Generic "summarize this conversation" loses the bits the agent needs to keep working. Mature systems enumerate preservation rules.
Insights (17)
One non-obvious trick per card. The clever bits that don't fit a textbook chapter: cache breakpoints, early-stop streaming, mailbox patterns, the small choices that shape an entire agent.
Come here when you want to be surprised. Filter by concept, project, difficulty, or tag — URL-driven so views are bookmarkable.
Decouples the agent's loop from its expertise. Domain experts contribute via PR; the loop almost never changes; the library evolves weekly.
Two pentest reports describing the same SQL injection with different payloads aren't textually similar — but they should dedupe. Hashing fails; LLM reasoning works.
Survives every refactor, no marker objects to remember to add. Lets dozens of contributors compose one prompt without breaking cross-org cache reuse.
A free 10-20% cost reduction per agent step. Compounds across hundreds of steps in a session.
A specific failure mode (empty response with temp=0) has a specific cheap fix. Worth knowing because it's not in any tutorial.
Lose this and the model re-thinks every turn (cost spike) or you crash on model switch with an opaque signature error.
User-toggleable flags that live in the system prompt would bust 50-70K cache tokens on every toggle. Latching trades UX flexibility for a 10× cost cut.
For one-process multi-agent coordination, plain Python dicts are the right answer. No Redis, no broker, no race conditions you need locks for.
A pentest agent that can be talked out of scope is dangerous. Putting scope in the locked system prompt — not the message log — defeats prompt injection.
A spend cap that hard-stops a session at the limit is a guardrail people disable. One that denies tool calls only while you're on an expensive model — and clears the moment you switch to a cheaper one — keeps the user in control and stays switched on.
To orchestrate Claude Code, Codex, Cursor and friends without forking any of them, you integrate at whatever seam each one already exposes — not a uniform interface you wish they all had.
When delegation, cross-agent review, and even a web fetch all reduce to 'post to a child conversation and await the inbox,' every sub-task becomes shareable, resumable, and forkable for free — with no per-feature plumbing.
A sandboxed agent often needs to call GitHub or an LLM API, which usually means handing it a token it could exfiltrate. If a MITM egress proxy injects the real credential outbound on the parent side, nothing credential-shaped ever crosses the isolation boundary — so there is nothing in the sandbox to leak.
If a deployment policy returning 'allow' also auto-approves the action, it silences the user's own consent prompt — collapsing two independent questions into one. Returning 'no opinion' keeps an org able to block but never to silently approve on the human's behalf.
The common AI-editing UX parks the model's output in a staging area for diff approval. OpenKnowledge instead lands agent edits directly into the same CRDT document a human is editing live — then makes review an after-the-fact, per-author operation.
If attribution lives in a separate log, it drifts from reality. OpenKnowledge makes every agent edit a real git commit on a per-author ref, with the agent's identity in the footer — so 'who changed what' is the storage format, not a side-channel.