Recoleta Trends
Language
enzh-CN
GitHub
Trend brief · 2026-03-09

Code agents move toward verifiable closed loops as safety auditing and R&D automation heat up in parallel

Today’s material is unusually concentrated. The core story is not simply that “there are more agents,” but that “agents are becoming more like engineered systems.” Training, verification, safety, and deployment are…

6 tracked topics
Evolution3 signals · Continuing 1 · Shifting 1 · Emerging 1
Software Intelligence
software-agentsagent-evaluationagent-safetysoftware-engineeringrl-agentsautonomous-optimization
Source markdown

Overview

Today’s material is unusually concentrated. The core story is not simply that “there are more agents,” but that “agents are becoming more like engineered systems.” Training, verification, safety, and deployment are starting to be connected into a closed loop. The strongest signal comes from software engineering agents. SWE-Fuse no longer treats issue text as the only entry point, but explicitly trains the ability to “find problems through testing and debugging even without a reliable issue.” This weak-supervision approach is pragmatic and closer to real repositories. Pushing a 32B open-weight model to 60.2% on SWE-bench Verified suggests that improvements in code agents are increasingly coming from training recipes and trajectory design, not just larger base models. The second change is that agents themselves are starting to be treated as objects that can be compiled, tested, and evaluated. TDAD turns behavioral specifications into tests and then works backward to prompts; PostTrainBench directly asks whether an agent can automatically complete LLM post-training.

Evolution

3 signals3 history windows

Today continues the same thread as Structured code intelligence, long-running agent… (2026-03-08), Software engineering agents move toward executio… (2026-03-07), and Coding agents move toward self-correction, casca… (2026-03-06): the main line is still the engineering of code and agents. But the change is that verification, evaluation, and safety gating are moving closer to the internal artifacts themselves. System prompts, training trajectories, post-training workflows, and production hot updates are starting to be treated as objects that can be tested, audited, and compared.

Code agents continue toward verifiable closed loops

Continuing
History
Structured code intelligence, long-running agent… (2026-03-08)Software engineering agents move toward executio… (2026-03-07)Coding agents move toward self-correction, casca… (2026-03-06)
Continuing the main thread from Coding agents move toward self-correction, casca… (2026-03-06) and Software engineering agents move toward executio… (2026-03-07) into…Read full rationaleCollapse

Continuing the main thread from Coding agents move toward self-correction, casca… (2026-03-06) and Software engineering agents move toward executio… (2026-03-07) into Structured code intelligence, long-running agent… (2026-03-08), code agents are still moving from “can generate” toward “can execute in a verifiable way.” But today the evidence is stronger: SWE-Fuse no longer emphasizes only self-correction, but pushes 32B solve rate to 60.2% on SWE-bench Verified and 65.2% with TTS@8; Datadog’s autonomous optimization system directly connects verification to production hot updates, improving throughput from 7,106 msg/s to 26,263 msg/s while retaining traffic-hash checks. Compared with execution loops such as Echo in Software engineering agents move toward executio… (2026-03-07), today’s loops are closer to an integrated train-verify-deploy pipeline.

Agent safety shifts from external governance to internal artifact auditing

Shifting
History
Structured code intelligence, long-running agent… (2026-03-08)Coding agents move toward self-correction, casca… (2026-03-06)
The safety focus has shifted relative to Structured code intelligence, long-running agent… (2026-03-08) and Coding agents move toward self-correction, casca……Read full rationaleCollapse

The safety focus has shifted relative to Structured code intelligence, long-running agent… (2026-03-08) and Coding agents move toward self-correction, casca… (2026-03-06). Earlier work emphasized dataflow governance, verifiable safety, and failure taxonomy; today it lands more concretely on two internal artifacts: “system prompt architecture” and the “multi-round code editing process.” Arbiter found 152 findings across Claude Code, Codex CLI, and Gemini CLI, and noted that 20 of the 21 interference classes in Claude Code are statically detectable; SCAFFOLD-CEGIS, meanwhile, provides quantified evidence of security degradation in iterative chains: under GPT-4o, 43.7% of chains had more vulnerabilities after 10 rounds, while full gating reduced degradation to 2.1%. This is more engineering-oriented and measurable than the broader governance framing in Structured code intelligence, long-running agent… (2026-03-08).

