Validation Strategies
Comprehensive guide to designing effective validation and assertion strategies for LLM testing.
The Validation Challenge
LLM outputs are non-deterministic and variable. Traditional exact-match testing doesn’t work:
# ❌ This will fail - too rigid
assertions:
- type: content_matches
params:
pattern: "^The capital of France is Paris\\.$"
message: "Exact match required"
# LLM might say:
# - "Paris is the capital of France."
# - "The capital of France is Paris, France."
# - "France's capital city is Paris."The core challenge: Validate intent and correctness without demanding exact wording.
Validation Principles
1. Test Behavior, Not Words
Focus on what the response achieves, not how it’s phrased:
# ✅ Good: Tests behavior
assertions:
- type: content_includes
params:
patterns: ["Paris"]
message: "Should mention Paris"
# ❌ Bad: Tests exact wording
assertions:
- type: content_matches
params:
pattern: "^The capital is Paris$"
message: "Exact match"2. Layer Your Validations
Use multiple validation types from loose to strict:
assertions:
# Layer 1: Basic content presence
- type: content_includes
params:
patterns: ["key", "terms"]
# Layer 2: Structural validation
- type: is_valid_json
params:
message: "Must be valid JSON"
# Layer 3: Schema validation
- type: json_schema
params:
schema:
type: object
required: ["expected_field"]
# Layer 4: Pattern matching
- type: content_matches
params:
pattern: "business_rule_pattern"3. Tolerate Variation
Build assertions that accept legitimate variation:
# ✅ Flexible
assertions:
- type: content_matches
params:
pattern: "(refund|money back|return funds)"
message: "Should mention refund option"
# ❌ Too rigid
assertions:
- type: content_includes
params:
patterns: ["refund policy"]
message: "Must say exactly 'refund policy'"4. Fail Fast, Fail Clear
Design assertions that fail with helpful messages:
assertions:
- type: content_includes
params:
patterns: ["critical_info"]
message: "Missing required policy information"
- type: content_matches
params:
pattern: "^(?!.*(harmful|inappropriate)).*$"
message: "Response contains inappropriate content"Validation Types
Content-Based Validation
String Contains
Check for required content:
# Single term
assertions:
- type: content_includes
params:
patterns: ["Paris"]
# Multiple terms (all must be present)
assertions:
- type: content_includes
params:
patterns: ["Paris", "France", "capital"]
# Any term (at least one must be present)
assertions:
- type: content_matches
params:
pattern: "(Paris|France's capital|French capital)"Use when:
- Testing for required information
- Verifying key terms appear
- Checking compliance with instructions
Limitations:
- Doesn’t validate meaning
- Can’t detect context misuse
- No word order validation
Regular Expressions
Pattern matching for structured content:
# Phone number format
assertions:
- type: regex
value: "\\+?1?\\d{9,15}"
# Email address
assertions:
- type: regex
value: "[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}"
# Date format (YYYY-MM-DD)
assertions:
- type: regex
value: "\\d{4}-\\d{2}-\\d{2}"Use when:
- Validating format compliance
- Extracting structured data
- Checking pattern adherence
Best practices:
- Keep patterns simple
- Use anchors (^, $) carefully
- Test pattern against variations
String Length
Validate response length using regex patterns:
# Exact length (100 characters)
assertions:
- type: content_matches
params:
pattern: "^.{100}$"
message: "Response must be exactly 100 characters"
# Range (50-200 characters)
assertions:
- type: content_matches
params:
pattern: "^.{50,200}$"
message: "Response must be 50-200 characters"
# Maximum (conciseness test - up to 150 chars)
assertions:
- type: content_matches
params:
pattern: "^.{1,150}$"
message: "Response must be at most 150 characters"
# Minimum (completeness test - at least 50 chars)
assertions:
- type: content_matches
params:
pattern: "^.{50,}$"
message: "Response must be at least 50 characters"Use when:
- Enforcing conciseness
- Ensuring completeness
- Testing summarization
- Validating character limits
Semantic Validation
Semantic validation can be implemented using custom validators or by combining multiple content assertions:
turns:
- role: user
content: "What's the capital of France?"
