Tools

Bruno is an open-source desktop alternative to Postman and Insomnia for API testing, development and debugging. It aims to provide superior collaboration, privacy and security with its simple offline-only design. Collections are stored directly in your filesystem — written in a custom plain text markup language, Bru Lang, and can be shared with Git or a version control tool of your choice to collaborate. Bruno is available both as a desktop app and a CLI tool. It also offers an official VS Code extension, with plans for additional IDE support. Bruno has become the default choice for several Thoughtworks teams, but we also advise teams to be on guard when working under VPN and proxy environments, since requests made in such conditions have been reported to fail unexpectedly.

K9s has improved its visualization capabilities by integrating more detailed graphs and views. It now offers better representation of logs and metrics and is more flexible in how it displays custom resources (CRDs). The operations on pods have been expanded and include greater integration with debugging tools (e.g., kubectl debug) and enhanced support for multi-cluster environments. Support for CRDs has significantly improved and now provides better navigation and management of these resources as well as smoother interaction with custom resources. The shortcuts panel has also been enhanced to make it more accessible for developers who are less experienced with kubectl. This is a significant improvement, as K9s initially focused primarily on DevOps teams.

SOPS is an editor of encrypted files that supports various file formats of encrypts with KMS. Our advice when it comes to secrets management has always been to decouple it from source code. However, when faced with a choice between full automation (in the spirit of infrastructure as code) and a few manual steps (using tools like vaults) for managing, seeding and rotating seed secrets, teams often face a tradeoff. For example, our teams use SOPS to manage seed credentials for bootstrapping infrastructure. In some situations, however, it's impossible to remove secrets from legacy code repositories. In those instances, we use SOPS to encrypt secrets in text files. SOPS integrates with cloud-managed keystores such as AWS and GCP Key Management Service (KMS) or Azure Key Vault as sources of encryption keys. It also works cross-platform and supports PGP keys. Several of our teams use SOPS by default when they have to manage secrets in the code repository.

We've highlighted visual regression testing tools before and have observed their algorithms evolve from primitive pixel-level comparison to sophisticated pattern-matching and optical character recognition (OCR). Early visual regression tools generated many false positives and were only useful in later stages of development when the interface became stable. BackstopJS avoids this problem by configuring selectors and viewports to pinpoint visual tests to specific elements on the page. But machine learning has made it easier to detect and compare visual elements more accurately, even if they happen to have moved or contain dynamic content. These tools have become steadily more useful and are well-positioned to take advantage of the latest developments in AI and machine learning. Several commercial tools such as Applitools and Percy now claim to use AI in their visual regression tests. One of our teams has been using Applitools Eyes extensively and have been happy with the results. Although visual regression tests are no substitute for well-written end-to-end functional tests, they're a valuable addition to the testing toolbox. We're moving them to adopt because they have become a safe default option as one element in a comprehensive UI test strategy.

Wiz has emerged as the cloud security platform of choice on many of our projects. Our teams appreciate that it enables them to detect risks and threats sooner than similar tools as it continuously scans for changes. Wiz can detect and alert on misconfigurations, vulnerabilities and leaked secrets both in artifacts that have yet to be deployed to live environments (container images, infrastructure code) as well as live workloads (containers, VMs and cloud services). We also appreciate the powerful reporting capability for both development teams and leadership. This analysis helps us understand how a vulnerability can affect a given service so that we can resolve issues in that context.

AWS Control Tower continues to be our go-to choice for managing AWS accounts in a multi-team environment. It provides a convenient mechanism to preconfigure security and compliance controls that will be automatically applied to new landing zones. This is an example of "compliance at the point of change" because the controls are applied and verified whenever new infrastructure is created, eliminating the need for manual compliance checks later on. AWS Control Tower Account Factory for Terraform (AFT) has continued to evolve since our last volume and is now available in more AWS regions. AFT allows Control Tower accounts to be provisioned by an infrastructure-as-code pipeline. We like that AFT can be customized to send webhooks or take specific actions to integrate safely and securely with external tools like GitHub Actions. Our teams have reported great results using AWS Control Tower to manage accounts, but we do wish AWS would accept community contributions to the project when there are opportunities for enhancement.

For teams practicing continuous integration it's important to be aware of the state of the central build on the continuous integration (CI) system. Before the pandemic, dashboards on large TV screens in the team rooms provided this information at a glance. With remote working here to stay, a solution is needed that works on individual developer workstations. For the Mac that niche is covered by CCMenu, a small app written by a Thoughtworker. Originally part of CruiseControl, it works with all servers that can provide information in cctray format, including Jenkins and TeamCity. A recent rewrite has added support for GitHub Actions and paved the way for deeper integration with more CI servers and authentication styles.

