PatchProof is the successor to the earlier DarwinPatch. The earlier work established the core reliability controller: hard verification gates, bounded failure evidence, route-aware repair selection, candidate archives, and deterministic benchmark ablations. Its technical report is available at DarwinPatch: A Budgeted Repair-Search Controller for Reliable Coding Agents.
evidence_aware_review tied full_darwinpatch on controlled solve@budget, so
the full controller added auditability and reliability infrastructure rather than a higher deterministic
solve rate.
Those limits were appropriate for initial work. They protected the original claim: the controller was
measurable and reproducible, but it was not presented as evidence that arbitrary live coding agents had
been solved.
PatchProof now retains that discipline while extending the system where the older work stopped. It adds
live
LLM repair search across providers, live benchmark execution across task families, model-matrix
comparisons, cached responses, reproducibility metadata, provider usage accounting, optional price
schedules, generator-declared metadata, multi-file tasks, and comparative HTML reporting.
The older deterministic benchmark remains valuable. It is still the controlled ablation environment. The
live benchmark is a complementary experiment that measures the same gated repair process under model and
provider variability.
PatchProof is a reproducible benchmark harness and repair-search controller for reliable coding agents.
It does not to replace the model that proposes code changes, never!. It makes that
model's repair loop measurable,
gate-verified, route-aware, and auditable.
The central principle is unchanged:
A coding agent should not promote a patch merely because it generated one. It should generate a patch, verify it through hard gates, receive only bounded evidence when it fails, route the next attempt deliberately, and preserve enough provenance to reproduce and inspect the result.
PatchProof extends this principle to with live LLM experiments. A single code path can run compatible
endpoint. Every generated candidate passes through the same scope, application, syntax, safety,
visible-test, and hidden regression gates used by the deterministic controller.
The system has two complementary evaluation modes:
PatchProof does not claim that a benchmark result generalizes to every repository, model, or provider. It provides a disciplined way to produce those measurements and retain the artifacts needed to inspect them.
PatchProof is designed around seven goals:
A candidate patch must pass scope validation, patch application, Python AST parsing, secret scanning, visible developer tests, and release-gate regressions.
The repair loop receives compact EvidencePacket objects. Visible failures expose bounded
output. Release-gate regressions identify the failure without disclosing the hidden assertion details.
A live LLM candidate is not trusted differently from a curated candidate. It is passed through the same gates, evidence construction, routing, stopping logic, archive, and reports.
The system supports OpenRouter and OpenAI-compatible endpoints, including vLLM, with provider, endpoint, model, temperature, reasoning, and seed recorded as run metadata.
Cached requests, explicit budgets, run configuration fingerprints, source revision metadata, repetitions, and static artifacts make results inspectable and repeatable.
A model matrix runs multiple model configurations through the same task suite, budgets, gates, and summary format, then produces JSON, Markdown, and comparative HTML artifacts.
A generator may declare an intent and compatible repair routes for its patch. PatchProof records this as generator-derived metadata, validates it against the known route taxonomy, and falls back to controller-derived metadata when it is absent or unusable.
PatchProof is a reliability layer around a model's patch proposals.
flowchart LR
A["Task specification and source workspace"] --> B["LLM or curated candidate patch"]
B --> C["Hard verification gates"]
C --> D{"All gates pass?"}
D -- "yes" --> E["Promote candidate"]
D -- "no" --> F["Build bounded EvidencePacket"]
F --> G["Route next repair"]
G --> H["Request or select next candidate"]
H --> C
C --> I["Archive, trace, provenance, and metrics"]
I --> J["Showcase, benchmark, and model-matrix reports"]
The same structure supports two sources of candidates:
| Candidate source | Purpose | Selection behavior |
|---|---|---|
| Curated patch pool | Deterministic ablations and reproducible controller tests | Uses structured candidate metadata or ordered fallback. |
| Live LLM response | Live repair demos, benchmark runs, and model comparisons | Generates a patch from the current bounded context and then enters the same verification loop. |
This separation is important. PatchProof does not present a curated result as a live-model result, and it does not let a live model bypass the controller simply because its output was generated online.
