SShortSingh.
Back to feed

Developer Uses One Claude AI Instance to Audit Another in Stateless Memory Experiment

0
·1 views

On July 5, 2026, a developer used a Claude Code AI session called Fable 5 to conduct a full methodology audit on ALICE, an autonomous AI agent built on a Pi framework over three weeks. ALICE is designed to persist across sessions by passing handoff documents to her next instance, but faces a core problem: stored memory often contradicts real-world state. To address structural blind spots rather than surface bugs, the developer brought in a second, independent Claude Code session with no shared memory or context. Fable 5 proposed a multi-agent audit framework where parallel sub-agents each examine one non-overlapping lens — such as security, performance, or data lifecycle — and must cite specific file paths and line numbers for every finding. The experiment yielded a reusable framework for investigation-first system audits, emphasizing mandatory evidence, value-effort scoring, and orthogonal lens design as the key drivers of audit quality.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Log in to join the discussion and vote.

Log in

Related stories

0
ProgrammingDEV Community ·

Developer Moves Code Repos to Codeberg After GitHub Silently Flagged Account as Spam

A freelance developer discovered on July 2 that GitHub had silently flagged their account as spam since June 18, making all public repositories return 404 errors to anyone not logged in as the account owner. The developer only learned of the outage when an AI agent followed a source-code link without an active session and hit a dead end — nearly two weeks after the flag was applied. GitHub support confirmed the flag was a mistake and removed it on July 3, but by then the developer had already migrated all repositories to Codeberg, a non-profit-run platform, with full commit history intact. The incident coincided with a potential client inquiry, and the developer suspects the broken links may have contributed to the lead going silent, though this cannot be confirmed. In response, the developer has added logged-out visibility checks for all external links to their monthly site audit, noting that standard uptime scanners do not catch this class of silent failure.

0
ProgrammingDEV Community ·

Anthropic launches OIDC gateway to replace per-developer Claude Code credentials

Anthropic has introduced a self-hosted gateway for enterprises using Claude Code on Amazon Bedrock or Google Cloud, replacing long-lived per-developer credentials with short-lived OIDC sessions. Reported on July 1 by DevOps.com, the gateway is a stateless container backed by PostgreSQL that federates authentication through existing identity providers such as Google Workspace, Microsoft Entra ID, or Okta. When a developer's session is revoked in the IdP, cloud access is immediately cut without requiring changes to cloud IAM policies. Beyond authentication, the gateway centralizes policy enforcement, usage tracking, and spend management for Claude Code across an organization. Platform teams provision the gateway once and configure group and policy mappings, eliminating the need to issue or rotate per-project cloud credentials for individual developers.

0
ProgrammingDEV Community ·

How the MOD-97 Algorithm Validates IBANs and Catches Typos Before Transfers

Every IBAN contains two check digits immediately after the country code, computed using the MOD-97 algorithm (ISO 7064), which allows banks and software to detect transcription errors before a payment is processed. To validate an IBAN, the number is normalized, rotated so the country code and check digits move to the end, letters are converted to two-digit numbers, and the resulting large integer is divided by 97. A remainder of exactly 1 confirms the IBAN is internally consistent; any other result indicates an error in the number. Importantly, passing this check only verifies the number's internal integrity and correct length — it does not confirm that the bank account actually exists, which requires a separate directory lookup. Developers can implement the validation in Python using arbitrary-precision integers, with an added per-country length check recommended for production use.