A practical guide to scenarios, golden tasks, tool traces, and acceptance thresholds
Agent workflows do not fail like ordinary code. The output may look acceptable while the plan, tool use, or policy path regressed. That is why evaluation for agents needs a different mental model than unit testing: not perfect determinism, but repeatable signal strong enough to support shipping decisions. This is an inference from the project brief, not a measured claim.
If you are building agentic workflows, the hard part is not scoring a response after the fact. The hard part is deciding what good behavior looks like before the workflow ships. This is a framing choice drawn from the brief.
This post is about a practical agent evaluation framework: a living bundle of scenarios, golden tasks, tool-trace assertions, and acceptance thresholds. That bundle should be versioned with the workflow and updated whenever prompts, tools, policies, or routing change.
A useful eval harness is not a benchmark. It is a production artifact.
What this post is
- A production-engineering guide to agent eval harness design
- A way to turn open-ended agent behavior into repeatable pass/fail checks
- A framework for keeping evaluation current as the workflow changes
What this post is not
- A claim that agent evaluation is solved
- A universal scoring method for every workflow
- A set-and-forget system
- A product-specific tutorial
Traditional unit tests work well when inputs, outputs, and failure modes are narrow enough to specify exactly. Agent workflows are usually not that tidy.
An agent may return different text on different runs and still be acceptable. It may also return the “right” answer while taking a bad path: calling the wrong tool, skipping a required approval, or violating a policy boundary. Those are different classes of failure, and exact string matching will only catch a subset of them.
That is the key mental shift:
Figure description: a four-stage harness model. Scenarios define coverage, golden tasks define expected behavior, tool-trace assertions check execution path, and acceptance thresholds decide ship / no-ship.
If your current test suite is mostly string comparisons, it is probably doing useful work in narrow cases. But it is not enough for open-ended agent outputs by itself.
Open-ended outputs can be acceptable in several different forms. That makes exact-match scoring a poor primary signal for many agent workflows.
This does not mean exact match is useless. It is still appropriate when the output is fixed-format, highly constrained, or downstream systems require a strict schema. The limitation is scope: exact match is too brittle when the acceptable output space is broader than one string.
The failure mode to watch is subtle:
If you do not define acceptance criteria up front, reviewers end up inventing them after the fact. The harness should encode the important outcome, not every detail of the text.
| Approach | Good for | Weakness when used alone |
|---|---|---|
| Exact match | Fixed-format outputs, narrow tasks | Too brittle for acceptable variation |
| Logs | Debugging and observability | Shows what happened, not whether it was acceptable |
| Human review | Ambiguous or policy-sensitive cases | Slow and inconsistent without explicit criteria |
| Benchmarks | Broad comparisons across systems | Often misses workflow-specific failures |
| Harness-based evals | Shipping decisions for a specific workflow | Requires ownership and maintenance |
The point is not that one of these replaces the others. The point is that each covers a different slice of the problem.
Agent workflows introduce several kinds of drift that ordinary software tests often do not model well:
Those changes can invalidate assumptions in the eval suite even when the surrounding application code looks stable. A harness that was accurate last month may become stale if the workflow now plans differently, calls different tools, or follows different escalation rules.
That is why tool traces matter. Two outputs that look similar may have been produced through very different execution paths, and those paths may not be equally acceptable.
A test suite that is too rigid will age quickly. A test suite that is too loose will not catch regressions.
There is no universal scoring method that works for every workflow, so the harness has to be tailored to the decision the workflow is making.
See also: The Agent Loop Thinks. The Control Plane Decides. for the control-plane framing behind this idea.
This is the most common objection, and it is partly right.
Logging tells you what happened. It does not tell you whether what happened was acceptable. You still need criteria.
Human review is necessary in many workflows, especially when policy, safety, or business judgment is involved. But if review is not anchored to explicit acceptance criteria, it becomes a vibe check with a long turnaround time.
Debugging is local. Regression testing is comparative. A workflow that “looks fine” in one review can still drift in ways that matter later.
So the answer is not “replace humans.” The answer is “make human judgment explicit, bounded, and reusable inside the eval harness.”
The memorable unit is simple:
Scenarios tell you what to test, golden tasks tell you what good looks like, tool traces tell you how the agent got there, and acceptance thresholds tell you when to ship.
Scenarios describe the situations the workflow must handle. They are not just test cases; they are the decision points, risk boundaries, and user intents that matter.
