DEV Community: Md Shahriar

Guess Duel: Building a Turn-Based Number Game with PyGame and Amazon Q CLI

Md Shahriar — Thu, 29 May 2025 21:24:04 +0000

Guess Duel is a turn-by-turn, two-player number guessing game that I implemented using PyGame with the help of Amazon Q CLI for the Amazon Q CLI Game Challenge. One player, the Attacker, creates a hidden number using a chosen level of difficulty, while the other player, the Defender, tries to guess the number correctly. The Defender has some health points (HP) and a limited number of opportunities to pass the test. If the Defender guesses the number right, he deflects the attack. If he fails, the attack is successful. There are three levels of difficulty—Easy, Medium, and Hard—and under each of these, the player must survive five increasingly hard levels in order to become the Champion of that level.

I began this project as part of the Amazon Q CLI Game Challenge, where developers are asked to develop games using the Amazon Q Developer CLI and blog about the process. While the actual process of development itself was fun, the setup was harder than it needed to be, especially as a Windows user. Firstly, I had to install WSL (Windows Subsystem for Linux) as CLI installation and setup were intended for a Linux environment. I was new to WSL, so I had to figure out how to enable it under Windows settings, install Ubuntu, and get the terminal up and running. Second, I needed to install Python, pip, and a few required packages in WSL purely to make sure that I could even access the CLI tools.

Later, I encountered another speed bump — I had already installed PyGame on my Windows Python, but when I tried to run the game from WSL, it was not working because WSL did not allow for a GUI. I learned the hard way that GUI libraries like PyGame do not play nice with WSL by default. So I had to switch direction and move everything over to native Windows Python instead. That meant digging up my WSL project files from Windows (\\\\wsl$\\) and running the game from Command Prompt instead of the WSL terminal. It took a couple of tries to get it all configured correctly, but eventually, the Amazon Q CLI and PyGame were playing nice together in the correct environment.

Once the installation was setup, I used Amazon Q CLI to build the foundation of the PyGame application — defining states like the menu, input screens, results viewer, and over screen. The initial version was simple, but Amazon Q CLI made it quite simple to keep adding layer upon layer.

As the game evolved, I kept layering more into the experience. I included a health system for the Defender, turn tracking, and animated result screens. In an effort to give more replayability, I included each of the difficulty modes having five levels where each of these levels becomes increasingly difficult by using larger numbers. For example, in level one, the secret number would be one digit, but by level five it might be a five-digit number. In order to help the players, I have also added a hint system that activates from level three and beyond. The hints provide incomplete information like the starting digit, if the number is above or below a specific mark, or the ending digit. These added enough sophistication without overwhelming the player.

Having Amazon Q CLI handy throughout the whole development process was a huge advantage. Whenever I had to design a new game feature or fix logic bugs, I typed in tight prompts, and it provided me with useful code hints that saved me a lot of time. One of the more complex features that I implemented was the level progression system. This included tracking the current level, resetting game state between levels, and conditionally printing victory messages after a player completed all five levels in a category.

A second problem I ran into was accurately defining both players' roles. Initially, I had called the guesser the "Attacker," but in hindsight, it was more sensible to flip their roles. The person setting the number is really doing the "attack," while the guesser is trying to "defend" by not dying. To do that change improved UI clarity as well as gameplay.

One of the technical issues was getting the PyGame window to be resizable without any of it being obscured or poorly aligned. I had to make sure buttons, text, and graphics resized or repositioned when the window was maximized or resized by the player. Although PyGame does not have layout management like web frameworks, it was difficult to do through calculations with screen size.

As the game progressed, I added small quality-of-life items to enhance the gameplay. There are correct and incorrect answer sounds, music, animated HP bars, and clickable buttons with visual feedback on hover or click. The player has a clear result screen after every round or level, and access to continue, restart, or return to the main menu. After playing all five levels in a category, the player is crowned category champion with a victory screen.

