PatchProof: Gate-Verified Repair Search and Reproducible Benchmarks for Coding Agents


Research and development work conducted

by

Starting From the Earlier Limitations

PatchProof is the successor to the earlier DarwinPatch. The earlier work established the core reliability controller: hard verification gates, bounded failure evidence, route-aware repair selection, candidate archives, and deterministic benchmark ablations. Its technical report is available at DarwinPatch: A Budgeted Repair-Search Controller for Reliable Coding Agents.


That report stated five limitations:
  1. The multi-task benchmark replayed curated candidate patch pools rather than live model-generated candidates.
  2. evidence_aware_review tied full_darwinpatch on controlled solve@budget, so the full controller added auditability and reliability infrastructure rather than a higher deterministic solve rate.
  3. The tasks were small Python repairs rather than coordinated multi-file changes.
  4. Live LLM behavior was demonstrated only on a hero task, not across a multi-task benchmark.
  5. Token, latency, and monetary cost information was unavailable.

Those limits were appropriate for initial work. They protected the original claim: the controller was measurable and reproducible, but it was not presented as evidence that arbitrary live coding agents had been solved.

PatchProof now retains that discipline while extending the system where the older work stopped. It adds live LLM repair search across providers, live benchmark execution across task families, model-matrix comparisons, cached responses, reproducibility metadata, provider usage accounting, optional price schedules, generator-declared metadata, multi-file tasks, and comparative HTML reporting.

The older deterministic benchmark remains valuable. It is still the controlled ablation environment. The live benchmark is a complementary experiment that measures the same gated repair process under model and provider variability.

The Executive Summary

PatchProof is a reproducible benchmark harness and repair-search controller for reliable coding agents. It does not to replace the model that proposes code changes, never!. It makes that model's repair loop measurable, gate-verified, route-aware, and auditable.

The central principle is unchanged:

A coding agent should not promote a patch merely because it generated one. It should generate a patch, verify it through hard gates, receive only bounded evidence when it fails, route the next attempt deliberately, and preserve enough provenance to reproduce and inspect the result.

PatchProof extends this principle to with live LLM experiments. A single code path can run compatible endpoint. Every generated candidate passes through the same scope, application, syntax, safety, visible-test, and hidden regression gates used by the deterministic controller.

The system has two complementary evaluation modes:

  • A deterministic benchmark with curated candidate pools and ablations. This remains the controlled mechanism study.
  • A live LLM benchmark that generates and evaluates patches across unique task families and repetitions. This measures observed reliability, attempts, token usage, latency, and cost when available.

PatchProof does not claim that a benchmark result generalizes to every repository, model, or provider. It provides a disciplined way to produce those measurements and retain the artifacts needed to inspect them.

Design Goals

PatchProof is designed around seven goals:

  1. Hard verification before promotion
  2. A candidate patch must pass scope validation, patch application, Python AST parsing, secret scanning, visible developer tests, and release-gate regressions.

  3. Bounded evidence rather than unrestricted logs
  4. The repair loop receives compact EvidencePacket objects. Visible failures expose bounded output. Release-gate regressions identify the failure without disclosing the hidden assertion details.

  5. Live generation under the same controller
  6. A live LLM candidate is not trusted differently from a curated candidate. It is passed through the same gates, evidence construction, routing, stopping logic, archive, and reports.

  7. Provider-neutral experimentation
  8. The system supports OpenRouter and OpenAI-compatible endpoints, including vLLM, with provider, endpoint, model, temperature, reasoning, and seed recorded as run metadata.

  9. Reproducible measurement
  10. Cached requests, explicit budgets, run configuration fingerprints, source revision metadata, repetitions, and static artifacts make results inspectable and repeatable.

  11. Fair model comparison
  12. A model matrix runs multiple model configurations through the same task suite, budgets, gates, and summary format, then produces JSON, Markdown, and comparative HTML artifacts.

  13. Traceable candidate intent
  14. A generator may declare an intent and compatible repair routes for its patch. PatchProof records this as generator-derived metadata, validates it against the known route taxonomy, and falls back to controller-derived metadata when it is absent or unusable.

