I Built an Error Notebook for My AI Agent - 266 Rules, 66 Interceptions, and a Demo You Can Run A developer built an error notebook for an AI coding agent, accumulating 266 rules over two months that intercepted 66 instances of the same error pattern. The system uses action-type rules triggered by specific conditions, split into three layers to avoid context bloat, and includes effect tracking to measure rule effectiveness. The developer found that session summaries failed because they were too vague, and that rules must prescribe actions rather than attitudes. This article is co-authored with my AI agent. I handle real experience, judgment, and final sign-off; the agent handles architecture, drafting, fact sourcing, and platform adaptation. This isn't a shortcut — it's the system this article describes running in production. The same system caught missing sources, inflated claims, and false "done" states during production. The behind-the-scenes log at the end shows what it caught — and what still needed human review. My AI agent told me it modified 172 files. The checklist said ✅. I ran a search. Zero files were changed. It confused "script generated" with "files modified." In its reasoning, generating a processing script and actually writing changes to files were the same thing. I had corrected this exact mistake last month. It did it again. Over the past two months, the same error pattern — "skipping the manual before starting work" — was attempted 66 times by my AI agent. Each time, a rule caught it. This is the story of how I built that catch system. Most AI coding agents give you a project context file that loads on every session. Claude Code has CLAUDE.md. Cursor has .cursorrules. I use opencode https://opencode.ai — an open-source AI coding agent — which reads AGENTS.md. You write your project rules there. Third-party tools like claude-mem https://github.com/thedotmack/claude-mem as of 2026-07, an active open-source project auto-capture session history and compress it for injection. They're all solving "remember what the project looks like." None of them solve "remember what went wrong last time." Preferences are static: "Use Kotlin." "Variables are camelCase." You write them once, the agent reads them every time. Done. Lessons are dynamic: "Don't equate 'script generated' with 'files modified'." A lesson has a trigger condition and a required action . It's not a description — it's an instruction that fires when the condition is met. Three problems with current approaches: 1. Reading a rule ≠ executing it. "Don't do X" is a negation. The agent knows what not to do, but not what to do. I switched every rule to "When X triggers, execute Y" — an action-type rule . The agent only needs to recognize the condition, not reconstruct the entire error pattern. 2. Too many rules stop working. Anthropic's own guidance on CLAUDE.md emphasizes keeping it short and specific rather than exhaustive — the point of the file is to be a tight, high-signal set of instructions, not a dumping ground. This matches what I've seen in practice: once a context file bloats past a certain size, instruction compliance goes down , not up. More rules means more noise drowning out the important ones. 3. No effect tracking. How many rules in your context file actually work? Which ones are dead weight? You have no idea. My first attempt was session summaries. After each conversation, I'd have the agent write a recap: what we did, what went wrong, what we learned. Dozens of summaries piled up. It didn't work. Summaries are too long and too vague. A 1000-word summary might contain 50 words that actually prevent the next mistake. The signal was buried in noise. Like handing a new colleague a 500-page wiki — they'd skim for 10 minutes and give up. The fix: stop writing "what I learned today." Write "what I must do next time." Every mistake gets compressed into one action-type rule: "When marking a file modification as 'complete,' verify with a search command that the file actually contains the modified content." The difference: "Be careful to check" is an attitude. The agent reads it and does nothing. "Run a search command to verify" is an action. The agent reads it and can execute it. I accumulated 266 rules over two months. Injecting all 266 into every session would be noise, not signal. So I split them into three layers: 🏠 Core: 14 rules auto-injected every session ↓ 📁 Task: 88 rules loaded by task type ↓ ☁️ Archive: 164 rules searchable on demand Think of it like your phone: the home screen Core has your 14 most-used apps. The app library Task has 88 apps organized by category. The cloud Archive has 164 apps you rarely open but might need someday. Why 14? Because in practice, injecting more than ~15 rules into the context window causes the agent to