Your LLM agent eval harness is silently rotting because the judge is itself a model.

It is the set of files that turn 'we have evals' into a control the on-call engineer trusts. Five components: rubric.yaml at the repo root that names every axis, eval/cases.yaml with the workload-grounded benchmark, eval/judge_prompts.yaml that pins the judge model and the prompt template SHA per LLM-judge axis, scripts/calibrate-judges.sh that re-runs the judge against a 20-case frozen set every Friday, and eval/judge_history.jsonl committed back to the repo so the on-call engineer can read a year of judge stability with one grep. The runner (eval/run.py) ties them together and the CI workflow (.github/workflows/eval.yml) posts the scorecard on every PR. Without the judge layer pinned, the eval scoreboard slowly diverges from reality and you only notice when a regression slips past.

Because most rubric axes are not actually subjective and the LLM judge taxes you for nothing on those. schema_valid, must_not_include, calls_correct_tool, citations_resolve, latency, token budget, and repeated-text detection are all expressible as a regex, a JSON-schema check, or a number assert. Running them through a judge costs a forward pass per case (real money), adds 200 to 1500 ms of latency to the harness, and introduces variance that can swamp real regressions. The judge belongs on the three axes where it cannot be replaced: answer_relevancy, factual_grounding, and tone_match. The 70/30 split is the empirical ratio across the five named production agents we run; your repo will land between 60/40 and 80/20 depending on how much of the workload is text generation versus tool use.

Two failure modes that look identical from a metrics dashboard but have different fixes. Judge-prompt drift: an engineer tweaks the judge prompt by one sentence in week 8 to fix a perceived false positive, the prompt SHA changes, and every score from week 8 onward is uncomparable to week 1. Judge-model drift: the vendor releases claude-4-7-opus and the harness has a default that resolves to 'whatever opus is latest', so the judge model swaps under you. Both produce a moving scoreboard the team will trust for one quarter and then stop reading. The fix is a pinned prompt SHA and an explicit judge_model name per axis in eval/judge_prompts.yaml, plus a weekly calibration cron that re-grades a 20-case frozen set and opens a PR if the drift exceeds three points.

20 is the smallest set we have seen reliably surface real drift while keeping the cron cheap enough to run every Friday. Below 12 the variance dominates, run-to-run noise is louder than the drift you want to detect. At 100 the cron costs roughly five times as much, runs five times longer, and the engineer stops looking at the result. Three points on a four-point scale (0/1/2/3) is the empirical floor: under three points, two humans on the same case set will themselves disagree by that much. Above three points, you are seeing a real prompt or model shift, not noise. Tuning the threshold lower locks the harness too tightly and produces churny PRs that the team learns to ignore. Both numbers are defaults from the same five named production agents; you should re-pick them at week 2 with your product lead.

On objective axes (factual_grounding against retrieved docs, schema-derived axes), it does not matter. On subjective axes (tone_match, answer_relevancy on free-text generation), the judge should be a different family than the agent. Same-family judge-grades-itself bias is well-documented: a Claude judge will rate Claude outputs higher on subjective axes than a GPT judge will, by a measurable amount. The fix is to ship cross-vendor on subjective axes by default. In our judge_prompts.yaml shape, tone_match is graded by gpt-4-1 even when the agent is Claude. Same with the inverse on a GPT-based agent: tone_match goes through Claude. The cost is a second vendor key in the harness; the benefit is the scoreboard stops flattering the model you ship.

Those are runners and judge libraries. The harness is the wiring that pins them. ragas computes faithfulness and answer_relevancy with built-in prompts; the harness writes the prompt SHA into eval/judge_prompts.yaml and gates merges if the SHA on disk does not match the pin. DeepEval ships G-Eval as a metric; the harness adds the calibration set, the weekly cron, and the drift threshold. promptfoo runs the cases; the harness owns which cases run, on which PRs, and what the failure does. LangSmith is a useful trace store for debugging the judge; it is not a judge spec, and the spec must live in your repo or it leaves with the vendor. None of the libraries answer the question 'has the judge drifted in the last six weeks?'. judge_history.jsonl does.

Library defaults are the starting point, not the ship state. ragas faithfulness, ragas answer_relevancy, and G-Eval coherence are reasonable v1 prompts; we copy them into eval/judge_prompts/<axis>.md and pin the SHA. The first calibration run scores 20 cases. Every case where the judge disagrees with the human target by more than two points is a row the engineer rewrites the prompt against until the agreement floor is met. The prompt that ships is rarely the library default; usually it is the default plus three to six axis-specific clarifications added during the week-2 scoping call. After that the prompt is frozen by SHA and only the calibration cron is allowed to suggest a re-pin.

Title: 'judge-drift detected on YYYY-MM-DD (N axis(es))'. Body: the drift in points per axis, a link to the per-axis JSON report with case-by-case judge output, the diff between the calibration target and what the judge said today, and a checklist with two paths. Path A is re-pin: rewrite the judge prompt, increment the SHA, re-run scripts/calibrate-judges.sh, attach a green run, merge. Path B is accept: extend the calibration set with the rows the judge now scores differently, document the rationale in the PR body, attach a fresh calibration with the new set as cal-YYYY-MM-DD-extended, merge. Either path is one PR. The drifted axis stops gating merges until the PR lands. The agent rubric still grades on every other axis in the meantime.

Yes, and the deterministic 70 actually grows. Code outputs add three deterministic axes (compiles, passes a unit test, lints clean) that previously would have been judge calls. Vision adds image-hash checks (the output contains a face in the lower-left third), which a deterministic vision-feature extractor can answer without an LLM judge. Audio adds transcript checks. The LLM-judge 30 shrinks but does not disappear: 'is this a recognizable brand voice in the audio' still needs a judge. The judge_prompts.yaml shape is identical across modalities; only the calibration sets and the deterministic axes differ. The OpenArt multi-scene video agent ships with one judge axis (visual_consistency_across_scenes) and seven deterministic axes (resolution, fps, scene count, transition smoothness from optical flow, NSFW gate, file size, duration).

Eight files in the client repo on main: rubric.yaml, eval/cases.yaml, eval/judge_prompts.yaml, eval/judge_calibration/<axis>.yaml (one per LLM-judge axis), eval/run.py, scripts/calibrate-judges.sh, .github/workflows/eval.yml, .github/workflows/judge-calibrate.yml. Plus eval/judge_history.jsonl which is generated by the cron and committed back to the repo. The harness is model-vendor neutral: the judge model is named in YAML, no vendor-attached runtime is required, and there is no SaaS license to renew. The named senior engineer who shipped it leaves a runbook in ops/failure_playbook.md that walks the on-call engineer through reading judge_history.jsonl when the agent regresses. Every line of this is your repo, your CI, your on-call rotation. We leave; the harness stays.