PATTERN Cited by 1 source

Fail-pass flip gate

Intent

Verify automated patches by requiring a clean fail→pass transition on a targeted test before the patch can proceed — preventing AI-generated fixes that break unrelated functionality or introduce new bugs.

Mechanism

1. Fixer runs the targeted regression test before applying the patch — must produce a failing result demonstrating the bug.
2. Fixer applies the proposed patch.
3. Fixer runs the same test after — must produce a passing result.
4. If post-patch test fails, or if a full-suite run detects downstream regressions, the commit is automatically blocked and flagged for human intervention.
5. The Fixer never merges code on its own — human review is the non-negotiable gate for change-management compliance.

Rationale

"Left to patch freely, a model will happily fix a security bug while quietly breaking an unrelated feature or adding dozens of new bugs." (Source: sources/2026-06-18-cloudflare-build-your-own-vulnerability-harness)

Seen in

• systems/cloudflare-vulnerability-validation-system — Fixing stage processes ~80 bugs at 5 min/bug with this gate

Related

• patterns/tiered-remediation-rollout — what happens after the gate is cleared
• patterns/adversarial-cross-model-validation — the upstream validation that feeds the Fixer