System Overview

PatchProof is a reliability layer around a model's patch proposals.


  flowchart LR
    A["Task specification and source workspace"] --> B["LLM or curated candidate patch"]
    B --> C["Hard verification gates"]
    C --> D{"All gates pass?"}
    D -- "yes" --> E["Promote candidate"]
    D -- "no" --> F["Build bounded EvidencePacket"]
    F --> G["Route next repair"]
    G --> H["Request or select next candidate"]
    H --> C
    C --> I["Archive, trace, provenance, and metrics"]
    I --> J["Showcase, benchmark, and model-matrix reports"]
    

The same structure supports two sources of candidates:

Candidate source Purpose Selection behavior
Curated patch pool Deterministic ablations and reproducible controller tests Uses structured candidate metadata or ordered fallback.
Live LLM response Live repair demos, benchmark runs, and model comparisons Generates a patch from the current bounded context and then enters the same verification loop.

This separation is important. PatchProof does not present a curated result as a live-model result, and it does not let a live model bypass the controller simply because its output was generated online.

From DarwinPatch to PatchProof

The earlier report's future work directly maps to this current system:


Earlier limitation or future work PatchProof capability Scope of the claim
Curated benchmark candidates benchmark-llm runs live generation over unique task families and repetitions. benchmark --llm-generate can build live candidate pools for baseline evaluation. The controlled benchmark remains curated by design.
Compare model families Repeated --llm-model arguments run a model matrix with a merged JSON, Markdown, and HTML comparison report. A comparison is only as broad as the supplied model configurations and task suite.
Token and wall-clock accounting Provider-reported prompt and completion usage, wall-clock duration, token source, optional price schedules, currency, and variance summaries are recorded. Cost is omitted when complete provider usage is unavailable.
Larger multi-file repairs csv_report, pricing_cart, and order_service add coordinated multi-file tasks and a dedicated multifile_suite. These remain compact research tasks, not a claim of production-scale repository coverage.
Real generation traces LLM responses, generated patches, search/replace conversion artifacts, generator metadata, archives, and controller traces are persisted. Generator metadata is optional and validated before use.

Gate-Verified Repair Loop

Every candidate, whether curated or generated by an LLM, is evaluated in an isolated workspace. A candidate is promoted only after each required gate passes.

  flowchart TD
    A["Candidate patch"] --> B["Scope guard"]
    B --> C["Patch applies"]
    C --> D["Python AST parse"]
    D --> E["Secret scan"]
    E --> F["Visible developer tests"]
    F --> G["Release-gate regression tests"]
    G --> H["Promote"]

    B -- "fail" --> R["Reject and build bounded evidence"]
    C -- "fail" --> R
    D -- "fail" --> R
    E -- "fail" --> R
    F -- "fail" --> R
    G -- "fail" --> R
    

The release gate is intentionally different from visible tests. A visible failure may reveal a bounded stdout or stderr tail so the next repair can be targeted. A release-gate regression exposes only limited diagnostics, such as test identifiers, and withholds assertion values and full output. This preserves a hidden-test boundary and reduces the risk of direct overfitting to withheld cases.

Bounded Evidence and Repair Routes

After rejection, PatchProof does not pass arbitrary raw logs back to the generator. It constructs a compact EvidencePacket containing a failure type, summary, bounded details, and packet identifiers for admitted context.

flowchart LR
    A["Raw gate result"] --> B["Failure classifier"]
    B --> C["EvidencePacket"]
    C --> D["Route decision"]
    C --> E["Candidate archive"]
    C --> F["HTML report"]
    

Typical routes include behavior_repair, regression_repair, scope_repair, syntax_repair, safety_repair, patch_format_repair, and general_repair. Repeated failure fingerprints can trigger a diversification route so the controller does not repeatedly request the same failing approach.

The repair prompt includes the task specification, permitted source files, visible tests, bounded failure evidence, and short records of previous rejected approaches. Each attempt is applied independently to the original task workspace. This prevents an LLM from silently relying on an unverified edit from an earlier failed attempt.

