An OpenAI-compatible API router should not make your stack more complicated. If it does, it has already failed.

The whole point of compatibility is boring simplicity:

One base URL.

One API key.

Same general SDK shape.

That gives you room to improve the economics without rewriting the application.

For AI coding workflows, this matters because the tool in front is often already good enough. The pain is underneath: cost, provider management, usage logs, and routing.

The minimum useful setup should look familiar:

import OpenAI from "openai";

const client = new OpenAI({
  baseURL: "https://incat.ai/v1",
  apiKey: process.env.OPENAI_API_KEY,
});

If a router requires a large rewrite before you can test it, most developers will not bother. They are right.

The first test should be small:

• one workflow
• one API key
• one prepaid balance
• one cost comparison

What should the router do?

Route by task

Send routine work to cheaper capable models. Keep risky work on stronger models.

Preserve logs

Developers need to know which workflow burns money.

Avoid surprise bills

Prepaid credits are useful because they turn runaway usage into a visible constraint.

Keep escape hatches

If a cheaper route is not good enough, switch back. Routing should create options, not lock-in.

That is the category I want inCat to live in.

Not another AI coding app.

Not a model museum.

An OpenAI-compatible API router for developers who want the same workflow to cost less.

Generate a config:

https://incat.ai/codex-config-generator.html

This is a submission for the GitHub Finish-Up-A-Thon Challenge

What I Built

I took an unfinished open-source MCP server for DEV.to and added the missing half.

The original repo (nickytonline/dev-to-mcp) was built by an actual DEV.to engineer and shipped six read-only tools: get_articles, get_article, get_user, get_tags, get_comments, search_articles. Useful for reading, useless for writing.

I extended it with three write tools:

• create_article for publishing new articles (draft or live)
• update_article for editing existing ones
• delete_article for unpublishing

The result is a full read-write MCP server that lets Claude (or any MCP client) treat DEV.to like a CMS. This article was created and published using it.

Demo

The tool list in Claude Desktop after the build:

Read-only tools (6):
  Get Articles, Get Article, Get User, Get Tags, Get Comments, Search Articles

Write/delete tools (3):
  Create Article, Update Article, Delete Article

A draft creation call looks like this:

{
  "tool": "create_article",
  "args": {
    "title": "My new post",
    "body_markdown": "# Hello world",
    "tags": ["webdev", "ai"],
    "published": false
  }
}

The MCP server hits POST https://dev.to/api/articles with the user’s DEVTO_API_KEY from env, returns the article ID, and Claude can immediately call update_article against it. No browser, no copy-paste from chat to editor.

The Journey

The original repo was solid but limited. I asked myself: why use an MCP server that can only read?

Setup was the first wall. The npm package wasn’t published, so npx -y @nickytonline/dev-to-mcp returned 404. Then npm install -g github:... failed because the repo had no top-level package.json at the install path npm expected. The fix was unglamorous: git clone, npm install, npm run build, point Claude Desktop’s config at the local dist/index.js.

There was also a Windows-specific gotcha. Claude Desktop on Windows needs npx.cmd, not npx. The error message was just Server disconnected. Logs showed bad option: -y because the config still had the npx flag while the command had been swapped to node. Small things, two hours.

Once the read-only server was running, the actual finish-up work was straightforward. The codebase used a clean handler pattern: each tool was a function that called the DEV.to API and returned a typed response. I followed the same pattern for the three new tools:

// Pattern from the existing read tools
async function getArticle(id: number) {
  const res = await fetch(`https://dev.to/api/articles/${id}`, {
    headers: { 'api-key': process.env.DEVTO_API_KEY }
  });
  return res.json();
}

// New write tool, same shape
async function createArticle(article: ArticleInput) {
  const res = await fetch('https://dev.to/api/articles', {
    method: 'POST',
    headers: {
      'api-key': process.env.DEVTO_API_KEY,
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({ article })
  });
  return res.json();
}

Register the new handlers in the MCP server’s tool list, rebuild with npm run build, restart Claude Desktop. Done.

Tech Stack

• TypeScript for the server code
• Vite for the build (12.83 kB output, builds in 133ms)
• Model Context Protocol SDK for the server scaffolding
• DEV.to API v1 as the backend
• Claude Desktop as the MCP client

What I Learned

Two things stood out.

