AI tools for code generation are currently the hot topic. Wherever you look, there are tons of articles and videos that show you how easy it is to start and how you can turn your idea into an application. Between you and your dreams is just a 20$ a month subscription and then everything will be great.
If you are a bit more realistic, you know that there is a hook and that the advertised benefits are too good to be true. On the other hand, the tools are much better than what many sceptics say that claim the AI coding tools can only produce slop and are useless. As so often, these tools are multipliers and the better you know how to use them and what their limitations are, the better the results you get.
Over the next weeks I like to take a closer look at various parts of the development process using AI coding tools. I will use Claude Code, because I find it currently the most useful one.
Installation
We can use Claude Code as a desktop application, as a web site, inside an IDE like Visual Studio Code or in the command line. I prefer the command line; but you can use whatever you like.
There is a detailed installation guide that should help you to install Claude Code on your machine. On Windows I prefer the installation with WinGet:
wingetinstallAnthropic.ClaudeCode
That way I can use WinGet to update Claude Code, something that may happen multiple times per week.
Vibe code a first tool
I had a vague recollection of a service called no-as-a-service that sends politely worded rejection messages. But instead of a web service, I like a small tool that runs on my local machine as a NuGet package. I put this idea into a prompt and handed it to Claude Code:
I need a NuGet package that I can install as a global tool. The tool should be named say_no. When we run it, it should pick one of 20 predefined extensive reasons that basically say no but uses a lot more words in the context of software development. Crate the tool, show the commands to create the package and install it on the local machine.
Claude Code started working and in less than 2 minutes, I got a tiny C# application with these two files:
#Program.csvarreasons=new[]{"After conducting a thorough cross-functional architectural review and consulting our internal RFC process, we have determined that the proposed initiative does not align with our current sprint capacity, and would introduce unacceptable levels of technical debt into a codebase that is already operating at a complexity ceiling that our static analysis tooling has flagged as a P1 concern.","While we appreciate the enthusiasm behind this request, our dependency graph analysis reveals that implementing this feature would require upgrading seventeen transitive dependencies, three of which are currently pinned due to known CVEs that have no upstream patches, effectively making this a security regression disguised as a feature addition.","Following a rigorous cost-benefit analysis using our internal DORA metrics and weighted against our current OKR commitments, this request has been triaged to the backlog with a priority score that places it approximately fourteen quarters behind our current roadmap horizon.","The proposed change would require us to abandon our current event-sourcing architecture in favor of a stateful mutation model, which fundamentally contradicts the ADR-0042 decision record ratified by the architecture guild in Q3, and reopening that decision would necessitate a full consensus process across seven autonomous engineering teams.","Our observability pipeline currently ingests 2.3 million events per second, and introducing the proposed synchronous blocking calls would cause latency percentiles to exceed our SLA thresholds at the p99.9 level during peak traffic windows, which our on-call rotation is contractually obligated to treat as a Severity 1 incident.","A preliminary feasibility assessment indicates that the requested functionality overlaps with three separate microservices that each claim ownership of the relevant domain boundary, and resolving this Conway's Law ambiguity would require an organizational restructuring that is currently outside the mandate of the engineering leadership team.","Our continuous integration pipeline enforces a strict test coverage gate at 94.7%, and the surface area of the proposed change is sufficiently broad that achieving adequate test coverage would require authoring approximately 1,400 new unit tests, 230 integration tests, and a contract test suite that we do not currently have the test infrastructure to execute.","The request has been evaluated against our internal RFC template and found to be missing sections 3B through 7F, including the threat model, the rollback plan, the feature flag strategy, the database migration impact analysis, and the internationalization considerations, without which the proposal cannot be escalated to the architecture review board.","Our platform team has conducted a capacity planning exercise and determined that the additional compute requirements for this feature would push our cloud spend 340% over the quarterly budget allocation, necessitating a budget amendment that requires sign-off from three VP-level stakeholders who are currently in a hiring freeze and therefore unavailable for non-critical approvals.","After running the proposed implementation through our internal AI-assisted code review tool, 47 separate concerns were flagged ranging from potential race conditions in the distributed lock acquisition pathway to insufficient input sanitization at the API boundary layer, all of which would need to be resolved before the change could pass our security review checklist.","The feature as described would require modifying the core authentication middleware, which is currently in a code freeze pending a third-party security