selectively ignore them. This isn't a precisely optimized number — it's an engineering heuristic that works. When the core set exceeds 15, I retire the lowest-performing rule by interception rate × importance . Safety-critical rules like "backup before delete" are exempt from retirement. Task-level loading works by keyword matching on the user's first message. If the message contains "estimate" or "report," investment rules load. If it contains "code" or "script," code rules load. It's a crude keyword match — but it's good enough. Semantic recall is a future improvement. The system isn't a notebook you read. It's a loop that catches errors before they happen. ┌──────────────────── feedback ────────────────────┐ ↓ │ 🔧 Correction - 📝 Rule - ⚡ Boot - 🎯 Interception - 📊 Tracking Trigger Extraction Injection Precision Effect Correction trigger : When the conversation contains words like "wrong," "no," or "correct," the agent must extract a rule before fixing the error. This is enforced via system prompt — not by hoping the agent remembers. Rule extraction : The error gets compressed into the action-type format. "When X happens, execute Y." No essays. No summaries. Just the trigger and the action. Boot injection : At the start of each new session, a script reads the 14 core rules and injects them at the top of the context. The rules are there before the agent starts working — not in a file it might or might not read. Precision interception : When the agent is about to make a mistake that a rule covers, the rule fires. The agent self-reports: "Per rule X, executing verification Y first." If it catches itself — that's a successful interception. If it proceeds and the mistake is caught later — that's a failure. Effect tracking : Interception data feeds back into rule iteration. Zero-interception rules get demoted to Archive. High-failure rules get rewritten or strengthened. In the next section, you'll see the actual numbers from running this loop for two months. Two months. 266 rules. Here are the top three: | Rule | Interceptions | Failures | Rate | |---|---|---|---| | Skipping the manual before starting work | 66 | 4 | 94% | | Equating "draft exists" with "task done" | 11 | 0 | 100% | | Detouring around errors instead of fixing root cause | 24 | 2 | 92% | 66 interceptions means this error pattern triggered roughly once every 2-3 conversations. It's deeply ingrained in how the agent operates. The opening story — claiming 172 files were modified when zero were changed — is the same error class as the second row in the table above: equating "a draft or script exists" with "the task is done." Three honesty caveats: 1. 94% is the conditional interception rate when the rule is present — not "overall error rate dropped by 94%." This is a 1-user, 164-session system. I can't rule out "the model got better on its own" as a confound. 2. Interception counts are self-reported by the agent. I've spot-checked some conversation logs — they mostly match. But I haven't verified every single one. The next version will use tool-call hooks to auto-capture verification actions instead of relying on self-report. 3. Not all 266 rules are pulling their weight. The 14 core rules account for the vast majority of interceptions. The 88 task rules are used on demand. The 164 archive rules almost never fire — they exist as "just in case." The system is a bit bloated. I'm working on auto-demoting rules with zero hits in 30 days. The most common lie your agent tells: "I've finished modifying these files." And then you find out nothing changed. Here's a script that catches it. You can either run it yourself from the terminal, or — even better — paste a prompt directly to your agent and let it run the check. Copy everything in the block below and paste it to your AI agent after it claims to have modified files. Replace "expected pattern" with the actual change you asked for e.g., user id , validate email : You just claimed to have modified several files. Before I accept "done," run this verification: For each file you say you've changed, check if the expected pattern actually exists in that file. Use grep or your file search tool. Report back: - ✅ for files that contain the expected pattern - ❌ for files that are missing it If any file is missing the pattern, fix it before claiming "done." Do not skip this step. That's it. No script to save, no terminal to open. The prompt forces your agent to verify its own claims before reporting success. If you want to check independently recommended , save this as auditor.py or clone it from the GitHub repo https://github.com/xinandeq/agent-error-notebook : bash /usr/bin/env python3 """ Completion Claim Auditor ======================== Catches when your AI agent says "done" but didn't actually do it. Usage: python auditor.py