Caliper is a lightweight evaluation harness for agent skills. Write a short spec of what "good" looks like, run it again and again, and get a success rate you can track. It also runs every task without the skill, so you learn whether the skill is doing the work or the base agent would have passed anyway. Works with the agent you already use: Claude Code, Codex, Pi, or Hermes.
Teach your agent to evaluate:
npx skills@latest add edonadei/caliperOr run it yourself:
caliper run commit-commands.eval.yaml --k 3 --baselineYou write a spec, a few lines of YAML describing what "working" means, which you hand-write or have /grill-skill generate for you. With --baseline, Caliper runs each task with and without the skill and diffs the two runs task by task:
Agent skills are hard to test. A skill that works on your machine, on this prompt, today, might fail tomorrow after a model update or a one-line prompt edit. Caliper makes reliability measurable: define what success looks like, run the skill repeatedly, and get a success rate you can track over time.
Use Caliper to answer questions like:
- Did my prompt edit actually improve the skill?
- Is the skill doing the work, or would the base agent pass without it?
- Does it still pass the workflows it passed last week?
- Which agent (Claude Code, Codex, Pi, or Hermes) runs this skill more reliably?
1. Install the skills
npx skills@latest add edonadei/caliper2. Generate a spec interactively
In your agent (Claude Code or Codex):
/grill-skill ./my-skill/SKILL.md
grill-skill reads your SKILL.md, interviews you, and writes a 3-task .eval.yaml (happy path, edge case, adversarial).
3. Run and measure
/evaluate-skill run my-skill.eval.yaml --k 3 --baseline
Browse past runs:
/evaluate-skill list
/evaluate-skill report my-skill
1. Install the CLI
pipx install caliper-eval # requires Python 3.10+2. Write a spec
# my-skill.eval.yaml
skill:
path: ./SKILL.md
tasks:
# Autorater: the LLM judge reads the transcript and decides
- name: Writes a conventional commit message
prompt: "Summarize the staged git diff as a commit message."
expect: >
The response is a conventional-commit message: a concise subject
line under 72 characters, followed by a body explaining why the
change was made, not just what changed.
# Script execution: a deterministic Python assertion
- name: Generates a valid config file
cleanup: rm -f /tmp/app.config.json
prompt: "Generate a config at /tmp/app.config.json with a 'port' of 8080."
assert: |
import json
from pathlib import Path
data = json.loads(Path("/tmp/app.config.json").read_text())
assert data["port"] == 8080expect: is graded by the judge LLM; assert: runs locally as Python. Use either or both.
The spec never names an engine. The skill and judge default to claude-code, and you pick a different agent/model at run time with --model / --judge-model (see Choosing an engine).
3. Run it
caliper run my-skill.eval.yaml --k 3 # add --baseline to diff vs the bare agent4. Read the output
The report ends with the per-task failure panels: for each attempt that didn't pass, the output plus the assertion or autorater reason why. Full results are also saved as JSON under .caliper/results/<spec>/ for you to inspect or caliper compare later. --verbose adds pass@k and pass^k columns (both derived from the raw rate) and a panel for every task.
The Eval Starter Pack has four copy-paste templates, each catching a real agent failure (false success, tool misuse, runaway loops, prompt regressions). Every template runs green as-is against a bundled example, then points at your own skill by editing two or three commented lines.
.eval.yaml spec
│
▼
Harness ──── runs your skill against the agent (Claude Code / Codex / Pi / Hermes)
│
▼
Judge ──── LLM autorater and/or deterministic Python assertions
│
▼
success rate + saved transcript
Each attempt runs in an isolated temporary home with no session history. Results are saved as JSON you can inspect and diff later.
The repo ships two agent skills. Install both with:
npx skills@latest add edonadei/caliperCreate, validate, run, and summarize evals from inside your normal workflow, with no separate terminal needed. The skill installs Caliper automatically if it's missing.
Then use it in Claude Code:
/evaluate-skill run my-skill.eval.yaml --k 3
/evaluate-skill validate my-skill.eval.yaml
Or in Codex:
Use the evaluate-skill skill to run my-skill.eval.yaml with k=3 and summarize the result.
Don't have evals yet? grill-skill guides you through creating them. It reads your SKILL.md, interviews you about what good behavior looks like, and generates a 3-task spec (happy path, edge case, adversarial). Then it runs the eval and loops: k=1 to validate, k=3 to measure, baseline before you commit.
