们的使命,是为 agents 打造最容易使用、而且你永远不需要“毕业离开”的 cloud。附:欢迎来到 Vercel!
This is what education in the age of AI looks like. Start with the language: the linguistic surface is your roadmap. Much like an SDK has a set of function definitions, human language is the new API to the world. It also always has been… there's never been an expert in any field without mastery over its language. The distinction is that English alone could not produce tangible things. You had to translate it into machine instruction, through learning or delegation to others. You can now go direct.
这就是 AI 时代的教育应有的样子。先从语言开始:语言层面的表面结构就是你的路线图。就像一个 SDK 会有一组函数定义一样,人类语言正在成为通向世界的新 API(应用程序接口)。其实它一直都是……任何领域里从来都不存在那种不掌握该领域语言却能成为专家的人。区别在于,单靠 English 过去并不能产出有形的东西。你必须把它翻译成机器指令,要么自己学会,要么委托给别人。现在你可以直接到达那一步了。
Conductor has the distinct edge of being an IDE born for coding agents. An ADE if you will. Agents will take remote dev mainstream. At most large and sensitive organizations, “local” isn’t a thing. But this future wasn’t evenly distributed. Excited to power their Sandbox!
Conductor 的一个鲜明优势在于,它是一个专为 coding agents 而生的 IDE。或者如果你愿意,也可以叫它 ADE。Agents 将把 remote dev 带入主流。在大多数大型且敏感的组织里,“local” 根本不是一回事。但这个未来的分布并不均匀。很高兴为他们的 Sandbox 提供支持!
Unclear if a durable trend, but CEOs and CTOs are back to coding with a fury, thanks to coding agents. I have public company CEOs sliding into my DMs (and “InMail”) telling me about falling in love with shipping software again thanks to Claude Code and Vercel. “Dream accounts” that we always wanted to work with, where in the past the C-suite would hardly understand the infrastructure until much later in the game. Coding agents are the ultimate PLG-fication of the enterprise. Bad, legacy software can’t hide anymore. The stack that works is self-evident to the entire organization, from intern to CEO.
这是不是一种持久趋势还不清楚,但多亏了 coding agents,如今 CEOs 和 CTOs 又开始火力全开地写代码了。我有一些上市公司 CEO 直接滑进我的私信(以及“InMail”)里,告诉我多亏了 Claude Code 和 Vercel,他们又重新爱上了交付软件(shipping software)。还有那些我们一直梦寐以求想合作的“dream accounts”,过去在这类客户里,C-suite 往往要到项目进行到很后面,才勉强理解底层基础设施。Coding agents 是企业领域最彻底的 PLG-fication。糟糕的 legacy software 再也藏不住了。真正有效的技术栈(stack)对整个组织来说都变得一目了然,从 intern 到 CEO 都看得清清楚楚。
Ship the best product. Use lots of AI, some AI, maybe no AI. Just be the best.
做出最好的产品。可以大量使用 AI,也可以只用一些 AI,甚至完全不用 AI。关键是:只要做到最好。
Next.js Night · AMS 🇳🇱 · June 11 Learn what’s next + meet the team + share feedback
Next.js Night · AMS 🇳🇱 · 6 月 11 日 了解下一步的新进展 + 见见团队 + 分享反馈
Feedback is a gift. Critical feedback doubly so.
反馈是一份礼物,而批判性的反馈更是加倍珍贵。
This will bring AI to 42% of the web. Every model, every provider, every modality (text, image, video, audio).
这将把 AI 带到 42% 的 web(网络)上。每一个 model(模型)、每一个 provider(提供方)、每一种 modality(模态:text、image、video、audio)。
We’re shipping a CDN pricing model that “smooths over” traffic spikes and viral events. This allows us to remove stress and surprises, with uncompromising quality and network performance. Predictability without slow routes, degraded PoPs, or priority bandwidth tiers.
