Quick answer: An agent eval harness is a versioned, scenario-based evaluation setup that decides whether an agent workflow is still safe, accurate, and acceptable to ship—especially as prompts, tools, routing, and policies change over time (workflow drift).
This article is a practical build guide. You’ll learn what to include, how to design eval cases, how to set pass/review/fail thresholds, how to integrate bounded human review, and how to keep the agent eval harness current so it doesn’t become stale.
What an agent eval harness is (and what it is not)
Definition: An agent eval harness is a repeatable test system for agentic workflows that checks behavior (outcomes + execution paths), not only whether a response “looks plausible.”
In practice, a solid agent eval harness is built from four cooperating layers:
- Scenarios: what real situation you’re testing (routine, boundary, unsafe, escalation, etc.).
- Golden tasks: what “good” behavior looks like for that scenario (outcome shape + conditions + disallowed actions).
- Tool-trace assertions: what execution path constraints must hold (required tools, order, forbidden shortcuts, escalation boundaries).
- Acceptance thresholds: the release decision rule (must pass vs pass with review vs informational).
What it is not:
- Not a benchmark. Benchmarks compare systems or capabilities broadly; an agent eval harness is tailored to a specific workflow’s shipping criteria.
- Not just observability. Logs tell you what happened; the harness is what tells you whether it meets your decision criteria and prevents regressions.
- Not a frozen test suite. A harness is a living specification that evolves with the workflow.
Why an agent eval harness must survive workflow drift
Key idea: Workflow drift is what happens when your agent workflow changes in ways that make old checks stale or misleading—even if outputs still look “mostly right.”
Agent systems drift because they are not just code. They are socio-technical pipelines made of prompts, tools, routing/decision logic, and policy boundaries. Over time:
- Prompt drift: instructions change; behavior changes.
- Tool drift: tool availability, schemas, permissions, or results change.
- Routing drift: the same user request may be routed through a different decision path.
- Policy drift: approval, escalation, refusal, or safety boundaries change.
The risk is subtle: a casual reviewer may still see a reasonable answer, but the workflow may have started taking a path you no longer accept (or it may have started failing boundary conditions you depend on).
A good agent eval harness is designed to detect those shifts before they reach production by explicitly encoding your decision criteria and the execution-path constraints that matter.
Suggested filename recommendation: agent-eval-harness-four-part-bundle.svg
Before you build: decide what “good” means for your agent workflow
Direct answer: Start by writing your agent workflow’s decision points and your shipping criteria—not by choosing an evaluation framework or writing ad hoc checks.
For agent systems, “the decision point” is the moment where the workflow can legitimately choose among different outcomes, paths, escalations, or refusal behaviors. Regressions hide exactly there.
That’s also why a helpful agent eval harness is scenario-based. Each scenario forces the workflow through a meaningful boundary of the system you’re trying to protect.
What to include in every agent eval harness
Practical rule: Include scenarios, golden tasks, tool-trace assertions, and acceptance thresholds. Then version the harness with the workflow.
Component map (featured-snippet friendly)
| Harness component | What it checks | What it prevents |
|---|---|---|
| Scenario | Whether you tested the right real situation | Missing coverage of boundary/brittle cases |
| Golden task | Whether the outcome shape matches acceptable behavior | Passing “reasonable prose” while violating policy/conditions |
| Tool-trace assertion | Whether execution path constraints hold | Passing outputs via the wrong path (unsafe/forbidden shortcuts) |
| Acceptance threshold | Whether the case is blocking, review-required, or informational | Ambiguous “did it pass?” release decisions |
A build sequence for an agent eval harness (step-by-step)
Direct answer: Use this sequence. Each step produces an artifact you can review, version, and improve.
- Identify the workflow’s real decision points. Where can it refuse, escalate, choose a path, or call tools differently?
- Write scenarios around those decisions. Include routine paths and failure-prone boundaries.
- Define a golden task per scenario. Specify outcome shape, required conditions, disallowed behavior, and when escalation must happen.
- Add tool-trace assertions only where path constraints matter. Required tool use, order, forbidden tools, escalation triggers, boundary checks.
- Set acceptance thresholds before you run the evaluation. Pick pass vs pass-with-review vs fail based on consequence, not convenience.
- Store the harness in version control. Treat it like a product artifact, not a local experiment.
