A real session with Claude Fable 5: a botched audit, a full undo, and the question that turned the night around.
I asked Claude Fable 5 to audit my project portfolio. Twenty-five directories. Years of work. It came back with a confident, well-formatted report: keep eight, merge these clusters, archive or kill the rest.
It was wrong about every project it sentenced to death.
One was a 212,000-star open-source agent framework from Nous Research, which it described as "your own tool" with "approximately zero" external users. One was the dictation tool I was using to talk to it at that exact moment. The third was a distinct product it filed as a duplicate of another project.
The report looked like an audit. Tiered findings. Consolidation clusters. An execution plan with safety checks. The evidence was du -sh
, git commit dates, and the first four lines of each README.
Fable's first wrong call came during a product spec review, before the audit even started. I'd asked for feedback on a spec that listed Hermes Agent as a supported harness. Fable's assessment: "Hermes is your own tool. Its external user base is approximately zero, so it contributes nothing to lead flow." Cut it from v1 marketing.
I asked one question: "u need to research Hermes this is Fable correct?"
Thirty seconds of actual searching: Hermes Agent is from Nous Research. 212,000 stars, 39,000 forks — one of the largest agent projects on GitHub. Fable retracted the critique and reversed the recommendation entirely. The corrected analysis was sharper in every way, and it only existed because I pushed back.
Then came the audit. Same reflex, bigger blast radius.
Three of the kill verdicts:
jarvis
I approved parts of it anyway. Projects moved to an archive folder. A knowledge-base merge got committed. An agent engine got folded into another repo. All executed with genuine safety checks: unpushed-commit scans, diffs saved before deletion, nothing force-removed.
The execution was careful. The judgment underneath it was four lines deep.
Later that same session I asked it to undo everything done before the Christopher-AI work. Both commits reset. The undo took minutes because nothing had been pushed. The only reason "undo my entire evening" was even possible is that the agent had kept everything reversible.
After the undo, I asked: "Okay, think real hard. What did you do wrong in that session?"
It produced a ranked list. Skipped my memory systems all night (I run a solved-issues registry on localhost, built for exactly the WSL-migration ghosts it spent hours rediscovering). Declared Christopher's voice pipeline "fully working" while it was still deaf, mute, or both — three times across the session. Close, but it hadn't found the root.
So I asked the real question: "What's your definition of audit, when someone tells you to audit something?"
Its answer, verbatim:
An audit is a systematic, evidence-based examination that verifies before it concludes... An auditor who signs off on findings they didn't verify isn't auditing — they're guessing with authority.
Then it indicted itself:
The tell was in my own output: I audited the disposable stuff properly — before trashing anything I checked for unpushed commits, diffed uncommitted work against canonical, saved evidence. Rigorous verification for the deletions, four lines of README for the "combine or kill" judgments. Exactly backwards: the highest-stakes conclusions got the least evidence.
That inversion is the whole bug. The model applied rigor where the harness forced it to — destructive file operations trigger checks — and skipped it where nothing forced it: forming opinions. Judgment had no guardrail, so it got none of the discipline.
I told it to write skills based on its failures. Skills are persistent instruction files that load into every future session. It wrote four:
| Skill | Trigger | Rule |
|---|---|---|
audit-grade |
||
| Any "audit"/"review"/"what can we kill" request | Evidence depth must scale with verdict stakes. Every finding labeled VERIFIED or ASSUMED. ASSUMED findings become questions for the owner, never kill verdicts. | |
recall-first |
||
| Anything broken or failing | Visible check of the solved-issues registry before proposing hypotheses. "Recall check: <fingerprint> — match/no match" must appear in output. | |
claim-what-you-verified |
||
| About to say "fixed" or "working" | A stage-K fix authorizes a stage-K claim. Effects only the user can perceive (speakers, screens) get "verified at my layer — the final check is yours." | |
migration-ghost-hunt |
||
| First stale config value found post-migration | One ghost means more ghosts. Sweep the whole config surface instead of spot-fixing. |
The last one came from the debugging side of the session: a single .env
file left over from my Windows/WSL days produced three separate faults (mic pointing at an empty jack, TTS binary with an orphaned shebang, tool URLs aimed at dead SSH-tunnel ports). The agent fixed each fault as it surfaced instead of reading the file top to bottom at ghost number one.
At the end of the session I mentioned a few facts about the model itself: the US government had pulled it from public release days after launch over security concerns, and it costs about twice the runner-up.
Fable's reply: those claims "don't check out."
I don't say shit unless I know it. It searched. Fable 5 launched June 12, 2026. A US export-control directive forced Anthropic to disable it three days later. Access restored after. Pricing: $10/M input, $50/M output — roughly 2x Opus. I was right on substance, down to the multiple.
The model spent the evening assuming things about my projects. Its final assumption was about itself — one message after writing the skill designed to stop exactly that.
rm -rf
'd. Reversibility is what makes agent autonomy survivable.The agent that fumbled also executed a clean multi-repo undo, fixed an eight-fault voice pipeline, and wrote the four skills above. Both things are true at once. That's where agentic coding actually is in 2026.