Fewer Errors, Less Signal

An automated corrector catches some of the agent's mistakes before a human reviewer sees them. The reviewer approves what remains. The error rate they are calibrating against is not the agent's error rate. It is the residual after the corrector did its work, and the difference is where governance quietly fails.

The corrector is doing what it was built to do. It runs after the agent produces a change, catches a subset of obvious errors, and repairs them. The output that reaches the reviewer looks cleaner than what the agent actually generated. The reviewer sees the cleaner version, forms an impression of the agent's competence based on it, and authorizes what remains. Nothing about that pipeline is broken from the perspective of any single component. Every layer is doing its job. The signal available to the layer that authorizes is the signal that has already been laundered by the layer beneath it.

The mechanism

Consider the simplest version of this. An agent writes a pull request. Before the human reviewer opens it, an automated corrector runs a formatter, applies lint fixes, corrects trivially wrong imports, and cleans up whitespace. The reviewer sees the pull request after those repairs. Their assessment of the agent's quality is built on what they see. Ten pull requests come through, all cleaner than the raw agent output would have been, and the reviewer's mental model updates. The agent is doing fine. The pull requests are readable. The reviewer approves at a higher rate, and each approval reinforces the picture.

The correction did not make the agent better. The correction made the agent's output more legible, which is a different thing. The reviewer is now calibrating against corrected output, not raw output, and the reviewer is the layer that decides whether the change is safe to merge. The signal they need to make that decision, what the agent actually produced when it acted on its own understanding, is precisely what the corrector removed.

This is a specific version of a pattern the publication has argued before. In N° 015 (The Self-Grading Loop), the failure was that an evaluator sharing training with the thing it evaluated could not serve as external verification. Here the corrector does not share training with the reviewer, and the failure still occurs, because the corrector removes information the reviewer needs. Concealment does not require collusion. It only requires that the layer producing the signal for the reviewer be running downstream of the thing the reviewer is supposed to see.

Stacking makes it worse

Multi-layer quality enforcement is the current architectural posture in most AI-generated-code shops. Mutation testing gates. Coverage thresholds. Static analysis scanners. Ephemeral sandbox validation. Security policy checks. Each layer runs, catches a class of errors it was designed to catch, and passes what remains to the next layer. The pull request that reaches the human at the end has cleared five, seven, ten mechanical filters. On paper, this is defense in depth. In practice, it is defense in obscurity.

Every layer removes a category of visible error. Every removal takes with it the evidence a downstream layer would have used to assess the agent's underlying reliability. The final human reviewer, sitting at the end of the stack, is looking at a change that has been through so many mechanical scrubs that the reviewer's judgment about the agent's competence is essentially unmoored from anything the agent actually did. They are grading what survived, not what was produced.

Stacking layers does not compound their accuracy. Individual layer accuracies do not multiply into a stack accuracy in any meaningful sense, because each layer changes what the next layer sees. What stacking compounds is concealment. The harder each layer works, the less the next layer can see of the thing that was originally there. By the time the human is asked to authorize, the residue in front of them contains almost no information about the process that produced it.

The wrong reading of this argument

The wrong reading is that correctors and pre-merge gates are bad and should be removed. That is not the argument. Correctors do useful work. Pre-merge gates catch real problems. Nothing here suggests that a pull request should reach a human reviewer full of trivially fixable errors just so the reviewer can see them.

The right reading is that the reviewer needs a channel that shows what the agent actually did, separate from the corrected output the reviewer is being asked to approve. The correction should not be invisible. The number of characters changed by the formatter, the count of lint fixes applied, the specific errors caught by static analysis, the mutations that failed and were repaired, all of these belong in the review context, surfaced as first-class signal. The reviewer approving the final artifact needs to see the delta between what the agent produced and what the corrector produced, because that delta is the reviewer's basis for judging the agent's actual competence.

Without that channel, the reviewer is calibrating against the corrector's output and calling it a calibration against the agent. This is the same shape as the argument in N° 017 (Phantom Coverage). A metric that used to measure the thing has detached from the thing, and the dashboard reads green because the measurement no longer touches what it was measuring.

What this asks of teams and their governance

For engineering teams, the honest question is whether the layers between the agent and the human reviewer are surfaced or hidden. A pre-merge stack that quietly repairs and passes forward is friendly to velocity and hostile to judgment. A stack that repairs, passes forward, and shows what it repaired preserves the judgment layer's ability to do its work.

For governance, the question is what the merge-gate decision is actually made against. A gate that scores the post-corrector artifact is grading the corrector's work as much as the agent's. If the score is meant to represent the risk of what the agent is generating, the score has to be computed against the raw agent output, or against a decomposition that separates the agent's contribution from the corrector's. Otherwise the score is describing something other than what it claims to describe.

For regulators, the implication is close to the one in the runtime-authorization arc. Records of what happened after a pipeline of automated corrections are records of the pipeline, not records of the underlying system's behavior. An audit that only sees the residue is auditing the residue. The signal the audit needs is upstream of every layer whose job is to make things look right.

The harder each layer works, the less the next layer can see. What the reviewer is authorizing is not what the agent produced.

Cross-link: this piece extends the argument opened by N° 015 (The Self-Grading Loop), where an internal evaluator sharing context with the thing it evaluated could not serve as external verification. Here the failure occurs without shared training: an internal corrector still masks the signal an external verifier needs, because concealment does not require collusion, only downstream position. Companion in spirit to N° 017 (Phantom Coverage) on measurements that have detached from the things they measure, and to N° 025 (The Oversight Illusion) on the same paper-vs-behavior pattern applied to human review at the framing surface.

End N° 027