Evaluating Agent Workflows with Traces, Feedback, Human Labels, and LLM Judges

Tue Jul 14 2026

David Bleeker, Founder

AI engineering team reviewing agent traces, user feedback, and evaluation scores in a workshop setting.

Introduction / Context

Teams usually hit the same problem after the first agent demo that seems promising: the system works often enough to matter, but not consistently enough to trust. The failure is rarely one bad answer. More often, the workflow breaks across retrieval, tool use, planning, handoffs, latency, and user expectations.

That makes evaluation harder than classic model benchmarking. You are not just asking whether one output is good. You are asking whether a multi-step system behaved correctly, safely, efficiently, and predictably under realistic load.

The practical answer is not one metric or one source of truth. Agent teams need an evaluation stack with four inputs:

  • traces to reconstruct what happened
  • user feedback to capture real-world dissatisfaction and success signals
  • human labels to define ground truth on the cases that matter
  • LLM judges to scale comparative and rubric-based review

Each input covers a different kind of failure. Traces explain. Feedback helps you decide what to inspect first. Human labels calibrate. LLM judges expand coverage.

The mistake is to treat these as substitutes. They are complements. If a team uses only traces, it gets observability without a quality judgment. If it uses only thumbs-up signals, it gets noisy product sentiment without root cause. If it relies only on LLM judges, it risks automating its own bias.

The Question

How should teams evaluate agent workflows using traces, user feedback, human labels, and LLM judges?

A serious answer has to deal with three constraints.

First, agent behavior is path-dependent. Two runs can produce similar final outputs through very different internal decisions. Output-only evaluation will miss a lot of defects.

Second, production data is messy. Users do not file bug reports in tidy fields. They complain in chat, abandon tasks quietly, or retry until the workflow happens to succeed.

Third, evaluation has to fit an engineering loop. If the process is expensive, slow, or detached from deployment, it turns into a one-off audit instead of an operating practice.

So the real question is how to build a system that is cheap enough to run continuously, rigorous enough to inform roadmap decisions, and legible enough that engineers can act on it.

The Answer

Teams should evaluate agent workflows as a layered pipeline:

  1. Capture full execution traces for every production run.
  2. Extract user feedback signals from conversations and product events.
  3. Create a reviewed evaluation set with human labels for high-value tasks and known edge cases.
  4. Use LLM judges on top of the labeled framework, not instead of it.
  5. Join all four into a single evaluation record keyed by task, run, and version.

This is less tidy than a single score, but much more useful.

1. Start with traces, because you need replayable evidence

For agents, the final message is not enough. You want a trace that can answer questions like:

  • Which prompt version was used?
  • Which tools were called and with what arguments?
  • What documents were retrieved?
  • Where did latency accumulate?
  • Did the planner branch or retry?
  • Did guardrails intervene?
  • What state was handed from one step to the next?

A concrete recommendation is to treat the trace as the primary key for evaluation. Every later artifact should attach to a trace or trace segment. That includes user complaints, human annotations, and judge outputs.

Low-cost trace collection matters because teams otherwise sample too aggressively and lose the long tail. A defect that shows up in 0.5% of runs can still dominate support cost if the workflow is business-critical. Cheap observability changes what you can afford to retain and analyze.

2. Use feedback extraction to turn messy user interactions into review queues

Explicit user ratings are sparse. Most users do not click thumbs-down. But they do reveal friction in language and behavior:

  • “That is not what I asked.”
  • “Why did it email the wrong person?”
  • repeated reformulations
  • immediate abandonment after a tool action
  • escalation to a human
  • copy-pasting corrected data back into the workflow

These signals should not become quality labels automatically. They should become prioritization signals.

That distinction matters. Feedback tells you where to look, not what the truth is. A user can be wrong about policy or dislike a correct refusal. Still, extracted feedback is one of the best ways to find high-impact slices that your benchmark missed.

A good team will segment feedback by workflow stage. Complaints about a “wrong answer” often start with retrieval mismatch, stale business rules, or a tool side effect that never surfaced in the final answer. If the trace schema is good, you can route each complaint to a likely subsystem.

3. Build a human-labeled set around business decisions, not generic correctness

Human labels are expensive. Use them where ambiguity and business risk are highest.

Good labeled tasks often include:

  • tool invocation correctness
  • policy compliance for approvals, refunds, or security-sensitive actions
  • factual grounding against authoritative documents
  • task completion according to a structured acceptance checklist
  • severity of error, not just binary pass/fail

This is where many teams underinvest in label design. They ask reviewers, “Was this output good?” and get low agreement. A better approach is to break the rubric into observable criteria:

  • Did the agent choose the correct tool?
  • Did it provide all required fields?
  • Was any fabricated claim presented as fact?
  • Did it violate a business rule?
  • Did the run require unnecessary retries?

You can still roll these up into a score later. But the atomic labels are what make debugging possible.

A useful pattern is to maintain three labeled datasets:

  • golden set: stable regression cases used on every release
  • recent incident set: examples from support, feedback extraction, and production traces
  • exploration set: newly sampled edge cases from high-variance traffic slices

This keeps evaluation from drifting toward either lab neatness or production chaos.

4. Use LLM judges to scale review, but only after calibration

LLM judges are practical when used for bounded tasks:

  • pairwise comparison between baseline and candidate outputs
  • rubric scoring with explicit criteria
  • extraction of structured defects from a trace or transcript
  • triage of which runs likely need human review

They are less reliable as a replacement for human judgment in high-risk cases. They can over-reward style, miss subtle policy issues, or share the same flawed assumptions that produced the output.

The right way to use judges is calibration first.

  • Run the judge on a human-labeled sample.
  • Measure agreement by criterion, not just final score.
  • Track drift when the judge model changes.
  • Look for systematic disagreement on specific classes, such as refusals, compliance, or tool-side effects.

One useful detail: a judge often performs better when it sees selected trace fields, not just the final response. If the rubric includes “used the correct tool” or “cited retrieved evidence,” the judge needs those artifacts. Output-only judging is usually too lossy for agent workflows.

5. Join everything into one evaluation record

The operational unit should be an evaluation record like this:

  • task_id
  • run_id / trace_id
  • agent version
  • prompt version
  • tool versions
  • user feedback signals
  • human labels by criterion
  • LLM judge scores by criterion
  • production outcome signals such as completion, latency, retries, escalation

That enables analysis like:

  • regressions after a prompt change
  • failures concentrated in one tool integration
  • disagreement between humans and judges on compliance
  • user dissatisfaction that correlates with long retrieval chains
  • high completion rate but poor user sentiment due to verbose answers

Without this joined record, evaluation breaks into dashboards that do not explain each other.

Architecture / Implementation Guidance

A concrete architecture recommendation is to build evaluation as a sidecar pipeline around the agent platform, not as logic buried inside the application service.

Recommended architecture

Runtime path

  1. Agent run emits structured trace events.
  2. Events are stored in an observability backend.
  3. Product events and conversation transcripts are linked to the same run identifier.

Evaluation path

  1. A feedback extractor scans conversations and events to identify likely dissatisfaction, success, or escalation.
  2. A sampler selects runs for review using business rules and uncertainty heuristics.
  3. Human reviewers label selected runs using a criterion-based rubric.
  4. LLM judges score the same runs and optionally a larger unlabeled pool.
  5. An evaluator service computes aggregate metrics and writes results to a warehouse or analytics store.
  6. CI/CD gates query the latest regression metrics before deployment.

This separation has two benefits. Runtime latency is not affected by evaluation work. And you can change rubrics, judges, and sampling logic without redeploying the agent.

Suggested data model

Use append-only event tables plus derived materialized views.

Core tables:

  • agent_runs
  • trace_events
  • conversation_messages
  • user_feedback_signals
  • human_labels
  • llm_judge_results
  • eval_aggregates

Store raw trace payloads, but also normalize a few fields aggressively:

  • tool_name
  • tool_call_status
  • retrieved_doc_ids
  • latency_ms
  • retry_count
  • guardrail_action
  • model_name
  • prompt_version

That normalization makes cross-run analysis much easier. It also prevents a common failure where every workflow logs slightly different JSON and nobody can query failures by category.

Sampling strategy

Do not sample uniformly.

Use a blend of:

  • random baseline sampling for unbiased monitoring
  • risk-based sampling for expensive or irreversible actions
  • feedback-triggered sampling for likely failures
  • novelty sampling for new prompts, tools, or user cohorts
  • disagreement sampling where judge confidence is low or judge/human mismatch is high

This gives you coverage without spending label budget on obvious successes.

Metrics that are actually useful

Avoid a single top-line “agent quality score.” It compresses away too much.

Track at least:

  • task success rate by workflow type
  • tool correctness rate
  • groundedness or citation correctness where applicable
  • policy compliance rate
  • median and p95 latency
  • retry rate and loop rate
  • escalation rate
  • user dissatisfaction rate
  • human/judge agreement rate
  • regression delta by version

For management reporting, roll these into a small scorecard. For engineering, keep the per-criterion detail.

Tradeoffs and failure modes

Trace-heavy systems create storage and privacy pressure. If you log everything, you may retain sensitive content you do not need. Redaction and field-level retention rules belong in the architecture from the start.

Feedback extraction can confuse frustration with failure. A user may dislike a safe refusal or express anger unrelated to quality. Treat extracted feedback as a routing signal, not a truth label.

Human labels drift. Reviewers pick up changing norms, shortcuts, or local interpretations of policy. You need calibration sessions and inter-rater agreement checks.

LLM judges can become stale. If the product style or policy changes, old judge prompts will score the wrong behavior. Version your judges like code.

Metrics can be gamed by prompt changes. Teams sometimes improve judge-visible formatting while underlying task completion does not improve. This is another reason to inspect traces and business outcomes together.

Evaluation can bias toward easy-to-measure tasks. Hard but high-value workflows often remain under-labeled because they are ambiguous. Engineering and product leadership need to budget for those cases explicitly.

Code Snippets

A minimal implementation starts with a canonical evaluation record. The exact storage layer does not matter as much as keeping identifiers stable across traces, labels, and judges.

from dataclasses import dataclass, field
from typing import Any, Dict, List, Optional
from datetime import datetime
@dataclass
class EvalRecord:
task_id: str
run_id: str
trace_id: str
agent_version: str
prompt_version: str
model_name: str
tool_versions: Dict[str, str]
started_at: datetime
latency_ms: int
retry_count: int
user_feedback_signals: Dict[str, Any] = field(default_factory=dict)
human_labels: Dict[str, Any] = field(default_factory=dict)
llm_judge_scores: Dict[str, Any] = field(default_factory=dict)
production_outcomes: Dict[str, Any] = field(default_factory=dict)
def should_queue_for_human_review(record: EvalRecord) -> bool:
if record.production_outcomes.get("escalated_to_human"):
return True
if record.user_feedback_signals.get("negative_sentiment", 0) > 0.8:
return True
if record.retry_count >= 3:
return True
if record.llm_judge_scores.get("policy_compliance_confidence", 1.0) < 0.6:
return True
return False

The next step is to score a run using both trace-aware features and a rubric-oriented judge prompt. Even if you use an existing evaluation tool, this pattern is worth preserving.

import json
JUDGE_RUBRIC = {
"criteria": [
{
"name": "tool_correctness",
"question": "Did the agent choose and call the correct tool for the task?",
"scale": [0, 1]
},
{
"name": "groundedness",
"question": "Are factual claims supported by retrieved evidence or tool outputs?",
"scale": [0, 1]
},
{
"name": "policy_compliance",
"question": "Did the run comply with the stated policy and avoid disallowed actions?",
"scale": [0, 1]
},
{
"name": "task_completion",
"question": "Did the run complete the user's task with the required fields and actions?",
"scale": [0, 1]
}
]
}
def build_judge_input(trace_summary: dict, final_output: str, policy_text: str) -> str:
payload = {
"rubric": JUDGE_RUBRIC,
"trace_summary": {
"tool_calls": trace_summary.get("tool_calls", []),
"retrieved_docs": trace_summary.get("retrieved_docs", []),
"guardrail_actions": trace_summary.get("guardrail_actions", []),
"retries": trace_summary.get("retries", 0),
},
"final_output": final_output,
"policy": policy_text,
"instructions": (
"Return strict JSON with a score per criterion and short evidence. "
"Do not infer facts not present in the trace summary or output."
)
}
return json.dumps(payload)

A warehouse query can then combine outcome, feedback, and labels for regression checks.

SELECT
agent_version,
prompt_version,
COUNT(*) AS runs,
AVG(CASE WHEN human_labels->>'task_completion' = '1' THEN 1 ELSE 0 END) AS human_task_success,
AVG(CAST(llm_judge_scores->>'policy_compliance' AS FLOAT)) AS judge_policy_score,
AVG(CASE WHEN user_feedback_signals->>'negative' = 'true' THEN 1 ELSE 0 END) AS negative_feedback_rate,
PERCENTILE_CONT(0.95) WITHIN GROUP (ORDER BY latency_ms) AS p95_latency_ms
FROM eval_records
WHERE started_at >= NOW() - INTERVAL '7 days'
GROUP BY agent_version, prompt_version
ORDER BY runs DESC;

One practical note: keep the judge prompt and rubric under version control. Store a judge_version on every result. If your metrics move after changing the judge, you need to know whether the product changed or the evaluator changed.

Key Takeaways

Evaluation for agent workflows should be built as a joined system, not a set of isolated checks.

  • Traces are the evidence layer. Without them, failure analysis is guesswork.
  • User feedback is the prioritization layer. It tells you where production pain is showing up.
  • Human labels are the calibration layer. They define what correct means for your business.
  • LLM judges are the scaling layer. They help cover more surface area after calibration.

The implementation detail that matters most is the shared identifier across all four layers. If traces, conversations, labels, and judge outputs cannot be linked reliably, the system turns into disconnected anecdotes.

The engineering risk to watch is false confidence. A polished dashboard can hide weak label design, uncalibrated judges, or traces that omit the decisive step. Reliability comes from overlap between methods. When the four signals disagree, that is usually where the useful work is.

For teams moving from demos to measurable operations, the best next step is simple: instrument every run, define a small rubric for one high-value workflow, label a few hundred examples, and measure judge agreement before automating more of the pipeline.

References / Notes

Evaluating Agent Workflows with Traces, Feedback, Human Labels, and LLM Judges | Cataluma