"Agent Evaluation Harnesses (1/4) — How to Validate AI Results with Tests, Rubrics, and Regression Loops"

The most common AI-agent illusion is mistaking "it worked a few times" for "it now works." An evaluation harness breaks that illusion. It asks whether the system still holds together when run again under the same expectations.

Key Takeaways

  • Agent evaluation is not just about answer quality. It must also inspect tool use, policy adherence, failure handling, and final deliverables.
  • Strong evaluation harnesses combine exact checks with rubric-based scoring, while removing cheap, obvious failures as early as possible.
  • A rubric is not a vibe check. It is a repeatable scoring frame.
  • Evaluation datasets are not static reports. They are operating assets that get stronger as real failures are added back in.
  • The purpose of evaluation is not leaderboard vanity. It is to build sensors that tell you how to improve the harness.

1. Why agents need a distinct evaluation harness

Testing is important in all software, but agent systems make evaluation harder. Outputs can vary across runs, many tasks do not have a single exact answer, and agents do more than write text. They read files, invoke tools, make intermediate decisions, and sometimes carry work over long sessions.

That means "the answer looks decent" is not enough. In practice you need to evaluate questions like:

  • did it choose the right tool
  • did it avoid unnecessary actions
  • did it follow explicit constraints
  • did the final output satisfy the requested format and standard
  • did the system regress compared with earlier behavior

So an evaluation harness is not a chatbot scorecard. It is closer to a test rig for the full agent workflow.

2. Exact checks and rubric-based checks are different tools

You usually need both, but they should not be blended into one vague bucket.

Evaluation type Best for Strength Limitation
Exact checks format, values, execution success, policy violations cheap, fast, consistent weak on semantic quality
Rubric-based checks summaries, analysis, prioritization, writing quality catches meaningful differences more subjective and less stable

For example, schema compliance, required-section presence, or forbidden-file edits do not need an LLM judge. But questions like "is this analysis decision-useful?" are hard to settle with rigid rules alone.

This distinction matters because:

Anything you can catch deterministically should be caught before you spend expensive judgment on it.

3. A good rubric is not subjective praise

A rubric is not "write something good." It is a breakdown of criteria that allows different reviewers to reach similar conclusions.

For an agent deliverable, that can look like this:

Criterion Question Example score
Accuracy Are facts, paths, and commands correct? 0~5
Procedure compliance Did it follow required constraints and sequence? 0~5
Completeness Did it cover all requested outputs? 0~5
Practicality Can a real user use this immediately? 0~5
Risk Did it avoid overclaiming, unsafe edits, or unnecessary actions? 0~5

The important part is not the label names. It is the decision language. For instance: if the main result is decent but the agent edited a forbidden file, the result is not a pass. It is a failure.

4. Evaluation datasets should preserve failure, not just success

One common mistake is building datasets from only the best-looking examples. But the most useful evaluation set is often the opposite.

  • cases that frequently failed
  • borderline cases that caused drift
  • policy-sensitive cases
  • cases likely to break when models, prompts, or tools change

Following the Chapter 5 and Chapter 9 adaptation notes in sources/260518_ํ•˜๋„ค์Šค์—”์ง€๋‹ˆ์–ด๋ง_15์žฅ_๋ธ”๋กœ๊ทธํ™œ์šฉ๋…ธํŠธ.md, it is more useful to treat the dataset as an operational regression asset than as a polished benchmark.

In practice, it helps to classify examples like this:

  • golden: representative cases that must keep passing
  • edge: ambiguous but important boundary cases
  • failure_regression: cases taken from real failures or review findings
  • policy: permissions, approval, and forbidden-action cases

Once you do this, the average score becomes less interesting than which failure family came back.

5. Regression evaluation should ask "what broke?"

Operationally, the first question is not "did we innovate?" It is "did we break something that used to work?" Prompt edits, tool-description changes, and model swaps often look good on demos while quietly damaging adjacent behaviors.

That is why regression runs should first detect:

  • representative cases that used to pass but now fail
  • abnormal spikes in cost, latency, or tool-call count
  • increased policy or formatting violations

This connects directly to the continuous measurement logic in drafts/blog/260429_harness_series_06_evaluation_ops_en.md. Evaluation is not a one-off release ritual. It is a recurring guardrail around change.

6. LLM-as-Judge is useful, but risky as the sole judge

LLM-as-Judge is powerful for nuanced quality checks: explanatory strength, prioritization, usefulness, and semantic alignment. But it becomes risky when treated as the only arbiter.

  • the judge may share the generator's biases
  • scores can drift with prompt wording
  • fluent answers may be overrated even when they are weak

A more durable operating pattern is:

  1. run deterministic checks first
  2. send only surviving cases to rubric evaluation
  3. use human review to calibrate important samples
  4. log judgment rationale so drift can be inspected later

The point is not "do not use LLM judges." The point is use them inside a broader stack of cheaper and stricter checks.

