Remix.run Logo
apetresc 11 hours ago

This isn't really security-related. The "AskUserQuestion" hook in question here is not the one that gets used for authorizing actions. That's a completely separate mechanism that is unaffected by this 60-second timer thing.

What this is referring to are those follow-up "here's two plausible alternative ways to do this, which one do you prefer?" questions you sometimes get, and usually at the beginning of a planning session when presumably you're still actively involved in the session. They get exponentially less likely as the turn goes on.

Maybe it's a good default, maybe it's not, I'll wait to pass judgment. But it's not security-related except in contrived scenarios you could construct where one side of an A-or-B UserQuestion has security implications that aren't caught by any other safeguard. I haven't ever really experienced that in practice.