RAG Systems  ·  AI Engineering  ·  Part 2 of 2

AI Assistants That Employees Actually Trust

Inside the process behind a production-grade RAG system, and why "it works in the demo" isn't the bar we hold ourselves to.

July 6, 2026 13 min read RAG  ·  Retrieval  ·  LLM Evaluation
Start Reading Back to Blogs

Evaluating a RAG System for Your Own Team?

We help engineering and HR teams design, test, and harden retrieval-augmented AI assistants that hold up under real usage, not just demos.

Talk to Us

Missed the start? Read Part 1: How We Started

The Challenge

The Problem We Set Out to Solve

Every HR team has the same story, and the same handful of questions eating hours a week that would be better spent on actual people problems.

Every HR team has the same story. The same handful of questions come in over and over: What's the sign-on bonus at this level? How many leave days do I get after five years? What's the policy on career breaks? These aren't hard questions, the answers are sitting in a policy document somewhere. But finding them, every time, for every employee, eats hours a week that HR teams would rather spend on actual people problems.

The obvious fix is an AI assistant that reads your documents and answers these questions directly. The hard part is making that assistant reliable enough that people stop double-checking it.

"That gap, between a chatbot that sounds confident and one that's actually correct, is where most AI projects quietly fail."

This post is about how we close that gap, and the specific engineering discipline we use to keep it closed.

See It in Production This is the exact system behind our Employee Assistant case study, an AI assistant that answers employee questions grounded in company documents.
Engineering Discipline

Why We Don't Ship on "It Seems to Work"

Most RAG systems are shipped once the answers look reasonable on a handful of test questions. That doesn't scale, and it doesn't hold up under real use.

Most Retrieval-Augmented Generation (RAG) systems are built the same way: connect an AI model to a document store, test it on a few sample questions, and ship it once the answers look reasonable.

The problem with "looks reasonable" is that it doesn't scale, and it doesn't hold up under real use. A system that answers three test questions correctly can still fail silently on the fourth, fifth, and sixth, and nobody notices until an employee gets a wrong answer about their own compensation.

So we built something most teams skip: a quantitative testing framework that scores every answer the system gives, across dozens of real questions, on multiple dimensions of quality, before any change goes live.

Internal RAG evaluation dashboard tracking retrieval precision, chunk quality, and answer grounding across test runs
Our internal evaluation dashboard: every optimization in this post was found, measured, and verified here before it shipped

Every optimization in this post wasn't a guess. It was found, measured, and verified through that framework.

Data Governance

Your Data Never Leaves Your Building

Before getting into how we tune the system, it's worth being direct about something that matters more to most clients: where the data goes.

For HR, compensation, and policy content, that answer needs to be "nowhere." Our production architecture runs entirely on your own infrastructure:

  • The document search engine, on-premise
  • The language model that generates answers, a locally hosted, open-weight model, not a cloud API
  • The conversation history and session data, stored in your own database
  • The ranking and retrieval logic, all local compute, no external calls

No employee question, no retrieved policy excerpt, no compensation figure is ever transmitted to an outside service during normal operation. The only exception is an isolated, offline testing environment we use internally to grade system quality during development, and that environment never sees live employee queries, only historical test questions used to check our own work.

Not a Shortcut, a Decision This isn't a cost-saving shortcut. It's a data governance decision, made because compensation and HR data shouldn't leave the building just to answer a question about leave policy.
Fixes 1–3

Fixing What Retrieval Gets Wrong

Real problems we found and fixed while building this system, not abstract best practices, but specific issues quietly costing accuracy.

1. Not All "Chunks" of a Document Are Useful

When you feed a policy document into an AI system, it gets broken into smaller pieces ("chunks") so the system can search through them efficiently. Our first production version was splitting documents at every section heading, which sounds sensible, but in practice created a huge number of near-empty fragments: a heading like "Salary Structure" with almost no actual content attached to it.

The result: when someone asked about salary, the system sometimes matched a bare heading instead of the paragraph that actually explained the salary structure. We measured it directly, chunks were averaging under 50 words, far too little to answer a real question.

