LLM features do not fail in production the same way traditional code does. A unit test may pass while the user experience still degrades because a prompt changed tone, a model update shifted output structure, a retrieval layer introduced lower-quality context, or a new safety rule blocked previously valid responses. This guide shows how to build an LLM evaluation pipeline for CI/CD that catches those regressions early. You will get a practical workflow for creating golden datasets, versioning prompts and model settings, running automated prompt testing in CI, scoring results with a mix of deterministic and model-based checks, and deciding what should block deployment versus what should only raise an alert.
Overview
An effective LLM evaluation pipeline is less about finding one perfect metric and more about creating a repeatable system. The goal is to detect meaningful change before it reaches users. In software terms, you are building regression protection for behavior that is partly probabilistic, partly prompt-driven, and often dependent on external context.
For most teams, an evaluation pipeline should answer five questions:
- Did the model return the right kind of output?
- Did it follow formatting and schema requirements?
- Did quality improve, hold steady, or regress on representative tasks?
- Did cost, latency, or token usage move outside acceptable limits?
- Should this change block a release, trigger review, or simply be logged?
That means your pipeline needs more than one test type. A practical LLM eval in CI usually combines:
- Deterministic checks for JSON validity, required fields, citations, tool calls, and policy constraints
- Golden dataset comparisons against known tasks and expected behaviors
- Heuristic scoring for overlap, exact match, keyword coverage, or rule-based assertions
- Model-based scoring for nuanced criteria such as relevance, groundedness, completeness, and tone
- Operational checks for latency, token count, retry rate, and cost ceilings
If your application uses retrieval, tool use, or structured outputs, your test plan should cover those layers separately as well as end to end. For related production considerations, it helps to pair this workflow with a metric framework such as Prompt Evaluation Metrics That Actually Matter in Production and prompt change controls like Prompt Versioning Best Practices for Teams Building Production AI Apps.
A useful mental model is to treat LLM evaluation as a test pyramid:
- At the base: fast deterministic checks that run on every pull request
- In the middle: curated regression suites on golden examples
- At the top: slower scenario tests, human review, and periodic benchmark refreshes
This keeps CI reliable and affordable while still protecting the parts of the system that matter.
Step-by-step workflow
Here is a practical process you can adopt and refine as your stack evolves.
1. Define what “good” means for each task
Start by breaking your application into task types rather than testing “the chatbot” as one unit. Common task types include classification, extraction, summarization, question answering, customer support drafting, code generation, and RAG-based response generation.
For each task, write down:
- The input shape
- The expected output shape
- The failure modes you care about
- The minimum acceptable quality threshold
- Any hard requirements such as policy compliance or schema validity
For example, a support summarization workflow might require:
- A valid JSON object
- Fields named
summary,sentiment, andaction_items - No fabricated refund promises
- A maximum latency target
- At least one action item when the customer requests follow-up
This is the foundation of prompt regression testing. Without explicit requirements, teams end up debating style instead of measuring delivery risk.
2. Build a golden dataset that reflects real usage
Your golden dataset is the set of examples you trust enough to test repeatedly. It should be small enough to run often and broad enough to expose regressions. Good eval datasets usually include:
- Typical cases that represent common traffic
- Edge cases that often break prompts
- Adversarial or ambiguous cases
- Known historical failures
- Policy-sensitive inputs
Each record should capture more than just the user prompt. Store the full test context where relevant:
- System prompt version
- User input
- Retrieved context, if any
- Tool outputs, if any
- Expected schema or label
- Scoring rubric
- Metadata such as domain, language, or difficulty
For RAG workflows, store retrieval inputs and retrieved passages separately. That lets you tell the difference between a retrieval regression and a generation regression. If you are tuning retrieval itself, related reading includes Embedding Model Comparison for Semantic Search and RAG and RAG Chunking Strategies Compared: Token Size, Overlap, and Retrieval Performance.
A common mistake is to make the golden set too large too early. Start with a compact core set that runs on every pull request, then maintain a larger nightly or pre-release suite.
3. Version everything that can change
In LLM systems, quality can shift when any of the following changes:
- Prompt text
- Model provider or model version
- Sampling settings
- Context assembly logic
- Retrieval index or chunking strategy
- Tool definitions and tool routing
- Output schema rules
To make CI results meaningful, version these inputs explicitly. At minimum, track:
- Prompt template ID and revision
- Model name
- Temperature and top-p settings
- Max tokens
- Evaluation dataset version
- Scorer version
This becomes especially important when using structured outputs. If your tests depend on JSON conformance, align them with provider-specific behavior and schema handling, as discussed in JSON Mode and Structured Output Support Across LLM APIs.
4. Separate deterministic tests from subjective scoring
Not every check needs an LLM judge. In fact, the cheapest and most stable tests are often deterministic. Use them first.
Examples of deterministic checks:
- Valid JSON parses successfully
- All required fields exist
- No forbidden phrases appear
- Output length stays within a range
- Classification label matches one of the allowed values
- Reference IDs in the answer map to retrieved documents
Examples of subjective or semantic checks:
- Is the answer relevant to the user query?
- Does the summary preserve the important facts?
- Is the tone appropriate for the task?
- Did the response stay grounded in provided context?
Use deterministic checks as release gates where possible. Use model-based scoring for deeper quality signals and trend monitoring.
5. Create scorecards, not a single score
LLM systems often look better on one metric while getting worse on another. A shorter answer may improve latency but miss key facts. A stricter prompt may reduce hallucinations but lower helpfulness.
Instead of collapsing everything into one number, create a scorecard per task:
- Correctness: exact match, rubric score, or label accuracy
- Format compliance: schema pass rate
- Groundedness: citation support or context faithfulness
- Safety: policy adherence checks
- Latency: median and p95
- Cost: average token use or estimated request cost
Then define thresholds by metric. For example:
- Block deployment if schema pass rate drops below 99%
- Require review if groundedness drops more than a set margin
- Alert only if cost rises modestly but quality improves
This framing is much more actionable than arguing over an aggregate score.
6. Run fast evals in pull requests and broader evals on a schedule
A practical AI CI CD testing setup usually has multiple lanes:
- PR checks: small core regression suite, deterministic assertions, and limited scoring
- Merge or staging checks: larger golden set and side-by-side comparison against the current baseline
- Nightly or weekly runs: expanded scenario coverage, drift checks, and cost analysis
Fast PR checks help developers move quickly. Scheduled runs catch issues that are too expensive or slow for every commit.
When possible, compare the proposed change against a frozen baseline rather than a vague threshold. That makes regressions easier to interpret. If a prompt update improves extraction accuracy but worsens output style slightly, reviewers can make an informed tradeoff.
7. Add human review where automation is weak
Automated prompt testing is useful, but some tasks still benefit from human judgment, especially when outputs are creative, strategic, or customer-facing. The goal is not to put humans back in every release. It is to reserve review for cases where automated signals are inconclusive or where business risk is high.
A simple approach:
- Auto-approve low-risk changes that pass deterministic checks and stay within score thresholds
- Route borderline changes to reviewer queues
- Require manual review for policy-sensitive or high-impact prompts
Keep review rubrics short. Reviewers should score the exact dimensions the pipeline uses so automated and manual evaluation stay aligned.
8. Feed production failures back into the dataset
The best eval sets come from real incidents. Every time a user report, support escalation, or monitoring alert uncovers a weakness, convert that case into a regression test. This is what keeps the pipeline useful over time.
Examples of cases worth promoting into the golden set:
- A prompt that broke after a model upgrade
- A retrieval miss caused by a chunking change
- A malformed tool argument
- A response that passed style checks but omitted the key answer
- An output that became too long and exceeded downstream limits
Over time, this creates a living eval framework rather than a one-time benchmark.
Tools and handoffs
The tooling matters less than the interfaces between stages. A durable LLM evaluation pipeline usually includes the following handoffs.
Prompt and app layer
This is your application logic: prompt templates, retrieval orchestration, tool definitions, and response formatting. Treat prompts as code. Store them in version control, review them in pull requests, and tie them to app releases.
Dataset layer
Your eval dataset should live in a format your team can edit and diff comfortably, such as JSON, YAML, or a table synced to a repository. The key is repeatability. Each test case should be executable without guesswork.
Runner layer
The runner executes the test suite against a chosen model and prompt version. It should collect raw outputs, metadata, timing, retries, and token usage. Even a simple script is fine if it is deterministic and logged well.
