Evaluating Model Output
Models optimize for plausible text, not correct software. Evaluation means matching review depth to risk — not reviewing every line the same way.
Last reviewed: June 2026
This framework complements Verifying AI Output — use that checklist at merge time.
Prerequisites
Read How LLMs Work first. This page applies that mental model to review decisions.
Trust vs Verify Spectrum
| Zone | Examples | Review depth |
|---|---|---|
| Low risk | Comment edits, typo fixes in docs | Skim diff |
| Medium | New utility function, test additions | Read diff + run tests |
| High | Auth, payments, SQL, crypto, infra | Line-by-line + security review |
| Never trust alone | Dependencies, env vars, security middleware | Verify against docs + grep registry |
Rule: Higher blast radius → less trust in fluency, more verification in tooling.
Evaluation Framework
For each AI-generated change, answer four questions:
- Can I verify with automation? (build, lint, test, typecheck)
- Does this touch user data or money?
- Did the model introduce new external dependencies or env vars?
- Would I understand this code in a interview?
If any answer is "yes" for questions 2–4, escalate review beyond skim.
flowchart TD
change[AI-generated change] --> auto{Automated checks pass?}
auto -->|No| reject[Reject — paste errors to model]
auto -->|Yes| risk{High risk path?}
risk -->|Yes| senior[Senior + security review]
risk -->|No| human[Human diff review]
human --> merge[Merge]
senior --> merge
Signals of Reliable Output
| Signal | Why it helps |
|---|---|
| Matches existing patterns in repo | Lower novelty → lower surprise |
| Small, focused diff | Easier to audit |
| Tests included and passing | Behavior checked |
| No new imports | Fewer phantom dependency risks |
| Cites file paths you @-mentioned | Grounded in provided context |
Signals to Distrust
| Signal | Action |
|---|---|
| New package you did not request | Verify on npm; check download stats |
process.env.* you never defined | Block merge until env documented |
| Confident explanation, failing tests | Trust compiler over narrative |
| Large refactor beyond ask | Revert; narrow scope |
| Dead documentation links | Treat cited APIs as suspect |
See Common AI Coding Mistakes for full catalog.
Change-Type Rubric
| Change | Minimum verification |
|---|---|
| CSS tweak | Visual check in browser |
| React component | Render + a11y spot check |
| API route | curl test + auth check |
| Database migration | Dry-run on staging; backup plan |
| Config / CI | Diff against known-good template |
Worked Example
Task: "Add a formatCurrency helper."
| Step | Evaluation |
|---|---|
Model adds src/lib/formatCurrency.ts | Read implementation — does it handle null? |
| Model adds tests | Run npm test -- formatCurrency |
Model imports intl polyfill you do not use | Reject — remove dependency |
| Tests pass, no new deps | Approve after quick read |
Task: "Fix login redirect bug."
| Step | Evaluation |
|---|---|
| Model edits auth middleware + 8 other files | Stop — revert extras |
| Re-prompt with file boundary | Re-evaluate smaller diff |
| Touches session cookie flags | Security reviewer required |
For Teams
Encode rubric in Team AI Policy:
- Define high-risk paths (
auth/,payments/,infra/) - Require
ai-assistedlabel for traceability - Track post-merge bugs on AI PRs — tune rules, do not ban tools outright
Reference: NIST AI RMF for organizational risk framing.