Your CI pipeline is green. Every test passes. Then the agent hits production and confidently tells a customer the wrong return policy — in grammatically perfect prose.
This isn’t a test coverage problem. It’s a test type problem. Traditional software testing was built for deterministic functions. CI/CD pipeline AI agent evals are what you need when your function’s output is probabilistic, open-ended, and scored rather than matched.
The good news: you already know how to do this. You just need the translation.
Why Your Test Suite Goes Green While Your Agent Ships Nonsense
A traditional assertion checks an exact condition. assert response == "Order confirmed" either passes or fails. LLM output doesn’t work that way.
An agent might respond with “Your order has been confirmed successfully!” — syntactically correct, grammatically perfect, and completely wrong if it called the wrong API endpoint first. The string is truthy. The test passes. The customer’s order is lost.
This is the silent failure mode of deterministic assertions on non-deterministic output. The response is never exactly what you hardcoded, so you write looser checks (assert "confirmed" in response), and the check becomes meaningless.
The fundamental shift you need is from exact match to scored thresholds. Instead of asking “is this the right answer?” you ask “does this response meet quality criteria at a score above 0.8?” That mental model change — from binary pass/fail to scored evaluation — is the foundation everything else builds on.
The Conceptual Mapping: From Unit Tests to AI Evals
Here’s what most onboarding guides skip: every concept you use in traditional software testing has a direct equivalent in AI eval frameworks. You’re not learning from scratch. You’re translating.
| Traditional Testing | AI Eval Equivalent |
|---|---|
| Unit test | Component eval (single LLM call or tool) |
| Integration test | End-to-end trajectory eval |
| Assertion | Metric score with pass threshold |
| Test runner (pytest) | DeepEval test run |
| Golden fixture / expected output | Golden dataset |
| Code coverage % | Eval pass rate % |
| Flaky test | Non-deterministic eval (requires multiple runs + averaging) |
When you write a unit test, you’re isolating one function and asserting it behaves correctly. When you write a component eval, you’re isolating one LLM call — say, the intent classification step — and scoring whether it produces the right category above a threshold.
When you write an integration test, you’re checking that multiple components work together. When you write a trajectory eval, you’re checking that the agent called the right tools in the right order with valid inputs before producing its response.
The vocabulary changes. The engineering instincts don’t.
The Three-Tier Eval Stack Every Agentic CI/CD Pipeline Needs
Not all evals are created equal. Running full end-to-end trajectory evaluations on every commit will slow your pipeline to a crawl — and developers will start bypassing it. Structure your eval stack exactly like a testing pyramid.
Tier 1: Component evals (fast, cheap, every commit)
Component evals target individual steps: a single LLM call, a single tool invocation, a single retrieval. They run in seconds, cost fractions of a cent, and give immediate feedback on the behavior that matters most locally.
Good candidates:
– Intent classification accuracy
– Entity extraction correctness
– RAG retrieval relevance
– Single-turn response faithfulness and answer relevance
Tier 2: End-to-end trajectory evals (PR-level gate)
These test the full agent workflow — did it call the right tools in the right order? Did it complete the task without hallucinating intermediate steps? These are expensive and slower (often 5–15 minutes), so trigger them at the PR merge gate, not on every push.
DeepEval v3.0 evaluates whether tools were invoked correctly, in the right order, and with valid arguments — extending the Pytest-style workflow developers already know to full agent trajectory scoring.
Tier 3: Regression evals (scheduled, catch silent drift)
Model providers update models. You update prompts. Either change can silently degrade quality with no code diff to blame. Regression evals run your golden dataset against the latest agent version on a schedule — daily or weekly — and alert when scores drop below a defined baseline.
This is the tier most teams skip. It’s also the tier that catches the “worked fine last week” production incidents.
LLM-as-Judge — When to Use It and When Not To
LLM-as-Judge means using a language model to evaluate another language model’s output. Done correctly, it’s the most scalable way to evaluate open-ended responses that can’t be checked with a regex or schema validator.
