CLAUDE LABJP
COWORK — Claude Cowork expands to web and mobile with remote sessions, synced files, and a shared Chat and Cowork home across devicesM365 — Claude Cowork adds Microsoft 365 write tools to draft and send email, manage calendars, and update OneDrive and SharePoint filesMCP — Admins can provision MCP connectors org-wide through their identity provider, starting with Okta, with access granted on first loginCODE — Claude Code fixes SessionStart hook streaming in headless sessions so remote workers are not idle-reaped mid-hookGOV — Claude Code and Claude Cowork are in public beta in Claude for Government Desktop on a FedRAMP High authorized environmentLIMITS — Claude Code weekly usage limits are increased by 50% through July 13COWORK — Claude Cowork expands to web and mobile with remote sessions, synced files, and a shared Chat and Cowork home across devicesM365 — Claude Cowork adds Microsoft 365 write tools to draft and send email, manage calendars, and update OneDrive and SharePoint filesMCP — Admins can provision MCP connectors org-wide through their identity provider, starting with Okta, with access granted on first loginCODE — Claude Code fixes SessionStart hook streaming in headless sessions so remote workers are not idle-reaped mid-hookGOV — Claude Code and Claude Cowork are in public beta in Claude for Government Desktop on a FedRAMP High authorized environmentLIMITS — Claude Code weekly usage limits are increased by 50% through July 13
Articles/Claude Code
Claude Code/2026-07-09Advanced

Is the Draft That Passed the Gate the Same One You Published?

In unattended pipelines, the file your quality gate inspected and the file you actually publish can quietly diverge. Here is a digest-bound gate receipt design, with working code and measured results from 180 days of running it.

claude-code125autonomous-operationsCI/CD18quality-gatesproduction109

Premium Article

One morning, the unattended pipeline I run overnight published something it should have refused to publish.

The execution log showed the quality gate printing a clean pass. A few lines below, git push reported success. Nothing was red. And yet the published text contained exactly the phrasing the gate was written to reject.

I stared at the screen for a while before it landed. The file the gate had read and the file git add had picked up shared a path, but not contents. In the seconds between the gate finishing and the push starting, another process had rewritten it.

No errors. Every step "succeeded." That quiet is the hardest part of running things unattended.

What Slips In Between Checking and Publishing

This is a textbook TOCTOU problem — time-of-check to time-of-use. A filesystem path is a reference, not a value. It does not promise to hold the contents you inspected a moment ago.

In my own pipelines, four distinct paths caused it.

Entry pointWhat happensWhy it hides
Regeneration The agent rewrites the draft to fix a gate violation, then proceeds to push without re-running the gate The old passing result is still sitting in the log
Auto-fix tooling An integrity checker's --fix mode rewrites files and leaves .bak siblings behind git add -A sweeps up files nobody inspected
Stale temp files A write to a fixed-name temp file fails, and last run's contents get read instead The failed write never propagates a non-zero exit
Concurrent processes Another scheduled run touches the same working directory Each run looks successful in isolation

None of these are fixed by making the gate stricter. The problem is not inside the gate. It lives in the gap between the gate and the publish.

The Receipt Idea: Bind the Verdict to the Bytes

The fix I settled on was to stop letting the gate's verdict stand on its own, and instead bind it to a digest of the contents it inspected.

When every gate passes, the pipeline emits a small JSON document containing:

  • The relative path and sha256 digest of each inspected file
  • The name of each gate that ran, plus a digest of the gate script itself
  • The issue time, recorded on both a wall clock and a monotonic clock
  • The pipeline run ID

I call this a receipt. Immediately before publishing, the pipeline reads the receipt and recomputes every digest from disk. If a single byte has moved, nothing gets published.

The key property is that a receipt is issued against contents, not against paths. Paths get rewritten. Digests do not lie.

Thank you for reading this far.

Continue Reading

What follows includes implementation code, benchmarks, and practical content we hope you'll find useful. This site runs without ads — server and development costs are supported entirely by members like you. If it's been helpful, we'd be truly grateful for your support.

WHAT YOU'LL LEARN
Get working code for issuing and verifying a gate receipt that binds pass/fail results to the sha256 digest of every inspected file
Understand why batching verification and publishing into one shell invocation erases the observation point, and learn to find the non-zero exits your pipeline is swallowing
Learn the four ways a file changes after passing a gate — regeneration, auto-fix, stale temp files, concurrent processes — and how to close each one
Secure payment via Stripe · Cancel anytime

Unlock This Article

Get full access to the rest of this article. Buy once, read anytime. This site is ad-free — your support goes directly toward keeping it running.

or
Unlock all articles with Membership →
Share

Thank You for Reading

Claude Lab is ad-free, supported entirely by members like you. We publish practical guides daily with implementation code, benchmarks, and production-ready patterns. If you've found it useful, we'd love to have you on board.

  • Copy-paste ready implementation code
  • New advanced guides published daily
  • $5/mo or $10 for lifetime access
View Membership →

Related Articles

Claude Code2026-07-03
Five Minutes of Silence, and Something Retries on Your Behalf — Rethinking Retry Ownership After the Streaming Idle Watchdog Became a Default
Claude Code's streaming idle watchdog is now on by default, quietly adding another retrying layer to your stack. This article inventories the four layers (SDK, wrapper, watchdog, scheduler), computes worst-case attempt amplification, and shows how to collapse retry ownership into a single layer.
Claude Code2026-05-05
7 Design Principles for Production-Grade Autonomous Agents with Claude Code SDK
Building a Claude Code SDK agent that works is easy. Building one that keeps working in production is hard. Here are the 7 design principles I extracted from running content automation systems at scale.
Claude Code2026-05-02
Designing Zero-Downtime Database Migrations with Claude Code: A Production Operations Guide
A production guide to designing zero-downtime database migrations with Claude Code. Covers Expand-Contract, NOT NULL additions, renames, backfills, and subagent reviews — practical patterns that survive real production traffic.
📚RECOMMENDED BOOKS
Build a Large Language Model (From Scratch)
Sebastian Raschka
LLM Dev
Prompt Engineering for LLMs
Berryman & Ziegler
Prompting
AI Engineering
Chip Huyen
AI Eng
* Contains affiliate links
See all →