ClickHouse is an open-source, columnar online analytical processing (OLAP) database for real-time analytics. It started as an experimental project in 2009 and has since matured into a highly performant and linearly scalable analytical database. Its efficient query processing engine together with data compression makes it suitable to run interactive queries without pre-aggregation. ClickHouse is also a great storage choice for OpenTelemetry data. Its integration with Jaeger allows you to store massive volumes of traces and analyze them efficiently.

Despite advances in development tooling, maintaining consistent local development environments remains a challenge for many teams. Onboarding new engineers often entails running commands or custom scripts that can fail unpredictably across different machines and result in inconsistencies. To solve this challenge, our teams have increasingly relied on Devbox. Devbox is a command-line tool that provides an approachable interface for creating reproducible, per-project local development environments, leveraging the Nix package manager without using virtual machines or containers. It has notably streamlined their onboarding workflow because once it has been configured for a codebase, it takes one CLI command (devbox shell) to reproduce the defined environment on a new device. Devbox supports shell hooks, custom scripts and devcontainer.json generation for integration with VSCode.

Difftastic is a tool for highlighting differences between code files in a syntax-aware way. This is quite different from textual diffing tools, like the venerable Unix diff command. For example, Difftastic will ignore newlines inserted to break up long statements in languages like Java or TypeScript that are semicolon delimited. The tool only highlights changes that impact the syntax of the program. It does this by first parsing the files into abstract syntax trees and then computing the distance between them using Dijkstra's algorithm. We've found Difftastic to be particularly useful for understanding changes when reviewing large codebases. Difftastic can be used on any programming language for which a parser is available and out of the box supports more than 50 programming languages as well as structured text formats like CSS and HTML. This isn't a new tool, but we thought it was worth calling attention to in the age of LLM coding assistants where human-in-the-loop reviews of ever larger codebases are increasingly critical.

LinearB, a software engineering intelligence platform, has empowered our engineering leaders with data-driven insights to support continuous improvement. It aligns key areas such as benchmarking, workflow automation and targeted investments in enhancing developer experience and productivity. Our experience with LinearB highlights its ability to foster a culture of improvement and efficiency within engineering teams. Our teams have used the platform to track key engineering metrics, identify areas for enhancement and implement evidence-based actions. These capabilities align well with LinearB’s core value proposition: benchmarking, automating metric collection and enabling data-driven improvements. LinearB integrates with source code, application lifecycle, CI/CD and communication tools and uses both preconfigured and custom engineering metrics to provide comprehensive quantitative insights into developer experience, productivity and team performance. As advocates of DORA, we appreciate LinearB’s strong emphasis on these specific metrics and its ability to measure key aspects of software delivery performance, which are essential for improving efficiency. Historically, teams have faced challenges in gathering DORA-specific metrics, often relying on complex custom dashboards or manual processes. LinearB continues to offer a compelling solution that automates the tracking of these metrics and delivers real-time data that supports proactive decision-making around developer experience, productivity and predictability.

pgvector is an open-source vector similarity search extension for PostgreSQL, allowing the storage of vectors alongside structured data in a single, well-established database. While it lacks some advanced features of specialized vector databases, it benefits from ACID compliance, point-in-time recovery and other robust features of PostgreSQL. With the rise of generative AI-powered applications, we see a growing pattern of storing and efficiently searching embedding vectors for similarities, which pgvector addresses effectively. With pgvector’s growing use in production environments, especially where teams are already using a cloud provider that offers managed PostgreSQL, and its proven ability to meet common vector search needs without requiring a separate vector store, we're confident in its potential. Our teams have found it valuable in projects comparing structured and unstructured data, demonstrating its potential for broader adoption, and we're therefore moving it to the Trial ring.

Snapcraft is an open-source command-line tool for building and packaging self-contained applications called snaps on Ubuntu, other Linux distributions and macOS. Snaps are easy to deploy and maintain across hardware platforms, including Linux machines, virtual environments and vehicle on-board computer systems. While Snapcraft offers a public app store for publishing snaps, our teams use the build tool to package the autonomous driving system as a snap without publishing it to the public app store. This allows us to build, test and debug the embedded software system locally while publishing it to an internal artifact repository.

