The philosophy
It comes from the system around the model. Contracts pin the invariants; the verifier enforces them; the model is free to be brilliant inside the guardrails.
the verifier fires on high-risk seams even when every test is green
Data, tests, and measurement decide, not vibes. A change that passes its spec still earns an adversarial second look on the high-risk seams.
every identifier a plan names is verified to exist before it is written (R6)
No “just for now” shortcuts. One plan done well beats ten patches. The substrate is designed to be copied to other agent-runtime shapes.
the whole substrate is one portable SQLite file, built to copy to other runtimes
Xihe ships the universal harness: orchestration, memory, skills, guardrails. Your domain logic, your brand, your secrets stay yours.
the universal core carries zero domain; your logic and secrets stay in an injected pack
A matter of taste
Taste isn’t decoration. It’s a set of defaults that compound — choices an industry makes for safety, made differently here on purpose.
Spec-driven, disproof-tested
Ordinary delivery writes a spec, builds to it, and ships when acceptance passes. Xihe adds a second half: the spec becomes a falsifiable contract, and passing it is the floor, not the ceiling.
Contract
Passing acceptance doesn’t mean correct. Only surviving attempted disproof does.
Falsifiable
A contract is a hypothesis, not a decree. When the implementation reveals it was wrong, the contract yields — and the change is recorded, never silent. A real instance, in shape:
Most sites prove rigor with green checkmarks. We show a place the method overrode its author.
The pivot
A green suite only proves the code matches the spec — and the spec can be wrong. Passing is the floor, not the ceiling.
High-risk seams face skeptics whose job is to refute the result, not bless it — even when every test is green.
Behaviour is verified at the intent layer, from the outside, not just at the unit it was written against.
Green is the entry fee, not the finish line.
Drift detection
When reasoning starts to wander, a detector classifies the drift and pulls the run back to the last good anchor — no silent degradation.
No silent degradation. Detected, classified, rewound.
Patterns & modes
An agent shouldn’t reason the same way about a typo and a new subsystem. Xihe routes each task to a cognitive mode, and a handful of patterns hold no matter which mode is in play.
| mode | when | method | |
|---|---|---|---|
| M1 | Root-cause | bugs · incidents | five-whys + a red-team self-check + sweep for siblings |
| M2 | First principles | clean new build | question → delete → simplify → accelerate → automate |
| M3 | Subtraction | refactor · cleanup | deletion first; every line earns its place |
| M4 | Search first | cause unknown | search precedent before forming a judgement |
| M5 | Working backwards | architecture · new module | write the PR / FAQ before the code |
| M6 | Evidence-driven | perf · quality | data, tests, and measurement over intuition |
| M7 | Closed loop | deploy · ops · default | set the goal → track the process → take the result |
Types, validation, a state machine, and acceptance tests pin the invariants before code. Implementation that conflicts loses; a contract the code proves wrong yields, on the record.
Any plan naming a concrete identifier (a field, a table, an RPC) must be verified to exist before it’s written down. Structure agents map; ground-truth tools confirm.
Work is sized before it’s done: a one-file tweak, a multi-file change with a precedent, or a cross-layer build that earns a full plan and a cross-model review.
High-risk seams get independent skeptics whose job is to refute the result. Passing the spec isn’t enough; surviving the attack is.
Effort matched to blast radius
An agent shouldn’t reason about a typo and a new subsystem the same way. Work is sized before it’s done, and the discipline that fires scales with what’s at stake.
A CSS tweak, a comment, a config line. Do it, verify, done — no plan.
A change with a standard to follow. Auto-enhance, build direct, verify.
Earns a full plan, a falsifiable contract, and a cross-model review before code.
Ceremony is a cost. Spend it where the blast radius is real.
Plan mode
Ordinary plan mode reads and reasons but can’t write, then hands you a plan. Xihe embeds a full cockpit on top: a deliberation that remembers, ingests, argues with itself, and hardens into a contract — before a single line of code is written.
