January 202612 min read

AI Code Assistants Guide

Master AI coding assistants. GitHub Copilot, Cursor, Amazon CodeWhisperer setup, comparison, and best practices for developers.

The AI Coding Revolution

AI code assistants have fundamentally changed software development. From simple autocomplete to intelligent pair programming, these tools now write entire functions, explain complex codebases, and catch bugs before they ship. Understanding how to leverage these assistants effectively is now a core developer skill.

The Business Impact

The productivity gains from AI code assistants are significant and measurable:

| Metric | Average Improvement | |--------|---------------------| | Code Written Per Day | +55% | | Task Completion Time | -35% | | Developer Satisfaction | +75% | | Time Debugging | -25% | | Onboarding Time | -40% |

GitHub Research: Developers using Copilot complete tasks 55% faster on average, with the greatest gains on unfamiliar codebases and languages.

Platform Comparison

GitHub Copilot

The market leader backed by Microsoft and OpenAI.

Capabilities:

Real-time code suggestions
Whole function generation
Natural language to code
Multi-file context awareness
Documentation generation
Test case creation
Code explanation

Supported Environments:

VS Code
JetBrains IDEs
Neovim
Visual Studio
GitHub.com (browser)

Pricing:

| Plan | Price | Features | |------|-------|----------| | Individual | $10/mo | Full features | | Business | $19/user/mo | Org management, security | | Enterprise | $39/user/mo | Fine-tuning, self-hosted |

Best For: Teams already in the GitHub ecosystem, broad language support needs.

Cursor

AI-native code editor built from the ground up for AI assistance.

Capabilities:

Multi-file editing (Composer)
Codebase-aware chat
Built-in terminal with AI
Multiple model support (Claude, GPT-4)
@ mentions for context
Tab completion with preview
Command+K for inline editing

Unique Features:

Apply AI suggestions across multiple files simultaneously
Reference any file with @ mentions
Designed specifically for AI workflows
Faster than plugin-based solutions

Pricing:

| Plan | Price | Features | |------|-------|----------| | Free | $0 | Limited AI requests | | Pro | $20/mo | Unlimited premium requests | | Business | $40/user/mo | Team features, analytics |

Best For: Developers who want AI as a first-class feature, complex multi-file changes.

Amazon CodeWhisperer

AWS-native AI coding assistant.

Capabilities:

Code suggestions
Security scanning
Reference tracking
AWS service integration
Support for 15+ languages

Unique Features:

Built-in security vulnerability scanning
Tracks code that matches training data
Deep AWS SDK knowledge
Free tier for individuals

Pricing:

| Plan | Price | Features | |------|-------|----------| | Individual | Free | Full features, usage limits | | Professional | $19/user/mo | Admin, security, unlimited |

Best For: AWS-heavy teams, security-conscious organizations, budget-conscious individuals.

Codeium

Free AI coding assistant with enterprise options.

Capabilities:

Code completion
Chat interface
Search functionality
70+ languages supported
IDE extensions

Unique Features:

Free for individuals (no usage limits)
Self-hosted option
No data retention on free tier
Trained on permissively licensed code

Pricing:

| Plan | Price | Features | |------|-------|----------| | Individual | Free | Full features | | Teams | $12/user/mo | Admin, analytics | | Enterprise | Custom | Self-hosted, fine-tuning |

Best For: Cost-conscious teams, organizations concerned about code licensing.

Tabnine

Privacy-focused AI completion.

Capabilities:

Code completion
Whole-line suggestions
Natural language to code
Team learning

Unique Features:

Runs locally (no code leaves your machine)
Learns from your codebase
On-premise deployment
GDPR/SOC2 compliant

Pricing:

| Plan | Price | Features | |------|-------|----------| | Starter | Free | Basic completion | | Pro | $12/mo | Full features | | Enterprise | Custom | Self-hosted, private models |

Best For: Highly regulated industries, air-gapped environments, privacy requirements.