Live LLM Generation

The PatchProof's live repair loop accepts unified diffs and structured search/replace blocks. Search/replace blocks are converted to a patch against the original task source, with matching diagnostics preserved in the trace. This gives models a robust edit format while retaining gate-verifiable patch artifacts.

  sequenceDiagram
    participant P as PatchProof
    participant M as LLM provider
    participant V as Verification gates
    participant A as Archive

    P->>M: Task context and allowed paths
    M-->>P: Patch plus optional metadata
    P->>V: Evaluate candidate in isolated workspace
    V-->>P: Gate outcomes
    P->>A: Store response, patch, evidence, route, and metrics
    alt Candidate promoted
        P-->>P: Finish with promoted status
    else Candidate rejected
        P->>M: Bounded evidence and repair route
    end
    

Generator-Declared Metadata

An LLM may append an optional patchproof-metadata block to describe the patch it generated:

              
patchproof-metadata
  {
    "intent": "complete_spec_repair", 
    "compatible_routes": 
      ["behavior_repair", "regression_repair"]
  }
              
            

This metadata is treated as a declaration, not as trusted control input. PatchProof validates the routes against its known taxonomy. Unknown routes are rejected and recorded in the trace. If no usable declaration remains, the archive marks the metadata source as controller-derived and uses the controller fallback.

This preserves the distinction between two facts:

  • What the generator says its patch is intended to repair.
  • What the controller independently observed when it evaluated that patch.

Reproducibility and Caching

Live LLM evaluation is variable by nature. PatchProof makes the experimental configuration explicit rather than pretending variability does not exist.

Each LLM run records reproducibility metadata including:

  • PatchProof source revision.
  • Model, provider, and endpoint.
  • Temperature, reasoning setting, and optional sampling seed.
  • Candidate and repeated-failure budgets.
  • A stable configuration fingerprint.

The optional disk cache keys each response by the model, reasoning configuration, provider, endpoint, temperature, seed, and prompt messages. This prevents a response from one server or sampling configuration from being silently reused for another experimental condition.

  flowchart LR
    A["Run configuration"] --> B["Canonical cache context"]
    B --> C["Model, provider, endpoint, temperature, seed"]
    C --> D["Prompt messages"]
    D --> E["Hashed cache key"]
    E --> F{"Cached response exists?"}
    F -- "yes" --> G["Reuse archived response"]
    F -- "no" --> H["Call provider and persist response"]
    

Caching is useful for repeatable analysis and cost control. It should not be mistaken for deterministic model behavior when cache misses occur. A seed is forwarded to the provider and recorded, but practical determinism still depends on the provider and model honoring that seed.

Cost, Tokens, and Latency

PatchProof records three related but distinct measurements:

Measurement Source Interpretation
Prompt and completion tokens Provider usage payload when available Preferred token accounting.
Token estimate Local text-length estimate when usage is absent Operational estimate, explicitly labeled estimate.
Wall-clock seconds Local monotonic timer around the repair run End-to-end elapsed time for the local controller and provider calls.

An optional price schedule maps a model to input and output price per thousand tokens and a currency. PatchProof calculates a monetary cost only when complete provider-reported usage is available. If usage is absent or incomplete, it records token estimates but omits cost rather than publishing a misleading partial dollar amount.

Live benchmark summaries report total and average tokens, token source, total and average wall time, and standard deviations for token and wall-clock observations. Cost summaries include the declared currency. This keeps estimated token counts distinct from provider-confirmed accounting.

Benchmark Modes

Controlled Deterministic Benchmark

The original deterministic benchmark remains the controller-ablation study. It replays structured candidate pools across the following baselines:

Baseline What it tests
single_shot One candidate, no correction loop.
linear_retry Ordered retry under the same candidate budget.
clean_context_review Ordered retry without route-aware selection or archive behavior.
archive_no_routing Archive-compatible retry without route-aware selection.
evidence_aware_review Bounded evidence plus candidate metadata without the full archive and policy machinery.
full_patchproof Full PatchProof controller behavior.

