IDE Assistant Selection by Code Loop

TL;DR

Engineers do seven different things with AI coding assistants: autocomplete while typing, single-file edits, multi-file refactors, autonomous feature builds, pull request review, codebase question-and-answer, and test generation. Each is best served by a different tool, and most teams end up paying for three or four overlapping tools that produce inconsistent code style and a bill nobody can defend. The right answer is to pick one tool per loop. For a small team, the appropriate total is $40 to $65 per engineer per month, with optional add-ons for autonomous agents or large-codebase navigation when the work justifies them.

AI coding assistants are not one tool

An engineer pays for GitHub Copilot Pro at $10 a month, Cursor Pro at $20, and Claude Pro at $20. The visible bill is $50 a month; the real cost is that autocomplete, chat, and small edits now compete for the same mental slot, and every generated patch arrives in a different style. By the end of the quarter, nobody can explain which tool earned its line item.

An engineering manager standardizes on Copilot Business at $19 per seat because GitHub procurement is easy, then lets the team expense Cursor Teams at $40 per seat because engineers like Composer. That's $59 per seat per month before any review bot, terminal agent, or cloud agent, and across a 20-person team it's $14,160 a year for two tools that compete for the same daily inner loop.

A founder buys Devin Pro at $20, Replit Pro at $100, and Codex Plus at $20, then asks all three to build the next feature. One agent leaves a half-working prototype on a branch, one opens a PR against main, and one changes the same files locally. Nobody owns the architecture, the auth path, or the deployment decision.

Three teams, three failures, one category mistake. AI coding assistants haven't become one tool; they've become a stack of work-loop tools that share a procurement label.

The frontier model that ships clean function completions inside a single file is the wrong agent for changing a pattern across 40 files. The repo-aware refactor tool that runs in the terminal is the wrong tool for one-line tab completions inside the IDE. The autonomous cloud agent that closes a PR is the wrong tool for the keystroke-level help an engineer wants every minute. The mistake isn't the tool; it's the absence of a per-loop routing map.

The right question isn't which AI coding assistant is best, because the leaderboard answers that with a different vendor every quarter and the answer keeps changing. The right question is sharper: which work loop am I running right now, which assistant earns that loop today, and where does the human engineer have to step back in regardless of which tool produced the file?

Seven work loops matter for most engineering teams: inner-loop autocomplete, single-file edit via in-IDE chat, multi-file refactor, agentic feature build, AI code review on pull requests, codebase question-and-answer and navigation, and test generation. Each has a different tool that earns the slot today, a different ceiling (intent, hidden coupling, architectural substitution, product ambiguity, approval authority, judgment, test oracle), and a different return point for the human engineer.

A 30-day consolidation rollout

The temptation when the AI coding market moves is to add a fourth subscription because the latest model scored higher on a benchmark. Each new subscription teaches a different prompt grammar, a different commercial-use posture, and a different keyboard shortcut, and the team burns four learning curves to ship the same code.

Days 1 to 7: Use only what you already pay for. No new subscription this week. Run whichever inner-loop autocomplete tool the team already has (Copilot for most, Tabnine for regulated environments, Cursor Tab for Cursor-standard teams) and disable duplicates. Track accepted completions that survived PR review, not lines generated. The deliverable answers a real question: does the autocomplete tool you already pay for earn its line item, or could you cancel it tomorrow?

Days 8 to 14: Add the in-IDE chat editor only if bounded edits are a real recurring need. Cursor Pro at $20 or Windsurf Pro at $20. Ship one cleanup PR by Friday: five ugly functions refactored, with before-and-after diffs reviewed by a human. Cancel the subscription at the end of the week if the diffs require more rewriting than they save.

Days 15 to 21: Bring in the multi-file refactor tool. Claude Code (included in Claude Pro at $20 a month or $17 annual), Aider (open-source, BYO inference), or Cursor Composer (already included with Cursor). Choose one grepable refactor with a known success condition: one deprecated API call, one error type, one logging pattern. By Friday, land a PR where every modified file is mechanically explainable.