- Refresh the harness when the workflow changes. Prompts, tools, routing, and policies should trigger harness maintenance.
Minimum viable agent eval harness (MVI)
If you need to start small:
- 10–20 scenarios reflecting real user intents and risk boundaries.
- 1 golden task per scenario (define outcome shape and disallowed behavior).
- Trace assertions only for the path constraints that truly matter.
- Clear pass/review/fail thresholds (even if thresholds are simple to start).
- One named owner responsible for maintaining scenario quality and keeping it aligned with the workflow.
Once this base harness exists, you can expand coverage and strengthen trace assertions around your highest-risk decision points.
How to design scenarios that actually catch regressions
Direct answer: Scenarios should represent real decision points, not generic prompts. A regression should be detectable if the scenario fails.
Strong scenarios usually come from:
- real user behavior patterns
- policy boundaries and refusal/escalation rules
- operational risk (cases where wrong actions cost money or time)
- previous failures or near-misses
Scenario types and what they cover
| Scenario type | What it covers | Why it matters for drift |
|---|---|---|
| Routine | Common, expected user requests | Detects accidental breakage in the “happy path” decision logic |
| Ambiguous | Requests with incomplete or conflicting information | Exposes whether the workflow asks the right follow-ups or escalates properly |
| Boundary | Requests near approval, capability, or policy limits | Most likely to reveal “almost right but wrong boundary handling” regressions |
| Unsafe | Requests the workflow should refuse or stop | Verifies safety enforcement and refusal correctness under drift |
| Escalation | Cases that require human review or controlled handoff | Ensures the workflow knows when it must not proceed autonomously |
| Known failure | A case that previously broke or nearly broke | Prevents silent reintroduction of prior regressions |
Scenario design checklist
- Maps to real intent or operational decision (not just a theoretical test).
- Captures a failure that would matter in production.
- Is specific enough that two reviewers interpret the scenario similarly.
- Avoids accidental dependency on implementation details (like a particular wording or tool name when it shouldn’t matter).
- Is understandable by future maintainers (good scenarios explain the “why,” not just the “what”).
If answers to these are “no,” the scenario likely needs more context, better framing, or a narrower target boundary.
How to write golden tasks without overfitting wording
Direct answer: A golden task should specify acceptable outcome shape (conditions, required steps, disallowed behavior, escalation), not a single fixed response string—unless your output is truly constrained.
A common brittleness mistake is to write the exact prose you hope the model emits, then turn that into a fixed string comparison. That works only when output space is extremely constrained (for example, strict JSON schemas in downstream systems). For open-ended agentic behavior, it’s usually too narrow.
Golden task: what to specify
| Golden task element | What to specify | Typical example (shape) |
|---|---|---|
| Outcome | The acceptable end state | Approved / denied / escalated according to policy |
| Required conditions | Facts or checks that must happen before the outcome | Policy lookup before making a decision |
| Disallowed behavior | Actions the workflow must not take | Do not invent a basis that policy doesn’t support |
| Escalation rule | When the workflow must stop or hand off | Escalate when amount exceeds an approval boundary |
| Evidence notes | What a reviewer should inspect to judge the case | Tool call evidence, rationale, or handoff record |
Golden task principle: If a reviewer can’t judge the outcome against the golden task without guessing, your golden task criteria are probably ambiguous.
Golden task example (YAML-style)
scenario: "User asks for a refund after a failed service action"
goal:
outcome: "Refund is approved, denied, or escalated according to policy"
required:
- "Check policy before making a decision"
- "Use the current account or order state"
disallowed:
- "Invent a refund basis that is not supported by policy"
- "Bypass mandatory review for high-value refunds"
review_notes:
- "Human review required if policy text is ambiguous"
Golden task mistakes to avoid
- Exact prose lock-in as the only “coverage.”
- Mixing business policy with implementation detail in the same check.
- Omitting disallowed behavior, making the task too permissive.
- Over-broad goals that no reviewer can reliably judge.
- Forgetting to update success criteria when the workflow changes.
How to use tool-trace assertions without overfitting implementation
Direct answer: Use tool-trace assertions to verify path constraints—the requirements that make one execution path acceptable and another unacceptable.
Agent evaluation differs from plain text evaluation because the same outcome can sometimes be reached through multiple paths. Some paths might violate your safety, policy, auditability, or escalation requirements.