The earlier report recorded the following controlled result shape:


Baseline solve@budget 95% CI Avg attempts
single_shot 0.2 0.105-0.3476 1.0
linear_retry 0.6 0.446-0.7365 1.8
clean_context_review 0.6 0.446-0.7365 1.8
archive_no_routing 0.6 0.446-0.7365 1.8
evidence_aware_review 0.9 0.7695-0.9604 1.8
full_darwinpatch 0.9 0.7695-0.9604 1.8

This result remains intentionally narrow. It demonstrates the value of bounded evidence and route-compatible metadata under a controlled candidate pool. It does not establish a live-model ranking.

Live LLM Benchmark

benchmark-llm runs the live repair loop across each unique task family in a suite. It supports repeated runs, bounded candidate budgets, provider selection, endpoint configuration, caching, temperature, seed, reasoning, and optional pricing.


For each task and repetition, PatchProof records:

  • Promotion status and stop reason.
  • Number of attempts and failure types.
  • Token totals, prompt tokens, completion tokens, and token source.
  • Cost and currency when complete provider usage and a schedule are available.
  • Wall-clock duration.
  • Candidate archive, response artifacts, patch artifacts, and controller trace.

The result is a live measurement harness. It reports observed solve@budget and confidence intervals, but does not fabricate a universal benchmark score before a real experiment is run.

Live-Generated Candidate Pools

benchmark --llm-generate first runs a live LLM repair search to construct a candidate pool, then replays that pool through the deterministic baselines. The generated pool preserves patch files and metadata artifacts, allowing a controlled comparison of baseline policies against the same live-generated proposals.


This mode is useful when the research question is not only "which model solved a task?" but also "how does each controller baseline behave when given the same generated candidates?"

PatchProof can compare multiple models under the same suite and budget. Supplying --llm-model more than once invokes a model-matrix experiment.

Model-Matrix Evaluation

PatchProof can compare multiple models under the same suite and budget. Supplying --llm-model more than once invokes a model-matrix experiment.

flowchart TD
    A["Shared suite, budget, repetitions, and gate policy"] --> B["Model A live benchmark"]
    A --> C["Model B live benchmark"]
    A --> D["Model N live benchmark"]
    B --> E["Per-model artifacts"]
    C --> E
    D --> E
    E --> F["Merged JSON and Markdown matrix"]
    F --> G["Comparative HTML report"]
    

The matrix report presents:

  • Model and provider identity.
  • Task family and repetition.
  • Promotion status and stop reason.
  • Number of attempts and failure types.
  • Total tokens, prompt tokens, completion tokens, and token source.
  • Total cost with currency when available.
  • Total wall-clock time and standard deviation.
  • Per-task solve@budget table, with the highest observed score highlighted for each task.

The matrix is a comparative artifact, not an automatic claim of statistical superiority. Confidence intervals and repeated runs make uncertainty visible, but proper conclusions still depend on the number and diversity of tasks, the provider setup, and the sampling policy.

Multi-File Repair Coverage

PatchProof expands beyond the earlier single-file task families with coordinated multi-file repairs:

Task Allowed repair surface Example of coordinated behavior
csv_report Two source modules Row normalization and report summary behavior.
pricing_cart Two source modules Cart and pricing behavior.
order_service shop/pricing.py, shop/inventory.py, and shop/checkout.py Rounding, validation, inventory, and checkout flow.

The order_service task is intentionally scope-restricted to these three files. A candidate that changes the catalog, specification, or tests is rejected by the scope guard before it can be promoted.


The multi-file suite demonstrates coordinated changes and scope control. It does not claim that PatchProof has solved large production repositories or arbitrary architectural changes.

Reports and Artifacts

PatchProof writes artifacts as part of the execution model, not as an afterthought.