The earlier report's future work directly maps to this current system:
| Earlier limitation or future work | PatchProof capability | Scope of the claim |
|---|---|---|
| Curated benchmark candidates | benchmark-llm runs live generation over unique task families and repetitions.
benchmark --llm-generate can build live candidate pools for baseline evaluation.
|
The controlled benchmark remains curated by design. |
| Compare model families | Repeated --llm-model arguments run a model matrix with a merged JSON, Markdown, and
HTML comparison report. |
A comparison is only as broad as the supplied model configurations and task suite. |
| Token and wall-clock accounting | Provider-reported prompt and completion usage, wall-clock duration, token source, optional price schedules, currency, and variance summaries are recorded. | Cost is omitted when complete provider usage is unavailable. |
| Larger multi-file repairs | csv_report, pricing_cart, and order_service add coordinated
multi-file tasks and a dedicated multifile_suite. |
These remain compact research tasks, not a claim of production-scale repository coverage. |
| Real generation traces | LLM responses, generated patches, search/replace conversion artifacts, generator metadata, archives, and controller traces are persisted. | Generator metadata is optional and validated before use. |
Every candidate, whether curated or generated by an LLM, is evaluated in an isolated workspace. A candidate is promoted only after each required gate passes.
flowchart TD
A["Candidate patch"] --> B["Scope guard"]
B --> C["Patch applies"]
C --> D["Python AST parse"]
D --> E["Secret scan"]
E --> F["Visible developer tests"]
F --> G["Release-gate regression tests"]
G --> H["Promote"]
B -- "fail" --> R["Reject and build bounded evidence"]
C -- "fail" --> R
D -- "fail" --> R
E -- "fail" --> R
F -- "fail" --> R
G -- "fail" --> R
The release gate is intentionally different from visible tests. A visible failure may reveal a bounded stdout or stderr tail so the next repair can be targeted. A release-gate regression exposes only limited diagnostics, such as test identifiers, and withholds assertion values and full output. This preserves a hidden-test boundary and reduces the risk of direct overfitting to withheld cases.
After rejection, PatchProof does not pass arbitrary raw logs back to the generator. It constructs a
compact EvidencePacket containing a failure type, summary, bounded details, and packet
identifiers for admitted context.
flowchart LR
A["Raw gate result"] --> B["Failure classifier"]
B --> C["EvidencePacket"]
C --> D["Route decision"]
C --> E["Candidate archive"]
C --> F["HTML report"]
Typical routes include behavior_repair, regression_repair,
scope_repair, syntax_repair, safety_repair,
patch_format_repair, and general_repair. Repeated failure fingerprints can
trigger a diversification route
so the controller does not repeatedly request the same failing approach.
The repair prompt includes the task specification, permitted source files, visible tests, bounded failure evidence, and short records of previous rejected approaches. Each attempt is applied independently to the original task workspace. This prevents an LLM from silently relying on an unverified edit from an earlier failed attempt.
The PatchProof's live repair loop accepts unified diffs and structured search/replace blocks. Search/replace blocks are converted to a patch against the original task source, with matching diagnostics preserved in the trace. This gives models a robust edit format while retaining gate-verifiable patch artifacts.
sequenceDiagram
participant P as PatchProof
participant M as LLM provider
participant V as Verification gates
participant A as Archive
P->>M: Task context and allowed paths
M-->>P: Patch plus optional metadata
P->>V: Evaluate candidate in isolated workspace
V-->>P: Gate outcomes
P->>A: Store response, patch, evidence, route, and metrics
alt Candidate promoted
P-->>P: Finish with promoted status
else Candidate rejected
P->>M: Bounded evidence and repair route
end
An LLM may append an optional patchproof-metadata block to describe the patch it
generated:
patchproof-metadata
{
"intent": "complete_spec_repair",
"compatible_routes":
["behavior_repair", "regression_repair"]
}
This metadata is treated as a declaration, not as trusted control input. PatchProof validates the routes against its known taxonomy. Unknown routes are rejected and recorded in the trace. If no usable declaration remains, the archive marks the metadata source as controller-derived and uses the controller fallback.
This preserves the distinction between two facts:
Live LLM evaluation is variable by nature. PatchProof makes the experimental configuration explicit rather than pretending variability does not exist.
