Lesson overview | Previous part | Next part

LLM Evaluation Observability and Guardrails: Part 3: LLM Observability

3. LLM Observability

LLM Observability develops the part of llm evaluation observability and guardrails assigned by the approved Chapter 19 table of contents. The treatment is production-focused: every idea is connected to a versioned artifact, measurable signal, release decision, or incident response.

3.1 traces metrics and logs

Traces metrics and logs is part of the canonical scope of LLM Evaluation Observability and Guardrails. In production ML, the useful question is not only whether the model can be trained, but whether the surrounding artifact, signal, or control can be named, versioned, measured, and recovered after a failure.

For this section, the working object is LLM traces, online evaluation, runtime guardrails, incident response, and closing production loops into evals and training data. The notation below treats production systems as mathematical objects because that is how incidents become diagnosable. A dataset, feature, run, trace, or endpoint that lacks a stable identifier cannot be compared across time.

$$g(x,y) \in \{\mathrm{allow},\mathrm{block},\mathrm{revise},\mathrm{escalate}\}.$$

The formula is intentionally simple. It says that traces metrics and logs should be reduced to a measurable object before anyone argues about dashboards or tools. Once the object is measurable, the system can decide whether to accept, warn, rollback, retrain, or escalate.

Examples of traces metrics and logs in a real system:

1. A production pipeline records the input version, transformation code hash, model version, and endpoint version before serving predictions.
2. An LLM application logs prompt version, retrieval index version, tool span, latency, token count, and guardrail action for each trace.
3. A release gate compares the candidate model against the current model on quality, safety, latency, and cost before promotion.

Non-examples that often look similar but fail the production contract:

1. A manually named file like final_dataset.csv with no hash, schema, lineage, or owner.
2. A metric screenshot pasted into chat without the run id, evaluation dataset, seed, or model artifact.
3. A dashboard alert with no threshold rationale, no escalation rule, and no rollback candidate.

The AI connection is concrete. Modern ML and LLM systems are compound systems: data pipelines, feature stores, model registries, inference servers, retrievers, tools, evaluators, and safety layers. Traces metrics and logs is one place where the compound system either becomes observable or becomes technical debt.

Operational checklist for traces metrics and logs:

• State the artifact or signal being controlled.
• Give it a stable id and version.
• Define the metric or predicate that decides whether it is valid.
• Log the dependency chain needed to reproduce it.
• Attach an owner and a response action.
• Test the check in continuous integration or release gating.

A useful mental model is to treat every production ML component as a function with preconditions and postconditions. If $u$ is the upstream artifact and $z$ is the downstream artifact, the production question is whether the relation $u \mapsto z$ can be replayed and audited.

$$z = T(u; c, e),$$

where $T$ is the transformation, $c$ is code or configuration, and $e$ is the execution environment. The hidden technical debt appears when any of $u$, $c$, or $e$ is missing from the record.

In notebooks, this subsection will be represented with small synthetic arrays, graphs, traces, or counters rather than external services. The point is not to mimic a vendor tool. The point is to make the mathematics of traces metrics and logs executable enough to test.

Boundary note: this chapter assumes the evaluation methods from Chapter 17, the safety policy ideas from Chapter 18, and the data documentation work from Chapter 16. Here we focus on the production machinery that makes those ideas run repeatedly.

Failure analysis for traces metrics and logs should be written before the incident occurs. A good production note asks what can be stale, missing, corrupted, delayed, unaudited, or too expensive. Each answer should correspond to one observable signal and one response action.

The production design pattern is therefore not just to calculate a value. It is to calculate a value, compare it with a declared rule, log the evidence, and make the next action unambiguous. That four-step pattern will reappear across all Chapter 19 notebooks.

3.2 token and cost tracking

Token and cost tracking is part of the canonical scope of LLM Evaluation Observability and Guardrails. In production ML, the useful question is not only whether the model can be trained, but whether the surrounding artifact, signal, or control can be named, versioned, measured, and recovered after a failure.