Spinnaker is an open-source continuous delivery platform created by Netflix. It implements cluster management and deployment of baked images to the cloud as first-class features. We like Spinnaker's opinionated approach for deploying microservices. In previous editions, we noted its inability to configure pipelines as code, but that has been addressed with the addition of the spin CLI. Even though we don't recommend Spinnaker for simple CD scenarios, it has become a tool of choice for many in complex situations with equally complex deployment pipelines.

TypeScript OpenAPI (or tsoa) is an alternative to Swagger for generating OpenAPI specs from your code. It’s code-first, with TypeScript controllers and models as the single source of truth and uses TypeScript annotations or decorators rather than requiring more complex files and configurations when using OpenAPI tooling for TypeScript. It generates both 2.0 and 3.0 API specifications and routes can be generated for Express, Hapi and Koa. If you're writing APIs in TypeScript, this project is worth taking a look at.

Although using the simplest feature toggle possible remains our recommended approach, scaling teams and faster development make managing hand-crafted toggles more complex. Unleash is an option widely used by our teams to address this complexity and enable CI/CD. It can be used either as a service or self-hosted. It provides SDKs in several languages with a good developer experience and friendly UI for administration. Although there’s no official support for the OpenFeature specification yet, you can find community-maintained providers for Go and Java. Unleash can be used for simple feature toggles as well as segmentation and gradual rollouts, making it a suitable option for feature management at scale.

Astronomer Cosmos是一个为 Airflow 设计的插件，旨在为 dbt core 工作流提供更原生的支持。安装该插件后，当使用 DbtDag 包装 dbt 工作流时，它将 dbt 节点转换为 Airflow 任务/任务组，使工程师能够直接在 Airflow UI 中可视化 dbt 依赖图及其执行进度。它还支持使用 Airflow 连接代替 dbt 配置文件，从而可能减少配置扩散。我们正在试验该工具，探索它在 Airflow 中与 dbt 更无缝集成的潜力。

ColPali是一款新兴工具，利用 视觉语言模型实现 PDF 文档检索，旨在解决从包含图像、图表和表格的多媒体文档中提取数据的难题，这对于构建强大的检索增强生成 (RAG) 应用至关重要。与依赖文本嵌入或光学字符识别（OCR）技术的传统方法不同，ColPali 处理整页 PDF 文档，使用视觉 Transformer 创建嵌入，综合考虑文本和视觉内容。这种整体方法不仅提高了文档检索的效果，还增强了对为何检索到特定文档的推理能力，大大提升了 RAG 在数据丰富的 PDF 文档中的表现。我们已经在多个客户项目中测试了 ColPali，结果显示出很大的潜力，但该技术仍处于早期阶段。对于拥有复杂视觉文档数据的组织来说，值得考虑进行评估。

AI 辅助编程工具的竞赛仍在继续，而其中最引人注目的一个就是 Cursor。Cursor 是一个以 AI 为核心的代码编辑器，旨在通过深度整合 AI 到编码工作流中来提升开发者的生产力。虽然我们在之前的雷达评估中已经关注到它，但显然，Cursor 近期的持续改进已为其带来了质的飞跃。在我们的使用中，Cursor 展现了基于现有代码库的强大上下文推理能力。尽管其他 AI 代码工具如 GitHub Copilot 已经可以围绕代码片段进行代码生成或协作，Cursor 的多行和多文件编辑操作让它脱颖而出。Cursor 是基于 VSCode 代码库分叉开发的，提供了一种符合开发者直觉的快速且直观的交互方式。通过快捷键 ctrl/cmd+K 和 ctrl/cmd+L 即可完成强大的操作。Cursor 在 AI 编程工具的竞赛中引领了新一轮的竞争，尤其是在开发者交互和代码库理解方面更为突出。

Data Mesh Manager 提供了典型 data mesh 平台的元数据层。它特别关注数据产品的定义以及使用 OpenContract 倡议规范数据契约，并可以通过相关的 DataContract CLI 集成到构建管道中。该应用还提供了数据目录，用于发现和探索数据产品及其元数据，并允许进行联邦治理，包括定义数据质量指标和管理数据质量规则。作为该领域的首批原生工具之一，它不仅仅是试图将现有平台改造为数据网格范式。

尽管Git 的 功能强大且实用，但其命令行界面在管理多个分支和提交暂存方面以复杂性著称。GitButler 是一个 Git 客户端，它提供了图形界面，旨在简化这一过程。GitButler 通过独立于 Git 跟踪未提交的文件更改，并将这些更改暂存到虚拟分支中来实现这一目标。有人可能会认为这是对不应存在的问题的解决方案；如果你经常进行小规模更改并频繁推送到主干，就不需要多个分支。然而，当你的工作流程涉及 pull request（PR）时，分支结构可能会变得复杂，尤其是在 PR 合并之前有较长的审查周期时。为了解决这个问题，GitButler 还与 GitHub 集成，允许你选择性地将更改分组为 pull request，并直接从该工具发出。GitButler 是旨在管理 PR 流程中固有复杂性的工具中又一新增选项。