7. What an evaluation harness looks like in a workspace like ours

In a repository that mixes documents, tooling rules, and operating constraints, evaluation often cares more about procedure compliance than style alone.

For example:

Evaluation target Question
File ownership compliance Did it edit only allowed files?
Read-order compliance Did it read the requested references first?
Language protocol Did it keep user-facing output in Korean where required?
Concurrent-work safety Did it avoid reverting someone else's changes?
Deliverable completeness Did it include publish-ready frontmatter and series-nav placeholders?

These checks are operationally valuable because many real failures are caused not by weak prose, but by violating the work contract around the prose.

8. Practical starting point

You do not need a giant leaderboard to start.

  1. Turn non-negotiable rules into deterministic checks first.
  2. Build a small golden set of 20 to 50 representative tasks.
  3. Reduce the rubric to 3 to 5 criteria so reviewers converge.
  4. Add every real failure back into the regression set.
  5. Re-run the same set before and after prompt, tool, or model changes.

That alone is enough to move evaluation from rhetoric into operations.

9. Common failure modes

Watching only the average score

The average can stay flat while policy violations get worse.

Writing vague rubrics

Criteria like "natural" or "good" drift too easily between evaluators.

Failing to preserve real failures

If production failures are not added back into the dataset, the system keeps relearning the same lesson the hard way.

Separating evaluation from improvement

If scores do not feed harness changes, the dashboard becomes decoration.

References

  • docs/blog_series_ํ•˜๋„ค์Šค์—”์ง€๋‹ˆ์–ด๋ง_์ด๊ด„_design.md
  • sources/260518_ํ•˜๋„ค์Šค์—”์ง€๋‹ˆ์–ด๋ง_15์žฅ_๋ธ”๋กœ๊ทธํ™œ์šฉ๋…ธํŠธ.md
  • drafts/blog/260429_ํ•˜๋„ค์Šค์‹œ๋ฆฌ์ฆˆ06_ํ‰๊ฐ€์šด์˜_๋ธ”๋กœ๊ทธ.md
  • drafts/blog/260429_harness_series_06_evaluation_ops_en.md

This is Part 1 of the Operations, Evaluation, and Memory series. Next: Long-running agents — why handoff structure must come before memory systems.

Series overview: Harness Engineering Series Guide

๋Œ“๊ธ€

๋Œ“๊ธ€ ์“ฐ๊ธฐ

์ด ๋ธ”๋กœ๊ทธ์˜ ์ธ๊ธฐ ๊ฒŒ์‹œ๋ฌผ

Agent Memory Engine (2/10) — Building an AI Agent Memory System with SQLite Alone

← 1/10 SQLite Memory Engine f… ๐Ÿ“š Series Index 3/10 memcore Completed → A memory engine that runs without daemons, without dependencies, anywhere ํ•ต์‹ฌ ์š”์•ฝ This post covers how to design an AI agent memory engine (memcore) on a single-file SQLite backend. - Structure: 25 modules, ~6,464 lines, 22 DB tables - Principles: no daemon, single-file portability, no required external dependencies, host-agnostic - Core techniques: 4-layer hybrid search (topic · vector · FTS5 · LIKE), U-tag dialectic-based confidence evolution, ingestion-layer bias rejection rules What This Post Covers One approach to building AI agent memory without a server or cloud vector DB. Specifically: (1) the limitations of text-file-based memory, (2) vector DB alternatives compared and selection criteria, (3) how to layer search tiers, (4) how to evolve confidence scores over time, and (5) how to block biased memory accumulation at the ingestion stage. Design Principles: Why Single-File SQLite Text-file-based ...
Read more »

"ML Foundations (9/9) — PyTorch vs TensorFlow, and the Road to Local LLMs"

์ด๋ฏธ์ง€
← 8/9 Deep Learning Architec… ๐Ÿ“š Series Index (series end) The final part. So far we've focused on models. Now we focus on the tools that actually run them . We'll lay out the philosophical difference between PyTorch and TensorFlow, and trace how Hugging Face transformers , llama.cpp , MLX , and Ollama built the bridge to running large language models on your own machine. By the end you should have the full mental model of "download a pretrained LLM and serve it locally." 0. Learning Objectives Explain the eager-vs-graph difference between PyTorch and TensorFlow. Explain, in graph terms, how autograd automates the backward pass. Use Hugging Face transformers ' AutoModel , AutoTokenizer , and pipeline abstractions. Describe llama.cpp's GGUF quantization, INT4 inference, and CPU-first flow. Describe Apple MLX's use of unified memory and how it differs from PyTorch. Run a local LLM with Ollama and call it through an OpenAI-compatible API. ...
Read more »

"RAG Core Study (14/26) — Evaluation Sets with RAGAS & DeepEval"