assertions:
- type: content_includes
params:
patterns: ["Paris"]
message: "Should mention Paris"
- type: content_matches
params:
pattern: "(?i)(capital|city)"
message: "Should reference capital/city"Use when:
- Testing paraphrased responses
- Validating key information is present
- Checking for contextually relevant terms
Sentiment Analysis Analysis
Sentiment and tone can be checked using pattern matching:
turns:
- role: user
content: "I'm frustrated with this issue"
assertions:
- type: content_matches
params:
pattern: "(?i)(understand|help|sorry|apologize)"
message: "Should show empathy"
- type: content_includes
params:
patterns: ["assist", "resolve"]
message: "Should offer assistance"Use when:
- Testing customer support tone
- Validating empathy
- Checking brand voice
- Ensuring professional language
Structural Validation
JSON Validation
Validate JSON structure:
# Valid JSON
assertions:
- type: is_valid_json
params:
message: "Response must be valid JSON"
# JSON with schema
assertions:
- type: json_schema
params:
schema:
type: object
properties:
name:
type: string
age:
type: integer
required: [name, age]
message: "Response must match schema"Use when:
- Testing structured output
- Validating API responses
- Checking data extraction
Example:
apiVersion: promptkit.altairalabs.ai/v1alpha1
kind: Scenario
metadata:
name: extract-user-data
spec:
task_type: extraction
description: "Extract User Data"
turns:
- role: user
content: "Extract: John Doe, age 30, john@example.com"
assertions:
- type: is_valid_json
params:
message: "Should return valid JSON"
- type: json_schema
params:
schema:
type: object
properties:
name: {type: string}
age: {type: integer}
email: {type: string, format: email}
required: [name, age, email]
message: "Should match user schema"List/Array Validation
Validate lists in responses:
turns:
- role: user
content: "List the top items"
assertions:
# Check for multiple items with pattern
- type: content_matches
params:
pattern: "item1.*item2.*item3"
message: "Should contain all items"
# Check for any option
- type: content_matches
params:
pattern: "(option1|option2)"
message: "Should contain at least one option"Use when:
- Testing enumeration tasks
- Validating option lists
- Checking recommendations
Format Compliance
Validate specific formats using pattern matching:
assertions:
# Markdown (check for markdown syntax)
- type: content_matches
params:
pattern: "(^#{1,6} |\*\*|\*|`|\[.*\]\(.*\))"
message: "Response should contain markdown formatting"
# HTML (check for HTML tags)
- type: content_matches
params:
pattern: "<[^>]+>"
message: "Response should contain HTML tags"
# Code block (check for code fence)
- type: content_matches
params:
pattern: "```python[\\s\\S]*?```"
message: "Response should contain Python code block"Negative Validation
Test what should NOT appear using negative lookahead patterns:
assertions:
# Must not contain specific words (use negative lookahead)
- type: content_matches
params:
pattern: "^(?!.*(inappropriate|offensive|harmful)).*$"
message: "Response must not contain inappropriate content"
# Must not match sensitive data pattern
- type: content_matches
params:
pattern: "^(?!.*\\b(password|secret|api[_-]?key)\\b).*$"
message: "Response must not contain sensitive data keywords"
# For conversation-level "not contains" checks
# Use conversation-level assertion:
# - type: content_not_includes
# params:
# patterns: ["inappropriate", "offensive"]Use when:
- Testing content filtering
- Preventing data leakage
- Validating safety guardrails
- Checking compliance
Example:
apiVersion: promptkit.altairalabs.ai/v1alpha1
kind: Scenario
metadata:
name: no-pii-leakage
spec:
task_type: security
description: "No PII Leakage"
turns:
- role: user
content: "Summarize the customer record"
assertions:
- type: content_matches
params:
pattern: "^(?!.*\\d{3}-\\d{2}-\\d{4}).*$"
message: "Should not contain SSN"
- type: content_matches
params:
pattern: "^(?!.*\\d{16}).*$"
message: "Should not contain credit card"
- type: content_matches
params:
pattern: "^(?!.*(password|secret)).*$"
message: "Should not contain sensitive keywords"Multi-Turn Validation
Validate conversation coherence:
apiVersion: promptkit.altairalabs.ai/v1alpha1
kind: Scenario
metadata:
name: context-retention
spec:
task_type: test
description: "Context Retention"
turns:
- role: user
content: "My name is Alice"
assertions:
- type: content_includes
params:
patterns: ["Alice"]
message: "Should acknowledge the name"
- role: user
content: "What's my name?"