GitHub Copilot Deep Dive

Setup Guide

Step 1: Subscribe

Visit github.com/features/copilot
Choose Individual or request Business/Enterprise from admin
Complete payment

Step 2: Install Extension

VS Code:

code

1. Extensions (Ctrl+Shift+X)
2. Search "GitHub Copilot"
3. Install
4. Sign in with GitHub account
5. Authorize application

JetBrains:

code

1. Settings → Plugins
2. Search "GitHub Copilot"
3. Install
4. Restart IDE
5. Authenticate via browser

Step 3: Configure Settings

code

// VS Code settings.json
{
  "github.copilot.enable": {
    "*": true,
    "yaml": false,
    "markdown": true,
    "plaintext": false
  },
  "github.copilot.advanced": {
    "debug.showScores": true,
    "inlineSuggestCount": 3
  }
}

Effective Usage Patterns

Pattern 1: Comment-Driven Development

code

# Function to calculate compound interest
# Parameters: principal, rate (annual), time (years), n (compounds per year)
# Returns: final amount and interest earned as a tuple
def calculate_compound_interest(principal, rate, time, n):
    # Copilot generates implementation

Pattern 2: Example-Driven Generation

code

// Example:
// Input: [1, 2, 3, 4, 5]
// Output: { sum: 15, average: 3, min: 1, max: 5 }
function analyzeNumbers(numbers: number[]): {
  // Copilot understands from example
}

Pattern 3: Test-First Generation

code

def test_user_registration():
    # Test valid registration
    result = register_user("test@example.com", "SecurePass123!")
    assert result.success == True
    assert result.user.email == "test@example.com"

    # Test duplicate email
    result = register_user("test@example.com", "AnotherPass456!")
    assert result.success == False
    assert "already exists" in result.error

# Copilot can now generate the register_user function

Pattern 4: Documentation Generation

code

def process_payment(
    amount: Decimal,
    currency: str,
    customer_id: str,
    idempotency_key: str
) -> PaymentResult:
    """
    # Type cursor here and Copilot generates full docstring

Copilot Chat

Copilot Chat enables conversational interactions:

Explaining Code:

code

/explain

What does this regex do?
^(?=.*[A-Z])(?=.*[a-z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,}$

Fixing Errors:

code

/fix

This code throws "TypeError: Cannot read property 'map' of undefined"

const items = data.results.map(item => item.name);

Generating Tests:

code

/tests

Generate unit tests for this function:

function validateEmail(email: string): boolean {
  const regex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
  return regex.test(email);
}

Refactoring:

code

/refactor

Make this code more maintainable and add error handling:

async function fetchData() {
  const res = await fetch(url);
  const data = await res.json();
  return data.items.filter(i => i.active);
}

Cursor Deep Dive

Setup Guide

Step 1: Install Cursor

Download from cursor.sh
Install for your platform
Launch and import VS Code settings (optional)

Step 2: Configure AI Models

code

Settings → Models
├── Default: Claude 3.5 Sonnet (recommended)
├── Fallback: GPT-4
├── Fast: GPT-3.5 Turbo
└── Custom: Add API keys for direct access

Step 3: Set Up Codebase Indexing

code

Settings → Features → Codebase Indexing
├── Enable automatic indexing
├── Configure ignored patterns
└── Set refresh frequency

Key Features

Composer (Multi-File Editing)

Composer allows AI to edit multiple files in a single operation:

code

Command: Cmd+I (Mac) / Ctrl+I (Windows)

Prompt: "Add authentication middleware to all API routes
and create a new auth service file"

Cursor will:
1. Analyze your codebase structure
2. Create src/services/auth.ts
3. Modify src/routes/api.ts
4. Update src/middleware/index.ts
5. Show unified diff for review

@ Mentions for Context

Reference specific files, symbols, or documentation:

code

Chat prompt with context:

"@users.ts @auth.ts How do I add role-based access control
to the getUser function? Use the same pattern as @orders.ts"

Available @ mentions:

@filename - Include file content
@symbol - Reference function/class
@folder - Include directory structure
@docs - Search documentation
@web - Search the web
@codebase - Search entire project

Tab Completion with Preview

Cursor shows predicted completions with full preview:

code

Type: function calculate
Tab preview shows complete implementation
Tab again to accept

Command+K Inline Editing

Edit code inline with natural language:

code

1. Select code block
2. Press Cmd+K
3. Type: "add error handling and logging"
4. Review changes
5. Accept or modify

Cursor Rules

Create .cursorrules file for project-specific AI behavior:

code

# Project Coding Standards

## Language & Framework
- This is a Next.js 14 project with TypeScript
- Use App Router patterns exclusively
- Prefer Server Components where possible

## Code Style
- Use functional components only
- Prefer named exports over default exports
- Use Tailwind CSS for styling
- Follow Airbnb ESLint rules