Days 22 to 30: Test the agentic and review layers, then keep or cut. Try Codex Plus ($20) or Devin Pro ($20) on one bounded feature ticket with explicit acceptance criteria, and try CodeRabbit Pro ($24 per seat annual) on ten PRs in suggestion-only mode. By Friday, ship one finished ticket and one set of triaged PR-review comments. Drop any tool that only produced overlap; keep only the one that changed cycle time or defect rate enough to defend the seat cost.

Skipping a week is permitted. Skipping Week 1 isn't. The rest of this Dossier maps each work loop, names where the engineer has to step back in, and inventories the cost pattern that earns its keep.

The seven work loops

The work loop decides the tool. Below, each loop gets the same treatment: the tool that earns the slot today, what ships clean, where the ceiling sits, and the action plan for week one. The action plans assume you're running that loop from scratch this quarter; if a workflow is already in place and working, the answer is to keep it and skip the section.

Inner-loop autocomplete

Tab completion, single-line and small-block suggestions while typing. The slot belongs to GitHub Copilot for most GitHub-centered engineering teams, not because Copilot is the most exciting assistant but because the inner loop rewards low-friction distribution, predictable tab completion, broad editor coverage, and enterprise controls more than ambitious autonomy. GitHub Copilot Business is $19 per seat per month and Enterprise is $39 per seat per month. Copilot Free includes 2,000 completions and 50 premium requests, but GitHub frames Free as personal use; for company code, Business or Enterprise is the clean path.

What ships clean:

• Boilerplate
• Idiomatic line completions
• Small helpers and framework glue
• Import statements
• Repetitive type definitions

Inner-loop autocomplete is useful when the next line is obvious but tedious.

The ceiling appears at intent. Autocomplete predicts the next code-shaped thing; it doesn't know why the feature exists, whether the abstraction should exist, whether the data should be persisted, or whether the caller graph will break. The named failure mode is plausible local continuation: the suggestion looks like the local file but violates the product or the architecture.

Strong adjacent fits: Tabnine earns the regulated inner-loop slot when privacy and deployment control matter more than frontier model quality, and Tabnine doesn't retain, share, or train on customer code (Enterprise can run on-prem, in a VPC, or air-gapped). Supermaven earns a speed-focused slot but is now structurally adjacent to Cursor after joining the company in 2024.

If you start this week, pick one autocomplete provider, disable the others, and run five normal coding sessions with acceptance tracking. Don't measure lines generated; measure accepted completions that survived review. By Friday, ship one ordinary PR with the assistant on and one comparable PR with it off. If nobody can tell which is cleaner, keep the cheapest governed option.

Single-file edit via in-IDE chat

The bounded edit on a visible function, class, or local file. The slot belongs to Cursor for teams that can make Cursor the daily IDE. Cursor's value isn't the chat itself; it's the editor wrapper around the chat, with code context, Composer-style edits, project rules, agent mode, MCP, checkpoints, and a workflow that lets the engineer stay inside the file being changed. Cursor Pro is $20 per month, and Teams is $40 per seat per month with enforced privacy mode, team context, SAML and OIDC SSO, analytics, and admin controls.

What ships clean:

• Function extraction
• Error handling
• Naming cleanup
• Small migration edits
• Docstrings and simple validations
• Short helper tests
• Local refactors where the engineer can see the full blast radius

The ceiling appears at hidden coupling. A single-file edit fails when the meaningful dependency sits outside the file: a caller relies on current exception behavior, a test fixture encodes a hidden assumption, or a service contract depends on a field that looks removable. The named failure mode is bounded patch, unbounded impact.

Strong adjacent fits: GitHub Copilot Chat and Edits is the default fit for teams already standardized on Copilot Business or Enterprise. Windsurf Cascade is the stronger fit for teams that prefer an AI-native IDE with web search, terminal integration, rules, memories, MCP, previews, and deploys.