Use LLM-as-Judge when:
– The output is open-ended prose (summaries, explanations, recommendations)
– You’re evaluating semantic correctness, not syntactic correctness
– The criteria require natural language reasoning (e.g., “Is this response factually grounded in the provided context?”)
Use deterministic heuristics when:
– You can validate with a regex, JSON schema, or format check
– The output should match a known structure (dates, codes, structured data)
– Latency and cost are critical constraints
– You need 100% reproducibility in your eval results
The circular evaluation trap: Don’t use the same model as both the agent and the judge. If GPT-4o writes the response, use Claude Sonnet or Gemini as the judge. A model evaluating its own output patterns shows systematic bias toward its own style — not objective quality.
Rule of thumb: The judge model should be at least as capable as — and architecturally different from — the model being judged.
A practical decision tree: start with deterministic checks for anything you can check deterministically. Escalate to LLM-as-Judge only for what genuinely requires semantic reasoning. This keeps costs predictable and your fast eval tier fast.
Trajectory Analysis: Testing the How, Not Just the What
A multi-step agent doesn’t just produce an output — it takes a path. That path matters. An agent that gives the right final answer by calling the wrong APIs in the wrong order isn’t reliable. It got lucky.
Trajectory analysis validates the process, not just the result:
– Did the agent call search_knowledge_base before generate_response?
– Did it invoke verify_user_permissions at all?
– Did it pass valid arguments to create_order, or hallucinate a nonexistent product ID?
Setting up trajectory evals with DeepEval v3.0:
from deepeval import evaluate
from deepeval.metrics import TaskCompletionMetric, ToolCorrectnessMetric
from deepeval.test_case import LLMTestCase, AgentStep
steps = [
AgentStep(tool_name="search_knowledge_base", tool_input={"query": "return policy"}),
AgentStep(tool_name="generate_response", tool_input={"context": "..."}),
]
test_case = LLMTestCase(
input="What is your return policy?",
actual_output=agent_response,
agent_steps=steps
)
evaluate([test_case], metrics=[
TaskCompletionMetric(threshold=0.8),
ToolCorrectnessMetric(threshold=0.9)
])
This is the same pytest-style workflow you already use. The metrics are scoring tool behavior, not string equality. For more complex multi-agent workflows, the open-source AgentEvals library provides trajectory comparison utilities that let you define an expected tool-call sequence and measure deviation from it.
CI/CD Pipeline AI Agent Evals: The GitHub Actions Blueprint
Most integration guides show you a standalone eval setup that implies ripping out your existing pipeline. You don’t need to do that. You need to add an eval job alongside your existing test jobs.
Here’s a minimal DeepEval integration for an existing GitHub Actions workflow:
eval:
runs-on: ubuntu-latest
needs: [test] # runs after your existing tests pass
if: github.event_name == 'pull_request'
env:
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
DEEPEVAL_API_KEY: ${{ secrets.DEEPEVAL_API_KEY }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.11"
- run: pip install deepeval
- name: Run evals against golden dataset
run: |
deepeval test run tests/evals/ \
--dataset golden_dataset.json \
--fail-on threshold=0.75
- name: Upload eval report
if: always()
uses: actions/upload-artifact@v4
with:
name: eval-results
path: deepeval_results.json
Key decisions in this blueprint:
needs: [test]— evals only run if your existing unit and integration tests pass first. No wasted eval compute on broken code.if: github.event_name == 'pull_request'— trajectory evals gate at PR level, not on every push to a feature branch.--fail-on threshold=0.75— this is your quality gate. PRs that drop eval scores below 75% don’t merge.if: always()on the artifact upload — you get the eval report even when the job fails. Critical for debugging why a threshold was missed.
For component evals on every commit push, add a separate job without the PR filter and point it at your fast, heuristic-only eval suite.
Versioning the New Artifacts: Prompts, Model Configs, and Eval Datasets in Git
Here’s a conversation that happens in nearly every team around month two of production:
“The agent was working fine last week. Something changed but I can’t reproduce it.”
