kensa eval runs anywhere your Python tests already run. kensa init scaffolds a GitHub Actions workflow; here’s a minimal version.
GitHub Actions
.github/workflows/kensa.yml
What needs credentials
| Eval uses | Needs |
|---|---|
Deterministic assertions only (kensa_trace, plain assert) | Nothing |
judge(...) | A provider key (OPENAI_API_KEY or ANTHROPIC_API_KEY), or KENSA_JUDGE_RESULT |
| Trace imports from Langfuse | LANGFUSE_PUBLIC_KEY + LANGFUSE_SECRET_KEY |
judge(...), add the provider secret and (optionally) pin the model:
Judge step with secrets
Reports and PR comments
Write a Markdown summary and post it as a sticky PR comment:PR comment step
--json-report eval.json when you want a machine-readable artifact to upload or feed a dashboard. Both flags write alongside the normal pytest run; nothing else changes.
Running on a schedule
Pull-request runs catch regressions in changed code. A nightly run catches drift from model and dependency updates that no diff touched:Nightly drift check
trials on the evals you run nightly to surface flakiness that a single run would miss. See Pytest plugin for trial verdicts.