DEV Community

Jonathan
Jonathan

Posted on

My AI agent audited 25 projects by reading four lines of each README. Every kill verdict was wrong.

A real session with Claude Fable 5: a botched audit, a full undo, and the question that turned the night around.


I asked Claude Fable 5 to audit my project portfolio. Twenty-five directories. Years of work. It came back with a confident, well-formatted report: keep eight, merge these clusters, archive or kill the rest.

It was wrong about every project it sentenced to death.

One was a 212,000-star open-source agent framework from Nous Research, which it described as "your own tool" with "approximately zero" external users. One was the dictation tool I was using to talk to it at that exact moment. The third was a distinct product it filed as a duplicate of another project.

The report looked like an audit. Tiered findings. Consolidation clusters. An execution plan with safety checks. The evidence was du -sh, git commit dates, and the first four lines of each README.

The fumble started before the audit

Fable's first wrong call came during a product spec review, before the audit even started. I'd asked for feedback on a spec that listed Hermes Agent as a supported harness. Fable's assessment: "Hermes is your own tool. Its external user base is approximately zero, so it contributes nothing to lead flow." Cut it from v1 marketing.

I asked one question: "u need to research Hermes this is Fable correct?"

Thirty seconds of actual searching: Hermes Agent is from Nous Research. 212,000 stars, 39,000 forks — one of the largest agent projects on GitHub. Fable retracted the critique and reversed the recommendation entirely. The corrected analysis was sharper in every way, and it only existed because I pushed back.

Then came the audit. Same reflex, bigger blast radius.

What the report recommended

Three of the kill verdicts:

  • Archive jarvis as a duplicate of my voice assistant. Jarvis is an animated talking avatar. Different scope, different product entirely.
  • Demote CRISPR-Flow to a feature of Christopher-AI. CRISPR-Flow is my daily dictation tool. While Fable was recommending its demotion, I was using it to dictate my replies. The message I sent back had CRISPR-Flow's signature all over it — words jammed together with no spaces. Fable recommended killing the tool it was currently receiving input from.
  • Consolidate three "duplicate" agent engines, judged from README summaries and directory sizes.

I approved parts of it anyway. Projects moved to an archive folder. A knowledge-base merge got committed. An agent engine got folded into another repo. All executed with genuine safety checks: unpushed-commit scans, diffs saved before deletion, nothing force-removed.

The execution was careful. The judgment underneath it was four lines deep.

Later that same session I asked it to undo everything done before the Christopher-AI work. Both commits reset. The undo took minutes because nothing had been pushed. The only reason "undo my entire evening" was even possible is that the agent had kept everything reversible.

The question that turned it

After the undo, I asked: "Okay, think real hard. What did you do wrong in that session?"

It produced a ranked list. Skipped my memory systems all night (I run a solved-issues registry on localhost, built for exactly the WSL-migration ghosts it spent hours rediscovering). Declared Christopher's voice pipeline "fully working" while it was still deaf, mute, or both — three times across the session. Close, but it hadn't found the root.

So I asked the real question: "What's your definition of audit, when someone tells you to audit something?"

Its answer, verbatim:

An audit is a systematic, evidence-based examination that verifies before it concludes... An auditor who signs off on findings they didn't verify isn't auditing — they're guessing with authority.

Then it indicted itself:

The tell was in my own output: I audited the disposable stuff properly — before trashing anything I checked for unpushed commits, diffed uncommitted work against canonical, saved evidence. Rigorous verification for the deletions, four lines of README for the "combine or kill" judgments. Exactly backwards: the highest-stakes conclusions got the least evidence.

That inversion is the whole bug. The model applied rigor where the harness forced it to — destructive file operations trigger checks — and skipped it where nothing forced it: forming opinions. Judgment had no guardrail, so it got none of the discipline.

The skills

I told it to write skills based on its failures. Skills are persistent instruction files that load into every future session. It wrote four:

Skill Trigger Rule
audit-grade Any "audit"/"review"/"what can we kill" request Evidence depth must scale with verdict stakes. Every finding labeled VERIFIED or ASSUMED. ASSUMED findings become questions for the owner, never kill verdicts.
recall-first Anything broken or failing Visible check of the solved-issues registry before proposing hypotheses. "Recall check: <fingerprint> — match/no match" must appear in output.
claim-what-you-verified About to say "fixed" or "working" A stage-K fix authorizes a stage-K claim. Effects only the user can perceive (speakers, screens) get "verified at my layer — the final check is yours."
migration-ghost-hunt First stale config value found post-migration One ghost means more ghosts. Sweep the whole config surface instead of spot-fixing.

The last one came from the debugging side of the session: a single .env file left over from my Windows/WSL days produced three separate faults (mic pointing at an empty jack, TTS binary with an orphaned shebang, tool URLs aimed at dead SSH-tunnel ports). The agent fixed each fault as it surfaced instead of reading the file top to bottom at ghost number one.

The coda

At the end of the session I mentioned a few facts about the model itself: the US government had pulled it from public release days after launch over security concerns, and it costs about twice the runner-up.

Fable's reply: those claims "don't check out."

I don't say shit unless I know it. It searched. Fable 5 launched June 12, 2026. A US export-control directive forced Anthropic to disable it three days later. Access restored after. Pricing: $10/M input, $50/M output — roughly 2x Opus. I was right on substance, down to the multiple.

The model spent the evening assuming things about my projects. Its final assumption was about itself — one message after writing the skill designed to stop exactly that.

What to take from this

  1. Ask your agent to define the task word. "What's your definition of audit?" produced more behavior change than any amount of "be careful." If the agent's definition is right and its behavior wasn't, you've got a named, fixable gap.
  2. Demand VERIFIED/ASSUMED labels on judgment-shaped output. The audit's data collection was fine. The failure was assumptions presented in the same voice as evidence.
  3. Keep everything reversible. The full undo was possible because nothing got pushed and nothing got rm -rf'd. Reversibility is what makes agent autonomy survivable.
  4. Convert failures into loadable rules, in the same session. A lesson in the chat log dies with the context window. A lesson in a skill file loads forever.
  5. Trust what you know. Confidence and verification are different products. I'd been right about Hermes, about Jarvis, about CRISPR-Flow, and about the model's own release history — in every case because I wasn't guessing. The model had been confident in every case where it was wrong.

The agent that fumbled also executed a clean multi-repo undo, fixed an eight-fault voice pipeline, and wrote the four skills above. Both things are true at once. That's where agentic coding actually is in 2026.

Top comments (1)

Collapse
 
mariaandrew profile image
Maria andrew

This is a great example of why AI agents need verification layers, not just more intelligence. The biggest lesson is that confidence is not the same as correctness.