Video wird geladen...

Video konnte nicht geladen werden

Zur Startseite

SonarQube has been catching my bugs and security issues for years. The only friction was having to leave Cursor or Windsurf to view the results. Their new MCP Server fixes that by bringing verification directly into the coding environment 🔥 This is actually perfect timing 🧵 ↓ Because we...

22,702 Aufrufe • vor 7 Monaten •via X (Twitter)

0 Kommentare

Keine Kommentare verfügbar

Kommentare vom Original-Post werden hier angezeigt

Ähnliche Videos

8 rules to improve your AI coding agent. All of these rules work with Claude Code, Cursor, VS Code, and with most programming languages. Automating these rules will 10x the code quality and security produced by your AI coding agents. 1. Dependency checks - Prevent your agent from suggesting insecure libraries based on outdated training data. 2. Secret exposure - Auto-fix the use of hardcoded credentials introduced by your coding agent. 3. File and function size - Automatically refactor any files or functions that exceed a reasonable length. 4. Complexity and parameter limits - Simplify overly complex code written by the agent. 5. SQL Injection - Auto-fix all database interactions with unsanitized user input. 6. Unused variables and imports - Detect and remove dead code. 7. Detect invisible unicode characters in AI rules files - Remove zero-width spaces, direction overrides, and other invisible characters that can hide malicious behavior. 8. Insecure OpenAI API usage - Enforce use of secure OpenAI endpoints, proper authentication, and context isolation Here is how you can automate this: Install the Codacy extension. This will give you access to a CLI for local scanning and an MCP server for agent communication. From here on out, every time you need to generate some code: 1. Your agent will write the code 2. It will then call Codacy's CLI to check it 3. It will find any issues in real time 4. Your coding agent will fix the issues 5. When the code passes all checks, you are done Level of effort on your side: literally zero! Code quality and security because of this: 100x better! Here is the link to download the extension for your IDE: Thanks to the Codacy team for collaborating with me on this post.

Santiago

49,331 Aufrufe • vor 8 Monaten

Big moment for Postgres! AI coding tools have been surprisingly bad at writing Postgres code. Not because the models are dumb, but because of how they learned SQL in the first place. LLMs are trained on the internet, which is full of outdated Stack Overflow answers and quick-fix tutorials. So when you ask an AI to generate a schema, it gives you something that technically runs but misses decades of Postgres evolution, like: - No GENERATED ALWAYS AS IDENTITY (added in PG10) - No expression or partial indexes - No NULLS NOT DISTINCT (PG15) - Missing CHECK constraints and proper foreign keys - Generic naming that tells you nothing But this is actually a solvable problem. You can teach AI tools to write better Postgres by giving them access to the right documentation at inference time. This exact solution is actually implemented in the newly released pg-aiguide by Tiger Data - Creators of TimescaleDB, which is an open-source MCP server that provides coding tools access to 35 years of Postgres expertise. In a gist, the MCP server enables: - Semantic search over the official PostgreSQL manual (version-aware, so it knows PG14 vs PG17 differences) - Curated skills with opinionated best practices for schema design, indexing, and constraints. I ran an experiment with Claude Code to see how well this works, and worked with the team to put this together. Prompt: "Generate a schema for an e-commerce site twice, one with the MCP server disabled, one with it enabled. Finally, run an assessment to compare the generated schemas." The run with the MCP server led to: - 420% more indexes (including partial and expression indexes) - 235% more constraints - 60% more tables (proper normalization) - 11 automation functions and triggers - Modern PG17 patterns throughout The MCP-assisted schema had proper data integrity, performance optimizations baked in, and followed naming conventions that actually make sense in production. pg-aiguide works with Claude Code, Cursor, VS Code, and any MCP-compatible tool. It's free and fully open source. I have shared the repo in the replies!