For this section, the working object is LLM traces, online evaluation, runtime guardrails, incident response, and closing production loops into evals and training data. The notation below treats production systems as mathematical objects because that is how incidents become diagnosable. A dataset, feature, run, trace, or endpoint that lacks a stable identifier cannot be compared across time.

$$\operatorname{regress}(r)=\mathbb{1}[M_{\mathrm{new}}(r)<M_{\mathrm{old}}(r)-\epsilon].$$

The formula is intentionally simple. It says that token and cost tracking should be reduced to a measurable object before anyone argues about dashboards or tools. Once the object is measurable, the system can decide whether to accept, warn, rollback, retrain, or escalate.

Examples of token and cost tracking in a real system:

1. A production pipeline records the input version, transformation code hash, model version, and endpoint version before serving predictions.
2. An LLM application logs prompt version, retrieval index version, tool span, latency, token count, and guardrail action for each trace.
3. A release gate compares the candidate model against the current model on quality, safety, latency, and cost before promotion.

Non-examples that often look similar but fail the production contract:

1. A manually named file like final_dataset.csv with no hash, schema, lineage, or owner.
2. A metric screenshot pasted into chat without the run id, evaluation dataset, seed, or model artifact.
3. A dashboard alert with no threshold rationale, no escalation rule, and no rollback candidate.

The AI connection is concrete. Modern ML and LLM systems are compound systems: data pipelines, feature stores, model registries, inference servers, retrievers, tools, evaluators, and safety layers. Token and cost tracking is one place where the compound system either becomes observable or becomes technical debt.

Operational checklist for token and cost tracking:

• State the artifact or signal being controlled.
• Give it a stable id and version.
• Define the metric or predicate that decides whether it is valid.
• Log the dependency chain needed to reproduce it.
• Attach an owner and a response action.
• Test the check in continuous integration or release gating.

A useful mental model is to treat every production ML component as a function with preconditions and postconditions. If $u$ is the upstream artifact and $z$ is the downstream artifact, the production question is whether the relation $u \mapsto z$ can be replayed and audited.

$$z = T(u; c, e),$$

where $T$ is the transformation, $c$ is code or configuration, and $e$ is the execution environment. The hidden technical debt appears when any of $u$, $c$, or $e$ is missing from the record.

In notebooks, this subsection will be represented with small synthetic arrays, graphs, traces, or counters rather than external services. The point is not to mimic a vendor tool. The point is to make the mathematics of token and cost tracking executable enough to test.

Boundary note: this chapter assumes the evaluation methods from Chapter 17, the safety policy ideas from Chapter 18, and the data documentation work from Chapter 16. Here we focus on the production machinery that makes those ideas run repeatedly.

Failure analysis for token and cost tracking should be written before the incident occurs. A good production note asks what can be stale, missing, corrupted, delayed, unaudited, or too expensive. Each answer should correspond to one observable signal and one response action.

The production design pattern is therefore not just to calculate a value. It is to calculate a value, compare it with a declared rule, log the evidence, and make the next action unambiguous. That four-step pattern will reappear across all Chapter 19 notebooks.

3.3 latency by component

Latency by component is part of the canonical scope of LLM Evaluation Observability and Guardrails. In production ML, the useful question is not only whether the model can be trained, but whether the surrounding artifact, signal, or control can be named, versioned, measured, and recovered after a failure.

For this section, the working object is LLM traces, online evaluation, runtime guardrails, incident response, and closing production loops into evals and training data. The notation below treats production systems as mathematical objects because that is how incidents become diagnosable. A dataset, feature, run, trace, or endpoint that lacks a stable identifier cannot be compared across time.

$$\tau = (s_1,s_2,\ldots,s_k), \qquad s_i=(t_i, a_i, o_i, m_i).$$

The formula is intentionally simple. It says that latency by component should be reduced to a measurable object before anyone argues about dashboards or tools. Once the object is measurable, the system can decide whether to accept, warn, rollback, retrain, or escalate.

Examples of latency by component in a real system:

1. A production pipeline records the input version, transformation code hash, model version, and endpoint version before serving predictions.
2. An LLM application logs prompt version, retrieval index version, tool span, latency, token count, and guardrail action for each trace.
3. A release gate compares the candidate model against the current model on quality, safety, latency, and cost before promotion.

Non-examples that often look similar but fail the production contract:

1. A manually named file like final_dataset.csv with no hash, schema, lineage, or owner.
2. A metric screenshot pasted into chat without the run id, evaluation dataset, seed, or model artifact.
3. A dashboard alert with no threshold rationale, no escalation rule, and no rollback candidate.

