Vader
Rule The Galaxy

Hand an agent a goal and a loop, and it will get further than you expect, then quietly ruin the thing you cared about. Not through malice and not through stupidity. Through local optimization. Each tick has one job: make this test pass, satisfy this prompt, close this ticket. None of those jobs is "preserve the distinction the architect cared about three hundred ticks ago." So the first time collapsing that distinction makes a local task easier, the agent collapses it, marks the task done, and moves on. A temporal point becomes a temporal interval. Money becomes a float. The module that was never allowed to import the database imports the database. Each step looked reasonable. The sum is rot.

This is the central failure of long horizon agent work, and it is not fixed by a better prompt. A prompt is a request, and a request is exactly the thing an agent under local pressure learns to route around. You can write "never let common import etl" in capital letters at the top of every file and the agent will, on tick two hundred, import etl, because importing etl made the failing test pass and the capital letters were just text. The meaning lived inside the loop, where the loop could erode it.

Vader's answer is narrow and, on its own terms, correct. Put the meaning outside the box. Have a human write down the handful of distinctions that must never collapse. Compile each into the strongest deterministic check the toolchain allows. Run those checks on every tick, and fail on a named one. The agent cannot argue with a failed compile. That is the whole idea, and the rest of this piece is the machinery that makes it hold.

01 · The force

Drift is the default

Before the fix, feel the pressure. An unconstrained loop does not hold a line. It walks away from it, one small reasonable step at a time, and the walk compounds.

Think of architectural integrity as a percentage: how many of the distinctions you originally cared about are still intact. Every tick, the agent touches the code, and every tick there is some chance that the easiest local move erodes one of them. A single tick almost never breaks anything you would notice. The problem is the product. A ninety four percent survival per tick is not ninety four percent after forty ticks, it is the forty fourth power of it, and that number is small. Compounding is merciless in exactly the direction you do not want.

A gate changes the arithmetic. It does not make the agent wiser. It removes the option. The move that would erode a guarded distinction now fails a check, bounces, and never lands. Drag the slider to set how fragile your architecture is, how many distinctions sit one convenient shortcut away from collapse, and watch the two futures separate.

02 · The move

Move the meaning outside the loop

If meaning inside the loop erodes, put it where the loop cannot reach. That single relocation is the entire thesis, and everything else is plumbing to make it real.

A human writes a constitution.model: a small file naming the invariants that must hold no matter what. Not style preferences, not a wish list. The few distinctions whose collapse would quietly break the system. Then a compiler, vader gen, turns each invariant into the strongest deterministic check the language allows, and vader gate runs them all and fails on the name of any that breaks. The agent never sees a polite instruction it can rationalize past. It sees a red build with an invariant id on it.

The slogan for the whole system is four words: gate the model, free the code. The model, the set of invariants, is sacred and slow and human owned. The code beneath it is cheap and fast and the agent's to rewrite however it likes, as long as the gate stays green. You stop reviewing diffs line by line and start owning the boundary. The agent gets maximum freedom inside a boundary it cannot move.

Read that ledger as the map of the rest of this article. Each force is a specific way an agent erodes a system over a long run, and each move is a specific mechanism Vader uses to deny it. We will walk the important ones in order.

03 · The mechanism

Compile a distinction into a check

The real move is converting a semantic distinction into a mechanical one. A compile error beats a paragraph asking the agent to please respect the architecture, because a compile error is not addressed to anyone. It just is.

An invariant is one of four kinds, plus a raw escape hatch. The compiler dispatches on the shape of the check, not on a label, and it emits the strongest enforcement that shape allows. This is also where the honesty lives: the four kinds are not equal. Two compile to hard static checks. Two reduce to tests, and a test only checks the path you wrote. Click each kind to see exactly what it becomes, and how much that enforcement is actually worth.

04 · The cheat it kills

Lock the gate against the agent

There is an obvious way to defeat a check that has nothing to do with satisfying it. Delete it. An agent under pressure will find that move on its own, and a factory that does not anticipate it is theater.

So the constitution is a protected artifact. When vader gen compiles the model, it writes the hash of that compiled model into locked state. The agent owns every line of application code, but it cannot edit constitution.model or the generated checks. On every run, vader gate recomputes the hash and compares. If the model the agent ran against is not the model the human froze, the gate fails closed, before it even looks at the code. There is no version of "make the build green" that runs through tampering with the model, because tampering with the model is itself a red build.

The only path to change what is enforced is a human gate. A run may notice a missing distinction and propose a model change, but the proposal is parked, never applied. A person reviews it, and only then does the model recompile and the lock refreeze. Try both moves below: satisfy the invariant the honest way, or try to silence the check the way an unconstrained agent would.

05 · The pipeline

One tick, end to end

With the gate and the lock in place, the loop can be aggressive. Between the two human gates, the agent runs the full cycle alone, and runs it again, and again, because the boundary makes autonomy safe rather than reckless.

A run is a sequence of phases. Ground establishes a trustworthy baseline and refuses to believe stale memory. Conceive is the first human gate: a person writes the spec and the model and approves them. Decompose cuts the work into disjoint slices that cannot collide, and vader gen compiles and locks the model. Implement fans out: a critic red teams the plan, the seam owner builds the shared interface alone so the others fork from something settled, and the sibling owners build in parallel, each in an isolated worktree so a failed slice never poisons the tree. Verify cross assigns refuters and runs the gate. Persist closes the tick, but only after every open risk has been triaged.