First, finishing someone else’s project is faster than starting from scratch. The repo had types, patterns, error handling, and tests already in place. Adding three tools meant matching an existing shape, not inventing one. The full add-rebuild-test cycle was under thirty minutes.

Second, AI assistance works best when there’s existing structure to imitate. I gave Claude Code the repo path and asked for three tools matching the existing pattern. It read the codebase, identified the handler signature, knew the DEV.to API endpoints from training data, and produced working code on the first build. Without the existing read-only tools as reference, the output would have needed more iteration.

What’s Next

The MCP server still has gaps:

• No image upload (DEV.to requires base64 inline or external URLs)
• No get_followers or get_following
• No comment write/delete
• No analytics endpoints

These are small additions following the same pattern. The hard part was the first three.

Repo

The forked repo with write tools: github.com/glatinone/dev-to-mcp

Original credit to @nickytonline for the read-only foundation.

I’ve always known Excel as a tool for creating tables and performing simple calculations. However, after spending a week learning its fundamentals, I now understand why Excel remains one of the most widely used tools in data analysis.
Microsoft Excel is a spreadsheet application that allows users to collect, organize, clean, analyze, calculate, and visualize data. Its user-friendly interface and powerful features make it a valuable tool for individuals and organizations across different industries.
One way Excel is used in real-world data analysis is in business decision-making. Companies collect large amounts of data on sales, customers, and operations. Analysts use Excel to sort and filter this data, helping managers identify trends, monitor performance, and make informed decisions. For example, a retail business can sort products by sales volume to identify its best-selling items.
Excel is also widely used in financial reporting. Businesses use it to track expenses, calculate profits, prepare budgets, and generate financial reports. With formulas and formatting tools, financial data can be organized in a way that is easy to understand and analyze.
Another common application is marketing performance analysis. Marketing teams collect data from campaigns, websites, and social media platforms. Excel can be used to analyze campaign results, compare performance metrics, and identify which strategies are generating the best outcomes.
Throughout this week, I learned several Excel features and formulas that are useful in data analysis. The first is filtering, which allows analysts to display only the data that meets specific criteria. This is useful when working with large datasets and looking for particular information. I also learned about data validation, which helps maintain data quality by restricting the type of information users can enter into cells. This reduces errors and improves data accuracy.
In addition, I learned functions such as SUM(), AVERAGE(), and COUNT(). SUM() helps calculate totals, AVERAGE() finds the mean value of a dataset, and COUNT() determines how many numerical values exist within a range. These functions make it easier to summarize and understand data quickly. I also found text functions such as TRIM() and PROPER() useful for cleaning and standardizing data before analysis.
Learning Excel has changed the way I see data. Before, I saw data as a collection of numbers and text. Now, I see it as information that can tell a story and support decision-making when properly organized and analyzed. Excel has shown me that effective data analysis begins with understanding how to clean, structure, and explore data. As I continue my journey in data science, I can already see how these foundational Excel skills will support my learning of more advanced tools and techniques.

AI agents do not only need better instructions.

They need stop signs.

That is one of the clearest reasons Ota exists as software execution governance for humans and AI agents. A repo should not merely tell an agent what it can try. It should declare what the agent must not do, when it must stop, and what requires human approval.

Prompts and AGENTS.md files are useful. They give agents context: how the project is organized, what style to follow, how to summarize changes, and which areas need caution.

But advice is not a boundary.

An instruction says:

Be careful with database commands.

A stop sign says:

Do not run destructive database commands unless explicitly approved.

An instruction says:

Avoid editing generated files.

A stop sign says:

These paths are protected. Stop if the requested edit falls outside the writable boundary.

That difference matters because modern agents are no longer passive readers. They inspect repos, choose commands, edit files, run checks, interpret failures, and report completion.

If the repo gives them only guidance, they still have to infer the boundary.

Ota’s position is sharper: agent execution should not depend on inference. It should be governed by the repo.

Instructions tell agents what to attempt

Most agent guidance is written as advice.

It says:

• follow the existing style
• prefer small changes
• run tests before finishing
• avoid touching generated files
• do not expose secrets
• explain what changed

That helps. It makes agents less generic and more aware of the repo they are working inside.

But it still leaves the dangerous questions open.

Which tests should the agent run?
Which commands are allowed?
Which files are generated?
Which services require approval?
Which failures mean “fix the code” and which mean “stop and ask”?
Which paths are out of bounds?

A capable agent may make reasonable guesses.

