I used iTerm2 for years, then switched to Ghostty last year after hearing it played nicer with AI tools. I’ve also been using Warp for certain scenarios. Recently I had some time to put all of them side by side for a proper comparison — and I dragged the built-in Terminal.app along for the ride.

TL;DR: There’s No Perfect Answer

Let me just say it upfront: no single terminal is the “optimal choice” for AI coding. Each has its strengths and pain points, and the best pick depends on your habits and specific use case. Here’s a rough positioning of the four:

graph LR
    subgraph Traditional Terminal
        A["Terminal.app<br/>Lightweight · Zero Config · Limited Features"]
        B["iTerm2<br/>Feature Rich · Scrollback · Mature Ecosystem"]
    end
    subgraph Next-Gen Terminal
        C["Ghostty<br/>GPU Rendering · Performance First · Still Maturing"]
        D["Warp<br/>AI Native · Built-in Assistant · Multi-Model"]
    end
    A --->|"Upgrade"| B
    B --->|"Performance Focus"| C
    B --->|"AI Integration Focus"| D
    style A fill:#e0e0e0,color:#666
    style B fill:#4CAF50,color:#fff
    style C fill:#2196F3,color:#fff
    style D fill:#FF9800,color:#fff

Terminal.app: It Works, But Don’t Push It

macOS’s built-in Terminal.app is like the Notes app on your phone — technically capable of everything, but not something you’d use for serious work.

The biggest dealbreaker is no Shift+Enter support. When running Claude Code, multi-line input is essential, but Terminal.app can’t distinguish Shift+Enter from Enter due to underlying VT terminal protocol limitations (a gap that dates back to 1978). You can work around it with Option+Enter, but that requires manual keyboard configuration. On top of that, there are no desktop notifications, emoji rendering has character overlap issues, and TUI rendering is rough. The official Claude Code terminal setup guide also acknowledges these limitations.

Bottom line: Fine for occasional use. Not recommended as your daily driver for AI agents.

iTerm2: The Veteran’s Edge

iTerm2 is the terminal I’ve used the longest, and I’ll admit there’s some sentimental attachment. For AI coding specifically, it has one killer feature that nobody else offers: alternate screen scrollback.

Here’s what that means. Claude Code takes over the entire terminal screen when it runs (alternate screen mode). Most terminals don’t let you scroll back through history in this mode. But iTerm2 has a “Save lines to scrollback in alternate screen mode” option. Enable it, and you can scroll up through previous AI output at any time. When a long conversation produces hundreds of lines of code changes, this feature is a lifesaver.

That said, I have to be honest — I did experience terminal lag and scroll flickering when running Claude Code on iTerm2 before. Especially when the AI was dumping large blocks of output, there would be noticeable delays. I’m not sure whether iTerm2 fixed this or Claude Code optimized on their end, but going back to test it now, things are noticeably better than before.

iTerm2 also has a split panes advantage. One of my go-to workflows is running Claude Code on the left generating code while Codex reviews on the right. iTerm2’s split panes combined with tmux work beautifully. If you want to try this kind of parallel workflow, iTerm2’s tmux integration is currently the best in class.

Best for: Users who prefer traditional terminal workflows, need robust scrollback, and do multi-window parallel development.

Ghostty: Performance Beast, Still Being Polished

I switched to Ghostty after hearing it was better adapted for AI tools. After several months of use, here’s the honest take: the performance advantage isn’t particularly noticeable in day-to-day use. Ghostty’s official claim is 2ms key-to-screen latency (vs. ~12ms for iTerm2), but human eyes simply can’t tell the difference.

What actually sold me on Ghostty is that the lag and scroll flickering I experienced on iTerm2 never occurred on Ghostty. Whether that’s because Ghostty’s GPU rendering (Metal-based) is genuinely more robust, or because I happened to benefit from Claude Code’s own optimizations, the experience does feel smoother.

But there’s one issue I have to flag: when doing SSH remote development, if the session disconnects and reconnects, the terminal enters a broken state — mouse clicks produce garbage characters, and you have to run reset to recover. This is pretty annoying when running AI agents on remote machines for extended periods.

Also worth noting: Ghostty had a severe memory leak issue reported previously — opening multiple Claude Code windows could cause memory usage to balloon past 70GB. The good news is this was fixed in v1.3, so if you’re on an older version, update immediately.

Ghostty also has some known compatibility quirks, such as Ctrl+A/E readline shortcuts not working in Claude Code (because Ghostty uses the Kitty keyboard protocol), and the numpad Enter key producing strange characters. But these are the kind of things you learn to work around after encountering them once.

Best for: Users who want smooth rendering, can’t stand terminal lag, and don’t mind the occasional rough edge.

Warp: AI-Native, But a Bit Awkward for AI Agents

Warp is the most distinctive of the four — it’s not a traditional terminal with AI bolted on; it was designed from the ground up with AI as a first-class priority. The built-in AI assistant is genuinely useful, especially when you can’t remember command flags. Just describe what you want in natural language — way faster than digging through man pages.

But one thing that puzzles me: the transition between Warp’s own AI agent mode and normal command mode isn’t particularly smooth. When you’re in the middle of an AI conversation in Warp and want to switch back to normal terminal operation, or vice versa, there’s always a brief moment of confusion — who exactly am I talking to right now?

Running Claude Code in Warp also has compatibility issues. Warp’s block-based UI and Claude Code’s TUI occasionally conflict: community members have reported that long, high-load sessions cause Warp to completely freeze, and some have even hit Rust-level crashes. On the positive side, Warp offers an official Claude Code integration package, showing they’re actively working on these problems.

Best for: Users who frequently need AI help recalling command syntax and want an “out-of-the-box” AI experience. Not ideal for heavy, sustained Claude Code usage.

Comparison at a Glance

My Setup

Right now I’m running Ghostty as my primary terminal, with Warp as a secondary. Daily Claude Code and Codex sessions go through Ghostty — stable and fast. When I occasionally need AI help with complex system commands, I switch to Warp where the built-in AI assistant is more convenient.

