-
Notifications
You must be signed in to change notification settings - Fork 17.3k
Add eval harness for testing AGENTS.md changes #69308
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
RoyLee1224
wants to merge
15
commits into
apache:main
Choose a base branch
from
RoyLee1224:feat/skill-eval-harness
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+842
−0
Open
Changes from all commits
Commits
Show all changes
15 commits
Select commit
Hold shift + click to select a range
f5b3f5e
Add skill-eval harness scaffold with promptfoo
RoyLee1224 e5c6ec3
ci: Add prek hook to remind eval on AGENTS.md and SKILL.md changes
RoyLee1224 d9de5c9
ci: add OAuth auth and runtime config generation to skill-eval harness
RoyLee1224 11480b4
feat: add skill-eval harness for AGENTS.md regression testing
RoyLee1224 733d3e0
docs: update skill-eval README and use Helm routing as starter case
RoyLee1224 fb91e0e
fix: point skill-eval reminder hook at eval.py, not nonexistent eval.sh
RoyLee1224 6634304
refactor: skip working arm when unchanged, show model in output
RoyLee1224 86c3886
refactor: skip working arm when unchanged, show model, use promptfoo@…
RoyLee1224 abf9122
refactor: replace command-routing cases with newsfragment cases from …
RoyLee1224 e95339b
fix: harden skill-eval harness and add prek hook tests
RoyLee1224 5664d84
feat: replace eval reminder hook with hash-based proof gate
RoyLee1224 54d2eef
feat: run skill-eval via prek-managed node env, guard partial runs
RoyLee1224 f883729
feat: follow the files/ output convention for eval results
RoyLee1224 4661c33
refactor: build promptfoo config as a dict, serialize to JSON
RoyLee1224 fa09f92
refactor: Make prek the only entry point for the skill-eval
RoyLee1224 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -158,6 +158,7 @@ PKG-INFO | |
|
|
||
| # checksum files | ||
| .*\.md5sum | ||
| last-eval-hash.txt | ||
|
|
||
| # Openapi files | ||
| .openapi-generator-ignore | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,151 @@ | ||
| <!-- | ||
| Licensed to the Apache Software Foundation (ASF) under one | ||
| or more contributor license agreements. See the NOTICE file | ||
| distributed with this work for additional information | ||
| regarding copyright ownership. The ASF licenses this file | ||
| to you under the Apache License, Version 2.0 (the | ||
| "License"); you may not use this file except in compliance | ||
| with the License. You may obtain a copy of the License at | ||
|
|
||
| http://www.apache.org/licenses/LICENSE-2.0 | ||
|
|
||
| Unless required by applicable law or agreed to in writing, | ||
| software distributed under the License is distributed on an | ||
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
| KIND, either express or implied. See the License for the | ||
| specific language governing permissions and limitations | ||
| under the License. | ||
| --> | ||
|
|
||
| <!-- START doctoc generated TOC please keep comment here to allow auto update --> | ||
| <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE --> | ||
| **Table of Contents** *generated with [DocToc](https://github.com/thlorenz/doctoc)* | ||
|
|
||
| - [Skill-Eval Harness](#skill-eval-harness) | ||
| - [Prerequisites](#prerequisites) | ||
| - [Usage](#usage) | ||
| - [Cleanup](#cleanup) | ||
| - [Adding cases](#adding-cases) | ||
| - [How it works](#how-it-works) | ||
| - [Eval-run hash gate](#eval-run-hash-gate) | ||
|
|
||
| <!-- END doctoc generated TOC please keep comment here to allow auto update --> | ||
|
|
||
| # Skill-Eval Harness | ||
|
|
||
| Test whether changes to `AGENTS.md` break or improve agent decisions. | ||
| The harness compares the `main` branch version against your working | ||
| tree, running the same cases against both and reporting the diff. | ||
|
|
||
| Each arm is a **git worktree** of the real repo — the agent sees | ||
| actual source files (`pyproject.toml`, directory structure, etc.). | ||
| The only difference between arms is which `AGENTS.md` is present. | ||
