VIBE✓ adds friction to AI coding agents

Mozilla.ai is introducing VIBE✓, a human-centered design framework, to its cq coding agent. This system aims to prevent coding agents from repeating mistakes by reviewing shared knowledge units before they enter a common memory store. The integration, detailed on the Mozilla Blog, seeks to address the risks associated with automation bias.

cq allows coding agents to share resolution paths for novel errors. Developers can also use the /cq:reflect command to summarize context, find similar errors, and propose solutions. While this process minimizes human friction, it introduces a vulnerability: automation bias, where users overly trust automated decisions.

This bias can lead to serious issues like API key leakage or PII exposure. Although /cq:reflect includes instructions to remove sensitive data, the risk persists. VIBE✓, developed by Lauren Mushro, Human-Centered Design Lead at Bank of Montreal, provides criteria for both humans and agents to scrutinize these knowledge units.

VIBE✓: Pre-Deployment Accountability

VIBE✓ acts as pre-deployment accountability infrastructure, reintroducing necessary friction into the development pipeline. It forces teams to document potential vulnerabilities, blind spots, and intention-impact gaps before a system goes live.

The framework's name derives from four documentation categories:

• Vulnerability: Assesses exposure risks of the code.
• Intention versus Impact: Bridges the gap between intended function and actual outcomes.
• Bias & Blind Spots: Identifies known limitations in training data or assumptions.
• Edge Case Handling: Stress-tests the system outside its primary design parameters.

The checkmark (✓) signifies the crucial act of reviewing work before committing it.

VIBE✓ in Action

Vulnerability documentation requires developers to consider what sensitive information might be exposed if an agent's resolution is shared. This step demands human judgment, not automation.

Intention versus Impact analysis documents intended goals, anticipated outcomes, and discrepancies, particularly when measurable metrics conflict with user welfare. This also requires significant human oversight.

Bias and Blindspots prompts teams to document known biases in training data, design assumptions, and system architecture. It also acknowledges the limits of the team's knowledge.

Edge Case Handling involves documenting how the proposed resolution manages inputs or conditions outside its primary design parameters, including failure modes.

Implementation in cq

VIBE✓ is integrated into cq's reflect and propose functionality. It acts as an additional sanitization check for users.

When a user invokes /cq:reflect, candidate knowledge units are generated. VIBE✓ evaluates these units against its four domains, classifying them as 'clean,' 'soft concern,' or 'hard-finding.' Developers are then prompted to review these findings.

For 'soft concerns,' a brief reason for the potential issue is provided. 'Hard-findings' include a suggested rewrite, offering a sanitized option for approval. While sanitization is automated, human approval is critical.

This process deliberately uses friction to catch unintentional breaches and sociotechnical blind spots before they become encoded in system memory.

The future of VIBE✓ could extend beyond cq to become a standard across AI development pipelines. However, the framework acknowledges that checklists alone cannot eliminate automation bias, especially under deadline pressure.

The intentional friction relies on developers having the time, realistic schedules, and institutional support to exercise judgment. VIBE✓ is designed as infrastructure, meant to be paired with industry transformation to ensure continued human judgment in the shipping process.

It is not a replacement for backend guardrail pipelines, but a promising step towards safer and more usable AI coding agents. Developers can try out cq today.