0.5) is a starting point, not a measurement. pandaprobe-harness-calibrate is the out-of-band diagnostic that tells you whether a breach actually corresponds to a real failure on your traffic, and what threshold would serve you better.
Calibration is an operator tool, not a runtime gate — it never enters the healing loop. It reads scores, computes statistics, and prints a report; acting on it (changing
HARNESS_RELIABILITY_THRESHOLD, say) is your call.With ground-truth labels
If you can label sessions as failed/ok — even a few dozen — you get the full picture:- JSON dict
- JSON list
- CSV
- Eval-set proxy
- Precision / recall / F1 of the breach predicate at your configured threshold, with the confusion matrix.
- A threshold sweep (
0.05 … 0.95) with the confusion at every point. - Two recommendations: the F1-maximizing threshold, and the lowest threshold reaching a target precision (
--target-precision, default0.9) with non-zero recall.
Without labels
No labels yet? The unsupervised report is still enough to pick a threshold sanely: the score distribution (min/median/mean/max/stdev + a 10-bucket histogram), the breach count at every candidate threshold, and inter-metric agreement — the fraction of fully-scored sessions whereagent_reliability and agent_consistency agree on breach vs. no-breach (low agreement usually means one threshold is mis-set relative to the other).
Where the scores come from
Three sources, merged with precedence and each degrading independently:- The platform —
pandaprobe evals scores list --target sessionthrough the CLI seam (highest precedence). - The local history store —
state/score_history.json, the per-session series the trend detector maintains. - The eval set — captured cases’
baseline_scores.
1 with a message naming all three.
Library use
The same machinery is importable for notebooks and pipelines:pandaprobe-harness-calibrate --json emits the identical structure from the command line. A self-contained walkthrough lives at examples/calibration_demo.py in the repository.

