Great timing as I'm exploring the space to get rid of Cursor in our stack.
For local dev everyone is switching to Claude Code or Codex.
The state of the art for cloud agents in my opinion right now is Cursor. But their pricing model per-user doesn't make sense when what I want is to enable anyone in the company to fix things in the product.
2 things not immediately clear from your homepage:
- do you support full computer use? Again Cursor is the best I've tried there
- what kind of triggers do you support? We have in particular one automation built with cursor to auto approve PRs that are low-risk. It triggers on a specific comment on a PR
Finally some advice from a user's pov: you need to invest a lot in the onboarding experience. I tried Devin today and it couldn't get it to work after one hour of fiddling. How do you store the repo's setup scripts? Cursor cloud is pretty opaque and annoying to configure on that side.
Anyway I'll try it!
On computer use: Yes. Sandboxes come with a computer-use CLI for driving Linux GUI apps via X11.
On triggers: Cron, GitHub (PRs, issues, @twill mentions in review comments), Slack, Linear, Notion, Asana webhooks, plus CLI and web. Our PR-comment workflow is you would have to tag @twill with an instruction. That being said, you can also setup a daily cron on Twill that checks PRs with a specific label like Confidence Score : x/5 and tell it to auto-approve when 5/5 for example.
On setup scripts: Per-repo entrypoint script, env vars, and ports, all accessible on the UI. There is a dedicated Dev Environment agent mode that you start with to setup the infra. You can steer the agent into how to setup if it gets stuck. So this should be smooth. The agent can also rewrite the entrypoint mid-task.
There is also a Twill skill you can add to your local agents to dispatch tasks to Twill. Meaning you can research and plan locally using your CLI and delegate the implementation to a sandbox on Twill.
I’ve been hacking on something in this vein and would love your feedback.
What if you could reuse your CI env by using Github Actions as your sandbox. You can reuse the caching, any oidc based roles and self host via runs-on.com for cost and performance. We expose a claude code web experience of interactive low latency chat. I have a working prototype I’m happy to share if you think it would be interesting.
This is very convenient but has limitations. GitHub actions are not built to resume state (conversations in our case) and handle multi player experiences.
However reusing the GitHub workflows out of the box feels really nice
I'm currently in that hellish process too... I don't know how to get out of it. Did you know that your employees will be forbidden from downloading from the App store once you launched that migration? It's a nightmare
Apple and MDM has always been a shit show. In the days as recently as Ventura (last time I tried it), MDM bypass was as simple as "null route 4 DNS entries during install process, remove null routing after install complete, and never be bothered by it again". This is on Apple Silicon. With no workarounds or anything, upgrades work all the way up to Tahoe.
Like really Apple, that's your device "locking"? I could test activate my work Mac with my personal Apple ID while doing this, no alarm bells, nothing, effectively "It's your laptop now".
MacOS used to be excellent for a short period of time when Fleetsmith existed. Then Apple purchased Fleetsmith around 2020 and killed the product not long after.
Fortunately around the same time, JamF ended the practice of the mandatory Jamf JumpStart (£5K fee), which finally made Jamf a feasible option for the company I was in at the time.
Of course there is a kill switch. This is one of the key features of an MDM/endpoint manager. You won't be able to sell one without it. It's also built in to apple's management protocol (which most endpoint management systems leverage) and in activesync.
You just have to secure it properly. Have limits to how many one admin can wipe etc. But trust me every company with managed IT assets has this capability. Often even in BOYD scenarios! Stryker just failed to secure access to it properly and to set sensible limits.
However, the feature isn't very effective in the field. It's very unlikely for an attacker to be smart enough to bypass the password on a stolen Mac which is needed to connect it to WiFi, yet at the same time be dumb enough to connect it to the unfiltered internet so it can receive the wipe command. The overlap between these sets of people is almost zero. We do fire a wipe at every stolen computer but I doubt it ever actually happens. If it ever happens it'll be a total end user fail (like writing the password on a post-it with the laptop)
Either you will lose it to a common thief who won't be able to breach the login (99% of cases), or to a really targeted adversary who has cellebrite or something similar and won't connect it to the internet ever again. This is still the most risky scenario because if someone like that steals it, there's bound to be something really valuable on it.
