Tom Howlett

2.3K posts

Tom Howlett banner
Tom Howlett

Tom Howlett

@leantomato

AI Engineering Engagement @sonarsource. Exploring the AI coding quality challenge!

Stroud UK Katılım Temmuz 2009
707 Takip Edilen901 Takipçiler
Sabitlenmiş Tweet
Tom Howlett
Tom Howlett@leantomato·
Present a good team with problems & they'll thrive on finding solutions. Ask them to implement your solution & they'll only find problems.
English
5
246
162
0
Tom Howlett
Tom Howlett@leantomato·
@aienginerd Agreed, I have a refactoring task that I try on all model releases and harnesses and 5.6 does the best job I've seen: it takes care (I'm seeing less bugs), uses tools well, cares about architecture and the outcome is solid.
English
1
0
1
17
Slopware Engineer
Slopware Engineer@aienginerd·
This is the absolute opposite of my experience with 5.6. 5.6 is materially better in every way, ESPECIALLY writing. There is not one thing for which 5.5 is a better option now. How can two users of the same product have such vastly different experiences?
Sumuk@sumukx

Some thoughts about GPT-5.6-Sol after ~30B tokens: Sol is the most OCD model I’ve used thus far. It very frequently gets one-shotted by random nits in the codebase and writes a bunch of tests to fix it. Even with fast mode, it’s incredibly slow to do this kind of iterative development, especially when builds take really long. This by itself is not a bad thing, but the worst part is that after 2 compactions, it’s chasing the nitpick / useless goals I never told it to accomplish, rather than the main task. This behavior is so bad, I thought I was messing something up and tried codex, pi, and opencode to figure out if it’s a harness issue, but there is no meaningful difference between the three, which leads me to believe this is a model problem. AI code has this weird delayed release effect. You’ll only notice slop code 2 dev cycles into a codebase when you spend more time fighting with the code and on refactors than on shipping features. It’s possible that sol is better than 5.5 a couple cycles in, but tbd. My file deletion experience has also been similar to others: this is a dangerous model to let loose without guardrails. For instance, when performing a routine container upgrade, it accidentally printed out an env secret, then panicked and rotated ALL secrets (this is internal so not public facing, which was also documented), and proceeded to break everything, spending an extra hour fixing everything and redeploying everything else to use the new secrets. It also gets rid of files it doesn’t like. I have no idea why this is, but I think something about the reward model rewarded bookkeeping. Writing is another problem. 5.6 has a huge context bleed effect. It does not know how to write documentation and starts putting the specs in the documentation. If I ask it to develop a user sandbox for isolation, and also ask it to write documentation, it starts talking about specs and sandboxes in user-facing docs, which makes no sense. Fable is somehow much, much smarter in this regard. Frontend design has also not gotten better. Fable is still one generation ahead here. Overall, as a huge 5.5 user, I am not convinced that sol is a meaningful upgrade. It’s possible my practices need to change, but unfortunately it feels like I’m spending longer fighting with 5.6 than I did with 5.5. It’s like the model is so SO smart, but so hard to work with, compared to fable and even grok4.5 surprisingly. It’s clearly intelligent, but also just doesn’t care about what I ask it to do? (Is this supposed to be AGI feels like?) I hope the codex team fixes what possibly is a bad harness setup, because the benchmark numbers show a very different story from what I’m seeing while using the model.

