惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

A
About on SuperTechFans
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
T
Tenable Blog
WordPress大学
WordPress大学
小众软件
小众软件
Y
Y Combinator Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
博客园 - 聂微东
大猫的无限游戏
大猫的无限游戏
T
The Exploit Database - CXSecurity.com
Attack and Defense Labs
Attack and Defense Labs
Simon Willison's Weblog
Simon Willison's Weblog
C
CXSECURITY Database RSS Feed - CXSecurity.com
量子位
有赞技术团队
有赞技术团队
C
Cisco Blogs
D
Darknet – Hacking Tools, Hacker News & Cyber Security
F
Fortinet All Blogs
S
Schneier on Security
Engineering at Meta
Engineering at Meta
Microsoft Azure Blog
Microsoft Azure Blog
Martin Fowler
Martin Fowler
Recent Announcements
Recent Announcements
Stack Overflow Blog
Stack Overflow Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
阮一峰的网络日志
阮一峰的网络日志
G
GRAHAM CLULEY
Spread Privacy
Spread Privacy
F
Full Disclosure
Scott Helme
Scott Helme
GbyAI
GbyAI
N
Netflix TechBlog - Medium
MyScale Blog
MyScale Blog
Cloudbric
Cloudbric
云风的 BLOG
云风的 BLOG
L
LangChain Blog
aimingoo的专栏
aimingoo的专栏
Hacker News - Newest:
Hacker News - Newest: "LLM"
Security Latest
Security Latest
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
MongoDB | Blog
MongoDB | Blog
The GitHub Blog
The GitHub Blog
The Register - Security
The Register - Security
L
Lohrmann on Cybersecurity
PCI Perspectives
PCI Perspectives
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
D
Docker
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
S
Secure Thoughts
C
Check Point Blog

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
Why Claude Needs a Real Environment to Validate Cloud-Native Code
Signadot · 2026-05-12 · via DEV Community

Read this article on Signadot.

Boris Cherny, who built Claude Code, recently shared on X how to get the most out of it following the release of Opus 4.7. He left the most important tip for last:

“Make sure Claude has a way to verify its work. This has always been a way to 2-3x what you get out of Claude, and with 4.7 it’s more important than ever.”

That observation describes a pattern establishing itself as the standard model for developing software with coding agents. It is also a pattern that is easy to implement locally, against a single codebase with limited dependencies.

It is much more difficult against a cloud-native application with a complex topology. Closing that gap is the difference between coding agents that accelerate teams and those that bury them in review queues and manual validation.

The pattern emerging across coding agents

Boris’s tip mirrors a pattern emerging across the industry. Every major coding agent has shipped infrastructure in the last six months whose explicit purpose is to let the agent check its own work before handing it off.

OpenAI’s Codex iterates in a loop within an isolated cloud container, editing code, running checks, and validating its changes against commands specified in the team’s AGENTS.md file. The validation loop is the product, not a feature on the side.

“The validation loop is the product, not a feature on the side.”

GitHub’s Copilot coding agent runs in an ephemeral GitHub Actions environment that automatically executes the repo’s tests, linters, CodeQL, and secret scanning on every task. If anything fails, Copilot attempts to fix it before marking the task ready for review. Cursor’s cloud agents run in sandboxed VMs with shell and browser access so the agent can exercise its changes end-to-end and produce screenshots, videos, and logs as evidence of what it tested.

Claude Code exposes the same shape as composable primitives. Stop hooks prevent teams from completing a task until tests pass. Subagents can run dedicated validation passes that inspect work without modifying it. The verification loop is something the team assembles, but the building blocks are explicit and well-supported.

The convergence is not a coincidence. Every team building a coding agent has identified the same problem: a model that writes plausible code without checking it pushes the entire correctness problem back onto the developer. The productivity gain disappears into review overhead.

A coding agent that can verify its own work operates differently. It iterates on the task, catches its own mistakes, and hands over something the developer can reasonably trust. That’s where useful agent work lives, and it’s the bet every major agent vendor is now making.

Cloud-native systems make the loop harder

All of this assumes the agent can run the change against a realistic environment that mirrors production. In modern cloud-native architectures, that assumption breaks quickly.

The code an agent is changing rarely fails in isolation. It fails at the seams. Services call other services. Async events fire through message buses. A schema change in one service cascades through its consumers. A new middleware header breaks callers three hops away.

