Beyond Vibe Coding: Rebuilding the Broken Chain of Trust with Semantic Contracts
bz's Substack
SubscribeSign in
Beyond Vibe Coding: Rebuilding the Broken Chain of Trust with Semantic Contracts<br>AI writes code faster than humans can review it. It's time to shift from manual code inspection to semantic inspection.
bz<br>Jul 17, 2026
Share
Subscribe
💡 TL;DR Notice AI writes code faster than humans can review it, creating a massive trust crisis. Unit tests and prompt engineering aren't enough. Here propose Semantic Contracts —a type-safe, compile-time blueprint that sits between your requirements/prpmpts and code, guaranteeing correctness no matter who (or what) wrote the implementation.
AI-driven development (often called “Vibe Coding”) has massively boosted our coding speed. However, because we don’t truly know how AI models make their decisions, we are facing a fundamental crisis of trust.<br>This paper proposes a practical solution: Semantic Contracts .<br>A semantic contract is a structured, verifiable blueprint of your core business logic. Positioned right between raw human requirements and actual code, it uses typed states, simple building blocks (combinators), and compile-time checks to guarantee that any implementation—whether written by a human or generated by an AI—is automatically trustworthy as long as it fits the contract.<br>In this blog, I describe what semantic contracts are, explain their math-like building blocks, demonstrate them using sorting algorithms and e-commerce checkout examples, and discuss how they can plug into your existing systems.<br>1. The Problem: How AI Broke the Software Engineering “Chain of Trust”
In the pre-AI era, software engineering relied on a highly structured pipeline to build trust:<br>Requirements → Architecture → Detailed Design → Coding → Testing → Code Review → Deployment<br>Every step had clear inputs, outputs, and human ownership. We trusted the software because we trusted the process. Even if we couldn’t mathematically prove the code was 100% bug-free, we had confidence because it went through multiple rounds of human review and automated testing.<br>In the AI era, this entire pipeline has collapsed. With “Vibe Coding,” you type a prompt, and the AI immediately spits out running code. The middle steps are gone. While we try to catch up with techniques like prompt engineering or automated test harnesses, the path from a user’s prompt to the final code remains a black box. Relying purely on AI self-correction or quick human reviews is, frankly, wishful thinking.<br>This shift has broken our chain of trust in four ways:<br>Unknown AI Behavior: AI code comes from neural networks with hundreds of billions of parameters. We cannot fully predict or understand it. The exact same prompt can yield completely different code under the hood.
Untraceable Bugs: When AI code fails, it’s incredibly hard to trace the failure back to a specific design flaw or logical error.
Unpredictable Fixes: Prompting an AI to fix one bug can easily introduce unexpected side effects elsewhere.
Impossible Code Reviews: Humans simply cannot review code as fast as AI can write it. Reviews quickly become a checkbox exercise.
If we cannot solve the question of “how to trust AI-generated code,” the massive speedups from AI will always come with risks we cannot afford to take.<br>2. The Solution: A Verifiable Bridge Between Ideas and Code
To fix this, we need a new layer in our workflow. It must be:<br>Between Requirements and Code: More precise than vague human language, but more abstract than actual code.
Guaranteed to Work: Any code that matches this layer must behave exactly as intended.
Composable: You can snap smaller pieces together to build larger systems.
Checked at Compile-Time: Errors should be caught by the compiler, not during runtime.
I call this Semantic Contracts .<br>While semantic contracts are not exclusive to AI, they are highly effective at preventing AI “hallucinations” because they strip away irrelevant details and enforce strict types. If an AI generates a bad implementation, the compiler will simply refuse to build it.<br>💡 A simple analogy:<br>Imagine the classic joke of putting an elephant in a fridge in three steps:<br>Open the fridge.
Put the elephant in.
Close the fridge.
A semantic contract guarantees that these three steps happen exactly in this order. It secures the process , even though it doesn’t verify if the elephant actually fits inside.
3. Why Existing “Formal Methods” Failed
Computer scientists have tried to prove program correctness for decades (using tools like Hoare Logic, Z language, or Model Checking). Yet, they never went mainstream because:<br>They focus on “finding bugs” rather than “building things right.” Traditional methods try to verify code after it is written. That is passive and incredibly hard. We want to make correctness a natural byproduct of how we build the code in the first place.
Writing specifications is too hard. Writing perfect mathematical rules for a...