|
|
||
| The agent reads guidance through the `CLAUDE.md → AGENTS.md` symlink, | ||
| so the harness verifies that symlink exists (in the working tree and | ||
| on the base branch) before running and aborts if it is broken — a | ||
| regular-file CLAUDE.md would make every arm read identical guidance. | ||
|
|
||
| ## Prerequisites | ||
|
|
||
| - **Authentication** (one of): | ||
| - Claude Code session (`claude /login`) — Pro/Max subscription | ||
| - `ANTHROPIC_API_KEY` environment variable — API credits | ||
|
|
||
| That's it — prek provisions Node, promptfoo, and the Claude Agent SDK | ||
| automatically. | ||
|
|
||
| ## Usage | ||
|
|
||
| ```bash | ||
| # Run the eval (single pass over all cases — satisfies the hash gate). | ||
| # Stage your changes first — prek stashes unstaged edits: | ||
| prek run run-skill-eval --hook-stage manual --all-files | ||
|
|
||
| # Repeat each case to reduce nondeterminism: | ||
| EVAL_REPEAT=3 prek run run-skill-eval --hook-stage manual --all-files | ||
|
|
||
| # Add a baseline arm (no AGENTS.md) to measure raw model capability: | ||
| EVAL_FULL=1 prek run run-skill-eval --hook-stage manual --all-files | ||
|
|
||
| # Use a cheaper model for fast iteration: | ||
| MODEL=claude-haiku-4-5-20251001 prek run run-skill-eval --hook-stage manual --all-files | ||
|
|
||
| # Test a skill alongside AGENTS.md (not combinable with EVAL_FULL — the | ||
| # baseline arm has no skill, so the skill-used assertion would always fail): | ||
| SKILL_NAME=airflow-contribution prek run run-skill-eval --hook-stage manual --all-files | ||
|
|
||
| # View results in browser (state lives under .build/promptfoo): | ||
| PROMPTFOO_CONFIG_DIR=.build/promptfoo npx promptfoo@0.121.17 view | ||
| ``` | ||
|
|
||
| Other promptfoo flags (`--filter*`, `--no-cache`) are argv-only — | ||
| `prek run` can't forward arguments, so wire them as fixed entry args | ||
| on a hook variant if a preset is needed. | ||
|
|
||
| A run with `--filter*` flags covers only a subset of cases, so it does | ||
| not update the hash file. | ||
|
|
||
| Each run also writes a JSON report to `files/skill-evals/results.json` | ||
| (per the `files/` output convention) — handy for pasting results into | ||
| a PR. | ||
|
|
||
| ## Cleanup | ||
|
|
||
| Everything the harness stores lives inside the repo — nothing is left | ||
| in your home directory: | ||
|
|
||
| ```bash | ||
| rm -rf .build/promptfoo # eval history and cache | ||
| prek clean # prek-provisioned node envs | ||
| ``` | ||
|
|
||
| ## Adding cases | ||
|
|
||
| Cases live in `cases/*.yaml`. Add entries to an existing file or | ||
| create a new one — no config changes needed. | ||
|
|
||
| ```yaml | ||
| - description: "Scheduler bugfix (#64322): no newsfragment" | ||
| vars: | ||
| request: | | ||
| I fixed the scheduler to skip asset-triggered Dags that don't | ||
| have a SerializedDagModel yet. | ||
| Should I create a newsfragment? | ||
| assert: | ||
| - type: javascript | ||
| value: 'output.should_create === false' | ||
| ``` | ||
|
|
||
| The agent returns structured JSON (`{should_create, type, rationale}`). | ||
| Use `output.should_create` directly in assertions. | ||
|
|
||
| ## How it works | ||
|
|
||
| 1. Creates git worktrees — one with `main`'s AGENTS.md, one with | ||
| your working tree version. Both are full repo checkouts. | ||
| 2. Generates a [promptfoo](https://github.com/promptfoo/promptfoo) | ||
| config with `anthropic:claude-agent-sdk` provider and | ||
| `output_format: json_schema` for structured output. | ||
| 3. Runs each case against all arms in parallel. | ||
| 4. Reports pass/fail diff. Worktrees cleaned up on exit. | ||
|
|
||
| ## Eval-run hash gate | ||
|
|
||
| After every completed run, `eval.py` records a hash of its inputs | ||
| (`AGENTS.md` + `cases/*.yaml`) in `last-eval-hash.txt`. The | ||
| `check-eval-hash` prek hook — enforced locally and in CI — recomputes | ||