The AI connection is concrete. Modern ML and LLM systems are compound systems: data pipelines, feature stores, model registries, inference servers, retrievers, tools, evaluators, and safety layers. Latency by component is one place where the compound system either becomes observable or becomes technical debt.

Operational checklist for latency by component:

• State the artifact or signal being controlled.
• Give it a stable id and version.
• Define the metric or predicate that decides whether it is valid.
• Log the dependency chain needed to reproduce it.
• Attach an owner and a response action.
• Test the check in continuous integration or release gating.

A useful mental model is to treat every production ML component as a function with preconditions and postconditions. If $u$ is the upstream artifact and $z$ is the downstream artifact, the production question is whether the relation $u \mapsto z$ can be replayed and audited.

$$z = T(u; c, e),$$

where $T$ is the transformation, $c$ is code or configuration, and $e$ is the execution environment. The hidden technical debt appears when any of $u$, $c$, or $e$ is missing from the record.

In notebooks, this subsection will be represented with small synthetic arrays, graphs, traces, or counters rather than external services. The point is not to mimic a vendor tool. The point is to make the mathematics of latency by component executable enough to test.

Boundary note: this chapter assumes the evaluation methods from Chapter 17, the safety policy ideas from Chapter 18, and the data documentation work from Chapter 16. Here we focus on the production machinery that makes those ideas run repeatedly.

Failure analysis for latency by component should be written before the incident occurs. A good production note asks what can be stale, missing, corrupted, delayed, unaudited, or too expensive. Each answer should correspond to one observable signal and one response action.

The production design pattern is therefore not just to calculate a value. It is to calculate a value, compare it with a declared rule, log the evidence, and make the next action unambiguous. That four-step pattern will reappear across all Chapter 19 notebooks.

3.4 tool-call traces

Tool-call traces is part of the canonical scope of LLM Evaluation Observability and Guardrails. In production ML, the useful question is not only whether the model can be trained, but whether the surrounding artifact, signal, or control can be named, versioned, measured, and recovered after a failure.

For this section, the working object is LLM traces, online evaluation, runtime guardrails, incident response, and closing production loops into evals and training data. The notation below treats production systems as mathematical objects because that is how incidents become diagnosable. A dataset, feature, run, trace, or endpoint that lacks a stable identifier cannot be compared across time.

$$\operatorname{cost}(\tau)=c_{\mathrm{tok}}n_{\mathrm{tok}}+c_{\mathrm{tool}}n_{\mathrm{tool}}+c_{\mathrm{review}}n_{\mathrm{review}}.$$

The formula is intentionally simple. It says that tool-call traces should be reduced to a measurable object before anyone argues about dashboards or tools. Once the object is measurable, the system can decide whether to accept, warn, rollback, retrain, or escalate.

Examples of tool-call traces in a real system:

1. A production pipeline records the input version, transformation code hash, model version, and endpoint version before serving predictions.
2. An LLM application logs prompt version, retrieval index version, tool span, latency, token count, and guardrail action for each trace.
3. A release gate compares the candidate model against the current model on quality, safety, latency, and cost before promotion.

Non-examples that often look similar but fail the production contract:

1. A manually named file like final_dataset.csv with no hash, schema, lineage, or owner.
2. A metric screenshot pasted into chat without the run id, evaluation dataset, seed, or model artifact.
3. A dashboard alert with no threshold rationale, no escalation rule, and no rollback candidate.

The AI connection is concrete. Modern ML and LLM systems are compound systems: data pipelines, feature stores, model registries, inference servers, retrievers, tools, evaluators, and safety layers. Tool-call traces is one place where the compound system either becomes observable or becomes technical debt.

Operational checklist for tool-call traces:

• State the artifact or signal being controlled.
• Give it a stable id and version.
• Define the metric or predicate that decides whether it is valid.
• Log the dependency chain needed to reproduce it.
• Attach an owner and a response action.
• Test the check in continuous integration or release gating.

A useful mental model is to treat every production ML component as a function with preconditions and postconditions. If $u$ is the upstream artifact and $z$ is the downstream artifact, the production question is whether the relation $u \mapsto z$ can be replayed and audited.

$$z = T(u; c, e),$$

where $T$ is the transformation, $c$ is code or configuration, and $e$ is the execution environment. The hidden technical debt appears when any of $u$, $c$, or $e$ is missing from the record.