/grill-skill ./my-skill/SKILL.md
No path needed if you're already in the skill's directory:
/grill-skill
If an .eval.yaml already exists next to your skill, grill-skill reads the existing tasks and interviews you about gaps instead of starting from scratch.
| Term | What it is |
|---|---|
| Spec | A .eval.yaml file that describes the skill, judge, and tasks to run |
| Backend | The CLI agent that executes the skill (claude-code, codex, pi, hermes) |
| Judge | What decides pass/fail: an LLM reading the transcript (expect:), Python assertions (assert:), or both |
| success rate | The primary score: run k times, measure how often a single run works (pass@k/pass^k are secondary views, under --verbose) |
| Baseline | Re-run the same tasks without the skill to prove the skill is doing the work |
| Attempt | One isolated run of a single task (fresh temporary home, no session history) |
The engine (backend + model) is a runtime axis, not a spec field. The spec
describes what is tested and how success is judged, and you pick the agent
that runs and grades it at invocation. Both default to claude-code; select a
different one with --model / --judge-model:
caliper run my-skill.eval.yaml # claude-code (default)
caliper run my-skill.eval.yaml --model codex # codex, its default model
caliper run my-skill.eval.yaml --model codex:gpt-5.6-sol
caliper run my-skill.eval.yaml --model pi --judge-model claude-code| Backend | Requires | Best for |
|---|---|---|
claude-code |
Claude Code CLI installed and authenticated | Testing Claude Code slash-command skills |
codex |
Codex CLI installed (npm install -g @openai/codex) |
Testing Codex skills |
pi |
pi CLI installed (npm install -g @earendil-works/pi-coding-agent) and authenticated |
Testing pi skills (agentskills.io) |
hermes |
Hermes Agent CLI installed and authenticated (Nous Research) | Testing skills on Hermes; hermes:<provider>/<model> selects the model |
Caliper runs skills only through CLI agents, so every backend can actually load and run a skill. There is no direct-API backend: to run against API-priced billing, configure one of these CLIs with an API key (e.g. ANTHROPIC_API_KEY / OPENAI_API_KEY) rather than selecting a separate backend.
The skill engine and judge engine are independent: you can test a Codex skill with a Claude judge, or any other combination, by pairing --model with --judge-model.
Install and authenticate the claude CLI. --model claude-code uses your existing Claude Code auth, with no extra configuration needed.
npm install -g @openai/codex
codex login--model codex calls codex exec. If the Codex desktop app is installed, Caliper prefers the app-bundled binary over codex on PATH. Set CODEX_CLI_PATH to force a specific binary.
npm install -g @earendil-works/pi-coding-agent
pi # then authenticate (e.g. /login for a subscription provider, or set the provider API key)--model pi runs pi --print --mode json and loads the skill natively via pi's --skill flag (the agentskills.io standard). It reuses your ~/.pi/agent auth and settings; the :model half of --model pi:<model> overrides pi's configured default when set. Set PI_CLI_PATH to force a specific binary. Note: pi's built-in default provider is google, so running --model pi with no model relies on your pi config to resolve a provider you are authenticated for.
curl -fsSL https://hermes-agent.nousresearch.com/install.sh | bash
hermes login # authenticate
hermes model # pick a default model/provider you have credits forHermes is a stateful, always-on agent (persistent memory, a persona, auto-generated skills), so Caliper normalizes it to a neutral agent to keep its score apples-to-apples with the other backends: every attempt runs in an isolated HERMES_HOME seeded with your ~/.hermes auth/config only (never SOUL.md/MEMORY.md), with --ignore-rules and --yolo (so an approval prompt can't hang the non-interactive oneshot), and the skill-under-test is staged as the sole local skill. --model hermes runs hermes -z (oneshot) then hermes sessions export to recover the full tool-call trajectory; --model hermes:<provider>/<model> (e.g. hermes:anthropic/claude-opus-4-8) selects the model, otherwise your ~/.hermes/config.yaml default is used. Point it at a provider you have credits for. If a run fails because no model is selected or a provider login lapsed, Caliper tells you to run hermes model. Set HERMES_CLI_PATH to force a specific binary. Hermes updates itself (hermes update), so it is not part of caliper update-cli.
Check installed CLI versions:
caliper update-cli --check- Create a spec for one behavior you care about.
- Run with
--k 1while iterating on the spec. - Add
assert:for facts an LLM judge might guess wrong (files, JSON, command output). - Move to
--k 3or higher once the task is stable. - Add
--baselineto prove the skill is making a difference. - Commit the spec alongside the skill so contributors can run the same eval.