If you start this week, pick five ugly functions and require the assistant to produce before-and-after diffs, not free-form explanations. Add a project rules file that names the team's style, error-handling convention, and test preference, and ship one cleanup PR by Friday. Reject the tool for this loop if the human has to rewrite most of the diff or if the assistant changes behavior while claiming to preserve it.

Multi-file refactor

Change a pattern across many files in the same repo. The slot belongs to Claude Code. Anthropic describes Claude Code as an agentic coding tool that reads the codebase, edits files, runs commands, integrates with dev tools, and works across terminal, IDE, desktop, and browser. The SDK exposes file read/write/edit, bash, grep, glob, web search, hooks, subagents, MCP, permissions, and sessions. Claude Code is included in Claude Pro ($20 monthly, $17 annual) and Team Standard ($25 per seat monthly, $20 annual), with no model training on team workspaces by default. The same workflow runs against the API, where Opus 4.7 is $5 per million input tokens and $25 per million output, Sonnet 4.6 is $3 and $15, and Haiku 4.5 is $1 and $5.

What ships clean:

• Rename migrations
• Import reshaping
• Framework-version pattern changes
• API-signature migrations
• Test fixture updates
• Lint-driven cleanup
• Cross-file mechanical refactors that can be expressed as a pattern and defended with tests

The ceiling appears at architectural substitution. Claude Code can change many files, and that isn't the same as knowing whether the refactor is worth doing. The tool stops being trustworthy when the task requires domain ownership, unclear module boundaries, runtime integration knowledge, or hidden production constraints. The named failure mode is wide diff, weak invariant.

Strong adjacent fits:

• Aider for terminal-first engineers who want open-source, BYO inference, and git-native patching with diff review and auto-commit.
• Cursor Composer and Windsurf Cascade for teams that want multi-file edits without leaving the IDE.
• Cline for engineers who want an open-source agent runtime they can route through their own inference contracts.

If you start this week, choose one grepable refactor with a known success condition: one deprecated API call, one error type, one logging pattern, one test helper. Tell Claude Code to plan before editing, run tests after editing, and produce the changed-files list. By Friday, land a PR where every modified file is mechanically explainable. Don't start with auth, billing, migrations, or permission logic.

Agentic feature build

Long-running, autonomous: build feature X end-to-end, iterate against tests, open a PR. The slot belongs to Codex when the task is an engineering ticket that should end in a branch, tests, and a PR. OpenAI's Codex surface spans web, CLI, IDE extension, desktop app, iOS, cloud tasks, automatic code review, Slack integration, GitHub integration, browser and computer-use workflows, terminal actions, Git operations, MCP, plugins, automations, and skills. Codex is included in ChatGPT Go ($8), Plus ($20), Pro (from $100), Business (pay-as-you-go with no training on business data by default), and Enterprise (custom, with data residency, retention, RBAC, audit logs, and compliance API).

The benchmark signal is real here: OpenAI's GPT-5.3-Codex release claimed 56.8 percent on SWE-Bench Pro public and 77.3 percent on Terminal-Bench 2.0 at high reasoning. That's a model benchmark, not a guarantee that a Codex PR will be safe in your repo, but it still matters because agentic feature build is where long-horizon coding capability is most relevant.

What ships clean:

• Narrow feature tickets
• Bug fixes with reproduction steps
• Scaffolded endpoints
• UI wiring and test-backed helpers
• Docs updates
• PRs where acceptance criteria are written before the agent begins

The ceiling appears at product ambiguity. Autonomous agents don't own product intent, rollout strategy, threat models, or deployment safety. The named failure mode is completed ticket, wrong job: the PR passes local tests and still solves the wrong problem.

Strong adjacent fits:

• Devin when you want a cloud teammate that runs in its own VM, uses a browser and desktop, and integrates with Slack, Linear, Jira, GitHub, GitLab, and Datadog asynchronously; Devin Pro is $20, Max is $200, Teams is $80, and Enterprise is custom.
• GitHub Copilot cloud agent for GitHub-native issue-to-PR work.
• Replit Agent for greenfield apps and prototypes, not mature codebase work.
• Cline for teams that need agent automation under their own inference and approval policy.

