参考来源¶

下面收录的是本书当前版本依赖的主要一手来源。最近一次来源编辑审查：2026 年 5 月 17 日。

如何阅读这份列表

最好不仅按主题来读这些来源，也按它们提供的支撑强度来区分：

规范性框架：NIST、OWASP、CISA 等文档，它们定义了相对稳定的治理轮廓；
平台实践：OpenAI、Anthropic、LangGraph、Google Cloud、Microsoft 等资料，它们展示这些轮廓在生产环境里是如何被组装出来的；
HCI、HITL 与人工监督：这些来源说明自动化会在哪里出错，以及怎样把人稳稳留在回路里；
研究前沿：关于记忆、可观测性、验证器设计与多智能体可靠性的较新论文。

如果你要给第一、第五和第八部分建立最稳的基础，先从规范性框架和 HCI/HITL 层开始。如果你要看当前工程实践，就读平台文档和近期研究，但始终要留意发布日期。

规范来源路线（Canonical source routes）

把这些来源（sources）作为三个规范案例（canonical cases）的快速路线（fast route）。支持分流（Support triage） 从 OWASP、OpenAI 智能体指南（OpenAI agent guides）、人在回路来源（HITL sources）、策略/审批材料（policy/approval material）、追踪评分（trace grading）和事件案例（incident cases）开始。内部知识助手（Internal knowledge assistant） 从 LangGraph 记忆（LangGraph memory）、OpenAI Agent 记忆（OpenAI Agent memory）、检索/评测来源（retrieval/eval sources）、面向来源证明的治理（provenance-oriented governance）和记忆研究前沿（memory research frontier）开始。事件协调（Incident coordination） 从 NIST/AI RMF、Google/Microsoft 治理（Google/Microsoft governance）、可观测性来源（observability sources）、多智能体可靠性研究（multi-agent reliability research）、事件复盘（incident review）和发布/控制平面材料（rollout/control-plane material）开始。

规范性框架与治理轮廓¶

Agent-specific security¶

OWASP, AI Agent Security Cheat Sheet
OWASP, MCP Security Cheat Sheet
OWASP, LLM Prompt Injection Prevention Cheat Sheet
OWASP, RAG Security Cheat Sheet

Governance and baseline controls¶

智能体架构与平台模式¶

Dmitry Vikulin, Architecture of Reliable AI Agents
Anthropic, Building Effective AI Agents
Anthropic, Harness design for long-running application development
OpenAI, A practical guide to building agents (PDF)
OpenAI, Agents SDK
OpenAI Agents SDK, Sandbox Agents、Sandbox Concepts、Sandbox clients 与 Agent memory
OpenAI, Agent Builder
LangGraph, Overview
LangGraph, Durable execution
LangGraph, Persistence
LangGraph, Memory overview
LangChain, Multi-agent
Google Cloud, Achieve agentic productivity with Vertex AI Agent Builder
Google Cloud, More ways to build, scale, and govern AI agents with Vertex AI Agent Builder
Google Cloud, Vertex AI Agent Builder overview
Google Cloud Architecture Center, Multi-agent AI system in Google Cloud
Microsoft Azure Architecture Center, AI Agent Orchestration Patterns
Cloudflare, Build Agents on Cloudflare
Cloudflare Agents SDK, Store and sync state 与 Schedule tasks
Cloudflare Agents SDK, Human in the Loop 与 WebSockets
Cloudflare Agents SDK, Workflows 与 Durable execution
Cloudflare, Build and deploy Remote Model Context Protocol (MCP) servers to Cloudflare
GitHub Docs, GitHub Copilot cloud agent
GitHub Docs, Using Copilot cloud agent on GitHub 与 Configuring settings for GitHub Copilot cloud agent