Benchmarks for automating agent R&D begin to take shape

Emerging
History
Structured code intelligence, long-running agent… (2026-03-08)Software engineering agents move toward executio… (2026-03-07)
Compared with the long-running systems in Structured code intelligence, long-running agent… (2026-03-08) and the protocol/language-level constraints in Software…Read full rationaleCollapse

Compared with the long-running systems in Structured code intelligence, long-running agent… (2026-03-08) and the protocol/language-level constraints in Software engineering agents move toward executio… (2026-03-07), today shows a clearer new signal: benchmarking the agent’s own R&D workflow. TDAD uses SpecSuite-Core to compile specifications into tests; across 24 trials, v1 compile success was 92%, v2 was 58%, and SURS was 97%. PostTrainBench, meanwhile, is the first to place autonomous post-training under a unified constraint of 10 hours on a single H100, where the best agent reached 23.2% ± 1.8. Although still below the official instruction-tuned 51.1%, it already shows localized outperformance on narrow tasks like BFCL, with 89% and 91%. The research object is expanding from “agents complete tasks” to “agents improve models and prompts themselves.”

Clusters

Software engineering agents shift toward weakly supervised repair training

The strongest theme of the day remained software engineering agents, but the focus shifted from “can write code” to “can repair reliably under messy task descriptions.” SWE-Fuse jointly trains on trajectories with issues and without issues, and uses entropy-aware RLVR to improve exploration quality; on SWE-bench Verified, the 8B/32B models reached 43.0%/60.2%, and 49.8%/65.2% after TTS@8. This suggests code-agent training is beginning to rely less on clean supervision and more on testing, debugging, and trajectory quality control.

Representative sources

Agent development enters a “testable, evaluable” phase

Another clear theme is the engineering of the agent development process itself. TDAD compiles behavioral specifications into tests, then repeatedly revises prompts; across 24 trials, the v1 compile success rate was 92%, with a hidden-test pass rate of 97%. In parallel, PostTrainBench turns “automatic post-training” into a public evaluation under constrained compute: the best agent achieved a weighted average of 23.2%, above the base model’s 7.5% but still well below the official instruction-tuned 51.1%. Together, this line of work pushes agents from demos toward quantifiable development workflows.

Representative sources

Agent safety moves upstream to prompt architecture and iterative gating

Safety is no longer discussed only in terms of prompt injection, but is moving upstream into system-prompt architecture and iterative code modification. Arbiter treats the system prompt as a software artifact for interference analysis, finding 152 findings across three classes of coding agents at a total cost of just $0.27. SCAFFOLD-CEGIS shows that multi-round refinement can quietly harm security: under GPT-4o, 43.7% of iteration chains had more vulnerabilities after 10 rounds, while the full framework reduced latent security degradation to 2.1% and achieved 100% safety monotonicity.

Representative sources

Agent closed loops deepen into test generation and production optimization

The day also brought a batch of evidence for “agents directly driving real execution systems.” A Java fuzzing project used a five-agent pipeline to automatically generate harnesses, achieving a median +26% method-targeted coverage across 6 libraries and 7 target methods, and finding 3 previously unreported bugs within 12 hours. Datadog’s autonomous optimization system, meanwhile, chained together LLM evolution, formal verification, shadow traffic, and hot updates into a closed loop, raising throughput for one workload from 7,106 msg/s to 26,263 msg/s, a 270% improvement. This shows agents pushing deeper into testing and production performance optimization.

Representative sources

RL retrieval agents and native Agent languages begin to emerge

Another newer side trend is applying RL directly to retrieval behavior itself, rather than only to answer quality. In finance, agentic RAG training turns a 4B small model into a retrieval agent, claiming answer-match frequency about 35% higher than GPT-5.2 and pass@8 up about 63%. At the same time, projects like Agentis attempt to build prompts, verification, budgets, and branch execution directly into the language and versioning system. The former is more about empirical performance, while the latter is more about runtime and language design.

Representative sources

Built with Recoleta

Run your own research radar

Turn arXiv, Hacker News, OpenReview, Hugging Face Daily Papers, and RSS into local Markdown, Obsidian notes, Telegram digests, and a public site.

View repo5-minute quickstart
NewerRobot VLA shifts toward dexterous manipulation, long-horizon recovery, and multi-task deploymentOlderRobot VLA moves toward automatic data generation, post-training enhancement, and interactive world models