MOSS lets an agent rewrite its own source code
Self-improving agents have been a hot phrase for a while, but look closely and almost all of them only edit text: a prompt, a skill file, a workflow graph. The actual machine underneath, the routing logic, the order hooks fire, how state is managed, stays frozen because it lives in code, and the agent was never allowed to touch code. MOSS, a new paper, says fine, let it touch the code.
The pipeline is careful, not reckless. MOSS collects evidence from production failures automatically, hands the actual code change off to an external coding-agent CLI, then verifies the candidate by replaying the original failures against the modified code in throwaway sandbox workers. Only if it passes does the new version get promoted, behind a user-consent gate, with a container swap and a health probe that rolls back if anything goes wrong. The authors point out that once you can rewrite source, the space of fixes is Turing-complete, which is a polite way of saying strictly bigger than anything prompt-tweaking can reach. On OpenClaw it lifted a four-task mean score from 0.25 to 0.61 in a single cycle, no human in the loop. Code is on GitHub.
Why this is the version that matters: editing prompts is editing the agent's instructions, editing source is editing the agent's body. The first can only rearrange behavior the code already permits. The second can build behavior that did not exist. If self-improvement is ever going to compound, it has to reach the layer where the real bugs live, and structural failures live in code, not in the prompt. MOSS is one of the first to take that seriously and put a safety harness around it. Paper at arxiv.org/abs/2605.22794.
← Back to all articles
The pipeline is careful, not reckless. MOSS collects evidence from production failures automatically, hands the actual code change off to an external coding-agent CLI, then verifies the candidate by replaying the original failures against the modified code in throwaway sandbox workers. Only if it passes does the new version get promoted, behind a user-consent gate, with a container swap and a health probe that rolls back if anything goes wrong. The authors point out that once you can rewrite source, the space of fixes is Turing-complete, which is a polite way of saying strictly bigger than anything prompt-tweaking can reach. On OpenClaw it lifted a four-task mean score from 0.25 to 0.61 in a single cycle, no human in the loop. Code is on GitHub.
Why this is the version that matters: editing prompts is editing the agent's instructions, editing source is editing the agent's body. The first can only rearrange behavior the code already permits. The second can build behavior that did not exist. If self-improvement is ever going to compound, it has to reach the layer where the real bugs live, and structural failures live in code, not in the prompt. MOSS is one of the first to take that seriously and put a safety harness around it. Paper at arxiv.org/abs/2605.22794.
Comments