AI Skills AI技能 5h ago Updated 2h ago 更新于 2小时前 46

HTTP Has a New Method Now (After 16 Years!), and it lands where AI agents were bleeding HTTP 现在有了一个新方法(16年后!),它落在了 AI 代理流血的地方

HTTP introduces the QUERY method (RFC 10008), the first new general-purpose method since PATCH in 2010, designed to carry a request body while remaining safe and idempotent like GET. The method resolves the long-standing architectural compromise where complex read-only searches were forced into POST requests, which incorrectly signaled state changes to caches and proxies. QUERY enables strict read/write boundaries at the gateway level, allowing agents to perform retries safely without risking un HTTP协议在2026年6月正式发布RFC 10008,新增`QUERY`方法,这是自2010年`PATCH`以来首个新的通用HTTP方法。 `QUERY`方法兼具`POST`的Body承载能力和`GET`的安全性与幂等性,解决了复杂查询无法放入URL且不能使用`POST`的痛点。 该方法通过标准化“只读”语义,使网关、代理和缓存层能强制执行读写分离,显著降低AI Agent重试时的副作用风险。 采用Cloudflare和Akamai联合推动,边缘网络支持可能领先于框架支持,初期可通过405回退至POST实现兼容。

65
Hot 热度
70
Quality 质量
60
Impact 影响力

Analysis 深度分析

TL;DR

  • HTTP introduces the QUERY method (RFC 10008), the first new general-purpose method since PATCH in 2010, designed to carry a request body while remaining safe and idempotent like GET.
  • The method resolves the long-standing architectural compromise where complex read-only searches were forced into POST requests, which incorrectly signaled state changes to caches and proxies.
  • QUERY enables strict read/write boundaries at the gateway level, allowing agents to perform retries safely without risking unintended side effects or requiring manual idempotency keys.
  • The specification is format-agnostic, relying on Content-Type to define semantics, and supports efficient caching through Location and Content-Location headers that facilitate conditional GETs.
  • Early adoption is driven by major edge providers like Cloudflare and Akamai, with a fallback mechanism (405 to POST) ensuring compatibility during the transition period.

Why It Matters

This update fundamentally changes how AI agents interact with web services by providing a standardized, protocol-level guarantee for read-only operations with complex payloads. For AI practitioners, it eliminates a critical source of non-determinism in agent loops, where ambiguous POST-based queries previously led to duplicate executions or cache misses. By embedding safety and idempotency directly into the HTTP method, developers can build more robust, scalable, and secure agent architectures that leverage existing infrastructure like CDNs and proxies more effectively.

Technical Details

  • Method Semantics: QUERY is defined as safe, idempotent, and cacheable, allowing clients to send a body similar to POST but with the guarantees of GET. This prevents proxies and caches from treating read operations as state-changing writes.
  • Gateway Enforcement: The method allows network gateways to mechanically distinguish between read and write operations. Agents can be restricted to QUERY methods for free access, while POST, PUT, PATCH, and DELETE require explicit approval or audit trails.
  • Caching Optimization: Servers can return Location (for re-running the query) and Content-Location (for the specific result snapshot) headers. This enables subsequent identical requests to use conditional GETs with If-None-Match, reducing bandwidth and latency.
  • Format Agnosticism: The spec does not mandate a specific query language; instead, it relies on Content-Type headers (e.g., application/json, application/sql) to define the body's semantics. An Accept-Query header allows clients to discover supported formats.
  • Fallback Strategy: Clients should handle HTTP 405 (Method Not Allowed) responses by falling back to POST, ensuring backward compatibility with servers that have not yet implemented RFC 10008.

Industry Insight

  • Agent Reliability: AI frameworks integrating HTTP tools should prioritize QUERY for retrieval tasks to reduce error rates caused by retry storms and duplicate executions, significantly improving agent stability in production environments.
  • Security Architecture: Security teams can simplify agent permission models by enforcing policy at the network edge based on HTTP methods, rather than relying on fragile application-layer logic or opaque POST bodies.
  • Infrastructure Investment: Edge providers and CDN operators are likely to accelerate support for QUERY, making it a strategic advantage for organizations optimizing their API performance and caching strategies for AI-driven workloads.

TL;DR

  • HTTP协议在2026年6月正式发布RFC 10008,新增QUERY方法,这是自2010年PATCH以来首个新的通用HTTP方法。
  • QUERY方法兼具POST的Body承载能力和GET的安全性与幂等性,解决了复杂查询无法放入URL且不能使用POST的痛点。
  • 该方法通过标准化“只读”语义,使网关、代理和缓存层能强制执行读写分离,显著降低AI Agent重试时的副作用风险。
  • 采用Cloudflare和Akamai联合推动,边缘网络支持可能领先于框架支持,初期可通过405回退至POST实现兼容。

为什么值得看

对于AI从业者和后端工程师而言,QUERY方法的标准化标志着HTTP协议终于承认了“复杂只读查询”这一独立场景,结束了长期依赖POST模拟查询导致的语义模糊问题。它从根本上改善了AI Agent在自动重试、缓存利用和网关安全策略执行方面的可靠性与效率,是构建健壮Agent基础设施的关键底层变革。

技术解析

  • 核心特性QUERY被定义为Safe(安全)、Idempotent(幂等)、Cacheable(可缓存)且携带Body。这意味着客户端可以发送复杂的结构化数据(如JSON、SQL或GraphQL片段),而中间件(如CDN、反向代理)会将其视为只读操作,允许缓存和重试,无需担心副作用。
  • 解决的技术债务:此前开发者被迫使用POST进行大型搜索请求,导致缓存失效、代理误判为状态变更以及重试逻辑复杂化。QUERY消除了这种Hack,使“读取”意图在协议层面得到明确声明。
  • URI复用机制:服务器响应中可返回Location(用于重新运行查询的新URI)或Content-Location(结果快照URI)。这使得昂贵的结构化查询在后续调用中可以降级为简单的条件GET请求(配合If-None-Match),极大优化性能。
  • 格式无关性:规范未绑定特定查询语言,而是通过Content-Type定义语义,并通过新的Accept-Query响应头让客户端发现资源支持的查询格式,增强了灵活性。
  • Agent适配示例:代码示例展示了Agent如何利用QUERY的幂等性简化重试逻辑,无需手动管理幂等键;同时网关可通过配置仅放行QUERY给Agent,而将POST/PUT/PATCH/DELETE限制为需审批的操作,实现机械化的读写边界控制。

行业启示

  • Agent基础设施重构:随着QUERY的普及,AI Agent的网关层和安全策略将迎来升级。开发者可以利用该方法的语义特性,更精细地隔离Agent的读取权限与写入权限,提升系统安全性。
  • API设计范式转移:RESTful API设计需重新审视搜索端点的实现方式。未来应优先支持QUERY方法以提供标准缓存和重试行为,减少对POST的滥用,提升互操作性。
  • 边缘计算协同演进:鉴于Cloudflare和Akamai等边缘巨头的支持,QUERY可能在边缘节点率先落地。这预示着边缘缓存和路由策略将针对复杂查询进行专门优化,进一步加速全球数据访问。

Disclaimer: The above content is generated by AI and is for reference only. 免责声明:以上内容由 AI 生成,仅供参考。

Agent Agent Programming 编程