Tootfinder

Grounded AI for Code Review: Resource-Efficient Large-Model Serving in Enterprise Pipelines
Sayan Mandal, Hua Jiang
https://arxiv.org/abs/2510.10290 https://

Grounded AI for Code Review: Resource-Efficient Large-Model Serving in Enterprise Pipelines
Automated code review adoption lags in compliance-heavy settings, where static analyzers produce high-volume, low-rationale outputs, and naive LLM use risks hallucination and incurring cost overhead. We present a production system for grounded, PR-native review that pairs static-analysis findings with AST-guided context extraction and a single-GPU, on-demand serving stack (quantized open-weight model, multi-tier caching) to deliver concise explanations and remediation guidance. Evaluated on saf…

Cursor says it has crossed $1B in annualized revenue, has 300 employees, and its in-house models "generate more code than almost any other LLMs in the world" (Ashley Capoot/CNBC)
https://www.cnbc.com/2025/11/13/cursor-ai-startup-funding-round-valuati…

AI startup Cursor raises $2.3 billion funding round at $29.3 billion valuation
Cursor built a popular AI coding tool that helps software developers generate, edit and review code.

Maybe I should mention how well it does.
It's caught some bugs before they're published, some fairly serious. But mostly its hallucinated many problems which aren't really there.
With all the code we write being reviewed by robots now, the code is written slightly differently to avoid it going on about issues that aren't really there.
People imagine that code is written for the computer to run, but really it's always been written for the programmers to understand. Now it's also written keeping in mind it'll be reviewed by an AI that has no context or understanding tasked with nit-picking to review.
Arguably this is ending up with better code. More unnecessary re-validation of everything mostly, but its also taking longer rather than being quicker.
Is that more efficient? 🤷 Sort of maybe?
3/3

GCVE-BCP-05 - GCVE Vulnerability Format (Updated CVE Record Format) has been published as DRAFT and ready for public review.
The standard is similar to the @… record format with some extensions (via the X_ prefixes) for GCVE format and the reference implementation vulnerability-lookup. This allows some flexibility and innovation in GNA - GCVE space w…

from my link log —
Publish, Review, Curate to upend scholarly publishing.
https://anil.recoil.org/notes/coar-prc
saved 2025-12-08 https://dotat.a…

Publish, Review, Curate to upend scholarly publishing
Report from a COAR conference on transforming scholarly publishing through the Publish, Review, Curate model, discussing diamond open access, early career challenges, and expanding open infrastructure to datasets and code.

From Birdwatch to Community Notes, from Twitter to X: four years of community-based content moderation
Saeedeh Mohammadi, Narges Chinichian, Hannah Doyal, Kristina Skutilova, Hao Cui, Michele d'Errico, Siobhan Grayson, Taha Yasseri
https://arxiv.org/abs/2510.09585

From Birdwatch to Community Notes, from Twitter to X: four years of community-based content moderation
Community Notes (formerly known as Birdwatch) is the first large-scale crowdsourced content moderation initiative that was launched by X (formerly known as Twitter) in January 2021. As the Community Notes model gains momentum across other social media platforms, there is a growing need to assess its underlying dynamics and effectiveness. This Resource paper provides (a) a systematic review of the literature on Community Notes, and (b) a major curated dataset and accompanying source code to supp…

What Types of Code Review Comments Do Developers Most Frequently Resolve?
Saul Goldman, Hong Yi Lin, Jirat Pasuksmit, Patanamon Thongtanunam, Kla Tantithamthavorn, Zhe Wang, Ray Zhang, Ali Behnaz, Fan Jiang, Michael Siers, Ryan Jiang, Mike Buller, Minwoo Jeong, Ming Wu
https://arxiv.org/abs/2510.05450