我们正在推出一种 CDN 定价模型,用来“平滑处理”流量高峰和爆火传播事件。这样一来,我们就能在丝毫不妥协质量与网络性能的前提下,消除压力和意外情况。实现可预测性,而不需要慢速路由、性能降级的 PoP,或分级优先带宽。
Claude Managed Agents 🤝 Vercel Sandbox
Claude Managed Agents 🤝 Vercel Sandbox
This is so cool: rerun.io Stack: @sveltejs / @threejs / @vercel
这太酷了:rerun.io 技术栈:@sveltejs / @threejs / @vercel
All Firewall mitigations are now fully free on @vercel. Not just DDoS and system-level mitigations, but also any rule you configure. Vercel now absorbs the computational and network costs of any size of attack or traffic mitigation for your peace of mind. (And more to come!)
现在,@vercel 上所有 Firewall(防火墙)缓解措施都已完全免费。不只是 DDoS 和系统级缓解,也包括你自行配置的任何规则。现在,无论攻击或流量缓解的规模有多大,Vercel 都会承担相应的计算和网络成本,让你更安心。(而且后面还会有更多!)
A 𝚏𝚒𝚛𝚎𝚠𝚊𝚕𝚕 your agents will love. One of the coolest things about Vercel’s Firewall is how hard the team worked on instant global propagation (~300ms). Imagine if 𝚒𝚙𝚝𝚊𝚋𝚕𝚎𝚜 took *minutes* to propagate? That’s the average industry CDN/WAF experience!
一个你的 agent(智能代理)一定会喜欢的 𝚏𝚒𝚛𝚎𝚠𝚊𝚕𝚕。Vercel 的 Firewall 最酷的一点之一,就是团队为“即时全球传播”下了很大功夫(约 300ms)。你可以想象一下,如果 𝚒𝚙𝚝𝚊𝚋𝚕𝚎𝚜 的传播要花上 *几分钟* 会怎样?这恰恰就是行业里一般 CDN/WAF 体验的平均水平!
Grok CLI has great support for Plugins and Skills. Installing the Vercel Plugin gives Grok cloud deployment superpowers. Watch this creative coding website be generated with Grok and hosted seamlessly on Vercel ↓
Grok CLI 对 Plugins 和 Skills 的支持非常出色。安装 Vercel Plugin 之后,Grok 就拥有了云端部署的超能力。看看这个创意编程网站如何由 Grok 生成,并无缝托管到 Vercel 上 ↓
Vercel protects your agents' deployments behind SSO like @Okta. Even Production ones, giving you a secure 'intranet' of apps generated with @v0, Codex, Claude, etc. It's all fun and games until your agent gets 𝟺𝟶𝟷 𝚄𝚗𝚊𝚞𝚝𝚑𝚘𝚛𝚒𝚣𝚎𝚍 from the deployment *it just made* though 😂 The solution: 𝚟𝚎𝚛𝚌𝚎𝚕 𝚌𝚞𝚛𝚕. By just prefixing 𝚟𝚎𝚛𝚌𝚎𝚕 or 𝚟𝚌 you unblock your agent and yourself to easily 𝚌𝚞𝚛𝚕 any URL you have access to within the Vercel ecosystem.
