>Now reviewing the 1k lines it generated and making sure its secure, thats going to take me longer than writing it by hand.

Then you still need to learn how to use the tools to speed up reviewing the code.

▲

archagon 3 days ago | parent | next [-]

You're not actually doing engineering if you're just vibe-coding, reviewing, and testing all the way down. What the hell is that? Just a weird simulacrum of software development that will break apart in unpredictable ways. Security consultants are going to have very lucrative careers in the coming years.

▲

mekael 3 days ago | parent | prev [-]

If I don't have experience with the underlying framework/language/thing being modified, it makes it quite difficult to trust the actual review. In this example, I haven't worked heavily with Cloudformation, so I can't call b.s if it leaves a database instance exposed to the wider public internet rather than in my company's private VPC.

▲

logicchains 3 days ago | parent [-]

You can ask the agent to check that it doesn't leave a database instance exposed to the public, and present you with proof for you to check (references to the code and the relevant Cloudformation documentation). Then repeat this for all the things you'd normally want to check for in a code review.

	▲	mekael 3 days ago \| parent [-]
		In that case I'm just moving the reading of the documentation from reading it as I'm writing the yaml to when I'm doing a code review. Not saying it isn't helpful to have a pair researcher, just seems like I'm moving things around .