feat(@kbn/evals): --local connector injection, --dry-run, configurable timeout; retire @kbn/evals-local

[patrykkopycinski]

Summary

What's in this PR

(a) --local connector injection in @kbn/evals

src/cli/inject_local_connector.ts is moved from the deleted @kbn/evals-local package into @kbn/evals. It probes running Ollama (localhost:11434) or LM Studio (localhost:1234), discovers the loaded model name, and injects KIBANA_TESTING_AI_CONNECTORS + EVALUATION_CONNECTOR_ID so that any existing eval command picks up the local model.

scripts/evals.js routes --local via require('@kbn/evals').injectLocalConnector (was @kbn/evals-local).

Hard-fail behaviour is preserved: if no runtime is reachable, the process exits with a non-zero code and prints:

--local requires a running local runtime, but none was detected.
Start Ollama (`ollama serve`) or LM Studio.
Refusing to silently fall back to the cloud connector.

(b) Configurable eval task timeout (EVAL_TASK_TIMEOUT_MS)

create_playwright_eval_config.ts reads process.env.EVAL_TASK_TIMEOUT_MS and uses it as the Playwright task timeout, falling back to 5 minutes. Local models are significantly slower than EIS — this allows callers to bump the timeout without modifying test fixtures.

(c) --dry-run

node scripts/evals run --suite <id> --dry-run slices each registered dataset to its first example, sets EVALUATION_REPETITIONS=1, and prints a banner at startup:

[DRY-RUN] sampling 1 example per dataset, repetitions=1

This lets developers verify that the full eval pipeline (Kibana → Scout → evaluators → export) works end-to-end in ~1 minute before committing to a full run.

(d) Documentation

@kbn/evals/README.md gains a "Local model quick-start" section: one-line install (brew install ollama && ollama pull <model>), one model recommendation per RAM tier (16 GB / 32 GB / 48 GB / 64 GB+), and the required env var (EVAL_TASK_TIMEOUT_MS=120000).

---

What was removed

The entire x-pack/platform/packages/shared/kbn-evals-local/ package is deleted:

• src/cli/local.ts, src/cli/benchmark.ts — auto-provisioning + benchmark orchestrator
• src/local/provision.ts, teardown.ts, model_negotiator.ts, model_validator.ts — runtime lifecycle
• src/local/model_registry.ts, models.json, tier_config.ts — curated model registry
• src/benchmark/result_writer.ts, benchmark-results/ — benchmark result storage
• RECOMMENDATIONS.md, .cursor/skills/local-evals/SKILL.md — derived artefacts

References cleaned up in package.json (workspace entry), tsconfig.base.json (path mapping), .github/CODEOWNERS, and yarn.lock.

Orchestrator, benchmark pipeline, and model registry move to elastic/agent-builder-skill-dev-cursor-plugin#2 (feat(local-evals): port @kbn/evals-local orchestrator + benchmark + registry), the sibling PR to this one. Tracked under the realign-pr-265798 treadmill plan group.

---

Usage after this PR

# Run evals locally — assumes Ollama or LM Studio is already running
node scripts/evals run --suite agent-builder --local

# Dry-run: verify the pipeline in ~1 min before a full run
node scripts/evals run --suite agent-builder --local --dry-run

# Longer timeout for slow local models (120 s per task)
EVAL_TASK_TIMEOUT_MS=120000 node scripts/evals run --suite agent-builder --local

---

Test plan

• node scripts/evals run --suite agent-builder --local with Ollama running → connector injected, suite starts
• node scripts/evals run --suite agent-builder --local with no Ollama or LM Studio running → non-zero exit, actionable error message (7 unit tests in inject_local_connector.test.ts)
• node scripts/evals run --suite agent-builder --dry-run → [DRY-RUN] banner printed, EVALUATION_DRY_RUN=true in Running: preview, dataset sliced to 1 example
• Type check: node scripts/type_check --project x-pack/platform/packages/shared/kbn-evals/tsconfig.json
• Lint: node scripts/eslint --fix $(git diff --name-only HEAD)

[elasticmachine]

🤖 Jobs for this PR can be triggered through checkboxes. 🚧

ℹ️ To trigger the CI, please tick the checkbox below 👇

• Click to trigger kibana-pull-request for this PR!
• Click to trigger kibana-deploy-project-from-pr for this PR!
• Click to trigger kibana-deploy-cloud-from-pr for this PR!
• Click to trigger kibana-entity-store-performance-from-pr for this PR!
• Click to trigger kibana-storybooks-from-pr for this PR!