But that’s just my workflow. If you value being able to scroll back through AI output history, iTerm2 might suit you better. If you just want to install a terminal and start working without any configuration, Warp’s out-of-the-box experience is genuinely the best.

Terminals are like the editor wars — the one that feels right is the right one. Picking a terminal that makes communication between you and your AI agent as smooth as possible matters more than obsessing over benchmarks. If you’ve had a different experience or found a better combination, I’d love to hear about it in the comments.

This article is based on the latest versions of each terminal as of April 2026. Terminal apps update frequently, and some issues mentioned may already be fixed in newer releases. If you’re also tuning your AI coding workflow, you might want to check out my earlier post From One Week to Half a Day: A Deep Dive into AI Programming Workflows.

Twenty Volunteers for Five Residents

Some background first. A friend had mentioned this place to me before — it’s right near Yishun MRT, about a four-to-five minute walk. He said it’s mostly just chatting with the elderly, playing small games, that sort of thing. Sounded good, so I signed up for a Saturday session.

When I got there, reality hit: over twenty volunteers had shown up. There were only five or six elderly residents.

I stood at the entrance for a moment, thinking the ratio was absurd. The space itself wasn’t large — just three long tables. One had UNO going, another had Jenga, and the third had… how do I describe it… magnetic fishing. You know, the kids’ toy where little plastic fish open and close their mouths and you try to catch them with a tiny magnetic rod. I watched for a while and honestly felt a bit awkward — not because of the residents, but because the game itself was mind-numbingly boring. The elderly didn’t seem particularly into it either, but there was a ring of volunteers around them clapping and cheering. The whole scene was a bit surreal.

(Side note: I later learned that the game supplies are the same every time. They just rotate through the same handful of activities.)

The People in the Hallway

With nothing to do in the activity room, I stepped outside for a walk around.

That changed my mood. In the hallways, quite a few elderly residents sat quietly — mostly Chinese residents, not talking. Some were on IV drips, with caregivers wheeling the stands past them. Many of the caregivers were Indian, and the residents spoke Hokkien or Mandarin while the caregivers spoke English or Tamil. Basically everyone was in their own world, minimal interaction. One elderly person smiled at me. I didn’t know what to say, so I smiled back and kept walking.

In any case, that walk around the hallways hit harder than watching people fish for plastic fish.

Meeting Two People

The morning passed like that. After lunch, the elderly had mostly gone back to their rooms, and the twenty-odd volunteers were left standing around with nothing to do.

That’s when I noticed the two guys next to me were also just standing there. We started chatting and discovered they were first-timers too. Both worked in commodities trading — one in iron ore, the other in agricultural futures. The kind of people I’d never cross paths with in my normal life.

Once we got going, we couldn’t stop. From about 1 PM to past 4 PM, we talked about everything: our industries, families, the various pitfalls of getting kids into school in Singapore, PR applications — that last topic alone was an endless rabbit hole, with everyone having a pile of stories. It’s funny, really. Everyone’s anxieties are basically the same — immigration status, children’s education, career development — just replayed in different industries.

When we left, we exchanged WhatsApp and WeChat contacts. The plan is to coordinate before the next session instead of each signing up separately and bumping into each other by chance.

Everyone’s Here to Log Hours

Let’s address the elephant in the room. Most people who volunteer here have more or less the same motivation — apparently community service hours can help boost your PR application score, and a single day here counts as seven hours. Great ROI. That’s how you end up with twenty-plus volunteers competing to play Jenga with five elderly residents.

I had the same consideration. No point pretending otherwise. But the way I see it, even if everyone’s here to log hours, people did show up. The elderly did have company today, awkward as the experience might have been.

The real value of this kind of volunteering might not be what you do for the residents, but the people you meet who you’d never encounter otherwise. Everyone shows up for roughly the same reason, and somehow, genuine conversations happen.

I’ll probably go again. We’ve already made plans, after all.

On today’s internet, making payments — especially micropayments or automated payments driven by AI agents — is riddled with friction. Traditional payment methods are expensive, slow to settle, and burdened with complex flows that require account registration, credit card binding, and manual authorization. This has become a massive obstacle to the growth of the AI-driven automated economy.

x402 was created to solve these pain points. You might think x402 sounds like the most boring technology you’ll ever encounter, but the possibilities it unlocks are where things get truly exciting. It cleverly revives the long-reserved, nearly forgotten 402 Payment Required status code from the 1997 HTTP/1.1 specification. This isn’t an entirely new idea — industry pioneers like Marc Andreessen and Brian Armstrong have tried to build native payments into the internet’s foundation layer — but only now have the enabling technologies (like stablecoins) and the demand (like AI agents) truly matured. At its core, x402 is “an open standard for internet native payments.” It aims to make money flow as seamlessly, instantly, and cheaply as data does. This guide breaks down x402’s core payment flow step by step, giving you a clear and solid technical understanding.

Before diving into the specific steps, let’s meet the four key participants in the x402 ecosystem.

2. Core Concepts: The Four Key Roles

A complete x402 payment interaction involves four core entities working together, each playing an indispensable role.

Client: An entity wanting to pay for a resource — for example, an AI agent or a web application.

Resource Server: An HTTP server that provides protected resources (such as APIs, web content, or files) and requires payment before granting access.

Facilitator Server: A third-party service that helps resource servers verify and settle on-chain payments, dramatically simplifying server-side integration by eliminating the need to interact directly with blockchain nodes or wallets.

Blockchain: The ultimate trust ledger, responsible for recording and confirming payment transactions, ensuring immutability and finality.

Now that we know the cast, let’s walk through a complete request lifecycle and see how these roles interact step by step to complete a payment.

3. The Core Payment Flow: A Complete x402 Interaction (12 Steps)

The entire payment flow is carefully designed as a series of standard HTTP interactions, ensuring universality and ease of integration. Notably, if the client has already cached the resource’s payment requirements, steps 1 and 2 are optional, which can further improve efficiency.

