← Back to library

Transcript: The EXACT Tools That Make Your AI Apps 10x Safer

Watch video

Robin Ebers14m 54sTranscript ✅Added May 15, 12:40 am GMT+8

Source video ID: MlMXUhKL7OY

Transcript

  • 0:00 — If you’re using AI to build your apps and you’re not sure if the code that you’re producing is actually safe enough to ship, then you’re not alone. I have helped over 300 non-technical business owners ship their apps, and the ones that sleep at night are the ones that follow the exact process that I will show you in this video. It’s a super simple setup and it finds the type of stuff that you would never find on your own, even if you ask your AI to review it. And I’m going to show you how to set it up in just a few minutes, and at the end I’m even going to give you an AI skill that automates most of this for
  • 0:30 — you. So, how do we actually do this? Well, we first have to understand the real problem that you have right now. So, you’ve built something with AI, but you don’t know how to read code, and you have zero way of knowing if the code that your AI just generated is safe to ship. It’s kind of like hiring a contractor to build your house, but they speak a different language than you. When they deliver that house to you, it might look beautiful. Even you walk in and you really, really like it, but there’s only one problem. You are not really sure if the electric wiring inside will burn your house down if you’re not careful. That is exactly
  • 1:01 — where AI code reviewers come in, because they are specially built tools that read every single line of code for you and then figure out if there’s any security issues or optimizations that you should definitely do before you ship that code. But how does this actually work? Well, let me show you so you can finally stop guessing. Most people build life in their main code base, which is kind of crazy, because that means that there is no separation between the stuff that they’re experimenting with and the stuff
  • 1:32 — that is already live with their customers. It’s kind of like editing a Google Doc after you have sent the link to people, because now if you’re editing the same one and you’re not careful, and you’re making some mistake while editing it, everyone around the world can see it at the same time. So, what you really have to do is create a branch, and if you don’t know what GitHub is or how to use it, I have another video on the channel that I’ll link somewhere here that you should definitely watch first. Because how this really works is that you create a copy or a Git branch off your project and then you work there,
  • 2:04 — which is kind of like taking a copy of that Google Doc document and editing it in a safe place before you bring the changes back into the main one. Because that way the live version that everyone can see stays untouched until you’re sure that the changes that you’re making are actually safe for everyone. Next, let me show you the two AI code reviewers that I use every single day. And I’ve tested a lot of them, so these are really worth it. So, you know you need something to check your AI generated code. But the problem is that
  • 2:35 — there are so many. There’s literally hundreds of these AI code reviewers out there. But the two that I use the most are Cursors BuckPo, which is amazing. It is literally an all you can eat. You pay for it and then you have unlimited usage for however many reviews you need. But, of course there’s a but. You also need a Cursor subscription and BuckPo is not cheap. I think right now it costs about $40 for BuckPo. Hold on, hold on, hold
  • 3:06 — on. Because this is Rob from the future. And of course, just after I finished this video, it turned out that Cursor changed their BuckPo pricing. And here’s what you need to know. First things first, BuckPo is still worth it, but you have to be fast because as of today they have this little alert in their dashboard when you log in saying that the that the BuckPo pricing switches to usage billing, which is basically what Cursor does and what every other AI tool in existence will soon do. Instead of subsidizing it into oblivion, you now
  • 3:36 — have to pay for what you use. And in my case, that is pretty stunning, but it gets worse. Wait for it. I currently pay $40 a month and in the future, because I will auto review a lot of things, it would cost me $554.40, which is pretty outrageous, right? But, the problem is that Cursor is just passing on, maybe with a little markup, the real cost. So, this gives you an idea of how bad it has gotten, and I’m not even remotely the worst. There’s a
  • 4:08 — guy on X who says » [laughter] » he would now pay, instead of $40, $3,573.60, which is absolutely insane. But, there’s good news, because if you go to the website right now, and you like Blackbox, and you use Cursor anyway, then until June 14th, well, on June 14th is too late, so until June 13th, you can upgrade to a 1-year Pro, for example, including Blackbox, locking in the price