[patrykkopycinski]

Test Plan Results

Environment: macOS 25.4.0, Apple Silicon, 48GB RAM, Node v24.14.1, Ollama 0.21.1
Model used: qwen3:8b (Qwen3-8B, 5.2GB, Q4_K_M)

---

1. Type checking — PASS

node scripts/type_check --project x-pack/platform/packages/shared/kbn-evals-local/tsconfig.json

Zero errors from @kbn/evals-local. (6 pre-existing errors in upstream get_agents_sockets_stats.test.ts — unrelated.)

2. --list-models — PASS

$ node scripts/evals local --list-models
[evals-local] System RAM: 48 GB
[evals-local] Available models for this machine:

  qwen2.5-32b-instruct [RECOMMENDED]
    Qwen2.5-32B-Instruct (32B, Q4_K_M, 20GB VRAM)
    Judge quality: very-good | Speed: ~15 tok/s

  mistral-small-3.1-24b
    Mistral Small 3.1 24B (24B, Q4_K_M, 15GB VRAM)
    Judge quality: good | Speed: ~20 tok/s

  devstral-small-2-24b
    Devstral Small 2 24B (24B, Q4_K_M, 15GB VRAM)
    Judge quality: good | Speed: ~23 tok/s

  qwen2.5-14b-instruct
    Qwen2.5-14B-Instruct (14B, Q4_K_M, 9GB VRAM)
    Judge quality: good | Speed: ~35 tok/s

  gemma-3-27b
    Gemma 3 27B (27B, Q4_K_M, 17GB VRAM)
    Judge quality: good | Speed: ~14 tok/s

  qwen3-8b
    Qwen3-8B (8B, Q4_K_M, 5GB VRAM)
    Judge quality: fair | Speed: ~63 tok/s

Shows 6 models eligible for 48GB system, sorted by priority with recommended flag.

3. --validate-only with Ollama — PASS

$ node scripts/evals local --validate-only --model qwen3-8b
[evals-local] Runtime: ollama
[evals-local] Endpoint: http://localhost:11434/v1
[evals-local] Swapping to requested model: Qwen3-8B
[evals-local] Model Qwen3-8B already available.
[evals-local] Validation complete. Model is ready for evals.

Detects Ollama, resolves model from registry, confirms model is pulled and server is healthy.

4. --local flag connector injection — PASS

// Test: inject connector when Ollama is running with qwen3:8b loaded
const args = ['run', '--suite', 'agent-builder', '--local'];
await injectLocalConnector(args);

// Result:
// [evals-local] Local connector injected: qwen3:8b at http://localhost:11434/v1
// KIBANA_TESTING_AI_CONNECTORS set (292 chars base64)
// Decoded connector:
{
  "local-eval-model": {
    "name": "Local: qwen3:8b",
    "actionTypeId": ".gen-ai",
    "config": {
      "apiUrl": "http://localhost:11434/v1/chat/completions",
      "apiProvider": "Other",
      "defaultModel": "qwen3:8b"
    },
    "secrets": { "apiKey": "local-eval" }
  }
}
// --local flag stripped from args: ['run', '--suite', 'agent-builder']

Auto-detects loaded model, generates correct connector config, injects env var, and cleans args.