English
1
0
4
235
Tom Howlett
Tom Howlett@leantomato·
@SVERSC1952 @thdxr Yes, I'm a bit biased but this approach really speeds up the process of generating quality code with Agents. Sonar Vortex is designed to give agents the tools they need. sonarsource.com/products/sonar… You can also do a lot with the basic Sonar MCP and CLI
English
1
1
2
29
Santiago Vicente
Santiago Vicente@SVERSC1952·
Totally agree that pure static AI PR reviews are limited and interactivity wins. Maybe I'm missing something, but couldn't static tools like Semgrep, SonarQube, CodeQL/Roslynator (with their official or community MCP servers and CLI) be invoked on demand by the agent during the conversation? Getting real results exactly when needed and continuing the back-and-forth refinement. Wouldn't that give us the best of both worlds?
English
1
0
0
293
dax
dax@thdxr·
all these static AI PR review tools are pointless no matter how fancy they are you can tell your robot about a PR, ask it what to look at first and go back and forth with your thoughts until you've processed it all interactivity is always better
English
51
21
699
49.5K
Tom Howlett retweetledi
Sonar
Sonar@SonarSource·
Better code quality = lower AI costs 💸 Agents use 7.1% fewer input tokens on better-structured code, doing the same work for less. And because agents tend to make code messier over time, keeping quality up is what protects the savings. Details: sonarsource.com/blog/your-ai-b…
English
0
1
3
306
Tom Howlett
Tom Howlett@leantomato·
@slopwareindy great, let me know how you get on and feel free to dm me if you have any questions. pi-goals looks interesting. I'm thinking about a sonar Pi plugin now!
English
1
0
0
18
Slopware Engineer
Slopware Engineer@aienginerd·
@leantomato ooh no I haven't, had no idea those existed. thanks for the tip, I'll check them out!
English
1
0
0
16
Slopware Engineer
Slopware Engineer@aienginerd·
This is INSANE. A large slop PR had 45 minor sonarqube issues in it. I did a new "appshot" of the issues page (cmd+cmd) and dropped a: /goal Resolve all sonarqube issues in [project] and deliver a final artifact that proves it. Group classes of issue remediations into separate work blocks and commits. It literally took me longer to write this post. Now I'm going to go touch grass while this works. What a time to be alive @OpenAIDevs
Slopware Engineer tweet media
English
3
0
1
185
Tom Howlett
Tom Howlett@leantomato·
Preparing for demos at AI Dev 26 and I can see Claude is planning to have fun with me! (I’m a Tom!)
Tom Howlett tweet media
English
0
0
1
40
Tom Howlett retweetledi
Sonar
Sonar@SonarSource·
Claude Code builds 🤝 SonarQube verifies. Now, they do it in the same place. The SonarQube plugin for Claude Code is available now in the Anthropic marketplace.
English
0
2
5
620
Tom Howlett
Tom Howlett@leantomato·
I'm over trying to get agents to do everything and getting back to crafting the good stuff and leaving agents for a) the mundane b) experiments c) scripting and automating d) (re)searching and distilling e) analytics. Feels good!
English
0
0
0
16
Tom Howlett
Tom Howlett@leantomato·
@AleksejAros @SonarSource Yes, what sort of assumptions do you see the agent making? We're always looking to expand our ruleset especially for agents. On static analysis we only release rules a very low FP rate so we can bring some confidence where the agent can't
English
0
0
1
26
Tom Howlett
Tom Howlett@leantomato·
For the last 6 months I’ve been working on Agentic Analysis, a new product for @SonarSource that was launched as an open beta today. It provides Sonar’s comprehensive analysis to AI Agents in seconds and together with its sister product Context Augmentation allows the agent to produce quality code from the outset. sonarsource.com/blog/agentic-a…
English
2
0
3
70
Tom Howlett
Tom Howlett@leantomato·
Thanks for sharing, really valuable! I've been experimenting with it and by using @sonar the agent will happily keep erosion to ~0.05, making the code more human readable, however it has no impact on the pass rates. I tried extending to 10 checkpoints and the result was the same. Did you see evidence of the agent pass rates being impacted by high erosion?
English
0
0
0
17
Gabe Orlanski
Gabe Orlanski@GOrlanski·
We found that agents generate progressively worse code with each iteration. Real developers do not. SlopCodeBench is the only eval that faithfully measures quality degradation on iterative, long-horizon coding tasks. arxiv.org/abs/2603.24755 scbench.ai 🧵
Gabe Orlanski tweet media
English
44
98
722
184.1K
Tom Howlett retweetledi
Sonar
Sonar@SonarSource·
To strengthen the Guide, Verify, & Solve phases of the Agent Centric Development Cycle, we've strengthened our offering with: 🔷 Sonar Context Augmentation 🔷 SonarQube Agentic Analysis 🔷 SonarSweep 🔷 SonarQube Remediation Agent Read the news: sonarsource.com/company/press-…
English
0
1
3
331
Tom Howlett retweetledi
Sonar
Sonar@SonarSource·
Software architecture shouldn’t be a headache. SonarQube now enables architecture management directly in your dev workflow. Visualize your structure, define goals, and stop architectural drift before it compounds. 🚀 See how it works: sonarsource.com/solutions/arch…
English
0
1
0
218
Tom Howlett
Tom Howlett@leantomato·
“Overall, adopting tools like Codex is not just a technical but also a deep cultural change, with a lot of downstream implications to figure out.” - yes!
Greg Brockman@gdb