Each LLM run records reproducibility metadata including:
The optional disk cache keys each response by the model, reasoning configuration, provider, endpoint, temperature, seed, and prompt messages. This prevents a response from one server or sampling configuration from being silently reused for another experimental condition.
flowchart LR
A["Run configuration"] --> B["Canonical cache context"]
B --> C["Model, provider, endpoint, temperature, seed"]
C --> D["Prompt messages"]
D --> E["Hashed cache key"]
E --> F{"Cached response exists?"}
F -- "yes" --> G["Reuse archived response"]
F -- "no" --> H["Call provider and persist response"]
Caching is useful for repeatable analysis and cost control. It should not be mistaken for deterministic model behavior when cache misses occur. A seed is forwarded to the provider and recorded, but practical determinism still depends on the provider and model honoring that seed.
PatchProof records three related but distinct measurements:
| Measurement | Source | Interpretation |
|---|---|---|
| Prompt and completion tokens | Provider usage payload when available |
Preferred token accounting. |
| Token estimate | Local text-length estimate when usage is absent | Operational estimate, explicitly labeled estimate. |
| Wall-clock seconds | Local monotonic timer around the repair run | End-to-end elapsed time for the local controller and provider calls. |
An optional price schedule maps a model to input and output price per thousand tokens and a currency. PatchProof calculates a monetary cost only when complete provider-reported usage is available. If usage is absent or incomplete, it records token estimates but omits cost rather than publishing a misleading partial dollar amount.
Live benchmark summaries report total and average tokens, token source, total and average wall time, and standard deviations for token and wall-clock observations. Cost summaries include the declared currency. This keeps estimated token counts distinct from provider-confirmed accounting.
The original deterministic benchmark remains the controller-ablation study. It replays structured candidate pools across the following baselines:
| Baseline | What it tests |
|---|---|
single_shot |
One candidate, no correction loop. |
linear_retry |
Ordered retry under the same candidate budget. |
clean_context_review |
Ordered retry without route-aware selection or archive behavior. |
archive_no_routing |
Archive-compatible retry without route-aware selection. |
evidence_aware_review |
Bounded evidence plus candidate metadata without the full archive and policy machinery. |
full_patchproof |
Full PatchProof controller behavior. |
The earlier report recorded the following controlled result shape:
| Baseline | solve@budget | 95% CI | Avg attempts |
|---|---|---|---|
single_shot |
0.2 | 0.105-0.3476 | 1.0 |
linear_retry |
0.6 | 0.446-0.7365 | 1.8 |
clean_context_review |
0.6 | 0.446-0.7365 | 1.8 |
archive_no_routing |
0.6 | 0.446-0.7365 | 1.8 |
evidence_aware_review |
0.9 | 0.7695-0.9604 | 1.8 |
full_darwinpatch |
0.9 | 0.7695-0.9604 | 1.8 |
This result remains intentionally narrow. It demonstrates the value of bounded evidence and route-compatible metadata under a controlled candidate pool. It does not establish a live-model ranking.
benchmark-llm runs the live repair loop across each unique task family in a suite. It
supports repeated
runs, bounded candidate budgets, provider selection, endpoint configuration, caching, temperature, seed,
reasoning, and optional pricing.
For each task and repetition, PatchProof records:
The result is a live measurement harness. It reports observed solve@budget and confidence intervals, but does not fabricate a universal benchmark score before a real experiment is run.
benchmark --llm-generate first runs a live LLM repair search to construct a candidate pool,
then replays
that pool through the deterministic baselines. The generated pool preserves patch files and metadata
artifacts, allowing a controlled comparison of baseline policies against the same live-generated
proposals.
This mode is useful when the research question is not only "which model solved a task?" but also "how does each controller baseline behave when given the same generated candidates?"
PatchProof can compare multiple models under the same suite and budget. Supplying
--llm-model more than once invokes a model-matrix experiment.
