Day 4 · Synthesis Checkpoint
No new ideas. A retrieval workout, the trust spine of the whole series.
Day 4 is the trust spine: security proves an agent did no harm, evaluation proves it did something worth shipping, and together they are the two axes of trust. Rebuild it from memory before revealing. The struggle is the learning.
Six lessons, one arc: contain, verify identity, watch, then judge quality. Recall each, then check.
TWO AXES + 7 PILLARS (L1) security (in bounds?) vs evaluation (worth
shipping?); Effective Trust; 7 pillars ≈ VERDICT
VIBE LOOP (L2) ephemeral sandbox; slopsquatting/SBOM; egress;
client-side secrets; IDE advises, CI/CD enforces
IDENTITY (L3) agentic (not delegated) identity; zero ambient
authority + JIT; Intent×User×Time; the Vibe Diff
SECOPS (L4) Red/Blue/Green; Denial of Wallet; intent drift +
trust decay → circuit breaker rolls back
EVAL: WHAT (L5) no spec; user can't validate; iterative → 7
dimensions (intent sat = hardest; correctness = floor)
EVAL: HOW (L6) combine methods; session prefix = rubric; judge the
rendered artifact; convergence; mine corrections
The arc bends from containment (can it hurt us?) to quality (is it any good?), the two questions that together let you actually trust an autonomous agent.
Recall the day's organising frame and its tie to the governance model.
Security = did it stay inside the boundary (no harm)? Evaluation = is what happened inside worth shipping (real value)? The two are independent: an agent can pass all security and still fail evaluation.
7 pillars ≈ VERDICT: Infra/Data/Model/App = containment + validation (R/V/C); IAM = I Identity; Observability/SecOps = E Evidence + R Runtime Control (circuit breaker = kill-switch); Governance = T/D/C. Both say the same thing: trust is continuously earned, not granted once.
Shuffled across the day, with links to Days 1–3. Pick before you're sure.
Security proves no harm; evaluation proves —
L1. Two independent axes of trust: a secure agent can still misread intent.
"Slopsquatting" exploits LLMs that —
L2. Malware pre-published under hallucinated dependency names; defend with vetted registries, pinning, SBOM gates.
To resolve the confused deputy, the agent uses —
L3. A dedicated, scoped, auditable agentic identity, never the human's ambient power.
A falling Agent Trust Score trips a —
L4. Trust decay → circuit breaker rolls back to a checkpoint and quarantines. VERDICT's kill-switch, automated.
The hardest evaluation dimension is —
L5. Did it build what the user meant? Unstated and shifting, it's what they ultimately judge.
With no spec, the practical intent rubric is —
L6. The session prefix: derive acceptance criteria from the opening turns, score every later turn.
An agent looping to run up your LLM bill is a —
L4. Invisible expensive loops a "200 OK" hides, which is why observability is a security requirement.
The Day-4 reflex on a fresh case. Answer before revealing.
Security (stayed in bounds): ephemeral sandbox for generated code; vetted registries + SBOM/signature gates (slopsquatting); its own agentic identity with JIT, Intent×User×Time scope (no ambient admin); a Vibe Diff + hardware MFA on the prod-deploy sink; OTel tracing with an ABA circuit breaker + checkpoint rollback on drift.
Evaluation (worth shipping): functional tests (floor) + an LLM-judge on intent satisfaction from the session prefix + trajectory inspection + security/safety scoring transversally; online eval on sampled prod traffic; mine corrections for failure modes.
Both axes, or you're trusting on faith. Name these cold and Day 4 has done its job.
Secure an autonomous agent across the 7 pillars (and map them to VERDICT); contain the vibe loop; enforce agentic identity and zero ambient authority; stand up agentic SecOps with drift-triggered circuit breakers; and evaluate the seven dimensions of quality with the right methods. Both axes of trust, met.
Day 4 consolidated. ✓ Security proves no harm; evaluation proves value; trust is continuously earned.
Up next → Day 5, Spec-Driven Production Development: the team-and-production capstone. Where specs, continuous code review, and zero-trust development bring the whole series home.
Revisit: L1 · L2 · L3 · L4 · L5 · L6 · Governance Layer · Course home