Forem: Creatman

A Government Messenger Detects VPNs and Reports Server IPs. Here's How I Protected My Infrastructure.

Creatman — Wed, 18 Mar 2026 08:26:55 +0000

Credit First

Everything in this article about how Max's HOST_REACHABILITY module works is based on the research of others. I want to acknowledge them clearly:

"runetfreedom" — published the original deep analysis on Habr (March 5, 2026, 485K+ views, 1055+ upvotes) documenting the HOST_REACHABILITY module through JADX decompilation
RKS Global — independently verified the findings
RigOlit — published a detailed security analysis on GitHub (August 2025), later deleted it under pressure. The original repo was preserved in Web Archive
Denis Yagodin — conducted RAG analysis of decompiled code (Medium), discovered the fsb class and intentionally weakened TLS cipher suites
Scamshot Telegram channel — confirmed clipboard access and installed app list exfiltration through dynamic analysis
Novaya Gazeta Europe — verified RigOlit's analysis with technical experts before it was removed

These researchers took real personal risk to expose this. A security researcher in Russia who publishes critical analysis of a government-backed app faces genuine consequences — and one of them already had to delete their work.

My contribution is narrow but practical: I read their research, understood the threat to my VPN infrastructure, and built a working server-side protection system in one day.

What is Max and Why Should VPN Operators Care?

Max (formerly VK Messenger, ru.oneme.app) is developed by VK — Russia's largest social media company, controlled by Gazprom structures. Since September 2025, it's mandatory pre-installed on every smartphone sold in Russia. 100 million registered users (Of course, this is according to VK's own data, which cannot be verified in any way).

VK is run by Vladimir Kirienko — son of the First Deputy Chief of Staff of the Presidential Administration. Max has no end-to-end encryption and is legally required to integrate with SORM (FSB wiretapping infrastructure).

I run VPN infrastructure (VLESS+Reality with DPI bypass) for approximately 165 clients in Russia. When the HOST_REACHABILITY research was published, I realized my servers were directly at risk of being identified and blocked.

How HOST_REACHABILITY Works (Based on Published Research)

The following is a summary of findings published by "runetfreedom" on Habr and verified by RKS Global. I'm condensing it here for VPN operators who need to understand the threat model.

Step 1: VPN Detection

The module uses Android's NetworkCapabilities.TRANSPORT_VPN API to detect active VPN connections.

Step 2: IP Identification via 6 Services

If VPN is detected, the module queries six IP detection services simultaneously — three Russian, three foreign:

Service	Location
`ipv4-internet.yandex.net`	Russia
`ipv6-internet.yandex.net`	Russia
`ip.mail.ru`	Russia (VK-owned)
`ifconfig.me`	International
`api.ipify.org`	Cloudflare
`checkip.amazonaws.com`	AWS

The mix is deliberate: if a user has split-tunneling, Russian and foreign services return different IPs, revealing the VPN server address. For personal VPN servers where inbound and outbound IPs match — the server is directly exposed and tied to the user's identity.

Step 3: Censorship Bypass Test

The module tests reachability of blocked resources (Telegram, WhatsApp) using ICMP ping and TCP:443. If blocked resources are reachable — the user is bypassing censorship.

Step 4: Data Package

Everything is sent to api.oneme.ru via a proprietary binary protocol (10-byte header + MessagePack + LZ4), mixed with regular messenger traffic: VPN flag, server IP, host reachability results, carrier, userId, sessionId.

Step 5: Blocking Pipeline

Data flows: Max → api.oneme.ru → VK → Roskomnadzor → TSPU → IP blocked.

Critical Detail

The module is controlled by a server-side flag returned per-user during authentication — enabling targeted activation for specific accounts.

For full technical details — decompiled class names, opcode structure, ASN lists — read the original research on Habr.

What I Built: Two-Layer Server-Side Protection

After reading the research, I needed to protect my infrastructure without requiring any changes on the client side. Here's what I implemented in one day.

Layer 1: Domain Blocking via Xray Routing

Traffic to Max domains is dropped at the Xray level before leaving the VPN server. The HOST_REACHABILITY module can collect data on the device — but it can't send it home.