Nine times out of ten, someone updated a prompt or changed the model version outside of Git. There was no diff. No code review. No rollback path.
The fix is simple but requires discipline: treat prompts, model configurations, and eval datasets as first-class versioned artifacts.
├── prompts/
│ ├── intent_classifier_v3.txt
│ └── response_generator_v7.txt
├── config/
│ └── model_config.yaml # model name, temperature, max_tokens
└── tests/
└── evals/
├── golden_dataset.json # input/expected output pairs
└── regression_baseline.json
Practical rules:
– Prompt changes go through PR review, the same as code changes
– Model version is pinned in model_config.yaml, not hardcoded in application logic
– When you update a golden dataset entry, explain why in the commit message
– Tag releases with the model version so you can correlate production incidents to specific configs
This structure makes rollback trivial. When a model update breaks your eval scores, git revert the config change and redeploy. The incident that used to require hours of archaeological debugging becomes a five-minute fix.
The Fast/Slow Split — Keeping Eval Feedback Loops Under 3 Minutes
Slow feedback loops are the biggest reason teams abandon thorough AI testing. If running evals takes 20 minutes, developers stop running them locally — and eventually stop caring when the CI gate is slow.
The two-tier split solves this directly.
Fast tier (target: under 3 minutes, every commit push):
– Deterministic heuristic checks — schema validation, format checks, regex assertions
– Component evals using embeddings-based similarity metrics rather than LLM-as-Judge
– Cached evaluation results for stable input/output pairs
Slow tier (10–20 minutes, PR merge gate only):
– Full trajectory evals with LLM-as-Judge scoring
– End-to-end agent runs against the complete golden dataset
– Regression comparison against the last-known-good baseline scores
The fast tier gives developers the immediate feedback that makes test-driven development work. You break something, you know in three minutes. The slow tier gives you the deep quality signal before code ships.
One more cost lever worth implementing early: eval result caching. If the agent input and system prompt haven’t changed since the last eval run, serve the cached result. DeepEval and most eval frameworks support this. A cached eval runs in milliseconds and costs nothing.
Organizations that implement structured LLM evaluation processes report accuracy improvements of 35–40% and 5–10× faster iteration on prompt and model updates (Maxim AI, 2025). Continuous evals don’t just catch regressions — they accelerate the entire improvement cycle.
The 52% Gap: Why Evals Are the Feedback Loop You’re Missing
Here’s a statistic worth sitting with: 89% of teams have implemented observability for their AI agents, but only 52% have implemented evals — a 37-point gap (LangChain State of AI Agents Report 2025, 1,340 respondents).
Observability gives you logs. Evals give you a quality signal. Logs tell you what happened. Evals tell you whether it was any good.
Most teams add tracing first because it maps directly to debugging traditional services. But tracing without evals is like having perfect access logs and no error rate metrics. You can see every request. You have no idea how many of them were wrong.
Quality is the #1 barrier to AI agent deployment, cited by 32% of the same respondents. With Gartner projecting that 40% of enterprise applications will integrate task-specific AI agents by the end of 2026 — up from less than 5% in 2024 — the teams that close the observability-evals gap are the ones who will ship with confidence. The ones who don’t are the ones with “flaky” production agents they can’t reproduce or debug.
The CI/CD pipeline AI agent evals workflow described in this guide isn’t extra work on top of shipping agents. It is the shipping process, done right.
Start With One Eval, Not a Platform Migration
Adapting your CI/CD pipeline for AI agent evals doesn’t require abandoning what you already know — it requires translating it. Unit tests become component evals. Integration tests become trajectory evals. Assertions become scored thresholds.
The feedback loops, quality gates, and version control discipline you already practice apply directly, with different tooling and a probabilistic rather than binary mindset.
Every concept you have maps to something in the eval world. The table in this guide is your Rosetta Stone.
Pick the one component in your agent you trust the least — the step that makes you nervous in code review — and write your first eval for it this week. Add it to your existing test suite alongside your current tests, set a threshold you can defend, and wire it into CI. One eval changes the feedback loop. A tiered stack changes how your whole team ships.