We maintain HailBytes GoPhish, a fork of the open-source phishing simulation toolkit. We wanted to add a bunch of enterprise features (MFA, SSO, encryption at rest, audit logging, white-labeling) and honestly didn't have the bandwidth to do it the traditional way.
So we tried something different. Claude Code is now our most prolific contributor.
The Setup
GoPhish is kind of a pain to work on. Go backend, JavaScript frontend, systemd services, bash deployment scripts, SQL migrations, webpack. When you touch one thing, you often need to touch five others.
We had a feature list that would take a small team months. We have... not that.
What It Actually Looks Like
Here's a real morning:
$ claude
> Fix the bootstrap script killing gophish before migrations complete
Claude reads the bash scripts, traces the systemd dependency chain, finds the race condition, fixes it, commits. Done.
commit cd29bc7
Author: Claude <noreply@anthropic.com>
Fix bootstrap killing gophish before migrations complete
That's it. That's the workflow.
Some Real Examples
Service debugging:
> Fix Linux services not starting after VM image restart
Claude traced through the systemd units, found the missing dependencies, fixed the boot sequence.
Frontend bugs:
> Fix privacy settings not saving due to deprecated jQuery methods
Our jQuery upgrade broke .attr() on checkboxes (should be .prop()). Claude found all the occurrences and fixed them.
Big refactors:
> Update bootstrap script with patterns from cloud_tools and scripts
666-line diff. Network waiting, readiness checks, state file tracking, proper error handling. One commit.
What Actually Works
- Describe the problem, not the solution. "Fix the bug where X happens" beats "change line 47 to Y"
- Let it explore. Claude reads related files and often finds issues you didn't know about
- Review the diff. It commits with clear messages. You review, test, merge
- You still own the final call. We run tests and do manual QA. Fast doesn't mean careless
What Surprised Us
The bash scripts. We expected Claude to be good at Go and JavaScript. We didn't expect it to nail systemd services and deployment scripts. It gets the whole stack.
Cross-cutting changes too. Adding SSO touched Go handlers, SQL migrations, JavaScript, CSS, docs. Claude handled the full vertical.
And bug hunting. "The sidebar is pushing down the main content" and Claude reads the CSS, finds the position: fixed conflict, fixes it, explains why.
The Numbers
From our recent git log:
- 15 Claude-authored commits in the last two weeks
- Changes across Go, JavaScript, Bash, SQL, CSS, systemd
- Features enterprise customers are paying for
Try It
If you maintain an open-source project and your issue backlog haunts you:
npm install -g @anthropic-ai/claude-code
cd your-project
claude
Start with a real bug. Something annoying that's been sitting there forever. See what happens.
We're HailBytes. We build security tools for pentesters and security awareness teams. GoPhish 0.14.2 ships this month.
What's your experience using AI on real projects? I'm curious what's working for people.
Top comments (0)