Artifact Purpose
candidate_archive.json Candidate lineage, gate outcomes, evidence, routes, fingerprints, metadata source, token information, cost, and reproducibility metadata.
controller_trace.jsonl Event-by-event repair-search trace.
llm/ response and patch files Original model responses and extracted or converted patch artifacts.
showcase_report.html One-task narrative report with problem, timeline, evidence, gates, promoted patch, and artifact links.
Benchmark JSON and Markdown Baseline or live-run summaries for programmatic and human review.
model_matrix_report.html Side-by-side comparison of model families and per-task outcomes.
flowchart LR
    A["Run artifacts"] --> B["Candidate archive"]
    A --> C["Controller trace"]
    A --> D["LLM responses and patches"]
    B --> E["Showcase report"]
    B --> F["Benchmark summaries"]
    F --> G["Model-matrix report"]
    

Policy Selection

The guarded policy experiment from the earlier work remains available. It splits cases into train, validation, and held-out test partitions. Policies are tuned on train data, selected using validation results, and evaluated on the held-out test split only after selection.

  flowchart LR
    A["Source benchmark suite"] --> B["Train split"]
    A --> C["Validation split"]
    A --> D["Held-out test split"]
    B --> E["Policy tuning"]
    C --> F["Policy selection"]
    F --> G["Selected policy"]
    G --> D
    D --> H["Final report only"]
    

This protects against selecting a repair budget or stopping policy based on the same held-out cases used to report its final result.

What PatchProof Demonstrates

PatchProof demonstrates a practical reliability pattern for LLM coding agents:

  1. Live model output can be governed by the same hard gates as a deterministic repair controller.
  2. A live LLM candidate is a proposal, not a promotion.

  3. Self-correction can be verifier-grounded and information-bounded.
  4. The next attempt is informed by compact gate evidence rather than an unrestricted transcript of hidden failures.

  5. Live experiments can retain research-grade provenance.
  6. Provider, endpoint, model, sampling configuration, seed, cache context, source revision, usage, and cost metadata are part of the run record.

  7. Model comparisons should share the same task suite and verification boundary.
  8. The model matrix is designed to compare observed reliability, cost, and latency without changing the gates or repair budget between models.

  9. A repair result should remain inspectable after it completes.
  10. Archives, traces, response files, patches, static reports, and summary artifacts make promotion and rejection explainable.

Remaining Limitations

PatchProof is a rigorous technical harness, not a claim of universal autonomous software engineering. Important limitations remain:

  • The deterministic benchmark still uses curated candidate pools. This is intentional for controlled ablation, but it is not a substitute for a broad live-model study.
  • Live benchmark results depend on the provider, model version, endpoint behavior, prompt format, sampling configuration, and task suite. A cache or seed improves reproducibility but does not guarantee deterministic provider behavior.
  • The included tasks are Python repairs and compact multi-file workflows. They do not represent long-running product development, complex build systems, security-sensitive deployment pipelines, or very large repositories.
  • Release-gate tests simulate a hidden boundary within repository-controlled tasks. They are not a full replacement for independent real-world acceptance testing.
  • Cost is reported only when a provider returns complete usage data and the user supplies a matching price schedule. This is deliberate, because incomplete accounting should not be presented as a precise monetary measurement.
  • Generator-declared metadata is useful provenance, not proof that the model's self-description is correct. PatchProof validates route names but continues to rely on gate outcomes for promotion.
  • The model matrix reports comparative observations and uncertainty. It does not by itself establish causal superiority or broad statistical generalization.

Conclusion

PatchProof carries the earlier DarwinPatch reliability controller into live LLM evaluation without abandoning the original project's careful claims.


The strongest version of the current claim is:

PatchProof provides gate-verified repair search and reproducible benchmarks for coding agents. It evaluates curated or live-generated patches through hard gates, bounded evidence, route-aware repair, archived provenance, and comparative reporting across models and providers.

Note that PatchProof does not promise that every coding task can be repaired automatically. It provides the engineering and research machinery needed to ask a more useful question: when a model proposes a patch, what evidence shows that the patch was safe, verified, reproducible, and worth promoting?

BibTex

@article{
        patchproof, 
        title={PatchProof: Gate-Verified Repair Search and Reproducible Benchmarks for Coding Agents}, 
        author={Taneem Ullah Jan},
        year={2026}
      }