Field guide

The Agent Eval Playbook

How to evaluate LLM agents and build reliable ones in production. The methods top labs actually use, with the math, the mechanisms, and the runnable parts.

Assembled from what the teams shipping the most-used agents on earth actually do, and from original research where the public literature falls short.

Field guide · V1.0 · June 2026

The Agent Eval Playbook

How to know when you can trust an agent.

A production AI agent is not "a prompt plus tools." It is a probabilistic distributed system with a language model in the control loop. The same input can produce different actions, so reliability is a distribution, not a property. It calls tools, services, and other agents, so half of "agent quality" is plain reliability engineering. And the non-determinism sits at the decision point, which is exactly what makes these systems powerful and hard to evaluate.

Most writing on agent evaluation is either academic (benchmarks that don't resemble your product) or promotional (a vendor's dashboard, retold). This is neither. It is a working manual, assembled from what the teams shipping the most-used agents actually do, and from original research where the public literature falls short.

The spine of all of it is one sentence:

No autonomy without evaluation. No evaluation without traces. No traces without ownership. No deployment without rollback.

And underneath it, the validity condition the whole discipline turns on: an evaluation is only as trustworthy as the independence between its data and the system under test. The moment the thing being measured is also the thing doing the measuring, you no longer have an evaluation. You have an expensive way of agreeing with yourself.

The six non-negotiables

Strip away the branding and every serious lab converges on the same six moves. Do only these and you are ahead of most teams shipping agents today.

  1. Grade outcomes, not trajectories. Check the end state of the world, not the path the agent took to get there.
  2. Look at your own data first. Read real traces and build a failure taxonomy before you choose a single metric.
  3. The LLM judge is a model you must evaluate. Validate it against a human expert, or every number downstream is fiction.
  4. Report reliability, not just capability. pass^k, not pass@1, for anything that acts.
  5. Security is a separate axis. Capability is not safety. Least privilege and human gates, not "ignore injections."
  6. Data independence is the validity condition. The agent never writes its own test cases or its own answer key.

What's inside

Seven parts, twenty chapters, three appendices. It moves from the mental model to the lab canon to the machinery to production, adversarial testing, real case studies, and governance.

Who should read this

Newcomers should read Part I, then the applied playbook, then return for depth. Practitioners can enter at the chapter matching the gap in front of them; the cross-references pull in the rest.