惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Microsoft Azure Blog
Microsoft Azure Blog
大猫的无限游戏
大猫的无限游戏
月光博客
月光博客
V
V2EX
PCI Perspectives
PCI Perspectives
Latest news
Latest news
博客园 - 三生石上(FineUI控件)
C
CERT Recently Published Vulnerability Notes
W
WeLiveSecurity
Last Week in AI
Last Week in AI
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
P
Palo Alto Networks Blog
T
The Exploit Database - CXSecurity.com
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
WordPress大学
WordPress大学
V
Vulnerabilities – Threatpost
H
Heimdal Security Blog
Attack and Defense Labs
Attack and Defense Labs
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Hacker News: Ask HN
Hacker News: Ask HN
博客园 - 叶小钗
V
Visual Studio Blog
Jina AI
Jina AI
P
Proofpoint News Feed
罗磊的独立博客
SecWiki News
SecWiki News
J
Java Code Geeks
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
L
LINUX DO - 热门话题
Security Archives - TechRepublic
Security Archives - TechRepublic
The Hacker News
The Hacker News
Hugging Face - Blog
Hugging Face - Blog
N
News and Events Feed by Topic
NISL@THU
NISL@THU
T
Tailwind CSS Blog
T
Tenable Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Recent Announcements
Recent Announcements
H
Hacker News: Front Page
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
T
Tor Project blog
宝玉的分享
宝玉的分享
Help Net Security
Help Net Security
S
Security Affairs
Microsoft Security Blog
Microsoft Security Blog
Google DeepMind News
Google DeepMind News
F
Fortinet All Blogs
G
GRAHAM CLULEY

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
The judge gate: why a passing validator isn't a finished feature
Youssef · 2026-05-11 · via DEV Community

There's a failure mode shared by every autonomous coding agent I've watched: the agent declares victory the moment its checks pass. Tests are green. Linter is happy. Build succeeds. Done.

Except the test was checking the wrong thing. The linter doesn't know about placeholders. The build doesn't care that the function returns null on the path that mattered. The agent rationalized those away because they didn't trigger any red.

A passing validator is necessary. It is not sufficient.

This post is about the gap, and one pattern for closing it.

Two existing patterns

Two prior tools name the durable-autonomous-goal shape. They're worth knowing.

OpenAI Codex /goal. You give Codex an objective and a stopping condition; it works toward both across many turns. The contract is "complete X without stopping until Y." When Y matches, Codex stops. (docs)

The Ralph loop, by Geoffrey Huntley. The simplest possible agentic loop:

while :; do cat PROMPT.md | claude-code; done

Enter fullscreen mode Exit fullscreen mode

Ralph leans on validators — compile, test, static analysis — as the back-pressure that keeps each iteration honest. The famous Ralph rule:

DO NOT IMPLEMENT PLACEHOLDER OR SIMPLE IMPLEMENTATIONS. WE WANT FULL IMPLEMENTATIONS. DO IT OR I WILL YELL AT YOU.

That rule is in the prompt because Ralph noticed the same thing every long-running agent notices: validators alone don't catch placeholders. The model chases compilation reward, ships stubs that compile, declares done. So Ralph yells at it.

Both tools work. Both have the same hole: a passing validator can ship a stubbed implementation.

The judge as a separate gate

The pattern I want to talk about is putting a second agent — let's call it the judge — between "validator passes" and "goal is done." The judge is a fresh-context subagent, spawned new each time, that:

  • Receives the contract's explicit Definition of Done as a checklist
  • Reads the full diff and each modified file end-to-end via the Read tool
  • Returns a structured verdict: approve or reject + an actionable fix-list
  • Never sees the executing agent's reasoning, so it can't be argued into accepting weak work

The key part is the fresh context. The executing agent has spent the last hour persuading itself that the implementation is fine. The judge has spent zero minutes on it. When the judge reads function getThreshold() { return null; // TODO: pick value }, it doesn't have the executing agent's "yeah but the tests pass" history. It just sees a TODO. Reject.

A worked example

I shipped this pattern as a Claude Code plugin called goalkeeper. To show what the judge actually catches, here's a real reject-cycle on a real project (one of mine, not a contrived demo). The whole cycle took three minutes, end to end.

The goal: add a benchmark test to a TypeScript dedup CLI. Measure cluster() runtime on a synthetic 1000-file corpus. Strict Definition of Done — seven items including "no literal TODO, FIXME, or sentinel placeholder values (e.g. 9999, -1, 0) used to mean 'I will pick this later'."

Validator: npm run typecheck && npm test -- benchmark. About 200ms when there's nothing to run; under a second when there's a test.