In practice this is something more suited to mobile devices.
It can be done that way, but it is definitely not the norm. Businesses will generally “purchase” (many for €0) apps in ABM that are to be used for business purposes and push those to devices, the user can then use an Apple ID to download any other apps they want for personal use.
If they’re using Managed Apple IDs they will have no access at all to the app store and won’t be able to download their own apps anymore. IT department will have to buy and assign any apps that anyone needs, even the $0 ones that only 1 person needs.
Yep. Truly horrid policy. Where I work our issued iPhones suck to use without App Store access; no Bitwarden was the killer for me personally. Everyone I checked with uses their personal email/Apple ID instead of the MAID, and there's a sword over your head if you ever accidently copy/paste something from internal emails to something like Notes which has iCloud sync (we're semi serious about leaker). Absolute failure of an MDM setup by Apple.
MDM can restrict pasteboard from managed apps to non-managed apps, as well as allowing iCloud sign-ins but restricting which iCloud services are allowed.
It's an absolute failure of the MDM server administrator for allowing such things, not on Apple.
I haven’t. Did have issued laptops that were company managed but I basically didn’t use and, in any case, I like many others reinstalled a clean operating system image and did my own support.
At most decent sized companies with a cyber security and network admin team, this is probably the fastest way to get disconnected from the internal corporate network with no way to reconnect.
I always seem to end up with local admin at the bigger places I've been at because I'm so annoying with onboarding and requesting access to download development tools.
I was talking about domain capture. If you own my apple ID just because I used the company email to register it, I will definitely consider sueing you.
Just on a personal note, tying your personal devices to your work email account is a very silly thing to do. Even if it's your company you could be locked out of your company email account at any time (HR grievance, SEC investigation, hostile takeover...) Losing access to your devices and not being able to access things like reset emails at the same time would not be fun.
This was a big pain in the ass for me to figure out. I ended up using the free version of Mosyle and hiring someone on Fiverr to help me figure out how to get the licenses assigned to our managed devices.
I did not. If I had known what would happen when we tried this we would have skipped the process entirely. Our staff (roughly 125) was so confused and it wasted a lot of time communicating about it, then trying to roll it back, etc.
The Domain Capture process cannot be canceled once it’s started. It’s also not required, unless by your company policy.
The point is to make sure there’s not a mess on the other end when you enforce SSO for MAIDs.
Apple’s documentation for ABM and ABE is atrocious, but they do manage to document a bunch of footguns, just poorly and in seemingly bizarre places.
For example, ABE doesn’t support MDM migration (either as source or destination), despite the fact that the feature launched with macOS/iOS/iPadOS 26 and is supported by other MDM solutions.
And you cannot push custom config profiles with ABE which declare a non-Apple preference domain. Utter nonsense.
If you’re using the full ABM-with-ADE and MDM stack, it’s expected that you push apps to employees.
You can also use Munki to make apps available to users. You can just push only Munki via MDM if you want, and let it manage app installs and self service installs for you. There are caveats.
Dashdoc is a fast-growing transport management platform for the road freight transportation industry.
We're hiring a Lead Software Engineer to work on our Invoicing domain. Small 3-person (including you) team, great impact on tens of thousands of people using the tool all day everyday, great colleagues, international context, access to good tools (Cursor, Claude Code).
It doesn't matter. Office suites are a commodity. Google suite is knockoff of MS Office at certain point in time. That's just the nature of digital - information want's to be free.
It's network effects / lock-in. There is a reason why people still use Microsoft Office and that is that surprising amount of industries have everything build around it. In my country anything law related is submitted in Microsoft Word. Academic texts? Microsoft Word. Communication with government? Microsoft Word.
The reason why Google Docs somewhat managed to break this was 1. free, 2. multiplayer/easy to share.
One law about requiring the state documents to be submitted in open formats, editable in libre software... and the lock instantly breaks.