/evaluate-skill run my-skill.eval.yaml --k 3 --baseline --verbose
To scaffold a spec, use the evaluate-skill
or grill-skill skill, or hand-write
the YAML below.
skill:
path: ./SKILL.md # path to the skill file (optional for baseline-only runs)
# Note: there is no `backend`/`model` or `judge:` block. The engine is a runtime
# axis: pass `--model` / `--judge-model` at run time (default: claude-code).
sandbox:
extra_path:
- ./bin # prepended to PATH inside each attempt
forbidden_files:
- ".*\\.eval\\.yaml$" # prevents agent from reading the spec
- "./.caliper/.*" # prevents agent from reading saved results
mcp: # optional: MCP servers the agent may use
weather: # server name → a mcp__weather__<tool> call in the transcript
command: python3 # a local stdio server the harness spawns
args: [./servers/weather.py]
env:
API_TOKEN: ${MCP_API_TOKEN} # ${VAR} resolves from your shell at run time
gdrive: # a remote (hosted) server reached over HTTP
type: http # http or sse
url: https://mcp.example.com/gdrive
headers:
Authorization: Bearer ${GDRIVE_TOKEN} # ${VAR} resolves at run time
tasks:
- name: Short task name
setup: <shell command> # optional, runs before each attempt
cleanup: <shell command> # optional, always runs after each attempt
prompt: <prompt sent to the agent>
expect: <natural-language success condition>
assert: |
# optional inline Python assertion
assert True
- name: Task with external assertion script
prompt: "Generate a report"
assert: ./assertions/check_report.pyEach task needs at least one of expect or assert. Task IDs are assigned automatically as task-001, task-002, and so on.
The optional mcp: block declares the MCP servers the agent-under-test may use. It is a capability granted to the agent for the eval, part of the run environment like sandbox:, so it lives in the spec rather than behind a flag. It is a top-level mapping keyed by server name (a sibling of sandbox:, not nested under skill:, and it applies whether or not the eval uses a skill). Each server's tools appear in the transcript as a namespaced call an expect: judge can verify (mcp__<server>__<tool> on claude-code and codex, mcp_<server>_<tool> on hermes), so word an expect: around the tool's behavior, not one backend's exact spelling, if the spec is meant to run under more than one engine.
A server is either local (stdio), a command the harness spawns, or remote (type: http or sse), a hosted endpoint at url, the shape most connectors (Google Drive, Notion, and so on) use:
mcp:
weather: # local stdio server (the default transport)
command: python3 # required: the local stdio command to spawn
args: [./servers/weather.py] # optional
env: # optional
API_TOKEN: ${MCP_API_TOKEN}
gdrive: # remote server
type: http # required for remote: http or sse
url: https://mcp.example.com/gdrive # required for remote
headers: # optional: usually auth
Authorization: Bearer ${GDRIVE_TOKEN}claude-code,hermes, andcodex. All three wiremcp:through:claude-codehonors stdio and remote (HTTP/SSE);hermeshonors stdio and remote header-auth (it translates the block into its nativemcp_serversconfig inside the isolatedHERMES_HOME, resolving${VAR}at the harness boundary and overwriting any of your personal servers so an attempt sees only the declared set);codexhonors stdio and remote header-auth the same way, translating the block into[mcp_servers.*]tables in the isolated~/.codex/config.toml(stdio ascommand/args/env, remote asurl+ a statichttp_headersmap of boundary-resolved literals; codex infers its one streamable-HTTP transport fromurl, sohttp/ssecollapse onto it), resolving${VAR}at the boundary and replacing any personal servers from your real config so an attempt sees only the declared set. Remote OAuth is not supported onhermesorcodex, since it needs an interactive browser flow the harness can't drive. Running a spec that declaresmcp:on a backend that can't honor it is a hard error rather than a silent no-op.pidoes not and will not honormcp:natively: its agent has no MCP by design. Instead of MCP, expose the capability as a CLI tool your skill drives (a skill with a README) or a pi extension, or run the eval onclaude-code/hermes/codex. Running anmcp:spec onpifails with that guidance.- Transport is set by
type:. Omitted (orstdio) means a localcommand;http/ssemeans a remoteurl. The two field sets are mutually exclusive: a stdio server can't seturl/headers, and a remote server can't setcommand/args/env. - Secrets stay out of the spec. A value in a stdio
env:, a remoteheaders:, or a remoteurl:may reference a host environment variable as${VAR}; it is resolved from your shell at run time (never written into the committed spec), and an unset variable fails the run with a clear message. - Server names must match
[A-Za-z0-9_-]+so the backend's namespaced tool handle (mcp__<server>__<tool>/mcp_<server>_<tool>) is well-formed.
caliper validate checks the mcp: block and reports a malformed entry (bad name, unknown key, unknown type, a stdio server missing/blank command, or a remote server missing url).