Here is the full 12-step breakdown:

1. Client → Resource Server: Initial Request The client (e.g., an AI agent) sends a standard HTTP GET request to the resource server’s protected endpoint (e.g., /api), hoping to retrieve a resource.
2. Resource Server → Client: 402 Payment Required Response The resource server detects that the request contains no valid payment information and rejects it. It returns a 402 Payment Required status code with a JSON body detailing the accepted payment methods, amounts, and receiving addresses.
3. Client: Creates Payment Payload The client parses the server’s payment requirements, selects a payment method it supports, and constructs a payment payload containing signed authorization and other details.
4. Client → Resource Server: Retry with Payment The client sends another request to the same resource endpoint. This time, it includes the payment payload from the previous step via a custom X-PAYMENT HTTP header.
5. Resource Server → Facilitator: Request Payment Verification The resource server doesn’t handle complex on-chain verification itself. It forwards the client’s payment payload along with its own payment requirements to the facilitator server’s /verify endpoint.
6. Facilitator → Resource Server: Verification Result The facilitator server performs cryptographic verification of the payment payload based on the specified scheme and network, then returns the result (valid or invalid) to the resource server.
7. Resource Server: Processes the Valid Request If verification passes, the resource server begins executing the core work for the request (e.g., querying a database, generating a report). If verification fails, it returns a 402 error and the flow terminates.
8. Resource Server → Facilitator: Request Payment Settlement After preparing the final response data, the resource server sends a request to the facilitator server’s /settle endpoint, asking it to actually settle the verified payment on the blockchain.
9. Facilitator → Blockchain: Submit Transaction The facilitator server broadcasts the payment transaction to the appropriate blockchain network (e.g., submitting a USDC transfer to a smart contract).
10. Blockchain: Confirms the Transaction The blockchain network processes the transaction and, once confirmed, records it on-chain, completing the final transfer of funds.
11. Facilitator → Resource Server: Settlement Confirmation The facilitator server waits for blockchain confirmation. Once complete, it returns a success response to the resource server containing the transaction hash (txHash) and other details.
12. Resource Server → Client: Returns the Resource Upon receiving the settlement confirmation, the resource server returns a 200 OK response to the client. The response body contains the originally requested resource, while the X-PAYMENT-RESPONSE header carries settlement details (such as the transaction hash), closing the payment loop.

Now that you understand the complete interaction flow, let’s take a closer look at the key data structures passed during these steps — the payment requirements and the payment payload.

4. Key Data Structures

Information exchange in the x402 protocol relies on two core JSON data structures.

1. The 402 Response Body: Payment Required Response

When the server returns a 402 status code, the response body contains a JSON object that tells the client how to pay.

{
  "x402Version": 1,
  "accepts": [
    {
      "scheme": "string",
      "network": "string",
      "maxAmountRequired": "string",
      "resource": "string",
      "description": "string",
      "mimeType": "string",
      "outputSchema": {},
      "payTo": "string",
      "maxTimeoutSeconds": 60,
      "asset": "string",
      "extra": {}
    }
  ],
  "error": "string"
}

The table below explains the most important fields:

2. The X-PAYMENT Request Header: Payment Payload

The X-PAYMENT custom HTTP header carries the payment information. Its value is the Payment Payload JSON object, which has been encoded into a Base64 string.

{
  "x402Version": 1,
  "scheme": "string",
  "network": "string",
  "payload": "<scheme dependent>"
}

• scheme: Defines the payment logic, which is what makes x402 so flexible. For example, the exact scheme is used for one-time, exact-amount payments (like paying $0.25 to read a news article), while a theoretical upto scheme could support dynamic, usage-based pricing (like paying based on the number of tokens an LLM generates).
• network: Specifies which blockchain the payment will be executed on. The combination of scheme and network together determines the specific implementation for payment verification and settlement.

With these technical details covered, let’s look at what x402 actually means for developers and the future of internet applications.

5. What This Means for Developers: Core Advantages Unlocked by x402

x402 isn’t just a technical specification — it gives developers powerful capabilities for building next-generation internet applications, especially AI applications.

• Dramatically Simplified Integration Developers can add payment functionality to their services with minimal effort. In the simplest case, a single line of middleware configuration is all it takes to start accepting digital dollar payments. This is possible because the protocol abstracts away complex blockchain interactions — issues like gas fees and RPC node management are all handled by the facilitator server.
• Enabling AI Agents and Micropayments Traditional payment systems, with their high fixed fees and friction, make sub-dollar microtransactions virtually impossible. With its low cost and instant settlement, x402 makes it practical for AI agents to autonomously pay for API calls (e.g., a few cents per request) or for users to pay per article. This unlocks entirely new business models, letting us move beyond rigid subscription plans toward truly granular, pay-per-use content and API consumption.
• An Open and Neutral Standard x402 is an open protocol, agnostic to chains and tokens, with no dependency on any single centralized provider. Developers can freely choose the blockchain and assets that best fit their business, avoiding platform lock-in and ensuring long-term flexibility and security.

6. Summary and Next Steps

x402 is an open protocol built on top of HTTP, purpose-designed for AI and machine-native payments. By reviving the long-dormant 402 status code, it creates a unified, frictionless value layer for the internet. This isn’t just a technical upgrade — it’s about the shape of the future internet economy. According to A16Z, by 2030, agentic commerce could create a payment market worth up to $30 trillion. x402 is the infrastructure being built to meet that future.

Through this guide, you’ve gained a solid understanding of x402’s core interaction flow and key concepts. Now is the perfect time to start building. We encourage you to visit the official resources, explore sample code and deeper technical specifications, and begin your journey into internet-native payments.

• Official documentation and whitepaper: x402.org
• Open-source code and specification: GitHub - coinbase/x402

A First Taste of Unified Memory Architecture on PC

When you hear “unified memory architecture,” Apple’s M-series chips probably come to mind first. Since the M1, Apple has been touting the advantages of having the CPU and GPU share a single memory pool — no more shuttling data back and forth. Having used an M1 MacBook myself, I can confirm the smoothness and battery life gains are real.

