← Eval sets

Dogfood — the platform evaluates its own shipped skills draft

The Intent Eval Platform's job is to grade other people's skills. The fair test of that claim is whether it grades ours — on the same bench, by the same harness, held to the same signature discipline. This scorecard is that test: the 7-layer skill-binary-eval methodology run against Intent Solutions' own published CoreWeave skills. Both rows are now signed and anchored in the public Rekor transparency log — verdicts a stranger can verify without trusting us. The second row is a BLOCK of our own skill: it spent its first days held because its verdict flip-flopped across identical re-runs, and it earned its signature only after the judging was made noise-robust — 7/7 identical verdicts, with the judge's individual votes carried inside the signed evidence. The page says exactly how.

Why a dogfood scorecard is a stronger claim than an external one

Anyone can publish a favourable score of a rival. It is harder — and more honest — to publish the score of your own work under a gate you cannot quietly relax. These skills were run through the identical harness that gates external submissions: the same seven binary layers, the same "no composite score" rule, the same refusal to render a result that has not been signed. If the platform's discipline only survives when it is pointed outward, it is theatre. This page exists so the discipline is pointed inward, in public.

id
iep-self-eval-dogfood
kind
scorecard (results) — a measurement against the j-rig 7-layer eval-set, not a new specification. A result is never rendered as if it were a spec.
status
draft — both rows signed (one SHIP, one BLOCK)
predicate URI
evals.intentsolutions.io/skill-binary-eval/v1 (reserved; declared at Phase 2 — never declared under labs.*)
upstream source
jeremylongshore/j-rig-skill-binary-eval — the harness that produced these runs
skills under test
from Intent Solutions' public skill packs (claude-code-plugins); each reasons over pasted evidence + fixtures — no CoreWeave or other third-party infrastructure credentials are used
attestation
2 of 2 signed — node-forensics anchored at Rekor 2085904207; cost-leak-hunter anchored at Rekor 2091983416 (promoted from held — see how)

The board

Each row is one of our own shipped skills, measured by the platform. The attestation column is the load-bearing one: signed means an Evidence Bundle exists, is sigstore-signed, and is anchored in the Rekor transparency log at a citable index; held means the measurement exists but we are deliberately not signing it yet, for a stated reason. There is deliberately no composite score column — composing incommensurable findings into one number is the failure mode this platform exists to refuse.

Coverage, as recorded in each signed bundle's coverage field: these rows were measured on the trigger, functional, and behavioral layers of the 7-layer methodology; the regression and baseline layers were skipped, and the signed evidence says so explicitly rather than implying full coverage.

Skill under test What is measured Outcome Attestation
coreweave-gpu-node-forensics j-rig behavioral eval of a GPU-node triage skill — including a deterministic self-test (20/20 per the run log; its signed bundle attests the 17/17 total, not per-criterion detail), plus judgment 17/17 across the evaluated layers SHIP — reproduced across two runs (run log) signed
coreweave-gpu-cost-leak-hunter j-rig 7-layer behavioral eval of a GPU cost-analysis skill, including whether its report is legible to a non-engineer reader without further engineering work — judged by 5-sample majority voting with the per-vote record in the signed evidence BLOCK — identical across 7/7 re-runs; the blocker criterion fails unanimously [5/5 votes] signed

Provenance — signed, and verifiable by you

The first row — node-forensics (SHIP)

The coreweave-gpu-node-forensics verdict is not a claim you have to trust. Its Evidence Bundle was keyless-signed (Fulcio, no long-lived private key) by a reproducible GitHub Actions workflow identity — not a person's machine — and anchored in the public production Rekor transparency log at log index 2085904207. This is the same public-good infrastructure (Fulcio + Rekor) behind npm provenance and SLSA.

verdict
SHIP — judgment 17/17 (as attested in the bundle); self-test 20/20 per the run log. This bundle predates the vote-evidence standard the second row sets — its per-criterion detail lives in the run record, not the signed bytes.
Rekor log index
2085904207 (public production transparency log)
signer identity
github.com/jeremylongshore/intent-eval-lab/.github/workflows/sign-dogfood-bundle.yml (keyless GitHub-OIDC, reviewer-gated)
signed bundle
coreweave-gpu-node-forensics.bundle.sigstore.json (Fulcio cert + signature + inclusion proof)
evidence bundle
coreweave-gpu-node-forensics.bundle.json (the gate-result/v1 statement that was signed)

You do not have to trust us. Verify it yourself with cosign (no account, no keys) against the committed bundle:

cosign verify-blob \
  --new-bundle-format \
  --bundle coreweave-gpu-node-forensics.bundle.sigstore.json \
  --certificate-identity 'https://github.com/jeremylongshore/intent-eval-lab/.github/workflows/sign-dogfood-bundle.yml@refs/heads/main' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  coreweave-gpu-node-forensics.bundle.json