  • 4:39 — for about what, like $720 a year or something like this, which will be nothing in the grand scheme. So, if you are making use of Blackbox, this is the play. But, now, back to the video. But, if you’re not a fan of Cursor, or you don’t have a Cursor subscription already, then the next best thing, and maybe, I’m still in the testing phase. I’ve tested it for a few months now, but it is really good, is Cubic. Cubic is a relatively new contender, but they’re really, really good. In fact, they’re so good that in the AI unbiased open-source
  • 5:12 — benchmark for code review agents, my god, what be are these names? It ranks number one. I think you have to take this with a grain of salt, because there are two modes. There’s a normal mode and a high mode inside of Cubic. I use it on high. It is slower. They are generally really slow, and will get there, but it is so good, and so I run both of them side by side. The pricing for Cubic is also way more attractive, because it is just $30 a month, and you get a 14-day trial. You don’t need any other
  • 5:43 — subscription for it, so I highly recommend you definitely check it out. In fact, I have links for both of them in the description down below, but Cubik you get I think an extra week like 21 day trial if you’re signing up through my link, but you don’t have to. I really don’t care, but I highly recommend that you try it out anyway. Don’t even ask me about the other code reviewers because as I said, I’ve tested all of them and these are the two that performed the best for me throughout four months. So we got Bugout and Cubik, but how do we actually set this up? So here’s the thing. I actually have a case right now
  • 6:13 — where I need to use this very workflow because I have built myself a software that actually I use to record YouTube videos like this, which is pretty crazy. I don’t know anything about the language that I’ve used, but it took me about a week and now I’m like I’m literally recording YouTube videos on it. It’s pretty wild. So I have made some changes inside this code base and as you can see here, there’s about almost 600 lines of code added and 300 removed. I’m not going to look through this It’s
  • 6:43 — 2026. So in we going to use something called a pull request, which is GitHub’s terminology of kind of thinking going back to the Google Doc. Let’s say you have one Google Doc that you have sent to your clients. And now instead of editing this one, you’re just making a revision of it or clone of it. You copy it, you duplicate it and you make all the changes that you want there. In GitHub terms, this is called a branch. So first you create a branch, which is a
  • 7:13 — copy of your code base and then you make all your changes right there. Then when you’re done, you’re creating what is called a pull request. The pull request is sort of comparing the two documents on screen next to each other. On the left side, you might have the original document and on the right side, you have the updated document. And then between them, you have something that GitHub or developers would call a diff, the difference in like lines of code. And
  • 7:43 — that, by the way, is exactly what you see up here. So, you see all the green lines, they are brand new code, and all the orange lines, they are deleted code. In a total, there’s almost 600 added and just over 300 lines removed. This is the difference between the two documents, the original and the one you have edited. And that’s exactly what we need for these AI code reviewers. So, this is CodeX, but it really works the same in every single app. So, what I’m just say here is, “Okay, amazing. Let’s create a
  • 8:14 — pull request back into the main repository. And let me know when it’s done.” This is not how I would usually do it, and I’ll show you in a minute what I mean. But, now CodeX, and again, you can do this with Cursor, with Droid, with Cloud Code, it really doesn’t matter. It works the same everywhere as long as you have GitHub set up for, again, somewhere I have a video here and in the description down below. Depending on what model you use, this might take 10, 20 seconds, but then
  • 8:44 — it will have created a pull request for you, and I’m going to show you what this looks like. And just like that, you can see that CodeX actually created the pull request right here. And when you click on it, it opens in GitHub, which is the free platform that you’ll learn about in the other video that I keep mentioning. And all you can see here is some auto-generated summary, a title, and everything that has changed, essentially. And from here, you have two choices. Number one, you can do all of this manually, which, let’s be honest, would be a pain in the ass because these
  • 9:14 — code reviewers typically take about I would argue on average about 12 minutes. They run simultaneously, so Cubic and Backboard, they will run at the same time, but it will take like 10 to 15 minutes on average for a single review turn. So, this takes a lot of time. But, what if you could automate this? And that’s exactly what we’re going to do because I built an AI skill that you can download for free. You heard that right. That automates this, and I’m using it 10 15 times a day.