What I didn’t expect was AMD pulling the same move with the AI Max+ 395. This chip packs 16 Zen 5 CPU cores, 40 RDNA 3.5 GPU compute units, and a 50 TOPS XDNA 2 NPU. But the real showstopper? It supports up to 128GB of quad-channel LPDDR5X-8000 memory, with a whopping 96GB available as VRAM.

This reminds me of my days running an AMD R3900 desktop. AMD’s multi-core performance has always been solid, but back then you still needed a discrete GPU. And AMD’s high-performance APU lineup was always pretty conservative — mostly entry-level stuff. It looks like they’ve finally figured out the high-end APU game.

The Golden Age of Mini PCs

I went on a shopping spree (window shopping, at least) and found several manufacturers already shipping AI Max+ 395-based mini PCs. Here are the standouts:

GMKtec EVO-X2

• Price: Around ¥14,999 (~$2,050 USD)
• Memory: 64GB or 128GB LPDDR5X-8000 options
• Storage: 1TB or 2TB PCIe 4.0 SSD
• Marketing claim: “World’s first Windows 11 AI+ PC capable of running 70B models” — sounds impressive

Beelink GTR9 Pro

• Price: Around ¥12,999 (~$1,799 USD)
• Memory: Maxed out at 128GB
• Marketing claim: Can run DeepSeek 70B locally
• AI performance: 126 TOPS — a compelling number

Minisforum MS-S1 MAX

• TDP: Supports 160W (more headroom than competitors’ 120-140W)
• Form factor: 2U rackmount design with PCIe x16 expansion slot — solid expandability
• Connectivity: Among the first devices worldwide to support USB4 V2 (80Gbps)

graph TD
    A[AMD AI Max+ 395] --> B[16-Core Zen 5 CPU]
    A --> C[40CU RDNA 3.5 GPU]
    A --> D[50 TOPS NPU]
    A --> E[128GB Unified Memory]

    E --> F[CPU Compute]
    E --> G[GPU Rendering / AI Inference]
    E --> H[NPU AI Acceleration]

    style A fill:#ff6b6b
    style E fill:#4ecdc4

The Value Showdown Against Mac Studio

When it comes to local LLM inference, Apple’s Mac Studio is the elephant in the room. The top-spec M3 Ultra version can be configured with up to 512GB of unified memory, making it a beast for running the largest models.

But then you look at the price, and your wallet starts weeping. A 512GB Mac Studio M3 Ultra runs over ¥70,000. Compare that to an AMD AI Max+ 395 mini PC at ¥10,000-20,000, and the price gap is staggering.

Let’s break it down:

Mac Studio M3 Ultra strengths:

• Absurdly large memory ceiling (up to 512GB)
• Mature ecosystem with deep optimizations
• Best-in-class power efficiency (under 200W running DeepSeek R1)
• 800GB/s memory bandwidth — blazing fast

AMD AI Max+ 395 strengths:

• Unbeatable price-to-performance ratio
• Better Windows ecosystem compatibility
• More upgrade flexibility (some models allow user-replaceable memory and storage)
• Crushes Intel’s offerings in AI workloads (up to 12x faster on certain models!)

What the Community Is Saying

I spent some time lurking on Reddit and V2EX to see what people actually think. The discussions tend to cluster around a few themes:

The enthusiastic crowd:

• “Finally, I can run 70B models locally without selling a kidney!”
• “This is the first time unified memory architecture has shipped at scale on PC — AMD is killing it!”
• “Compared to paying for cloud API inference, local deployment is both more private and cheaper. No-brainer.”

The skeptics:

• “What’s the actual inference speed with real-world models?”
• “Can the thermals and power delivery really handle sustained loads?”
• “Will the software ecosystem keep up?”

On the Level1Techs forum, one user shared their experience with the GMKtec EVO-X2, reporting that they tested various LLMs using LM Studio and Ollama and were quite satisfied with the performance.

A New Era for Local AI Inference

From a technology perspective, the AMD AI Max+ 395 is genuinely a milestone. It proves that unified memory architecture isn’t Apple’s exclusive domain — the PC ecosystem can deliver equally impressive results.

For those of us running local LLM inference, this is fantastic news. While it may not match the absolute peak performance or memory capacity of a maxed-out Mac Studio, the value proposition and practicality are compelling enough.

This is especially significant for small businesses and individual developers. Spending ¥10,000-20,000 to deploy 70B models locally was unthinkable just a short while ago. No data privacy concerns, no agonizing over API token costs, and excellent performance for long-context workloads.

My Decision Dilemma

The choice in front of me is genuinely difficult:

1. AMD AI Max+ 395 Mini PC: ¥10,000-20,000, incredible value, but a lower performance ceiling
2. Mac Studio M3 Ultra 512GB: Unmatched performance, but that ¥70,000+ price tag stings

flowchart TD
    A[My Needs Analysis] --> B{Primary Use Case?}
    B -->|7B-32B Models| C[Mostly Daily Use]
    B -->|70B Models| D[Occasional Testing]

    C --> E{Budget Considerations}
    D --> E

    E -->|¥10-20K| F[AMD AI Max+ 395<br/>Mini PC]
    E -->|¥70K+| G[Mac Studio<br/>M3 Ultra 512GB]

    F --> H[✅ Great Value<br/>✅ Sufficient<br/>❌ Lower Performance Ceiling]
    G --> I[✅ Powerful Performance<br/>✅ Ample Memory<br/>❌ Painfully Expensive]

    H --> J{¥50K Price Difference}
    I --> J

    J --> K[Could Buy Several<br/>Generations of New Hardware!]
    K --> L[Leaning Toward<br/>AMD Option]

    style F fill:#e1f5fe
    style G fill:#fff3e0
    style L fill:#e8f5e8

After thinking it through, my daily workload mostly involves 7B to 32B models, with 70B being an occasional experiment. The AMD option should more than cover my needs. And that ¥50,000+ I’d save? That’s enough to upgrade hardware for several generations.