Vercel 会用像 @Okta 这样的 SSO(单点登录)把你的 agents 的部署保护起来。甚至包括 Production 环境的部署,从而为你提供一个由 @v0、Codex、Claude 等生成应用构成的安全“intranet(内联网)”。不过,乐子归乐子,要是你的 agent 被它自己刚刚创建的部署返回一个 𝟺𝟶𝟷 𝚄𝚗𝚊𝚞𝚝𝚑𝚘𝚛𝚒𝚣𝚎𝚍,那就尴尬了 😂 解决方案是:𝚟𝚎𝚛𝚌𝚎𝚕 𝚌𝚞𝚛𝚕。只要在命令前加上 𝚟𝚎𝚛𝚌𝚎𝚕 或 𝚟𝚌 作为前缀,你和你的 agent 就都能被“解锁”,从而轻松 𝚌𝚞𝚛𝚕 任何你在 Vercel ecosystem 中有权访问的 URL。
If you become exceptional at managing agents, but are also exceptional in your understanding of the fundamentals, you will be unstoppable. We all prefer to work with masters of their craft. What’s new: you can’t afford to miss out on the amplification agents have on your output
如果你在管理 agents 方面变得非常出色,同时对基础原理的理解也同样非常扎实,那么你将势不可挡。我们都更愿意与精通自己技艺的大师共事。新的现实是:你承受不起错过 agents 对你产出所带来的放大效应。
You can just render images on the terminal btw: ▲ ~/ npx ai-cli image 'a vercel ai sdk diagram' Run 𝚗𝚙𝚖 𝚒 -𝚐 𝚊𝚒-𝚌𝚕𝚒 and access every image, video & text model from @vercel AI Gateway instantly
顺便说一句,你完全可以直接在 terminal 里渲染图片:▲ ~/ npx ai-cli image 'a vercel ai sdk diagram' 运行 𝚗𝚙𝚖 𝚒 -𝚐 𝚊𝚒-𝚌𝚕𝚒,即可立刻通过 @vercel AI Gateway 访问所有 image、video 和 text model
Moms are the bedrock of civilization. I’m very thankful to my mom who put herself through engineering school in Argentina and set the bar so high for her children. Happy Mother’s Day!
妈妈们是文明的基石。我非常感谢我的妈妈——她在 Argentina 一边自力完成 engineering school(工程学院)学业,一边为她的孩子们把标准树立得如此之高。母亲节快乐!
𝚗𝚙𝚡 𝚍𝚎𝚎𝚙𝚜𝚎𝚌 We're introducing an open-source agent orchestrator for deep security reviews. We built it for internal use, and after running it against some major OSS projects, we gained conviction to share it with the world. Coding agents can now find critical vulnerabilities in minutes that would take teams of people months (if they can spot them at all). Since 𝚍𝚎𝚎𝚙𝚜𝚎𝚌 is optimized to work with Vercel Sandbox, you can effectively harness the power of thousands of agents scrutinizing your codebase in parallel. I encourage you to try this on your repositories. BTW: If you run an OSS project and want us to sponsor a run, my DMs are open.
𝚗𝚙𝚡 𝚍𝚎𝚎𝚙𝚜𝚎𝚌:我们推出了一个用于深度安全审查的开源 agent 编排器(orchestrator)。我们最初是为内部使用而构建它的;在将它运行到一些大型 OSS 项目之后,我们更加确信值得把它分享给全世界。如今,coding agents 可以在几分钟内发现关键漏洞,而这类问题原本可能需要团队花上数月才能找出来——前提还是他们最终能发现。由于 𝚍𝚎𝚎𝚙𝚜𝚎𝚌 针对 Vercel Sandbox 做了优化,你实际上可以并行调动成千上万个 agent 来审查你的代码库。我鼓励你在自己的仓库上试试它。顺便一提:如果你在运营一个 OSS 项目,并且希望我们赞助一次运行,欢迎私信我。
𝚗𝚙𝚡 𝚍𝚎𝚎𝚙𝚜𝚎𝚌 We're introducing an open-source agent orchestrator for deep security reviews. We built it for internal use, and after running it against some major OSS projects, we gained conviction to share it with the world. Coding agents can now find critical vulnerabilities in minutes that would take teams of people months (if they can spot them at all). Since 𝚍𝚎𝚎𝚙𝚜𝚎𝚌 is optimized to work with Vercel Sandbox, you can effectively harness the power of thousands of agents scrutinizing your codebase in parallel. I encourage you to try this on your repositories. BTW: If you run an OSS project and want us to sponsor a run, my DMs are open.
