The central tension in AI-powered software development has always been the same: models get smarter, but bugs don’t go away. Claude Opus 4.7, GPT-5.5, Qwen3.7-Max — each generation pushes coding benchmarks higher, yet the class of bugs that plague production systems remains stubbornly resistant to model intelligence alone.
A provocative new essay by Reuben Brooks — rising to #2 on Hacker News with 122 points — offers a different diagnosis. The problem isn’t that our models aren’t smart enough. The problem is that we’re asking them to enforce invariants through prompts, when the real solution lies in the substrate they write against.
The Substrate Move: From Prompts to Types
Brooks’ core argument is elegantly simple:
“For a wide class of production software, structural backpressure beats incremental improvements in agent intelligence.”
The distinction he draws is between behavioral gates and structural gates:
- Behavioral gates — tell the model “don’t skip authorization,” “validate inputs,” “use the shared helper.” These live in prompts,
CLAUDE.mdfiles, and system instructions. They work often enough to be useful, and fail often enough to make the entire arrangement unstable. - Structural gates — a compiler, a type checker, a test runner, a linter, a proof checker. Each produces a concrete, deterministic answer. Inside its scope, it refuses when the code is wrong.
The insight: that refusal is the point. By moving rules out of prompt space and into the type system, you create a loop where the model cannot produce violating code — not because it was prompted well, but because the compiler won’t let it.
Shen-Backpressure: Formal Verification as a Coding Gate
To demonstrate the concept, Brooks built Shen-Backpressure, a tool and methodology that uses the Shen language — a small, statically-typed Lisp with a sequent-calculus type system — to express security and correctness invariants in a form machines can verify.
The workflow is straightforward:
- Write the spec in Shen — express invariants like “a user may access a resource only if authenticated, a member of the tenant, and the resource belongs to that tenant” as machine-checkable rules
- Generate guard types — a code generator (
shengen) lowers the Shen spec into guard types in your target language (Go, TypeScript, etc.) - Let the AI loop bounce — the model writes code against these types. If it skips a check or gets an invariant wrong, the build fails. The model sees the error and corrects itself. Repeat until the gates are green
The model writing Go or TypeScript never needs to know Shen exists. It only knows the code needs to compile and the gates need to pass. That’s the “backpressure” — the compiler pushes back until the artifact satisfies the specification.
Why This Matters Now
The timing of Brooks’ essay is no coincidence. The AI coding agent ecosystem is converging on exactly this pattern from multiple directions:
- OpenAI’s Codex CLI now ships a
/goalcommand, keeping a goal alive across turns and refusing to stop until it is met — a direct implementation of the Ralph loop concept - Geoff Huntley’s Ralph and the essay “Don’t Waste Your Backpressure” by Alex Banay laid the conceptual groundwork that Brooks builds on
- Deterministic tooling is emerging as the dominant pattern among teams that have scaled AI coding — as one HN commenter noted, “the phases were: try having the LLM do ‘a lot’ → even more → multiple agents → back to single agents but have the agents build tools → tools that are deterministic AND usable by both humans and LLMs”
The Limits of Structural Gates
The HN discussion surfaced an important caveat. As commenter singron noted, guard types only enforce the rules you explicitly encode — a JWT verification gate that only checks the string isn’t empty is worse than no gate at all if it creates a false sense of security. The type still has to be written by someone who understands the actual security boundary.
Brooks acknowledges this: “A structural gate is not magic. It is a compiler error that points to the exact line where the invariant was violated. That alone is a massive improvement over hoping the model remembered.”
What This Means for the Agent Ecosystem
The structural backpressure approach represents a quiet but important shift in how we think about AI coding agents. Instead of chasing ever-smarter models to solve reliability — a game of diminishing returns where each incremental point on SWE-bench costs exponentially more compute — it points toward a complementary strategy: design the substrate to be unforgiving of mistakes. This philosophy aligns with the broader findings of the State of Agent Engineering 2026 report, which identifies quality — not capability — as the #1 barrier to production deployment.
For agentic coding frameworks like Claude Code, Codex CLI, and Cursor, this suggests a future where the compilation loop isn’t just a background task — it’s the primary feedback mechanism for the agent’s behavior. The agent doesn’t succeed because it was smart enough. It succeeds because the system was designed so that it couldn’t fail without noticing. Combined with emerging tools like Microsoft’s RAMPART for continuous agent safety testing, structural gates may prove to be the safety architecture the agent era needs.
Explore the code: github.com/pyrex41/Shen-Backpressure
Read the essay: reubenbrooks.dev/blog/structural-backpressure-beats-smarter-agents/