What Types of Code Review Comments Do Developers Most Frequently Resolve?
Large language model (LLM)-powered code review automation tools have been introduced to generate code review comments. However, not all generated comments will drive code changes. Understanding what types of generated review comments are likely to trigger code changes is crucial for identifying those that are actionable. In this paper, we set out to investigate (1) the types of review comments written by humans and LLMs, and (2) the types of generated comments that are most frequently resolved …

For hosting our internal source code repositories, we're using #gitea. There are a bunch of other options and all of them seem to mimic github's look and feel. Gitea was the one I found out about first some years ago and it stuck. It has an issue tracker and works well for doing pull requests and reviewing them online.
There's a commercial cloud hosting offer and an enterprise opt…

Spent my morning pairing with Claude because I had to make probably-similar-but-not-identical changes to 73 repositories. Starting with analysis, planning and reviews which was so much easier at scale with assistance. My successful workflows are the ones where I think about how to keep myself in the loop, and I review/edit everything before I run it - but ask for review and feedback as I go. The scripts are a mess but it’s disposable code so as long as it’s readable, that’s fine!

RevMine: An LLM-Assisted Tool for Code Review Mining and Analysis Across Git Platforms
Samah Kansab, Francis Bordeleau, Ali Tizghadam
https://arxiv.org/abs/2510.04796 https://…

RevMine: An LLM-Assisted Tool for Code Review Mining and Analysis Across Git Platforms
Empirical research on code review processes is increasingly central to understanding software quality and collaboration. However, collecting and analyzing review data remains a time-consuming and technically intensive task. Most researchers follow similar workflows - writing ad hoc scripts to extract, filter, and analyze review data from platforms like GitHub and GitLab. This paper introduces RevMine, a conceptual tool that streamlines the entire code review mining pipeline using large language…

Numerical Modeling of Prominences and Coronal Rain with the MPI-AMRVAC Code
Valeriia Liakh, Jack Jenkins
https://arxiv.org/abs/2510.04222 https://arxiv.org…

Numerical Modeling of Prominences and Coronal Rain with the MPI-AMRVAC Code
This review surveys recent advances in the numerical modeling of solar prominences and coronal rain achieved with the fully open-source adaptive-grid, parallelized Adaptive Mesh Refinement Versatile Advection Code (MPI-AMRVAC). We examine how these models have contributed to our understanding of the formation and evolution of cool plasma structures in the solar corona. We first discuss prominence models that focus on prominence formation and their dynamic behavior. We then turn to coronal rain,…

Holy shit, Webflow.
I understand you may not have anyone on staff to review this LLM-generated ARIA explainer, but you’ve mostly just convinced me your product is a lawsuit-in-waiting.
I’m sorry most of your customers won’t recognize that.
https://webflow.com/blog/how-to-use-aria…

AI code review startup CodeRabbit raised a $60M Series B led by Scale Venture Partners, valuing the company at $550M, and says it makes $15M in ARR (Marina Temkin/TechCrunch)
https://techcrunch.com/2025/09/16/coderabbit-raises-6…

CodeRabbit raises $60M, valuing the 2-year-old AI code review startup at $550M  | TechCrunch
The round, which brought the two-year-old startup’s total funding to $88 million, was led by Scale Venture Partners.

Just a few days left of my NYTimes sub which I will not be renewing, so here's a gift article about people's relationship with Pynchon, with a bit from @… in it:

Lisa Simpson and Other Fans of Thomas Pynchon on the Writer’s Most Memorable Scenes
With the famously private novelist enjoying a (private) moment in the sun, we reached out to die-hard fans who’ve tuned in to the zaniness all along.

