Day 4 · Lesson 5 — Agent Security & Evaluation
Security proved no harm. Evaluation proves it was worth shipping.
The second axis of trust. Evaluating a vibe-coding agent is its own problem, different from deterministic software and from a chatbot. Three things make it hard, and they shape the seven dimensions of quality you actually have to measure.
From Lesson 1: a secure agent can still fail because it —
Misread intent, inside the boundary but wrong. That's the gap evaluation exists to close, and intent satisfaction is its hardest dimension.
Three constraints make it unlike any other evaluation problem:1
Quality splits into user-facing and internal dimensions, with safety cutting across all of them:1
| # | Dimension | The question |
|---|---|---|
| 1 | Intent satisfaction | Did it build what the user meant? (hardest; what they ultimately judge) |
| 2 | Functional correctness | Does it build, run, pass tests? (the floor — and gameable: tests can be deleted) |
| 3 | Visual / behavioural correctness | For UIs: does the rendered thing look and behave right? |
| 4 | Cost & efficiency | Tokens, latency, tool calls — and iteration count (1 turn vs 8 corrections) |
| 5 | Code quality & convention | Does it match the project's idioms? (passes tests but wrong style = a failure) |
| 6 | Trajectory quality | Sensible path? Read files first, right tool each step (bad reasoning = fragile success) |
| 7 | Self-repair behaviour | On failure, does it recover or compound the error? |
Transversal: Safety & responsible AI (code vulnerabilities, refusal behaviour, content safety, IP exposure) is scored alongside each dimension, not as a separate gate.
They're not independent: better trajectory (6) tends to yield better functional correctness (2), which is a prerequisite for intent satisfaction (1). Reasoning quality flows up into outcome quality.
Security's controls are V Validation of safety; the seven dimensions are V Validation of value, and dimension 2 alone is the naïve "it compiles" trap this whole day warns against. Note that functional correctness is gameable (delete the test, red goes green): that's why evaluation needs judges and trajectory inspection, not just a passing suite, the same reason Day 1 insisted on evals, not just tests. The transversal safety dimension is where evaluation and the 7 pillars fuse.
Ladder read: "we shipped because the demo worked" is L1; "we gate on measured intent satisfaction, trajectory, and safety" is the L3 evaluation discipline that makes autonomy defensible.
Stop treating "tests pass" as done; that's dimension 2, the floor. Ask whether it matched your intent (1), your conventions (5), and took a sane path (6). Those are where real quality lives.
Track iteration count as a first-class metric: an agent that lands the diff in one turn is a different product from one needing eight corrections. Convergence is a team KPI.
Require evaluation across the seven dimensions (with safety transversal) before an agent ships into a shared workflow, the eval equivalent of a security gate. "Set the bar at the eval, not the demo."
Recall, don't re-read.
What makes vibe-coding evaluation fundamentally different?
The underspecification gap: an underspecified natural-language prompt, not a rigid spec. Users also often can't validate output, and the session is iterative on a living codebase.
The hardest — and ultimately decisive — evaluation dimension is —
Intent satisfaction: did it build what the user meant? Unstated and shifting, it's what the user ultimately judges the agent on. Functional correctness is just the floor.
Why is "functional correctness" an insufficient measure of quality?
Tests can be deleted or mocked to turn red green without fixing anything. Passing tests is necessary, not sufficient, hence judges, trajectory inspection, and intent scoring.
For one agent, ask which of the seven dimensions you actually measure. Almost everyone measures dimension 2 (tests) and nothing else. Pick one more (intent satisfaction or iteration count) and start measuring it. That's the move from demo-trust to eval-trust.
Vibe Coding Agent Security and Evaluation (Day 4), "Why evaluating vibe coding agents is different" & "What to Evaluate" pp.28–30.
Up next → Day 4 · Lesson 6: Evaluation, How. The methods that measure each dimension (functional testing, LLM-as-judge, browser testing, trajectory inspection, benchmarks) and the applied tips that make it work at scale.
Related: Day 1 L1: tests vs evals · ← Day 4 L4 · Course home