What we embedded
The cockpit, by command
shift+tab · /plan toggle the cockpit /note <decision> record it into the ledger — re-injected every turn /grill adversarial interrogation → contracts + ADR deltas /council [deep] N lenses → judges → grafted synthesis (best-of-N) /model switch the planning model & thinking level /ref <url> fetch + distil a link into the ledger (pasted URLs auto-ingest) /search <query> metasearch more sources, distilled into context /crystallize save the deliberation to a cross-session crystal store /sdd emit a structured SDD + TDD plan to docs/plan /crystals recall past sessions’ conclusions into this one Plan first, spend later. The cockpit makes the plan a living artifact, not a one-shot prompt.
A second model, adversarial
A different model (Codex) reviews the work — a cross-lens, not a rubber stamp. Its finding is a perspective, not ground truth; taste overrides it. Rounds are capped so review never becomes its own slop.
Past the second round, review ROI falls off a cliff. We stop on purpose.
Converge, don’t just finish
One pass is rarely right. The whole graph runs, a judge asks “has it converged?”, and if not the failure is fed back and the conductor redraws — round after round, until it converges or a bounded cap stops it.
A hard round cap (default 3) — convergence or a clean stop, never an infinite loop.
Stuck for a round or two? The conductor escalates to a stronger model and redraws — not the same brain trying harder.
The fixpoint judge is the single verify loop; the executor’s inner verify is switched off here, so the two never nest and double the cost.
Passing once is luck. Converging is a property of the loop.
Token efficiency by design
Quality is never free, but waste is a choice. The harness is engineered to put every token where it earns its keep: shared context computed once, tools that load on demand, reasoning that runs as code instead of prose.
−92% per-leaf context. The shared context is computed once and frozen; every leaf inherits it instead of recomputing — which is what makes DeepSeek 256-wide and MiMo 8-wide affordable.
~70% fewer tool-schema tokens. Every tool converges on one route; the menu stays resident, schemas load on demand instead of bloating each prompt. The mechanism lives on the Harness page.
1 MB → 7 KB on a big result. Verbose reasoning becomes code: compute the answer in a script and return only the result, not the whole file.
The taste behind it: pay for quality, never for waste.
Routing that learns
We don’t hand-pick “DeepSeek for coding” forever. For each kind of leaf, an ε-greedy bandit mostly uses the current best model, occasionally tries another, and updates on the reward — so the routing sharpens itself, per deployment.
A leaf’s reward is its own success × the verifier’s verdict. The same check that guards quality teaches the router what’s worth its money.
It ships as a mechanism, not a tuned policy. Your model line-up and your tasks are unique — the bandit learns yours from your own runs.
Cold-start is today’s static routing — day-one behaviour, zero regression. Exploration is bounded; a bad pick is caught by the verifier and escalated. The learned table persists in SQLite and compounds across sessions.
Spend the compute where it earns its keep — discovered, not decreed.
Concurrency economics
Quality and cost usually trade off. A frozen prefix and a judge panel let Xihe buy quality with concurrency instead of with tokens — which is why we lean on cheap, fast models run wide: DeepSeek v4-flash fanned out for the rivals, MiMo v2.5 brought in for multimodal execution. One attempt is a coin-flip; ten attempts, scored and grafted, are a guarantee that the best one survives.
Each attempt is scored on cost, quality, and latency. The winner is grafted into the main tree; the rest are discarded. No blind chance.
When the change touches code everything else stands on, you do not want the first plausible diff — you want the one that survived four rivals.
A problem with ten reasonable shapes and no obvious winner. Generate the shapes in parallel, let a judge panel argue them down to one.
Where a single pass is a coin-flip, N passes converge. The spread between attempts is itself a signal that the spec needs sharpening.
Anything cheap to get wrong now and ruinous to find in production. Pay a little concurrency here to never pay the incident later.