Tool-trace assertions are most valuable when the workflow must:
- call a specific tool before making a decision
- use tools in a required order
- avoid forbidden tools or forbidden shortcuts
- escalate after a boundary is reached
- produce a trace that supports later audit
Tool-trace assertion types
| Trace assertion type | What it protects | Example constraint (shape) |
|---|---|---|
| Required tool use | Ensures the agent looked up the right information | Policy lookup before answering |
| Tool order | Ensures prerequisites happen first | Authenticate before fetching sensitive records |
| Forbidden tool | Prevents unsafe or disallowed paths | Do not use a write tool without approval |
| Escalation trace | Verifies the handoff happened when required | Escalate high-risk decisions to a human |
| Boundary check | Protects policy or approval limits | Stop when amount exceeds the limit |
Control-plane alignment (why it can make harnessing cleaner)
When your architecture separates decision logic (control plane) from execution logic (agent loop), the harness can sometimes assert control-plane expectations more cleanly. For a deeper architecture framing, see Control Plane vs Agent Loop: A Production Architecture for Safe, Auditable Agentic Systems and also The Agent Loop Thinks. The Control Plane Decides..
Trace assertion checklist
- Does the constraint protect a real risk or policy boundary?
- Could the workflow still pass via a different (but acceptable) implementation path?
- Are you checking behavior and constraints, not incidental code shape?
- Would the assertion become stale when tools change?
- Is the assertion specific enough to be useful but broad enough to survive reasonable refactors?
If you can’t answer those confidently, rewrite the assertion around the underlying requirement—not the current tool call sequence.
How to set acceptance thresholds that support a ship decision
Direct answer: Acceptance thresholds are the rule that turns evaluation results into a decision: ship, ship with review, or do not ship.
Without thresholds, the harness produces data but not release decisions. The threshold should reflect consequence and risk tolerance. A safety-critical case should be stricter than an exploratory one.
Threshold classes (a simple but effective model)
| Threshold class | When to use it | Meaning |
|---|---|---|
| Must pass | High-risk or policy-critical cases | Failure blocks shipping |
| Pass with review | Acceptable only with explicit human oversight | Review is required before release |
| Informational | Lower-risk or exploratory cases | Useful for trend tracking, not a release gate |
Write thresholds before running the eval
One of the most helpful habits is to write thresholds before you run evaluation. That makes the harness harder to game and easier to explain later. If you adjust thresholds after you see results, your threshold becomes a justification tool instead of a decision tool.
Threshold design example
threshold:
pass_if:
- "Required policy step completed"
- "No forbidden path taken"
- "Final outcome matches policy"
review_if:
- "Policy is ambiguous"
- "Human escalation was appropriate but not fully documented"
fail_if:
- "Mandatory review was skipped"
- "Unsafe action was taken"
This structure creates three clear states—often more useful than a single numeric score for release governance.
When human review should be part of the agent eval harness
Direct answer: Human review is not a weakness. It’s the right answer for cases where policy sensitivity, ambiguity, or context limits mean you need bounded human judgment.
The key is bounded, explicit criteria. A harness should specify:
- what question the reviewer must answer
- what evidence to inspect
- what acceptable outcomes are
- what escalation rules apply
That makes review repeatable instead of personal preference.
Operating pattern: decide / escalate / stop / review
If your workflow assigns decision rights and uses explicit escalation rules, it’s often easier to implement repeatable review gates. For related guidance, see Human Review in AI Workflows: Decide, Escalate, Stop, Review and Agent Autonomy Boundaries: Decide, Escalate, Stop, and Review.
How to make review repeatable (review rubric checklist)
- Write the reviewer question. (Example: “Is the refund basis supported by policy and evidence?”)
- List required evidence. (Tool trace evidence, handoff record, policy lookup result.)
- Define acceptable outcomes. (Approve / deny / escalate with reasons.)
- Note mandatory escalation rules. (What must stop the workflow.)
- Store rubric next to the scenario and threshold. (So drift and accountability are visible.)
This prevents human review from becoming an ad hoc conversation and makes it easier to compare outcomes across time and reviewers.
How to keep the agent eval harness current as the workflow changes
Direct answer: A harness that never changes becomes stale. You should version and refresh it whenever prompts, tools, routing, or policies change.
Think of harness maintenance as part of your release process. If the workflow changed and the harness didn’t, you lose the ability to answer: “Are we still safe and acceptable to ship?”
