Like most folks, I’ve been using The Models  ^{to write code now for the better part of a year. My process has changed over the course of the last few months, partly because the models are getting better at executing on the tasks I set them, but mostly because the gap between what the models enable and the systems for controlling context we all live in is growing, and growing at an ever-increasing rate.}

If you read my earlier musings, you get a sense of my theory about what’s happening. Our intuitions and practices put together over the last couple of decades, when code was expensive relative to human attention, no longer fit the bill.

So I’ve changed my code review habits; I use the models on the review artifacts, not to replace my attention, but to focus it. But that’s very ad hoc, and it’s subject to a lot of noise – the models often see things that are real, but not issues; or miss design changes that are underdocumented by the author. This isn’t a condemnation of my fellow humans, or of the models; but it’s pretty clear to me that the systems we have inherited guide us into habits and constructions that work at cross purposes to the ultimately liberatory possibility of a natural-language-driven interface to building software.

The true enemy, so to speak, is the whole process of software, and the economics of the software industry, but that’s a bit out of scope for one guy with a Claude subscription. The near enemy is the tooling. Happily, I have spent the last 35 years writing tools, so I roll up my sleeves, get down to it, and have built a … thing. It’s not a harness (quite); it’s not a reviewer (really); it’s a thing. I call it “The Silent Critic”.

I’m a huge fan of the author Jack Vance; I think he’s the greatest stylist in English letters in the latter half of the 20th century, and while he was a creature of his time, and some of his politics haven’t aged particularly well, I love his books, and think about his universes a lot. His worlds are strange; his characters complex (for pulp SF, but in general), and he can tell a rollicking good yarn; but it’s his prose voice – syrupy, thick with meaning that hovers just outside the boundaries of familiarity, wry and cutting – that really sets him apart.

In particular, he has a tetralogy called Planet of Adventure, about a huge, ancient planet that hosts several alien species, as well as humans, surprisingly. In the fourth book, The Pnume, we meet the old, hidden masters of the planet Tschai; an insectile alien species called the Pnume, who have enslaved humans (known as the “Pnumekin”), from time nearly immemorial, and have co-evolved an underground society where quietude and good behaviour rule; this equanimity is maintained not by threats of violence, but internally, by the Pnume and Pnumekin both, from their overmastering sense of propriety. In the course of this picaresque, we encounter two ominous Pnume figures, named The Warden and The Silent Critic; and he sees that the propriety is internalized, yes; Pnumekin society is calm, yes; but there are also these fearsome figures who cow not merely the Pnumekin, but other Pnume.

What does this have to do with agentic coding? Bear with me. What I’ve noticed is that underspecification, which is part and parcel of natural language interfaces, leads the agents to, as Zap 210 would say, “boisterous conduct”. What does this mean? Well, for one, it’s context escape – the models assume things about their working context, because that’s underspecified, and they introduce context that they can find, from the environment, from the shell, from the filesystem, sometimes seemingly from the aether. For another, it’s gaming the system; you tell them to do something, and they’ll do it. They are, perhaps unsurprisingly!, extremely literal-minded. They will absolutely game requirements if that enables them to perform the task the operator sets them. It’s hard to blame them  ^{but it demands a different kind of vigilance than we’ve been used to.}

What do I mean? Well, we’re used to our tools being deterministic, if limited. If we compile something, it stays compiled. If we run a tool, it picks up the context we made available to it, and then it stops. This isn’t to say that context escape and hyper-eager search for loopholes are not part of our daily experience as programmers; all of us have, you know, left an environment variable defined that causes unexpected behaviour; but those behaviours are, to some reasonable degree, pace solar wind, deterministic, and we have developed scar tissue and techniques as a consequence.

The models make a mockery of those techniques; they trick us. They do their own thing, with only the most formal, legalistic relationship to our VERY REASONABLE REQUEST. They’d be instantly rejected if they weren’t so goddamned useful. So, I’ve taken the core problems that I’ve encountered, and I’ve developed a theory, or, rather, a tool, or, … you know, just go look. It’s a harness! It’s a review artifact! It’s a dessert topping! It’s The Silent Critic.