𝚗𝚙𝚡 𝚍𝚎𝚎𝚙𝚜𝚎𝚌:我们推出了一个用于深度安全审查的开源 agent 编排器(orchestrator)。我们最初是为内部使用而构建它的;在将它运行到一些大型 OSS 项目之后,我们更加确信值得把它分享给全世界。如今,coding agents 可以在几分钟内发现关键漏洞,而这类问题原本可能需要团队花上数月才能找出来——前提还是他们最终能发现。由于 𝚍𝚎𝚎𝚙𝚜𝚎𝚌 针对 Vercel Sandbox 做了优化,你实际上可以并行调动成千上万个 agent 来审查你的代码库。我鼓励你在自己的仓库上试试它。顺便一提:如果你在运营一个 OSS 项目,并且希望我们赞助一次运行,欢迎私信我。
Asked @v0 what it would look like if @vercel shipped @github 😁 (2 prompts)
我问了 @v0:如果 @vercel 推出了 @github,它看起来会是什么样子 😁(2 个 prompt)
We're growing the Vercel Labs team. Our mission is to build the devtools of the AI era. We used to build tools for humans, now we're building them for agents. @ctatedev & team have shipped the tools that agents love: 𝚊𝚐𝚎𝚗𝚝-𝚋𝚛𝚘𝚠𝚜𝚎𝚛, 𝚙𝚘𝚛𝚝𝚕𝚎𝚜𝚜, 𝚜𝚔𝚒𝚕𝚕𝚜, 𝚌𝚑𝚊𝚝, 𝚓𝚞𝚜𝚝-𝚋𝚊𝚜𝚑, 𝚓𝚜𝚘𝚗-𝚛𝚎𝚗𝚍𝚎𝚛… 22.8M+ downloads to date. Dream job. DMs open 😀
我们正在扩充 Vercel Labs 团队。我们的使命是打造 AI 时代的 devtools(开发工具)。我们过去为人类构建工具,现在则在为 agents(智能体)构建工具。@ctatedev 和团队已经推出了 agents 喜爱的工具:𝚊𝚐𝚎𝚗𝚝-𝚋𝚛𝚘𝚠𝚜𝚎𝚛、𝚙𝚘𝚛𝚝𝚕𝚎𝚜𝚜、𝚜𝚔𝚒𝚕𝚕𝚜、𝚌𝚑𝚊𝚝、𝚓𝚞𝚜𝚝-𝚋𝚊𝚜𝚑、𝚓𝚜𝚘𝚗-𝚛𝚎𝚗𝚍𝚎𝚛……迄今下载量已超过 22.8M。这是理想工作。欢迎私信 😀
I’m so encouraged by the way our team and industry peers have shown up to protect the internet. We’ve now shipped over 20 product improvements across Dashboard and CLI to help your security posture. Easier to set up MFA, audit your Environment Variables, Activity logs and more
我深受鼓舞,因为我们的团队和业内同行都挺身而出,共同保护互联网。我们现在已经在 Dashboard 和 CLI 上发布了 20 多项产品改进,以帮助提升你的安全态势。包括更容易设置 MFA(多因素认证)、审计你的 Environment Variables(环境变量)、查看 Activity logs(活动日志)等等
Getting lots of questions about how to learn more about the incident. We're actively maintaining the security bulletin. That's the source. The bulletin includes security best practices to take out of an abundance of caution. To reiterate, we directly contacted all Vercel customers that we believe to be impacted by the IOC shared in the bulletin. One misconception we've seen that I need to call out. Deletion (e.g.: of an env var, project, account…) does not imply Rotation. Rotating keys means *invalidating* the previous value with the vendor/service you're using, and getting a new one. Do that. i.e.: if you only delete the resource on the Vercel side, the associated key can "live on" with the other provider, and be mis-used
很多人都在问,怎样才能进一步了解这次 incident(安全事件)。我们正在持续维护 security bulletin(安全公告)。那就是信息来源。公告中还包含一些出于极度谨慎而建议采取的安全最佳实践。再次重申,我们已经直接联系了所有我们认为受到公告中共享的 IOC(妥协指标)影响的 Vercel 客户。我们看到的一个误解,我必须特别指出:Deletion(删除,例如删除某个 env var、project、account……)并不等于 Rotation(轮换)。Rotating keys 的意思是:在你所使用的 vendor/service 那里,将旧的值*作废*,并获取一个新的。请务必这样做。也就是说:如果你只是在 Vercel 一侧删除了相关资源,那么对应的 key 仍可能在另一个 provider 那里“继续有效”,并被滥用