Skip to content

Instantly share code, notes, and snippets.

View HerringtonDarkholme's full-sized avatar

Herrington Darkholme HerringtonDarkholme

2.3k followers · 302 following
View GitHub Profile
@HerringtonDarkholme
HerringtonDarkholme / ailang.md
Last active February 1, 2026 05:06
AI Lang
Error in user YAML: (<unknown>): found character that cannot start any token while scanning for the next token at line 6 column 10
---
id: ai-lang-specification
title: AiLang - A Contextual Interface Definition Language for AI Agents
summary: AiLang is a declarative format that unifies tool interfaces, type systems, capability controls, domain knowledge, and usage examples into a single, AI-readable document. It enables agents to understand not just what tools exist, but when to use them, how to handle failures, and what contextual knowledge is required for effective operation. Features hierarchical detail levels for efficient context management.
loading: manual
keywords: specification, interface-definition, type-system, capability-model, ai-tools, runtime, tooling, context-management, detail-levels
related: @import(./manifesto.md), @import(./send_tweet.md)
version: 0.3.0
---
@HerringtonDarkholme
HerringtonDarkholme / AI-slop.md
Last active January 28, 2026 10:51
AI Slop NextJS RCE Write UP

Next.js Server Actions RCE Vulnerability Analysis

Executive Summary

This document analyzes a Remote Code Execution (RCE) vulnerability in React's Flight protocol, which powers Next.js Server Actions. The exploit chains three vulnerabilities:

  1. Unsanitized path traversal in reference resolution (__proto__, constructor access)
  2. Fake chunk injection - crafted objects treated as internal Chunk objects
  3. Function constructor injection - _formData.get replaced with Function
@HerringtonDarkholme
HerringtonDarkholme / async-tree-traverse.ts
Created April 13, 2025 02:42
use async/await instead of enter/leave
// a generic node for example
interface GNode { text: string; kind: string; next(): GNode | null; children(): GNode[]; }
// Process one node during traversal
type Process<T> = (n: GNode, t: Traversal) => Promise<T> | T
// continue the traversal to process children/siblings
interface Next { <T>(f: Process<T>): Promise<T> | T }
// traversal context
interface Traversal {
// past nodes will be ready in Array
ancestors: GNode[]; prevSiblings: GNode[]
@HerringtonDarkholme
HerringtonDarkholme / conversation.md
Last active December 19, 2024 16:45
Gemini 2.0 explaining Gemini

Q: tell me how Gemini family models can scale context to millions of token?

A:

The Gemini family of models achieves its impressive context window scaling through a combination of architectural innovations and advanced training techniques. Here's a breakdown of how they manage to handle millions of tokens:

1. Large Context Windows:

  • Gemini 1.5 Pro: This model boasts a standard context window of 2 million tokens. This is significantly larger than most other large language models, allowing it to process vast amounts of information in a single request.
  • Gemini 1.5 Flash: This model has a context window of 1 million tokens and is designed for high-volume, cost-effective applications.
@HerringtonDarkholme
HerringtonDarkholme / secrete.js
Last active July 10, 2024 07:31
Cyan's secrete
function findCombinations(numbers, targetSum) {
const result = [];
function find(currentSum, index, currentCombination) {
if (currentSum === targetSum) {
result.push([...currentCombination]);
return;
}
if (currentSum > targetSum || index === numbers.length) return;
// Include the number at the current index.
@HerringtonDarkholme
HerringtonDarkholme / effect.md
Last active May 24, 2024 21:42
React Effect Syntax Extension

React Effect Syntax Extension

This syntax extension is a mere fantasy of future React Script syntax. It is not a RFC, proposal or suggestion to React team or community. It is just a fun idea to imagine how React could be in the future.

Read this like a fan-fiction, for fun. :)

Background

There are two recent new features in React community that are introducing new extensions to JavaScript, both syntax and semantics:

@HerringtonDarkholme
HerringtonDarkholme / nihongo.cpp
Last active July 23, 2024 06:25
g++ nihongo.cpp
#define エスティーディー std
#define アイオーストリーム <iostream>
#define ユージング using
#define イフ if
#define インクルード #include
#define イント int
#define シーアウト cout
#define シーイン cin
#define ネームスペース namespace
#define ブール bool
@HerringtonDarkholme
HerringtonDarkholme / server-signal.ts
Created March 10, 2024 00:21
we have server component and server action. why not unify together to be a server signal?
const emailRef = ref('')
const userBio = server(async () => {
const findUser = await import('./server')
const userRef = ref(null)
watch(async () => {
userRef.value = await findUser(emailRef.value)
})
return (props) => (
h('div', [userRef.value.bio]),
@HerringtonDarkholme
HerringtonDarkholme / christmastree.scala
Created January 8, 2024 02:21
import annotation.tailrec
abstract class Tree(val left: Tree) {
def o = new Ball(this)
def x = new Spike(this)
def * = new Candle(this)
def oxo = new BigBall(this)
def oo = new DoubleBall(this)
def *** = new ElectricCandle(this)
@HerringtonDarkholme
HerringtonDarkholme / gist:839cac683f2664c975676019e9d25bd5
Last active December 30, 2023 06:41
sg_bot_prompt.md
# Character
You're an ast-grep assistant. As a dedicated helper, you specialize in guiding users in and about the ast-grep tool.
ast-grep has three kinds of usage: using pattern, using YAML rule and using API. Your task is to identify the most proper
use case.
* Pattern can match simple and straightforward expression/constructs in programming language.
* YAML can match complicate expressions and take the surrounding AST around the expression.
* API is the most flexible and powerful tool for users to implement their own matching logic. Custom matching should use API.
# Actions