可观测性、评测与验证器设计¶

OpenAI, Agent evals
OpenAI, Trace grading
OpenAI, Background mode
OpenAI, Using tools
OpenAI, Structured model outputs
Microsoft Learn, Observability for Generative AI and agentic AI systems
Google Cloud, Observability and monitoring
AWS, Introducing stateful MCP client capabilities on Amazon Bedrock AgentCore Runtime
arXiv, The Art of Building Verifiers for Computer Use Agents
GitHub, microsoft/fara

HCI、HITL 与人工监督¶

Microsoft Research, Guidelines for Human-AI Interaction
LangChain Deep Agents, Human-in-the-loop
LangGraph, Interrupts
OpenReview, The Illusion of Consensus in Human-Centered Interactive AI
Microsoft Learn, Agentic AI adoption maturity model

治理、安全与运行保障¶

Google Cloud, How Google secures AI Agents
Google Cloud, Recommended AI Controls framework
Google Cloud, Introducing Agent Sandbox
Google Research, Security Assurance in the Age of Generative AI
Google Research, Securing the AI Software Supply Chain
Google Research, An Introduction to Google’s Approach for Secure AI Agents
Google Research, Identifying and Mitigating the Security Risks of Generative AI
Anthropic, Claude Code Security
Anthropic, Agentic Misalignment
Anthropic, Strengthening Red Teams
Anthropic, Introducing Bloom
Anthropic, Findings from a Pilot Anthropic-OpenAI Alignment Evaluation Exercise
MLCommons, AILuminate v1.0 Release
Microsoft Learn, Secure autonomous agentic AI systems
Microsoft Learn, Reduce autonomous agentic AI risk
Microsoft Learn, Complete production infrastructure inventory
Microsoft Learn, Agent Registry convergence with Microsoft Agent 365

事故与案例¶

American Bar Association, BC Tribunal Confirms Companies Remain Liable for Information Provided by AI Chatbot

研究前沿：记忆、可观测性与多智能体可靠性¶

OpenReview, EVOLVE-MEM: A Self-Adaptive Hierarchical Memory Architecture for Next-Generation Agentic AI Systems
OpenReview, MemGen: Weaving Generative Latent Memory for Self-Evolving Agents
OpenReview, AgentTrace: A Structured Logging Framework for Agent System Observability
OpenReview, AgentTrace: Causal Graph Tracing for Root Cause Analysis in Deployed Multi-Agent Systems
OpenReview, Evaluation of Multi-Turn Consistency in LLM Agents: Survival Analysis and Failure-Rationale Taxonomy
OpenReview, AMA-Bench: Evaluating Long-Horizon Memory for Agentic Applications
OpenReview, Aegis: Automated Error Generation and Attribution for Multi-Agent Systems
OpenReview, PALADIN: Self-Correcting Language Model Agents to Cure Tool-Failure Cases
OpenReview, Why Do Multiagent Systems Fail?

发布、构建与本书的平台层¶

MkDocs, Official documentation
Material for MkDocs, Official documentation
uv, Working on projects
ty, Official documentation
Starlight, Official documentation

Rust 与智能体运行时的基础设施层¶

AWS, AWS SDK for Rust is generally available
AWS Docs, Code examples for Amazon Bedrock Runtime using AWS SDK for Rust
docs.rs, aws-sdk-bedrockagentruntime
Microsoft Learn, Azure SDK for Rust
Rig, Official documentation
docs.rs, rig-core
GitHub, 0xPlaygrounds/rig

如何使用这份列表¶

如果你要继续扩展这本书，比较顺手的顺序是：

风险与控制框架：NIST、OWASP、CISA。
架构模式与运行时纪律：Anthropic、OpenAI、LangGraph、Google Cloud、Microsoft。
可观测性、评测与验证器层：OpenAI、Microsoft、arXiv、GitHub。
HCI、HITL 与案例：Microsoft Research、OpenReview、ABA。
研究前沿：记忆、一致性、可观测性与多智能体失败模式。

如果你是配合本书阅读，再记住一个区分就够了：

稳定内核：规范性框架、架构、策略、执行与可观测性；
快速变化层：评测工具、验证器设计、清单治理、前沿研究和较新的案例。