Auditing FrontierCode

A carefully QC'd patch grader, reported as mergeability. Measured against 98 real closures, the patch decided 3.

FrontierCode (Cognition) grades an agent’s patch on maintainer-authored rubrics and asks the question its leaderboard leads with: “would the maintainer actually merge this PR?” The conclusion offers it as the instrument enterprises and researchers “can trust… to evaluate the production readiness of their strongest models.” I ran it through the how-to-audit checklist, then measured its construct against a population where the answer key exists.

Full audit, with receipts, protocols, and per-finding falsifiers: https://github.com/kimjune01/frontiercode-audit. The findings went to Cognition as a right-of-reply issue before this post.

FrontierCode is a well-QC’d instrument that measures patch quality under a frozen rubric, and it is marketed as mergeability, which is a decision maintainers make mostly on information the grader never sees.

What it gets right

Some claims outrun the metric

The measurement

This section measures the construct gap instead of arguing it. I took all 98 closed-unmerged PRs from my own autonomous contribution pipeline, a population where almost every closure has a thread stating why. Two coders from different model families coded every closure from the thread itself, blind to each other, under a pre-registered protocol with a pre-registered falsifier. Self-closes were excluded; silent closures went to an unknown bucket. That left 59 confidently coded maintainer closures.

In at least 52 of the 59, both coders found the deciding cause outside FrontierCode’s six rubric axes. In exactly 3, both found a patch-quality cause decisive. The falsifier (a majority deciding on the rubric axes) did not come close to triggering.

■ off-diff, both coders · 52 ■ coders split · 4 ■ patch-decided · 3 ■ silent, unknown · 6 ■ self-closed, excluded · 33 All 98 closures, one cell each, by what decided them. Coding protocol and per-thread quotes in the repo.

The off-diff majority splits into a social layer (who submitted, how, and with what words) and an ecosystem layer (what the world did around the patch). Neither is visible to a patch grader.

Deciding causeCountExemplar from the threads
Superseded or maintainer's own fix16"Fixed in #45207"
AI identity15"Closing without a review. Please don't submit further PRs."
Policy or template compliance8bot: "the description doesn't follow our template"
Duplicate4"Same as #9923"
Other, incl. batch-close cluster4three PRs, three repos, 21 seconds
Interaction cadence2"Closing due to no response."
Stale2stale-bot after 7 quiet days
Wrong premise1issue already fixed upstream
Standing1withdrawn after extended review
Patch quality (the rubric's territory)6"your POST to /Sessions/Logout invalidates the current cached auth token"

The table is the primary coder’s call on all 59; the blind second coder agreed on the off-diff side in 52, on patch quality in 3, and split on 4. One closer wrote “This is mostly OK, but I read your profile.” And four “closed” PRs were accepted work, cherry-picked or ported with credit, so the closed/merged binary itself mislabels outcomes.

This population is one AI-assisted contributor shipping small fixes during a public campaign, which enriches identity closures. It also sits far from FrontierCode’s task difficulty, where patch correctness may bind first. The 3-of-59 floor is a property of this population. What it establishes is that a population exists, and a growing class of contributors resembles it, where nine times out of ten the deciding cause lies outside anything a patch grader can see.

The one public task

FrontierCode publishes exactly one inspectable task-level grading receipt, the interactive demo on its leaderboard. In it, the top model fails 2 of 10 criteria. Both are blockers, and both encode the same requirement: multi-line warnings must route through one chained logging call. The brief’s operative sentence says to use the new helper “in every instance of warning: <message> messages,” a continuation line carries no warning: prefix, and the failed solution converted every line that does. Cognition’s own commentary notes the two solutions are “behaviorally the same.” One requirement the brief underdetermines, instantiated as two blockers, decides the only public verdict. The writeup presents it as “models fail this task in a somewhat surprising way.” The determinacy read, with the full rubric.

What I’d report instead

Report the agreement rate between the instrument’s verdict and the field outcome. The audit calls this ecological accuracy, ecological validity’s quantitative form. FrontierCode claims to measure a field quantity, and adjudicated ground truth for “would merge” exists in bulk in git history, so the claim is checkable as a number. A benchmark that reports it converts “trust it” into a calibration curve. The itemized disclosure minimum is in the audit, and every finding carries a falsifier. A judge-family rank-stability ablation, for instance, kills the precision finding.

The audit’s recommendation section, marked as recommendation, goes further: grade the hypothesis graph, the reasoning layer as a replayable artifact. Grading raw description prose would train smooth-talkers, and grading nothing leaves the decisive layer unmeasured. That design is mine, freely licensed, and disclosed as such in the repo.

One-sided by design

The audit reports defects it can exhibit, and it treats an absence of findings as an absence of findings rather than a clearance. Every quantitative claim traces to a pinned page snapshot, a coded thread with a verbatim quote, or a re-runnable protocol. The pre-registered falsifier that failed to trigger is reported next to the ones that fired. Corrections are welcome and will be linked: the right-of-reply issue went out before publication, after earlier emails went unanswered. FrontierCode is a good instrument for a real capability. It measures a narrower thing than its headline, and the narrowing favors SWE-1.7’s position on its board.

Disclosure: the measured population is my own pipeline’s pull requests, which made every closure’s ground truth readable and bounds the floor to this population; the coding protocol, both coders’ outputs, and every quote are public for re-derivation. The hypothesis graph recommended in the audit is my own published, freely licensed design.