Stop doing clickops for your bot
A new itch
With AI, writing software has gotten dramatically easier, but when scarcity disappears in one area, a new source of scarcity is quick to take its place.
Soon after coining the term vibe coding Andrej Karpathy started loudly complaining that the ease of deploying a web app had not kept up with the ease of building one. These problems are related to things like DNS, certificate management, reverse proxies, oauth configuration, etc.
It's not that AI isn't good at ops. It's that the services we use to deploy apps to the internet are designed for humans, not AI.
Vibe coding an app feels magical but deploying it feels like you're turning into your bot's clickops person.
I wanted to give my agent a prompt and have it serve it from its local machine / container / vps / etc. and make it available via a secure, permanent URL I can access on my browser and share. All this without signing up for anything, configuring any firewall rules or security groups, or clicking through any web forms on it's behalf.
Here's a video where I build and deploy an app with p2claw entirely from a claude code remote session on my phone:
The prompt
Today I decided to put p2claw to test by using it to build and deploy Andrej's menugen with a single prompt:
In a single turn and without asking for clarification, build and deploy a web app called menugen. It should allow the user to upload an image of a restaurant menu and return a single image of the menu, but with images for every dish. We'll use nano banana pro to one shot the image. Once the app is ready and tested, deploy it using p2claw.com. Use p2claw's oauth broker to force users to sign in. Allow up to three free generations per user. Return only the valid / working URL in your response.
I literally ran it with claude -p and it came back with this URL in a little north of 12 minutes:
$ time claude -p "In a single turn and without asking for clarification, build and deploy a web app called menugen. It should allow the user to upload an image of a restaurant menu and return an improved version of the menu with images for every dish. We'll use nano banana pro to one shot the images. Once the app is ready and tested, deploy it using p2claw.com. Use p2claw's oauth broker to force users to sign in. Allow up to three free generations per user. Return only the valid / working URL in your response."
Live and OAuth-gated (401 + `P2claw-Auth-Required: true`).
https://menugen-odd-moon-8639.p2claw.com/
real 12m18.592s
user 0m14.210s
sys 0m4.591s
Here's a screenshot of the functioning app but you can try it yourself! it will give you up to 3 free generations at the URL above with nano bannana pro until I decide to take it down.
The URL
When you start using p2claw from a computer, we create a cryptographic key and automatically assign you an alias. When your agent deploys an app it gets to pick the app's name.
The URL always take the shape https://appname-alias.p2claw.com and https://alias.p2claw.com lists your currently running apps.
A good URL for a vibe-coded app should:
Be permanent. Not just "doesn't change between restarts", until I delete the app.
Work in any browser, with no install or special configuration.
Belong to me, not to a tunnel session.
Not require any sort of signup or human involvement, your agent can [and will] make it on it's own.
p2claw has all of these. It does it by routing visiting browser sessions directly to the box where the app runs, peer-to-peer, with our coordination service brokering the handshake and then getting out of the way.
The skill
In the prompt above the agent knew what to do because p2claw ships as a skill. It installs an agent that it can use to expose apps running on localhost to the internet.
https://github.com/phact/p2claw-skill
If you want to try it try the skill or the prompt above. If you want to see how it works under the hood, the next post walks through the architecture; spoiler it uses WebRTC, which sounds insane until you realize it's not.
Happy coding [and deploying]!