JetBrains AI Assistant是一款为所有JetBrains IDE 提供支持的编码助手，旨在顺畅集成以支持代码补全、测试生成和风格指南遵循。它基于 OpenAI 和Google Gemini 等模型，因其能够记住编码风格并在后续会话中保持一致性输出而脱颖而出。我们的开发人员发现其测试生成功能特别有用，并指出它在处理较长输出时没有稳定性问题。然而，与一些竞争对手不同，JetBrains 没有托管自己的模型，这对于担心第三方数据处理的客户可能并不适用。尽管如此，该工具与 JetBrains IDE 的集成使其成为探索 AI 驱动编码助手的团队的一个有前景的选择。

在多语言环境中工作的开发人员经常发现自己需要管理多个不同语言和工具的版本。 mise旨在解决这个问题，提供一个工具来替代 nvm, pyenv、pyenv、rbenv、rustup 等工具，并且可以作为 asdf的直接替代品。Mise 是用 Rust 编写的，以提高 shell 交互的速度；与使用基于 shell 的 shim 的 asdf 不同，mise 预先修改 PATH 环境变量，从而直接调用工具运行时。这也是 mise 比 asdf 更快的部分原因。对于那些已经熟悉 asdf 的开发人员，mise 提供了相同的功能，但有一些关键区别。由于是用 Rust 编写的，mise 更快，并且拥有一些 asdf 所没有的功能，例如能够同时安装同一工具的多个版本，以及更宽容的命令，包括模糊匹配。它还提供了一个集成的任务运行器，方便执行代码检查、测试、构建、服务器和其他与项目相关的任务。如果您厌倦了使用多个工具来管理开发环境，并且对其他工具有时笨拙的语法感到不满，那么 mise 绝对值得一试。

Mockoon 是一个开源的 API 模拟工具。它具有直观的界面、可自定义的路由和动态响应功能，还可以自动创建模拟数据集。Mockoon 兼容 OpenAPI，允许生成不同的场景，能够在本地进行测试并与开发流水线集成。你还可以创建“部分模拟”，通过拦截请求，仅模拟 Mockoon 中定义的调用。这部分模拟有助于模拟特定的 API 路由或端点，并将其他请求转发到实际的服务器。部分模拟在某些场景下非常有用，但存在滥用风险，可能导致不必要的复杂性。除此之外，Mockoon 仍然是快速搭建模拟 API、改进和自动化开发流程的宝贵工具。

Raycast 是一款适用于 macOS 的启动器，允许你通过键盘快速启动应用程序、运行命令、搜索文件并自动化任务。我们的团队认为其针对开发者的开箱即用功能非常有价值，并且它的扩展非常简单，允许与第三方应用和服务，如 VSCode、Slack、Jira 和 Google 等，进行交互。Raycast 专为提高生产力设计，减少上下文切换，是希望简化日常任务的用户的有用工具。专业版用户还可以使用 Raycast AI，这是一款专门的 AI 驱动搜索助手。

ReadySet 是一个适用于 MySQL 和 PostgreSQL 的缓存层。与依赖手动失效的传统缓存解决方案不同，ReadySet 利用数据库复制流来增量更新其缓存。通过部分视图物化，ReadySet 实现了比传统只读副本更低的尾延迟。ReadySet 与 MySQL 和 PostgreSQL 在协议上兼容，因此可以将其部署在数据库前，以横向扩展读取工作负载，而无需更改应用程序。

许多我们团队在开发基于 Web 的前端时，已经从旧的打包工具（比如 Webpack）转向了 Vite。该领域的新进者是 Rspack，经过 1.5 年的开发，刚刚发布了1.0 release。Rspack 被设计为 Webpack 的直接替代品，兼容 Webpack 生态系统中的插件和加载器。这在迁移复杂的 Webpack 设置时，相较于 Vite 可能具有一定优势。我们团队迁移到 Vite 和 Rspack 等新工具的主要原因是开发者体验，特别是速度。没有什么比在获取上次代码更改反馈前需要等待一两分钟更能打断开发流程的了。Rspack 使用 Rust 编写，提供的性能显著快于 Webpack，在许多情况下甚至比 Vite 更快。