## Patterns
- Use React Query for server state
- Use Zustand for client state
- Follow the repository pattern for data access
- Place shared types in src/types/

## Naming Conventions
- Components: PascalCase (UserProfile.tsx)
- Hooks: camelCase with 'use' prefix (useAuth.ts)
- Utils: camelCase (formatDate.ts)
- Constants: UPPER_SNAKE_CASE

## Testing
- Write tests for all new components
- Use React Testing Library
- Aim for 80% coverage on critical paths

Amazon CodeWhisperer Setup

Individual Setup

Step 1: Create AWS Builder ID

Visit aws.amazon.com/codewhisperer
Click "Get started free"
Create AWS Builder ID (no AWS account needed)

Step 2: Install Extension

VS Code:

code

1. Extensions marketplace
2. Search "AWS Toolkit"
3. Install
4. Open AWS Toolkit panel
5. Click "CodeWhisperer: Start"
6. Authenticate with Builder ID

JetBrains:

code

1. Settings → Plugins
2. Install "AWS Toolkit"
3. Tools → AWS → CodeWhisperer
4. Sign in with Builder ID

Professional Setup (Organization)

Step 1: Enable in AWS IAM Identity Center

code

AWS Console → IAM Identity Center → Applications
├── Add application
├── Select CodeWhisperer
├── Configure user access
└── Set up groups

Step 2: Configure Profile

code

// AWS config
[profile codewhisperer]
sso_session = my-sso
sso_account_id = 123456789012
sso_role_name = CodeWhispererUser
region = us-east-1

Security Scanning

CodeWhisperer includes built-in security scanning:

code

Enable: AWS Toolkit → CodeWhisperer → Run Security Scan

Scan Results:
├── Vulnerability type
├── Severity (Critical/High/Medium/Low)
├── Affected code location
├── Remediation suggestions
└── CWE reference

Common Detections:

SQL injection vulnerabilities
Cross-site scripting (XSS)
Hardcoded credentials
Insecure cryptography
Resource leaks

Reference Tracking

CodeWhisperer can identify code that matches training data:

code

Settings → CodeWhisperer → Reference Tracking

Options:
├── Show references: Display attribution
├── Block with references: Don't suggest matching code
└── Allow all: No restrictions

Best Practices

Prompt Engineering for Code

Be Specific About Requirements:

code

# Bad: sort the list
# Good: Sort users by last_login descending, then by name ascending
# Handle None values by placing them at the end
def sort_users(users: list[User]) -> list[User]:

Provide Types and Constraints:

code

// Specify types explicitly
interface SearchParams {
  query: string;
  page: number;      // 1-indexed
  limit: number;     // max 100
  sort: 'relevance' | 'date' | 'popularity';
}

// AI generates better code with clear types
function search(params: SearchParams): Promise<SearchResult> {

Include Edge Cases:

code

# Parse user input to integer
# Handle: empty string, whitespace, non-numeric, overflow
# Return None for invalid input
def safe_parse_int(value: str) -> int | None:

Security Considerations

Review Generated Code:

code

# AI-generated database query - REVIEW FOR SQL INJECTION
def get_user(user_id: str):
    # ✗ Dangerous - AI might generate this
    query = f"SELECT * FROM users WHERE id = '{user_id}'"

    # ✓ Safe - Always use parameterized queries
    query = "SELECT * FROM users WHERE id = %s"
    cursor.execute(query, (user_id,))

Don't Trust Blindly:

code

// AI suggestion - verify the logic
function isAdmin(user: User): boolean {
  // AI might suggest simplified logic
  // Always verify authorization patterns
  return user.role === 'admin';
}

// Better: centralized authorization
function isAdmin(user: User): boolean {
  return authorizationService.checkPermission(user, 'admin');
}

Protect Sensitive Data:

code

# Never let AI see real credentials
# Use environment variables
import os

# ✗ Bad - credential in code
api_key = "sk-1234567890abcdef"

# ✓ Good - environment variable
api_key = os.environ.get("API_KEY")

Productivity Patterns

Learn the Shortcuts:

| Action | VS Code | Cursor | JetBrains | |--------|---------|--------|-----------| | Accept suggestion | Tab | Tab | Tab | | Next suggestion | Alt+] | Alt+] | Alt+] | | Previous suggestion | Alt+[ | Alt+[ | Alt+[ | | Dismiss | Esc | Esc | Esc | | Open chat | Ctrl+I | Cmd+L | Alt+\ | | Inline edit | - | Cmd+K | - |

