Merge pull request #91 from tikalk/edd_implementation

Evals Extension: EDD (Eval-Driven Development) with PromptFoo Integration

Author: kanfil

CHANGELOG.md

@@ -2,6 +2,22 @@
 
 All notable changes to the Specify CLI and templates are documented here.
 
+# [0.4.11] - 2026-04-16
+
+### Added
+
+- **Evals Extension**: Complete EDD (Eval-Driven Development) implementation with PromptFoo integration
+  - **Complete EDD Methodology**: All 10 EDD principles implemented and validated
+  - **Goldset Lifecycle**: Full ADR/CDR pattern with `init` → `specify` → `clarify` → `analyze` → `implement` workflow
+  - **Evaluation Pyramid**: Tier 1 fast checks (<30s) + Tier 2 semantic evaluation (<5min) + production sampling
+  - **Statistical Validation**: TPR/TNR analysis with 95% confidence intervals and holdout dataset validation
+  - **PromptFoo Integration**: Automatic config generation, executable grader creation, and seamless results processing
+  - **Cross-Functional Intelligence**: `levelup` command generates stakeholder-specific insights and team PRs
+  - **Smart Task Matching**: `tasks` command provides intelligent eval-task alignment with coverage analysis
+  - **Production-Ready**: Complete validation pipeline, error handling, and production loop closure
+  - **8 Commands**: `init`, `specify`, `clarify`, `analyze`, `implement`, `validate`, `levelup`, `tasks`
+  - **Comprehensive Documentation**: 190+ section README with architecture guide, examples, and troubleshooting
+
 ## [0.4.10] - 2026-04-14
 
 ### Changed

docs/EDD_USAGE_GUIDE.md

@@ -0,0 +1,104 @@
+# EDD Components vs Internal Evaluation Systems - Usage Guide
+
+## Overview
+
+This repository contains **two separate evaluation systems** with different purposes. Understanding when to use each is crucial for proper implementation.
+
+---
+
+## 📋 **Internal Evaluation System** (`evals/configs/`)
+
+### Purpose
+- **Evaluates the quality of the prompt templates** in this repository
+- Tests whether `spec-prompt.txt`, `plan-prompt.txt`, `arch-prompt.txt`, etc. generate good outputs
+- **Quality assurance for the toolkit itself**
+
+### Structure
+```
+evals/
+├── configs/
+│   ├── promptfooconfig.js           # Main evaluation config
+│   ├── promptfooconfig-spec.js      # Tests spec-prompt.txt quality
+│   ├── promptfooconfig-plan.js      # Tests plan-prompt.txt quality
+│   ├── promptfooconfig-arch.js      # Tests arch-prompt.txt quality
+│   ├── promptfooconfig-ext.js       # Tests ext-prompt.txt quality
+│   └── promptfooconfig-clarify.js   # Tests clarify-prompt.txt quality
+├── graders/
+│   └── custom_graders.py            # Custom graders for prompt quality
+└── prompts/
+    ├── spec-prompt.txt              # The actual prompts being tested
+    ├── plan-prompt.txt
+    └── ...
+```
+
+### When to Use
+- ✅ Testing if your prompt templates generate good specifications
+- ✅ Regression testing after modifying prompts
+- ✅ Quality assurance for the toolkit development
+- ✅ Ensuring prompts follow best practices
+
+---
+
+## 🛡️ **EDD Components** (`evals/edd-components/`)
+
+### Purpose
+- **Framework for evaluating external projects** that use this toolkit
+- Security baseline checks, compliance validation, etc.
+- **Methodology for others to implement in their projects**
+
+### Structure
+```
+evals/
+├── edd-components/
+│   ├── graders/
+│   │   ├── check_pii_leakage.py           # Security grader
+│   │   ├── check_prompt_injection.py      # Security grader
+│   │   ├── check_hallucination.py         # Security grader
+│   │   ├── check_misinformation.py        # Security grader
+│   │   ├── check_regulatory_compliance.py # Compliance grader
+│   │   └── check_context_adherence.py     # Context grader
+│   ├── configs/
+│   │   ├── config.js                      # EDD example config
+│   │   ├── config-tier1.js                # Tier 1 (fast) evaluations
+│   │   └── config-tier2.js                # Tier 2 (semantic) evaluations
+│   └── goldset/
+│       └── goldset.csv                    # Reference test data
+└── scripts/
+    ├── edd_failure_routing.py             # EDD failure routing
+    └── audit_binary_compliance.py         # EDD compliance audit
+```
+
+### When to Use
+- ✅ **External teams** implementing this toolkit in their projects
+- ✅ Evaluating **AI systems built using the prompts** from this toolkit
+- ✅ Security baseline validation for production AI systems
+- ✅ Compliance checking for regulated industries
+
+---
+
+## 🔄 **Command Alignment Across Extensions**
+
+All extensions in Spec Kit follow a consistent workflow pattern:
+
+| Step | `/architect.*` | `/levelup.*` | `/evals.*` | Purpose |
+|------|---------------|--------------|-----------|---------|
+| **1. Initialize** | `/architect.init` | — | `/evals.init` | Reverse-engineer from existing codebase (brownfield) |
+| **2. Specify** | `/architect.specify` | `/levelup.specify` | `/evals.specify` | Extract core artifacts (ADRs, CDRs, eval criteria) from spec |
+| **3. Clarify** | `/architect.clarify` | `/levelup.clarify` | `/evals.clarify` | Resolve ambiguities through interactive questions |
+| **4. Implement** | `/architect.implement` | `/levelup.implement` | `/evals.implement` | Generate final outputs (AD.md, skills, PromptFoo config) |
+| **5. Validate** | `/architect.validate` | — | `/evals.validate` | Validate alignment/quality (READ-ONLY for architect) |
+| **6. Analyze/Trace** | `/architect.analyze` | `/levelup.trace` | `/evals.trace` | Post-implementation analysis and reporting |
+
+### Pattern Summary
+
+**Common workflow**:
+1. **init** (optional, brownfield only) →
+2. **specify** (extract) →
+3. **clarify** (refine) →
+4. **implement** (generate) →
+5. **validate/trace** (verify/analyze)
+
+**Key differences**:
+- **`/architect.*`**: Focuses on architectural decisions (ADRs → AD.md)
+- **`/levelup.*`**: Focuses on coding directives (CDRs → skills → team-ai-directives)
+- **`/evals.*`**: Focuses on evaluation criteria (goldset → PromptFoo config → test results)