Domains blocked:

Domain	Reason	False positive risk
`domain:oneme.ru`	Core Max API — HOST_REACHABILITY payload channel	Zero
`domain:max.ru`	Max web platform	Zero
`full:ip.mail.ru`	VK-owned IP detection service used by the module	Minimal

Domains NOT blocked (to avoid breaking other apps):

vk.com, mail.ru — used by other VK ecosystem apps
ifconfig.me, api.ipify.org, yandex.net — legitimate services used by thousands of apps

Xray configuration:

{
  "outbounds": [
    { "protocol": "freedom", "tag": "direct" },
    { 
      "protocol": "blackhole", 
      "settings": { "response": { "type": "http" } }, 
      "tag": "block-max" 
    }
  ],
  "routing": {
    "domainStrategy": "AsIs",
    "rules": [
      {
        "type": "field",
        "domain": [
          "domain:oneme.ru",
          "full:ip.mail.ru",
          "domain:max.ru"
        ],
        "outboundTag": "block-max"
      }
    ]
  }
}

Critical: Sniffing must be enabled on every inbound — without it, Xray can't see the domain in TLS ClientHello:

"sniffing": {
  "enabled": true,
  "destOverride": ["http", "tls"]
}

Layer 2: Real-Time Monitoring + Telegram Alerts

A Python daemon watches Xray access logs and sends instant Telegram alerts when a client's device tries to contact Max domains:

⚠️ MAX DETECTED
Client: [CLIENT_NAME]
Domain: api.oneme.ru:443
Server: xray-direct
Time: 2026-03-17 12:00:00
Traffic to Max blocked at Xray level.

Deduplication: one alert per client per hour. Runs as a systemd service.

Deployment

Applied to two Xray services:

VLESS+Reality (direct connection)
VLESS+WebSocket via Cloudflare

All ~165 clients protected automatically. Zero client-side changes. Hiddify, v2rayNG, Streisand continue working normally.

Limitations

DoH / Hardcoded IPs: If Max switches to DNS-over-HTTPS or hardcoded IPs, domain-based blocking fails. Fallback plan: iptables DROP for VK IP ranges (AS47541, AS47764).
Split-tunneling: If a user only routes foreign traffic through VPN, Max reaches api.oneme.ru directly. Server-side protection can't help. Recommendation: full tunnel.
Module updates: When Max changes domains or protocols, the blocklist needs updating. Monitoring helps detect new patterns.
The only guarantee: Don't install Max on a device that connects to VPN.

The Bigger Picture

After the Habr publication went viral, VK released an update removing the Telegram/WhatsApp checks — but the module code was not removed from the APK. It's dormant, waiting.

The researchers who exposed this took real risk. One deleted their work under pressure. The least we can do as infrastructure operators is take their findings seriously and build actual protections.

If you operate VPN infrastructure with users in Russia — the Xray configuration above takes 10 minutes to deploy and protects all your clients immediately.

References

Original research by "runetfreedom" — Habr, March 5, 2026
RKS Global — independent verification
RigOlit — GitHub analysis (August 2025, deleted, preserved in Web Archive)
Denis Yagodin — RAG analysis of decompiled code (Medium)
Scamshot — dynamic analysis (Telegram channel)
Novaya Gazeta Europe — investigative reporting
Human Rights Watch, Reporters Without Borders, Access Now — policy analysis

I'm Creatman — I build solutions for problems I encounter. When researchers expose a threat, I build the defense.

GitHub: github.com/CreatmanCEO | Portfolio: creatman.site | LinkedIn: linkedin.com/in/creatman

I Stopped Claude Code From Breaking My Projects. Here's the Exact Setup

Creatman — Thu, 05 Mar 2026 16:02:00 +0000

A practical guide to anti-regression AI coding with Claude Code, subagents, hooks, and Google Antigravity — from someone who was ready to quit.

Six months ago, my workflow with Claude Code looked like this: build a working prototype in an hour, spend the next three hours watching Claude systematically destroy it while "improving" things. Every developer using AI coding agents knows this pattern. You ask for a small change, and suddenly your auth module is rewritten, three tests are deleted, and there's a new dependency you never asked for.

I'm a full stack developer running my own company (CREATMAN), and I code solo most of the time. I can't afford to babysit an AI agent on every keystroke. I needed a setup where Claude Code would help me ship faster without regressing what already works.

After weeks of research, community deep-dives, and a lot of trial and error, I found a combination that actually works. This article is everything I learned — the tools, the config files, and the exact workflow I use daily.