Greptile, maker of an AI-powered code review tool, raised a $25M Series A led by Benchmark and launches Greptile v3 (Mike Wheatley/SiliconANGLE)
https://siliconangle.com/2025/09/23/greptile-bags-25m-funding-take-coderabbit-graphite-a…

Greptile bags $25M in funding to take on CodeRabbit and Graphite in AI code validation - SiliconANGLE
Greptile bags $25M in funding to take on CodeRabbit and Graphite in AI code validation - SiliconANGLE

Addressing Visual Impairments with Model-Driven Engineering: A Systematic Literature Review
Judith Michael, Lukas Netz, Bernhard Rumpe, Ingo M\"uller, John Grundy, Shavindra Wickramathilaka, Hourieh Khalajzadeh
https://arxiv.org/abs/2510.06483

Addressing Visual Impairments with Model-Driven Engineering: A Systematic Literature Review
Software applications often pose barriers for users with accessibility needs, e.g., visual impairments. Model-driven engineering (MDE), with its systematic nature of code derivation, offers systematic methods to integrate accessibility concerns into software development while reducing manual effort. This paper presents a systematic literature review on how MDE addresses accessibility for vision impairments. From 447 initially identified papers, 30 primary studies met the inclusion criteria. Abo…

Automatic Building Code Review: A Case Study
Hanlong Wan, Weili Xu, Michael Rosenberg, Jian Zhang, Aysha Siddika
https://arxiv.org/abs/2510.02634 https://a…

Automatic Building Code Review: A Case Study
Building officials, particularly those in resource-constrained or rural jurisdictions, face labor-intensive, error-prone, and costly manual reviews of design documents as projects increase in size and complexity. The growing adoption of Building Information Modeling (BIM) and Large Language Models (LLMs) presents opportunities for automated code review (ACR) solutions. This study introduces a novel agent-driven framework that integrates BIM-based data extraction with automated verification usin…

🚀 Multiple Execution Profiles: Configure different models (GPT-5, O3) with varying approval policies and sandbox modes for different agent roles
📊 Rich Agent Ecosystem: Ships with starter personas for code review, debugging, security auditing, performance analysis, documentation, and accessibility
🔄 Zero Fluff Philosophy: Single delegate tool with minimal attack surface, avoiding complex orchestrators while maintaining simplicity through

Towards Verified Code Reasoning by LLMs
Meghana Sistla, Gogul Balakrishnan, Pat Rondon, Jos\'e Cambronero, Michele Tufano, Satish Chandra
https://arxiv.org/abs/2509.26546 ht…

Towards Verified Code Reasoning by LLMs
While LLM-based agents are able to tackle a wide variety of code reasoning questions, the answers are not always correct. This prevents the agent from being useful in situations where high precision is desired: (1) helping a software engineer understand a new code base, (2) helping a software engineer during code review sessions, and (3) ensuring that the code generated by an automated code generation system meets certain requirements (e.g. fixes a bug, improves readability, implements a featur…

Vibe Coding in Practice: Motivations, Challenges, and a Future Outlook -- a Grey Literature Review
Ahmed Fawz, Amjed Tahir, Kelly Blincoe
https://arxiv.org/abs/2510.00328 https:…

Vibe Coding in Practice: Motivations, Challenges, and a Future Outlook - a Grey Literature Review
AI code generation tools are transforming software development, especially for novice and non-software developers, by enabling them to write code and build applications faster and with little to no human intervention. Vibe coding is the practice where users rely on AI code generation tools through intuition and trial-and-error without necessarily understanding the underlying code. Despite widespread adoption, no research has systematically investigated why users engage in vibe coding, what they…

Vibe Coding for UX Design: Understanding UX Professionals' Perceptions of AI-Assisted Design and Development
Jie Li, Youyang Hou, Laura Lin, Ruihao Zhu, Hancheng Cao, Abdallah El Ali
https://arxiv.org/abs/2509.10652