5. Teardown — PASS

// Before teardown:
//   ollama ps → qwen3:8b loaded (10 GB, 100% GPU)

await teardown({
  runtime: 'ollama', modelTag: 'qwen3:8b',
  keepLoaded: false, serverWasRunning: true
});

// [evals-local] Model scheduled for unload -- memory freed.
// After teardown:
//   ollama ps → NAME (empty) — model fully unloaded

6. Full e2e eval run — PASS (partial)

$ node scripts/evals local --suite agent-builder --model qwen3-8b

[evals-local] Runtime: ollama
[evals-local] Endpoint: http://localhost:11434/v1
[evals-local] Swapping to requested model: Qwen3-8B
[evals-local] Model Qwen3-8B already available.
[evals-local] Running evals: node scripts/evals run --suite agent-builder

Running 12 tests using 1 worker
[scout-worker] Running tests against local stateful cluster
[scout-worker] Creating connector: local-eval-model as a7f5e5ba-1ebd-5767-b0e5-51fca96c42ad
[scout-worker] Loading inference client
[scout-worker] 🧪 Starting experiment with 1 evaluators and 5 concurrent runs
[scout-worker] ✅ Evaluator "ES|QL Functional Equivalence" on run (exampleIndex=0) completed
[scout-worker] ✅ Evaluator "ES|QL Functional Equivalence" on run (exampleIndex=1) completed
[scout-worker] ✅ Evaluator "ES|QL Functional Equivalence" on run (exampleIndex=2) completed
[scout-worker] ✅ Experiment e804300c-27ee-4f18-8cbe-89258818803e completed

The full orchestration pipeline works end-to-end:

• Detect → Ollama found at localhost:11434
• Negotiate → resolved qwen3-8b from registry
• Provision → model already pulled, skipped
• Connector → injected env vars for @kbn/evals
• Execute → spawned node scripts/evals run, Playwright launched, first experiment (ES|QL analytical queries, 3 examples) completed with all evaluators passing
• Teardown → model scheduled for unload

Subsequent experiments (agent-builder converse tests) fail with ECONNREFUSED localhost:5620 because those tests require a local Kibana instance which is not running. This is expected — those tests would pass when running against a local dev Kibana.

Bug found & fixed during testing

scripts/evals.js was calling async injectLocalConnector() without awaiting it, so env vars wouldn't be set before @kbn/evals CLI started. Fixed by chaining via .then() (commit ac86147).

[macroscopeapp]

🟡 Medium agent-orchestrator.yaml:14

The configuration file embeds hardcoded personal filesystem paths (/Users/patrykkopycinski/Projects/work/ao-verifier-plugin, /Users/patrykkopycinski/Projects/ao-workspace), a private machine hostname (worker-m1max), and a username (mac). This commits private infrastructure details to the repository and breaks portability—no other developer can use this configuration without modification, and CI/automation environments will fail. Consider externalizing these values to environment variables or a separate .env file that is .gitignored.

Also found in 3 other location(s)

openspec/changes/ad-triage-eval-suite/.ao-generate.sh:3

Hardcoded absolute paths at lines 3, 5, and 6 reference a specific developer's local machine path (/Users/patrykkopycinski/Projects/kibana). This auto-generated script is committed to the repository but will fail immediately with cd: /Users/patrykkopycinski/Projects/kibana: No such file or directory on any other developer's machine or CI environment. The set -e on line 2 ensures the script exits on the first failed cd command.

openspec/changes/ao-health-panel/.ao-generate.sh:3

Hardcoded absolute paths to a specific developer's home directory at lines 3, 5, and 6 (/Users/patrykkopycinski/Projects/kibana). This script is committed to the shared repository but will fail immediately for any other developer or CI environment because cd "/Users/patrykkopycinski/Projects/kibana" will error out under set -e, aborting execution. This appears to be a generated local artifact that should not have been committed, or should use relative/dynamic paths (e.g., $(git rev-parse --show-toplevel)).

eval-ad-remaining.sh:6

Line 6 hardcodes cd /Users/patrykkopycinski/Projects/kibana, a developer-specific absolute path. Any other user or CI environment running this script will fail immediately because the directory won't exist, causing the cd to fail. With set -u (but not set -e), the script will continue running from whatever directory it was invoked in, likely causing source ./eval-env.sh and node scripts/evals.js to fail with confusing errors.

