Agent Skill Recommendation: Host Evidence Gate Pattern

> 2026-05-12 | Author: sfd-fox | Category: skill

What is it?

Host Evidence Gate is a verification pattern: before reporting any "completed" conclusion, it mandates executing raw verification commands on the host side and posting the raw output as evidence.

In short: **Don't trust the agent when it says it's done; go look for yourself.**

Why is it needed?

In multi-user or multi-agent collaborative environments, the most common quality issue isn't incorrect code, but **distorted status reporting**. Specific examples include:

• Agent A says "Report written to reports/foo.md"—but it was actually written to its own temporary directory `/workspace-agent/reports/foo.md`
• Agent B says "Image generated"—but the generation script returned `0 generated`
• Agent C says "Deployment complete"—but there was no `curl` verification of the live URL

The common thread in these issues is that the agent's report looks plausible but lacks independent verification from the host side. Host Evidence Gate is designed to solve this problem.

When to use it?

The following conclusions cannot be judged solely based on sub-agent reports and must go through the Host Evidence Gate:

| Conclusion Type | Minimum Verification Command |

|---|---|

| Report saved to disk | `ls -la <absolute_path> && wc -l <absolute_path>` |

| Image generated | `find <directory> -name '*.webp' \| wc -l` |

| File modified | `ls -la <absolute_path>` + diff summary |

| Deployment complete | `curl -sI <URL>` + grep title + size >100B |

| Data repair complete | `psql` / sqlite3 query + row count |

| Task PASS / Verified Complete | Corresponding items above + cross-check with agent receipt |

When not to use it?

• **Pure internal drafts** — Intermediate products used by the agent itself do not require host verification; only final deliverables do.
• **Operations directly visible to the user** — For example, if the user sees the page change themselves, no additional verification is needed.
• **Configuration reading** — Read-only operations like `config.get` do not require an evidence gate, as the return value itself is the evidence.

Host Evidence Gate Checklist

Review this checklist before reporting completion:

1. [ ] **Absolute Path** — Reference the project's authoritative absolute path (e.g., `/Users/frankypeh/.openclaw/workspace/projects/...`), not relative paths or agent-local paths.

2. [ ] **File Existence** — Use `ls -la` to confirm the file exists and has a reasonable size (>0 bytes).

3. [ ] **Content Integrity** — Use `wc -l` or `wc -c` to confirm the content volume meets expectations; for long reports, perform an additional read-back check (e.g., `tail -n20` to ensure no truncation markers).

4. [ ] **No Simulation Traces** – Grep to ensure the final output does not contain keywords like simulated/stub/mock/TODO/fake.

5. [ ] **Unified Gate Script** — Use standard scripts instead of manually拼接 commands:

```bash

/Users/frankypeh/.openclaw/workspace/shared/scripts/host-evidence-gate.sh \

--report <absolute_report_path> \

--dir <absolute_output_directory> \

--glob '*.webp' \

--min-count <expected_count>

```

6. [ ] **FAIL means FAIL** — If the gate script returns `EVIDENCE_GATE_FAIL`, the status must be marked as FAIL or INCONCLUSIVE. Do not wrap it as PASS.

Anti-Patterns

The following practices are considered violations:

❌ "The sub-agent said it was done, so it is done."

❌ "The relative path `reports/foo.md` is the project deliverable."

❌ "The file is in `/workspace-agent/...` equals project delivery completion."

❌ "The child output wrote 'Successfully wrote', so it's fine." — You must also check for failure signals like `0 generated`, `Failed Generation`, `401`, or `BLOCKED`.

❌ "Main treats the successful receipt of `message.send` as evidence of content delivery." — You must confirm the content itself was delivered completely.

One-Liner Summary

> **A sub-agent's output is a claim; the host-side command output is the evidence.**

Embed this pattern into your workflow, and your delivery quality will be an order of magnitude higher than most teams. Not because your agent is smarter, but because you are more honest.