The Fix We changed the chunking logic to merge small, related sections together until each piece had enough real content, roughly 200–300 words, to stand on its own. Fragmented, header-only noise dropped to zero.

2. One Search Method Isn't Enough

People don't ask questions the same way twice. "What's the PF contribution?" and "How much does the company put into my provident fund?" mean the same thing but share almost no words. "Maturnity leave" is a typo, but the intent is obvious to a human.

A single search method, pure keyword matching, or pure AI-based semantic search, will always miss some of these. So our system runs three different search strategies at once: one built for meaning, one built for exact terminology, and one built for typos and near-matches. The results are merged and ranked together, so no single blind spot sinks the answer.

3. Making Sure One Document Doesn't Drown Out the Others

For cross-cutting questions, say, something touching both leave policy and health benefits, we found the system was sometimes pulling almost all of its supporting material from a single document, even when other relevant documents existed. We added a rule that caps how much any one source document can dominate a single answer, guaranteeing the system pulls from multiple sources when a question genuinely spans them.

Fixes 4–5

Auditing Our Own Testing Process

This is the finding we're proudest of, because it's the one most teams never catch.

4. Catching a Blind Spot in Our Own Testing Process

While testing the system, we hit a case where the AI gave a completely correct answer, but our own automated quality-checking process scored it as a failure, flagging it as unsupported by the source material. On investigation, the problem wasn't the AI assistant at all. It was our testing tool: it had been given a truncated version of the retrieved content, cut off right before the relevant sentence.

In other words, our grading process was marking correct answers as wrong, for reasons that had nothing to do with the actual system. We caught this by manually tracing a discrepancy instead of trusting the automated score, and it's exactly the kind of blind spot that leads teams to spend weeks "fixing" a part of the system that was never actually broken.

"A testing process needs to be audited as rigorously as the system it's testing."

We fixed the underlying issue and now treat this kind of cross-check as a standing part of how we validate every change.

5. Making Testing Itself Fast Enough to Be Useful

A quality-testing process that takes 40 minutes to run doesn't get run often. We found our own testing pipeline was needlessly sequential, waiting for one step to finish before starting the next, even when the steps didn't actually depend on each other.

We restructured it to run in parallel wherever there was no real dependency, cutting a typical test cycle from around 40 minutes down to 12–18 minutes. That's not a technical curiosity, it's the difference between testing five configuration changes in a day versus one.

Fixes 6–7

Getting Ranking and Model Choice Right

A second, more precise ranking pass reviews search results before the AI ever sees them, and it's only as good as what it's given and what it was trained to do.

6. Giving the "Double-Check" Step Enough to Work With

After initial search results come back, we run a second, more precise ranking pass over them, think of it as a specialist reviewing the shortlist before the final answer is written. Early on, that specialist was only shown the same five results the first search step had already narrowed things down to, which meant it could only reorder what it was given, not rescue a good answer that had been ranked slightly too low upstream.

The Fix We changed it to review a larger shortlist (twice as many candidates) before narrowing back down to the final set shown to the AI. This costs almost nothing in speed, since the AI model itself still only ever sees the same final number of results, but it gives the ranking step room to actually catch the right answer, not just reshuffle whatever made the first cut.

7. Matching the Right AI Model to the Right Job

Not every AI model that scores relevance is solving the same problem. Some are trained to judge "does this text imply something related to the question?", which sounds useful, but can rank a tangentially related paragraph above the paragraph that actually states the policy answer. We found and fixed exactly this: a model trained on the wrong task was quietly demoting the correct working-hours policy below a document about time-tracking procedures, because the wrong model was answering the wrong question.

Swapping in a model actually trained for "does this passage answer this query", the right task for the right job, fixed it immediately, and we now test model choices for this step the same rigorous way we test every other parameter.

Fixes 8–10

Locking It Down Before Rollout

Cheap updates, restricted access, and the ability to prove exactly what produced a given answer, all before wider rollout.