But reasonable guesses are not governance.

For low-risk editing, guidance may be enough. For repo execution, CI, automation, and agentic development, the repo needs something stronger.

Stop signs define when not to continue

A stop sign is not a suggestion.

It is a boundary.

In a repo, stopping rules should cover at least five areas.

1. Secrets and credentials

An agent should not invent secrets, request private values indirectly, or edit sensitive environment files just to make a task pass.

If a command needs an API key, database password, cloud token, or private credential, the correct behavior is not improvisation.

The correct behavior is to stop and report the blocker.

2. External services

Some tasks depend on systems outside the repo: cloud infrastructure, managed databases, payment providers, queues, object storage, or production-like services.

If those services are unavailable, the agent should not patch code around the failure.

It should identify the missing dependency and stop.

3. Unsafe mutation

Some commands change state.

deploy
publish
db:reset
terraform apply

These are not cousins of test, lint, or build.

If a task can mutate external state, delete data, publish packages, or affect infrastructure, the repo should not outsource that decision to the agent’s confidence.

That boundary should be declared.

4. Protected paths

Agents need to know where they can work.

Source files and tests may be open. Generated files, migrations, lockfiles, production config, and environment files may need review or approval.

This is not about slowing the agent down.

It is about preventing quiet damage in files that carry operational weight.

5. Verification limits

Agents also need to know when verification is finite.

A long-running dev server is not a verification result.
A watch mode is not a handoff signal.
A task that never terminates is not the same as a bounded check.

Agent-safe tasks need finite verification paths: run, finish, report status.

Without that, the agent may wait indefinitely, stop too early, or report success without a meaningful result.

This is execution governance

This is bigger than prompt quality.

If an agent runs a risky command, edits a protected file, or treats missing credentials as a code problem, the issue is not only that the agent made a poor choice.

The repo failed to govern execution.

Software execution governance means the repo can declare:

• what it needs
• how it should be prepared
• what can be executed
• what requires approval
• where agents can write
• when verification is complete
• when execution must stop

That is the frame Ota is built around.

Not “better setup docs.”

Not “another task runner.”

Ota is the contract-first way to make execution boundaries explicit for humans, CI, automation, and AI agents.

How Ota makes stop signs explicit

In an Ota-backed repo, stopping rules do not have to live only in prose.

The contract can declare safe tasks, verification tasks, writable paths, protected paths, setup requirements, and readiness blockers.

That gives agents a governed operating model:

If the task is declared safe, proceed.
If setup is required, prepare from the contract.
If the contract is invalid, stop.
If secrets or credentials are missing, stop.
If the requested edit is outside writable paths, stop.
If the task mutates external state without approval, stop.
If verification is complete, report the result.

That is stronger than telling an agent to “be careful.”

Ota’s agent quickstart follows this same principle: agents should prefer repo-local contracts when they exist, execute declared safe tasks, parse JSON output instead of scraping terminal prose, and stop when blockers involve secrets, credentials, external services, unsafe mutation, or paths outside declared boundaries.

The command surface supports that model:

• ota doctor checks readiness and surfaces blockers before work begins.
• ota validate checks whether the contract itself is usable.
• ota tasks shows what work the repo has declared.
• ota up --dry-run previews setup before changing the environment.
• ota run <task> --json runs declared work and returns stable status for automation.

The point is not that every agent action needs ceremony.

The point is that dangerous ambiguity should be removed before execution happens.

AGENTS.md still matters

This does not make AGENTS.md useless.

It means AGENTS.md should do what prose does best: explain context.

Use it for style, conventions, architectural notes, review expectations, and collaboration preferences.

Use Ota for the execution boundary.

A clean split looks like this:

AGENTS.md:
How the agent should behave.

ota.yaml:
What the repo allows, requires, verifies, and refuses.

One gives the agent context.

The other governs the repo.

Together, they produce a better operator: one that understands the project and knows where the guardrails are.

Stop signs build trust

Teams do not trust agents because agents sound confident.

They trust agents when the repo constrains what the agent can do, makes the approved path obvious, and produces evidence for what happened.

A good stop sign does not make agents less useful.

It makes them dependable.

It tells the agent:

Move quickly here.
Slow down here.
Stop here.
Ask here.
Report this.
Do not guess.

That is the behavior serious teams need as AI agents move from code suggestion into repo execution.

Conclusion

AI agents need instructions.

