Sure - that's always valid - but now I know I'm no longer interested before having put the legwork in! A cool security project that has been reviewed multiple ways already is one thing, a C project nobody else (even the author) was very involved with is another. I don't need to put the legwork in on this codebase to know it's not worth putting the manual legwork in for because I can already get such unverified things out of AI the same as the author, so i'd just review my projects the same as you'd review yours. That's what the proxy provided, not an override of an actual review.
That's the spirit. I was thinking about this that you are saying in general, and agents now make for a case that it's often better for you to rollout your own specialized solution than to adopt a more generic project, so it's really important to know when not to waste time with a project like this.
I am currently doing DevOps work describing a legacy infrastructure as code and instead of buying into a paid or opensource tool, it's nicer for me to roll out my own because even though the task isn't trivial, I can custom tailor the solution exactly to how I'm going to use it to conduct the project.
I can't wait until the really good auditing tools are so cheap we can just run them on everything we see! It's justifiable for work projects but not "fun" yet for me :/
I got lucky I think, in which the workflow of using agents is quite fun and addictive for me. But to audit anything you need a basic level of understanding of the underlying architecture, because we aren't there yet to just leave the agent working unattended and have plausible results, so any audit requires careful human involvement.
It's just that... Take this tiny project of mine I did for the fun of it https://gitlab.com/gabriel.chamon/thoracic-atlas-viewer. Basically went to an online interactive thoracic atlas and saw that the files were 404ing for download, but the visualization worked, so I gathered evidence and asked the agent to rebuild the archive for me. I still need to hack together an offline viewer, but it's amazing how much you can do just by having a general idea of what you need to do.
Yeah, it's more about having a better 0 effort proxy than replacing the need for other audits after (from the ones I've messed with at least).