Scoring layer
The scoring stage evaluates outputs using deterministic assertions, heuristics, and optional LLM-as-judge prompts. Keep scorers versioned, because the evaluation logic itself can drift.
CI layer
Your CI system should decide what happens next:
- Pass the build
- Fail the build
- Post a comment with score diffs
- Open a review task for humans
- Store artifacts for later inspection
Be careful with provider limits and runtime costs when running evals in shared pipelines. If your test volume grows, rate limiting and quota behavior become operational concerns. Planning around that is easier if you understand current provider constraints and differences, such as those covered in LLM API Rate Limits by Provider and OpenAI vs Anthropic vs Gemini API Pricing and Context Window Comparison.
Reporting layer
Do not stop at pass or fail. Save outputs, scores, and diffs so developers can inspect what changed. The fastest way to make evals unpopular is to fail a build without showing examples.
A practical report usually includes:
- Changed metrics by task
- Worst-regressed examples
- Schema failures
- Latency and token deltas
- Links to raw outputs
This turns evaluation into a developer workflow rather than a black box gate.
Quality checks
To keep your pipeline trustworthy, validate the evaluation process itself.
Check for dataset bias and overfitting
If the same few examples run forever, teams start optimizing to the test set rather than the user experience. Rotate in fresh samples, keep a hidden holdout set for periodic review, and make sure your golden dataset reflects current traffic patterns.
Check scorer reliability
Model-based evaluators can be useful, but they are not perfectly stable. Reduce noise by:
- Using explicit rubrics
- Scoring discrete criteria instead of vague impressions
- Keeping evaluation prompts versioned
- Spot-checking scorer output with human review
- Using deterministic checks whenever possible
If a judge model is too volatile for CI gating, demote it to an advisory metric and rely on stronger deterministic release criteria.
Check baseline quality after major platform changes
Provider updates, model swaps, context window changes, and structured output features can all alter behavior. When those platform features change, re-baseline your results instead of assuming historical thresholds remain valid. This is especially important in LLM app development, where a vendor-side update can affect quality even if your code did not change.
Check for hidden cost regressions
One prompt edit can increase token usage significantly. Your eval pipeline should capture input tokens, output tokens, retries, and fallback path frequency. Quality gains that double costs may still be worth it, but only if the team sees the tradeoff.
Check retrieval and generation separately in RAG systems
When a RAG answer gets worse, the issue may be the retriever, the chunking, the ranking, the prompt, or the answer synthesis. Split your tests where you can:
- Retrieval recall or relevance checks
- Context assembly validation
- Answer groundedness checks
- End-to-end user outcome checks
That separation makes failures easier to debug and reduces time spent blaming the wrong layer. If model selection is part of the issue, you may also want a side-by-side review process informed by guides such as Best Models for RAG in 2026.
When to revisit
An LLM evaluation pipeline is not a one-time setup. It should be updated whenever the underlying inputs, risks, or product goals change. Revisit your pipeline when:
- You change models, providers, or major model settings
- You revise core prompts or system instructions
- You add tools, function calling, or structured output requirements
- You modify retrieval, chunking, or embedding strategy
- You expand into new domains, languages, or customer segments
- You see repeated production incidents the current evals missed
- You introduce stricter latency or cost targets
A simple maintenance routine works well:
- Review failed and borderline test cases every sprint or release cycle
- Promote real production failures into the regression set
- Retire stale cases that no longer reflect user behavior
- Revalidate scoring rubrics after major platform or prompt changes
- Audit thresholds quarterly so they reflect current business risk
If you are implementing this from scratch, start small. Build one core dataset, one deterministic test layer, one basic scorecard, and one CI gate tied to a real deployment decision. Then expand only after the first version is trusted by developers. The best LLM evaluation pipeline is the one your team actually uses on every meaningful change.
In practice, that means your next action should be concrete: choose one production workflow, define its pass-fail requirements, collect 25 to 50 representative examples, version the prompt and model settings, and wire a compact regression suite into your pull request pipeline. Once that is stable, add broader automated prompt testing, side-by-side comparisons, and scheduled evaluations. That sequence keeps the process update-friendly and resilient as tools evolve.