But instructions alone are not enough.

A repo that only tells agents what to do still leaves too much room for unsafe interpretation. The next layer is stopping rules: clear boundaries for secrets, external services, unsafe mutation, protected paths, and finite verification.

That is why Ota’s contract-first model matters.

It turns agent safety from advice into execution governance.

The future of AI-assisted development will not be won by repos that merely prompt agents better.

It will be won by repos that know when agents should stop.

• Explore the Ota getting started guide
• Check out the Ota examples repo

Originally posted @ ota.run

Week 0: How the Internet Actually Works – Networking, DNS, Architecture & My DevOps Journey Begins

I recently joined the DevOps Micro Internship (DMI) – Cohort 3, a free, project-based program by Pravin Mishra at CloudAdvisory. Before we dive into the exciting parts – containers, CI/CD pipelines, Kubernetes, cloud platforms – the program correctly insists on mastering the foundational concepts first.

This post documents everything I worked through in Week 0, covering five core tasks and my honest reflections. If you are starting your DevOps journey, this post is for you too. Consider this a beginner-friendly technical reference, not just a journal entry.

Why Foundations Matter in DevOps

It is tempting to jump straight into Docker or AWS. I get it – the tools look cool, the job postings mention them everywhere, and YouTube tutorials make them seem approachable. But here is the uncomfortable truth: tools break, documentation changes, and architectures evolve. What does not change nearly as fast is the underlying fundamentals.

A DevOps engineer who understands how data actually travels across a network, why DNS exists, and how application layers are separated will debug production incidents faster, design more resilient systems, and adapt to new tools with far less friction. That is the mindset behind Week 0.

Let’s get into it.

Task 1 – Exploring Concepts with AI: Networking Protocols

The first task involved using ChatGPT to explore networking protocols from first principles. The goal was not just to get an answer, but to learn how to ask precise questions and synthesise the response into a genuine understanding.

What Are Networking Protocols?

A networking protocol is a standardised set of rules that governs how data is transmitted between devices on a network. Without protocols, two devices attempting to communicate would be like two people trying to have a conversation, one speaking English and the other French, with no shared framework.

Protocols define:

• Format: What does a valid message look like?
• Sequencing: Who speaks first? Who speaks next?
• Error handling: What happens when something goes wrong?
• Termination: How does the conversation end cleanly?

Think of it like road traffic laws. The laws do not build the roads, but they ensure that everyone using the roads does so in a predictable, safe, and efficient manner. Without them, even a perfectly built road would result in chaos.

Key Insight from This Task

What struck me most was how protocols operate in layers. No single protocol handles everything. Instead, a stack of protocols each handles a specific concern, and together they make the internet function. This layered thinking – breaking a complex problem into isolated, composable responsibilities – is also a core principle in software architecture and DevOps. I would encounter it again and again as the week progressed.

Task 2 – Internet & Networking Fundamentals

This task required me to explain four foundational concepts in my own words. Here is my in-depth take on each.

Packet Switching

When you send a message, a file, or a video stream across the internet, that data is not sent as one giant, continuous stream. Instead, it is broken into small chunks called packets. Each packet contains a piece of the actual data (the payload), plus metadata – the source address, destination address, sequence number, and error-checking information.

These packets do not all travel the same route. Routers across the internet evaluate network conditions in real time and forward each packet along the most efficient path available at that moment. At the destination, the packets are reassembled in the correct order.

Why does this matter? Packet switching is what makes the internet resilient. If one network link fails, packets are simply rerouted. No single point of failure can take down the entire communication. This is a fundamentally different (and superior) model to the old circuit-switched telephone network, where a dedicated line had to remain open for the entire duration of a call.

The DevOps connection: When you are debugging network latency or packet loss in a distributed system, understanding packet switching tells you why packets arrive out of order, why retransmission happens, and where to look when something is slow.

IP Address

An IP (Internet Protocol) address is a numerical label assigned to every device on a network. It serves two core purposes: host identification (which device is this?) and location addressing (where is this device on the network?).

There are two versions currently in use:

The world ran out of IPv4 addresses years ago. Techniques like NAT (Network Address Translation) have extended IPv4’s lifespan by allowing multiple devices on a private network to share a single public IP, but IPv6 adoption is the long-term solution.