Good scenarios usually map to:
A scenario should answer: What situation are we trying to cover?
A golden task captures what acceptable behavior looks like for a representative case. It does not have to prescribe exact prose. It should specify the outcome shape, the required conditions, and any disallowed behaviors.
A golden task should answer: What does “good” mean here?
Tool traces are where agent evaluation becomes materially different from text-only testing. If a task should be resolved with a specific tool, a bounded sequence of tools, or a required escalation path, the trace is part of the behavior.
A trace assertion should answer: How did the agent get there, and was that path acceptable?
Thresholds make the evaluation actionable. They should be explicit before the test runs, not adjusted after a failure.
A threshold should answer: Is this good enough to ship?
This four-part bundle is not a universal standard. It is a practical framework for production decisions.
| Approach | Good for | Weakness when used alone |
|---|---|---|
| Exact match | Fixed-format outputs, narrow tasks | Too brittle for acceptable variation |
| Logs | Debugging and observability | Shows what happened, not whether it was acceptable |
| Human review | Ambiguous or policy-sensitive cases | Slow and inconsistent without explicit criteria |
| Benchmarks | Broad comparisons across systems | Often misses workflow-specific failures |
| Harness-based evals | Shipping decisions for a specific workflow | Requires ownership and maintenance |
The framework works only if each layer catches a different class of regression.
If the workflow has distinct branches, policy boundaries, or risk levels, those should appear in the scenario set. The goal is coverage that mirrors the workflow, not a generic benchmark suite.
Use scenarios to represent:
For open-ended agent outputs, “golden” usually means “acceptable behavior under defined conditions,” not “one exact response string.”
A golden task can specify:
Not every step needs to be checked. The useful assertions are the ones that prevent meaningful regressions:
Be careful not to overfit trace checks to one implementation path. If the path is merely one acceptable way to solve the task, hard-coding it may create false failures when the workflow improves.
Thresholds should be tied to the business or operational consequence of failure. In practice, that usually means distinguishing between:
If a scenario is safety-critical, the threshold should be stricter. If it is an exploratory path, the threshold may tolerate more variation. The point is to encode that decision explicitly.
| Layer | Example question | What it catches |
|---|---|---|
| Scenario | Did we cover this user intent or risk boundary? | Missing coverage |
| Golden task | Did the result satisfy the expected outcome? | Wrong or incomplete behavior |
| Tool trace | Did the agent take an acceptable path? | Bad execution path |
| Threshold | Did the workflow meet ship criteria? | Overall regression decision |
If an eval case is hard to read, it will be hard to maintain.
A maintainable harness usually keeps scenario definitions, golden tasks, trace assertions, and thresholds in source control. That makes the harness a first-class engineering artifact rather than an ad hoc collection of review notes.
See also: Agentic AI Operating Model: Assign Decision Rights Before You Add Autonomy for the operating-model angle behind this pattern.
Below is a framework-agnostic shape, not a product-specific format.
scenario: "User asks for a refund after a failed service action"
goal:
outcome: "Refund is approved or escalated according to policy"
disallowed:
- "Invent a refund without policy basis"
- "Bypass mandatory review"
trace_assertions:
- "Use policy lookup before decision"
- "Escalate if refund amount exceeds approval boundary"
threshold:
pass_if:
- "Required policy step completed"
- "No forbidden path taken"
- "Final outcome matches policy"
review_notes:
- "Human review required if policy is ambiguous"
The important part is not the syntax. The important part is that the evaluation criteria are explicit, reviewable, and versioned with the workflow.
scenario: "Describe the real user intent or risk boundary"
goal:
outcome: "State the acceptable result shape"
required:
- "Required condition or action"
disallowed:
- "Forbidden action or path"
trace_assertions:
- "Important tool or escalation constraint"
threshold:
pass_if:
- "Outcome is acceptable"
- "Required path constraint is met"
review_notes:
- "Human judgment needed when criteria are ambiguous"
| Copy this | Don’t copy this |
|---|---|
| Encode required conditions, forbidden behaviors, and escalation rules in the eval case. | Rely on reviewer intuition after the fact. |
| Version the harness with the workflow. | Freeze the harness while the workflow changes. |
| Check both outcome and path when the path matters. | Use exact string matching as the only signal for open-ended behavior. |
| Treat production failures as harness updates, not just workflow bugs. | Patch only the code and leave the eval suite stale. |
The harness should change when the workflow changes. Freezing the harness is how you end up with stale confidence.
