As LLMs have become more and more capable, I've found myself consistently missing the mark on estimating how long/complex a certain coding experiment would take. This past weekend I wanted to build a quick POC with a CLI. Within two hours I had a functional demo of everything I hoped to validate.
The scope of this side project was to see if I could successfully login via a CLI command which redirected to the browser, followed by another command to fetch a small amount of data from an API. The API needed to successfully authenticate the user to allow the data to be fetched.
To do this, I created a free account with Auth0, an identity provider (IDP). I leveraged Claude to guide me through the initial setup within the IDP and confirmed that Go would be a good fit for the API/CLI mix. Auth0 also provides a library for the API to easily verify tokens. On the CLI side, the authentication flow was handled with golang.org/x/oauth2 and the standard library, and Cobra was a natural fit for structuring the commands since I'd used it before. Claude also recommended all those dependencies.
I knew I wanted to use an authentication flow that didn't need a secret on the CLI/client side. The AWS CLI demonstrates this approach where a browser redirect allows someone to authenticate via their linked Single-Sign-on IDP (aws sso login). This flow is known as Proof Key for Code Exchange (PKCE), pronounced as "pixie". Without needing to know the full details of the flow, I had a strong plan to provide a coding agent that could demonstrate how it would function.
Implementation was straightforward, with only one adjustment needed in the Auth0 dashboard (authorizing the application to access the API) before it functioned exactly as I had hoped. I had a couple stretch goals, like storing tokens in the operating system's keychain instead of a local file. Once I validated the core flow with file storage, I had Claude Code add keychain support before wrapping up my coding session.
A quick POC like the above can help validate the experience and interface rather than falling victim to analysis paralysis. A recent effort I was involved in gained a lot of momentum when we showed the art of the possible with a vibe-coded demo. With generative AI reducing the cost to experiment, it's easier to gain alignment with your coworkers through higher fidelity demos than only exploring things in theory.
Vibe coding shouldn't be viewed in a negative light if it saves months of debate. "This could have been an email" can instead become "this could have been a demo". Don't let your estimation assumptions prevent you from trying something. The coding agents are well prepared to surprise you.
Top comments (0)