AI Programming

From a Pet Peeve to a Public-Facing Tool: One Developer's Journey from HTML to Java with an AI Coding Partner

By 一只牛博 · Jun 24, 2026

Read original on juejin.cn ↗ Google Translate ↗ Alt translation

This project is a concrete demonstration that AI coding tools are evolving from simple code generators into genuine engineering partners. The AI didn't just write code; it helped make architectural decisions, enforced security best practices, and advocated for a lean MVP. For Western developers evaluating AI tools, this case shows that the real value lies in the AI's ability to reason about trade-offs and constraints, not just in its speed of output.

Summary

Frustrated by the high cost of moving small data between servers — no good clipboard, no lightweight sharing tool — a developer decided to build their own ephemeral transfer service. The goal was a web page where you drop a file or text, the other side enters a code to retrieve it, and everything auto-destroys after use, with no registration or history.

What started as a simple idea became a case study in AI-assisted development. The developer used WorkBuddy, an AI coding tool, not just to generate code, but to deconstruct the problem, propose technical trade-offs, enforce security constraints, and even push back against feature creep by suggesting an MVP-first approach. The project's tech stack evolved naturally: a native HTML/JS prototype to validate the concept, a Vue refactor to refine the UI (including a frosted-glass aesthetic), and finally a Spring Boot 3.3.5 + Java 17 backend for production deployment, with a modular vanilla JS frontend.

The final product is a publicly accessible tool with end-to-end encryption (AES-GCM 256-bit, key never leaves the client), sliding-window rate limiting, concurrency gates, tiered download quotas, and a scheduled cleanup that physically deletes data. The developer highlights several code snippets — from key handling to filter-layer concurrency control — as evidence that the AI's output was not just functional, but demonstrated the judgment of a competent mid-to-senior engineer.

Takeaways

— WorkBuddy proposed three technical routes (Pure Web Relay, Real-time Clipboard Sync, Integrated Dual-Channel) with a pros/cons table before writing any code.

— The AI helped decompose security into user-side (one-time access codes, tokenized links, HTTPS, file blacklist) and server-side (isolated storage, AES encryption at rest, TTL cleanup, IP rate limiting, audit logs).

— The AI recommended splitting the project into an MVP (single file/text sharing) and an enhanced version (rooms, QR codes, password protection), preventing feature creep.

— The final tech stack evolved from native HTML/JS to Vue and finally to Spring Boot 3.3.5 + Java 17, driven by deployment and maintainability constraints.

— The production system includes AES-GCM 256-bit end-to-end encryption with the key embedded in the URL fragment (never sent to the server), sliding-window rate limiting, concurrency gates, tiered download quotas, and a 60-second cleanup cycle.

— The AI's code demonstrated strong engineering practices: correct use of WebCrypto, synchronized sliding counters for rate limiting, a filter-layer concurrency gate with a clear rationale, and a single scheduled cleanup method.

— The final UI design decisions were driven by product logic: defaulting to the receive state, making validity period and download count first-class citizens, and designing the 'destroyed' state as a proper user experience.

Conclusions

The most valuable contribution of the AI was not code generation but requirements deconstruction and technical decision-making, acting as a sounding board for trade-offs.

The AI's ability to push back against feature creep and advocate for an MVP is a surprisingly mature behavior for a tool, suggesting a shift from 'code assistant' to 'product-minded collaborator'.

The tech stack evolution (HTML → Vue → Java) was not arbitrary but a natural progression driven by real-world constraints: prototyping, UI refinement, and production deployment.

The developer's final assessment that the AI's code quality approached that of a mid-to-senior engineer is a significant data point for the current capabilities of AI coding tools.

The project's success hinged on the developer's own engineering judgment to guide the AI, reinforcing the idea that AI amplifies skill rather than replacing it.

Concepts & terms

End-to-End Encryption (E2E)

A communication system where only the communicating users can read the messages. In this project, the encryption key is embedded in the URL fragment (the part after `#`), which browsers never send to the server, ensuring the server cannot decrypt the data.

Sliding Window Rate Limiting

A rate-limiting algorithm that tracks requests within a moving time window, preventing abuse by limiting actions (e.g., uploads, queries) from a single IP address over a defined period.

OncePerRequestFilter (Spring)

A Spring Framework filter that is guaranteed to be executed once per request. It is used here to enforce concurrency limits on file uploads before the request body is fully parsed by the Controller, preventing resource exhaustion.

AES-GCM

Advanced Encryption Standard in Galois/Counter Mode. A symmetric encryption algorithm that provides both confidentiality and integrity. It is used in this project for client-side encryption of files and text before they are uploaded.

URL Fragment (#)

The portion of a URL that starts with a `#` character. It is used for client-side state (like scroll position or, in this case, an encryption key) and is never sent to the server in an HTTP request, making it a secure location for sensitive data that should not be transmitted.

Source: juejin.cn ↗ Google Translate ↗ Backup ↗