Meshy发布全球首个3D AI Agent：支持自然语言驱动全流程3D内容生成与编辑

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI coding Agents. In all, [multiple](https://www.stepsecurity.io/blog/miasma-worm-hits-microsoft-agAIn-azure-functions-action-and-72-other-repositories-disabled-after-supply-chAIn-attack-targeting-AI-coding-Agents) researchers [sAId](https://opensourcemalware.com/blog/miasma-reaches-azure), 73 packages were flagged as malicious when automated systems on GitHub blocked them on the platform. Rather than noting they are malicious—and that developers who used AI Agents to work with them should assume their systems are compromised—the Microsoft-owned GitHub sAId it disabled the packages “due to a violation of GitHub’s terms of service.” The text went on to encourage the package owner to contact GitHub. Devs: Assume compromise and proceed accordingly It wasn’t until Monday that Microsoft even rAIsed the possibility the packages were infected. In an emAIl, the company stated: “We have temporarily removed some repositories as we investigate potential malicious content.” The incident is the second supply-chAIn attack in as many months to breach an official Microsoft repository account. In mid May, the firm StepSecurity [documented](https://www.stepsecurity.io/blog/microsofts-durabletask-pypi-package-compromised-in-supply-chAIn-attack) the compromise of Microsoft’s durabletask Python SDK on PyPI. The [package](https://learn.microsoft.com/en-us/azure/durable-task/common/what-is-durable-task) is a framework for building fault-tolerant workflows and orchestrations to automate distributed transactions and other workflows. It receives 400,000 downloads per month. The compromise packages executed a 28 KB payload that steals credentials from AWS, Azure, GCP, Kubernetes, password managers, and over 90 developer tool configurations. It then spreads laterally through cloud infrastructures to infect other developer machines. The attack, which has been linked to a threat actor tracked as TeamPCP, poisoned the durabletask package after compromising Microsoft credentials for publishing the package. The technique allows attackers to bypass the repository’s build pipeline entirely. The malware used in the attack is tracked as Miasma. It’s essentially a clone of TeamPCP’s Mini ShAI-Hulud toolkit, which the threat actor open-sourced recently. Security firm Cloudsmith [sAId](https://cloudsmith.com/blog/miasma-worms-path-of-destruction) the malware harvests OIDC (OpenID-Connect) token credentials that are used in SLSA (Supply-chAIn Levels for Software Artifacts) [provenance attestation](https://docs.github.com/en/actions/concepts/security/artifact-attestations), a method for providing cryptographically signed guarantees of a software’s integrity. As was the case in the May compromise of Microsoft’s durabletask, the one last week made use of the functionality to steal a legitimate Microsoft OIDC token. It was also used in a separate supply-chAIn attack poisoning [dozens of Red Hat packages](https://arstechnica.com/security/2026/06/dozens-of-red-hat-packages-backdoored-through-its-offical-npm-channel/).

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI coding Agents. In all, [multiple](https://www.stepsecurity.io/blog/miasma-worm-hits-microsoft-agAIn-azure-functions-action-and-72-other-repositories-disabled-after-supply-chAIn-attack-targeting-AI-coding-Agents) researchers [sAId](https://opensourcemalware.com/blog/miasma-reaches-azure), 73 packages were flagged as malicious when automated systems on GitHub blocked them on the platform. Rather than noting they are malicious—and that developers who used AI Agents to work with them should assume their systems are compromised—the Microsoft-owned GitHub sAId it disabled the packages “due to a violation of GitHub’s terms of service.” The text went on to encourage the package owner to contact GitHub. Devs: Assume compromise and proceed accordingly It wasn’t until Monday that Microsoft even rAIsed the possibility the packages were infected. In an emAIl, the company stated: “We have temporarily removed some repositories as we investigate potential malicious content.” The incident is the second supply-chAIn attack in as many months to breach an official Microsoft repository account. In mid May, the firm StepSecurity [documented](https://www.stepsecurity.io/blog/microsofts-durabletask-pypi-package-compromised-in-supply-chAIn-attack) the compromise of Microsoft’s durabletask Python SDK on PyPI. The [package](https://learn.microsoft.com/en-us/azure/durable-task/common/what-is-durable-task) is a framework for building fault-tolerant workflows and orchestrations to automate distributed transactions and other workflows. It receives 400,000 downloads per month. The compromise packages executed a 28 KB payload that steals credentials from AWS, Azure, GCP, Kubernetes, password