Day 4 · Synthesis Checkpoint

Reassemble Security & Evaluation from Memory

No new ideas. A retrieval workout, the trust spine of the whole series.

Day 4 is the trust spine: security proves an agent did no harm, evaluation proves it did something worth shipping, and together they are the two axes of trust. Rebuild it from memory before revealing. The struggle is the learning.

1 · Rebuild the Day-4 line

Six lessons, one arc: contain, verify identity, watch, then judge quality. Recall each, then check.

The six-lesson line — reconstruct it, then reveal
TWO AXES + 7 PILLARS (L1) security (in bounds?) vs evaluation (worth
                          shipping?); Effective Trust; 7 pillars ≈ VERDICT
VIBE LOOP (L2)            ephemeral sandbox; slopsquatting/SBOM; egress;
                          client-side secrets; IDE advises, CI/CD enforces
IDENTITY (L3)            agentic (not delegated) identity; zero ambient
                          authority + JIT; Intent×User×Time; the Vibe Diff
SECOPS (L4)              Red/Blue/Green; Denial of Wallet; intent drift +
                          trust decay → circuit breaker rolls back
EVAL: WHAT (L5)          no spec; user can't validate; iterative → 7
                          dimensions (intent sat = hardest; correctness = floor)
EVAL: HOW (L6)           combine methods; session prefix = rubric; judge the
                          rendered artifact; convergence; mine corrections

The arc bends from containment (can it hurt us?) to quality (is it any good?), the two questions that together let you actually trust an autonomous agent.

2 · The two axes, and the VERDICT map

Recall the day's organising frame and its tie to the governance model.

The two axes + how the 7 pillars map to VERDICT — from memory first

Security = did it stay inside the boundary (no harm)? Evaluation = is what happened inside worth shipping (real value)? The two are independent: an agent can pass all security and still fail evaluation.

7 pillars ≈ VERDICT: Infra/Data/Model/App = containment + validation (R/V/C); IAM = I Identity; Observability/SecOps = E Evidence + R Runtime Control (circuit breaker = kill-switch); Governance = T/D/C. Both say the same thing: trust is continuously earned, not granted once.

3 · Recall under fire

Shuffled across the day, with links to Days 1–3. Pick before you're sure.

Security proves no harm; evaluation proves —

L1. Two independent axes of trust: a secure agent can still misread intent.

"Slopsquatting" exploits LLMs that —

L2. Malware pre-published under hallucinated dependency names; defend with vetted registries, pinning, SBOM gates.

To resolve the confused deputy, the agent uses —

L3. A dedicated, scoped, auditable agentic identity, never the human's ambient power.

A falling Agent Trust Score trips a —

L4. Trust decay → circuit breaker rolls back to a checkpoint and quarantines. VERDICT's kill-switch, automated.

The hardest evaluation dimension is —

L5. Did it build what the user meant? Unstated and shifting, it's what they ultimately judge.

With no spec, the practical intent rubric is —

L6. The session prefix: derive acceptance criteria from the opening turns, score every later turn.

An agent looping to run up your LLM bill is a —

L4. Invisible expensive loops a "200 OK" hides, which is why observability is a security requirement.

4 · Put it together

The Day-4 reflex on a fresh case. Answer before revealing.

You're shipping an agent that writes and deploys code to production. Name the security controls and the evaluation you'd require. — answer, then reveal

Security (stayed in bounds): ephemeral sandbox for generated code; vetted registries + SBOM/signature gates (slopsquatting); its own agentic identity with JIT, Intent×User×Time scope (no ambient admin); a Vibe Diff + hardware MFA on the prod-deploy sink; OTel tracing with an ABA circuit breaker + checkpoint rollback on drift.

Evaluation (worth shipping): functional tests (floor) + an LLM-judge on intent satisfaction from the session prefix + trajectory inspection + security/safety scoring transversally; online eval on sampled prod traffic; mine corrections for failure modes.

Both axes, or you're trusting on faith. Name these cold and Day 4 has done its job.

What you can now do

Secure an autonomous agent across the 7 pillars (and map them to VERDICT); contain the vibe loop; enforce agentic identity and zero ambient authority; stand up agentic SecOps with drift-triggered circuit breakers; and evaluate the seven dimensions of quality with the right methods. Both axes of trust, met.

Day 4 consolidated. ✓ Security proves no harm; evaluation proves value; trust is continuously earned.

Up next → Day 5, Spec-Driven Production Development: the team-and-production capstone. Where specs, continuous code review, and zero-trust development bring the whole series home.

Revisit: L1 · L2 · L3 · L4 · L5 · L6 · Governance Layer · Course home