If you start this week, choose one ticket with explicit acceptance criteria, a clean branch or worktree, no production secrets, and a test command the agent can run. Tell Codex to produce a PR plus a failure log. By Friday, accept only the parts that pass tests and survive human review. Don't ask an agent to build features touching auth, PII, billing, money movement, secrets, or database migrations on the first trial.

AI code review on pull requests

Reading the diff, surfacing risk, catching shallow bugs before a human reviewer sees the PR. The slot belongs to CodeRabbit because it's built around the review workflow rather than the editing workflow. CodeRabbit Pro is $24 per seat per month billed annually, Pro Plus is $48 per seat per month billed annually, and Enterprise is custom with RBAC, SSO, audit logging, API, self-hosting, multi-org support, SLA, and customer success. CodeRabbit's terms state that customer proprietary code remains confidential, code shared with third-party AI providers is under zero data retention, and neither CodeRabbit nor those providers use customer code to train models. CodeRabbit cites Martian's Code Review Bench, drawn from real developer behavior across nearly 300,000 PRs, where it ranked first by F1 among ten code-review tools.

What ships clean:

• PR summaries
• Suspicious-logic comments
• Missing-test flags and obvious edge cases
• Dependency or config concerns
• Style drift and docstring gaps
• Comments that point the human reviewer to the right part of the diff faster

The ceiling appears at approval. A review bot can surface risk; it can't approve intent, decide whether the business should accept the risk, or become accountable for production. The named failure mode is AI comment as rubber stamp.

Strong adjacent fits:

• GitHub Copilot code review for teams whose procurement center is GitHub.
• Codex review when Codex already owns the feature-build loop.
• Greptile at $30 per seat per month with 50 included reviews and $1 per additional review.
• Continue when source-controlled AI checks (markdown rules under .continue/checks/, enforced as GitHub status checks) are the workflow.

If you start this week, enable the bot in suggestion-only mode on ten PRs. Track which comments were accepted, which were false positives, which issues a human reviewer would have missed, and whether comments slowed the team down. By Friday, decide whether the bot is finding accepted issues. If it mostly rewrites style comments, don't pay for it.

Codebase question-and-answer and navigation

Where is auth implemented. Which service owns the rate-limit logic. How does billing wire up to entitlements. The slot belongs to Sourcegraph Enterprise for large codebases. Sourcegraph discontinued Cody Free, Pro, and Enterprise Starter in 2025 while continuing Enterprise support, and Sourcegraph Enterprise now starts at $16,000 per year and includes AI credits, whole-codebase search and navigation, Deep Search, Batch Changes, Insights, MCP, API, CLI, code-host integrations, single-tenant cloud, enterprise security, and support. Its AI terms say partner LLMs must not retain inputs or outputs beyond response generation, partner LLMs don't use Enterprise code for training, and customer content is used solely to provide the service unless the customer enables fine-tuning.

What ships clean:

• Onboarding explanations
• "Where is this implemented" answers
• Call-path discovery
• API usage lookup
• Migration blast-radius discovery
• Dependency search
• Short summaries of how a subsystem is wired

The ceiling appears at why. Codebase Q&A can tell you what the code appears to do; it can't reliably tell you why the team accepted a tradeoff, what political constraint shaped a design, or whether the architecture should change. The named failure mode is navigation mistaken for judgment.

Strong adjacent fits: GitHub Copilot Enterprise for GitHub-native orgs that index organizational codebase context. Cursor, Windsurf, Continue, Aider, and Claude Code with their repo maps work well for a single repo, but they aren't a replacement for an enterprise code graph across hundreds or thousands of repos.

If you start this week, write ten questions a new engineer actually asks: auth flow, rate-limit location, billing event path, feature-flag owner, deployment script, data retention policy, test fixture origin, rollback path. Ask Sourcegraph and a senior engineer side by side. By Friday, convert correct answers into onboarding docs and mark wrong or stale answers as retrieval failures, not as architecture decisions.