evals/edd-components/configs/config-tier1.js

@@ -0,0 +1,37 @@
+// Tier 1 Only - Fast CI/CD Integration
+// EDD Principle IV: Fast deterministic checks only
+
+module.exports = {
+  description: 'EDD Tier 1 - Fast Deterministic Checks (<30s)',
+
+  tests: [
+    {
+      description: 'Security Baseline - PII Leakage',
+      assert: [{ type: 'python', value: './graders/check_pii_leakage.py' }]
+    },
+    {
+      description: 'Security Baseline - Prompt Injection',
+      assert: [{ type: 'python', value: './graders/check_prompt_injection.py' }]
+    },
+    {
+      description: 'Security Baseline - Hallucination Detection',
+      assert: [{ type: 'python', value: './graders/check_hallucination.py' }]
+    },
+    {
+      description: 'Security Baseline - Misinformation Detection',
+      assert: [{ type: 'python', value: './graders/check_misinformation.py' }]
+    },
+    {
+      description: 'Regulatory Compliance Validation',
+      assert: [{ type: 'python', value: './graders/check_regulatory_compliance.py' }]
+    }
+  ],
+
+  outputPath: '../results/tier1_results.json',
+
+  metadata: {
+    tier: 1,
+    sla: '30_seconds',
+    use_case: 'ci_cd_fast_feedback'
+  }
+};

evals/edd-components/configs/config-tier2.js

@@ -0,0 +1,21 @@
+// Tier 2 Only - Semantic Evaluation for Merge Gates
+// EDD Principle IV: Goldset LLM judges
+
+module.exports = {
+  description: 'EDD Tier 2 - Goldset Semantic Evaluation (<5min)',
+
+  tests: [
+    {
+      description: 'Context Adherence Validation',
+      assert: [{ type: 'python', value: './graders/check_context_adherence.py' }]
+    }
+  ],
+
+  outputPath: '../results/tier2_results.json',
+
+  metadata: {
+    tier: 2,
+    sla: '5_minutes',
+    use_case: 'merge_gate_validation'
+  }
+};

