Experience with my website project.

[MoonieGZ]

I've moved our discussion here to avoid cluttering someone else's closed issue.

I'm currently using this tool with Cursor (and a preference for the GPT-5 model) to develop my personal website. The project involves building tools for Genshin Impact and Wuthering Waves, as well as some social features. This is my first time working with Next.js (and actually feeling like I understand something).

The tool has already been incredibly helpful, particularly in highlighting a vulnerability with my WebSocket usage for a multiplayer lobby system. It's now auditing my SQL queries, and while I'm seeing some potential false positives due to existing parameterization and validation, I appreciate the thoroughness. As a newcomer to auditing tools, I'd much rather have alerts to review than miss a potential issue.

My main question is whether aud full is the most effective command to use by my AI Agent. I'm still learning the distinctions between the individual tasks and the documentation hasn't fully clarified it for me. The full command takes 30-40 minutes to run on a 7900X3D, which seems quite long. Any insight would be greatly appreciated!

And again, thank you so much for this tool, it's looking great so far!

[TheAuditorTool]

Hello! Been so focused on v1.2 that i totally missed this, sorry!
I would say it depends on what you are working with and why. You can run everything seperatly that is in the aud full pipeline.
I havent tested it fully but should be able todo a aud workset --diff and update what you have been working on so it "clears the list" so to speak. Again, not tested it fully but --diff also (should lol) work with git diffs as well and with the new git churn in v1.2 you will be able to locate what files are most commonly coded on, helping you spot hot zones of potentially problematic files.

v1.2 also has about 100% performance increases, so if it took you 30-40 minutes before? it should take you 5-15 once v1.2 is released (you can test it already on the v1.1 branch. Middle of the rules ast refactor where the biggest performance gain comes from after the in memory taint analysis.

I've moved our discussion here to avoid cluttering someone else's closed issue.

I'm currently using this tool with Cursor (and a preference for the GPT-5 model) to develop my personal website. The project involves building tools for Genshin Impact and Wuthering Waves, as well as some social features. This is my first time working with Next.js (and actually feeling like I understand something).

The tool has already been incredibly helpful, particularly in highlighting a vulnerability with my WebSocket usage for a multiplayer lobby system. It's now auditing my SQL queries, and while I'm seeing some potential false positives due to existing parameterization and validation, I appreciate the thoroughness. As a newcomer to auditing tools, I'd much rather have alerts to review than miss a potential issue.

My main question is whether aud full is the most effective command to use by my AI Agent. I'm still learning the distinctions between the individual tasks and the documentation hasn't fully clarified it for me. The full command takes 30-40 minutes to run on a 7900X3D, which seems quite long. Any insight would be greatly appreciated!

And again, thank you so much for this tool, it's looking great so far!

Hello! Been so focused on v1.2 that i totally missed this, sorry!
I would say it depends on what you are working with and why. You can run everything seperatly that is in the aud full pipeline.
I havent tested it fully but should be able todo a aud workset --diff and update what you have been working on so it "clears the list" so to speak. Again, not tested it fully but --diff also (should lol) work with git diffs as well and with the new git churn in v1.2 you will be able to locate what files are most commonly coded on, helping you spot hot zones of potentially problematic files.

v1.2 also has about 100% performance increases, so if it took you 30-40 minutes before? it should take you 5-15 once v1.2 is released (you can test it already on the v1.1 branch. Middle of the rules ast refactor where the biggest performance gain comes from after the in memory taint analysis.

In the end? it boils down to what you are working on at that time. The system is meant to be modular that way but --help havent really caught up, will get to that after all the rules refactor nightmare :D

[TheAuditorTool]

@MoonieGZ Been thinking about this last couple hours and i think the best approach is that you give me some usage examples that you want or a specific workflow that you want. I have no idea how you work or you approach things but if it makes sense? Ill be more than happy to iterate and improve on the app.
For you and anyone reading this? Im more than happy, excited even if you come with suggestions, it will just potentially make it better for everyone.
That said? Im not going to incorporate anything, its on my discretion for what i think works or doesnt work or maybe I just dont want to but in 9/10 cases? if it makes sense? I will add it, so dont be afraid to ask :)