AI Assisted Development - FAFO
Artificial Intelligence (AI) aka large language models (LLM) and generative AI development also referred to as vibecoding is the current buzzword and everyone wants to have some degree of AI integration with tooling and use-cases.
At its core a LLM is flawed and only as good as the data it is trained on thus they are prone to hallucinations and this project certainly highlighted that when Claude decided to invent a python library and function call that didn't exist then caused more pain than it was worth!
TL;DR I got Claude Code to write a VPN/endpoint deployment and generation tool for ease of access with minimal prompting to see how capable it was and what options it would suggest.
ZephrFishI have been using AI to help with some dev work for a number of years now but this is the first tool that I have built with just an architected design prompt and had Claude build the rest also known as VibeCoding.
The original why was because the UK has brought in restrictions to access various content (in this exact instance I was reading Reddit and it was blocked without a VPN or age verification :/) and I wanted something simple for one click deployment to get around restrictions, using the hacker mindset to circumvent controls and while I already use Mullvad VPN as a daily driver VPN, it's fun to build side projects.
So I started out with an idea, I wanted to create a universal WireGuard VPN configuration tool, similar to how the VPN Road Warrior creation script works (something I found over a decade ago and has been my goto for years) but across multiple cloud providers for options and also to see how well Claude would cope with building something of this nature in python with all sorts of features.
Initial Design / Concept
Lots of AI tools like Claude and ChatGPT work on conversational interaction but one thing they handle well is if you give them explicit prompts with a design of what you want, so that's exactly what I did in the first instance with Claude code, I set out the following prompt with everything I wanted to achived and what each thing should do:
Project Requirements
Create a comprehensive command-line tool called "vpngen" that automates the deployment and management of WireGuard VPN servers across multiple cloud providers (AWS, Azure, GCP).
Core Functionality
1. Multi-Cloud Deployment
- Deploy WireGuard VPN servers to AWS, Azure, and GCP
- Support multiple regions per provider
- Handle all infrastructure provisioning via Terraform
- Configure VPN servers automatically using Ansible
2. Automated Configuration
- Generate SSH keys automatically with proper naming (vpngen-region-key.pem)
- Configure WireGuard with secure defaults
- Set up proper NAT rules and IP forwarding
- Configure DNS-over-HTTPS for privacy
- Handle cloud-init timing and SSH connectivity issues
3. Client Management
- Add/remove VPN clients dynamically
- Generate client configuration files automatically
- Assign unique IP addresses from the subnet pool
- Track client connections per deployment
4. Deployment Tracking
- Unique deployment IDs (UIDs) for multiple instances per region
- Comprehensive inventory management system
- Track resources, costs, and status per deployment
- Support selective destruction by deployment ID
- AWS resource tagging with metadata
5. Cost Management
- Estimate costs based on instance types and regions
- Display daily, monthly, and yearly cost projections
- Support different instance sizes (t3.nano to t3.large for AWS, etc.)
- Show costs in the list command with public IPs and instance types
Technical Requirements
- Language: Python
- Infrastructure: Terraform for provisioning
- Configuration: Ansible for server setup
- VPN: WireGuard for secure tunnelling
- State Management: JSON-based inventory tracking
- Cross-Platform: Support Linux and macOS (with Homebrew instructions)
Commands to Implement
# Initialization
./vpngen init # Setup environment and dependencies
./vpngen configure # Configure cloud credentials
# Deployment
./vpngen deploy --provider aws --regions us-east-1,eu-west-1
./vpngen deploy --provider azure --regions uksouth --dry-run
./vpngen deploy --provider gcp --regions europe-west2
# Client Management
./vpngen client add --name laptop --server us-east-1
./vpngen client list
./vpngen client remove --name laptop --server us-east-1
# List and Monitor
./vpngen list # Show deployments with IP, type, costs
./vpngen list --detailed # Comprehensive report
./vpngen inventory show # Full inventory details
# Destruction
./vpngen destroy --provider aws --regions us-east-1
./vpngen destroy --id aws-us-east-1-abc123 --force
# Help and Examples
./vpngen examples # Show usage examples
./vpngen --help # Command help
Key Features to Include
1. Reliability
- Retry logic for SSH connections
- Proper error handling and logging
- Backup inventory before modifications
- State file management
2. Security
- Use strong SSH keys
- WireGuard must use encryption
- No hardcoded credentials
- Secure defaults for all configurations
3. User Experience
- Clean, professional output (no emojis)
- Clear progress indicators
- Helpful error messages
- Comprehensive examples command
4. Enterprise Features (modular design)
- High availability support
- Monitoring integration
- Backup management
- Certificate management
- Access control
- Audit logging
Problem Solving Requirements
The tool must address these common VPN deployment issues:
- SSH connection timeouts during initial setup
- WireGuard service configuration failures
- NAT and IP forwarding setup
- DNS resolution problems
- Cloud provider authentication
- Multiple deployments in the same region conflicts
- Cost tracking and optimisation
- Cross-platform compatibility
Deliverables
1. Main Python script (vpngen) with all commands
2. Terraform configurations for AWS, Azure, GCP
3. Ansible playbooks for server configuration
4. Library modules for specialised functionality
5. Comprehensive documentation (README.md, EXAMPLES.md, etc.)
6. Testing scripts and validation tools
The final tool should provide a solution for deploying and managing WireGuard VPN servers across multiple cloud providers with minimal manual intervention required.Now one could argue that the spec I laid out is long enough that I'd be as well writing the script myself with such an in-depth prompt but I wanted to see how Claude coped with something as robust. The results were pretty decent combined with SuperClaude which is a plugin for Claude Code that allows broader asks and agents to build things for you and hand off between agents.
Claude went off and did its thing and started building a folder structure, asked me for permission to use certain commands and ran with it. Eventually after some further prompting it build a proof of concept which I needed to manually tweak but it did kick out a decent enough PoC.
The options I wanted originally were to inlcude GCP but later found out that Google Cloud isn't as easy to play about with as AWS/Azure/DigitalOcean/other VPS providers so asked claude to rewrite it with the latter two in mind and remove GCP from the codebase so away it went and did its thing and a few iterations later ProxyGen was born.
Features
The core features of the tooling is that it builds boxes in different cloud providers and the ability to deploy multi hop for added privacy and fun:
- Multi-cloud deployment: AWS, Azure, DigitalOcean (Alpha), Hetzner (Alpha)
- Client management: Add, remove, and configure WireGuard clients when you have multiple or a single cloud provider in place having the ability to register the client easily is an option.
- Multi-hop proxy chains: Create privacy-focused proxy chains with multiple boxes deployed to different providers.
- Cost tracking: Monitor deployment costs across providers because nobody wants to spend an arm and a leg on cloud costs.
- Resource discovery: Automatic cloud resource detection, I wrote a small extension to allow the script to do discovery when different credentials are plugged into it and it'll find instances that have been deployed and allow them to be synced to the deployment machine for inventory management.
Testing and Playing
Now that the tool was fully built, the next logicial steps were to stress test it and actually play about with it, this was met with some weird ethical boundaries as Claude forgot it had built it and claimed it was unethical to run tests to circumvent controls.
Reminding the model it originally wrote the code got past that really quickly and back to playing and testing, something I found interesting in general is if you convince Claude that it wrote the code it'll ignore it's prescribed ethical boundaries very quickly and get back to writing hacks.
Results and Vibes
So the final product, it sort of works but it's not excellent and as a fun project to build in a weekend it was good to test out Claude's capabilities. In addition to ProxyGen I also had Claude help me write two other tools but with baseline code as a seed rather than building from scratch. The first tool was similar to fireprox but for your browser, ProxyForge works with a server component that runs on the laptop and is meant to rotate IP per browser request but I'm still playing about with it as a proof of concept:
ZephrFish
The second was a script I'd already started writing in the form of a Visual Studio Code extension to do VBE decoding on the fly, there are tools that exist for plugging in files and it'll decode them but I wanted a simple extension that would decode files when opened in the app to make it easier to skip through potential files for credentials and other interesting data.
ZephrFishNow all of the above are kind of acute scenarios and the use cases are limited but what can I say, I like writing random side projects and working to get things to help me do my job and various research slightly better.
