# Verification Code Reader When a service sends a verification code by email (Avis, banks, accounts), the agent can read it from the inbox before the user can find it manually. ## Workflow 1. User triggers a login that sends a code email (e.g. entering email on avis.com) 2. User says "check email for code" or the workflow expects the code 3. Search IMAP for the security-code email from that sender 4. Extract the code and relay it ## Finding the code in the email Security-code emails are typically text-only or minimal HTML. The code itself can be: - In the subject line (rare) - In the body as a bold or large number after "security code" or "verification code" - In a table row labeled "Your Security Code" ## Searching strategy ```python # Search recent emails from the sender status, data = conn.search(None, f'(FROM "avis@e.avis.com" SINCE "{since}")') ``` The sender is typically: - Avis: `avis@e.avis.com` — subject "Avis: Your security code" - Other services follow similar patterns ## Pitfalls - **Security codes expire fast** — most are valid for 5-15 minutes. Don't over-optimize search patterns, just grab the latest email from that sender. - **HTML emails may obfuscate the code** — if you can't find a numeric pattern, strip all tags and look for "code" context: `re.search(r'code[:\s]*(\d{4,8})', clean_body, re.IGNORECASE)` - **One-time passwords (OTP) vs link-based auth** — some services send a magic link instead of a numeric code. If no numeric pattern matches, check for a URL containing `token=` or `code=` in the body.