Software development is undergoing a renaissance in front of our eyes. If you haven't used the tools recently, you likely are underestimating what you're missing. Since December, there's been a step function improvement in what tools like Codex can do. Some great engineers at OpenAI yesterday told me that their job has fundamentally changed since December. Prior to then, they could use Codex for unit tests; now it writes essentially all the code and does a great deal of their operations and debugging. Not everyone has yet made that leap, but it's usually because of factors besides the capability of the model. Every company faces the same opportunity now, and navigating it well — just like with cloud computing or the Internet — requires careful thought. This post shares how OpenAI is currently approaching retooling our teams towards agentic software development. We're still learning and iterating, but here's how we're thinking about it right now: As a first step, by March 31st, we're aiming that: (1) For any technical task, the tool of first resort for humans is interacting with an agent rather than using an editor or terminal. (2) The default way humans utilize agents is explicitly evaluated as safe, but also productive enough that most workflows do not need additional permissions. In order to get there, here's what we recommended to the team a few weeks ago: 1. Take the time to try out the tools. The tools do sell themselves — many people have had amazing experiences with 5.2 in Codex, after having churned from codex web a few months ago. But many people are also so busy they haven't had a chance to try Codex yet or got stuck thinking "is there any way it could do X" rather than just trying. - Designate an "agents captain" for your team — the primary person responsible for thinking about how agents can be brought into the teams' workflow. - Share experiences or questions in a few designated internal channels - Take a day for a company-wide Codex hackathon 2. Create skills and AGENTS[.md]. - Create and maintain an AGENTS[.md] for any project you work on; update the AGENTS[.md] whenever the agent does something wrong or struggles with a task. - Write skills for anything that you get Codex to do, and commit it to the skills directory in a shared repository 3. Inventory and make accessible any internal tools. - Maintain a list of tools that your team relies on, and make sure someone takes point on making it agent-accessible (such as via a CLI or MCP server). 4. Structure codebases to be agent-first. With the models changing so fast, this is still somewhat untrodden ground, and will require some exploration. - Write tests which are quick to run, and create high-quality interfaces between components. 5. Say no to slop. Managing AI generated code at scale is an emerging problem, and will require new processes and conventions to keep code quality high - Ensure that some human is accountable for any code that gets merged. As a code reviewer, maintain at least the same bar as you would for human-written code, and make sure the author understands what they're submitting. 6. Work on basic infra. There's a lot of room for everyone to build basic infrastructure, which can be guided by internal user feedback. The core tools are getting a lot better and more usable, but there's a lot of infrastructure that currently go around the tools, such as observability, tracking not just the committed code but the agent trajectories that led to them, and central management of the tools that agents are able to use. Overall, adopting tools like Codex is not just a technical but also a deep cultural change, with a lot of downstream implications to figure out. We encourage every manager to drive this with their team, and to think through other action items — for example, per item 5 above, what else can prevent a lot of "functionally-correct but poorly-maintainable code" from creeping into codebases.

English
0
0
0
46
Tom Howlett retweetledi
Sonar
Sonar@SonarSource·
Bad data in = bad code out. 🤖 It's the Achilles' heel of AI code generation. That's why we're introducing SonarSweep™, our new service that optimizes and secures training data for coding LLMs.🧹🛡️ Read the announcement: bit.ly/478bDfK #CodeQuality #SonarSweep
Sonar tweet media
English
4
4
14
25.3K
Tom Howlett
Tom Howlett@leantomato·
@Rubberduck203 @GAnnCampbell @tottinge @BarretBlake What version were you using? We’re now updating (almost) all our rules as new versions of C# are being released. There was a bit of a backlog as we migrated to our new Semantic Execution Engine which is almost complete.
English
0
0
0
11
Chris McClellan
Chris McClellan@Rubberduck203·
@GAnnCampbell @tottinge @BarretBlake SonarQube’s impl for C# is hot garbage and will often prevent teams from upgrading their lang version because it lags by years. Just use editorconfig and /treatwarningsaserror.
English
2
0
0
14
Tom Howlett
Tom Howlett@leantomato·
@SonarQube @danroth27 Hi, If you message me I'll send you an email and we can set something up. Looking forward to discussing it :-)
English
1
0
1
29
SonarQube
SonarQube@SonarQube·
@danroth27 Thanks for the ping; we're actually talking about that right now! Our PM @leantomato is going to contact you
English
1
0
0
105