Test generation

Writing tests for existing code, scaffolding fixtures, covering edge cases. The slot belongs to Cursor for bounded module tests and Claude Code for cross-file test scaffolding. Test generation stays separate from edit generation because the clean output is different: a generated implementation can be wrong in obvious ways, while a generated test can pass while merely encoding the implementation.

What ships clean:

• Table-driven tests
• Fixture setup
• Regression tests for reproduced bugs
• Parser edge cases
• Snapshot cleanup
• Mocks for well-known interfaces
• Coverage around pure functions or stable module boundaries

The ceiling appears at the oracle. A test needs a claim about correct behavior; the model can write assertions, but the engineer has to decide what truth the assertion represents. The named failure mode is covered, not tested.

Strong adjacent fits: CodeRabbit and Continue as test-adequacy reviewers, asking whether the test actually exercises the changed behavior, whether edge cases are missing, and whether the test mocks away the thing it claims to test.

If you start this week, choose one module with known bug history. Ask the assistant for tests that fail before the fix or assert externally observable behavior, and review every mock. By Friday, land one test-only PR and one bug-fix PR where the generated test would have caught the old bug. Don't count coverage percentage as success unless the test would fail on a real defect.

Where the engineer steps back in regardless of tool

The line isn't "when the assistant gets it wrong." Generated code is wrong all the time, and humans catch it in review the same way they always have. The line is when the code commits something that survives review: a decision that moves money, a permission that grants access, a deploy that exposes data, a contract a customer depends on. Default-plausible code is fine inside a sandboxed feature behind a flag; it fails at the surfaces where blast radius, security, or business intent is the differentiator.

The engineer owns architecture. Generated patches change one file, one function, or one pattern; they don't know whether the abstraction should exist, whether the service boundary is right, or whether the refactor is worth doing this quarter. Domain ownership, module boundaries, runtime integration, and team-load tradeoffs are decisions about the codebase as a system. The assistant produces options. The engineer chooses.

Security review stays with a human who can explain the risk. Code touching auth, PII, secrets, payments, billing, permissions, encryption, dependencies, or network exposure carries blast radius that doesn't show up in unit tests. GitHub Copilot Business and Enterprise, Claude Team and Enterprise, OpenAI Business and Enterprise, and Cursor with Privacy Mode each promise different things about training and retention. None of them promises the code is safe. The threat model is the team's job, and "it passed CI" is not a security argument.

The engineer owns the oracle for tests. A model can write a test file in seconds; that file has assertions and runs green, and none of that proves the assertions are right. The covered-not-tested failure mode is the named risk: tests that encode the implementation, mock out the meaningful behavior, or reproduce the current bug as expected behavior. The engineer decides what truth the test represents and which mocks invalidate the verdict.

Intent verification is what the prompt couldn't say. Agents optimize for the prompt; product work depends on what wasn't in the prompt: the user the team didn't list, the edge case the PM forgot, the integration the spec assumed. A Codex or Devin PR can pass every acceptance criterion and still solve the wrong problem. The engineer reads the diff against the intent, not against the brief.

Deployment is not a generated artifact. A PR is not a deployable system. Migration order, rollback plan, monitoring coverage, alerting thresholds, feature-flag scope, and production blast radius are decisions the team makes about its own system. The model has no view of customer impact at three in the morning on a Friday. The engineer does.

