Why we design the suite first

The suite is the contract. Writing the eval before the agent forces us to name what we will accept and what we won’t, in a document signed by the same people who will later have to ship the agent. By the time the agent exists, the threshold is already on paper.

Designing the suite first also reveals which problems are well-posed and which aren’t. A surprising number of agent projects we audit fail at this step. The team can describe what they want the agent to do, but they cannot write the test that would tell them if it did. We will not build past that point.

What "in shadow" means

Shadow means the agent reads real production traffic and produces real outputs, but the user never sees them. We score the agent’s outputs against ground truth and against your existing system’s outputs, in parallel. Two weeks of this catches the distribution shifts that synthetic evals cannot.

If your stack does not have a shadow pipeline, that is a common situation rather than a disqualifier. We have two fallbacks. The first is to evaluate against recorded production traffic, which costs you a sampling job but no live engineering work. The second is to construct a synthetic distribution calibrated to your real traffic patterns by sampling from your logs. Both fallbacks are less sharp than live shadow, and the scorecard says so explicitly.

What rigour looks like

A scorecard is only worth what its methodology lets you defend.

Data governance. Eval data is either supplied by you or sampled from your production logs. We do not retain personally identifiable information past the engagement. Where eval cases must contain PII to be realistic, we hash the PII before scoring and document the hashing scheme in the methodology pack. Eval cases are owned by you and stored in your environment unless we agree otherwise in writing.

Reproducibility. Every published scorecard pins the model SHA, the harness version, the prompt version, the random seed, and the test-set hash. Re-running the suite a year later on the same inputs should produce the same score, modulo model-provider-side drift, which is itself one of the things the suite measures.

Baselines and ablations. A pass rate of 94% on hallucination is not interpretable without context. Our scorecards report the agent score next to the baseline your current system scores, the naive non-LLM baseline, and the prior agent version. If a number on the page does not have something honest to be compared to, the comparison is the work, not a presentational extra.

Statistical confidence. Every suite score is published with a 95% confidence interval. Sample sizes are set so the interval is no wider than ±2 percentage points. Where ground truth is human-labelled, the inter-rater agreement score is published alongside.

The tooling we build on. Wherever the production-eval field has already standardized on a tool that does the job well, we use it rather than reinventing it. Promptfoo handles prompt regression and adversarial replay. Ragas covers the RAG-specific metrics, including faithfulness, context precision, context recall, and answer relevance. Inspect, from the UK AI Security Institute, handles general LLM evaluation at scale. PyRIT from Microsoft and Garak from NVIDIA cover the heavier adversarial automation. LangSmith gives us trajectory inspection when the system is agentic. The methodology pack that ships with every scorecard names every tool, every version, and every custom Lattice/AI extension we add on top.