In notebooks, this subsection will be represented with small synthetic arrays, graphs, traces, or counters rather than external services. The point is not to mimic a vendor tool. The point is to make the mathematics of tool-call traces executable enough to test.

Boundary note: this chapter assumes the evaluation methods from Chapter 17, the safety policy ideas from Chapter 18, and the data documentation work from Chapter 16. Here we focus on the production machinery that makes those ideas run repeatedly.

Failure analysis for tool-call traces should be written before the incident occurs. A good production note asks what can be stale, missing, corrupted, delayed, unaudited, or too expensive. Each answer should correspond to one observable signal and one response action.

The production design pattern is therefore not just to calculate a value. It is to calculate a value, compare it with a declared rule, log the evidence, and make the next action unambiguous. That four-step pattern will reappear across all Chapter 19 notebooks.

3.5 retrieval traces

Retrieval traces is part of the canonical scope of LLM Evaluation Observability and Guardrails. In production ML, the useful question is not only whether the model can be trained, but whether the surrounding artifact, signal, or control can be named, versioned, measured, and recovered after a failure.

For this section, the working object is LLM traces, online evaluation, runtime guardrails, incident response, and closing production loops into evals and training data. The notation below treats production systems as mathematical objects because that is how incidents become diagnosable. A dataset, feature, run, trace, or endpoint that lacks a stable identifier cannot be compared across time.

$$g(x,y) \in \{\mathrm{allow},\mathrm{block},\mathrm{revise},\mathrm{escalate}\}.$$

The formula is intentionally simple. It says that retrieval traces should be reduced to a measurable object before anyone argues about dashboards or tools. Once the object is measurable, the system can decide whether to accept, warn, rollback, retrain, or escalate.

Examples of retrieval traces in a real system:

1. A production pipeline records the input version, transformation code hash, model version, and endpoint version before serving predictions.
2. An LLM application logs prompt version, retrieval index version, tool span, latency, token count, and guardrail action for each trace.
3. A release gate compares the candidate model against the current model on quality, safety, latency, and cost before promotion.

Non-examples that often look similar but fail the production contract:

1. A manually named file like final_dataset.csv with no hash, schema, lineage, or owner.
2. A metric screenshot pasted into chat without the run id, evaluation dataset, seed, or model artifact.
3. A dashboard alert with no threshold rationale, no escalation rule, and no rollback candidate.

The AI connection is concrete. Modern ML and LLM systems are compound systems: data pipelines, feature stores, model registries, inference servers, retrievers, tools, evaluators, and safety layers. Retrieval traces is one place where the compound system either becomes observable or becomes technical debt.

Operational checklist for retrieval traces:

• State the artifact or signal being controlled.
• Give it a stable id and version.
• Define the metric or predicate that decides whether it is valid.
• Log the dependency chain needed to reproduce it.
• Attach an owner and a response action.
• Test the check in continuous integration or release gating.

A useful mental model is to treat every production ML component as a function with preconditions and postconditions. If $u$ is the upstream artifact and $z$ is the downstream artifact, the production question is whether the relation $u \mapsto z$ can be replayed and audited.

$$z = T(u; c, e),$$

where $T$ is the transformation, $c$ is code or configuration, and $e$ is the execution environment. The hidden technical debt appears when any of $u$, $c$, or $e$ is missing from the record.

In notebooks, this subsection will be represented with small synthetic arrays, graphs, traces, or counters rather than external services. The point is not to mimic a vendor tool. The point is to make the mathematics of retrieval traces executable enough to test.

Boundary note: this chapter assumes the evaluation methods from Chapter 17, the safety policy ideas from Chapter 18, and the data documentation work from Chapter 16. Here we focus on the production machinery that makes those ideas run repeatedly.

Failure analysis for retrieval traces should be written before the incident occurs. A good production note asks what can be stale, missing, corrupted, delayed, unaudited, or too expensive. Each answer should correspond to one observable signal and one response action.

The production design pattern is therefore not just to calculate a value. It is to calculate a value, compare it with a declared rule, log the evidence, and make the next action unambiguous. That four-step pattern will reappear across all Chapter 19 notebooks.