PatchProof can compare multiple models under the same suite and budget. Supplying
--llm-model more than once invokes a model-matrix experiment.
flowchart TD
A["Shared suite, budget, repetitions, and gate policy"] --> B["Model A live benchmark"]
A --> C["Model B live benchmark"]
A --> D["Model N live benchmark"]
B --> E["Per-model artifacts"]
C --> E
D --> E
E --> F["Merged JSON and Markdown matrix"]
F --> G["Comparative HTML report"]
The matrix report presents:
The matrix is a comparative artifact, not an automatic claim of statistical superiority. Confidence intervals and repeated runs make uncertainty visible, but proper conclusions still depend on the number and diversity of tasks, the provider setup, and the sampling policy.
PatchProof expands beyond the earlier single-file task families with coordinated multi-file repairs:
| Task | Allowed repair surface | Example of coordinated behavior |
|---|---|---|
csv_report |
Two source modules | Row normalization and report summary behavior. |
pricing_cart |
Two source modules | Cart and pricing behavior. |
order_service |
shop/pricing.py, shop/inventory.py, and shop/checkout.py
|
Rounding, validation, inventory, and checkout flow. |
The order_service task is intentionally scope-restricted to these three files. A candidate
that changes the catalog, specification, or tests is rejected by the scope guard before it can be
promoted.
The multi-file suite demonstrates coordinated changes and scope control. It does not claim that PatchProof has solved large production repositories or arbitrary architectural changes.
PatchProof writes artifacts as part of the execution model, not as an afterthought.
| Artifact | Purpose |
|---|---|
candidate_archive.json |
Candidate lineage, gate outcomes, evidence, routes, fingerprints, metadata source, token information, cost, and reproducibility metadata. |
controller_trace.jsonl |
Event-by-event repair-search trace. |
llm/ response and patch files |
Original model responses and extracted or converted patch artifacts. |
showcase_report.html |
One-task narrative report with problem, timeline, evidence, gates, promoted patch, and artifact links. |
| Benchmark JSON and Markdown | Baseline or live-run summaries for programmatic and human review. |
model_matrix_report.html |
Side-by-side comparison of model families and per-task outcomes. |
flowchart LR
A["Run artifacts"] --> B["Candidate archive"]
A --> C["Controller trace"]
A --> D["LLM responses and patches"]
B --> E["Showcase report"]
B --> F["Benchmark summaries"]
F --> G["Model-matrix report"]
The guarded policy experiment from the earlier work remains available. It splits cases into train, validation, and held-out test partitions. Policies are tuned on train data, selected using validation results, and evaluated on the held-out test split only after selection.
flowchart LR
A["Source benchmark suite"] --> B["Train split"]
A --> C["Validation split"]
A --> D["Held-out test split"]
B --> E["Policy tuning"]
C --> F["Policy selection"]
F --> G["Selected policy"]
G --> D
D --> H["Final report only"]
This protects against selecting a repair budget or stopping policy based on the same held-out cases used to report its final result.
PatchProof demonstrates a practical reliability pattern for LLM coding agents:
A live LLM candidate is a proposal, not a promotion.
The next attempt is informed by compact gate evidence rather than an unrestricted transcript of hidden failures.
Provider, endpoint, model, sampling configuration, seed, cache context, source revision, usage, and cost metadata are part of the run record.
The model matrix is designed to compare observed reliability, cost, and latency without changing the gates or repair budget between models.
Archives, traces, response files, patches, static reports, and summary artifacts make promotion and rejection explainable.
PatchProof is a rigorous technical harness, not a claim of universal autonomous software engineering. Important limitations remain:
PatchProof carries the earlier DarwinPatch reliability controller into live LLM evaluation without abandoning the original project's careful claims.
The strongest version of the current claim is:
PatchProof provides gate-verified repair search and reproducible benchmarks for coding agents. It evaluates curated or live-generated patches through hard gates, bounded evidence, route-aware repair, archived provenance, and comparative reporting across models and providers.
Note that PatchProof does not promise that every coding task can be repaired automatically. It provides the engineering and research machinery needed to ask a more useful question: when a model proposes a patch, what evidence shows that the patch was safe, verified, reproducible, and worth promoting?
@article{
patchproof,
title={PatchProof: Gate-Verified Repair Search and Reproducible Benchmarks for Coding Agents},
author={Taneem Ullah Jan},
year={2026}
}