  • 9:45 — Because here is how this would usually work. First, you create the pull request, then you mark it as ready for review, then the the AI reviewers that you have set up would run it. They would give you feedback. You would have to copy this feedback back into your AI agent, and it would be a a pain in the ass to just do this and again and again. These review cycles, typically depending on the size of the changes that you have made, the smaller the better by the way, but they would usually take about up to
  • 10:16 — like an hour if you’re unlucky, maybe more. So, I created this skill called /shepherd. And what this does, it it automates all of this. So, you’re going to see this now. I’m going to execute this, and it’s available for CodeX, Cursor. It’s literally just an AI skill, so it will work in every single AI agent out there. And you can see here, okay, cool. I have shepherd PR or I will shepherd PR number 12 to merge ready. So, right now it has marked it as ready to be reviewed, and
  • 10:47 — you can immediately see right here, bam. Just like that, Cubic and Cursor Backboard immediately started reviewing without you doing anything. And while they review, which like I said, will take a lot of time, let me explain how this actually happened. Because when you set up an account with Backboard or with Cubic or with any of the other many, many code reviewers out there, they will ask you to connect your GitHub account to their service. You only have to do this one time, and then they will
  • 11:17 — auto-review every single pull request that you create without you doing anything else. But the way that the shepherd skill works is it will do this automatically. So, if you haven’t created a pull request yet, it will do that for you. If you haven’t marked the pull request as ready for review, it will do this for you. If you haven’t pushed all the latest changes to this pull request, to this GitHub branch, then it will do this for you. It will do everything for you automatically. Then, and that’s where the magic really
  • 11:47 — happens, and trust me when I say this is magic because I’m using it so much every single day, it will automatically run these like review loops for you. So, it will go every minute or two, as you can see right here for example, if it’s still waiting, it will run these loops for you by asking GitHub, “Hey, what is the status of Qubic, Cursor, Backboard, or any other reviewer that you have running?” And then it will force it to wait until they have finished. Once they have finished, it will automatically
  • 12:17 — fetch the comments from this pull request, and then go through the mandatory changes on its own. You might ask yourself, “What is mandatory?” Well, the AI reviewers will usually categorize your issues. They will have like super high critical issues, which happens rarely, high issues, medium issues, and low issues. And the way that I have set it up is that, as a general rule, only fix medium and above, so because otherwise it will just keep finding things, unless there are some exceptions
  • 12:47 — where I also ask it to fix the low things. But of course, if you want to, you can just say, “{slash} shepherd fix everything, even the low issues,” and it will do that, too. I just don’t recommend it because it will double the time, easy. As you can see, it’s been over 5 minutes on both of them, and it just takes some time. So, be patient, but at least you know that you don’t have to keep an eye on it because the AI will do it for you with the Shepherd skill. Okay, it’s been 6 minutes, and Qubic has already finished, which is rare. So, Backboard is still going, and
  • 13:17 — probably still take a bit of time. And here is what you can see would usually happen. So, Qubic posted a couple of comments, and now usually you would have to like copy them and put them into Codium or Cursor or Cloud Code, which would be a pain in the ass because not only do you need to keep track of these, but you also need to then copy them and ask the AI agent to fix them, which again is a pain in the ass. You can really see here that it’s been 8 minutes and Cursor is still going even though Qubite finished in 6 minutes. And I would argue that neither one of them Oh,
  • 13:48 — Cursor just finished. It’s been just over 8 minutes. Okay, it looks like Cursor finished also. It has taken them about 9 minutes for Cursor and Qubite only 6 minutes. So, Backboard took about 50% longer, which unfortunately is pretty normal. And neither one of them in my experience, aside from the benchmarks, is better than the other. They’re both really good. Qubite’s just a little bit faster. And now all we have to do is wait. We’ll just wait for Codium to pick this up because usually at this point you would be out making
  • 14:19 — yourself a coffee or eating lunch or something like that or being on a phone call, whatever, because again, you don’t have to do anything. And Codium has just found out that the reviews are done, so now it is fixing them automatically and this loop will continue until it is ready to be merged. And when it’s all done and dusted, all you have to do is either ask your AI agent to merge it or press this sweet little green button down here. This workflow will literally save you hours every single week. I know it does for me and it’s the exact thing that I teach in my free weekly
  • 14:49 — newsletter for non-technical business owners just like you. Link’s in the description down below.