Cost calculus and coexistence

The candidate paid stacks for an engineering team:

• The Copilot stack: Copilot Business at $19 per seat plus Claude Team Standard at $20 annual (or $25 monthly) per seat. Total $39 to $44 per engineer per month. Copilot owns autocomplete and ordinary IDE chat, and Claude Code owns multi-file refactors.
• The Cursor stack: Cursor Teams at $40 per seat plus CodeRabbit Pro at $24 annual per seat. Total $64 per developer per month. Cursor owns IDE edits and bounded agent work, and CodeRabbit owns PR review.
• The agentic-build add-on: Codex Plus at $20 or Codex Pro from $100, or Devin Pro at $20, Max at $200, or Teams at $80. These are ticket machines, not autocomplete substitutes. Buy them only if they land reviewable PRs that save human engineering time.
• The enterprise-navigation layer: Sourcegraph Enterprise from $16,000 per year. Justified by large-codebase onboarding, migration, and search value across many repos, not by single-repo Q&A.
• The PR review layer: one review bot only, unless the team is actively benchmarking. CodeRabbit, Greptile, Copilot code review, Cursor Bugbot, Codex review, and Continue checks overlap, and more bots produce duplicate comments and reviewer fatigue.

Don't pay for both Cursor Teams and Windsurf Teams as daily IDE assistants unless part of the org has deliberately standardized on Windsurf. The two products compete for the same loop, and the cost can't be defended.

Pitfalls and anti-patterns

Paying for three IDE assistants that overlap on the same loop

Copilot, Cursor, Windsurf, Tabnine, Supermaven, and Sweep can all compete for autocomplete and local edit. Pick one. Duplicate suggestions worsen style drift, raise the bill, and make the line items impossible to defend at the next budget review.

Treating Copilot autocomplete as a multi-file refactor agent

Copilot has agent and cloud-agent surfaces, but plain Copilot autocomplete and chat aren't the same as a terminal or composer refactor workflow. If the task changes 30 files, use an agent workflow with tests, not tabs and chat snippets.

Treating Devin, Codex, or Replit Agent as a daily-driver IDE assistant

These tools are useful when the output is a task, a branch, or a prototype. They're the wrong shape for constant keystroke-level help and the wrong unit economics for it.

Calling AI-generated tests "covered"

Coverage isn't correctness. Generated tests often assert implementation details, mock out the meaningful behavior, or reproduce the current bug as expected behavior. A green CI run with a model-written test is evidence of nothing until a human owns the oracle.

Using AI to bypass code review

CodeRabbit, Greptile, Copilot review, Codex review, Cursor Bugbot, and Continue can accelerate review, but they can't approve the PR. A review bot that becomes the gate is a rubber stamp, and review quality collapses on the same week the team realizes nobody is reading the diff.

Putting company code into consumer plans without reading data terms

GitHub consumer Copilot plans, Claude consumer plans, OpenAI consumer plans, Cursor with Privacy Mode off, and ordinary Replit plans don't all have the same company-code posture. Business, Team, Enterprise, API, zero data retention, self-hosted, and Privacy Mode settings aren't paperwork; they change the data path.

What to validate before paying for the stack

Before day one. List seven tasks, one per loop. Use real work, not toy prompts. Each task needs an owner, a baseline time, a test command, a review standard, and cost tracking, and you should disable duplicate assistants so each loop has one contender.

Week one: the daily loops. Run Copilot or Tabnine for autocomplete, Cursor or Windsurf for single-file edits, CodeRabbit or Greptile for PR review, and Sourcegraph or Copilot Enterprise on ten codebase questions. Record accepted completions, human rewrite rate, CI failures, review-comment acceptance, false positives, and time to merge.

Week two: the heavy loops. Run Claude Code or Aider on one multi-file mechanical refactor, Codex or Devin or Copilot cloud agent or Replit Agent on one agentic feature or prototype, and Cursor or Claude Code on one test-generation task. Record prompt count, token or credit cost, runtime, files touched, tests passed, reviewer comments, rollback work, and the percent of diff rewritten by a human.

Buy only if the loop wins. Autocomplete wins if accepted suggestions survive review without style drift. Single-file edit wins if it reduces rewrite time without hidden coupling bugs. Multi-file refactor wins if the PR is mechanically explainable and tests pass. Agentic feature build wins if a PR lands with less human rework than the baseline. PR review wins if accepted comments catch real issues. Codebase Q&A wins if answers are correct and sourced to files. Test generation wins if tests fail on the old bug or verify externally observable behavior.