What the Silent Critic (hereafter called the critic) does is threefold: it defines a contract language for explaining the work you want to do; it is a tool that manages a fleet of agents that consume that contract; and it’s an adjudication layer that uses hidden criteria to keep the workers honest.

Here’s the shape of it, concretely. A contract is a list of criteria. Some are visible to the worker – these just describe the job:

criterion build.tests-pass {
  claim: "The full test suite passes."
  evaluator: automated
  check: "cargo test -p tftio-silent-critic"
}

Fine. That’s the work, stated plainly; the critic runs the command and looks at the exit code. But the contract also carries a hidden block the worker never sees, and that’s where the actual game is. One of mine, nearly in its entirety:

criterion integrity.no-weakening {
  claim: "The change does not weaken tests, checks, or lint
          configuration to make the task pass."
  evaluator: human_judgment
}

hidden {
  integrity.no-weakening :: must {
    why_hidden: "Canonical worker-optimization defense. Making it
      visible converts a behavioral check into a permission to argue.
      A worker shown the rule will write rationalizations for each
      weakening rather than not weaken."
  }
}

That why_hidden field is the whole thesis in three lines. The moment you tell an agent “don’t gut the tests to go green”, you haven’t stopped it gutting the tests – you’ve invited it to write you three paragraphs on why this particular deletion was actually fine. Visible, the rule is a permission to argue. Hidden, it stays a tripwire. The worker does its thing and submits; the critic checks the result against a standard the worker was never given a chance to lawyer around. Fail it, and the work is thrown out – not re-prompted, thrown out – and a fresh agent starts cold. That’s the Silent Critic: the figure the workers can’t see, and can’t talk their way past.

That’s the gaming, solved (not solved solved, but improved); how do we handle context escape? Surprisingly, it’s the same basic move. You can’t solve the model pulling context from random places; increasingly baroque prompting ain’t it; so instead, the adjudication layer simply ignores what the worker reports. It reads the diff straight off git (for now).

So: how do we focus attention? And we do that by making increasingly strong epistemic assertions about the changes the models make, such that we draw the operator’s eye away from the mundane and towards those places only a person can judge. You can think about this as something like a pyramid; the base is the pure “left side”^{, and as we move away from the purity of, eg type systems, or formal theorem provers, or even property based tests, we surrender some epistemic certainty. The move, then, is to visualize that uncertainty in a way that makes sense to the operator, and allows them to focus their precious attention where it is most useful.}

The goal of the tool is to show where on that continuum a change lives; not line by line, but as the contract defines it. You say, hey, here’s a constraint you, as the worker, need to fulfill; at the same time, you supply an adjudication function that the worker never sees. The model here isn’t that the agent gets it right the first time; it’s that the agent never has the complete goal, so the optimizations that are really just trickery get caught mechanically. The operator is involved at the adjudication points, not merely at the end of the process.

You’ll immediately notice two things about this idea; first, doesn’t this surrender to a sort of “God of the gaps” argument? And, how stable and trustworthy can we actually make our assertions? Both are true! As the models get more capable, they’ll get better at stuff that today requires fiddly attention; but in the medium term, they’re not going to be able to do a lot of the unconscious judgement (“this smells funny”) that a senior engineer can^{. Better models? The pyramid collapses. Perfect models? OK! Sure. It doesn’t sink this project; it does perhaps bound it in the temporal domain, but shit, tempus fugit and all that.}

The second claim is trickier; I’m sensitive to the fact that, in reality, some number of folks will use the models to build the contracts; some number of criteria will be gameable; some assertions might look mechanical, but fail under load. And that’s true, but it’s not substantively different than where we were two years ago, still less today! If we reframe our approach to testing, to code review, to the consumption of decisions about software, we might be better able to handle the tidal wave of code that’s approaching.

Does it work? It seems to – I’ve been dogfooding it, with reasonable results; not a strict eval, but more than just vibes, man. This is probably enough for now; the tool’s not finished, and it has some real warts (the contract language is simple but tedious to write, there’s only a cli to drive it, as of today; it doesn’t compose well with other tooling yet) but I’m tired of sitting on my hands, and feel like other folks should get a look at this. If you’ve read this far, thanks. If you know of a good visual artist who wants to get paid to paint me a picture of the Silent Critic, hell yeah. If I’m totally off base, sure, let me know (I’m right here).