Looking back at my experience with the Mac M1 and AMD R3900, AMD’s performance has always been rock-solid, and their power efficiency has improved considerably. If the AI Max+ 395 strikes the right balance between performance and thermals, it’ll be a no-brainer.

Final Thoughts

Technology keeps surprising us. A few years ago, who would have imagined casually running models with tens of billions of parameters on a desktop? The AMD AI Max+ 395 has truly brought local AI inference to the masses.

It may not be the absolute performance champion, but at this point in time, it’s a godsend for anyone who values bang for their buck. The true measure of technology isn’t just pushing boundaries — it’s making the benefits of progress accessible to everyone.

As for my final decision? I’ll probably wait a bit longer to see real-world user feedback and how the software ecosystem develops. After all, buying hardware isn’t just about specs — the overall experience is what matters most.

What are your thoughts on local LLM inference? Or do you have experience with AMD AI Max+ 395-based products to share? Feel free to discuss in the comments.

Development Environment and Tech Stack

• Core Tools:
  • VSCode + Devcontainer (Docker-isolated environment)
  • Claude Code plugin + OpusPlan mode
  • Testing frameworks: Jest (frontend) + Hardhat (contracts)
  • Version control: Git with Conventional Commits
• Hardware/Software Setup:

OS: macOS / Docker Engine VSCode Extensions:

• Dev Containers

• Claude Code

• Cost-Benefit Analysis:
  • Claude Max subscription ($100/month)
  • Project timeline reduction: feature development from 7 person-days to 0.5 person-days
  • Error rate reduction: 60% fewer production bugs

1. Security Isolation: Devcontainer in Practice

The Problem: While executing AI-generated on-chain operations, a curl | bash pipeline once polluted the workspace with temporary files.

The Solution:

// devcontainer.json key configuration
{
  "image": "mcr.microsoft.com/devcontainers/javascript-node:18",
  "features": {
    "ghcr.io/devcontainers/features/docker-in-docker:1": {}
  },
  "remoteUser": "node",
  "workspaceMount": "source=${localWorkspaceFolder},target=/workspace,type=bind",
  "workspaceFolder": "/workspace"
}

Security Comparison:

Pro Tip: Use docker run --rm -it -v $(pwd):/safe_workspace to create a temporary sandbox for running high-risk AI commands.

2. Plan Mode: From Requirements to Architecture

EVM Signing Feature Development Example:

1. Requirements Input:

/model OpusPlan
Implement EVM-compatible EIP-712 signature verification:
- Frontend: React form to collect signature parameters
- Contract: Solidity verifier with batch review support
- Type safety required (TypeScript)

1. AI-Generated Design:

graph LR
A[Frontend Components] --> B[Signing Service Layer]
B --> C[Contract Interaction Layer]
C --> D[Verification Contract]
D --> E[Event Logs]

1. Manual Refinements:
   • Issue: AI didn’t account for gas optimization
   • Improvement: Added batch verification design pattern
   • Result: 40% reduction in gas costs

Design Review Checklist:

• Is the layered architecture clean?
• Is error handling comprehensive?
• Are cross-component dependencies decoupled?
• Has critical path performance been evaluated?

3. TDD-Driven Development: Smart Contract Example

Requirement: Implement a deposit contract with reentrancy attack protection

TDD Workflow:

1. Write test cases first:

// test/Reentrancy.test.ts
describe("Secure Withdrawal", () => {
  it("should block reentrancy attacks", async () => {
    const attacker = await deployAttackerContract();
    await expect(attacker.attack())
      .to.be.revertedWith("ReentrancyGuard: reentrant call");
  });

  it("should allow normal withdrawals", async () => {
    await contract.withdraw(validAmount);
    expect(await balanceOf(user)).to.equal(initBalance - validAmount);
  });
});

1. AI generates the contract code:

// contracts/SecureWithdraw.sol
import "@openzeppelin/contracts/security/ReentrancyGuard.sol";

contract SecureWithdraw is ReentrancyGuard {
  mapping(address => uint) balances;

  function withdraw(uint amount) external nonReentrant {
    // Validation logic
    balances[msg.sender] -= amount;
    (bool success, ) = msg.sender.call{value: amount}("");
    require(success);
  }
}

1. Key improvements:
   • Added OpenZeppelin’s ReentrancyGuard
   • Set withdrawal limits as a safety measure
   • Gas optimization: 23,421 to 18,759

4. Atomic Commit Discipline

Git Workflow Optimization:

# Commit convention templates
feat: add EIP-712 signature verification frontend component
fix: fix signature expiration time validation logic
refactor: optimize contract gas consumption structure

Commit Strategy Comparison:

Real-World Example: When fixing a signature encoding bug, I used git revert 4a3b2c1 to precisely roll back the problematic commit, saving 2 hours of development time.

Productivity Analysis

Time Distribution Comparison:

ROI Analysis:

• Claude subscription cost: $100/month
• Time savings value: $1,500/month (at $50/hr)
• ROI: 1,500%

Conclusion: A New Paradigm for Human-AI Collaboration

Through the systematic application of:

1. Security-isolated containers
2. Design-first planning
3. Test-driven development
4. Atomic commit discipline

AI shifts the development focus from syntax implementation to architecture design, allowing developers to concentrate on value creation:

• 50% deeper requirements analysis
• 70% fewer code quality defects
• 2x increase in innovative solution output

AI-powered programming is here to stay. Mastering the right collaboration methods is what makes the difference. I hope these practices bring meaningful improvements to your development workflow.

From GitHub Copilot to Cursor to the Claude Code I’m using now, I’ve watched AI coding tools evolve at a breakneck pace. Honestly, I was a bit resistant at first – I kept thinking these tools would make me “lazy.” But after using them for a while, I realized the issue isn’t the tools themselves. It’s about how we redefine our own value.

Micro-Level Gains, Macro-Level Concerns

As a security engineer, I review large volumes of code every day. The most obvious change over the past couple of years? Code quality at the micro level has become much more consistent.

