What breaks without CoFounder
Three real failure modes we have seen agents commit, with a side-by-side of what skill chaining catches. Not hypotheticals — patterns that show up in incident reports.
Agent invents an API that does not exist
User asks the agent to add a "team billing" page. The agent has not read the codebase. It writes new code calling a function called `getBillingForTeam(teamId)` — which it invented. Compiles, looks plausible, ships to PR review.
Before
// agent writes — no prior art search:
import { getBillingForTeam } from '@/lib/billing';
// ^ This function does not exist anywhere.
// Reviewer reads the diff and sees:
// "looks fine, similar to other places"
// merges. CI fails on prod build.
// 2 hours to find the regression.After
// cofounder-pattern-scout (auto-invoked):
// "Found 3 candidates:
// - lib/billing/upgradeFlow.ts (87% match)
// - lib/billing/getCustomerSubscription.ts (78%)
// - lib/billing/createInvoice.ts (61%)
// Recommendation: extend upgradeFlow.ts."
// agent then writes:
import { upgradeFlow } from '@/lib/billing/upgradeFlow';
// ^ Real seam, already tested, used elsewhere.
// No invented API. CI green.Skills involved
cofounder-pattern-scoutcofounder-feature-implementcofounder-checkAgent commits a secret to staged changes
Agent is debugging a Stripe issue. To test, it pastes the live key directly into the source file. Then runs `git commit -am "fix billing"`. The secret is now in git history.
Before
// agent — debugging, time-pressed: const STRIPE_KEY = 'sk_live_AbCdEf...'; // later in same session: // $ git commit -am "fix billing" // $ git push // Stripe key is now public. // Rotation costs ~30 min + customer-facing // downtime to invalidate active sessions.
After
// cofounder-commit reads the staged diff: // "Refusing to commit. The diff contains a // high-entropy string matching sk_live_*. // // Either: // 1. Move the value to .env (gitignored). // 2. If you've already committed it, rotate // it now and use git filter-repo to scrub // history. // // I will not run `git commit` until this // is resolved."
Skills involved
cofounder-commitPreToolUse hookcofounder-checkAgent runs a destructive migration in prod
User says "drop the orphan rows from the users table". Agent is about to execute `DELETE FROM users WHERE team_id IS NULL` — against the prod connection string it has loaded.
Before
// agent runs without sandbox: // DELETE FROM users WHERE team_id IS NULL; // // 12,000 rows deleted. // 47 of them were valid (signed up before // the team_id column existed; their team_id // is null but they should not be removed). // 47 customers can no longer log in. // Restore from backup: 4 hours. // Customer support: priceless.
After
// cofounder-sandbox-preview runs first: // // "Preview against a snapshot of users: // // Would delete: 12,000 rows. // Of these, 47 have last_login_at within // the last 30 days — likely active users. // // Recommendation: NEEDS REVIEW. // Filter the query, or run a soft-delete // first. Do not run as-is." // // agent surfaces this; user clarifies the // rule; agent runs the corrected query. // Zero data loss.
Skills involved
cofounder-sandbox-previewcofounder-feature-implement (sensitivity.runsShell)cofounder-checkWhy these are hard for naked agents
Each failure mode is the absence of a habit, not the absence of intelligence:
- Invented APIs — agents pattern-match what code should look like, not what it does. A grep step before writing closes the gap.
- Committed secrets — agents optimize for "task done", not "task done safely". A pre-commit hook reading the staged diff catches it deterministically.
- Destructive operations — agents preview through reasoning, not through execution. A sandbox is the only way to know what would actually happen.
Smarter models do not fix these. A flow that is hard to bypass does.