在构建基于 LLM 的应用时，将请求路由到特定代理或触发某一流程之前，确定用户意图是至关重要的。Semantic Router 充当 LLM 和代理之间的快速决策层，基于语义意义进行高效且可靠的请求路由。通过使用向量嵌入推断意图，Semantic Router 减少了不必要的 LLM 调用，提供了一种更加简洁、具有低成本的用户意图理解方式。它的潜力不仅限于意图推断，还可以作为各种语义任务的多功能构建模块。它的响应速度和灵活性使其在需要避免 LLM 带来的额外开销，快速实时决策的环境中成为强有力的竞争者。

目前在生成式 AI (GenAI) 领域最热门的话题之一是 软件工程代理 （software engineering agents）的概念。这些编程辅助工具不仅仅是在代码片段上帮助工程师，它们的目标是扩大解决问题的范围，理想情况下能够自主完成任务，且减少人为干预。其理念是，这些工具能够接收 GitHub issue 或 Jira ticket，提出计划并进行代码更改，甚至创建供人类审查的 pull request。这是提升 AI 编程辅助工具影响力的下一步逻辑，但想要实现覆盖广泛编码任务的通用代理的目标仍然非常雄心勃勃，目前的工具尚未令人信服地展示出这一点。然而，我们认为对于范围较小、较简单的任务，这种工具将很快起到作用，帮助开发人员腾出时间处理更复杂的问题。正在发布和推广测试版代理的工具包括 GitHub Copilot Workspace、 qodo flow 、 Tabnine's 的 JIRA 代理 ，以及 Amazon Q Developer 。SWE Bench 基准测试列出了更多此类工具，但我们建议对 AI 领域的基准测试保持一定的谨慎态度。

Rust 因为其启动性能非常适合编写命令行工具，我们看到一些工具链正在用它重写。我们在之前的雷达报告中提到过Ruff，这是一个用 Rust 编写的 Python linter。在本期报告中，我们评估了uv，这是一个用 Rust 编写的 Python 包管理工具。uv 的价值主张是“超快”，在基准测试中，它的性能大幅超过其他 Python 包管理工具。然而，在我们的雷达评估中，我们讨论了在构建工具中优化几秒钟是否真的算是一个显著的提升。相比于性能，对于一个包管理系统来说，更重要的是生态系统、成熟的社区和长期的支持。尽管如此，我们项目团队的反馈表明，这一小幅速度提升可能会极大改善反馈周期和整体开发者体验——我们通常手动使 CI/CD 缓存变得非常复杂，以实现这微小的性能提升。uv 简化了我们的 Python 环境管理。考虑到在 Python 开发的包和环境管理方面仍有很大的改进空间，我们认为 uv 是一个值得评估的选择。

Warp是一款适用于 macOS 和 Linux 的终端工具，它将命令输出分割为块以提高可读性。Warp 提供了AI 驱动的能力，如智能命令建议和自然语言处理。它还包括笔记本功能，允许用户组织命令和输出，并添加注释和文档。你可以利用这些功能创建 README 文件或入职材料，以结构化和互动的方式呈现和管理终端工作流。Warp 还可以轻松集成 Starship，一个灵活的跨终端提示工具，允许你自定义终端体验，并检索有关正在运行的进程、所使用工具的特定版本、Git 详细信息或当前 Git 用户等信息。

在 Atom 文本编辑器项目关闭后，其创建者构建了一个名为 Zed 的新编辑器。Zed 使用 Rust 编写，并经过优化以充分利用现代硬件，给人感觉非常快速。它具备我们对现代编辑器的所有期望功能：支持多种编程语言、内置终端以及多缓冲编辑等。通过与多个 LLM 提供商的集成，Zed 还提供 AI 辅助编码功能。作为结对编程的热衷者，我们对 Zed 内置的远程 协作特性 很感兴趣。开发者可以通过他们的 GitHub ID 找到彼此，然后实时协作于同一工作区。虽然现在还无法判断开发团队是否能够并愿意摆脱 Visual Studio Code 生态系统的吸引，但 Zed 是一个值得探索的替代方案。

CocoaPods 一直是 Swift 和 Objective-C Cocoa 项目中广受欢迎的依赖管理工具。然而，CocoaPods 团队宣布，该项目在作为 iOS 和 macOS 开发者关键工具超过十年后，进入了维护模式。尽管工具和其资源仍将继续可用，但将不再进行主动开发。其鼓励开发者们转向 Swift Package Manager，它与 Xcode 原生集成，并且获得了来自苹果的更好的长期支持。