Hacker News new | ask | show | jobs
by loloquwowndueo 175 days ago
How to add passkeybot support to your site, according to their official guide:

start

(1) Copy / paste example_http_server into your LLM of choice (use a paid/good model). (2) Prompt: Implement the HTTP handlers here for my project,..

Um, no? How about you give me real instructions on how to do it? I’m not going to delegate a security-critical task to an LLM. And since I need to review it carefully myself anyway, I might as well write it all by hand, right? Like, the whole premise is I just need to implement a couple of webhooks.
2 comments
gear54rus 175 days ago
It's absolutely hilarious that someone would think that this passes for API docs nowdays. Still it's good to know what to avoid on the very first glance.
link
jiggawatts 175 days ago
It's also a bit of a "bootstrapping" issue. How does anyone expect the AIs to learn to do things correctly if the instructions are not published for them to pick up during training?

This is like those "contact your system admin" error messages. I am the system admin!

link
the_mitsuhiko 175 days ago
I think it's good. Quite frankly, it's the better experience to be given the right prompts to onboard into something than having to guess that the inputs are the right for the LLM.
link
stephenr 175 days ago
If someone is writing authentication code and they think it's smart to outsource that to spicy autocomplete, the only "prompt" they need is:

"Hey chat bot friendo, where's the nearest hand-written 'help wanted' sign in the door of a coffee shop? I need a new career path"

link
emadda 175 days ago
Yes, that is true, I was assuming that any LLM code was going to be checked by the developer. Step 7 in the guide is "review your code and ensure the important logic commented in the example server is still present".

The LLM is only for converting the JS based example code into your language X and HTTP framework Y (instead of giving example code for every combination of X and Y).

The standard implementation is in a single file `http_server.ts`, which is around 200 lines of well commented code, with important logic commented (around 5 lines). The example code can be run locally with a few commands.

The repo also contains a sequence diagram [1], a description of the HTTP handlers needed [2], and a live demo [3] where you can see the request/responses.

Thanks for your feedback I have made this clearer in the readme.

- [1] https://github.com/emadda/passkeybot/tree/master?tab=readme-...

- [2] https://github.com/emadda/passkeybot/tree/master?tab=readme-...

- [3] https://demo.enzom.dev/

link