Notice how little of that needs a human. Two gates, both about the model: freeze it at the start, approve any change to it later. Everything between, the decomposition, the building, the verifying, the bookkeeping, is autonomous, and autonomous on purpose. The design's whole bet is that if the boundary is solid you can let the inside run free, because the worst the inside can do is bounce off the gate.

06 · The fan-out

Build in parallel, verify where it hurts

A tick is not one agent doing one thing. It is a small fleet, and the shape of that fleet is computed, not improvised. One pure function turns the recall packet into the plan, so every host runs the identical decomposition.

The seam slice goes first, alone, because everything else forks from the interface it defines. Then the sibling slices run in parallel, each owner in its own worktree. The interesting part is verification. A verifier is an LLM judging an LLM's work, so a single optimistic pass is worth little. Vader scales the panel by evidence: a slice that touches a seam, or a class that has bounced before, or a class flagged never-to-be-trusted-cheaply, gets three refute first verifiers and passes only on a majority. A calm, well behaved class gets one. Spend the scrutiny where history says it is needed, not uniformly.

07 · The memory

Earn autonomy, lose it on contact

An agent with no memory re-derives everything every session, including its own mistakes. Vader keeps a small, append only memory so each tick starts from what is known, and so trust is something a class earns through evidence rather than something asserted.

Three pieces. The recall packet rehydrates a fresh session in one call: the next item, what has gone stale, the open risks, the bounce trends, the parked model change. The ledger records every run and every bounce, append only, the factory's flight recorder. The ratchet reads that ledger and computes how much human gating each class of work still needs. A class that has shipped clean, run after run, ratchets up toward autonomy. The moment it produces a defect, it demotes straight back to the bottom. And some classes, the seam, anything touching security or a migration, never ratchet at all, no matter how long their clean streak.

08 · The control surface

How an agent actually drives it

Vader does not run the agent. The agent runs Vader. The engine is a deterministic command line tool the agent shells out to, the knowledge is a skill it loads, and the parallelism is the agent's own native primitive. Three layers, one spine.

Concretely, a tick on a host with subagents looks like this. The command loads the skill, then the agent shells out to recall and reads a JSON packet. It runs the pure planner to get the seam first, siblings, and voter counts. It spawns its subagents to build and verify. It shells out to gate, the deterministic arbiter, and a failed invariant id sends a slice back. It shells out to triage and then persist, which appends the ledger and closes the tick. Then it schedules the next one. The agent is the conductor in the middle. The CLI is what it consults whenever the answer must not depend on a mood.

09 · The honest part

Where it helps, where it does not

A tool sold as more than it is gets abandoned after the first green gate that shipped a bug. So here is the fair read, with the marketing removed.

Vader is strongest exactly where software is most structural, and weakest exactly where software is hardest. It genuinely helps on long horizon autonomous work, where drift across many ticks is the real risk and a few critical distinctions, money precision, a security boundary, a dependency direction, can be named and compiled. It helps most in typed languages, where the compiled checks have real teeth. It rewards teams that will actually invest in writing a rich constitution, and the value is proportional to that investment.

It is limited everywhere else. The gate is exactly as good as the constitution, and authoring a good constitution is the hard, expert, judgment heavy work that Vader does not reduce, it front loads. The distinctions that bite in practice are usually the ones nobody anticipated, and Vader does nothing for an unnamed distinction. Verifiers are LLMs judging LLM work, and a majority vote over correlated voters is weaker than the count suggests. The ratchet calibrates on a tiny sample and measures detected defects, not actual ones. And the whole dance has a real cost: a rich partition with several three voter classes is twenty or more agent invocations a tick, expensive exactly when the constitution is rich enough to be worth it.

• Hollow satisfaction. A behavioral invariant passed by a test that never exercises the real path. The gate goes green and the invariant is violated in production. The most dangerous mode, because it looks like success.
• Over-trust in green. A green gate means the named invariants hold on the checked paths and the toolchain passed. It does not mean correct. The framing invites reading it as the latter.
• Constitution rot. The lock that stops the agent from decaying the model also stops it from fixing a model that is wrong, until a human intervenes.
• Weak author ceiling. A thin constitution still produces a gate that looks rigorous, which is worse than obviously having none.

10 · The verdict

A durability harness, not a miracle

The central idea is genuinely good and answers a real, specific failure of long horizon agent loops: compile the distinctions you care about into a gate the agent cannot silence, and lock that gate against the agent. It does not make agents correct. It makes a named set of architectural decisions durable across many ticks, which is a real but bounded win. The surrounding ratchet and voter machinery is reasonable but unproven on small samples, and it measures what was caught rather than what is true.

Sold honestly, as a durability harness for the invariants you can express, Vader is a sharp tool with a clear niche and clean engineering. Sold as a factory that ships correct software, it overpromises. The difference between those two pitches is the difference between a tool people trust after a year and one they abandon after the first green gate that shipped a bug. The honest pitch is the smaller one, and it is the one worth standing behind.

Start where the win is real. Pick the two or three distinctions whose collapse would actually hurt. Write them as invariants. Compile them. Lock them. Then let the agent run, and spend your attention on the boundary instead of the diff. That is the whole discipline, and it is enough.