🤖 Copy this AI Prompt to have your agent fix this:

In file agent-orchestrator.yaml around line 14:

The configuration file embeds hardcoded personal filesystem paths (`/Users/patrykkopycinski/Projects/work/ao-verifier-plugin`, `/Users/patrykkopycinski/Projects/ao-workspace`), a private machine hostname (`worker-m1max`), and a username (`mac`). This commits private infrastructure details to the repository and breaks portability—no other developer can use this configuration without modification, and CI/automation environments will fail. Consider externalizing these values to environment variables or a separate `.env` file that is `.gitignore`d.

Also found in 3 other location(s):
- openspec/changes/ad-triage-eval-suite/.ao-generate.sh:3 -- Hardcoded absolute paths at lines 3, 5, and 6 reference a specific developer's local machine path (`/Users/patrykkopycinski/Projects/kibana`). This auto-generated script is committed to the repository but will fail immediately with `cd: /Users/patrykkopycinski/Projects/kibana: No such file or directory` on any other developer's machine or CI environment. The `set -e` on line 2 ensures the script exits on the first failed `cd` command.
- openspec/changes/ao-health-panel/.ao-generate.sh:3 -- Hardcoded absolute paths to a specific developer's home directory at lines 3, 5, and 6 (`/Users/patrykkopycinski/Projects/kibana`). This script is committed to the shared repository but will fail immediately for any other developer or CI environment because `cd "/Users/patrykkopycinski/Projects/kibana"` will error out under `set -e`, aborting execution. This appears to be a generated local artifact that should not have been committed, or should use relative/dynamic paths (e.g., `$(git rev-parse --show-toplevel)`).
- eval-ad-remaining.sh:6 -- Line 6 hardcodes `cd /Users/patrykkopycinski/Projects/kibana`, a developer-specific absolute path. Any other user or CI environment running this script will fail immediately because the directory won't exist, causing the `cd` to fail. With `set -u` (but not `set -e`), the script will continue running from whatever directory it was invoked in, likely causing `source ./eval-env.sh` and `node scripts/evals.js` to fail with confusing errors.

[macroscopeapp]

🟢 Low eval-nfc-ab.sh:126

echo " exit-code: $?" on line 128 always prints 0. The subshell exit code on line 126 is lost because when it fails, the || echo ... succeeds and resets $? to 0; when it succeeds, $? is naturally 0. The actual exit code is never captured.

Consider saving the subshell exit code before the || branch: capture rc=$? immediately after the subshell, then use $rc for both the error note and the final exit-code print. Note that with set -e, you'll need to restructure to avoid the subshell triggering an immediate exit on failure.

+  ) > "$log" 2>&1; rc=$?
+  if [[ $rc -ne 0 ]]; then
+    echo "  NOTE: eval exited non-zero (see $log)"
+  fi
+
+  echo "  exit-code:  $rc"

🤖 Copy this AI Prompt to have your agent fix this:

In file eval-nfc-ab.sh around lines 126-128:

`echo "  exit-code:  $?"` on line 128 always prints `0`. The subshell exit code on line 126 is lost because when it fails, the `|| echo ...` succeeds and resets `$?` to `0`; when it succeeds, `$?` is naturally `0`. The actual exit code is never captured.

Consider saving the subshell exit code before the `||` branch: capture `rc=$?` immediately after the subshell, then use `$rc` for both the error note and the final exit-code print. Note that with `set -e`, you'll need to restructure to avoid the subshell triggering an immediate exit on failure.

[macroscopeapp]

🟢 Low eval-restore-kbs.sh:38

ES_URL (which may contain credentials like user:password@host) is printed verbatim to stdout on line 38, exposing secrets to terminal output and CI logs. Consider sanitizing the URL before display, e.g., by masking the password portion with sed or parameter expansion.

-echo ">> ES        = $ES_URL"
+echo ">> ES        = ${ES_URL//@*/**SECRET**@}"

🤖 Copy this AI Prompt to have your agent fix this:

In file eval-restore-kbs.sh around line 38:

`ES_URL` (which may contain credentials like `user:password@host`) is printed verbatim to stdout on line 38, exposing secrets to terminal output and CI logs. Consider sanitizing the URL before display, e.g., by masking the password portion with `sed` or parameter expansion.

