I'm not even sure a specialized model is needed here. It probably just needs the right harness around existing ones.

I expect the next two years to be absolutely brutal for hacks. Attackers have supercharged tools in their hands right now. Defenders are only getting started and will have to plow through a massive backlog of newly uncovered vulns.

The major short term downside is that open source or personal projects won't be able to afford things like Codex Security.

I'd say it is about 90% accurate for us. Often even the "Low" findings lead us to dig and realize it is actually exploitable. Everyone makes these mistakes, from the most junior to the most senior. They are just a class of bugs after all.

I expect tools like this to be a regular part of the development lifecycle from here on. We code with AI, we review with AI, we search for vulns with AI. Even if it isn't perfect, it is easily worth the cost IMHO. Highly recommend you get something enabled for your own repos ASAP

If so that actually sounds really cool. I'd like a dedicated lazygit app in my tray at all times.

I know this is focused solely on performance, but cost is a major factor here.

Who cares about mental gymnastics. It's a win for literally everyone and I hope you ca see it that way instead. Competition is good. It drives others to keep up.

Despite what the current US govt wants, the economics of solar and other renewables will drive it. Worst they can do is slow it down a bit.

I actually disagree a bit on the first part. I think developing countries have a right to have higher per capita emissions as they raise their standard of living and economy where they can get to the point of widely adopting clean energy.

China is by far the leading emitter. Over double of the US as of 2023 (latest available data I can find). China's emissions also aren't falling, they are skyrocketing. The US emissions ARE falling.

The US dominates in cumulative, which is essentially the measure of the total damage done to the planet. The US is doing something about it though. Yearly emissions have been dropping since 2007.

https://ourworldindata.org/co2-and-greenhouse-gas-emissions

  * Once in Cursor I can't click on modified files or lines and have my IDE jump to it. Very hard to review changes.
  * I closed the Ona tab and couldn't figure out how to get it back so I could prompt it again.
  * I can't pin the Ona tab to the right like Cursor does
  * Is there a way to select lines and add them to context?
  * Is there a way I can pick a model?

I'd love to see a short animation of what it would actually look like to do the core flow. Prompt -> environment creation -> iterating -> popping open VSCode Web -> Popping open Cursor desktop.

Also, a lot of the links on that page you linked me to are broken:

  * "manual edits and Ona Agents is very powerful." 
  * "Ona’s automations.yaml extends it with tasks and services"
  * "devcontainer.json describes the tools"

AI is more akin to pair programming with another person sitting next to you. I don't want to ship a PR or even a branch off to someone sitting next to me. I want to discuss and type together in real time.

I'm mainly aiming for a good experience with what we have today. Welding an AI agent onto my IDE turned out to be great. The next incremental step feels like being able to parallelize that. I want four concurrent IDEs with AI welded onto it.

I want to run a prompt that operates in an isolated environment that is open in my IDE where I can iterate with the AI. I think maybe it can do this?

Also it isn't always about editing. It is about seeing the surrounding code, navigating around, and ensuring the AI did the right thing in all of the right places.

AI coding should be tightly in the inner dev loop! PRs are a bad way to review and iterate on code. They are a last line of defense, not the primary way to develop.

Give me an isolated environment that is one click hooked up to Cursor/VSCode Remote SSH. It should be the default. I can't think of a single time that Claude or any other AI tool nailed the request on the first try (other than trivial things). I always need to touch it up or at least navigate around and validate it in my IDE.

Or maybe create a second binary or symlink called `uvs` (short for uv script) that does the same thing.