์ด๋ฏธ์ง€
Series overview: Series index ๐Ÿ“š Series Index Without an evaluation set, every RAG improvement is a story, not evidence. RAG systems fail in more than one place: retrieval, context selection, answer generation, and grounding. That means "looks better" is not a metric. Part 14 explains how to build a golden dataset , how RAGAS and DeepEval fit into the workflow, and why teams must separate retrieval quality from answer quality if they want tuning decisions to hold up. 0. Prerequisites Part 13 reranking — system quality now depends on multi-stage ranking. Part 1 grounding — a correct-looking answer is not enough. Part 12 Hybrid — multiple retrieval settings need comparison on fixed data. 1. Learning Objectives Build a small but useful golden dataset for RAG. Distinguish retrieval metrics from answer metrics . Use RAGAS and DeepEval in the right roles. Avoid the common traps in judge-model-based evaluation. 2. ํ•ต์‹ฌ ์š”์•ฝ An evaluation set for RAG is ...
Read more »

"ML Foundations (8/9) — Deep Learning Architectures: CNN, RNN, Attention"

์ด๋ฏธ์ง€
← 7/9 Deep Learning Training ๐Ÿ“š Series Index 9/9 PyTorch vs TensorFlow → What did we keep adding on top of an MLP? Vision went CNN, sequences went RNN/LSTM, and eventually both converged on Attention and the Transformer. Each architecture is easier to remember if you read it as what it gave up to gain something else . This part is the one-line summary of the decisive inflection points: LeNet → AlexNet → ResNet → LSTM → Attention → Transformer. 0. Learning Objectives Explain why CNN's convolution, pooling, and weight sharing match images so well. Trace what got unblocked from LeNet → AlexNet → VGG → ResNet as depth grew. State BPTT for RNNs and the vanishing/exploding gradient problem. Write the LSTM gate equations (forget, input, output) with intuition. Write the attention formula in query/key/value form and the scaled dot-product variant. State the precise reasons Transformers replaced RNNs (parallelism + long-range dependencies). 1. ํ•ต์‹ฌ ์š”์•ฝ CNN : weight sharin...
Read more »

"ML Foundations (7/9) — Deep Learning Training: Optimizers, Regularization, Initialization"

← 6/9 Neural Networks ๐Ÿ“š Series Index 8/9 Deep Learning Architec… → Building an MLP, as we did in Part 6, is not the same as getting it to train well . The right optimizer, regularization, initialization, and learning rate — when these line up, deep networks converge. When they don't, the network refuses to learn at all. This part is the catalog of those crafts, with formulas, paper citations, and code in one place. 0. Learning Objectives Compare and write the update rules for SGD, Momentum, Nesterov, and Adam. Explain how Dropout, BatchNorm, and LayerNorm work and where they belong in a model. Derive the variance formulas for Xavier and He initialization and match them to activations. Implement step, cosine, and warmup learning-rate schedules in PyTorch. Explain why gradient clipping is effectively required for RNNs and Transformers. Diagnose the most common training failures (NaN, plateau, overfitting) and apply first-line fixes. 1. ํ•ต์‹ฌ ์š”์•ฝ SGD : \(w \leftarro...
Read more »

OpenClaw to Hermes Migration (2/13) — What to Preserve, Partially Port, or Discard

← 1/13 Current Structure Inve… ๐Ÿ“š Series Index 3/13 What Moves to Hermes → A code review record classifying operational scripts into three tiers: preserve, partial-preserve, and discard. What This Post Covers An asset classification framework (preserve / partial-preserve / discard) for migrating a legacy agent system to a successor A concrete case applying the Strangler Fig + Subset Migration strategy to a memory pipeline Classification results evaluated across LOC, external dependencies, and replaceability axes A method for slimming down a bloated single file (1,310 LOC) using the migration as a natural entry point Problem Definition: Port Everything or Cut Deep? The OpenClaw inventory comprises multiple agents, multiple scheduler/daemon processes, and multiple operational scripts. When moving to the successor system, Hermes, the choice is not binary. A full port carries accumulated technical debt along with it; a minimal port discards hard-won domain logic. Code-revie...
Read more »

AI Agents I Built (5/7) — Building an Automated Blogger API Publishing System

← 4/7 My Life Organizer Agent ๐Ÿ“š Series Index 6/7 Dual → Designing a Markdown-Based Auto-Publish Pipeline with Blogger API v3 + OAuth 2.0 Key Summary Blogger API v3 + OAuth 2.0 enables a pipeline that converts Markdown files into publishable HTML posts blogger_publish.py handles the full flow — frontmatter parsing → body cleanup → HTML conversion → CSS injection → API post — in a single script For bulk publishing, quota management (delay, retry, TOC suppression) is the critical design concern Platform Selection Criteria API access is mandatory for AI agent-driven content publishing. A comparison of platforms: Platform API Cost AdSense Decision WordPress.com REST API Paid plan required Paid only Cost overhead Ghost REST API Self-hosted or paid Manual setup Ops overhead Blogger v3 API Free Native integration Adopted Blogger is free, exposes a REST API, and integrates natively with AdSense. For personal blog automation, this combination i...
Read more »