[macroscopeapp]

🟢 Low .claude/metadata-updater.sh:106

When gh pr create output doesn't match the expected URL pattern, grep -Eo returns exit code 1, which with pipefail causes the script to terminate before reaching the [[ -n "$pr_url" ]] check. Consider appending || true to the pipeline so the script gracefully handles missing URLs instead of crashing.

-  pr_url=$(echo "$output" | grep -Eo 'https://github[.]com/[^/]+/[^/]+/pull/[0-9]+' | head -1)
+  pr_url=$(echo "$output" | grep -Eo 'https://github[.]com/[^/]+/[^/]+/pull/[0-9]+' | head -1) || true

🤖 Copy this AI Prompt to have your agent fix this:

In file .claude/metadata-updater.sh around line 106:

When `gh pr create` output doesn't match the expected URL pattern, `grep -Eo` returns exit code 1, which with `pipefail` causes the script to terminate before reaching the `[[ -n "$pr_url" ]]` check. Consider appending `|| true` to the pipeline so the script gracefully handles missing URLs instead of crashing.

[macroscopeapp]

🟢 Low eval-ad-remaining.sh:38

Lines 38–42 use || echo 0 as a fallback when grep -c finds no matches, but grep -c already prints 0 to stdout before exiting with code 1. The command substitution therefore captures the concatenated output "0\n0" (two lines), which causes garbled meta-file values like basic_done=0\n0/6. Consider removing the || echo 0 (or replacing it with || true) since the script doesn't use set -e.

+  BASIC=$(grep -c 'Evaluator "AttackDiscoveryBasic".*completed' "$LOG" 2>/dev/null || true)
+  RUBRIC=$(grep -c 'Evaluator "AttackDiscoveryRubric".*completed' "$LOG" 2>/dev/null || true)
+  RAN=$(grep -c 'Evaluator "Ran".*completed' "$LOG" 2>/dev/null || true)
+  EXPORT=$(grep -c 'Evaluation scores exported' "$LOG" 2>/dev/null || true)
+  RETRIES=$(grep -cE 'ECONNRESET|ERR_CANCELED|retrying' "$LOG" 2>/dev/null || true)

🤖 Copy this AI Prompt to have your agent fix this:

In file eval-ad-remaining.sh around lines 38-42:

Lines 38–42 use `|| echo 0` as a fallback when `grep -c` finds no matches, but `grep -c` already prints `0` to stdout before exiting with code 1. The command substitution therefore captures the concatenated output `"0\n0"` (two lines), which causes garbled meta-file values like `basic_done=0\n0/6`. Consider removing the `|| echo 0` (or replacing it with `|| true`) since the script doesn't use `set -e`.

[patrykkopycinski]

/ci

[viduni94]

Hey @patrykkopycinski
Did a quick skim through of the PR. I'll do a deeper review tomorrow.

Out of curiosity, what's the advantage of auto provisioning the models via Ollama or LM studio vs. just pointing a connector config at an already running Ollama/LM Studio instance?

[patrykkopycinski]

@viduni94 great question — and to be clear, the PR ships both options. There are actually three pieces in here, and each one answers part of your question:

1. node scripts/evals run --suite … --local → just probes a running Ollama/LM Studio, builds the connector config, runs the eval. No provisioning. This is the "I already have my own setup" path (src/cli/inject.ts).
2. node scripts/evals local --suite … → the orchestrator (detect → negotiate → provision → run → tear down) — src/cli/local.ts.
3. node scripts/evals local benchmark … → the benchmark pipeline that produces the data the orchestrator relies on (src/cli/benchmark.ts, src/benchmark/result_writer.ts).

So the question is really why does the orchestrator exist on top of the bare connector path, and why is there a benchmark pipeline at all. The two things are linked.

Why auto-provisioning is the default for local

The bare "point a connector at a running runtime" path has a few foot-guns that show up in practice:

1. Wrong model loaded → silent garbage results. If a dev has qwen2.5:7b loaded and runs evals, a bare-connector path will happily start a 20–30 minute run and produce numbers that look fine but are meaningless because that model doesn't reliably tool-call. The orchestrator validates tool-calling against a tiny 2 + 2 function-calling probe (model_validator.ts) before the run and either swaps to a working model, prompts the user, or falls back to CODE-only evaluators. In inject.ts we even hard-fail when no local runtime is detected, specifically to prevent silently falling back to the cloud connector — a "data-trust regression" the comment there calls out.