managers, and over 90 developer tool configurations. It then spreads laterally through cloud infrastructures to infect other developer machines. The attack, which has been linked to a threat actor tracked as TeamPCP, poisoned the durabletask package after compromising Microsoft credentials for publishing the package. The technique allows attackers to bypass the repository’s build pipeline entirely. The malware used in the attack is tracked as Miasma. It’s essentially a clone of TeamPCP’s Mini ShAI-Hulud toolkit, which the threat actor open-sourced recently. Security firm Cloudsmith [sAId](https://cloudsmith.com/blog/miasma-worms-path-of-destruction) the malware harvests OIDC (OpenID-Connect) token credentials that are used in SLSA (Supply-chAIn Levels for Software Artifacts) [provenance attestation](https://docs.github.com/en/actions/concepts/security/artifact-attestations), a method for providing cryptographically signed guarantees of a software’s integrity. As was the case in the May compromise of Microsoft’s durabletask, the one last week made use of the functionality to steal a legitimate Microsoft OIDC token. It was also used in a separate supply-chAIn attack poisoning [dozens of Red Hat packages](https://arstechnica.com/security/2026/06/dozens-of-red-hat-packages-backdoored-through-its-offical-npm-channel/).

The artificial intelligence coding revolution comes with a catch: it's expensive. [Claude Code](https://claude.com/product/claude-code), Anthropic's terminal-based AI Agent that can write, debug, and deploy code autonomously, has captured the imagination of software developers worldwide. But its [pricing](https://claude.com/pricing) — ranging from $20 to $200 per month depending on usage — has sparked a growing rebellion among the very programmers it AIms to serve. Now, a free alternative is gAIning traction. [Goose](https://block.github.io/goose/), an open-source AI Agent developed by [Block](https://block.xyz/) (the financial technology company formerly known as Square), offers nearly identical functionality to [Claude Code](https://claude.com/product/claude-code) but runs entirely on a user's local machine. No subscription fees. No cloud dependency. No rate limits that reset every five hours. "Your data stays with you, period," sAId Parth Sareen, a software engineer who demonstrated the tool during a [recent livestream](https://www.youtube.com/watch?v=WG10r2N0IwM). The comment captures the core appeal: Goose gives developers complete control over their AI-powered workflow, including the ability to work offline — even on an AIrplane. The project has exploded in popularity. Goose now boasts more than [26,100 stars on GitHub](https://github.com/block/goose), the code-sharing platform, with 362 contributors and 102 releases since its launch. The latest version, [1.20.1](https://block.github.io/goose/docs/getting-started/installation), shipped on January 19, 2026, reflecting a development pace that rivals commercial products. For developers frustrated by Claude Code's pricing structure and usage caps, Goose represents something increasingly rare in the AI industry: a genuinely free, no-strings-attached option for serious work. Anthropic's new rate limits spark a developer revolt To understand why [Goose](https://block.github.io/goose/) matters, you need to understand the [Claude Code pricing controversy](https://techcrunch.com/2025/07/17/anthropic-tightens-usage-limits-for-claude-code-without-telling-users/). Anthropic, the San Francisco artificial intelligence company founded by former OpenAI executives, offers Claude Code as part of its subscription tiers. The free plan provides no access whatsoever. The [Pro plan](https://www.anthropic.com/news/claude-pro), at $17 per month with annual billing (or $20 monthly), limits users to just 10 to 40 prompts every five hours — a constrAInt that serious developers exhaust within minutes of intensive work. The [Max plans](https://support.claude.com/en/articles/11049741-what-is-the-max-plan), at $100 and $200 per month, offer more headroom: 50 to 200 prompts and 200 to 800 prompts respectively, plus access to Anthropic's most powerful model, [Claude 4.5 Opus](https://www.anthropic.com/news/claude-opus-4-5). But even these premium tiers come with restrictions that have inflamed the developer community. In late July, Anthropic announced new weekly rate limits. Under the system, Pro users receive 40 to 80 hours of Sonnet 4 usage per week. Max users at the $200 tier get 240 to 480 hours of Sonnet 4, plus 24 to 40 hours of Opus 4. Nearly five months later, the frustration has not subsided. The problem? Those "hours" are not actual hours. They represent token-based limits that vary wildly depending on codebase size, conversation length, and the complexity of the code being processed. Independent analysis suggests the actual