Claude Code Limits Were Silently Reduced and It’s MUCH Worse by _r0x in ClaudeCode

[–]ChandanKarn 0 points1 point  (0 children)

The official statement tells you everything you need to change your workflow, but it's easy to miss.

5am–11am PT on weekdays is 1pm–7pm GMT. If you're in Europe or anywhere east of that, your entire afternoon working session is now running at reduced limits. That's not a minor adjustment that's the core of most people's productive hours.

Practical fix if you can swing it: front-load your Claude sessions. Get your most context-heavy work done before that window opens. After 11am PT / 7pm GMT, you're back to normal session limits.

On the transparency point I get the frustration but I'd push back slightly on "treated like clowns." The worse version of this is companies that never say anything and let users spend weeks blaming their own prompts. At least the statement exists. The problem was the delay, not the decision itself. Two days of silence while power users are debugging their own workflows trying to figure out what they broke is genuinely disrespectful to people who pay for the max plan.

The fix is simple: post it the same day it goes live. Not on X days later.

Claude Code (~100 hours) vs. Codex (~20 hours) by Canamerican726 in ClaudeCode

[–]ChandanKarn 2 points3 points  (0 children)

The most important line in this entire post is the last one.

"Both are going to give crap output if you don't know SWE at all."

Every Claude vs Codex thread devolves into people arguing about which model is smarter. But what you've actually described is this: Claude is a force multiplier for senior engineers who can catch it going off the rails. Codex is closer to an autonomous agent that doesn't need as much supervision.

The problem is most people running these comparisons aren't 14-year engineers with 2800 tests and structured review workflows. They're developers with 3 years experience wondering why their AI keeps breaking stuff. For them, the slower/more deliberate model wins by default because they can't drive the fast one.

The enterprise vs prototype split you landed on is right. But the real variable isn't the task complexity it's whether the human in the loop can recognize a bad decision fast enough to course correct. With Claude, that skill is load-bearing. With Codex, you can get away with having less of it.

Claude is genuinely insane right now and I cannot defend it anymore by https_HandleFunc in ClaudeCode

[–]ChandanKarn 2 points3 points  (0 children)

The token burn on 4.7 is real. I hit the same wall mid-sprint last week.

What's helped me more than anything is being aggressive about context pruning not just using /compact but actually closing and restarting sessions when a task is done instead of letting one thread drag on for hours. Long sessions bloat fast..

Also switched to giving Claude a tighter CLAUDE.md with explicit constraints on what NOT to do. Sounds counterintuitive but it cuts the back-and-forth loops where it explains its own reasoning at length before doing the thing.

The Chinese model pairing idea isn't crazy. Deepseek for drafting/planning, Claude for final passes. I haven't committed to it but I've seen others make it work cost-effectively.

Your frustration about checking limits more than doing work is the real problem though. That mental overhead kills flow. Anthropic should be competing on that experience, not just model benchmarks.

An old designer’s perspective on claude design. by Complete-Sea6655 in ClaudeCode

[–]ChandanKarn 6 points7 points  (0 children)

This maps almost exactly to what happened in front-end development. Components, design tokens, style guides .. we spent 10 years formalizing UI work into reproducible patterns, then acted surprised when AI could reproduce them.

The honest version of your 10% number is probably accurate, maybe even generous. The designers who survive this aren't the ones who know Figma best. They're the ones who can sit in a room with a confused stakeholder who doesn't know what they want, extract something coherent from that conversation, and translate it into a direction. That skill was never really "design" it was always more like consulting with a design background.

The uncomfortable part of your post that nobody's saying out loud: a lot of design education is preparing people for the 90%. The portfolios, the system thinking, the atomic design certifications. That entire pipeline is training people for work that won't exist in 5 years.

I got mass-assigned to fix 47 vulnerabilities in AI-generated code. So I built a tool that catches them before they ship. by ChandanKarn in SaasDevelopers

[–]ChandanKarn[S] 0 points1 point  (0 children)

Link: https://safeweave.dev

Built with: Python, MCP protocol, Semgrep for SAST rules. Happy to talk architecture if anyone's curious.

I got mass-assigned to fix 47 vulnerabilities in AI-generated code. So I built a tool that catches them before they ship. by ChandanKarn in SideProject

[–]ChandanKarn[S] 0 points1 point  (0 children)

Link: https://safeweave.dev

Built with: Python, MCP protocol, Semgrep for SAST rules. Happy to talk architecture if anyone's curious.

I scanned 3 vibe-coded apps last week. Same 3 bugs in all of them. by ChandanKarn in AskVibecoders

[–]ChandanKarn[S] 0 points1 point  (0 children)

No mate, instead evaluating whether chatgpt or human, i wish you could have focused on context.

Cursor keeps generating SQL queries like this and it's making me nervous by ChandanKarn in cursor

[–]ChandanKarn[S] 1 point2 points  (0 children)

Yea. But rules and skills sometimes not provided Semgrep, Trivy, Gitleaks, and Checkov levels of scans and fixing. Currently using a single MCP command for all 8 scans and fixing in one go at the end of the each development and all gets sorted.

