This is the missing layer nobody talks about. We kept connecting AI to real systems - browse this, call that, send this and each step felt like a feature. Nobody stopped to say: wait, the model is no longer just generating text, it's touching things.
Cool to see someone building the gate with plain code instead of more AI on top of AI.
Yeah exactly, messing up a chat response is whatever, but the second they have actual write access you just can't trust a system prompt anymore.