Overall, the project was fun and educational. I learned how to manage game states well in PyGame, how to incorporate user-friendly design with sound and animation, and how to collaborate with an AI tool to produce something end-to-end. Amazon Q CLI enabled me to create features sequentially and iterate quickly, which was ideal for a one-man development project like this. I also found that crafting sharp prompts and thinking thoroughly about my game logic in advance were essential before I could trust Q to sort things out.

This game was submitted to the Amazon Q CLI Game Challenge, which has a pleasant incentive—a T-shirt—for devs who build and release their games for free. But aside from the reward, I'm happy with how far this game progressed and what I've learned in doing it. I'll keep refining it, maybe adding local multiplayer or even turning it into an online game with sockets or a leaderboard at some point.

If you want to view the project, I'll be uploading the source code and gameplay demo shortly. Thanks for reading my story, and I hope it inspires you to try developing a game yourself — and particularly with Amazon Q CLI.
Go through the repo at https://github.com/mds05/Guess-Duel

Public and Private Clouds

Md Shahriar — Tue, 01 Apr 2025 14:17:39 +0000

Cloud computing is the concept of delivering computing resources over the internet by providers to users and organizations, so that they do not need to think about building a physical infrastructure.

Before the invention of cloud computing, the companies had to allocate physical space to own data centers housing servers that were configured with high RAM, CPU, and storage to handle the demands of the organizations. This traditional approach of having on-premises servers is currently referred to as a private cloud. A limitation of this is that the computing resources could not be scaled up or down due to physical space and resource constraints, leading to inefficiencies for companies as they had to install more resources.

To tackle this, companies like Amazon, Microsoft, and others came up with the solution of setting up massive data centers across different regions and allowing companies to rent servers as they required over the internet to host applications, test software, and store data, decreasing the incurring costs of these companies. This approach is referred to as public cloud.

They are set up in different regions to lower the latency of data received by the servers and transmitted to the users. Another advantage is that, let's say the data center in a particular region experiences an outage, many users will be affected, which would result in chaos. To eliminate this, organizations usually deploy across multiple regions so that services can fail over to other regions. A disadvantage with public clouds is that the data stored in the cloud has a risk of being infiltrated.

Although providers are now implementing different security measures, some organizations prefer to use a hybrid cloud model where they use a mix of public and private clouds. The combination allows them to store data on-premises and use other computing resources over the internet as per their convenience.

[Boost]

Md Shahriar — Mon, 31 Mar 2025 13:51:50 +0000

Understanding the Spring Security Architecture

Md Shahriar — Mon, 09 Dec 2024 12:22:57 +0000

Securing applications the proper way has never been more crucial. While there are many options to secure yours. Let me walk you through the Spring Security architecture to help you understand why this could be your go-to framework.

At first, the client sends the HTTP request to the server, which must go through a filter chain called the Security Filter Chain. The filter chain has multiple layers, but we'll focus on just the UsernamePasswordAuthenticationFilter (which is part of the chain). Spring Security's default setting is to use a login form where you'll get a randomly generated password on your terminal, which you need to use to log in.

After you provide your credentials, UsernamePasswordAuthenticationToken is generated with the username and password. This token is passed on to the AuthenticationManager (which is responsible for managing the authentication). It is then passed to one of it's AuthenticationProviders beans(DaoAuthenticationProvider is widely used). The provider handles the authentication logic by verifying the user credentials against a database.

Authentication logic can be complex and requires a class to help fetch user details stored in the database. For that, UserDetailsService is used, which implements the UserDetails interface to load the data.

When the UsernamePasswordAuthenticationToken is validated, it is populated with additional data (for example, the user's granted authorities) and returned to the AuthenticationManager, which then places it in the SecurityContext, wrapped around the SecurityContextHolder. If the application is session-based, the SecurityContext is stored in the HTTP session.

When the client logs out, the authentication object is cleared from the SecurityContextHolder.

Point to be Noted:

When the session is stateless (for example, when using JWT tokens), the security measures are handled differently. Most of the authentication process is similar except the fact that stateless authentication doesn't rely on server side sessions.