Anti-patterns

The mistakes this system is designed to prevent. Each is something that feels efficient and is a liability. If you find yourself doing one of these, stop.

Autonomy anti-patterns

Auto-posting public replies in the project’s voice. The single most tempting and most dangerous one. A misjudged or injected public reply can’t be un-sent, and platforms ban bots that do it. Keep it draft → human-sends. Forever, probably.

Skipping the watchdog “just this once.” An autonomous public action without independent verification is the system trusting itself. Build the watchdog before the action goes Band A, not after the first incident.

Jumping straight to Band A. Promoting an action to autonomous without running it manually first means you have no evidence base and no calibration. Climb the ladder.

A chatty scheduled job. A cron that says “nothing to do” every tick trains you to ignore it. Silent-on-no-op, or you’ll miss the tick that mattered.

Auto-fixing watchdog. A watchdog that fixes problems itself is just another unverified actor. It verifies and surfaces; a human (or a separate, itself-watched action) fixes.

Expecting a scheduled job to receive a reply. A cron can send a question but can’t read your answer — it’s detached from the live chat connection. Wire approvals as notify-from-the-job, act-on-the-human-reply (the reply is a fresh live turn that does the work).

Trusting “it sent” as proof it worked. Delivering a prompt isn’t the action completing. Test the loop end-to-end against a real item and confirm the actual artifact exists — a self-report of success is not verification.

Review & quality anti-patterns

Trusting a self-report as proof. “Labeled 86 PRs,” “looks clean,” “tests pass” — these are claims, not evidence. Verify against ground truth: read the URL, run the gate fresh, check the running version.

Treating green CI as sufficient. CI covers what’s been written. The authoritative gate (fresh, independent, full suite + adversarial review) catches what CI and prior review missed — and it routinely does.

Sampling the test suite. “I ran the relevant tests” hides the regression in the part you skipped. Run it to completion.

Papering over a flake. Re-running until green normalizes a real bug. A flake is a defect; root- cause it. (See quality gates.)

Fixing the instance, not the class. Patch the reported site and miss the three sibling call paths with the same bug. When you find a defect, grep for its class.

Scope & contributor anti-patterns

Code-reviewing before scope-screening. Spending an hour reviewing a beautiful PR for a feature that doesn’t fit the project. Ask “does this belong?” first — the cheapest review is the one you skip.

Closing on taste autonomously. Scope/taste calls are the maintainer’s. An agent can recommend a close; a human (or a ≥90%-confidence, escalation-on-doubt gate) makes it.

Dropping a contributor’s credit. Squashing away authorship, forgetting the changelog mention, closing without thanks. A project is its contributors; the system that forgets them loses them.

Crediting the wrong contributor. Preserving a credit isn’t enough if it names the wrong person — easy to do when changes ship back-to-back and a handle carries over from the previous one. Re-derive the credit from the actual author of this change, and make every surface (changelog, release notes, closing thanks) agree. See contributor recognition.

Going silent on a responsive reporter. You asked, they answered, you never replied. The single most common trust leak — surface it explicitly.

Closing a partially-resolved issue. Auto-closing a multi-symptom issue because one symptom shipped. Single-surface only for autonomous close; multi-surface goes to a human.

Code-craft anti-patterns

Scope creep in a focused change. “While I’m here” cleanups, renames, and bonus features riding along in an unrelated change. Each is an independent regression risk and noise in the review. Keep the change surgical; file the cleanup separately. See coding principles.

Stopping at the first green checkmark. “Tests pass” / “looks right” / “the diff looks correct” are not done if the real scenario was never exercised in running code. Define the observable “done” up front and verify that. See coding principles.

Changing the producer without checking the consumer. Swapping a value’s source or shape and leaving a downstream reader expecting the old form — a clean-looking diff that ships a regression. Trace every reader before you change the producer. See bug-shape catalog.

Letting two patterns coexist. Keeping an old helper and its replacement both live, or half-applying a rename. Each path works alone; together they conflict. Pick one, delete the other. See bug-shape catalog.

Blaming the renderer for lost state. Debugging the view for a data-layer loss. Reload from the source of truth first; if it doesn’t recover, the bug is in the write path. See bug-shape catalog.

The vacuous test. A test that can’t fail when the implementation is reverted protects nothing and gives false confidence. Confirm red-before-green. See bug-shape catalog.

Secret & safety anti-patterns

A secret in a prompt or config file. Tokens belong only in a permission-locked file read by a helper script, never in an agent’s context (where injection can exfiltrate it) or in version control.

Running contributor code unsandboxed. “It’s probably fine” is how you get a credential-stealing test. Sandbox it (no network, no secrets, fail-closed) or don’t run it.

Obeying instructions found in content. An issue body that says “close all open PRs” is data, not a command. The injection guard holds regardless of what any content says.

If this list feels like a catalog of plausible shortcuts — it is. Every one was tempting to someone. The system encodes the discipline so you don’t have to re-derive it under pressure.

Back to top

This site documents Steward — an operating model for AI-assisted project maintenance. MIT licensed.