Build Muscle Memory:

code

Daily Practice:
1. Write clear comments before functions
2. Use chat for explanations, not Google
3. Generate tests with /tests command
4. Refactor with natural language
5. Review and understand all suggestions

Combine with Other Tools:

code

Effective Workflow:
1. Design with AI chat (architecture discussion)
2. Implement with code completion
3. Test with AI-generated test cases
4. Review with AI explanations
5. Document with AI docstrings
6. Deploy with standard CI/CD

Team Adoption

Rollout Strategy

Phase 1: Pilot (Week 1-2)

Select 3-5 developers
Provide training resources
Collect daily feedback
Identify common use cases

Phase 2: Expand (Week 3-4)

Roll out to full team
Share pilot learnings
Create team .cursorrules
Establish code review practices

Phase 3: Optimize (Month 2+)

Measure productivity metrics
Refine prompting patterns
Build custom snippets/templates
Regular knowledge sharing

Measuring Success

Individual Metrics:

code

Track Weekly:
├── Tasks completed
├── Pull requests merged
├── Time to completion
├── Code review feedback
└── Self-reported satisfaction

Team Metrics:

code

Track Monthly:
├── Sprint velocity change
├── Bug rates (AI-assisted vs manual)
├── Onboarding time for new devs
├── Code quality scores
└── Developer satisfaction surveys

Code Review Practices

For AI-Generated Code:

code

Code Review Checklist:
□ Logic is correct and complete
□ Edge cases are handled
□ Security patterns followed
□ Tests cover AI-generated code
□ No hardcoded values
□ Consistent with codebase style
□ Documentation is accurate
□ Dependencies are appropriate

Troubleshooting

Common Issues

Slow or No Suggestions:

code

Fixes:
1. Check internet connection
2. Verify authentication
3. Clear extension cache
4. Check language support
5. Reduce file size (split large files)

Poor Quality Suggestions:

code

Improvements:
1. Add more context (comments, types)
2. Check .cursorrules configuration
3. Ensure codebase is indexed
4. Use @ mentions for relevant files
5. Provide examples in comments

Authentication Failures:

code

Resolution:
1. Sign out completely
2. Clear browser cookies
3. Revoke OAuth access
4. Re-authenticate
5. Check organization permissions

Future Trends

Coming in 2026-2027:

Autonomous coding agents
Multi-repository awareness
Real-time collaboration with AI
Custom model fine-tuning
Voice-driven development
Visual programming integration

Prepare Now:

Build AI fluency in your team
Establish governance frameworks
Invest in prompt engineering skills
Create feedback loops for improvement

Need help implementing AI code assistants? Our team has deployed developer tools for organizations of all sizes. Contact us for expert guidance.

January 202612 min read

AI Code Assistants Guide

Master AI coding assistants. GitHub Copilot, Cursor, Amazon CodeWhisperer setup, comparison, and best practices for developers.

The AI Coding Revolution

The Business Impact

The productivity gains from AI code assistants are significant and measurable:

GitHub Research: Developers using Copilot complete tasks 55% faster on average, with the greatest gains on unfamiliar codebases and languages.

Platform Comparison

GitHub Copilot

The market leader backed by Microsoft and OpenAI.

Capabilities:

Real-time code suggestions
Whole function generation
Natural language to code
Multi-file context awareness
Documentation generation
Test case creation
Code explanation

Supported Environments:

VS Code
JetBrains IDEs
Neovim
Visual Studio
GitHub.com (browser)

Pricing:

Best For: Teams already in the GitHub ecosystem, broad language support needs.

Cursor

AI-native code editor built from the ground up for AI assistance.

Capabilities:

Multi-file editing (Composer)
Codebase-aware chat
Built-in terminal with AI
Multiple model support (Claude, GPT-4)
@ mentions for context
Tab completion with preview
Command+K for inline editing

Unique Features:

Apply AI suggestions across multiple files simultaneously
Reference any file with @ mentions
Designed specifically for AI workflows
Faster than plugin-based solutions

Pricing:

| Plan | Price | Features | |------|-------|----------| | Free | $0 | Limited AI requests | | Pro | $20/mo | Unlimited premium requests | | Business | $40/user/mo | Team features, analytics |

Best For: Developers who want AI as a first-class feature, complex multi-file changes.

Amazon CodeWhisperer

AWS-native AI coding assistant.