I used to see all kinds of sloppy practices: variable names chosen on a whim, inconsistent indentation, exception handling skipped wherever possible. Those basic issues are far less common now – AI is genuinely good at enforcing code conventions.

But new problems have emerged. The most typical one is overly defensive programming. I’ve seen plenty of AI-generated code that wraps everything in try-catch blocks, catching every conceivable exception. On the surface it looks “safe,” but in reality it buries the errors that actually matter.

graph TD
    A[AI-Generated Code] --> B{Exception Handling Strategy}
    B --> C[Excessive try-catch]
    B --> D[Reasonable Exception Handling]
    C --> E[Masks Real Errors]
    C --> F[Hard to Debug]
    D --> G[Errors Surface Promptly]
    D --> H[Easy to Debug]

    style C fill:#ffcccc
    style E fill:#ff9999
    style F fill:#ff9999
    style D fill:#ccffcc
    style G fill:#99ff99
    style H fill:#99ff99

Once, while debugging a production issue, I spent most of a day before discovering that a database connection failure had been silently swallowed. The error logs looked perfectly calm, while the business logic had gone completely off the rails. That kind of “thoughtful” exception handling is a debugging nightmare.

What’s even more concerning is the explosion in code production speed. What used to take a week to develop can now be done in half a day. Sounds great, right? The problem is that review can’t keep up. Human cognitive bandwidth hasn’t increased just because AI arrived – yet we’re expected to digest far more code in far less time.

New Rules for the Interview Game

Speaking of changes, the most interesting shift is in hiring.

Many companies are struggling with a question: how do you prevent candidates from “cheating” with AI during remote interviews? Some require dual-camera monitoring, others have scrapped online interviews entirely. It’s exhausting for everyone involved.

I think the premise is wrong. Instead of trying to ban AI, just tell candidates: you can use any AI tool you want.

Being able to use AI effectively is a skill in itself – why fight it? The key is to change what you’re evaluating. Traditional algorithm puzzles and textbook trivia are easy for AI to “crack.” But if you ask a candidate to design a system architecture on the spot, or explain why they’d handle a specific business scenario a certain way – how much can AI really help with that?

graph LR
    A[Traditional Interview] --> B[Algorithm Problems]
    A --> C[Textbook Trivia]
    A --> D[Handwritten Code]

    E[AI-Era Interview] --> F[System Design]
    E --> G[Architectural Thinking]
    E --> H[Problem-Solving Ability]
    E --> I[AI Collaboration Skills]

    B --> J[Easily Replaced by AI]
    C --> J
    D --> J

    F --> K[Hard to Replace with AI]
    G --> K
    H --> K
    I --> K

    style A fill:#ffeeee
    style E fill:#eeffee
    style J fill:#ffcccc
    style K fill:#ccffcc

This raises the bar for interviewers too. You can’t just memorize a few algorithm problems and call yourself qualified to interview. You need to genuinely understand the business, the architecture, and engineering practices to design questions with real differentiation.

From Code Worker to AI Commander

So in the midst of all this change, what are a programmer’s actual core skills?

My answer: shift your focus from code details to learning how to direct AI.

Think of AI as a highly capable programming assistant you’ve hired. It’s talented, but it needs clear instructions and ongoing guidance. Your value is no longer in writing every line of code yourself – it’s in:

1. Architectural Thinking

The work that used to be reserved for architects now needs to be understood by every engineer. You need to decompose complex business requirements into clean modules, design sensible interfaces, and plan extensible structures. AI can implement the details, but the architectural blueprint is still yours to draw.

2. Requirements Understanding and Translation

AI struggles with the subtext behind business requirements. When a client says “I need a user management feature,” what specific scenarios does that cover? What are the edge cases? What security considerations are involved? A human has to sort through all of that and translate it into something actionable.

3. Quality Control and Risk Identification

As I mentioned with the exception handling example, someone needs to review AI-generated code. Where are the potential pitfalls? Could there be performance issues? Are the security boundaries clear? This kind of judgment is something AI can’t replace.

4. Engineering Practices

How should CI/CD be designed? What’s the testing strategy? How should code be organized? How do you optimize the deployment pipeline? These core software engineering skills haven’t diminished in importance – if anything, they’ve become more critical than ever.

AI Is a Stepping Stone, Not a Replacement

A lot of people worry that AI will make programmers obsolete. I don’t think that concern holds up.

Every major technological shift in history has triggered similar fears. From assembly to high-level languages, from command lines to IDEs, from manual deployments to automated operations – every time, someone predicted the end of programmers. What actually happened? The software industry kept booming, and demand for developers kept growing.

AI coding tools are fundamentally a productivity upgrade. They free us from low-value repetitive work and give us the opportunity to focus on more creative, more challenging problems.

graph TD
    A[Programmer Skill Evolution] --> B[Traditional Phase]
    A --> C[AI Collaboration Phase]

    B --> D[Handwrite All Code]
    B --> E[Focus on Syntax Details]
    B --> F[Lots of Repetitive Work]

    C --> G[Design System Architecture]
    C --> H[Control AI Output]
    C --> I[Solve Complex Problems]
    C --> J[Focus on Business Value]

    subgraph "Value Hierarchy"
        K[Low Value: Repetitive Coding]
        L[High Value: Creative Thinking]
    end

    D --> K
    E --> K
    F --> K

    G --> L
    H --> L
    I --> L
    J --> L

    style B fill:#fff2cc
    style C fill:#d4edda
    style K fill:#f8d7da
    style L fill:#d4edda

When you no longer need to spend hours writing CRUD code, you finally have the bandwidth to think about system design, user experience, and business value. Isn’t that an upgrade for the profession?

Implications for Companies

Organizations need to adjust their hiring and talent development strategies too:

1. Update interview criteria: Stop testing whether candidates can hand-write quicksort. Evaluate whether they can design a sound system architecture.