Avi Chawla

186,931 Aufrufe • vor 6 Monaten

MCP is an absolute game-changer. (Together with DeepSeek, MCP is probably the hottest thing in AI over the last 6 months.) I use Cursor to write code 90% of the time. I built an MCP server to connect the Cursor agent to GroundX, an open-source RAG system, and I'm not going back. This is officially insane! Here is what I did, step by step: First, a little bit of context. I maintain an end-to-end Machine Learning System with several pipelines to process data, train, evaluate, register, deploy, and monitor a model. I've written a lot of documentation explaining how the system works and how to modify and maintain it. There's also the documentation of the few libraries I used to build the system. I'm a massive fan of GroundX, an open-source enterprise-grade RAG system you can run on your servers or deploy to any cloud provider. I've been working with them for a long time. GroundX offers two services. First, the "ingest" service uses a custom, pretrained vision model to ingest and understand your data. I used this to process all the documentation I have for my code. Markdown files, source code, HTML files, and even PDF documents. Everything I've written related to my project went into GroundX. Their second service is "search," which combines text and vector search with a fine-tuned re-ranker model to retrieve information from the data. I needed to connect Cursor with this service, and that's where MCP came in. I built an MCP server with two tools: 1. The first tool would go to GroundX and retrieve the available topics. Splitting the data into topics (or "buckets," as GroundX calls them) allows me to use the same setup to serve documentation from different topics. 2. The second tool would search GroundX under a specific topic for the context related to the supplied query. The magic happens after connecting the MCP server with Cursor. Now, I can ask any questions related to my project, and Cursor's AI agent retrieves the list of available topics from the RAG system and then searches it to provide relevant context to the model. I went from getting mediocre, sometimes wrong answers to 100% truthful, complete answers. Here is the crazy part:

Santiago

255,433 Aufrufe • vor 1 Jahr

Anthropic CEO Dario Amodei just revealed the hidden bottleneck that will kill most AI companies in the next 18 months (Save this). The insight comes from a principle in computer science called Amdahl's Law. Dario's argument is simple when something starts working really well inside an organization, you have to immediately ask what isn't working well around it. Amdahl's Law states that the maximum speedup of any system is capped by the fraction you haven't improved and that applies to companies just as brutally as it applies to processors. If you can suddenly write three or four times as many pull requests as before, you don't get three or four times the output but you rather get a pile of code no one can review, verify, or trust. The data makes this impossible to ignore. Teams with heavy AI coding adoption are merging 98% more pull requests but PR review time has ballooned 91%, deployment velocity is effectively flat and 96% of developers don't fully trust AI-generated code reaching production. AI generated code produces 1.7x more issues per pull request than human written code, 0.83 issues per PR versus 6.45. Veracode's 2026 State of Software Security report found that 82% of organizations now carry security debt, up 11% year over year, with critical security debt surging 36% in a single year driven directly by AI-generated code reaching production faster than security teams can handle. What Dario is describing is a systems problem, not a software problem and coding is roughly 20% of the software delivery cycle. Even at infinite coding speed, you're still bottlenecked by review, security, verification, testing, and deployment which make up the other 80%. The enterprises that win are the ones that identify which part of their system is the new constraint after AI accelerates the old one and fix that next. This is why Anthropic's Claude Code focuses on the full development loop, not just generation, and why the verification and security layer of the AI stack is where the next wave of enterprise value gets created. This is also why Anthropic as a company is positioned differently than most people realize. Anthropic's 2026 Agentic Coding Trends Report found that organizations using full-loop agentic coding workflows where AI handles not just generation but testing, review, and deployment validation reduced their software defect rates by 43% while increasing velocity by 2.8x. Claude Code now authors 4% of all GitHub commits and is on track to hit 20%+ by year-end, with the full-loop use case growing 3x faster than pure code generation. Dario has been building Anthropic around the exact insight he's describing publicly ,the constraint isn't writing code but rather everything that has to happen after.