The DevOps connection: You will work with IP addresses constantly – assigning them to servers, configuring security group rules, setting up load balancers, and troubleshooting connectivity. Understanding the difference between public and private IPs, and how subnetting works, is essential for cloud networking on AWS, GCP, or Azure.

TCP/IP

TCP/IP is not one protocol but a suite of protocols. The two most important are:

IP (Internet Protocol) – handles addressing and routing. It is responsible for getting packets from a source to a destination, but it is connectionless and does not guarantee delivery or order.

TCP (Transmission Control Protocol) – adds reliability on top of IP. Before any data is sent, TCP performs a three-way handshake:

1. SYN: The client sends a synchronise packet to the server.
2. SYN-ACK: The server acknowledges and sends its own synchronise.
3. ACK: The client acknowledges the server’s response.

A connection is now established. TCP then ensures every packet is received, requests retransmission of any lost packets, and delivers data to the application layer in the correct order.

UDP (User Datagram Protocol) is the alternative – connectionless, no handshake, no guaranteed delivery. It is faster, which makes it ideal for video streaming, gaming, and DNS lookups where a dropped packet is less catastrophic than a delay.

The DevOps connection: When you configure a load balancer, you choose between TCP and HTTP (which runs on top of TCP). When you write a Dockerfile exposing a port, you specify TCP or UDP. Understanding this layer is the difference between configuring things by guessing and configuring them with confidence.

HTTP and HTTPS

HTTP (HyperText Transfer Protocol) is the application-layer protocol used to transfer web pages, APIs, and other resources over the internet. It operates on a simple request-response model:

1. A client (browser, API consumer, CLI tool) sends an HTTP request with a method (GET, POST, PUT, DELETE), headers, and optionally a body.
2. A server returns an HTTP response with a status code, headers, and optionally a body.

HTTPS (HTTP Secure) wraps HTTP inside TLS (Transport Layer Security), which provides:

• Encryption: Data in transit cannot be read by third parties (man-in-the-middle attacks are thwarted).
• Authentication: The server’s identity is verified via a certificate signed by a trusted Certificate Authority (CA).
• Integrity: Data cannot be tampered with in transit without detection.

The analogy I find most intuitive: HTTP is like sending a postcard – anyone handling it can read what it says. HTTPS is like sending a letter in a tamper-proof, locked box. Only the intended recipient has the key.

The DevOps connection: You will configure TLS certificates using tools like Let’s Encrypt and Cert-Manager. You will set up HTTPS on Nginx or a cloud load balancer. You will debug SSL handshake failures and certificate expiry alerts. Knowing what HTTPS actually does – not just that it “adds a padlock” – makes all of this manageable.

Task 3 – Application Architecture: Two-Tier vs. Three-Tier

Modern applications are not monolithic blobs of code. They are organised into architectural tiers – logical layers that separate concerns, enable independent scaling, and support team-based development. Understanding these tiers is critical for anyone working in DevOps, because you need to know what you are deploying, where each component lives, and how the layers communicate.

Two-Tier Architecture

In a two-tier (client-server) architecture, the application is split into exactly two layers:

┌─────────────────────┐
│    CLIENT TIER      │  ← Presentation + Business Logic
│ (Browser / Desktop) │
└──────────┬──────────┘
           │ Direct DB queries
           ▼
┌─────────────────────┐
│   DATABASE TIER     │  ← Data Storage
│ (MySQL / PostgreSQL)│
└─────────────────────┘

When it works well: Small internal tools, desktop applications with a limited number of users, and rapid prototyping. The simplicity means less infrastructure to manage.

Where it breaks down: The client handles both the UI and business logic. This means every client must be updated when business rules change. It also means clients often have direct database access, which is a serious security concern at scale.

Technologies typically involved:

Three-Tier Architecture

Three-tier architecture introduces a dedicated middle layer – the application server (or backend) – between the client and the database.

┌─────────────────────┐
│   PRESENTATION TIER │  ← UI only
│  (Browser / Mobile) │
└──────────┬──────────┘
           │ HTTP/HTTPS requests
           ▼
┌─────────────────────┐
│   APPLICATION TIER  │  ← Business Logic & APIs
│ (Node.js / Django)  │
└──────────┬──────────┘
           │ Parameterised queries
           ▼
┌─────────────────────┐
│     DATA TIER       │  ← Persistent Storage
│ (PostgreSQL/MongoDB)│
└─────────────────────┘

Why this matters:

• Security: No client ever touches the database directly. The backend validates and sanitises all input before any query is executed.
• Scalability: Each tier can be scaled independently. If your API is the bottleneck, you spin up more backend instances without touching the frontend or the database.
• Maintainability: Business logic lives in one place. Change a rule in the backend, and all clients – web, mobile, CLI – immediately reflect that change.
• Team autonomy: Frontend engineers, backend engineers, and DBAs can work in parallel without constantly stepping on each other.