2. Value soft skills: Communication, requirements comprehension, and cross-team collaboration are more important than ever in the AI era.

3. Invest in training: Help existing employees learn how to use AI tools effectively, rather than fearing them.

4. Calibrate expectations: Don’t assume AI means infinite development speed. Quality assurance still takes time.

Final Thoughts

In the AI coding era, the programmer’s value hasn’t depreciated – it’s being redefined.

We’re evolving from “code producers” to “software product architects,” from “feature implementers” to “problem solvers.” This transition requires proactive learning and active adaptation, but it also presents unprecedented opportunities.

Embrace the change. In this era, the biggest risk isn’t being replaced by AI – it’s refusing to learn how to work alongside it.

After all, the people who truly know how to harness AI are the ones who’ll be writing the next chapter.

How are you using AI coding tools in your work? Got any interesting experiences or reflections? I’d love to hear from you in the comments!

Pain Point #1: AI-Generated Code Is Always Outdated

I remember writing Ethereum smart contracts with Cursor and needing the ethers library for on-chain interactions. The AI kept generating v5 syntax, but our project was on v6. The ethers library underwent massive API restructuring in v6 – method names and calling conventions were completely different.

graph TD
    A[Need to use ethers library] --> B[AI generates code]
    B --> C[Uses v5 syntax]
    C --> D[Runtime error]
    D --> E[Manually check v6 docs]
    E --> F[Tell AI the correct approach]
    F --> G[Regenerate code]
    G --> H{More errors?}
    H -->|Yes| D
    H -->|No| I[Finally works!]

    style D fill:#ffcccc
    style E fill:#fff2cc
    style I fill:#d4edda

Every single time, it was the same loop: AI generates code, runtime error, manually check docs, teach the AI the correct approach, regenerate. When you need to call dozens of different methods, this cycle is absolutely maddening.

Then I discovered Context7 MCP – a genuine lifesaver.

Context7: Real-Time Access to Latest Documentation

The core idea is simple but effective: fetch the latest content from official documentation in real time and inject it directly into the AI’s context. No more worrying about the AI’s “knowledge” being outdated.

graph LR
    A[User Request] --> B[Context7 MCP]
    B --> C[Fetch latest official docs in real time]
    C --> D[Inject into AI context]
    D --> E[AI generates code based on latest docs]
    E --> F[Correct on the first try!]

    subgraph "Supported Documentation Sources"
        G[OpenZeppelin]
        H[Symbiotic Protocol]
        I[ethers.js]
        J[React/Next.js]
        K[And more...]
    end

    C --> G
    C --> H
    C --> I
    C --> J
    C --> K

    style F fill:#d4edda

Installation:

claude mcp add --transport http context7 https://mcp.context7.com/mcp --header "CONTEXT7_API_KEY: YOUR_API_KEY"

Usage couldn’t be simpler: Just add “use context7” to your prompt.

The documentation coverage is impressive. Beyond mainstream frameworks like React and Next.js, it even covers niche Web3 domains:

• OpenZeppelin Contracts: Essential smart contract security library docs for DeFi projects
• Symbiotic Protocol: A relatively new shared security protocol – I was surprised to see it supported
• Major blockchain SDKs: Full coverage from ethers to viem

Now my code compiles on the first try. The AI generates accurate code based on the latest APIs, completely eliminating version mismatches.

Pain Point #2: A Single Model Has Its Limits

During code audits, I often need to uncover potential vulnerabilities. In practice, I’ve noticed an interesting pattern:

• Claude Code is a “workhorse” for coding – it implements features quickly
• GPT-5 excels at deep analysis, especially in scenarios requiring logical reasoning

For example, when auditing DeFi contracts:

• GPT-5 can dissect economic models and discover subtle attack vectors
• Claude Code is great at writing test cases to verify those vulnerabilities

Previously, I had to constantly switch between tools, copying and pasting – terribly inefficient.

Zen MCP: Multi-Model Orchestration

Zen MCP solves this perfectly by letting Claude call on other models’ capabilities.

graph TD
    A[Security Code Audit Task] --> B[Claude Code + Zen MCP]

    B --> C[Call GPT-5 for deep analysis]
    C --> D[Identify potential risk areas]

    B --> E[Claude Code writes test cases]
    D --> E
    E --> F[Verify security vulnerabilities]

    B --> G[Call Gemini to generate report]
    F --> G
    G --> H[Structured Audit Report]

    subgraph "Multi-Model Collaboration"
        I[GPT-5: Deep Thinking & Analysis]
        J[Claude: Code Writing & Execution]
        K[Gemini: Documentation & Report Generation]
    end

    C -.-> I
    E -.-> J
    G -.-> K

    style H fill:#d4edda

I chose to connect via OpenRouter – one configuration gives you access to multiple models: GPT-5, Gemini, various Claude versions, DeepSeek, and more. You can also configure individual platform APIs separately.

Typical Workflow:

1. Deep analysis: Call GPT-5 to identify code risk areas
2. Vulnerability verification: Claude writes test cases based on the analysis
3. Report generation: Use Gemini to produce a structured report

This division of labor lets each model play to its strengths: GPT-5 handles the “thinking,” Claude handles the “doing” – seamlessly connected.

