DAILY NEWS

Stay Ahead, Stay Informed – Every Day

Advertisement
Faithfulness gate: the agent layer most teams skip



A B2B SaaS team got an angry email from a customer last quarter. The customer’s account team had asked the company’s AI assistant whether their plan included SSO. The assistant said yes. The customer’s IT team spent two days trying to configure it, escalated to support, and discovered the assistant had been wrong. SSO was on the Enterprise tier. The customer was on Pro.

The assistant had searched the documentation, found nothing definitive about which tiers included SSO, and produced a fluent answer based on what seemed plausible from training data. The user had no way to know it was a hallucination.

The fix was not “a better model.” A larger LLM would have hallucinated more confidently with the same insufficient context. The fix was a layer that should have been there from day one: a faithfulness gate that checks whether the agent’s response is actually grounded in the retrieved context before shipping it to the user.

This is one of the highest-leverage interventions for production AI agents. Most teams skip it because the failure mode is invisible until a customer complains.

What faithfulness actually measures

Faithfulness is a single question: does the agent’s response make claims that are supported by the context the agent retrieved?

If the agent searched the KB and found “Pro tier includes basic features X, Y, Z. Enterprise tier includes X, Y, Z plus advanced features A, B, C, including SSO,” then a response saying “your Pro plan includes SSO” is unfaithful. The retrieved context does not support that claim.

This is different from “is the response correct.” Correctness requires ground truth. Faithfulness only requires the retrieved context. You can check it without a human in the loop.

The mechanic: extract atomic claims from the response, check each claim against the retrieved context, return a score. Below threshold, the response is unfaithful and should not be shipped.

How the gate actually works

The pattern is straightforward:

Agent generates a response based on retrieved context
A separate LLM call (the “judge”) extracts the atomic claims from the response
For each claim, the judge checks whether the retrieved context supports it
The faithfulness score is the fraction of claims supported
If the score is below threshold (we default to 0.85), the response is rejected
The agent either retries with revised context or returns “I cannot answer this confidently from available information”

Frameworks like Ragas implement this directly. You can also build it yourself with a single LLM call using a structured prompt. The judge model does not need to be the production model. We typically use GPT-4o-mini or Claude Haiku for the judge to keep costs low; they are accurate enough for this task.

Why this catches what model size does not

Bigger models are not less likely to hallucinate. They are more confident hallucinators. Given the same insufficient context, GPT-4o will produce a better-written, more structured, more authoritative-sounding wrong answer than GPT-3.5 ever could.

The faithfulness gate works at a different layer than the model. It does not care how confident the model sounds. It only cares whether the claims in the response can be traced back to the retrieved context.

In the team’s audit, faithfulness gates caught about 40% of the responses that customers had previously reported as wrong. Most of those would not have been caught by switching to a more expensive model.

The threshold question

Where to set the faithfulness threshold is a product decision, not a technical one.

0.95 and above: very strict. Use for legal advice, medical information, financial recommendations, regulatory compliance. The cost is more “I cannot answer” responses, which is the right cost for high-stakes domains.
0.85 to 0.95: production default for B2B SaaS. Catches most confident hallucinations without rejecting legitimate responses that have minor unsupported flourishes.
0.70 to 0.85: more permissive. Use for internal tools where users can self-verify, or for early-stage products where rejecting too many responses kills the UX.
Below 0.70: effectively disabled. Not recommended for customer-facing.

The team we worked with was in B2B SaaS. We set the threshold at 0.88 initially, monitored the rejection rate (about 6% of responses), and tuned to 0.85 after a week when the rejection rate felt too aggressive for the user experience.

What to do when the gate fails

The agent has three options when a response fails the faithfulness check:

Retry with augmented context. The agent searches again with a query informed by the failure. Sometimes the original retrieval was insufficient and a second pass surfaces the missing context. Retry once, max twice. Beyond that, do not loop.