The judge engine reads the full attempt transcript and decides whether the expect condition was met. When the backend captures tool-call traces (Claude Code, Codex, pi, Hermes), those traces are included, so the judge can verify things like "the agent used tool X" without relying on the final text alone.
The judge engine is chosen at run time and defaults to claude-code; point it at a different agent with --judge-model (e.g. --judge-model codex), independently of the skill's --model.
Python assertions run locally. Use these for facts the LLM judge might guess:
- file exists / exact file contents
- JSON / schema validity
- command output
- images or screenshots
- repository state
tasks:
- name: Writes an output file
cleanup: rm -f /tmp/out.txt
prompt: "Write hello world to /tmp/out.txt"
assert: |
from pathlib import Path
path = Path("/tmp/out.txt")
assert path.exists(), "Output file was not created"
assert path.read_text().strip() == "hello world"When both expect and assert are present, both must pass.
| Command | Description |
|---|---|
caliper run <spec> |
Run an evaluation spec |
caliper validate <spec> |
Validate a spec file |
caliper list [spec] |
List specs and saved runs |
caliper report <spec-or-result> |
Re-render saved results |
caliper compare <A> <B> |
Diff two saved runs of the same eval, task by task |
caliper update-cli [backend] |
Check or update installed agent CLI versions |
| Flag | Default | Description |
|---|---|---|
--k INT |
3 |
Attempts per task |
--baseline |
off | Also run each task without the skill |
--workers INT |
4 |
Parallel task workers |
--timeout INT |
120 |
Seconds per attempt |
--fail-fast INT |
0 |
Stop a task after N consecutive infra_error/timeout attempts (0 disables) |
--model TARGET |
claude-code |
Skill engine: backend and/or model (see below) |
--judge-model TARGET |
claude-code |
Judge engine: backend and/or model (see below) |
--verbose |
off | Show per-attempt judge reasoning |
--output PATH |
— | Also save results JSON to a specific path |
The engine is not stored in the spec; these flags select it, defaulting to claude-code when omitted. Both accept a backend:model compound value, a bare backend name, or a bare model name:
# Backend and model together
caliper run my-skill.eval.yaml --model codex:gpt-5.6-sol
# Backend only (that backend's default model)
caliper run my-skill.eval.yaml --model codex
# Model only (backend stays claude-code)
caliper run my-skill.eval.yaml --model claude-fable-5
# Select the judge engine independently
caliper run my-skill.eval.yaml --model codex --judge-model claude-code:claude-haiku-4-5-20251001Accepted backends: claude-code, codex, pi, hermes (alias: claude → claude-code). The actual engine used is recorded in each saved run's RunMeta (the skill backend/model, and the judge_backend/judge_model that graded it), so results stay traceable even though the spec doesn't pin it. When you don't name a model and the CLI uses its own default, RunMeta records the concrete model the agent resolved rather than a bare "default", wherever the backend reports it: the skill model from hermes' session export, and the judge_model from the claude-code judge's JSON output. judge_model stays empty for an assert:-only run, where no LLM judge fired.
An ablation compares two runs of the same eval: a full skill against a
shortened variant, or the same skill at two points in time. caliper compare <A> <B> diffs two already-saved runs task by task, so you don't have to
hand-write a JSON script to answer "did this change regress?".
# Latest run of each spec (a bare spec name resolves to its latest run)
caliper compare commit-simple-full commit-simple-short
# Pin specific runs by pointing at their results JSON
caliper compare .caliper/results/demo/2026-07-01T10-00-00Z.json \
.caliper/results/demo/2026-07-02T09-00-00Z.json
# Machine-readable diff for a ship / no-ship decision
caliper compare A B --format jsonEach positional (A, B) is addressed exactly like report's argument: a spec
name (which resolves to its latest run) or a path to a results JSON. There are
no --run-a/-b flags. To pin a historical run, name its JSON path.
How the diff reads:
- Each row reads
before → after. The runs are named once in the header (with--baseline,no skill → with skill), so there's no A/B legend. - Tasks are matched by name, so reordering doesn't matter. A task in only one run is listed as unmatched and left out of the delta.
Δisafter − before, and the headlineΔ (matched)averages only the tasks measured on both sides, so it stays strictly like-for-like. A negative Δ renders red and flags a regression.- Unusable attempts can't fake a loss. A side with no usable attempts
(rate-limit / timeout / judge error) shows
—and never counts as a regression. - Token and wall-clock deltas are secondary and never a regression: a drop is
green (cheaper), a rise red (a trade-off to weigh). Only the score feeds
has_regression.
--format json serializes the full comparison (per-task scores, deltas,
regression flags, unmatched lists, warnings, and per-side usage) for scripting.