Suggested filename recommendation: agent-eval-harness-refresh-loop.svg
Harness refresh triggers (what to review)
| Trigger | What you review | Likely harness update |
|---|---|---|
| Prompt change | Instruction wording, task framing, policy references | Revise scenarios and/or golden tasks |
| Tool change | New tools, removed tools, changed schemas/permissions | Update tool-trace assertions and evidence notes |
| Routing change | Different path selection or control logic | Adjust scenario coverage and path constraints |
| Policy change | New approvals, refusals, boundary updates | Rewrite golden tasks and thresholds |
| Production failure | What the harness missed | Add/refine scenario, golden task, trace assertion, or threshold |
Production failures as harness improvement opportunities
When a real failure happens, don’t just patch the workflow—also improve the harness. Common root causes include:
- Missing coverage (no scenario hits this boundary)
- Stale golden tasks (success criteria don’t match current policy/intent)
- Overfit trace assertions (too strict about incidental tool sequences)
- Weak thresholds (decision rules allow unacceptable outcomes)
Then update the harness so the next regression is less ambiguous.
A simple schema for an eval case (template)
Direct answer: Keep your eval case schema compact but explicit. Humans should be able to understand it quickly; tools should be able to run it consistently.
scenario: "Describe the real user intent or risk boundary"
goal:
outcome: "State the acceptable outcome shape"
required:
- "Required condition or action"
disallowed:
- "Forbidden action or unacceptable behavior"
review_notes:
- "What a reviewer should look for"
trace_assertions:
- "Important tool or escalation constraint"
- "Boundary/path constraint that must hold"
threshold:
pass_if:
- "Outcome is acceptable"
- "Required path constraint is met"
review_if:
- "Human judgment is needed"
fail_if:
- "Mandatory review was skipped"
- "Unsafe action was taken"
Why this schema helps (for AI Overviews and maintainers)
- Consistency reduces cognitive load.
- Explicit criteria reduce “did it pass?” debates.
- Separation of concerns makes it easier to diagnose which layer is failing (scenario vs goal vs trace vs threshold).
How to validate the agent eval harness itself
Direct answer: Evaluation frameworks must be evaluated. Validation ensures your harness still matches the workflow’s behavior and targeted human review.
A healthy validation loop looks for four things:
- Regression detection: does the harness catch regressions when the workflow changes?
- Agreement with human review: do humans and the harness align on representative cases?
- Gap detection: does the harness expose too-permissive criteria?
- Scenario relevance: does the scenario set still match the workflow surface (what the workflow actually does today)?
Suggested filename recommendation: agent-eval-harness-validation-loop.svg
Validation checklist questions
- What failure would still look acceptable to a casual reviewer?
- Which recent workflow change could invalidate this test?
- Which checks are stable criteria, and which are implementation details?
- Would this case still be useful if the tool implementation changed?
- Would a new teammate understand why the case exists?
How to handle variability in agent outputs (without weakening the harness)
Direct answer: Agent systems can vary in wording, tool choice, or intermediate reasoning. Your harness should judge decision-relevant behavior—not incidental prose.
To keep your agent eval harness robust while still meaningful:
- Judge outcome shape (approved/denied/escalated) and required conditions, rather than one exact text snippet.
- Use thresholds to express uncertainty (informational vs review-required) when ambiguity is expected.
- Assert path constraints selectively (where tools/ordering/escalation genuinely matter).
- Document reviewer evidence requirements so humans and automation evaluate consistently.
This keeps your harness useful as the agent improves and changes its internal execution style.
How to adapt an agent eval harness to different agent workflow types
Direct answer: The harness structure stays the same; the emphasis shifts between outcome checks, trace assertions, and review depending on workflow risk and purpose.
Customer support workflows
Support workflows often need clear escalation rules and consistent policy boundaries. A useful harness focuses on:
- when the workflow can answer directly
- when it must ask follow-up questions
- when it must escalate to a bounded human handoff
Golden tasks usually revolve around account-affecting decisions, refunds/credits, sensitive data handling, and tone-sensitive safety boundaries. To connect evaluation with bounded operation design, see AI support triage should be a bounded workflow, not an autonomous agent.
Internal operations workflows
Operational workflows often care about correct tool use, required steps, and auditability. Here, trace assertions become especially valuable because final messages may not fully reveal whether side effects (ticket creation, record updates, triggers) happened correctly.