Milk Road AI

52,190 Aufrufe • vor 2 Monaten

If your MCP server has dozens of tools, it’s probably built wrong. You need tools that are specific and clear for each use case—but you also can’t have too many. This creates an almost impossible tradeoff that most companies don’t know how to solve. That’s why I interviewed my friend Alex Rattray (Alex Rattray), the founder and CEO of Stainless. Stainless builds APIs, SDKs, and MCP servers for companies like OpenAI and Anthropic. Alex has spent years mastering how to make software talk to software, and he came on the show to share what he knows. I had him on Every 📧’s AI & I to talk about MCP and the future of the AI-native internet. We get into: • Design MCP servers to be lean and precise. Alex’s best practices for building reliable MCP servers start with keeping the toolset small, giving each tool a precise name and description, and minimizing the inputs and outputs the model has to handle. At Stainless, they also often add a JSON filter on top to strip out unnecessary data. • Make complex APIs manageable with dynamic mode. To solve the problem of how an AI figures out which tool to use in larger APIs, Stainless switches to “dynamic mode,” where the model gets only three tools: List the endpoints, pick one and learn about it, and then execute it. • MCP servers as business copilots. At Stainless, Alex uses MCP servers to connect tools like Notion and HubSpot, so he can ask questions like, “Which customers signed up last week?” The system queries multiple databases and returns a summary that would’ve otherwise taken multiple logins and searches. • Create a “brain” for your company with Claude Code. Alex built a shared company brain at Stainless by keeping Claude Code running on his system and asking it to save useful inputs—like customer feedback and SQL queries—into GitHub. Over time, this creates a curated archive his team can query easily. • The future of MCP is code execution. Instead of giving models hundreds of tools, Alex believes the most powerful setup will be a simple code execution tool and a doc search tool. The AI writes code against an API’s SDK, runs it on a server, and checks the docs when it gets stuck. This is a must-watch for anyone who wants to understand MCP—and learn how to use them as a competitive edge. Watch below! Timestamps: Introduction: 00:01:14 Why Alex likes running barefoot: 00:02:54 APIs and MCP, the connectors of the new internet: 00:05:09 Why MCP servers are hard to get right: 00:10:53 Design principles for reliable MCP servers: 00:20:07 Scaling MCP servers for large APIs: 00:23:50 Using MCP for business ops at Stainless: 00:25:14 Building a company brain with Claude Code: 00:28:12 Where MCP goes from here: 00:33:59 Alex’s take on the security model for MCP: 00:41:10

Dan Shipper 📧

15,645 Aufrufe • vor 9 Monaten

HERMES AGENT WITHOUT TOOLS IS A CHATBOT. WITH THEM IT BUILDS 3D TOWERS IN BLENDER, CHECKS STOCK PRICES, AND DRIVES VS CODE. tonbi JUST DROPPED THE FULL GUIDE. module 6 of his 10-part Hermes masterclass. best breakdown of the tool layer anyone has published. what you need to know: TOOLS vs SKILLS vs MCP skills = instructions (markdown, loaded into context) tools = callable functions (Python, agent emits call, Hermes executes) MCP = adapters to external systems (Blender, Stripe, Linear, Notion) every tool has three parts: → the function (does the real work) → the schema (what the model sees to decide when to call it) → the registry (makes the tool exist in the agent) the model never runs the function directly. it emits a structured request (tool name + JSON args). Hermes executes and returns the result. if the tool fails, the error goes back as JSON. the agent recovers instead of crashing. TOOL SETS CONTROL THE SURFACE hermes chat --tool-sets web # only web tools loaded. no files, no terminal. hermes chat --tool-sets safe # read-only: web search, vision, image gen. # no file writes. no terminal. no code execution. mid-session: /tools enable video /tools disable terminal or toggle in the dashboard: hermes dashboard → Skills → Tool Sets MCP SERVERS two transport types: STDIO (local subprocess) or HTTP (remote endpoint). add a server: hermes mcp # or ask: "add the MCP server for Blender" filter tools with include/exclude per server. keep only what you trust. security: → OAuth 2.1 PKCE (no long-lived tokens in config) → package scanning via api.osv. dev before launch → all MCP calls go through approval gates HERMES AS MCP SERVER hermes mcp serve exposes 10 tools via FastMCP. connect VS Code Copilot or Cursor to your running Hermes instance. BUILD YOUR OWN TOOL He built a stock price tool live: → Python function calling Finnhub API → schema with name, description, parameters → registered in tool_sets.py → agent calls it automatically when relevant any repeating API call in your workflow can become a native tool. full Hermes architecture deep-dive in the article 👇