Technologies typically involved:

The DevOps connection: When you write a Kubernetes deployment, you are typically deploying each tier as a separate service with its own pods, resource limits, health checks, and scaling policies. When you design a CI/CD pipeline, you often have separate pipelines for the frontend and backend. When you configure a database, you write network policies that allow only the backend service to connect. Three-tier thinking is baked into modern infrastructure.

Task 4 – Domain Name System (DNS) Deep Dive

DNS is one of those technologies that most people take for granted – until it breaks. When DNS goes down, the internet, from a user’s perspective, ceases to work. Understanding how it works is not optional for a DevOps engineer.

What is DNS?

DNS stands for Domain Name System. Its primary job is to translate human-readable domain names (like epicreads.com) into machine-readable IP addresses (like 52.172.142.222).

Without DNS, you would need to memorise the IP address of every website you want to visit. DNS is the phonebook of the internet.

How DNS Resolution Works (Step by Step)

When you type epicreads.com into your browser and hit Enter, here is what actually happens:

Browser → OS Cache → Recursive Resolver → Root Nameserver
       → TLD Nameserver (.com) → Authoritative Nameserver
       → Returns IP → Browser connects to 52.172.142.222

1. Browser cache: The browser checks its own cache. Did it look up this domain recently?
2. OS cache: If not, the operating system checks its own DNS cache (/etc/hosts on Linux, the Windows DNS Client service).
3. Recursive resolver: If still not found, the query goes to your ISP’s (or a public) recursive resolver, such as 8.8.8.8 (Google) or 1.1.1.1 (Cloudflare). This resolver does the heavy lifting on your behalf.
4. Root nameservers: The resolver asks a root nameserver. There are 13 sets of root nameservers globally. They do not know the IP of epicreads.com, but they know who is authoritative for .com domains.
5. TLD nameservers: The .com nameserver knows which nameserver is authoritative for epicreads.com.
6. Authoritative nameserver: This is the nameserver managed by the domain’s owner (e.g., via AWS Route 53 or Cloudflare). It returns the definitive answer: the IP address associated with epicreads.com.
7. Response travels back: The IP is cached at multiple levels (with a TTL – Time to Live – that controls how long it stays cached) and returned to the browser.

DNS Record Types

Connecting epicreads.com to 52.172.142.222

To map the domain epicreads.com to the IP address 52.172.142.222, you create an A Record in the domain’s DNS zone:

epicreads.com.   300   IN   A   52.172.142.222

• epicreads.com. – the hostname (the trailing dot indicates the DNS root)
• 300 – the TTL in seconds (5 minutes); after this time, cached records expire
• IN – Internet class
• A – record type (IPv4 address mapping)
• 52.172.142.222 – the destination IP address

Why not a CNAME? A CNAME maps a name to another name, not to an IP address. CNAMEs also cannot be used at the zone apex (the root domain, e.g., epicreads.com itself) – they can only be used on subdomains. So www.epicreads.com could be a CNAME pointing to epicreads.com, but epicreads.com itself must use an A record.

The DevOps connection: You will configure DNS records constantly – pointing domains to load balancers, configuring subdomains for different services, setting up MX records for transactional email, and adding TXT records to verify domain ownership for SSL certificates. Understanding TTL is critical too: if you set a TTL of 86400 (24 hours) and need to change an IP urgently, you will be waiting a very long time for the change to propagate globally.

Task 5 – Development Environment Setup: Visual Studio Code

A professional development environment is not a luxury – it is the foundation on which all your work is built. I set up Visual Studio Code (VS Code) as my primary editor for this internship.

Why VS Code for DevOps?

VS Code has become the de facto standard for DevOps engineers for several reasons:

• Language support: From Python and Go to Bash and YAML, VS Code handles everything through its extension marketplace.
• Integrated terminal: You can run commands without switching windows, which becomes enormously productive over time.
• Git integration: Built-in source control panel with diff views, staging, committing, and branching.
• Extension ecosystem: Thousands of extensions for Docker, Kubernetes, Terraform, AWS, Azure, and more.
• Remote development: The Remote – SSH and Dev Containers extensions allow you to develop directly on remote servers or inside containers, which is invaluable for DevOps workflows.