Why Claude Code Breaks Things (It's Not What You Think)

The root cause isn't that Claude is "dumb." It's context window exhaustion.

Claude Code operates in a ~200K token window. About 80% of that gets consumed by file reads and tool results — not your conversation. By the time you're at 90% utilization, Claude literally cannot hold your project's architecture in its working memory anymore. It forgets patterns from earlier in the session, contradicts its own decisions, and starts generating code that conflicts with what it wrote 20 minutes ago.

The community calls this "context drift" and it's the #1 source of regressions. The fix isn't "write better prompts" — it's architectural.

The Stack: Antigravity + Claude Code + Subagents

Here's what I landed on after testing Cursor, VS Code, Warp, Zed, and several other setups.

Google Antigravity as the IDE

Antigravity is Google's free, agent-first IDE (a VS Code fork). I chose it for three reasons:

Free. I'm already paying $100/month for Claude Max — I'm not adding Cursor on top.
VS Code compatible. My extensions, keybindings, and theme transferred over in one click.
Built-in browser agent. Antigravity's Gemini 3 Pro agent can autonomously open a browser, navigate your app, and test UI. No Playwright setup needed for basic visual checks.

I run Claude Code in Antigravity's terminal with my Max subscription. Gemini 3 Pro runs in the Agent Manager panel. Two AI brains, one IDE, zero extra cost.

Claude Code with Anti-Regression Config

The terminal Claude Code is where real development happens. But instead of running it raw, I set up three layers of protection.

Layer 1: CLAUDE.md — The File That Changes Everything

If you take one thing from this article, make it this. CLAUDE.md is a special file that Claude reads at the start of every session. It survives compaction. It's your project's constitution.

Here's my actual template:

# Project Name

## Architecture
- **Frontend**: React + TypeScript
- **Backend**: Python 3.11, FastAPI
- **Database**: PostgreSQL
- **Deploy**: Docker on VPS

## Key Commands
- `make dev` — Start development servers
- `make test` — Run full test suite
- `make lint` — Lint everything

## CRITICAL RULES
- NEVER delete or rewrite working tests without explicit request
- NEVER delete files without confirmation
- ALWAYS run tests after any code change
- ALWAYS do git checkpoint before large refactors
- One task at a time. Do NOT make multiple changes simultaneously
- If unsure — ASK, don't guess

## Working Style
- Plan FIRST, code SECOND. Never start coding without confirmed plan
- Small diffs. One file → tests → next file
- After every change: run tests and show results
- Use subagents for codebase research

The CRITICAL RULES section is where the magic happens. Claude follows these instructions with remarkable consistency — because they're injected before every conversation, not buried 50 messages deep where they'd get compacted away.

Key insight from SFEIR Institute's research: 60% of Claude Code support tickets come from the "ghost context" anti-pattern — working without a CLAUDE.md. A simple CLAUDE.md resolves the issue in 90% of cases.

Layer 2: Subagents — Isolated AI Specialists

Subagents are Claude Code's most underrated feature. Each runs in its own context window and returns only a summary to your main session. This means:

Research doesn't pollute your implementation context
A reviewer can check code without knowing (or forgetting) what the planner decided
You can run them in parallel

I use three subagents. Create them as markdown files in .claude/agents/:

.claude/agents/planner.md — Researches the codebase and writes implementation plans. Never writes code. Saves plans to ./plans/ so other agents (and future sessions) can reference them.

.claude/agents/tester.md — Writes tests following existing patterns, runs the full test suite (not just new tests), and reports regressions.

.claude/agents/code-reviewer.md — Reviews changes for regressions, security issues, and pattern violations. Outputs severity-rated findings with file:line references.

The key is adding a reminder to your CLAUDE.md:

## Agents
- Use `planner` agent before any complex task
- Use `tester` agent after code changes
- Use `code-reviewer` agent before commits

Without this reminder, Claude tends to do everything in the main context — which is exactly what causes context bloat and regressions.

Layer 3: Hooks — Automated Safety Nets

Hooks fire automatically on Claude Code lifecycle events. My most valuable hook blocks commits when tests fail:

{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash(git commit*)",
        "hooks": [
          {
            "type": "command",
            "command": "python -m pytest tests/ -x --timeout=60 || (echo {\"block\": true, \"message\": \"Tests failing.\"} 1>&2 && exit 2)",
            "timeout": 120
          }
        ]
      }
    ]
  }
}

This creates a hard gate: Claude literally cannot commit code that breaks tests. No exceptions, no "I'll fix it later." The feedback loop forces it to fix regressions before moving forward.