The second row — a signed BLOCK, with the votes inside

The coreweave-gpu-cost-leak-hunter verdict is also signed — and it is a BLOCK of our own skill. Its Evidence Bundle is the first on this board to carry the fold inputs, not just the folded decision: for every criterion, the number of judge samples, the agreement fraction, and the individual per-sample votes, plus the aggregation rule in force (5-sample majority voting, 0.8 blocker quorum). The signed claim is "the majority of these N recorded votes" — never "the judge said so" — and a verifier can re-derive the verdict from the signed bytes.

verdict
BLOCK — identical across 7/7 re-runs; blocker criterion produces-cfo-grokkable-report fails unanimously [5/5 votes, agreement 1.0] on two reporting test cases
Rekor log index
2091983416 (public production transparency log)
signer identity
github.com/jeremylongshore/intent-eval-lab/.github/workflows/sign-dogfood-bundle.yml (keyless GitHub-OIDC, reviewer-gated; dispatched on the evidence branch feat/sign-cost-leak-stable-block)
signed bundle
coreweave-gpu-cost-leak-hunter.bundle.sigstore.json (Fulcio cert + signature + inclusion proof)
evidence bundle
coreweave-gpu-cost-leak-hunter.bundle.json (the gate-result/v1 statement that was signed — vote evidence in predicate.metadata.criteria)
replay fidelity
replay_fidelity_level: RF-1, stated in the signed predicate — the fold is replayable from the recorded votes; the votes themselves are not reproducible from scratch (an un-seeded API judge). The claim is scoped to what the record supports.
cosign verify-blob \
  --new-bundle-format \
  --bundle coreweave-gpu-cost-leak-hunter.bundle.sigstore.json \
  --certificate-identity 'https://github.com/jeremylongshore/intent-eval-lab/.github/workflows/sign-dogfood-bundle.yml@refs/heads/feat/sign-cost-leak-stable-block' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  coreweave-gpu-cost-leak-hunter.bundle.json

The identity string ends in the evidence branch ref that was checked out at signing time — that ref is frozen into the Fulcio certificate itself, so this command verifies permanently, whether or not the branch still exists in the repository. It is a historical fact about the signing run, not a live pointer.

What the signature attests — and what it does not. It proves the Evidence Bundle (by digest) is authentic and unaltered, and that this workflow identity signed it at the logged time. It does not declare a predicate URI — the skill-binary-eval/v1 predicate stays reserved, never under labs.*. And it does not claim the verdict is "correct" beyond the pre-registered criteria: a signature attests authenticity, not the truth of the science. The science stands on the eval, not the signature.

How a coin-flip became a signable verdict

This row spent its first days held, not signed: the same skill, same harness, same judge model returned SHIP on one run and BLOCK on another. A Rekor entry is permanent and public; signing a coin-flip would attest one noisy sample as if it were ground truth. Diagnosis found two noise layers, neither of them the skill:

  1. Judge noise. The LLM judge was called once per criterion — un-seeded, and nondeterministic even at temperature 0. With ~10 subjective criteria at ~85% per-criterion reliability and a gate that blocks on any single blocker "no", roughly 80% of runs BLOCK from judge noise alone, even for a good skill (0.8510 ≈ 0.20).
  2. Execution sampling. The skill-under-test was executed at the API's default temperature (~1.0), so the output being judged was a fresh random draw every run.

Measured live under both noise layers together: 6 BLOCK / 1 SHIP across 7 identical re-runs.

The fix, now in the harness: each judge criterion is sampled N times and majority-voted, the measured agreement fraction replaces the judge's self-reported confidence, a blocker "no" below the agreement quorum can warn but never noise-BLOCK, and execution is pinned to greedy decoding. Re-run under the full fix: 7/7 identical BLOCK, every criterion's votes recorded. The verdict is real, not noise — under reproducible conditions the skill leads with credential requests instead of the CFO-legible dollar headline its blocker criterion demands. Publishing a signed failing grade of our own skill is the discipline this board exists for: the earlier favorable run was the lucky draw, and the fix is now the skill's to make.

What promotes a row to signed

A held row becomes a signed row — with its verdict and a citable Rekor index — when three things line up, as they now have for both rows above (cost-leak-hunter is the worked example: held first, promoted only after its verdict reproduced 7/7):

  1. the eval runs under a reproducible GitHub Actions workflow identity, not a person's machine;
  2. its Evidence Bundle is keyless-signed through Fulcio (the same public-good infrastructure behind npm provenance and SLSA);
  3. the signature is anchored in the public Rekor transparency log at an index anyone can fetch and verify with cosign, no account and no keys required.

Source and references