2. No model / wrong tier for the machine. Many Kibana devs have never installed Ollama at all, and those who have don't necessarily know which model fits 16 GB vs 48 GB vs 96 GB. The orchestrator reads os.totalmem() and picks from a curated registry with a 14 B floor (model_registry.autoSelect() + MIN_EVAL_PARAMS_BILLIONS). The connector-only path assumes you already made all those decisions correctly.

3. VRAM hygiene. After the run, teardown.ts posts keep_alive: 0 so the model is unloaded from VRAM. Without that, a 20 GB model sits in GPU memory indefinitely and chokes the Kibana dev server, Cursor, Docker, etc. — and developers don't reliably remember to ollama stop manually.

4. Tier-aware execution. The orchestrator sets EVAL_TASK_TIMEOUT_MS, EVAL_THRESHOLD_MULTIPLIER, EVAL_MAX_SAMPLES, and SELECTED_EVALUATORS for local runs (tier_config.ts). The default 5-minute Playwright task timeout doesn't survive a 15 tok/s local model, so a bare connector setup just times out. We also touched create_playwright_eval_config.ts to honor EVAL_TASK_TIMEOUT_MS.

5. Zero-config first run. The whole point of the PR is "use local to reduce EIS token consumption before pushing to CI". That only works if the friction to running local is near-zero — brew install Ollama → pull right model → run eval → unload, in one command. If the first step is "set up Ollama, pick a model from this big list, figure out the connector JSON, then run the eval", most people will just keep using EIS.

Why the benchmarker matters (and why the orchestrator depends on it)

Steps 1, 2 and 4 above all rely on the registry knowing which models actually work — toolCalling, judgeQuality, tokPerSecEstimate, minRamGb. Those are the dials the negotiator uses to pick a model. The benchmarker is how we keep that data honest:

• node scripts/evals local benchmark --model <id> runs the full pipeline (provision → warm up → tool-calling probe → run a real eval suite → measure → teardown) and writes a per-model benchmark-results/<id>-<date>.json.
• --all does it across every model that fits the current machine — so a dev with 48 GB and a dev with 16 GB each contribute to a different tier of the table.
• --update-registry folds the results back into models.json and regenerates RECOMMENDATIONS.md from the merged data (the file is explicitly marked auto-generated for that reason — result_writer.generateRecommendations).
• --create-pr opens a draft, data-only PR with the updated models.json, the rendered RECOMMENDATIONS.md, and the new benchmark-results/ files. We capture the original branch so a failed gh pr create doesn't strand the dev on the benchmark branch.

The intent is to make the recommendations system crowd-hardenable: when a new Qwen / Gemma / Mistral version drops, or when someone wants to validate that a model still passes tool calling after an Ollama upgrade, they run one command and contribute a PR. The orchestrator immediately starts auto-selecting the better model for everyone else on that RAM tier. Without that loop, the registry is just a static table that goes stale within weeks and silently degrades the auto-select decision back into the same "wrong model loaded → silent garbage results" failure mode we built the orchestrator to prevent.

tl;dr

• Bare connector → power-user path, opt in via --local.
• Orchestrator → defensive defaults so the common path doesn't silently produce bad eval data.
• Benchmarker → the feedback loop that keeps the orchestrator's defaults trustworthy as the OSS model landscape moves.

[patrykkopycinski]

/ci

[kibanamachine]

💔 Build Failed

• Buildkite Build
• Commit: 626ce9e

Failed CI Steps

• Quick Checks
• Check Types

Metrics [docs]

✅ unchanged

History

• 💔 Build #438569 failed 9947167

[SrdjanLL]

Hey Patryk, thanks for drafting this - it's a good nudge in the right direction and consideration of the tokens we'll be burning through with evals.