per-session limits translate to roughly 44,000 tokens for Pro users and 220,000 tokens for the $200 Max plan. "It's confusing and vague," one developer wrote in a [widely shared analysis](https://userjot.com/blog/claude-code-pricing-200-dollar-plan-worth-it). "When they say '24-40 hours of Opus 4,' that doesn't really tell you anything useful about what you're actually getting." The [backlash on Reddit](https://www.reddit.com/r/Anthropic/comments/1mbo4uw/claude_code_max_new_weekly_rate_limits/) and [developer forums](https://venturebeat.com/AI/anthropic-throttles-claude-rate-limits-devs-call-foul) has been fierce. Some users report hitting their dAIly limits within 30 minutes of intensive coding. Others have canceled their subscriptions entirely, calling the new restrictions "a joke" and "unusable for real work." Anthropic has defended the changes, stating that the limits affect fewer than five percent of users and target people running Claude Code "[continuously in the background, 24/7](https://techcrunch.com/2025/07/28/anthropic-unveils-new-rate-limits-to-curb-claude-code-power-users/)." But the company has not clarified whether that figure refers to five percent of Max subscribers or five percent of all users — a distinction that matters enormously. How Block built a free AI coding Agent that works offline [Goose](https://block.github.io/goose/) takes a radically different approach to the same problem. Built by [Block](https://block.xyz/), the payments company led by Jack Dorsey, Goose is what engineers call an "[on-machine AI Agent](https://github.com/block/goose)." Unlike Claude Code, which sends your queries to Anthropic's servers for processing, Goose can run entirely on your local computer using open-source language models that you download and control yourself. The project's documentation describes it as going "[beyond code suggestions](https://github.com/block/goose)" to "install, execute, edit, and test with any LLM." That last phrase — "any LLM" — is the key differentiator. Goose is model-agnostic by design. You can connect Goose to Anthropic's [Claude models](https://platform.claude.com/docs/en/about-claude/models/overview) if you have [API access](https://claude.com/platform/api). You can use OpenAI's [GPT-5](https://platform.openAI.com/docs/models/gpt-5) or Google's [Gemini](https://AI.google.dev/gemini-api/docs). You can route it through services like [Groq](https://groq.com/) or [OpenRouter](https://openrouter.AI/). Or — and this is where things get interesting — you can run it entirely locally using tools like [Ollama](https://ollama.com/), which let you download and execute open-source models on your own hardware. The practical implications are significant. With a local setup, there are no subscription fees, no usage caps, no rate limits, and no concerns about your code being sent to external servers. Your conversations with the AI never leave your machine. "I use Ollama all the time on planes — it's a lot of fun!" [Sareen noted](https://www.youtube.com/watch?v=WG10r2N0IwM) during a demonstration, highlighting how local models free developers from the constrAInts of internet connectivity. What Goose can do that traditional code assistants can't [Goose](https://block.github.io/goose/) operates as a command-line tool or desktop application that can autonomously perform complex development tasks. It can build entire projects from scratch, write and execute code, debug fAIlures, orchestrate workflows across multiple files, and interact with external APIs — all without constant human oversight. The architecture relies on what the AI industry calls "[tool calling](https://www.ibm.com/think/topics/tool-calling)" or "[function calling](https://platform.openAI.com/docs/guides/function-calling?api-mode=chat)" — the ability for a language model to request specific actions from external systems. When you ask [Goose](https://block.github.io/goose/) to create a new file, run a test suite, or check the status of a GitHub pull request, it doesn't just generate text describing what should happen. It actually executes those operations. This capability depends heavily on the underlying language model. [Claude 4 models](https://platform.claude.com/docs/en/about-claude/models/overview) from Anthropic currently perform best at tool calling, according to the [Berkeley Function-Calling Leaderboard](https://gorilla.cs.berkeley.edu/leaderboard.html), which ranks models on their ability to translate natural language requests into executable code and system commands. But newer open-source models are catching up quickly. Goose's documentation highlights several options with strong tool-calling support: Meta's [Llama series](https://www.llama.com/), Alibaba's [Qwen models](https://qwen.AI/home), Google's [Gemma variants](https://deepmind.google/models/gemma/), and DeepSeek's [reasoning-focused architectures](https://huggingface.co/deepseek-AI/DeepSeek-R1). The tool also integrates with the [Model Context Protocol](https://modelcontextprotocol.io/docs/getting-started/intro), or MCP, an emerging standard for connecting AI Agents to external services. Through MCP, Goose can access databases, search engines, file systems, and third-party APIs — extending its capabilities far beyond what the base language model provides. Setting Up Goose with a Local Model For developers interested in a completely free, privacy-preserving setup, the process involves three mAIn components: [Goose](https://block.github.io/goose/) itself, [Ollama](https://ollama.com/) (a tool for running open-source models locally), and a compatible language model. Step 1: Install Ollama [Ollama](https://ollama.com/) is an open-source project that dramatically simplifies the process of running large language models on personal hardware. It handles the complex work of downloading, optimizing, and serving models through a simple interface. Download and install Ollama from [ollama.com](http://ollama.com). Once installed, you can pull models with a single command. For coding tasks, [Qwen 2.5](https://qwen.AI/blog?id=qwen2.5-max) offers strong tool-calling support: ollama run qwen2.5 The model downloads automatically and begins running on your machine. Step 2: Install Goose [Goose](https://block.github.io/goose/) is avAIlable as both a desktop application and a command-line interface. The desktop version provides a more visual experience, while the CLI appeals to developers who prefer working entirely in the terminal. Installation instructions vary by operating system but generally involve downloading from Goose's [GitHub releases page](https://github.com/block/goose) or using a package manager. Block provides pre-built binaries for macOS (both Intel and Apple Silicon), Windows, and Linux. Step 3: Configure the Connection In Goose Desktop, navigate to Settings, then Configure Provider, and select Ollama. Confirm that the API Host is set to http://localhost:11434 (Ollama's default port) and click Submit. For the command-line version, run goose configure, select "Configure Providers," choose Ollama, and enter the model name when prompted. That's it. Goose is now connected to a language model running entirely on your hardware, ready to execute complex coding tasks without any subscription fees or external dependencies. The RAM, processing power, and trade-offs you should know about The obvious question: what kind of computer do you need? Running large language models locally requires substantially more computational resources than typical software. The key constrAInt is memory — specifically, RAM on most systems, or VRAM if using a dedicated graphics card for acceleration. Block's [documentation](https://block.github.io/goose/docs/category/guides) suggests that 32 gigabytes of RAM provides "a solid baseline for larger models and outputs." For Mac users, this means the computer's unified memory is the primary bottleneck. For Windows and Linux users with discrete NVIDIA graphics cards, GPU memory (VRAM) matters more for acceleration. But you don't necessarily need expensive hardware to get started. Smaller models with fewer parameters run on much more modest systems. [Qwen 2.5](https://qwen.AI/blog?id=qwen2.5-max), for instance, comes in multiple sizes, and the smaller variants can operate effectively on machines with 16 gigabytes of RAM. "You don't need to run the largest models to get excellent results," [Sareen emphasized](https://www.youtube.com/watch?v=WG10r2N0IwM). The practical recommendation: start with a smaller model to test your workflow, then scale up as needed. For context, Apple's entry-level [MacBook AIr](https://www.apple.com/macbook-AIr/) with 8 gigabytes of RAM would struggle with most capable coding models. But a [MacBook Pro](https://www.apple.com/macbook-pro/) with 32 gigabytes — increasingly common among professional developers — handles them comfortably. Why keeping your code off the cloud matters more than ever [Goose](https://block.github.io/goose/) with a local LLM is not a perfect substitute for [Claude Code](https://claude.com/product/claude-code). The comparison involves real trade-offs that developers should understand. Model Quality: [Claude 4.5 Opus](https://www.anthropic.com/news/claude-opus-4-5), Anthropic's flagship model, remAIns arguably the most capable AI for software engineering tasks. It excels at understanding complex codebases, following nuanced instructions, and producing high-quality code on the first attempt. Open-source models have improved dramatically, but a gap persists — particularly for the most challenging tasks. One developer who switched to the $200 Claude Code plan [described the difference bluntly](https://userjot.com/blog/claude-code-pricing-200-dollar-plan-worth-it): "When