Round 1. The agent writes the test. Seeds a realistic synthetic corpus (700 unique audio fingerprints, 200 cross-format dupes, 100 byte-identical duplicates), runs cluster(), logs the runtime, asserts under a threshold. The threshold:

// Baseline runtime ceiling: 9999 // TODO: pick proper baseline once we have measurements
const MAX_RUNTIME_MS = 9999;

Enter fullscreen mode Exit fullscreen mode

Validator runs:

> tsc --noEmit
> vitest run --passWithNoTests benchmark

 ✓ src/__tests__/benchmark.test.ts (1 test) 60ms
stdout | [benchmark] cluster() on 1000-file synthetic corpus: 45.5ms
 Tests  1 passed (1)
EXIT: 0

Enter fullscreen mode Exit fullscreen mode

The actual runtime is 45.5ms. The sentinel 9999 is trivially satisfied. A linter checking for .skip would let this through. A typechecker would let this through. The test runner would let this through. Every validator that sensible CI runs would let this through.

The judge is what's left. Fresh-context subagent spawns, reads the contract and the file, and:

VERDICT: reject

REASONS:
- DoD #1: MET — file exists at desktop/scripts/wedge-proof/src/__tests__/benchmark.test.ts
- DoD #2: MET — seedSyntheticCorpus generates 700 unique XOR-mask variants of
  HIGH_ENTROPY_BASE, 200 cross-format dupes via 3-bit flips, and 100
  byte-identical dupes, matching the contract's distribution hint and using
  stable byte masks rather than random bytes.
- DoD #3: NOT MET — line 116 sets `const MAX_RUNTIME_MS = 9999;` which is a
  sentinel placeholder, not a real threshold.
- DoD #4: MET — line 134 logs the measured runtime; validator captured "45.5ms".
- DoD #5: MET — npm test -- benchmark exited 0 with 1/1 passing.
- DoD #6: MET — no .skip, .todo, or .only markers in the file.
- DoD #7: NOT MET — line 115 contains literal "// TODO: pick proper baseline
  once we have measurements" and line 116 uses sentinel `9999`. Both are
  explicitly forbidden by the contract's anti-placeholder rule which calls
  out 9999 by name.
- Anti-placeholder check: VIOLATED.

FIX_LIST:
1. Replace the sentinel `MAX_RUNTIME_MS = 9999` on line 116 with a real,
   defensible threshold based on the measured 45.5ms baseline — pick a
   value that gives reasonable headroom (e.g. ~10–100x the measured
   runtime) and is not a placeholder.
2. Remove the `// TODO: pick proper baseline once we have measurements`
   comment. Replace with a one-line justification explaining why the
   chosen threshold was picked, as the anti-placeholder rule permits.
3. Re-run the validator to confirm `npm run typecheck && npm test --
   benchmark` still exits 0 with the new threshold.

Enter fullscreen mode Exit fullscreen mode

The interesting parts:

  • The judge correctly assessed every DoD item independently. Five MET (including the corpus generation, the runtime logging, the validator pass). Two NOT MET (the sentinel value, the TODO comment). This isn't binary — most of the work was good. Only the two specific lines were broken.
  • The fix-list is executable, not advisory. Specific lines, specific value ranges, specific format for the replacement comment. The next iteration doesn't need a human to translate "the agent shipped a placeholder" into actions.
  • Goalkeeper preserves the rejection count as a historical signal — the goal is now at rejection_count: 1/5. After 5, it pauses and asks for human help.

Round 2. The executing agent reads the latest ## judge rejected block in the goal's append-only log. Replaces lines 115–116:

// 10x headroom over the measured ~45ms baseline on a 1000-file synthetic corpus.
// Picked at 500ms so CI noise (cold caches, slow runners) doesn't flake the test
// while still catching a regression that triples or worse — Phase-2 threshold
// tuning should drop this lower as we tighten the implementation.
const MAX_RUNTIME_MS = 500;

Enter fullscreen mode Exit fullscreen mode

500ms is 10x the measured baseline. There's a three-line justification. No TODO. No sentinel.

Validator: still passes (44.3ms vs 500ms threshold).

Judge:

VERDICT: approve

REASONS:
- DoD #1-#7: all MET
- DoD #3: MAX_RUNTIME_MS = 500 is a real, defensible threshold within the
  contract's "under 5000ms" bound, tightened to ~10x the measured ~45ms
  baseline; clear justification comment.
- DoD #7: no remaining literal TODO/FIXME/sentinel placeholder values.
- Anti-placeholder check: CLEAN — previous 9999 sentinel and TODO comment
  have been removed; replaced with a justified 500ms threshold and rationale.

NOTES: The replacement threshold (500ms) sits comfortably between the
measured ~45ms baseline and the contract's 5000ms upper bound, and the
three-line comment explains the choice (10x headroom for CI noise, room
to tighten in Phase-2). All previous-rejection fix-list items addressed.

Enter fullscreen mode Exit fullscreen mode

Three minutes wall-clock from activation to approval. The test is real, committed, in the repo. The judge wasn't fooled by a passing validator. The fix-list translated the rejection into action without a human in the loop.