audit scheduled for next quarter, and any changes to that module must be accompanied by a penetration test report from an approved vendor, which has a minimum lead time of six weeks.","Upon review, the proposed solution introduces a circular dependency between the domain layer and the infrastructure layer that violates the Dependency Inversion Principle as codified in our internal Clean Architecture guidelines, and resolving it would require a top-down refactoring of the service layer that was explicitly descoped from the current quarter's technical excellence initiative.","Our data governance board has flagged that the proposed feature would process PII in a manner inconsistent with our data retention policy, the GDPR lawful basis documentation filed with our DPO, and the data processing addendum we have contractually committed to with fourteen enterprise customers, making this a legal blocker that engineering cannot unilaterally resolve.","The team has evaluated this against our technical radar and determined that the proposed third-party library sits firmly in the 'Hold' quadrant due to its Apache 2.0 license containing patent clauses that our legal team has not yet cleared for use in customer-facing products, pending a review that was initiated eleven months ago.","Implementing this would require us to move from our current pull-based deployment model to a push-based model, which conflicts with our zero-trust network architecture, requires opening inbound firewall ports that our InfoSec team has permanently denied, and invalidates the network topology diagrams we submitted as evidence in our SOC 2 Type II audit.","The proposed API contract uses a RESTful resource model, but our API gateway has already committed to a GraphQL-first strategy for all new endpoints as of the platform modernization initiative, meaning this would need to be redesigned from scratch, documented in our schema registry, and reviewed by the developer experience team before any implementation work could begin.","Our chaos engineering suite has run 4,000 fault-injection simulations against a prototype of this feature and identified a failure mode where the system enters a split-brain state under network partition conditions that cannot be resolved without manual operator intervention, which violates our four-nines availability commitment and our fully-automated recovery runbook policy.","The database schema changes required for this feature would need to be applied to a 14TB PostgreSQL table with no downtime tolerance, and our current migration tooling does not support online schema changes of this magnitude without a maintenance window that would violate the uptime guarantees in our enterprise customer contracts.","After mapping this request to our value stream, we identified that it would add 23 new handoff points across 9 teams, increasing our lead time from idea to production from the current 4.2 days to an estimated 47 days, which is antithetical to the flow efficiency principles we committed to in our lean transformation roadmap.","The requested feature sits at the intersection of four separate bounded contexts in our domain model, and implementing it would require either duplicating business logic across all four contexts in violation of DRY principles, or extracting a shared kernel that our domain-driven design working group has been unable to reach consensus on despite six months of event storming sessions.",};varindex=Random.Shared.Next(reasons.Length);Console.WriteLine(reasons[index]);
Claude Code also generated the NuGet package and installed it (after it asked for permission to do so). That allowed me to run it directly in my terminal:
$ say_no
Following a rigorous cost-benefit analysis using our internal DORA metrics
and weighted against our current OKR commitments, this request has been
triaged to the backlog with a priority score that places it approximately
fourteen quarters behind our current roadmap horizon.
Claude Code did all I asked and I had my say_no tool without writing a single line of code. If you want to hype Claude, that little experiment proves its superiority and everyone is now able to create applications without writing a single line of code. No one needs to learn to code, just prompt it! If you are a bit more realistic, there are a lot of things we need to inspect more closely.
A closer look at what Claude Code generated
We got a running application in no time that fulfils the requirements we had:
It uses .Net 10 – the newest version that is currently released.
It used C#, what I prefer over the other languages that run on .Net.
It generated 20 pre-defined answers.
It created a NuGet package.
It installed the package and showed the commands to update it.
While this is already much more than what we would have gotten a year ago, it also skipped a few things one would expect to be present:
It did not ask for the name it should put into the author field (it used You).
It did not set a license.
There was no Readme file.
There is no version control.
There are no tests.
These points are a great example of things we may take for granted and therefore did not bother to specify. It is clear to us that there must be an author, but Claude does not share this type of knowledge. It only can act on the things we ask for and skips all the implicit requirements. Be aware of this when you try Claude Code on your own. We will cover our blind spots for requirements gathering in a separate post in a few weeks.
Next
We got our first steps with Claude Code and could create a tiny application without writing a single line of code. The result was impressive, even when it only did what we explicitly specified. Next week we take a closer look at the helpful features that ship with Claude Code and how they can give us better results in no time.