YanXbt

32,680 Aufrufe • vor 1 Monat

What does it mean for software engineering when we no longer write the code? Here's the take from Boris Cherny (Boris Cherny), the creator of Claude Code. Timestamps: 00:00 Intro 11:15 Lessons from Meta 19:46 Joining Anthropic 23:08 The origins of Claude Code 32:55 Boris's Claude Code workflow 36:27 Parallel agents 40:25 Code reviews 47:18 Claude Code's architecture 52:38 Permissions and sandboxing 55:05 Engineering culture at Anthropic 1:05:15 Claude Cowork 1:12:48 Observability and privacy 1:14:45 Agent swarms 1:21:16 LLMs and the printing press analogy 1:30:16 Standout engineer archetypes 1:32:12 What skills still matter for engineers 1:35:24 Book recommendations Brought to you by: • Statsig — ⁠ The unified platform for flags, analytics, experiments, and more. • Sonar – The makers of SonarQube, the industry standard for automated code review. Proactively find and fix issues in real-time with the SonarQube MCP Server: • WorkOS – Everything you need to make your app enterprise ready. Three interesting things from this conversation: 1. Boris automated himself out of code review well before AI. Boris was one of the most prolific code reviewers at Meta company. And he worked hard to minimize time spent on code review. His system::every time he left the same kind of review comment, he logged it in a spreadsheet. Once a pattern hit 3-4 occurrences, he’d write a lint rule to automate it away! 2. PRDs are dead on the Claude Code team: prototypes replaced them. Instead of writing Product Requirement Documents (specs), they build hundreds of working prototypes before shipping a feature. Boris: “There’s just no way we could have shipped this if we started with static mocks and Figma or if we started with a PRD.” 3. This is the year of the generalist (and maybe the year of those with ADHD) Boris’s work has shifted from deep-focus single-threaded coding to managing multiple parallel agents and context-switching rapidly. As Boris put it: “It’s not so much about deep work, it’s about how good I am at context switching and jumping across multiple different contexts very quickly.”

Gergely Orosz

489,599 Aufrufe • vor 4 Monaten

lee from cursor JUST showed me the future of coding in this 29 min tutorial. what if instead of thinking about coding as you sitting alone in front of a screen , you started to think about it as you and a swarm of agents each taking on very specific roles, each showing up exactly when you need them, each running in the background without ever needing a coffee break. imagine a bugbot that doesn’t just review your pull request but triages the issue instantly, leaves intelligent comments, and in some cases even proposes a fix before a teammate has had the chance to read the description. imagine a security agent that quietly scans your code for vulnerabilities and flags them long before they become liabilities. imagine an agent dedicated to software culture, enforcing the little rules your team has decided matter, whether that’s never skipping loading states, banning certain lazy marketing phrases in your code comments, or making sure tests are always included. lee walked me through how all of this already exists inside cursor. he spun up custom commands like /code-review or /security-review that behave less like toys and more like trusted coworkers who have internalized the way your team thinks about quality. and when he combined that with rails, type safety, linters, formatting rules, test suites.... the agents learned to check themselves against the rails and fix mistakes automatically. you end up with a system where the codebase begins to feel alive, constantly watching itself, constantly healing. another thing i learned from lee was watching how he doesn’t pile everything into one giant context and hope for magic. he creates new chats for every new task, sometimes twenty or more in a single day, each one a fresh brain that isn’t bogged down by yesterday’s details. it’s a discipline that keeps the agents sharp and the outputs clean. pro tip, thanks Lee Robinson. this was a cool glimpse into the future of coding and some tips on how to squeeze the most out of cursor. anything is possible.