Return “I cannot answer this confidently.” Honest about the limitation. Surfaces a real product problem (insufficient documentation, ambiguous query) that the team can address. Better than a confident wrong answer.

Escalate to human handoff. The agent surfaces the question to a human support agent, with the retrieved context attached. Useful for customer-facing systems where “I don’t know” is not an acceptable terminal state.

Production teams ship all three. Retry first (cheap, often resolves), fallback to honest “I don’t know” (acceptable for low-stakes), escalate for high-stakes or repeat questions.

What we shipped for the team

The original system was a customer support agent with RAG over the documentation. We added:

Faithfulness check on every response, using GPT-4o-mini as the judge model.
Threshold of 0.85 for production responses.
Retry once with augmented retrieval if the first response failed the check.
Honest fallback (“I cannot find that specific information in our documentation. Would you like me to escalate to a human agent?”) for responses that failed twice.
Logging of every failed faithfulness check, so the team can review patterns and improve documentation coverage.

Customer-reported wrong answers dropped 60% in the first month. The faithfulness gate did not improve correctness in the abstract; it just stopped the system from confidently shipping wrong answers to customers. The honest “I don’t know” responses were initially worried about (would users be unhappy?) but turned out to be received well. Users prefer “I don’t know” to wrong answers, even when they think they want fast answers.

The unexpected benefit was the failed-check log. The team now had a list of every question the documentation could not confidently answer. That became the documentation backlog. Six months in, customer-reported issues had dropped 80% from the pre-gate baseline, partly from the gate and partly from the documentation improvements the gate surfaced.

When the gate is not enough

A faithfulness gate prevents one specific failure mode: claims unsupported by retrieved context. It does not catch:

Wrong context retrieved. If the RAG pipeline pulled the wrong document, the response will be faithful to the wrong source. Need eval for this.
Outdated context. Faithful to documentation that was correct six months ago and is now stale. Need versioning and freshness tracking.
Subtly wrong reasoning. Claims supported by context but the inference between them is invalid. Need stronger evaluation, possibly human review.

The gate is necessary but not sufficient for production reliability. It is the highest-leverage single intervention, but it is not the only intervention.

The Sapota recommendation

For production agents that handle factual queries (customer support, internal knowledge, compliance, anything where being wrong has cost):

Add a faithfulness gate on the response path
Use a cheap judge model (GPT-4o-mini, Haiku) to keep costs low
Set threshold at 0.85 to start, tune based on rejection rate
Implement retry-once and honest-fallback policies
Log every failure for documentation improvement

The infrastructure cost is roughly $0.001 per response. The reduction in customer-reported errors is typically 40 to 60% in the first month.

This is not optional for production B2B agents. It is the layer that turns a demo into a product.

If your agent has been confidently wrong

If your team has had customers report incorrect answers from your AI assistant, and “we’ll switch to a better model” has not fixed it, the missing layer is almost certainly faithfulness checking.

Sapota offers a one-week implementation engagement that adds faithfulness checking to your existing agent, calibrates the threshold against your historical reports, and ships the retry and fallback logic as a working PR. We have done this for customer support agents, internal knowledge bases, and compliance tools.

Reach out via the AI engineering page with a few examples of incorrect responses your agent has given. The diagnostic conversation usually surfaces both the faithfulness gap and the documentation gaps that the gate will help expose.



Source link

AI Coding Tools 2026: Cursor vs GitHub Copilot vs Claude Code (Real Comparison)


If you write code for a living, you’ve probably noticed that AI coding assistants went from “nice to have” to “non-negotiable” sometime in 2025. And by mid-2026, the market has clearly stratified into three tiers:

Best all-around: Cursor ($20/month)

Best for enterprise: GitHub Copilot ($10-20/month, often bundled with Copilot Pro)

Best for AI researchers & power users: Claude Code (free CLI, paid through Anthropic)

This article breaks down which tool actually wins for different workflows, based on real usage data from developers shipping products in 2026.