Capabilities:

Code suggestions
Security scanning
Reference tracking
AWS service integration
Support for 15+ languages

Unique Features:

Built-in security vulnerability scanning
Tracks code that matches training data
Deep AWS SDK knowledge
Free tier for individuals

Pricing:

| Plan | Price | Features | |------|-------|----------| | Individual | Free | Full features, usage limits | | Professional | $19/user/mo | Admin, security, unlimited |

Best For: AWS-heavy teams, security-conscious organizations, budget-conscious individuals.

Codeium

Free AI coding assistant with enterprise options.

Capabilities:

Code completion
Chat interface
Search functionality
70+ languages supported
IDE extensions

Unique Features:

Free for individuals (no usage limits)
Self-hosted option
No data retention on free tier
Trained on permissively licensed code

Pricing:

| Plan | Price | Features | |------|-------|----------| | Individual | Free | Full features | | Teams | $12/user/mo | Admin, analytics | | Enterprise | Custom | Self-hosted, fine-tuning |

Best For: Cost-conscious teams, organizations concerned about code licensing.

Tabnine

Privacy-focused AI completion.

Capabilities:

Code completion
Whole-line suggestions
Natural language to code
Team learning

Unique Features:

Runs locally (no code leaves your machine)
Learns from your codebase
On-premise deployment
GDPR/SOC2 compliant

Pricing:

| Plan | Price | Features | |------|-------|----------| | Starter | Free | Basic completion | | Pro | $12/mo | Full features | | Enterprise | Custom | Self-hosted, private models |

Best For: Highly regulated industries, air-gapped environments, privacy requirements.

GitHub Copilot Deep Dive

Setup Guide

Step 1: Subscribe

Visit github.com/features/copilot
Choose Individual or request Business/Enterprise from admin
Complete payment

Step 2: Install Extension

VS Code:

code

1. Extensions (Ctrl+Shift+X)
2. Search "GitHub Copilot"
3. Install
4. Sign in with GitHub account
5. Authorize application

JetBrains:

code

1. Settings → Plugins
2. Search "GitHub Copilot"
3. Install
4. Restart IDE
5. Authenticate via browser

Step 3: Configure Settings

code

// VS Code settings.json
{
  "github.copilot.enable": {
    "*": true,
    "yaml": false,
    "markdown": true,
    "plaintext": false
  },
  "github.copilot.advanced": {
    "debug.showScores": true,
    "inlineSuggestCount": 3
  }
}

Effective Usage Patterns

Pattern 1: Comment-Driven Development

code

# Function to calculate compound interest
# Parameters: principal, rate (annual), time (years), n (compounds per year)
# Returns: final amount and interest earned as a tuple
def calculate_compound_interest(principal, rate, time, n):
    # Copilot generates implementation

Pattern 2: Example-Driven Generation

code

// Example:
// Input: [1, 2, 3, 4, 5]
// Output: { sum: 15, average: 3, min: 1, max: 5 }
function analyzeNumbers(numbers: number[]): {
  // Copilot understands from example
}

Pattern 3: Test-First Generation

code

def test_user_registration():
    # Test valid registration
    result = register_user("test@example.com", "SecurePass123!")
    assert result.success == True
    assert result.user.email == "test@example.com"

    # Test duplicate email
    result = register_user("test@example.com", "AnotherPass456!")
    assert result.success == False
    assert "already exists" in result.error

# Copilot can now generate the register_user function

Pattern 4: Documentation Generation

code

def process_payment(
    amount: Decimal,
    currency: str,
    customer_id: str,
    idempotency_key: str
) -> PaymentResult:
    """
    # Type cursor here and Copilot generates full docstring

Copilot Chat

Copilot Chat enables conversational interactions:

Explaining Code:

code

/explain

What does this regex do?
^(?=.*[A-Z])(?=.*[a-z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,}$

Fixing Errors:

code

/fix

This code throws "TypeError: Cannot read property 'map' of undefined"

const items = data.results.map(item => item.name);

Generating Tests:

code

/tests

Generate unit tests for this function:

function validateEmail(email: string): boolean {
  const regex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
  return regex.test(email);
}

Refactoring:

code

/refactor

Make this code more maintainable and add error handling:

async function fetchData() {
  const res = await fetch(url);
  const data = await res.json();
  return data.items.filter(i => i.active);
}