Every attempt carries a typed outcome, so infrastructure and judge noise are not scored as task failure:
| Outcome | Meaning | Counts toward the score? |
|---|---|---|
pass |
satisfied the task's judge(s) | ✅ success |
task_fail |
the skill genuinely failed the task | ✅ attempt |
cheat |
a forbidden-file read was detected | ✅ attempt |
infra_error |
harness failure: nonzero exit, or a detected rate-limit / spending-cap | ❌ unusable |
timeout |
exceeded the time budget with no result | ❌ unusable |
judge_error |
the judge produced no verdict (unparseable / errored autorater) | ❌ unusable |
The primary metric is the raw success rate: how often a single run works, computed over the usable attempts (the ones that got a fair shot). Unusable attempts leave the denominator and are reported as a separate "N unusable" count:
usable = pass + task_fail + cheat
score = successes / usable # raw rate; None if usable == 0
Two secondary views are kept for anyone who wants them (shown under --verbose,
and on every task in the JSON as pass_at_k / pass_hat_k):
pass@k = 1 - (1 - score) ^ usable # P(≥1 of k passes)
pass^k = score ^ usable # P(all k pass)
Which one to look at depends on how the skill is actually used:
| The question you're asking | Metric | For a 1/3 skill (k=3) |
|---|---|---|
| How reliable is a single run? (default) | success rate | 33% |
| If I retry up to k times and keep any win, do I get one? | pass@k |
70% |
| Will it work on every run, no exceptions? | pass^k |
4% |
Use pass@k when retrying is cheap and you keep the winning run; it's the
optimistic view, always ≥ the raw rate. Use pass^k when the skill runs
unattended and one failure breaks the chain; it's the strict view, always ≤
the raw rate. Caliper leads with the raw rate because pass@k flatters flaky
skills (1/3 → 70.4%).
The aggregate is the average task success rate, skipping tasks with no usable
attempts. With --baseline, Caliper runs the same tasks without the skill and
reports the delta.
--fail-fast N stops scheduling new attempts for a task after N consecutive
infra_error or timeout outcomes (default 0 runs all k). An early-stopped
task shows as ABORTED; if every completed attempt was unusable, its score
stays null and it's skipped in the aggregate.
Pass@k tells you whether a skill works; usage tells you what it costs to get there. Two runs can have identical scores while one burns twice the tokens. Caliper records token volume and wall-clock time per attempt and rolls them up per run:
With skill 100.0% ████████████████████
Tokens 1.2M in / 340K out
Wall 6m 18s 12.6s per attempt
⊘ unusable spend: 180K tokens, 42s (2 attempts, not counted in the average)
-
The results table carries per-task
TokensandWallcolumns, so you can spot the expensive task at a glance; the summary line below aggregates the whole run. -
Each
AttemptRecordcarries an optionalusageobject that splits tokens four ways:input_tokens: prompt, excluding cacheoutput_tokens: generated outputcache_read_tokens: cache hitscache_creation_tokens: cache writes
Those four are disjoint, so the computed
total_tokensnever double-counts. Wall-clock time comes fromduration_seconds, which was already recorded. -
Each
AttemptRecordalso carries an optionaltranscriptarray of ordered turns (role,content, and tooltool_name/tool_input/tool_outputwhen present). This preserves the full tool-call trace in saved results for later inspection; older JSON without the field still loads (transcriptisnull). -
In the summary,
in= input + cache_read + cache_creation andout= output. The unusable slice (timeout / infra / judge error) is broken out separately, so wasted spend stays visible without distorting the per-attempt average. -
Support:
claude-code,codex,pi, andhermesall report usage; a backend that can't leaves the fieldsnulland renders—.codexincludes cache in itsinput_tokens, so it's normalized to the non-cached contract above. -
Dollar cost is deliberately not tracked: it's inconsistent across backends. Tokens are the volume signal, so derive a dollar figure downstream if you need one.
-
With
--baseline, the no-skill run is kept and the report renders as acompareview (same table, attempt strips, and token/wall deltas), showing the skill-vs-bare-agent difference side by side. -
report --format jsonadds a derivedusage_totalsblock; the saved JSON keeps the raw per-attemptusage(totals are always derived, never persisted).
Contributions are welcome. See CONTRIBUTING.md for good first areas, the pre-PR checklist, the ruff formatting convention and pinned version, and the one-time pre-commit install step.
codex judge failed: model ... is not supported
The model name is not available to your Codex account. Use a model that codex exec --model <name> accepts.
A task passes only because of assert:
When a task has only assert:, no LLM judge runs. Add expect: if you also want an LLM to evaluate the transcript.