The Core Difference: Context Is Everything

Every AI coding tool does the same fundamental thing: it predicts the next characters you’ll type. But the quality of that prediction depends entirely on how much context the model can “see.”

GitHub Copilot looks at your current file + import statements.Cursor looks at your entire project — every file, folder structure, and dependencies.Claude Code looks at whatever you paste into it, but has 200K token context window (basically your entire codebase).

For fixing bugs in a 50-file codebase? Cursor and Claude win. For writing a quick script? Copilot is fine.

GitHub Copilot: The Safe Enterprise Choice

Price: $10-20/month depending on planBest for: Teams that already use GitHub, corporate environmentsTraining data: Trained on public GitHub (with opt-out available)

GitHub Copilot is the market leader by sheer distribution — it ships integrated into VS Code, and most Fortune 500 companies use it because IT departments trust GitHub (owned by Microsoft).

What it does well:

Fast completions, minimal lag
Works in every major IDE
Copilot Chat is genuinely useful for explaining code
Good for standard patterns (loops, API calls, data transformations)

Where it falls short:

Can’t “see” your full codebase — only the current file
Suggestions are sometimes generic (copy-pasted from Stack Overflow)
Limited context means it often suggests patterns that conflict with your project structure
Hallucination rate on complex refactoring is ~20-30%

Real-world example: You’re refactoring a database query that appears in 12 files. Copilot only sees the current file, so it might suggest a pattern that breaks consistency in the other 11. Cursor would see all 12 and maintain consistency.

Cost-benefit: $10-20/month is negligible for most developers. The real cost is context blindness.

Cursor: The Productivity Multiplier

Price: $20/month (or free with limited features)Best for: Solo developers, startups, anyone shipping fastBest feature: @codebase — indexes your entire project and uses it for context

Cursor is purpose-built for developers. It’s a full code editor (forked from VS Code) with Cursor-specific features. If you write code every day, this is the tool that will cut your shipping time.

What it does well:

@codebase command: Ask it “where is the user authentication logic?” and it finds it across 50 files
Multi-file refactoring with perfect consistency
Knows your project’s conventions and style
Excellent at generating test suites that actually pass first time
Built-in terminal lets you run code and iterate without context-switching

Where it falls short:

You have to switch editors (VS Code → Cursor)
Sometimes over-generates code when you only need a small fix
Context is limited to what fits in 200K tokens (still massive, but your codebase might exceed it)

Real-world example: You want to add a new feature to your API. You tell Cursor: “Add a /users/:id/settings endpoint that follows the same pattern as the /products/:id endpoint.” Cursor reads both endpoints, maintains the exact same error handling and middleware, and generates the new endpoint in 5 seconds. GitHub Copilot would need you to manually show it the /products endpoint first.

The workflow: Most developers using Cursor report 2-3x faster feature shipping. That compounds.

Claude Code: The Thinking Tool

Price: Free (Claude API costs extra)Best for: Complex refactoring, architectural decisions, learningBest feature: 200K token context window means it can ingest your entire codebase at once

Claude Code isn’t an IDE — it’s a CLI that lets you run Claude’s API on your local codebase. It’s the tool for the kind of coding that requires reasoning, not just pattern-matching.

What it does well:

Best reasoning about architecture and design patterns
Excellent at explaining why code is broken
Can analyze your entire codebase at once and suggest systemic improvements
Good for one-shot, high-stakes refactoring (e.g., “migrate this Django app to FastAPI”)

Where it falls short:

Not real-time — you have to explicitly invoke it
Requires API keys and pay-per-token pricing
No IDE integration (you edit in your normal editor, then run Claude Code separately)
Slower than Cursor for day-to-day coding

Real-world example: You want to refactor a 5-year-old codebase with inconsistent patterns. You run claude-code /path/to/repo –analyze and get a 10-page report on architectural debt, then ask it to generate a migration plan. GitHub Copilot can’t do this — Cursor could, but Claude Code is cheaper for one-off analysis.