Vibe Coding for UX Design: Understanding UX Professionals' Perceptions of AI-Assisted Design and Development
Generative AI is reshaping UX design practices through "vibe coding," where UX professionals express intent in natural language and AI translates it into functional prototypes and code. Despite rapid adoption, little research has examined how vibe coding reconfigures UX workflows and collaboration. Drawing on interviews with 20 UX professionals across enterprises, startups, and academia, we show how vibe coding follows a four-stage workflow of ideation, AI generation, debugging, and review. Thi…

iCodeReviewer: Improving Secure Code Review with Mixture of Prompts
Yun Peng, Kisub Kim, Linghan Meng, Kui Liu
https://arxiv.org/abs/2510.12186 https://arx…

iCodeReviewer: Improving Secure Code Review with Mixture of Prompts
Code review is an essential process to ensure the quality of software that identifies potential software issues at an early stage of software development. Among all software issues, security issues are the most important to identify, as they can easily lead to severe software crashes and service disruptions. Recent research efforts have been devoted to automated approaches to reduce the manual efforts required in the secure code review process. Despite the progress, current automated approaches…

GitHub's Copilot Code Review: Can AI Spot Security Flaws Before You Commit?
Amena Amro, Manar H. Alalfi
https://arxiv.org/abs/2509.13650 https://arxiv.…

GitHub's Copilot Code Review: Can AI Spot Security Flaws Before You Commit?
As software development practices increasingly adopt AI-powered tools, ensuring that such tools can support secure coding has become critical. This study evaluates the effectiveness of GitHub Copilot's recently introduced code review feature in detecting security vulnerabilities. Using a curated set of labeled vulnerable code samples drawn from diverse open-source projects spanning multiple programming languages and application domains, we systematically assessed Copilot's ability to identify a…

CodeFuse-CR-Bench: A Comprehensiveness-aware Benchmark for End-to-End Code Review Evaluation in Python Projects
Hanyang Guo, Xunjin Zheng, Zihan Liao, Hang Yu, Peng DI, Ziyin Zhang, Hong-Ning Dai
https://arxiv.org/abs/2509.14856

CodeFuse-CR-Bench: A Comprehensiveness-aware Benchmark for End-to-End Code Review Evaluation in Python Projects
Automated code review (CR) is a key application for Large Language Models (LLMs), but progress is hampered by a "reality gap": existing benchmarks evaluate models on isolated sub-tasks using simplified, context-poor data. This fails to reflect the holistic context-rich nature of real-world CR. To bridge this gap, we introduce CodeFuse-CR-Bench, the first comprehensiveness-aware benchmark for repository-level CR evaluation. CodeFuse-CR-Bench comprises 601 high-quality instances from 70 Python pr…

Intuition to Evidence: Measuring AI's True Impact on Developer Productivity
Anand Kumar, Vishal Khare, Deepak Sharma, Satyam Kumar, Vijay Saini, Anshul Yadav, Sachendra Jain, Ankit Rana, Pratham Verma, Vaibhav Meena, Avinash Edubilli
https://arxiv.org/abs/2509.19708

Intuition to Evidence: Measuring AI's True Impact on Developer Productivity
We present a comprehensive real-world evaluation of AI-assisted software development tools deployed at enterprise scale. Over one year, 300 engineers across multiple teams integrated an in-house AI platform (DeputyDev) that combines code generation and automated review capabilities into their daily workflows. Through rigorous cohort analysis, our study demonstrates statistically significant productivity improvements, including an overall 31.8% reduction in PR review cycle time. Developer adop…

VulAgent: Hypothesis-Validation based Multi-Agent Vulnerability Detection
Ziliang Wang, Ge Li, Jia Li, Hao Zhu, Zhi Jin
https://arxiv.org/abs/2509.11523 https://

VulAgent: Hypothesis-Validation based Multi-Agent Vulnerability Detection
The application of language models to project-level vulnerability detection remains challenging, owing to the dual requirement of accurately localizing security-sensitive code and correctly correlating and reasoning over complex program context. We present VulAgent, a multi-agent vulnerability detection framework based on hypothesis validation. Our design is inspired by how human auditors review code: when noticing a sensitive operation, they form a hypothesis about a possible vulnerability, co…