evals/edd-components/configs/config.js

@@ -0,0 +1,113 @@
+// PromptFoo Configuration
+// Auto-generated from goldset.md following EDD principles
+// Generated: 2026-03-30T10:33:28Z
+
+const path = require('path');
+
+module.exports = {
+  description: 'EDD Evaluation Suite - Binary Pass/Fail with Evaluation Pyramid',
+
+  // EDD Principle IV: Evaluation Pyramid
+  tests: [
+
+    // ============================================
+    // TIER 1: Fast Deterministic Checks (<30s)
+    // ============================================
+
+    // Security Baseline (Always Applied)
+    {
+      description: 'Security Baseline - PII Leakage',
+      assert: [{
+        type: 'python',
+        value: './graders/check_pii_leakage.py',
+      }],
+      metadata: { tier: 1, type: 'security_baseline', priority: 'critical' }
+    },
+
+    {
+      description: 'Security Baseline - Prompt Injection',
+      assert: [{
+        type: 'python',
+        value: './graders/check_prompt_injection.py',
+      }],
+      metadata: { tier: 1, type: 'security_baseline', priority: 'critical' }
+    },
+
+    {
+      description: 'Security Baseline - Hallucination Detection',
+      assert: [{
+        type: 'python',
+        value: './graders/check_hallucination.py',
+      }],
+      metadata: { tier: 1, type: 'security_baseline', priority: 'critical' }
+    },
+
+    {
+      description: 'Security Baseline - Misinformation Detection',
+      assert: [{
+        type: 'python',
+        value: './graders/check_misinformation.py',
+      }],
+      metadata: { tier: 1, type: 'security_baseline', priority: 'critical' }
+    },
+
+    // Goldset Tier 1 Criteria
+    {
+      description: 'Regulatory Compliance Validation',
+      assert: [{
+        type: 'python',
+        value: './graders/check_regulatory_compliance.py',
+      }],
+      metadata: {
+        tier: 1,
+        type: 'goldset_criterion',
+        criterion: 'eval-001',
+        failure_type: 'specification_failure'
+      }
+    },
+
+    // ============================================
+    // TIER 2: Goldset Semantic Evaluation (<5min)
+    // ============================================
+
+    {
+      description: 'Context Adherence Validation',
+      assert: [{
+        type: 'python',
+        value: './graders/check_context_adherence.py',
+      }],
+      metadata: {
+        tier: 2,
+        type: 'goldset_criterion',
+        criterion: 'eval-002',
+        failure_type: 'generalization_failure',
+        evaluator_type: 'llm-judge'
+      }
+    }
+  ],
+
+  // EDD Principle II: Binary pass/fail outputs only
+  outputPath: '../results/promptfoo_results.json',
+
+  // EDD Principle V: Trajectory observability
+  writeLatestResults: true,
+  share: false,
+
+  // EDD Principle IX: Test data versioning metadata
+  metadata: {
+    version: '1.0.0',
+    generated: '2026-03-30T10:33:28Z',
+    goldset_version: '1.0.0',
+    edd_compliant: true,
+    binary_only: true,
+    evaluation_pyramid: true,
+    tier1_sla: '30_seconds',
+    tier2_sla: '5_minutes',
+
+    // EDD Principle VIII: Failure type routing
+    criteria_mapping: {
+      'eval-001': { name: 'Regulatory Compliance', failure_type: 'specification_failure' },
+      'eval-002': { name: 'Context Adherence', failure_type: 'generalization_failure' }
+    }
+  }
+};

evals/edd-components/configs/config.yml

@@ -0,0 +1,17 @@
+# System-specific configuration for promptfoo
+system: "promptfoo"
+binary_pass_fail: true
+
+# EDD Principle IV: Evaluation Pyramid
+tiers:
+  tier1:
+    fast_checks: true
+    security_baseline: true
+  tier2:
+    goldset_judges: true
+
+# EDD Principle IX: Test Data is Code
+test_data:
+  version_control: true
+  adversarial_required: true
+  holdout_ratio: 0.2