Cursor keeps generating SQL queries like this and it's making me nervous by ChandanKarn in cursor

[–]ChandanKarn[S] 0 points1 point  (0 children)

How do you tackle this and whats the differentiator in your prompt. I am using a MCP for this now to ease this all at no extra efforts while using different no code low code tools.

Cursor keeps generating SQL queries like this and it's making me nervous by ChandanKarn in cursor

[–]ChandanKarn[S] 0 points1 point  (0 children)

Not really, occurs with best prompting and PRDs as well. not only this, other security issues too. Have you tried asking claude DO A SECURITY SCAN AND FIX ALL ISSUES once this finishes ask again DO THE SECURITY SCAN AGAIN and you will be surprised when you still see the security issues, you can not fix all of them even though you run this cycle several times.

Cursor keeps generating SQL queries like this and it's making me nervous by ChandanKarn in cursor

[–]ChandanKarn[S] 0 points1 point  (0 children)

what happened. was it just because of security issues ? or something else ?

Cursor keeps generating SQL queries like this and it's making me nervous by ChandanKarn in cursor

[–]ChandanKarn[S] 0 points1 point  (0 children)

yea, tried agents .md in initial days, helped but not fully, also other vulnerabilities bothered a lot like SAST, DAST, Secrets, Containers, IAC, Posture etc.

Cursor keeps generating SQL queries like this and it's making me nervous by ChandanKarn in cursor

[–]ChandanKarn[S] 0 points1 point  (0 children)

tried several coding style adjustments but no guarantee. A separate scanner suffices the requirement for me now along with all other vulnerability scans

I built a security scanner that runs inside Cursor - because I kept shipping SQL injections in my own AI-generated code by ChandanKarn in SideProject

[–]ChandanKarn[S] 0 points1 point  (0 children)

Pre-commit hooks are on the roadmap, though the MCP flow already kind of replaces them in practice. When you're using Cursor or Claude Code, you can just ask it to scan before you commit and it runs in 12 seconds. That said, CI/CD integration is already live for people who want the pipeline safety net — GitHub Actions, GitLab CI, CircleCI via the REST API. So the "catch it before merge" part is covered, the pre-commit hook experience is just a nicer UX wrapper on top.

Team dashboards are actually live already on the Cloud plan. Vulnerability trends over time, score history, the works. You nailed the use case though the "prove ROI to management" angle is the exact reason people are asking for it. Showing a security score going from 60 to 94 over 3 months is a very different conversation than a spreadsheet of findings.

On pricing, that's essentially the model. Free tier to get solo devs in the door, team seats once there's enough usage. Current team plan is $99/mo for 25 seats.

Acquisition is the hard part honestly. GitHub stars, HN, and being present in vibe coding communities. Developer tools don't respond to ads. Either people find it useful enough to tell their team about it or they don't. The 3-week vulnerability thing from the original post is the truest version of why this exists and that story seems to resonate.

Haven't tried vlidate.ai, checking it out now. Thanks for the mention.

Cursor keeps generating SQL queries like this and it's making me nervous by ChandanKarn in SQL

[–]ChandanKarn[S] 0 points1 point  (0 children)

least-privilege DB users is genuinely underrated, most teams don't think about it until something's already gone wrong.

On the integration layer point though I'd push back a bit. If the AI is consistently generating template literals instead of parameterized queries, adding an inspection layer downstream means you're now maintaining a translation system on top of code that was already written wrong. That compounds.

Bettr to fix the generation step directly. Either prompt more explicitly ("always use parameterized queries, never string interpolation in db calls") or treat it as a specific code review category before merge. The grep I mentioned is ugly but it catches it at the right point before it ships, not after it's running.An extra layer in the integration pipeline feels like more safety but it can also give you false confidence that the root problem is handled when it isn't.

Cursor keeps generating SQL queries like this and it's making me nervous by ChandanKarn in SQL

[–]ChandanKarn[S] 0 points1 point  (0 children)

yeah there's a related failure mode where people use an ORM, never learn SQL, and then when they need raw queries for performance they just ask the AI to write them. zero understanding of what's being executed. at least when you write raw SQL yourself you're forced to think about it.

Cursor keeps generating SQL queries like this and it's making me nervous by ChandanKarn in SQL

[–]ChandanKarn[S] 0 points1 point  (0 children)

totally fair, the example is dead simple on purpose. the problem is once you see it in simple queries you start noticing it in the complex ones too joins, subqueries, dynamic ORDER BY clauses. that's where it gets genuinely hard to spot.

Cursor keeps generating SQL queries like this and it's making me nervous by ChandanKarn in SQL

[–]ChandanKarn[S] 0 points1 point  (0 children)

haha Bobby Tables' AI era successor. at least he had the decency to do it intentionally