Research or drafting assistants
Drafting workflows tend to have more acceptable variation in wording. Still, you should enforce boundaries like:
- source use expectations
- refusal behavior when claims are unsupported
- task completion requirements
In these cases, exact wording matters less than disciplined behavior and policy-respecting actions.
High-risk automations
For workflows that can produce external side effects (payments, account changes, irreversible actions), your harness should be stricter about:
- path constraints and required tool use
- escalation triggers
- clear “no-action until conditions are satisfied” defaults
The harness should follow risk: the more consequential the action, the more explicit your acceptance thresholds and escalation criteria should be.
Common mistakes teams make when building an agent eval harness
Direct answer: Most harness failures are scope and maintenance problems, not tooling problems.
| Mistake | What it looks like | Why it hurts |
|---|---|---|
| Testing only happy paths | The suite passes while edge cases break | Creates false confidence in drift conditions |
| Using exact string matching everywhere | Legitimate variation fails tests | Makes the harness brittle and noisy |
| Overfitting trace assertions | Minor refactors break the suite | Creates churn without improving signal |
| Leaving thresholds implicit | People debate whether a case passed | Release decisions become inconsistent |
| Freezing the harness | Workflow changes but tests do not | Stale coverage stops telling the truth |
| No clear owner | “Someone should update it” | The harness degrades over time |
| Confusing logs with evaluation | Observability exists, but no decisions rules | Hard to make ship/no-ship calls |
Troubleshooting: when a case fails
When something breaks, review should be layered:
- Scenario issue? Are you testing the right decision point?
- Golden task issue? Are success criteria ambiguous or outdated?
- Trace assertion issue? Is it too strict about implementation details?
- Threshold issue? Is the gating rule inconsistent with risk?
This turns failures into harness improvement work rather than random noise.
How to keep the agent eval harness readable for humans and useful for AI tooling
Direct answer: Make the harness serve two audiences: humans who need rationale and tools that need structured data.
To keep it readable:
- Use clear names and short comments.
- Place the “why this scenario exists” context near the scenario definition.
- Avoid burying meaning inside long implementation chains.
To keep it machine-friendly:
- Keep schema ordering and field presence consistent (scenario → goal → trace assertions → threshold).
- Make criteria explicit so automation can evaluate reliably.
Good principle: Describe behavior at the level where the decision is made. If the decision is about policy, describe the policy boundary. If it’s about tool execution, describe the tool requirement. If it’s about escalation, describe the escalation rule.
Quick reference: what to include in every agent eval case
| Field | Purpose | Question it answers |
|---|---|---|
| Scenario | Defines the real user intent or risk boundary | What are we testing? |
| Goal (golden task) | Describes the acceptable outcome shape | What counts as good? |
| Required conditions | Lists required facts/steps that must happen | What must be true before success? |
| Disallowed behaviors | Defines forbidden actions/paths/behaviors | What must never happen? |
| Trace assertions | Checks the path constraints through the workflow | How did it get there? |
| Threshold | Turns the evaluation into a release decision | Do we ship? |
| Review notes | Explains where human judgment is still needed | What should a reviewer do next? |
If a field doesn’t affect the evaluation decision, it probably doesn’t belong in the case.
How to use the agent eval harness for release decisions
Direct answer: Use the harness as a release gate for the scenarios that matter most. For lower-risk scenarios, use results as monitoring signals.
A common governance pattern is three buckets:
- Blocking: failure means “do not ship.”
- Review required: failure means “needs explicit human approval.”
- Informational: failure is visible but not release-blocking.
This helps you ship quickly without hiding important regressions, and it makes scenario importance explainable.
When an agent eval harness is not enough by itself
Direct answer: Sometimes you also need architecture and governance—like explicit decision rights, bounded autonomy, and control-plane protections—to prevent unsafe actions from executing.
Evaluation tells you whether behavior meets criteria. Architecture ensures those criteria can be enforced cleanly. If your workflow has outgrown a simple prompt-and-loop design, consider whether the system needs a stronger structure.
To explore the “ceiling” concept for loop-based agent systems, see The Agent Loop Ceiling: When LLM Agents Need More Than a Prompt, Tools, and a While Loop.
To connect harnessing to decision ownership, see Agentic AI Operating Model: Assign Decision Rights Before You Add Autonomy.