Figure description: prompts, tools, routing, and policy changes feed into a refresh loop that updates scenarios, golden tasks, trace assertions, and thresholds.
If prompts, tools, routing logic, or policy rules live in source control, the eval suite should too. That keeps evaluation from drifting away from the thing it is supposed to measure.
When the workflow changes, ask:
Some checks should remain stable even if the implementation changes. For example, a workflow may switch tools without changing the required outcome or policy boundary. If your trace assertions are too implementation-specific, they will churn unnecessarily.
Not every case should be reduced to a deterministic check. For those cases, put the human review criteria in the harness itself so the review is repeatable.
Production or staging regressions are useful data. They tell you where the harness missed a meaningful failure, which is often the fastest way to find missing scenarios or weak thresholds.
A harness deserves its own validation loop.
Figure description: when a production or staging issue appears, compare targeted human review with the harness result. If the harness missed a meaningful failure, add or update a scenario, adjust a threshold, or revise a trace assertion.
A useful harness should do at least four things:
This is less about generating a score and more about checking whether the harness still reflects reality.
When you find those cases, do not just fix the failing test. Decide whether the problem is the scenario, the golden task, the trace assertion, or the threshold. That distinction matters because each points to a different kind of maintenance work.
I would avoid claiming that a better harness magically improves every agent workflow. We do not have evidence for that here, and evaluation quality depends on the workflow, the constraints, and the team maintaining it.
What you should expect, in practical terms, is:
The main win is not a higher score. It is a more reliable decision process for shipping changes.
See also: Control Plane vs Agent Loop: A Production Architecture for Safe, Auditable Agentic Systems for the broader architecture context.
This is the part people skip, and it is where the maintenance cost lives.
If the suite is not maintained, it will eventually stop reflecting real usage. That creates false confidence.
User expectations and policy can change. A golden task that encoded last quarter’s behavior may no longer be valid today.
If your checks are too specific, a legitimate routing or tool change can trigger failures even though the workflow is still correct.
If acceptance criteria are vague or overly permissive, you may ship behavior that is technically passing but operationally wrong.
A living harness is not free. Someone has to curate scenarios, review thresholds, and decide when a change in the workflow should trigger a change in the tests.
| Failure mode | What it looks like | Why it matters |
|---|---|---|
| Scenario coverage drift | The suite no longer reflects current product behavior | Creates false confidence |
| Golden tasks go stale | Tasks encode outdated policy or user expectations | Passing tests can still reflect the wrong behavior |
| Trace assertions overfit | Tests fail after legitimate routing or tool changes | Causes churn without improving signal |
| Thresholds are too loose | Passing behavior is operationally wrong | Lets regressions ship |
| Harness has no owner | No one refreshes tests after workflow changes | The suite degrades over time |
See also: The Agent Loop Ceiling: When LLM Agents Need More Than a Prompt, Tools, and a While Loop for the point where a prompt-and-loop approach starts to run out of room.
If you are starting from scratch, or cleaning up a brittle suite, use this sequence:
If you are reviewing an existing suite, ask:
See also: Boundaries are your friends for a boundary-first way to think about this kind of design.
The safest way to think about agent evaluation is not as a post-launch checklist. It is part of workflow design.
The useful unit is the bundle:
Because agent behavior can drift in planning, tool use, and policy decisions even when surrounding software looks stable, the harness has to evolve with the workflow.
That is the real production lesson:
Open-ended outputs still need concrete pass/fail criteria somewhere in the workflow.
The job of the eval harness is to make those criteria explicit, maintainable, and current.
Founder & CEO
Agent workflows can look fine while the plan, tool use, or policy path regresses. This guide shows how to build an eval harness around scenarios, golden tasks, tool traces, and acceptance thresholds—and keep it current as the workflow changes.
A practical framework for bringing cloud economics into architecture review without turning it into a finance gate: name the dominant cost driver, surface hidden spend, and make reliability-vs-spend tradeoffs explicit.
“Let the agent decide” sounds decisive until you have to answer: decide what, under which permissions, and with what stop condition? This post gives production AI teams a boundary model for agent decision rights, escalation, kill switches, and scope review.
A practical architecture model for agentic systems: keep reasoning in the loop, but move policy, approvals, audit, retries, and rollback into a deterministic control plane before side effects happen.