Cursor Deep Dive

Setup Guide

Step 1: Install Cursor

Download from cursor.sh
Install for your platform
Launch and import VS Code settings (optional)

Step 2: Configure AI Models

code

Settings → Models
├── Default: Claude 3.5 Sonnet (recommended)
├── Fallback: GPT-4
├── Fast: GPT-3.5 Turbo
└── Custom: Add API keys for direct access

Step 3: Set Up Codebase Indexing

code

Settings → Features → Codebase Indexing
├── Enable automatic indexing
├── Configure ignored patterns
└── Set refresh frequency

Key Features

Composer (Multi-File Editing)

Composer allows AI to edit multiple files in a single operation:

code

Command: Cmd+I (Mac) / Ctrl+I (Windows)

Prompt: "Add authentication middleware to all API routes
and create a new auth service file"

Cursor will:
1. Analyze your codebase structure
2. Create src/services/auth.ts
3. Modify src/routes/api.ts
4. Update src/middleware/index.ts
5. Show unified diff for review

@ Mentions for Context

Reference specific files, symbols, or documentation:

code

Chat prompt with context:

"@users.ts @auth.ts How do I add role-based access control
to the getUser function? Use the same pattern as @orders.ts"

Available @ mentions:

@filename - Include file content
@symbol - Reference function/class
@folder - Include directory structure
@docs - Search documentation
@web - Search the web
@codebase - Search entire project

Tab Completion with Preview

Cursor shows predicted completions with full preview:

code

Type: function calculate
Tab preview shows complete implementation
Tab again to accept

Command+K Inline Editing

Edit code inline with natural language:

code

1. Select code block
2. Press Cmd+K
3. Type: "add error handling and logging"
4. Review changes
5. Accept or modify

Cursor Rules

Create .cursorrules file for project-specific AI behavior:

code

# Project Coding Standards

## Language & Framework
- This is a Next.js 14 project with TypeScript
- Use App Router patterns exclusively
- Prefer Server Components where possible

## Code Style
- Use functional components only
- Prefer named exports over default exports
- Use Tailwind CSS for styling
- Follow Airbnb ESLint rules

## Patterns
- Use React Query for server state
- Use Zustand for client state
- Follow the repository pattern for data access
- Place shared types in src/types/

## Naming Conventions
- Components: PascalCase (UserProfile.tsx)
- Hooks: camelCase with 'use' prefix (useAuth.ts)
- Utils: camelCase (formatDate.ts)
- Constants: UPPER_SNAKE_CASE

## Testing
- Write tests for all new components
- Use React Testing Library
- Aim for 80% coverage on critical paths

Amazon CodeWhisperer Setup

Individual Setup

Step 1: Create AWS Builder ID

Visit aws.amazon.com/codewhisperer
Click "Get started free"
Create AWS Builder ID (no AWS account needed)

Step 2: Install Extension

VS Code:

code

1. Extensions marketplace
2. Search "AWS Toolkit"
3. Install
4. Open AWS Toolkit panel
5. Click "CodeWhisperer: Start"
6. Authenticate with Builder ID

JetBrains:

code

1. Settings → Plugins
2. Install "AWS Toolkit"
3. Tools → AWS → CodeWhisperer
4. Sign in with Builder ID

Professional Setup (Organization)

Step 1: Enable in AWS IAM Identity Center

code

AWS Console → IAM Identity Center → Applications
├── Add application
├── Select CodeWhisperer
├── Configure user access
└── Set up groups

Step 2: Configure Profile

code

// AWS config
[profile codewhisperer]
sso_session = my-sso
sso_account_id = 123456789012
sso_role_name = CodeWhispererUser
region = us-east-1

Security Scanning

CodeWhisperer includes built-in security scanning:

code

Enable: AWS Toolkit → CodeWhisperer → Run Security Scan

Scan Results:
├── Vulnerability type
├── Severity (Critical/High/Medium/Low)
├── Affected code location
├── Remediation suggestions
└── CWE reference

Common Detections:

SQL injection vulnerabilities
Cross-site scripting (XSS)
Hardcoded credentials
Insecure cryptography
Resource leaks

Reference Tracking

CodeWhisperer can identify code that matches training data:

code

Settings → CodeWhisperer → Reference Tracking

Options:
├── Show references: Display attribution
├── Block with references: Don't suggest matching code
└── Allow all: No restrictions