The Verdict: Which Should You Use?

Tool
Price
Best For
Context
Speed

Cursor
$20/mo
Individual developers, shipping fast
Entire codebase
Real-time

GitHub Copilot
$10-20/mo
Enterprise teams, VS Code users
Current file only
Fast

Claude Code
Free + API
Architecture analysis, learning
Entire codebase
Slow (async)

If you’re a solo developer or in a startup: Use Cursor. The $20/month pays for itself in shipped features within a week.

If you’re in an enterprise: Use GitHub Copilot. Your IT department already approved it, and it’s integrated into your workflow.

If you’re optimizing a large codebase: Use Claude Code for analysis, then Cursor for implementation.

What’s Actually Changed in 2026

A year ago (2025), the choice was binary: Copilot or nothing. In 2026, we have three distinct tools competing for fundamentally different use cases. Cursor’s project-wide context is the biggest innovation — it’s what made the jump from “helpful” to “productivity multiplier.”

The consolidation will probably happen in 2027 when Microsoft integrates project context into Copilot (they’re definitely building it). Until then, Cursor has the edge for developers who ship fast.

Want to ship faster? Try Cursor free for 2 weeks. Most developers either commit or go back to Copilot within the trial period.

Full disclosure: This article contains affiliate links. If you purchase Cursor through our links, we may earn a commission at no cost to you.