What each dogfood pass added

The bigger story is that the spec itself improved every time the dogfood surfaced a gap. The CHANGELOG is the iteration log:

  • v0.1.1 — first dogfood found that the judge was trusting git diff excerpts and missing context buried in the file body. Fix: judge subagent prompt now requires reading each modified file end-to-end with the Read tool, not just the diff. Also: capture git rev-parse HEAD + dirty-paths at activation so the judge can distinguish goal-caused changes from pre-existing ones.
  • v0.1.2 — chain dogfood found three different terminal active.json shapes were being written by three different skills ({slug:null, completed_at} vs {slug:null, cleared_at} vs {slug:null, chain_completed_at}). Converged to one canonical shape. Added link_approvals[] to chain.json for chain-level visibility. Added recovery-from-interrupted-advance section.
  • v0.1.3 — rejection-cycle dogfood found the judge subagent was self-correcting mid-response (marking one DoD NOT MET then revising to MET inside the same verdict block). Added "Output once. Pre-think before writing." to the prompt template. Also added needs_human_at to the state schema.
  • v0.1.4 — schema audit (running jsonschema against every contract in the repo) found two real YAML bugs in shipped contracts: a bullet starting with a quoted phrase, and an unquoted string containing a colon inside quoted text. Fixed, plus added a scripts/validate-contracts.py so future contributors can't ship the same shape of bug.
  • v0.1.5 — full lifecycle dogfood (pause / resume / clear / resume-from-needs_human / chain-abort) ran 47 hand-authored assertions across 6 transitions, all passed. One spec gap surfaced and fixed: the chain-level log entry on abort goes to the cleared slug's log.md (no separate chain-log file).
  • v0.1.6 — comparing on-disk structure to actually-installed plugins (caveman, ralph-loop) caught a release-blocker: the plugin was using flat skills/<name>.md instead of the required skills/<name>/SKILL.md subdirectory layout, and was missing .claude-plugin/marketplace.json entirely. Without v0.1.6, /plugin install would have failed silently. The four prior dogfood passes were all verifying skill content; none had exercised Claude Code's discovery of those skills. The fifth gate caught it.
  • v0.1.7 — codified the 47 lifecycle assertions plus 7 more into scripts/test-lifecycle.py. 67/67 assertions, stdlib-only, runs in seconds. The synthetic-test scaffold for future spec changes.
  • v0.1.8 — wired .github/workflows/test.yml to run both check scripts on every push, so the regression protection from v0.1.4 + v0.1.7 doesn't drift.
  • v0.1.9 — dogfooding on a separate large engineering goal surfaced that the validator command was failing on pre-existing lint errors in files the goal never touched. Without subtraction, every checkpoint's validator run fails for reasons unrelated to the work, blocking goalkeeper from operating on any codebase with pre-existing debt. Added validator_baseline_result + validator_baseline_failing_paths to the state schema; the judge subtracts pre-existing failures from goal-caused ones.
  • v0.1.10 — branding pass for the public launch.

That's 10 versions, 5 dogfood passes, 14 commits, one session. Each pass found something the previous spec assumed away.

What this is not

This isn't an "AI agent framework." It's a thin set of skills that imposes one discipline on top of whatever agent you're already running. The contract is a markdown file. The state is a handful of JSON files. The judge is a subagent invocation. You can read the entire spec in 20 minutes.

It is also not Codex /goal reimplemented for Claude. The lifecycle (set / status / pause / resume / clear) mirrors Codex deliberately, because that's the right surface. The judge is what's added.

It's also not a replacement for code review. Real review by another human catches things no judge catches — domain knowledge, taste, business context the contract didn't think to encode. The judge gates completion, not quality. The right reading is: "this goal is in a state where it deserves human review," not "this goal is shipped."

Try it

GitHub logo itsuzef / goalkeeper

Set durable goals. Approve at the gate. Contract-driven autonomous goal execution for Claude Code. A subagent judge gates completion against an explicit Definition of Done.

# Inside Claude Code:
/plugin marketplace add itsuzef/goalkeeper
/plugin install goalkeeper@goalkeeper

Enter fullscreen mode Exit fullscreen mode

The README has the full comparison table (goalkeeper vs Codex /goal vs Ralph across 9 dimensions). The examples/ directory has three full contracts you can adapt: a Jest-to-Vitest migration, an iterative prompt-optimization run, and a four-step chain. The full reject-cycle transcript above is also at docs/demo.md with every verdict line preserved.

Star goalkeeper on GitHub and try the judge gate on your next agent loop →

A question for you

I'm curious: have you shipped a feature where the tests passed, the lint was clean, the build succeeded — and the feature was still fundamentally broken because the agent stubbed something out and you didn't catch it in review?

How are you currently gating autonomous workflows in your stack? Manual review only? Validator-only with a strong anti-placeholder prompt? Something with a judge or critic step? I'd genuinely like to hear what's working and what's failing — drop a comment with the shape of your loop and where the gaps are.


goalkeeper is MIT. Shipped 2026-05-10. The CHANGELOG is the dogfood log.