GREG ISENBERG

47,160 Aufrufe • vor 10 Monaten

. Kent Beck 🌻 is a legend in software engineering: and after coding for 52 years, he's never had more fun than now, he told me. Why? Because AI agents brought back the joy of creating software without the stuff that he's started to hate about coding for so long. Watch or listen: • YouTube: • Spotify: • Apple: Brought to you by: • Sonar — Code quality and code security for ALL code •⁠ Statsig ⁠ — ⁠ The unified platform for flags, analytics, experiments, and more • Augment Code — AI coding assistant that pro engineering teams love Two of my takeaways from this chat with Kent: 𝟭. 𝗞𝗲𝗻𝘁 𝗶𝘀 𝗿𝗲-𝗲𝗻𝗲𝗿𝗴𝗶𝘇𝗲𝗱 𝘁𝗵𝗮𝗻𝗸𝘀 𝘁𝗼 𝘂𝘀𝗶𝗻𝗴 𝗔𝗜 𝗮𝗴𝗲𝗻𝘁𝘀 𝘁𝗼 𝗯𝘂𝗶𝗹𝗱 𝘀𝘁𝘂𝗳𝗳. Kent has been coding for 52 years, and the last decade, he’s gotten a lot more tired of all of it: learning yet another new language or framework, or debugging the issues when using the latest framework. What he loves about these AI agents (and AI coding tools) is how he doesn’t need to know exactly all the details: he can now be a lot more ambitious in his projects. Currently, Kent is building a server in Smalltalk (that he’s been wanting to do for many years) and a Language Server Protocol (LSP) for Smalltalk 𝟮. 𝗙𝗮𝗰𝗲𝗯𝗼𝗼𝗸 𝘄𝗿𝗼𝘁𝗲 𝗻𝗼 𝘂𝗻𝗶𝘁 𝘁𝗲𝘀𝘁𝘀 𝗶𝗻 𝟮𝟬𝟭𝟭, 𝗮𝗻𝗱 𝘁𝗵𝗶𝘀 𝘀𝘁𝘂𝗻𝗻𝗲𝗱 𝗞𝗲𝗻𝘁, 𝗯𝗮𝗰𝗸 𝗶𝗻 𝘁𝗵𝗲 𝗱𝗮𝘆. Kent joined Facebook in 2011, and was taken aback by the lack of testing and how everyone pushed code to production without automated testing. What he came to realize – and appreciate! – was how Facebook had several things balancing this out: • Devs took responsibility for their code very seriously • Nothing at Facebook was “someone else’s problem:” devs would fix bugs when they saw them, regardless of whose commit caused it • Feature flags were heavily used for risky code • Facebook did staged rollouts to smaller markets like New Zealand To this date, Facebook ships code to production in a unique way. We covered more in the deepdive Shipping to Production at

Gergely Orosz

42,514 Aufrufe • vor 1 Jahr

Claude Code + computer use is f*cking cracked 🤯 Build a landing page → Claude opens Chrome, looks at it, spots every issue, and fixes it — without you describing a single thing. All inside Claude Code. Perfect for DTC brands and agencies who are still vibe-coding landing pages and advertorials in Claude Code, then manually opening them in Chrome, spotting 15 things wrong, and describing every visual issue back to Claude one at a time. If you're building pages in Claude Code and your workflow looks like this — build the page, open it in Chrome, spot broken spacing, go back to Claude, type "the CTA button is too low and the hero image is cut off," wait for the fix, open Chrome again, find 3 new issues, describe those too ... Claude Code + computer use eliminates the entire loop: → Claude writes the full landing page or advertorial → Opens Chrome and navigates to it → Spots layout issues, broken spacing, off-brand colors, missing elements → Fixes everything and re-checks until the page looks right → Tests your Shopify product pages by clicking through like a real customer → Walks through your checkout flow and flags friction before customers hit it → You only see the finished, visually verified result No describing what you see on screen. No "the CTA button needs more contrast" back-and-forth. No being the eyeballs for an AI that can't see. What you get: → Landing pages and advertorials Claude builds AND visually QAs before you ever look at them → Product pages Claude clicks through — testing layout, images, and CTAs like a real user → HTML dashboards Claude opens and verifies the charts actually render → Checkout flows Claude walks through step by step to catch friction → All of it happening in one session — build, test, fix, done One prompt. Claude builds it, checks it, and fixes it. You just review the finished page. I put together a full playbook with the exact setup, the prompts, and 5 DTC workflows that use Claude Code + computer use. Want it for free? > Like this post > Comment "CLAUDE" And I'll send it over (must be following so I can DM)