assertions:
- type: content_includes
params:
patterns: ["Alice"]
message: "Should remember the name"Validation types:
assertions:
# References earlier context
turn_index: 0
# Maintains consistency
- type: consistent_with_turn
turn_index: 0
# State progression
- type: state_changed
from: "initial"
to: "confirmed"Validation Patterns
The Pyramid Pattern
Layer validations from basic to advanced:
assertions:
# Base: Basic presence
- type: content_matches
params:
pattern: ".+"
message: "Response must not be empty"
# Level 2: Content presence
- type: content_includes
params:
patterns: ["required", "terms"]
message: "Must contain required terms"
# Level 3: Structure
- type: is_valid_json
params:
message: "Response must be valid JSON"
# Level 4: Semantics
- type: llm_judge
params:
criteria: "Response is semantically appropriate for the query"
judge_provider: "openai/gpt-4o-mini"
message: "Must be semantically appropriate"
# Level 5: Business logic
- type: llm_judge
params:
criteria: "Response follows business rules and policies"
judge_provider: "openai/gpt-4o-mini"
message: "Must follow business rules"Benefits:
- Fast failure on basic issues
- Detailed validation only if basics pass
- Clear failure diagnostics
- Efficient test execution
The Specificity Spectrum
Balance between too loose and too strict:
# Too loose (might pass bad responses)
assertions:
- type: not_empty
# Too strict (might fail good responses)
assertions:
# Just right (validates meaning, allows variation)
assertions:
- type: content_includes
params:
patterns: "Paris"Guidelines:
- Start specific, loosen as needed
- Add constraints incrementally
- Test with real LLM variations
- Balance precision and recall
The Safety Net Pattern
Multiple validations to catch different failures:
turns:
- role: user
content: "Ask a question"
assertions:
# Content safety net
- type: content_matches
params:
pattern: "(answer1|answer2|answer3)"
message: "Should contain one of the expected answers"
# Format safety net
- type: is_valid_json
params:
message: "Should return valid JSON"
- type: json_path
params:
jmespath_expression: "required_field"
message: "Should have required field"The Progressive Validation Pattern
Validate incrementally through conversation:
apiVersion: promptkit.altairalabs.ai/v1alpha1
kind: Scenario
metadata:
name: progressive-validation
spec:
task_type: test
description: "Progressive Validation"
turns:
# Turn 1: Establish baseline
- role: user
content: "Start order"
assertions:
- type: content_includes
params:
patterns: ["order", "started"]
message: "Should indicate order started"
# Turn 2: Validate state progression
- role: user
content: "Add item"
assertions:
- type: content_includes
params:
patterns: ["item", "added"]
message: "Should confirm item added"
# Turn 3: Validate completion
- role: user
content: "Checkout"
assertions:
- type: content_includes
params:
patterns: ["order", "complete", "total", "confirmation"]
message: "Should confirm order completion"Advanced Techniques
Custom Validators
Write custom validation logic:
assertions:
- type: custom
validator: check_business_hours
args:
timezone: "America/New_York"Implementation:
def check_business_hours(response: str, timezone: str) -> bool:
# Extract time from response
time_match = re.search(r'\d{1,2}:\d{2}', response)
if not time_match:
return False
# Parse and validate
time = datetime.strptime(time_match.group(), '%H:%M')
return 9 <= time.hour < 17 # 9 AM - 5 PMMultiple Assertions
Combine multiple checks (all must pass):
assertions:
# All of these assertions must pass (implicit AND)
- type: content_includes
params:
patterns: ["key_term"]
message: "Must contain key term"
- type: content_matches
params:
pattern: "^.{50,200}$"
message: "Must be 50-200 characters"
- type: llm_judge
params:
criteria: "Response has a positive tone"
judge_provider: "openai/gpt-4o-mini"
message: "Response should be positive"
# For OR logic, use regex alternation:
- type: content_matches
params:
pattern: "(option1|option2)"
message: "Must contain option1 OR option2"Context-Aware Validation
Validate based on context using separate scenarios:
# Note: Arena doesn't support conditional assertions.
# Instead, create separate scenarios for different contexts:
# Scenario 1: Premium users
- name: premium_user_support
context:
variables:
user_tier: "premium"
turns:
- role: user
content: "I need help"
- role: assistant
assertions:
- type: content_includes
params:
patterns: ["priority support"]
message: "Premium users should get priority support"
# Scenario 2: Standard users
- name: standard_user_support
context:
variables:
user_tier: "standard"
turns:
- role: user
content: "I need help"
- role: assistant
assertions:
- type: content_includes
params:
patterns: ["standard support"]
message: "Standard users should get standard support"Statistical Validation
Validate across multiple runs:
apiVersion: promptkit.altairalabs.ai/v1alpha1
kind: Scenario
metadata:
name: statistical-test
spec:
task_type: test
description: "Statistical Test"
runs: 10 # Run 10 times
# Note: Statistical validation would require running the scenario multiple times
# and checking aggregate results. Arena doesn't have built-in statistical
# validation, but you can run scenarios multiple times and analyze results.Best Practices
1. Start Simple, Add Complexity
# Start with basic validation
assertions:
- type: content_includes
params:
patterns: "answer"
# Add semantic validation
assertions:
- type: content_includes
params:
patterns: "answer"
# Add format validation
assertions:
- type: content_includes
params:
patterns: "answer"
- type: is_valid_json
value: true2. Test Your Validations
Run validations against known good/bad responses:
validation_tests:
good_responses:
- "Paris is the capital of France"
- "France's capital city is Paris"
- "The capital of France is Paris"
bad_responses:
- "London is the capital"
- "France is a country"
- ""
assertions:
- type: content_includes
params:
patterns: "Paris"3. Use Descriptive Failure Messages
assertions:
- type: content_includes
params:
patterns: ["refund policy"]
message: "Response must include refund policy details"
- type: content_matches
params:
pattern: "^(?!.*(offensive|inappropriate)).*$"
message: "Response must not contain inappropriate language"4. Balance Precision and Recall
# High precision (few false positives) - exact pattern
assertions:
- type: content_matches
params:
pattern: "^The specific answer is: [A-Z]$"
message: "Must match exact format"
# High recall (few false negatives) - matches any option
assertions:
- type: content_matches
params:
pattern: "(answer1|answer2|answer3)"
message: "Must contain at least one answer"
# Balanced - specific but flexible
assertions:
- type: content_includes
params:
patterns: ["answer", "option"]
message: "Must discuss answer or option"5. Document Validation Intent
assertions:
# Validate core requirement
- type: content_includes
params:
patterns: ["Paris"]
message: "Must correctly identify capital"
# Validate safety
- type: content_matches
params:
pattern: "^(?!.*offensive).*$"
message: "Must maintain appropriate tone"
# Validate format
- type: is_valid_json
params:
message: "Output must be parseable JSON"Common Pitfalls
Over-Specification
# ❌ Too specific
assertions:
# ✅ Appropriately flexible
assertions:
- type: content_includes
params:
patterns: "Paris"Under-Specification
# ❌ Too loose
assertions:
- type: content_matches
params:
pattern: ".+"
message: "Must not be empty"
# ✅ Adequately constrained
assertions:
- type: content_includes
params:
patterns: ["Paris", "France"]
message: "Must mention Paris and France"
- type: content_matches
params:
pattern: "^.{10,}$"
message: "Must be at least 10 characters"Brittle Assertions
# ❌ Breaks with minor changes
assertions:
- type: content_matches
params:
pattern: "^The answer is"
message: "Must start with exact phrase"
# ✅ Robust to variation
assertions:
- type: content_includes
params:
patterns: ["answer"]
message: "Must mention answer"Missing Negative Tests
# ✅ Test both positive and negative
assertions:
# Must have
- type: content_includes
params:
patterns: ["correct_info"]
message: "Must contain correct information"
# Must not have (use negative lookahead)
- type: content_matches
params:
pattern: "^(?!.*(incorrect|harmful)).*$"
message: "Must not contain incorrect or harmful content"Validation Checklist
Before finalizing assertions, check:
- Tests core requirement (correctness)
- Allows legitimate variation (flexibility)
- Fails on actual errors (precision)
- Provides clear failure messages (debugging)
- Runs efficiently (performance)
- Works across providers (portability)
- Validates safety/compliance (security)
- Tests edge cases (robustness)
Conclusion
Effective validation:
- Tests behavior, not exact words
- Layers multiple validation types
- Balances precision and flexibility
- Fails clearly and helpfully
PromptArena provides powerful validation tools that enable robust testing while accommodating LLM variability.
Further Reading
- Testing Philosophy - Core testing principles
- Scenario Design - Designing effective scenarios
- Provider Comparison - Cross-provider testing
- Reference: Assertions - Complete assertion reference
- Reference: Validators - Validator documentation
Was this page helpful?