Coding - me & Claude pt 4

I have done something I didn't think I would have to do.

I thought, if I were pairing programming with Claude code, that I would be developing features so quickly that I would never need to implement 'feature flags' in the codebase.

In reality, it was easy to code, but it was significantly harder to make secure.

The 'Analyse your round' feature is an AI-powered interactive, question-and-answer session to help a golfer diagnose their biggest issue (for example, too many 3 putts), and suggest actions and drills to improve.

I used the naive implementation (storing the API key in config) to finesse the user journey, but I knew this would expose the API key client-side. To be fair to Claude, it did warn me of the consequences of this approach but perhaps the tooling needs to recognise that non-programmers are creating products now.

The 'feature flag' prevented me from blocking my own pipeline so smaller, quicker and easier changes could be deployed without the security flaw.

As 'luck' would have it, there are already reports of companies being defrauded because they've exposed API keys.

⛳ Where does responsibility for security lie?

⛳ Is it 'you did it, you own it' when things go wrong?

⛳ Is this making the internet ripe for fraud? Or more so?

Arguably the responsibility sits with the 'programmer' but my feeling is that the tooling companies definitely have some responsibility.

⛳ 🏌‍♀️ 🎉 #ClaudeCode #RN #AppDevelopment #SecureByDesign