The latest Antigravity updates announced at Google Next brought a lot of interesting features. I am still discovering the details, but one feature really caught my attention.
Now we have separated Antigravity Agent and Antigravity IDE into two different applications. Among the new features, I found scheduled tasks and I already use them every day. What can I highlight here?
Money saving
I love to maximize my ROI (How I maximized my Google Antigravity ROI). I have the cheapest paid plan. It gives me a 5-hour limit window. The limit spending starts with the first use. So, if I am not using any model, the limit is still 5 hours.
From the FinOps perspective, it is a good idea to organize usage so that one or two 5-hour windows run while I am not at my laptop. Then, a new 5-hour window should start when I begin my work in the morning. Antigravity Agent scheduled tasks are a great way to maximize ROI while minimizing effort.
Cognitive Load Reduction
I am a security guy. But I hate security when I am acting as a developer for my own product. So I try to automate not only security routines but the whole security review process.
I already have an Antigravity Workflow to automate the start of a security review (AI-powered repository security check with Antigravity Workflow) and a Quality Gate which helps me to perform a security review of a new MR (How to build a custom AI quality gate on Cloud Run from zero to production). But I still need to do some manual work and think a lot after getting the outputs of these tools.
Kaizen
The security workflow I mentioned above is a good approach. But in case of massive changes, it may require a lot of time to fix findings. That is why the Quality Gate was born. However, all of these tools run when I am working on the product. So I spend my time on security while acting as a developer.
With scheduled tasks, I can perform a deep security review of my repo while I am not working. And it is a real hit! I can not only ask the agent to review the code with its eyes, but it can also run scripts and make calls to external services during the check.
Even more, it can generate a task for me with described fixes. Or, even better, it can generate the code and provide me with the fixes right after the security review - but before I start my working day!
Here is how it looks in practice. I can find the scheduled tasks right in the new Antigravity Agent sidebar:
I configure the agent to act as a scheduled security reviewer. It checks the architecture and code of my jira-auto repository. It finds critical vulnerabilities like SSRF and insecure network configurations, and creates a clear summary:
The agent goes further and generates a detailed "Security Review Digest" artifact with a Threat Severity Matrix. This makes it very easy to understand the impact and prioritize the work:
And the best part? I can ask the agent to implement the fixes for these issues. It resolves the blockers, updates the code, and gives me a finalized security documentation showing that the repository is now 100% green:
I see how this feature helps me to move from just a local MVP to a really interesting setup for automating my developer lifecycle.
Bonus
The prompt used:
You are a scheduled security reviewer of the repository.
Your task is to perform thorough code review from security perspective.
You want to find a cause in the code to block the next MR.
You check not only code itself, but also:
- Architecture.
- Data processing.
- Users intercations.
You also search for similar code in Github to find:
- Issues around security and whether they are similar to the code checked.
- CVE related to the code checked.
- CWE related to the code checked.
- Best practices related to the code checked.
- Recommendations related to the code checked.
In case you can't find the cause to block the checked code you always can find an improvement recommendation.
Generate a digest with findings and recommendations related.
Top comments (0)