theloop.computer Writing. A log of findings from engineering, coding, and AI, by Constantinos Koutsakis. 19 July 2026 · 11 min Location, not form: why in-process attestation fails in agentic code review Harnesses that run fleets of LLM agents keep trying to guarantee that the required review steps happened before a change is merged. I built one of these, believed it was mostly done, and then found out it wasn't a control at all. This is a writeup of that result. The short version: any record an agent can write, that agent can forge, no matter how the record is structured or which platform produced it. A platform difference I ran into between Claude Code and Codex turns out to affect only a debugging layer, not security. Real enforcement has to run somewhere the submitting agent can't touch its code, its credentials, or the merge decision. I also cover where the A2A agent protocol fits, since it's the obvious thing to reach for and it doesn't do what you'd hope.