“The code an agent is changing rarely fails in isolation. It fails at the seams.”

The agent writing the change has no way to catch any of that with a mocked integration test. The mock returns whatever the agent told it to return.

Real validation in a distributed system means running the change in a realistic environment and observing what happens as actual requests flow through it. Full end-to-end. Real dependencies. Real traffic patterns.

Anything less pushes the problem back onto the developer. More review rounds. More iteration cycles. Broken staging environments that slow other developers and agents down. The occasional bug that makes it into production.

Realistic feedback, without duplicating the stack

What cloud-native teams need is a feedback loop that lets their agents see how a change actually behaves. Not against mocks. Not against a simplified approximation of production. Against real services, real data paths, and real traffic patterns, close enough to production that the integration failures the agent is most likely to cause are the integration failures it can most easily catch.

That loop has to satisfy three constraints at once.

It has to be realistic. The agent is trying to verify a change that crosses service boundaries, so it needs an environment where those boundaries exist and behave the way they will in production. Anything less and the agent ends up validating a version of the system that will not match what its code actually runs against when it ships.

It has to be isolated. Multiple agents and multiple developers will be exercising changes concurrently, often in overlapping parts of the system. If one agent’s test run breaks the environment for everyone else, the loop has closed for that agent but opened a bigger one for the rest of the team. An agent’s validation work cannot become a coordination problem for the humans around it.

And it has to scale with the way agents actually work. A team running coding agents is not running one task at a time. It is running many tasks in parallel, each on a different branch, each needing its own realistic place to validate. A model that requires duplicating the entire application stack for every agent collapses the moment the team gets serious about throughput, both on cost and on the wall-clock time it takes to stand each stack up.

The environment has to feel like production to the agent, stay out of the way of everyone else using it, and be cost-efficient enough that a team can run as many of them as they have agents in flight.

Agents need to know how to use the environment

Giving the agent a realistic environment is necessary, but on its own it does not close the loop. An agent with access to a production-like system, and no guidance about how to use it, behaves like a new engineer dropped into an unfamiliar codebase on day one. The access is there. The judgment about how to use it is not.

That judgment has two parts. One is the team’s operational knowledge: which upstream callers to exercise when a code path changes, which downstream dependencies actually affect the outcome, how to tell whether a failing request was caused by the change under review or by a flake three services away. The other is fluency with the tooling inside the environment itself: how to route traffic for testing, how to inspect state across services, which commands are available, how to read the logs the environment exposes. Generic testing know-how covers neither.

Agent skills are the vehicle for both. A skill captures how changes in a particular system should be validated and debugged, and how to drive the specific tools the environment provides to do that work. It is the team’s institutional knowledge, plus the operating manual for the environment, handed to the agent alongside access itself.

What this enables is the thing that matters. An agent that can validate its own work the way a senior engineer on the team would. Not just running tests, but exercising the right paths with the right tools, interpreting the right signals, and recognizing when something is wrong in a way that reflects how the system actually behaves.

Skills and environments have to ship together. An environment without a skill gives the agent access with no judgment. A skill without an environment gives the agent judgment with nothing to act on. Either one alone leaves the loop open.

The inner loop is where the next leap lives

The next unlock for cloud-native teams using coding agents is not a smarter model. It is a real environment the agent can work against in their inner loop and the context to use it well.

What makes this more interesting over time is that the boundary between inner loop and outer loop starts to dissolve once agents are involved. When a test fails in CI, the natural next step for an agent is not to surface the failure and wait for a human. It is to drop the same change back into an inner-loop environment, reproduce the failure with real dependencies, debug it, and push a fix. The outer loop’s signal becomes the inner loop’s starting condition.

It runs the other way too. An ad-hoc validation an agent runs once in the inner loop often deserves to outlive the task. Encoded into the outer loop, it becomes part of the team’s standing regression suite. The inner loop’s one-off experiment becomes the outer loop’s durable guard.

Both directions depend on the same foundation: a real environment the agent can reach from either loop, and the context to use it well. This is the approach we’re building toward at Signadot, so the validation cycle stays continuous wherever the signal arrives.

This feedback loop is what turns agents from fast code generators into collaborators developers can trust. The teams that close it, across both loops, will be the ones getting the real benefits of coding agents while the rest are buried under their review queues.