Best Practices

Prompt Engineering for Code

Be Specific About Requirements:

code

# Bad: sort the list
# Good: Sort users by last_login descending, then by name ascending
# Handle None values by placing them at the end
def sort_users(users: list[User]) -> list[User]:

Provide Types and Constraints:

code

// Specify types explicitly
interface SearchParams {
  query: string;
  page: number;      // 1-indexed
  limit: number;     // max 100
  sort: 'relevance' | 'date' | 'popularity';
}

// AI generates better code with clear types
function search(params: SearchParams): Promise<SearchResult> {

Include Edge Cases:

code

# Parse user input to integer
# Handle: empty string, whitespace, non-numeric, overflow
# Return None for invalid input
def safe_parse_int(value: str) -> int | None:

Security Considerations

Review Generated Code:

code

# AI-generated database query - REVIEW FOR SQL INJECTION
def get_user(user_id: str):
    # ✗ Dangerous - AI might generate this
    query = f"SELECT * FROM users WHERE id = '{user_id}'"

    # ✓ Safe - Always use parameterized queries
    query = "SELECT * FROM users WHERE id = %s"
    cursor.execute(query, (user_id,))

Don't Trust Blindly:

code

// AI suggestion - verify the logic
function isAdmin(user: User): boolean {
  // AI might suggest simplified logic
  // Always verify authorization patterns
  return user.role === 'admin';
}

// Better: centralized authorization
function isAdmin(user: User): boolean {
  return authorizationService.checkPermission(user, 'admin');
}

Protect Sensitive Data:

code

# Never let AI see real credentials
# Use environment variables
import os

# ✗ Bad - credential in code
api_key = "sk-1234567890abcdef"

# ✓ Good - environment variable
api_key = os.environ.get("API_KEY")

Productivity Patterns

Learn the Shortcuts:

Build Muscle Memory:

code

Daily Practice:
1. Write clear comments before functions
2. Use chat for explanations, not Google
3. Generate tests with /tests command
4. Refactor with natural language
5. Review and understand all suggestions

Combine with Other Tools:

code

Effective Workflow:
1. Design with AI chat (architecture discussion)
2. Implement with code completion
3. Test with AI-generated test cases
4. Review with AI explanations
5. Document with AI docstrings
6. Deploy with standard CI/CD

Team Adoption

Rollout Strategy

Phase 1: Pilot (Week 1-2)

Select 3-5 developers
Provide training resources
Collect daily feedback
Identify common use cases

Phase 2: Expand (Week 3-4)

Roll out to full team
Share pilot learnings
Create team .cursorrules
Establish code review practices

Phase 3: Optimize (Month 2+)

Measure productivity metrics
Refine prompting patterns
Build custom snippets/templates
Regular knowledge sharing

Measuring Success

Individual Metrics:

code

Track Weekly:
├── Tasks completed
├── Pull requests merged
├── Time to completion
├── Code review feedback
└── Self-reported satisfaction

Team Metrics:

code

Track Monthly:
├── Sprint velocity change
├── Bug rates (AI-assisted vs manual)
├── Onboarding time for new devs
├── Code quality scores
└── Developer satisfaction surveys

Code Review Practices

For AI-Generated Code:

code

Code Review Checklist:
□ Logic is correct and complete
□ Edge cases are handled
□ Security patterns followed
□ Tests cover AI-generated code
□ No hardcoded values
□ Consistent with codebase style
□ Documentation is accurate
□ Dependencies are appropriate

Troubleshooting

Common Issues

Slow or No Suggestions:

code

Fixes:
1. Check internet connection
2. Verify authentication
3. Clear extension cache
4. Check language support
5. Reduce file size (split large files)

Poor Quality Suggestions:

code

Improvements:
1. Add more context (comments, types)
2. Check .cursorrules configuration
3. Ensure codebase is indexed
4. Use @ mentions for relevant files
5. Provide examples in comments

Authentication Failures:

code

Resolution:
1. Sign out completely
2. Clear browser cookies
3. Revoke OAuth access
4. Re-authenticate
5. Check organization permissions

Future Trends

Coming in 2026-2027:

Autonomous coding agents
Multi-repository awareness
Real-time collaboration with AI
Custom model fine-tuning
Voice-driven development
Visual programming integration

Prepare Now:

Build AI fluency in your team
Establish governance frameworks
Invest in prompt engineering skills
Create feedback loops for improvement

Need help implementing AI code assistants? Our team has deployed developer tools for organizations of all sizes. Contact us for expert guidance.