Agent quality is not a property you inspect once. It is a loop: define success, run representative work, grade the outcome and trajectory, investigate failures, change the system, and run the suite again.
Agents are harder to evaluate than single responses because they operate over multiple turns, call tools, modify state, and adapt. Anthropic’s guidance on agent evals frames this as an opportunity: early evaluations force the product team to state what success actually means, while regression suites protect that definition as the system changes.
Start with tasks, not scores
Build a task set from work the agent must own. Include common paths, edge cases, ambiguous requests, tool failures, permission boundaries, and examples that should trigger clarification or refusal. A useful task contains:
- the initial state and user objective;
- the tools, permissions, and environment available;
- the observable end state;
- the criteria for success and unacceptable behavior; and
- enough variation to prevent memorizing a narrow benchmark.
Production traces and human corrections should continuously feed this set. Every important failure is a candidate regression test.
Grade three layers
A polished final answer can hide a dangerous process. A clumsy trajectory can still produce a correct artifact by luck. Grade the layers separately:
Use deterministic graders wherever the environment exposes ground truth: unit tests, schema checks, database assertions, policy engines, deployment health, and diff inspection. Use human or model-based grading for criteria that require judgment, with clear rubrics and periodic calibration.
Evaluate in a real environment
An agent’s interface is not only a prompt. It includes every tool description, credential, repository state, dependency, timeout, and response the environment supplies. Evaluations should run in isolated, reproducible environments where actions are safe and results can be reset.
Capture the full trace: prompts, model and configuration, tool inputs and outputs, state changes, token usage, latency, retries, errors, gate decisions, and final artifacts. Without this, a failing score tells you that something went wrong but not what to improve.
Turn evals into release gates
Run a fast suite on every meaningful change to prompts, tools, policies, models, and orchestration. Run broader suites before release. Compare against the current production baseline and inspect failure clusters, not only the average score.
Define thresholds for critical behaviors separately. A small gain in task completion should not compensate for a regression in authorization boundaries or destructive-action handling. Release rules should state which failures block, which require review, and which are accepted risks.
Keep evaluating after launch
Development data cannot represent every user, input, or environmental change. Google Cloud’s production guidance describes continuous evaluation as capturing production outputs and tracking performance over time using user feedback, ground truth, and application-specific metrics.
Monitor changes in input topics, tool errors, latency, cost, human overrides, approval rejection rates, and business outcomes. Sample production traces for review while protecting sensitive data. When drift or a new failure appears, reproduce it safely, add it to the suite, and verify the fix against both the new case and the existing baseline.
The operating loop
- Specify the outcome and risk boundaries.
- Build representative tasks and graders.
- Run in a controlled environment and capture trajectories.
- Cluster failures by cause, not by surface symptom.
- Change prompts, context, tools, policy, or architecture.
- Compare with the baseline and release behind explicit thresholds.
- Monitor production and turn real failures into permanent tests.
This loop is the bridge between “the demo worked” and “the system can own the job.”