Mike Futia

19,099 Aufrufe • vor 3 Monaten

Anthropic's most viral feature is now open-source! Until now, Anthropic's Generative UI capabilities only existed inside its own products. CopilotKit🪁 just shipped Open Generative UI, an open-source implementation of Claude Artifacts that works in any app. The agent generates HTML/SVG at runtime, and CopilotKit streams it token-by-token into a sandboxed iframe inside the app's chat. So the user can watch the UI assemble itself in real time, not after the full response is ready. The sandbox is fully isolated with no access to the parent app, the DOM, or user data. So if the agent hallucinates broken markup or unexpected JavaScript, nothing leaks outside the iframe. Under the hood, the agent does not select from pre-built components. Instead, it generates arbitrary visuals from scratch every time. The output is unconstrained by default, but you can shape it by defining prompt-based skills that teach the agent specific visual formats or guidelines. For instance, a skill prompt can guide the agent toward producing a Chart.js dashboard with proper axis labels and responsive sizing, or an interactive 3D model with rotation controls. The video below shows this in action, and the output quality you see actually comes from the skills layer. Open Generative UI runs on AG-UI, so it works out of the box with LangGraph, CrewAI, Mastra, Google ADK, AWS Strands, and more. It also ships with a standalone MCP server that plugs into Claude Code, Cursor, or any MCP-compatible client. And the entire stack is built on top of CopilotKit, the open-source frontend framework for agents and generative UI. 30k+ GitHub stars, with SDKs for React, Next.js, Angular, and Vue. I have shared the GitHub repo and a live playground in the replies!

Akshay 🚀

85,740 Aufrufe • vor 2 Monaten

Cursor vs Claude Code (day 3 of 30) today I re-tested Conductor and I don't want to overhype this but... what the actual fook 😮 this thing is amazing! closest things to the "perfect workflow" I have seen in a long time, and it's something I could see myself use full-time it's so minimal and the polar opposite of Cursor but it has all the essentials → Claude Code + Codex subscriptions (= unlimited usage) → great integration with Claude Code's plan mode → multiple tabs with multiple agents at the same time → can use multiple models, not just one → great file tree and diff viewer → best git worktree support I've ever seen there's honestly so much more, like a dedicated "review" button (which you can pair to your favorite review model, e.g. gpt-5.2-extra-high), buttons to create and merge pull requests, to launch your dev server, ... this solves literally EVERY fault I can think of when using Claude Code and/or Codex, combining both into one easy UX that not only does everything the tools can do, but actually adds useful stuff on top just 6 months ago I couldn't have dreamt about any this and the wildest part is that IT IS FREE (I'd literally pay for this UX lol) first time I'm genuinely enjoying myself since starting this challenge not saying it's a full Cursor replacement yet, it obviously isn't for a lot of people (no browser, no debug mode, no code indexing, etc) ... but this is the closest thing I've seen yet 👀 follow for day 4!

Robin Ebers | AI Coding for Founders

40,431 Aufrufe • vor 6 Monaten

I built a mobile app to check Paddle revenue (because they don't have one): 👉 - Use your Paddle API key (read-only and scoped) - Live data with beautiful and useful graphs built with native Swift UI. - Multi-account supported, unified revenue metrics. - Data stay on device, no server (api requests are sent directly from your phone) - Home widgets - I made it free to download on App Store (once it's approved) - Buy the source code for $19 and customize it however you want (save 5hrs of prompting if you try to do it yourself). Some interesting facts about this side project: - I vibe coded with 100% claude code remotely on my Mac Mini (with my AI assistant setup) in less than 24 hours. - I have read 0 line of code in this project and never opened Xcode myself. - My AI assistant designed the app with GPT Image 2, built the app with Swift UI, test it on simulator (via screenshots), send the test build to TestFlight for me to test, and invited me to the app store connect account so I can test on my phone, then the AI submitted the app to App Store and currently waiting for approval. - For the website, I ask it to come up with a domain name, I bought it via manually and give it access via Cloudflare API, the AI design and create a static website with GitHub, test it with lighthouse CLI, deploy via GitHub pages, config the domain DNS, deploy the website. - Then I sign up an account with Polar payment, create an API key and ask the AI to setup a store, add payment, link with the account, and add the payment to the website. The entire process happened in the last 24 hours with me only talking to the AI via Telegram. This is such a fun side project not only to create an app that I wish exists, but also to push the limit of what I can use AI for, and so far I'm very impressed. I'll create so much more apps! It feels like I have unlocked a super power.

Tony Dinh

43,787 Aufrufe • vor 1 Monat