Source link

Event Triggers บน Garudust – DEV Community



Garudust’s core exposes a single basic primitive: agent.run(task). Every entry point — whether it’s a chat message, a cron job, or a webhook call — ends up in the same call. This means that any external system that can send an HTTP POST can be an event trigger for Garudust. This article explains how it currently works, the patterns that work in production, and concrete use cases. How the Webhook Adapter Works When Garudust is set up to use the webhook platform, it launches the Axum HTTP server and registers a POST endpoint at the path you specified. Incoming requests will look like this: { “text”: “A new billing invoice has arrived from Acme Corp for $4,200.”, “callback_url”: “https://your-system.example.com/garudust/reply”, “user_id”: “billing-watcher”, “session_key”: “billing-acme-corp” } Enter fullscreen mode Exit fullscreen mode Field Required Description text ✅ Task prompt that the agent will use to run callback_url ✅ URL where Garudust will POST the response user_id optional Used for role-based access control session_key optional pin conversation history; If not specified, it defaults to webhook:{callback_url} Garudust wraps this information as InboundMessage, sent via GatewayHandler, spawns agent.run() and when the agent finishes working it will POST the response back to callback_url: { “text”: “Invoice from Acme Corp for $4,200 — categorised as SaaS/Infrastructure. Flagged for approval above $3,000 threshold. Draft approval request sent to #finance.” } Enter fullscreen mode Exit fullscreen mode The immediate HTTP response to your POST is 202 Accepted — agent works asynchronously Security Garudust checks the HMAC-SHA256 signature for every incoming request. shared secret in config and sign every outgoing POST with: ───────────────── ────────────────────────── Event source (email, → Webhook adapter calendar, DB, queue) Filter / match logic → Your code (before POST) Task description → agent.run(task) Result handling → handler at your callback_url Enter fullscreen mode Exit fullscreen mode Your system owns the filter — Garudust owns the running agent. Both sides do not need to know each other’s internal structure. Use Cases 1. Billing Email Monitor An email processing service that captures emails from billing senders. When it finds a matching email, it retrieves the subject, sender, and amount and triggers Garudust: { “text”: “New invoice received: Stripe — $1,840 for May 2026. Attach to this month’s expense report and notify the finance channel if it exceeds the $1,500 alert threshold.”, “callback_url”: “https://your-ops.example.com/hooks/garudust”, “session_key”: “finance-inbox” } Enter fullscreen mode Exit fullscreen mode Agent uses its tool to read expense report files, add line items, and post to Slack. The email service just matches the sender and shoots — no need to know anything about expense reports or Slack. 2. GitHub PR Review Gate GitHub Actions workflow Call Garudust after a PR opens in the main branch. The workflow creates the payload from GitHub context: { “text”: “PR #214 opened by @alice: ‘feat: add OAuth2 PKCE flow’. Changed files: src/auth/oauth.rs, src/auth/pkce.rs, tests/auth_integration.rs. Diff summary attached. Review for security issues in the auth flow and post a summary comment.”, “callback_url”: “https://your-ci.example.com/garudust/pr-review”, “session_key”: “pr-214” } Enter fullscreen mode Exit fullscreen mode GitHub webhook Launch workflow → workflow Create task text → Garudust review and session_key tied to the PR number cause the next trigger (new commit, repeat review request) to continue in the same conversation thread. 3. Database Anomaly Alert Monitoring job query the database according to the schedule table and check the aggregate metric when the metric crosses the threshold. Instead of sending a static alert, it fires Garudust instead: { “text”: “Anomaly detected: orders table insert rate dropped 94% in the last 10 minutes (baseline 340/min, current 19/min). Last successful insert: 09:42 UTC. Investigate root cause and summarise for on-call.”, “callback_url”: “https://ops.example.com/garudust/incidents”, “session_key”: “incident-2026-05-23-orders” } Enter fullscreen mode Exit fullscreen mode Agent can use terminal or database tool to run additional queries, check deploy Latest and structured incident summary — monitoring job only checks for threshold breaches 4. Calendar External-Attendee Watch Integration layer poll Google Calendar (or receive push notification) and fire Garudust when an event is created with an attendee whose domain doesn’t match your organization: { “text”: “New calendar event: ‘Q3 partnership discussion’ on 2026-06-04 14:00 UTC. External attendees: jane@partner.com, bob@partner.com. Prepare a one-page briefing on Partner Corp using the CRM notes and recent email thread.”, “callback_url”: “https://your-system.example.com/garudust/calendar”, “session_key”: “meeting-prep-2026-06-04” } Enter fullscreen mode Exit fullscreen mode Calendar integration own filter logic “external attendee” – Garudust Take ownership of the briefing 5. Queue Worker Trigger Background worker pulls jobs from the task queue (SQS, Redis, RabbitMQ) and sends each piece to Garudust for work. Suitable for workloads that vary and require the agent to handle each piece in its own way: { “text”: “Customer support ticket #8821 (priority: high): User reports that export to CSV silently truncates rows above 10,000. Reproduce the scenario, identify the code path responsible, and draft a fix description for the engineering team.”, “callback_url”: “https://support.example.com/garudust/tickets”, “session_key”: “ticket-8821” } Enter fullscreen mode Exit fullscreen mode Queue worker dequeue, format task text, fire webhook Multiple tickets can be run as concurrent agent sessions simultaneously Session Keys and session_key are what make event triggers useful beyond traditional tasks. one-shot When you pin a key, all webhook calls that use the same key share a conversation history. This means: PR review trigger on commit 1 and re-review trigger on commit 2 are the same conversation — the agent remembers what was said earlier. Incident trigger and “How are you?” that the on-call engineer asks later use the same context. Billing session Accumulate invoices for a whole month from multiple triggers before creating a monthly summary. If you want completely separate sessions (each event is independent), you don’t need to specify a session_key — Garudust It uses callback_url as the key instead, giving a new context to the callback target that is unique. What this pattern doesn’t cover with the Webhook adapter is push targets — the external system must initiate the connection. If you want Garudust to pull data from the source itself (check inbox, poll API, watch files) without needing a scheduler, you have to use a cron job that polls or wait for a primitive watch/filter that doesn’t currently exist. For use cases that are truly push-based (GitHub webhook, queue worker, calendar push notification, email routing service), the current architecture supports it all and the division of duties is already clear.



Source link