> But it should only be able to "hit a button" to send a 2FA email to the address attached to the account, all run with hand-written code.

Genuine question...why would that need to be hand-written?

It makes absolute sense as a general statement and is kinda crazy that this wasn't a built-in limitation, but I'm not quite sure why the code for that bit must be hand-written (provided the code functionally does what you describe).

▲

mediaman 4 hours ago | parent | next [-]

I think he likely means "code that is hand-reviewed" and not directly controlled by the agent. He's probably meaning to differentiate it against the in-process agent writing the code. It doesn't matter too much if that fixed code was written by an LLM under guidance and review of the SWE, outside the agent.

	▲	footydude 3 hours ago \| parent \| next [-]
		Ahh ok - that's fair enough - hand-reviewed/not controlled by the agent seems a sensible approach (wasn't sure if it was instructive of a complete distrust of AI generated code)
	▲	Barbing 4 hours ago \| parent \| prev [-]
		Agreed, “literally written by hand” didn’t cross my mind. Not by keyboard or pen.

▲

andrewstuart2 4 hours ago | parent | prev [-]

Maybe not hand-written, but definitely static, and at least human-reviewed/tested to only allow sending to previously-validated email addresses.

	▲	daheza 4 hours ago \| parent [-]
		Right, as in, does not accept an email as a parameter. If its anything like my company they are turning out "agents" super fast and just hooking them up to internal APIs usually via a light MCP wrapper. Since MCP doesn't have any security or auth built in, and internal APIs usually are light on security you have issues like this.