Burnvelope

Raising the Stakes

After HuePass, I wanted to push the AI-assisted development experiment further. HuePass was entirely client-side, with no server logic or deployment complexity. For Burnvelope, I wanted to see how AI would handle something more challenging: server-side code, encryption, and real deployment constraints.

My only hard requirement was that it had to be hosted on CloudFlare using their free tier. This forced architectural decisions around Workers, KV storage, and the limitations of edge computing.

The Prompt

I started simple: “Give me a one-time use link I can send secure information through. The recipient reads it, and the link deactivates. Privacy is important.”

What happened next impressed me. The AI didn’t just start coding. It asked clarifying questions. Good ones. Questions about expiration policies, encryption preferences, and edge cases I hadn’t considered. It presented options as multiple-choice decisions, letting me guide the direction without needing to specify every detail upfront.

Where It Went Wrong (At First)

The first architectural plan looked reasonable on the surface, but had a fundamental flaw: the server could decrypt the data. For a tool where privacy is the core promise, that’s a non-starter. There were also some security gaps in the initial approach that would have been problematic.

This is exactly the kind of thing I expected to encounter. The AI is exceptional at implementation, but strategic security thinking (anticipating how a design decision creates vulnerabilities) still requires human oversight.

I provided more specific guidance on the encryption pattern to follow: encrypt in the browser, store only ciphertext server-side, embed the decryption key in the URL fragment (which never gets sent to the server). With that direction, the AI executed flawlessly.

The Result

Burnvelope uses double-layer AES-GCM encryption with a zero-knowledge architecture. Secrets are encrypted in your browser before transmission, and the decryption key lives only in the URL you share. The server literally cannot read what you’ve stored. After one view, the data is permanently deleted. No backups, no logs, no recovery.

It runs entirely on CloudFlare’s free tier: Workers for the API, KV for storage, Pages for the frontend.

On Claude and AI-Assisted Development

For these experiments, I’ve been using Claude. To get the depth of interaction these projects required, I upgraded to their Max plan ($100/month at the time of this experiment).

Is it worth it? In my opinion, absolutely.

Even when working on production code, where I’m actively guiding, reviewing, and requesting refactors, the productivity boost is significant. I’d estimate somewhere between 20-50% depending on the task. For greenfield projects like this where you can move faster and iterate more freely, the gains are even larger.

The key insight from both HuePass and Burnvelope is that AI doesn’t replace architectural thinking or security expertise. But for developers who have that foundation, it’s a remarkable force multiplier.