Key Extensions I Installed

The Broader Toolchain

VS Code is just the editor. A complete DevOps development environment also includes:

• Git – version control (non-negotiable for every project)
• A terminal – WSL2 on Windows, or the built-in terminal on macOS/Linux
• Node.js / Python – scripting and automation
• Docker Desktop – container runtime for local development
• A cloud CLI – AWS CLI, Azure CLI, or gcloud, depending on your target platform

Getting comfortable with these tools before working on live infrastructure is essential. Mistakes in a local environment are free. Mistakes in production are expensive.

Reflection: Week 0 in Honest Review

What I Found Easy

The networking and DNS sections came naturally to me. These concepts map closely to everyday experiences – browsing websites, using email, navigating apps – so the mental models were already partially in place. I found that once you have the right analogy (packets as parcels, DNS as a phonebook, HTTPS as a locked envelope), the technical details click into place quickly.

What Was Difficult

Application architecture – specifically the distinction between two-tier and three-tier designs – required more effort than I anticipated. The concepts sound simple in isolation, but understanding the implications of each architectural decision takes deeper thinking. Why does moving business logic from the client to a dedicated application server change everything about scalability, security, and maintainability? The answer requires holding multiple concerns in mind simultaneously.

I also found that the most challenging part was not understanding what the layers are, but understanding why the separation exists and what goes wrong when it is violated. Reading about real-world examples – monolithic applications that became impossible to scale, data breaches caused by direct client-to-database access – made the architectural principles feel concrete rather than academic.

What I Will Improve Next Week

Hands-on practice with real tools. Reading and writing about networking is valuable, but there is a qualitative difference between understanding how DNS works conceptually and actually configuring a DNS zone, watching propagation happen, and debugging a misconfigured record. My goal for Week 1 is to close the gap between theoretical knowledge and practical muscle memory.

Specifically, I plan to:

• Practice Linux command-line navigation and file management
• Work through basic shell scripting exercises
• Explore cloud console interfaces (starting with AWS)
• Revisit application architecture by building a minimal three-tier app locally

Key Takeaways

If you have read this far, here is a summary of the most important concepts from Week 0:

1. Networking protocols are layered. No single protocol handles everything. Understanding the layers prevents tunnel vision when debugging.
2. Packet switching is what makes the internet resilient. Data takes multiple paths; failures are routed around automatically.
3. HTTPS is not just about the padlock. It provides encryption, authentication, and integrity – three distinct security guarantees.
4. Three-tier architecture is the baseline for modern applications. Separation of concerns enables independent scaling, improved security, and team autonomy.
5. DNS is the phonebook of the internet, and A records map domain names to IPv4 addresses. TTL controls how long these mappings are cached globally.
6. Your development environment is infrastructure. Set it up thoughtfully, version-control your configurations, and keep it consistent.

If you are following along or if you are on a similar DevOps learning path, feel free to connect in the comments. I would love to hear what foundational concepts you found most challenging – or which ones surprised you the most.

This post is part of my public learning journey through the DevOps Micro Internship (DMI) – Cohort 3 by Pravin Mishra at CloudAdvisory. All tasks completed in this programme are documented openly on this blog.

About DevOps Micro Internship (DMI) & CloudAdvisory
DevOps Micro Internship (DMI) is a free, project-based DevOps learning program by Pravin Mishra (CloudAdvisory). It helps students, job-seekers, and working professionals gain real-world DevOps skills through weekly assignments, projects, and community support.

🌐 DMI Official Website: https://pravinmishra.com/dmi

🎓 DevOps for Beginners: Docker, K8s, Cloud, CI/CD & 4 Projects (Udemy): https://www.udemy.com/course/devops-for-beginners-docker-k8s-cloud-cicd-4-projects/?referralCode=C5BA8236CCE9FE004F98

▶️ DevOps for Beginners – YouTube Playlist: https://www.youtube.com/playlist?list=PLVOdqXbCs7bX88JeUZmK4fKTq2hJ5VS89

🔗 Follow Pravin Mishra on LinkedIn: https://www.linkedin.com/in/pravin-mishra-aws-trainer/