Installation and Configuration

Option B: Instant Setup (Recommended)

Add the following to ~/.claude/settings.json or .mcp.json:

{
  "mcpServers": {
    "zen": {
      "command": "bash",
      "args": ["-c", "for p in $(which uvx 2>/dev/null) $HOME/.local/bin/uvx /opt/homebrew/bin/uvx /usr/local/bin/uvx uvx; do [ -x \"$p\" ] && exec \"$p\" --from git+https://github.com/BeehiveInnovations/zen-mcp-server.git zen-mcp-server; done; echo 'uvx not found' >&2; exit 1"],
      "env": {
        "PATH": "/usr/local/bin:/usr/bin:/bin:/opt/homebrew/bin:~/.local/bin",
        "OPENROUTER_API_KEY": "your-key-here",
        "DISABLED_TOOLS": "analyze,refactor,testgen,secaudit,docgen,tracer",
        "DEFAULT_MODEL": "auto"
      }
    }
  }
}

Once configured, you can flexibly invoke various models from within Claude. It supports both OpenRouter API and individually configured platform API keys.

graph LR
    A[Claude Code] --> B[Zen MCP]
    B --> C[OpenRouter API]

    subgraph "Available Models"
        D[GPT-5/o3]
        E[Gemini Pro]
        F[Claude All Versions]
        G[DeepSeek]
        H[Other Models...]
    end

    C --> D
    C --> E
    C --> F
    C --> G
    C --> H

    style A fill:#e1f5fe
    style C fill:#f3e5f5

Practical Tips

Context7 Tips:

• API key is optional: It works without one, but having a key increases your rate limits
• Use the topic parameter wisely: Specify the documentation scope when focusing on a particular feature
• Retry on network issues: Failed doc fetches are usually caused by transient network hiccups

Zen MCP Tips:

• Don’t overuse it: For simple tasks, just use Claude directly
• Define clear roles: Analysis with GPT-5, coding with Claude
• Manage costs: Choose models on OpenRouter based on task importance

Before and After

Conclusion

These two MCPs tackle core pain points head-on:

• Context7 permanently solves the stale documentation problem
• Zen MCP breaks through single-model limitations

For developers working with complex tech stacks, these tools are genuine productivity multipliers. No flashy gimmicks – just solid, tangible improvements to the development experience.

If you’re using Claude, I strongly recommend giving these two MCPs a try. You’ll wonder how you ever managed without them.

Resources:

• Context7 GitHub
• Zen MCP GitHub
• Claude Code MCP Documentation

VPN: The Familiar Security Guard

VPN is a lot like the gate guard at an apartment complex – enter the right password and you’re inside the “secure zone,” free to roam as you please. This model worked well enough, especially when everything lived in the company’s own data center.

But live with it long enough and the cracks start to show. I remember being on a business trip, eagerly pulling out my iPad to push an urgent fix, only to discover I couldn’t install the company VPN on it. I stared at that tantalizing intranet link in my email, tapping furiously on a screen that wouldn’t cooperate. And the network experience was brutal: all traffic routed through the VPN server turned video calls into slideshows, with colleagues’ lip movements lagging behind their words.

The worst part was the security gap. Last year, a teammate’s VPN credentials got stolen. The attacker waltzed through the internal network like they had an all-access pass, helping themselves to data like it was a buffet. Classic “hard shell, soft center” – the front gate is armored steel, but the backyard fence is held together with wishes.

Zero Trust: Security Through Systematic Suspicion

Zero Trust sounds fancy, but the core idea is dead simple: no matter who you are, you prove your identity every time you want access.

My experience using Akamai EAA at Bybit was an eye-opener. No client software to install – just type an internal address into the browser, get redirected to a login page, authenticate, and you’re in. Smooth as scanning a QR code to log into a mobile app. That’s the kind of experience modern workers deserve.

graph TB
    User[User] --> Auth[Authentication]
    Auth --> Policy[Access Policy]
    Policy --> App1[App 1]
    Policy --> App2[App 2]
    Policy --> App3[App 3]

    subgraph "Zero Trust Core"
        Auth
        Policy
    end

    subgraph "Protected Apps"
        App1
        App2
        App3
    end

Here’s a useful analogy: traditional VPN is like an old apartment complex where getting past the front gate means you can wander anywhere. Zero Trust is like a high-security lab where you badge in and verify your identity at every single door.

The Real Battlefield: Cloud-Era Security Challenges

The Supabase internal app I audited recently was a perfect case study. The vulnerabilities were everywhere, and when I tried to lock things down with IP whitelisting – no dice. Cloud services like this simply don’t support it. VPN was completely useless here.

This is the reality we’re dealing with now:

• SaaS services don’t support IP whitelists
• Employee devices are all over the map (phones, tablets, gaming laptops – you name it)
• Remote work is the norm, not the exception
• Applications are scattered across AWS, GCP, Alibaba Cloud

This is where Zero Trust shines. No matter which cloud your app lives in, as long as it’s behind unified authentication, access control just works. It’s like installing a smart access system on every application, with permissions granular down to the individual user.

The Three Pillars of Zero Trust (In Plain English)

1. Identity Verification Think of it as a digital badge system that confirms who you are. It integrates with existing corporate AD/LDAP or modern identity providers like Azure AD.

2. Policy Engine Picture a security control room with live monitoring. It makes real-time decisions: “Can Zhang access the finance system from a laptop? At 3 AM? Connecting from Thailand?”

3. Access Gateway This is the meticulous guard who checks credentials, matches them against the roster, and logs everything for every single request. Cloudflare Zero Trust and Akamai EAA are essentially productized, out-of-the-box versions of this entire system.

The Showdown: How Do You Choose?

The Learning Curve: Let’s Be Honest

I’ll be straight with you – getting started with Zero Trust can be rough. The first time I encountered OIDC, SAML, and RBAC, I thought I was taking a certification exam. Many companies hesitate precisely because of this – VPN may be painful, but at least it’s a familiar kind of pain.

That said, these technologies are everywhere now, and you’ll need to learn them sooner or later. Modern solutions have increasingly friendly configuration interfaces – it’s like assembling IKEA furniture. Follow the instructions and you’ll get there; no need to apprentice with a carpenter first.

Final Thoughts

Zero Trust and VPN aren’t really competitors – it’s more like a version upgrade for your security posture. VPN is perfectly fine for legacy systems, but for cloud-native and remote work scenarios, Zero Trust is clearly the stronger play.

The right choice depends on your specific situation. For the Supabase security challenge I faced, Zero Trust was the clear answer. There’s no silver bullet in security, but having multiple approaches in your toolkit means you can stay calm when problems arise.

At the end of the day, security isn’t about putting shackles on the business – it’s about helping it run faster and more reliably. Choose the right architecture, and innovation gets the solid foundation it needs to sprint.