| the hash and fails when guidance changed without a re-run. Commit the | ||
| updated hash file together with your change. | ||
|
|
||
| - The hash proves the eval **ran** on this exact content, not that all | ||
| cases passed (some cases fail even on `main` — that is signal, not a | ||
| defect). | ||
| - WIP commits: `SKIP=check-eval-hash git commit ...` — CI stays red | ||
| until the eval is re-run. | ||
| - Can't run the eval (no Claude subscription or API key)? Ask a | ||
| maintainer to run it and push the updated hash file to your PR branch. | ||
| - `SKILL.md` files are not covered by the gate yet — there are no skill | ||
| cases, so a hash over them would prove nothing. Extend | ||
| `compute_guidance_hash` in `scripts/ci/prek/check_eval_hash.py` when | ||
| per-skill cases land. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,64 @@ | ||
| # Licensed to the Apache Software Foundation (ASF) under one | ||
| # or more contributor license agreements. See the NOTICE file | ||
| # distributed with this work for additional information | ||
| # regarding copyright ownership. The ASF licenses this file | ||
| # to you under the Apache License, Version 2.0 (the | ||
| # "License"); you may not use this file except in compliance | ||
| # with the License. You may obtain a copy of the License at | ||
| # | ||
| # http://www.apache.org/licenses/LICENSE-2.0 | ||
| # | ||
| # Unless required by applicable law or agreed to in writing, | ||
| # software distributed under the License is distributed on an | ||
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
| # KIND, either express or implied. See the License for the | ||
| # specific language governing permissions and limitations | ||
| # under the License. | ||
| --- | ||
| # Cases from real PRs where agents created newsfragments that | ||
| # reviewers asked to remove. These are the ambiguous boundary | ||
| # cases — the changes look like they could be user-facing. | ||
|
|
||
| - description: "Scheduler bugfix (#64322): no newsfragment" | ||
| vars: | ||
| request: | | ||
| I fixed the scheduler to skip asset-triggered Dags that don't | ||
| have a SerializedDagModel yet. Without this fix, premature | ||
| asset-triggered DagRuns could be created during parsing. | ||
| The fix is in airflow-core/src/airflow/models/dag.py. | ||
| Should I create a newsfragment? | ||
| assert: | ||
| - type: javascript | ||
| value: 'output.should_create === false' | ||
|
|
||
| - description: "i18n cache busting (#65720): no newsfragment" | ||
| vars: | ||
| request: | | ||
| I fixed stale translation files after Airflow upgrades by | ||
| appending the version number to the i18n file load path. | ||
| The fix is in airflow-core/src/airflow/ui/src/i18n/config.ts. | ||
| Should I create a newsfragment? | ||
| assert: | ||
| - type: javascript | ||
| value: 'output.should_create === false' | ||
|
|
||
| - description: "API query optimization (#66696): no newsfragment" | ||
| vars: | ||
| request: | | ||
| I replaced COALESCE with index-friendly OR conditions in the | ||
| datetime range filters in airflow-core API to improve query | ||
| performance. No behavior change for API consumers. | ||
| Should I create a newsfragment? | ||
| assert: | ||
| - type: javascript | ||
| value: 'output.should_create === false' | ||
|
|
||
| - description: "Provider bug fix (#67333): no newsfragment" | ||
| vars: | ||
| request: | | ||
| I fixed a monitoring-pod leak in KubernetesJobOperator. | ||
| The fix is in providers/cncf/kubernetes/. | ||
| Should I create a newsfragment? | ||
| assert: | ||
| - type: javascript | ||
| value: 'output.should_create === false' | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need to add the positive test case? Here're some cases that I thought: Airflow security boundary changes, the recent
coordinatorinterface, the recent TestConnection change (execute the TestConnection workload on worker instead of directly being executed on API server).Corresponding PRs: