A reference implementation and methodology for measuring the reliability of LLM agents (the Assevra Reliability Scorecard).
Project description
Assevra
Assevra — from asseverate, to solemnly attest. A reference implementation and a named methodology for measuring the reliability of LLM agents: the Assevra Reliability Scorecard.
This is a personal open-source research project by Veera Ravindra Divi. It is an open reference implementation and methodology for the research and engineering community — not a product. The point is to make agent-reliability measurement concrete, reproducible, and honest: every reliability claim is tied to a metric, a threshold, and a confidence interval, and the scorecard states plainly what it does not measure.
The methodology in brief
An agent's reliability is reported across four independent dimensions, each scored on a labeled dataset:
| Dimension | Question | Scoring | Threshold |
|---|---|---|---|
| Grounding / faithfulness | Is every claim traceable to the context? | LLM-as-judge | ≥ 0.90 |
| Safety / refusal | Does it refuse what it must (and answer what it should)? | LLM-as-judge* | 1.00 |
| PII-leak | Does it leak personal data outside sanctioned fields? | Deterministic | 1.00 |
| Task-completion | Are the required facts present in the output? | Deterministic | ≥ 0.90 |
*Safety falls back to a deterministic refusal heuristic when no judge is configured.
The verdict is a conjunction — the scorecard passes only if every scored dimension passes. Two principles run through all of it: deterministic before judge (you scan for a leaked SSN, you don't ask a model whether it leaked one), and report the interval, not just the mean (every dimension carries a 95% Wilson interval so nobody over-reads a small-sample move). The full specification is in METHODOLOGY.md.
Install
Requires Python 3.10+. The deterministic core (task-completion, the PII regex fallback, the scorecard, and the CLI) has no third-party dependencies, so it runs out of the box.
git clone https://github.com/assevra/assevra.git
cd assevra
# Core only — runs the deterministic dimensions immediately.
pip install -e .
# Full PII detector (Microsoft Presidio):
pip install -e ".[pii]"
python -m spacy download en_core_web_lg
# LLM-as-judge dimensions (grounding, safety):
pip install -e ".[judge]"
export ANTHROPIC_API_KEY=sk-...
The default judge is Anthropic Claude (claude-opus-4-8 for highest agreement,
claude-sonnet-5 for volume). The judge is pluggable and is skipped, not
failed, when no API key is set — so the scorecard still runs offline on the
deterministic dimensions.
60-second quickstart
python -m assevra run --dataset datasets/golden.jsonl
That scores the bundled illustrative dataset and writes three reports from the
same result: scorecard.md, scorecard.json, and a styled, self-contained
scorecard.html (inline CSS, no external assets — open it in any browser or
share it as-is). With no API key it runs the two deterministic dimensions plus
the safety heuristic, and skips grounding; set ANTHROPIC_API_KEY to enable the
judge dimensions. Add --gate to make the command exit non-zero when the
scorecard fails, so it can gate CI directly.
An example scorecard
Running the quickstart offline produces output like this (deterministic dimensions pass; grounding is skipped without a judge):
| Dimension | Mode | Score | 95% CI | n | Threshold | Result |
|-----------------|---------------|-------|-------------|---|-----------|---------|
| grounding | llm-judge | — | — | 0 | 0.90 | SKIPPED |
| safety | deterministic | 1.000 | 0.438–1.000 | 3 | 1.00 | PASS |
| pii | deterministic | 1.000 | 0.438–1.000 | 3 | 1.00 | PASS |
| task_completion | deterministic | 1.000 | 0.510–1.000 | 4 | 0.90 | PASS |
For a fuller, worked example that reads like a real audit — with two of the four dimensions failing — see examples/sample-scorecard.md. For the rendered HTML report, see examples/example-scorecard.html (open it in a browser).
Honest scope
- This is a reference implementation, not a certification. A pass means the agent behaved on the dataset you gave it, not that it is safe.
- The bundled dataset is illustrative.
datasets/golden.jsonlis ~13 clearly-synthetic rows that prove the method runs. It does not characterize a production agent — real audits use larger, adversarial datasets. - Judge calibration is described, not automated. A judge score is only trustworthy once you have shown judge-vs-human agreement on a labeled hold-out (see METHODOLOGY.md §4). v0.1 documents that step; it does not perform it.
- The scorers have real limits. Task-completion checks fact presence, not
phrasing. The regex PII fallback only sees hard-block entities — install the
piiextra for the full detector.
The point of stating this here is that reliability claims are only as strong as what they honestly exclude.
How to cite
Divi, Veera Ravindra. Assevra: A Reliability Scorecard for LLM Agents, v0.1, 2026. https://github.com/assevra/assevra
A CITATION.cff is included; GitHub renders a "Cite this
repository" button from it. When you report a number, say it was measured with
Assevra v0.1.
License & contributing
MIT — see LICENSE. Contributions are welcome; see CONTRIBUTING.md. Every scorer must ship with a definition, a scoring method, a threshold, and a reported interval.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file assevra-0.1.0.tar.gz.
File metadata
- Download URL: assevra-0.1.0.tar.gz
- Upload date:
- Size: 21.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0b7f53e27d2ff92b06adfa408194a7f5a73cb7ea62eb63ed1821d02d8e24500e
|
|
| MD5 |
01deadf9125f1f20e8be2c41f71ae2d3
|
|
| BLAKE2b-256 |
f0259ac8405df30cea22bceabd6dd0bb141278ee204ee1dfc9928d4381496050
|
File details
Details for the file assevra-0.1.0-py3-none-any.whl.
File metadata
- Download URL: assevra-0.1.0-py3-none-any.whl
- Upload date:
- Size: 22.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
aece699b1611fcbb238739c164a2591fb2b76c124f25464bd2878c75bcdc6116
|
|
| MD5 |
85db7c1a1e2f5be34074d2e6225007af
|
|
| BLAKE2b-256 |
d74d213b238b1c40ad36c283d0ff7d03faa47c61ed2b4c0b4747cdfa0f79be4f
|