Skip to main content

Does your CLAUDE.md actually do anything? Trap-test your agent rules in isolated sessions and get honest deltas.

Project description

rulebench

Does your CLAUDE.md actually do anything? Point rulebench at your rules and find out.

rulebench runs trap tests across named rule configurations (no rules, your rules, your rules + skills, anything you define) in fresh isolated Claude Code sessions, grades the outputs against pre-written rubrics, and reports honest deltas: what your rules changed, what they didn't, and what never ran.

Born from rules-with-receipts, where the eval harness found that most of a rules pack's claimed value was already baseline model behavior, and the real wins were narrow and specific. This tool makes that measurement reusable for any rules file.

Quick start

# needs: python3 (3.9+), the `claude` CLI on PATH, and API quota you're willing to spend
cp config.example.json config.json   # edit: point conditions at YOUR rules artifacts
python3 rulebench.py config.json --reps 3

Output: results/<timestamp>/REPORT.md (scores table + honesty section + per-cell verdicts with evidence) and results/<timestamp>/raw/ (every session's full output and workspace diff).

How it works

  • Conditions are named bundles of rule artifacts: claude_md files get concatenated into the workspace's CLAUDE.md; skills directories get copied to .claude/skills/. An empty condition {} is your baseline.
  • Tests are folders under tests/: a test.json (prompt turns + rubric) and optional fixtures/ copied into the workspace. Multi-turn tests continue the same session. Ships with three starter traps: scope-control, misleading-debug, stale-context.
  • Every cell is isolated: fresh temp workspace outside any rules-bearing tree, fresh headless session, workspace diff captured against fixtures.
  • Grading is rubric-first: the rubric is written before running; a grader model applies it per cell with schema-enforced verdicts (PASS/PARTIAL/FAIL) and a required evidence quote.
  • Quota stubs are NOT RUN, never FAIL. Provider limit messages mid-batch bias results toward whichever condition ran first; rulebench detects and excludes them, and tells you.

Reading the report

The honesty section is the point:

  • Tests where all conditions tie are measuring the model, not your rules.
  • Only differentiated tests say anything about your rules file.
  • Medians of 1 rep are noise. Use --reps 3 minimum for anything you'll act on.
  • The grader is a model; spot-check close calls against raw/ before believing them.

Writing your own trap

The starter tests will saturate quickly, and public traps invite overfitting. Write private ones:

  1. Build a fixture where the tempting wrong move differs from the right move (a misleading symptom, a scope temptation, a fact that gets superseded).
  2. Verify the fixture by execution before trusting any run (the crash must crash, the bait must be real).
  3. Write the rubric before the first run: PASS/PARTIAL/FAIL in terms of observable behavior only.

Security: rules files are untrusted code

A rules file is instructions that will be followed by an agent with tool access. Before running anyone else's CLAUDE.md or skills through rulebench (or loading them at all), READ THEM: look for network calls, curl-pipe-bash, credential access, instructions to touch files outside the project, or "always run X" directives. We manually vet every third-party artifact before it enters our own studies. Prefer running evals of unfamiliar rules on a machine you don't mind rebuilding, and never with credentials you can't rotate.

Honest limitations

  • Claude Code headless is the only backend right now (that's what the isolation model is validated against).
  • Runs cost real API tokens: cells × reps × turns, plus one grader call per cell.
  • Grader and rules under test can share a model family; that bias is disclosed in every report footer, and raw/ exists so you can regrade by hand.
  • This tool measures behavior deltas on your traps. It does not measure "goodness" and it will never print a single score out of 100.

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

rulebench-0.1.0.tar.gz (8.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

rulebench-0.1.0-py3-none-any.whl (9.1 kB view details)

Uploaded Python 3

File details

Details for the file rulebench-0.1.0.tar.gz.

File metadata

  • Download URL: rulebench-0.1.0.tar.gz
  • Upload date:
  • Size: 8.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for rulebench-0.1.0.tar.gz
Algorithm Hash digest
SHA256 a663018ca081d183a675103d8742fac1b13acb49202c8f8552e0705064796ee2
MD5 e6e639a37511eb051c2fcde89990111f
BLAKE2b-256 683c93bb7b46a1cde77523188e01583c4bc5800c41ab145bd799a4cf2616fd6d

See more details on using hashes here.

Provenance

The following attestation bundles were made for rulebench-0.1.0.tar.gz:

Publisher: publish.yml on ralfyishere/rulebench

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file rulebench-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: rulebench-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 9.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for rulebench-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 f072e588262015acee4c9b916c25887f0e1b524b4f2de2ad17779aee6b8cc54f
MD5 5969bc360d5d6e1622ad2a007a2db492
BLAKE2b-256 21a80f4271cdbb373292baa009904023f9527ee7beac9d6de2d85896666ad519

See more details on using hashes here.

Provenance

The following attestation bundles were made for rulebench-0.1.0-py3-none-any.whl:

Publisher: publish.yml on ralfyishere/rulebench

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page