The Daily Workflow

Here's how an actual development session looks:

1. Start the session

Open Antigravity. Terminal. claude. Claude reads CLAUDE.md automatically.

2. Before any complex task — plan first

> Use the planner agent to research our codebase and create
> an implementation plan for [feature]. Do NOT write any code.

Review the plan. Question assumptions. Adjust. Only then:

> Implement Step 1 from the plan. Run tests after.

3. Monitor context religiously

Check /cost periodically
At 60-70% context → /compact "Preserve: modified files list, test results, current plan step"
Switching topics → /clear

4. Use checkpoints as undo

Before risky changes: git add -A && git commit -m "checkpoint: before auth refactor"

If Claude breaks something: Esc + Esc → restore code only. Or git reset --hard HEAD.

5. Review before commit

> Use code-reviewer agent to check all changes
> Use tester agent to run the full test suite

6. Parallel sessions for complex work

Split terminal in Antigravity:

Terminal 1: Claude Code — main implementation
Terminal 2: Claude Code — tests in parallel
Terminal 3: dev server

Three sessions = effectively 600K tokens of context. CLAUDE.md serves as shared memory between them.

The Antigravity Bonus: Two Brains

While Claude handles the heavy coding in the terminal, I use Antigravity's Gemini 3 Pro for:

UI testing via built-in browser — "Test the login flow on localhost:3000 and screenshot any errors"
Second opinion — paste Claude's plan into Gemini's agent panel and ask for critique
Documentation — Gemini is solid at generating docs from code

This dual-model approach gives you the coding power of Claude and the planning/context strengths of Gemini without paying for two subscriptions.

MCP Servers Worth Installing

For browser automation beyond what Antigravity's built-in browser offers:

claude mcp add playwright -- npx -y @executeautomation/playwright-mcp-server

Now Claude can open browsers, take screenshots, click elements, and verify UI — all through natural language.

For GitHub integration:

claude mcp add github -- npx -y @modelcontextprotocol/server-github

Verify everything connected with /mcp in Claude Code.

What Actually Changed

Before this setup, I'd lose 2-3 hours per day to regression whack-a-mole. Claude would "fix" one thing and break two others. I'd context-switch between debugging Claude's mistakes and actually building features.

After implementing CLAUDE.md + subagents + hooks + checkpoints:

Regressions dropped dramatically. The hook that blocks commits on failing tests alone is worth the entire setup time.
Sessions are productive longer. Subagents keep the main context clean. I can work for 2+ hours before needing to compact.
Recovery is instant. Checkpoints + git mean I'm never more than 10 seconds away from a working state.
I actually trust the output. The planner → implement → review → test pipeline catches issues before they compound.

Quick Start (15 Minutes)

If you want to try this today, grab the ready-to-use configs from the GitHub repo or set it up manually:

Create CLAUDE.md in your project root with your architecture, commands, and CRITICAL RULES
Create .claude/agents/tester.md — even just one subagent for testing makes a huge difference
Add the commit-blocking hook to .claude/settings.json
Start every complex task with "Create a plan first. Do NOT write code."

That's it. These four changes will transform your Claude Code experience more than any model upgrade or IDE switch.

Resources

claude-code-antiregression-setup — All configs from this article: CLAUDE.md template, subagents, hooks, rules, workflow docs
awesome-claude-code — Curated list of skills, hooks, agents, commands
claude-code-workflows — Production-ready workflow plugins (17 agents, 10 commands)
claude-code-templates — CLI to install 100+ ready-made agents and hooks
Claude Code Official Docs: Memory — How CLAUDE.md and auto-memory work
Claude Code Official Docs: Best Practices — Anthropic's own recommendations

I'm Nick, a full stack developer and digital architect at CREATMAN. I build backend systems, AI tools, and VPN infrastructure. The complete anti-regression setup from this article — CLAUDE.md template, all three subagents, hooks, rules, and workflow docs — is available as a ready-to-use repo: claude-code-antiregression-setup. Clone it, fill in the template, and start shipping without fear. I'm open to remote opportunities — find me on GitHub.