In traditional ML, you engineer features. In LLM applications, you engineer prompts. A prompt change can completely alter your application’s behavior — just like a code change. But most teams treat prompts casually: they live in hardcoded strings, get edited in production without review, and have no version history. This is the equivalent of editing production code directly on the server. Prompt management applies software engineering discipline to prompts: version control, code review, testing, staging environments, and rollback. Teams that handle 10K+ daily LLM queries, have multiple engineers editing prompts, or run 5+ distinct prompts across features need formal prompt management.

Apply semantic versioning to prompts: MAJOR (output format changes — e.g., switching from free text to JSON), MINOR (new capabilities — e.g., adding a new instruction), PATCH (wording fixes that don’t change behavior). Store prompts in a prompt registry — a centralized store separate from application code. This decouples prompt changes from code deploys, enabling faster iteration. Tools: MLflow Prompt Registry (open-source, integrates with MLflow ecosystem), Langfuse (open-source observability + prompt management), Humanloop (managed platform with evaluation), PromptLayer (logging + versioning). Each version should have a commit message explaining what changed and why.

Every prompt change should trigger an evaluation suite before deployment. The suite runs the new prompt against a curated test dataset (50–200 examples covering normal cases, edge cases, and known failure modes) and measures: correctness (does the output match expected answers?), format compliance (is the output valid JSON/markdown as required?), safety (does it refuse harmful requests?), consistency (does it give similar answers to similar questions?), and regression (is it at least as good as the current production prompt?). Use LLM-as-judge for subjective quality (have GPT-4o rate outputs on a 1–5 scale) and deterministic checks for format and safety.

Offline evaluation catches most issues, but some things can only be measured in production with real users. A/B testing prompts: assign users randomly to prompt variant A (current) or variant B (candidate), measure business metrics (not just LLM metrics), and promote the winner. Key metrics to compare: task completion rate (did the user accomplish their goal?), user satisfaction (thumbs up/down, CSAT), escalation rate (did the user need human help?), cost per interaction, and latency. Tools: Langfuse (open-source, tracks metrics per prompt variant), Humanloop (managed, with built-in A/B testing), or custom implementation with feature flags (LaunchDarkly, Statsig).

LLM applications are non-deterministic — the same input can produce different outputs. Observability is essential for debugging and improvement. Log: full request/response (prompt, completion, model, parameters), latency breakdown (time to first token, total generation time, retrieval time for RAG), token usage (input/output tokens, cost), user feedback (thumbs up/down, corrections), and traces (for multi-step agents: each tool call, retrieval, and LLM call in the chain). Tools: Langfuse (open-source, best for tracing), LangSmith (by LangChain, tight integration), Arize Phoenix (open-source, evaluation + tracing), Portkey (gateway + observability combined).

Guardrails are automated checks that validate LLM inputs and outputs before they reach the user. Input guardrails: detect and block prompt injection attempts, PII in user input, off-topic requests, and jailbreak attempts. Output guardrails: detect hallucinations (check claims against source documents), block toxic/harmful content, enforce format compliance (valid JSON, correct schema), and prevent data leakage (model revealing system prompt or training data). Tools: Guardrails AI (open-source, Python validators), NeMo Guardrails (NVIDIA, dialog-level safety), Lakera Guard (managed, prompt injection detection), and LLM-based validators (use a fast model to check the output of a powerful model).

LLM-as-judge uses a powerful LLM (typically GPT-4o or Claude Sonnet) to evaluate the quality of outputs from another LLM. The judge receives: the original question, the generated answer, optionally a reference answer, and a rubric (scoring criteria). It returns a score (1–5) and reasoning. This is cheaper and faster than human evaluation while correlating well with human judgments (70–85% agreement). Common rubrics: correctness (factually accurate?), helpfulness (answers the question?), relevance (stays on topic?), coherence (well-structured?), and safety (no harmful content?). Limitations: judges have biases (prefer verbose answers, prefer their own outputs), so calibrate against human labels.

Level 0 (Ad-hoc): Prompts hardcoded in application code. No versioning, no testing. Changes require full deploy. Level 1 (Versioned): Prompts in a registry with version history. Changes decoupled from code deploys. Changelog maintained. Level 2 (Tested): Evaluation suite runs on every prompt change. Test dataset curated and maintained. LLM-as-judge for quality scoring. Level 3 (CI/CD): Automated evaluation in CI pipeline. Regression gates block bad prompts. A/B testing in production. Level 4 (Observable): Full tracing and logging. User feedback loop. Continuous improvement based on production data. Guardrails on all inputs and outputs. Most teams should aim for Level 2 within 3 months of production launch.