The latest articles on DEV Community by Yui Kato (@okssusucha). https://dev.to/okssusucha https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3976784%2F93f6921b-71ae-4db7-8b6e-2db4b2b53afb.jpg https://dev.to/okssusucha en Yui Kato Wed, 10 Jun 2026 02:13:28 +0000 https://dev.to/okssusucha/gate-your-llm-app-in-ci-prompt-regression-testing-agent-trace-policies-with-llm-canary-33fn https://dev.to/okssusucha/gate-your-llm-app-in-ci-prompt-regression-testing-agent-trace-policies-with-llm-canary-33fn <h2> The silent regression problem </h2> <p>If you ship an LLM-powered app, you've probably lived this:</p> <ul> <li>A one-line system prompt tweak silently breaks your JSON output format</li> <li>A RAG pipeline change makes the bot answer questions it should refuse</li> <li>A model swap keeps answers correct but doubles your token bill</li> </ul> <p>Nothing in a normal CI pipeline catches any of this. The code compiles, the types check, the unit tests pass — and the <em>behavior</em> of your AI has changed. You find out from a customer complaint.</p> <p>I built <strong><a href="https://github.com/okssusucha/llm-canary" rel="noopener noreferrer">llm-canary</a></strong> to fix that: a regression canary that fails your build when your LLM app drifts. Like the canary in a coal mine, it falls over before your users do.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>llm-canary llm-canary init <span class="o">&amp;&amp;</span> llm-canary run canary.yaml <span class="c"># works immediately, zero API keys</span> </code></pre> </div> <h2> Declarative test suites </h2> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">support-bot</span> <span class="na">providers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">openai</span> <span class="na">model</span><span class="pi">:</span> <span class="s">gpt-4o-mini</span> <span class="na">cases</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">refund-policy</span> <span class="na">prompt</span><span class="pi">:</span> <span class="s2">"</span><span class="s">A</span><span class="nv"> </span><span class="s">customer</span><span class="nv"> </span><span class="s">asks:</span><span class="nv"> </span><span class="s">can</span><span class="nv"> </span><span class="s">I</span><span class="nv"> </span><span class="s">get</span><span class="nv"> </span><span class="s">a</span><span class="nv"> </span><span class="s">refund</span><span class="nv"> </span><span class="s">for</span><span class="nv"> </span><span class="s">a</span><span class="nv"> </span><span class="s">keyboard</span><span class="nv"> </span><span class="s">bought</span><span class="nv"> </span><span class="s">2</span><span class="nv"> </span><span class="s">weeks</span><span class="nv"> </span><span class="s">ago?"</span> <span class="na">assertions</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">type</span><span class="pi">:</span> <span class="s">contains</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">30</span><span class="nv"> </span><span class="s">days"</span> <span class="pi">-</span> <span class="na">type</span><span class="pi">:</span> <span class="s">json_schema</span> <span class="na">value</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">type</span><span class="pi">:</span> <span class="nv">object</span><span class="pi">,</span> <span class="nv">required</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">eligible</span><span class="pi">]}</span> <span class="pi">-</span> <span class="na">type</span><span class="pi">:</span> <span class="s">judge</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Politely</span><span class="nv"> </span><span class="s">explains</span><span class="nv"> </span><span class="s">the</span><span class="nv"> </span><span class="s">refund</span><span class="nv"> </span><span class="s">policy"</span> <span class="pi">-</span> <span class="na">type</span><span class="pi">:</span> <span class="s">max_cost_usd</span> <span class="na">value</span><span class="pi">:</span> <span class="m">0.01</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>llm-canary run suite.yaml <span class="c"># exit 0 on green, 1 on failures — drop it in CI</span> </code></pre> </div> <p>11 assertion types: substrings, regex, JSON Schema, semantic similarity, LLM-as-judge, latency/cost/token budgets. A <code>matrix:</code> key expands one case into a cartesian product (angry customer × 3 languages, etc.).</p> <h2> Regression detection without golden answers </h2> <p>LLM output isn't byte-stable, so snapshot tests don't work. Instead:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>llm-canary record suite.yaml <span class="c"># snapshot today's outputs as the baseline</span> llm-canary check suite.yaml <span class="c"># fail when meaning drifts or cost jumps</span> </code></pre> </div> <p><code>check</code> compares against the baseline with semantic similarity and a cost-drift threshold. No hand-written expected answers — just "tell me when it changed more than I allowed."</p> <h2> Agent traces: test what the agent <em>did</em>, not just what it said </h2> <p>LLM apps act now — they call tools, query databases, post to Slack. The risk moved from "what did the model say" to "what did the agent do". llm-canary gates a JSONL action log against a policy:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># policy.yaml</span> <span class="na">max_steps</span><span class="pi">:</span> <span class="m">10</span> <span class="na">max_cost_usd</span><span class="pi">:</span> <span class="m">0.05</span> <span class="na">forbidden_tools</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">delete_records</span><span class="pi">,</span> <span class="nv">send_email</span><span class="pi">]</span> <span class="na">required_order</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">query_sales_db</span><span class="pi">,</span> <span class="nv">post_slack</span><span class="pi">]</span> <span class="c1"># read before you post</span> <span class="na">max_tool_repeats</span><span class="pi">:</span> <span class="m">3</span> <span class="c1"># catch runaway loops</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>llm-canary trace trace.jsonl <span class="nt">--policy</span> policy.yaml </code></pre> </div> <p>Emit one JSON line per agent step from whatever framework you use, and the canary enforces the contract in CI.</p> <h2> Test YOUR bot, not the raw model </h2> <p>A canary is only meaningful if the thing you change — your system prompt, your RAG pipeline, your pre/post-processing — is on the tested execution path. Sending test prompts straight to the OpenAI API tests <em>the model</em>, not <em>your app</em>.</p> <p>So llm-canary can put your real application under test, however it's built:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">providers</span><span class="pi">:</span> <span class="c1"># anything executable — stdout is the reply</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">command</span> <span class="na">options</span><span class="pi">:</span> <span class="na">cmd</span><span class="pi">:</span> <span class="s2">"</span><span class="s">python</span><span class="nv"> </span><span class="s">my_bot.py</span><span class="nv"> </span><span class="s">--ask</span><span class="nv"> </span><span class="s">{prompt}"</span> <span class="c1"># anything with an HTTP API</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">http</span> <span class="na">options</span><span class="pi">:</span> <span class="na">url</span><span class="pi">:</span> <span class="s">http://localhost:8000/chat</span> <span class="na">body</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">message</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{prompt}"</span><span class="pi">}</span> <span class="na">response_path</span><span class="pi">:</span> <span class="s">reply.text</span> </code></pre> </div> <p>In CI: boot your bot, point the canary at it.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="pi">-</span> <span class="na">run</span><span class="pi">:</span> <span class="s">docker compose up -d my-chatbot</span> <span class="pi">-</span> <span class="na">run</span><span class="pi">:</span> <span class="s">llm-canary run suite.yaml</span> </code></pre> </div> <h2> Self-hosted eval server </h2> <p><code>llm-canary serve</code> runs a small FastAPI service inside your own infra: run history, a dashboard, and team-shared baselines in a local SQLite file. Your prompts and agent logs never leave your network — useful if you can't ship eval data to a SaaS.</p> <h2> How it compares </h2> <p>promptfoo and DeepEval are excellent and more mature for prompt evaluation. llm-canary's niche is the combination of <strong>agent-trace policy gates</strong>, <strong>baseline regression without golden answers</strong>, and a <strong>fully self-hosted history server</strong> — all MIT-licensed, no SaaS upsell.</p> <p>Repo: <a href="https://github.com/okssusucha/llm-canary" rel="noopener noreferrer">https://github.com/okssusucha/llm-canary</a> — issues and PRs welcome, in English or Japanese.</p> opensource