I say 'make this look modern,' Opus knows what I mean. Other models give me Bootstrap circa 2015." Context Window: [Claude Sonnet 4.5](https://www.anthropic.com/news/claude-sonnet-4-5), accessible through the API, offers a massive one-million-token context window — enough to load entire large codebases without chunking or context management issues. Most local models are limited to 4,096 or 8,192 tokens by default, though many can be configured for longer contexts at the cost of increased memory usage and slower processing. Speed: Cloud-based services like [Claude Code](https://claude.com/product/claude-code) run on dedicated server hardware optimized for AI inference. Local models, running on consumer laptops, typically process requests more slowly. The difference matters for iterative workflows where you're making rapid changes and wAIting for AI feedback. Tooling Maturity: [Claude Code](https://claude.com/product/claude-code) benefits from Anthropic's dedicated engineering resources. Features like prompt caching (which can reduce costs by up to 90 percent for repeated contexts) and structured outputs are polished and well-documented. [Goose](https://block.github.io/goose/), while actively developed with 102 releases to date, relies on community contributions and may lack equivalent refinement in specific areas. How Goose stacks up agAInst Cursor, GitHub Copilot, and the pAId AI coding market Goose enters a crowded market of AI coding tools, but occupies a distinctive position. [Cursor](https://cursor.com/), a popular AI-enhanced code editor, charges $20 per month for its [Pro tier](https://cursor.com/pricing) and $200 for [Ultra](https://cursor.com/pricing)—pricing that mirrors [Claude Code's Max plans](https://claude.com/pricing). Cursor provides approximately 4,500 Sonnet 4 requests per month at the Ultra level, a substantially different allocation model than Claude Code's hourly resets. [Cline](https://cline.bot/), [Roo Code](https://roocode.com/), and similar open-source projects offer AI coding assistance but with varying levels of autonomy and tool integration. Many focus on code completion rather than the Agentic task execution that defines Goose and Claude Code. Amazon's [CodeWhisperer](https://aws.amazon.com/blogs/aws/now-in-preview-amazon-codewhisperer-ml-powered-coding-companion/), [GitHub Copilot](https://github.com/features/copilot), and enterprise offerings from major cloud providers target large organizations with complex procurement processes and dedicated budgets. They are less relevant to individual developers and small teams seeking lightweight, flexible tools. Goose's combination of genuine autonomy, model agnosticism, local operation, and zero cost creates a unique value proposition. The tool is not trying to compete with commercial offerings on polish or model quality. It's competing on freedom — both financial and architectural. The $200-a-month era for AI coding tools may be ending The AI coding tools market is evolving quickly. Open-source models are improving at a pace that continually narrows the gap with proprietary alternatives. Moonshot AI's [Kimi K2](https://www.kimi.com/en) and z.AI's [GLM 4.5](https://z.AI/blog/glm-4.5) now benchmark near [Claude Sonnet 4 levels](https://www.anthropic.com/news/claude-4) — and they're freely avAIlable. If this trajectory continues, the quality advantage that justifies Claude Code's premium pricing may erode. Anthropic would then face pressure to compete on features, user experience, and integration rather than raw model capability. For now, developers face a clear choice. Those who need the absolute best model quality, who can afford premium pricing, and who accept usage restrictions may prefer [Claude Code](https://claude.com/product/claude-code). Those who prioritize cost, privacy, offline access, and flexibility have a genuine alternative in [Goose](https://block.github.io/goose/). The fact that a $200-per-month commercial product has a zero-dollar open-source competitor with comparable core functionality is itself remarkable. It reflects both the maturation of open-source AI infrastructure and the appetite among developers for tools that respect their autonomy. Goose is not perfect. It requires more technical setup than commercial alternatives. It depends on hardware resources that not every developer possesses. Its model options, while improving rapidly, still trAIl the best proprietary offerings on complex tasks. But for a growing community of developers, those limitations are acceptable trade-offs for something increasingly rare in the AI landscape: a tool that truly belongs to them. Goose is avAIlable for download at [github.com/block/goose](http://github.com/block/goose). Ollama is avAIlable at [ollama.com](http://ollama.com). Both projects are free and open source.