Implementation notes (if you already have logs and tests)
Direct answer: You don’t need to throw away existing logs or tests. An agent eval harness complements them.
Here’s how to integrate smoothly:
- Logs remain valuable for debugging and incident investigation.
- Unit tests remain useful for deterministic components.
- Agent eval harness covers ambiguous, policy-sensitive, and path-sensitive behavior that logs/unit tests alone can struggle to standardize.
A migration strategy that often works well is:
- Turn manually reviewed cases into explicit scenarios.
- Add golden tasks for outcome shape and disallowed behavior.
- Add tool-trace assertions for path constraints.
- Add thresholds to convert evaluation into release decisions.
Over time, your harness becomes the standard reference for decisions that used to be handled in meetings or comments.
What a strong agent eval harness gives you in practice
Direct answer: It improves reliability of shipping decisions by reducing ambiguity and making regressions attributable to specific harness layers.
Common tangible benefits include:
- Clearer expectations for what “good” behavior means.
- Faster review because criteria are written down.
- Better regression triage because failures map to scenario/goal/trace/threshold layers.
- More consistent ship/no-ship decisions across time.
- Alignment between workflow design and evaluation design.
The biggest benefit is often not a higher score—it’s less ambiguity. Teams that know what they measure can improve workflows more safely.
Recommended image alt text, captions, and filename conventions
Direct answer: Keep alt text concise and descriptive, captions specific, and filenames based on the concept—not a random hash.
For the diagrams included in this article, use:
- Core model diagram: agent-eval-harness-four-part-bundle.svg
- Workflow refresh diagram: agent-eval-harness-refresh-loop.svg
- Validation loop diagram: agent-eval-harness-validation-loop.svg
Alt text best practices applied here
- Alt text explains what the figure shows and why it matters for evaluation/decisions.
- Captions summarize the relationship between components (scenarios → golden tasks → trace assertions → thresholds).
- No keyword stuffing; descriptions remain natural and informative.
Conclusion: build the agent eval harness with the workflow, not after it
Direct answer: The best way to think about an agent eval harness is as a production artifact that stays aligned with the workflow it evaluates.
It is not a post-launch checklist. It is not a one-time benchmark run. It’s a living specification composed of:
- scenarios (what real situations you protect)
- golden tasks (what acceptable outcomes are)
- tool-trace assertions (what execution-path constraints must hold)
- acceptance thresholds (how you decide ship vs no-ship)
If you keep the harness aligned with the workflow, you can ship with more confidence. If you let the workflow evolve without updating the harness, the suite will become stale and stop telling the truth.
Practical lesson:
- Define the scenarios that matter.
- Write golden tasks that specify acceptable outcome shape.
- Add trace checks for the path constraints that matter.
- Set thresholds before you evaluate.
- Refresh the agent eval harness whenever the workflow changes.
That’s how your evaluation becomes robust to workflow drift—and useful for decision-making in real agentic systems.
FAQ: agent eval harness questions
Is an agent eval harness the same as a benchmark?
No. A benchmark compares systems or measures broad capability. An agent eval harness is tailored to a specific agent workflow and is used to make shipping decisions based on scenario-specific criteria.
Do I need tool-trace assertions for every scenario?
No. Add trace checks where the path matters (required tools, order, forbidden actions, escalation boundaries). If outcome correctness doesn’t depend on tool/path constraints, trace assertions may add overhead without improving signal.
Can I use exact string matching at all?
Yes, sometimes. Exact matching can work when outputs are highly constrained (for example, strict structured outputs required by downstream systems). For open-ended agent behavior, rely primarily on outcome shape and decision-relevant constraints.
What if reviewers disagree on golden task outcomes?
Disagreement usually means your criteria are too vague. Tighten scenario framing, make golden task outcome shape more explicit, and use threshold classes (blocking vs review-required) to separate “must be correct” from “needs judgment.”
How often should I update the agent eval harness?
Update whenever the workflow changes in a way that affects behavior, routing, tools, or policy boundaries. A harness should evolve with the workflow, not lag behind it.
What is the simplest way to start building an agent eval harness?
Pick one high-value workflow, write a handful of scenarios that represent real decision points, define golden tasks for acceptable outcomes, add the one or two trace constraints that matter most, and set clear pass/review/fail thresholds.