Top of my mind, besides what Viduni's mentioned, is I'm worried that we're putting a lot of the responsibility on the framework, early. I'm wondering if an internal documentation with a clear "local model of choice" for smoke testing eval suites (published here) should be sufficient to get people started with running local evals (e.g we can choose one or two models depending on what machine you're running with).

From my understanding - our goal is to reduce the cost of the developer feedback loop by running locally, but still evaluate against EIS models using the standard process as we expect our users to use the same models in their workloads. If that's the right goal, I think we can start simple and see how that goes with dev adoption and reduce friction if any arises.

There's a lot to uncover here, but I'll also jump in on individual points.

1. Wrong model loaded → silent garbage results. If a dev has qwen2.5:7b loaded and runs evals, a bare-connector path will happily start a 20–30 minute run and produce numbers that look fine but are meaningless because that model doesn't reliably tool-call. The orchestrator validates tool-calling against a tiny 2 + 2 function-calling probe (model_validator.ts) before the run and either swaps to a working model, prompts the user, or falls back to CODE-only evaluators. In inject.ts we even hard-fail when no local runtime is detected, specifically to prevent silently falling back to the cloud connector — a "data-trust regression" the comment there calls out.

What does a wrong model mean here? A model that can't call tools? Could this be captured by the evaluations in the standard process - either via the tool call inspection or the groundedness evaluator? If we go with the above "local model of choice" that can call tools we can expect consistent results without maintaining an orchestrator that validates probes into this. Feels like a "figure it out" once kind of a problem, but let me know if there's something I'm missing.

2. No model / wrong tier for the machine. Many Kibana devs have never installed Ollama at all, and those who have don't necessarily know which model fits 16 GB vs 48 GB vs 96 GB. The orchestrator reads os.totalmem() and picks from a curated registry with a 14 B floor (model_registry.autoSelect() + MIN_EVAL_PARAMS_BILLIONS). The connector-only path assumes you already made all those decisions correctly.

Could this be sorted by having better internal documentation/getting started? To guide our peers which models to set up with (e.g depending on the machine they're using)

3. VRAM hygiene. After the run, teardown.ts posts keep_alive: 0 so the model is unloaded from VRAM. Without that, a 20 GB model sits in GPU memory indefinitely and chokes the Kibana dev server, Cursor, Docker, etc. — and developers don't reliably remember to ollama stop manually.

It's a good point and if we were to make this automatic it would make sense to unload. My thinking is that we're just putting a lot of responsibility on the framework itself, where this feels more of a dev env hygiene.

4. Tier-aware execution. The orchestrator sets EVAL_TASK_TIMEOUT_MS, EVAL_THRESHOLD_MULTIPLIER, EVAL_MAX_SAMPLES, and SELECTED_EVALUATORS for local runs (tier_config.ts). The default 5-minute Playwright task timeout doesn't survive a 15 tok/s local model, so a bare connector setup just times out. We also touched create_playwright_eval_config.ts to honor EVAL_TASK_TIMEOUT_MS.

++ Makes sense to have this a bit more configurable for local runs, it could blow up indeed.

5. Zero-config first run. The whole point of the PR is "use local to reduce EIS token consumption before pushing to CI". That only works if the friction to running local is near-zero — brew install Ollama → pull right model → run eval → unload, in one command. If the first step is "set up Ollama, pick a model from this big list, figure out the connector JSON, then run the eval", most people will just keep using EIS.

It makes sense to reduce friction, I'm just wondering whether full automation of the setup and having this exist in Kibana codebase is the right call here? I'd also imagine that a lot of the folks wanting to run evals with local models will already have ollama or similar set up in their environment anyways and may just need a nudge towards the right model + how to set up the connector.

Please let me know what you think and whether we can start a bit lighter while achieving the same outcome.

[SrdjanLL]

Also, other frameworks have dry run concepts, such as this: https://arize.com/docs/phoenix/datasets-and-experiments/how-to-experiments/run-experiments#dry-run

Maybe this is something we could try out and build into our experiments - pick a single example on each dataset, override repetitions to 1 and run.
I've done this with Phoenix before and helped me have a tighter feedback loop when I'm not worried about inspecting the results from the entire experiment.

[cla-checker-service]

💚 CLA has been signed