8. Updating One Sentence Shouldn't Mean Reprocessing the Whole Document

HR content changes, a leave entitlement figure gets corrected, a policy sentence gets clarified. Our original system treated any edit as a reason to reprocess the entire document from scratch, even when 90% of it hadn't changed.

We measured the waste directly: editing one sentence in an employee handbook was triggering full reprocessing of ten unrelated sections. We rebuilt the update logic so it identifies content by what it says, not where it sits in the document, so an edit to one paragraph only touches that paragraph. On our own documents, this cut reprocessing time by 75–90% per edit. For a system using a metered cloud AI service instead of local infrastructure, the same fix translates directly into lower cost per update, the percentage saved holds regardless of which one it shows up as.

9. Locking Down the System Before Wider Rollout

Once quality is proven, we run a completely separate audit, not about accuracy, but about who can access what. Every request now requires authentication. Cross-origin access is restricted to approved sources. File uploads and deletions are checked to prevent any attempt to manipulate paths outside the intended document store. Rate limiting is enabled and made visible on a live dashboard, not just present in the code and silently switched off.

A Separate Checklist, on Its Own Schedule A system can score perfectly on accuracy and still be unsafe to expose if this work hasn't been done. We treat it as its own checklist, run on its own schedule, never bundled into the accuracy review.

10. Knowing Exactly What's Running, and Being Able to Undo It

The last piece is one clients rarely ask about upfront but always care about once something goes wrong: can we tell exactly what configuration produced a given answer, and can we roll it back in minutes, not days?

Every setting that shapes an answer, prompt wording, search tuning, model choice, now lives in one version-controlled file, so a change is a reviewable diff and a bad change is a one-command revert. Every single answer the assistant has ever given can be traced back to the exact content it retrieved and the exact instructions the model was given, looked up directly from a user's feedback report. And every change to this configuration is automatically tested against a real search-quality check before it's allowed to merge, catching regressions before they reach anyone.

Results

The Numbers, in Plain Terms

Every one of these numbers comes from an internal testing dashboard we run before and after every change, not an estimate.

Metric Before After
Chunk quality (usable content per passage)Under 50 words200–300 words
Response payload sizeBaseline~40% smaller
Testing cycle time~40 minutes12–18 minutes
Update efficiency (reprocessing per edit)Full document75–90% less work

Chunk quality roughly quadrupled. Response payloads shrank by correctly capping results after, not before, combining search methods. Testing cycles got fast enough to run far more experiments per day. And editing one section now reprocesses only that section, whether the saving shows up as compute time or cloud cost.

Conclusion

Why This Matters for Your Team

Most vendors will show you a demo. Fewer will show you the process behind keeping that demo accurate once it's answering real questions from real employees, every day, as your documents change.

What we've described here isn't a one-time build, it's a discipline: measure everything, question your own testing tools as hard as you question the system itself, keep the data on your own infrastructure, and make sure you can always answer "what's running, why did it say that, and how do we undo it if it's wrong."

"That's the bar we hold every deployment to."

Key Takeaways
  • "Looks reasonable on a few test questions" doesn't scale, build a quantitative testing framework before you ship.
  • Chunk documents for content density (200–300 words), not for section headings.
  • Run keyword, semantic, and fuzzy search together, no single method catches every way people phrase a question.
  • Audit your own evaluation tooling as rigorously as the system it grades, it can fail silently too.
  • Widen the shortlist before reranking, don't ask a reranker to rescue what the first pass already discarded.
  • Match the reranking model to the actual task, "related" and "answers the question" are different signals.
  • Reprocess by content, not by document, so a one-sentence edit doesn't trigger a full rebuild.
  • Treat security and access control as a separate audit from accuracy, one doesn't guarantee the other.
  • Version every setting that shapes an answer so a bad change is a one-command revert.

Interested in what this would look like for your own documents, HR policies, compliance manuals, internal knowledge bases, or something else entirely? We're happy to walk through it.

Discuss Your RAG System    Back to Blog

Topics

RAG LLM Evaluation Hybrid Search Reranking Data Governance Enterprise AI

Related Articles

Kafka Connect & OpenSearch

Keeping search results correct, not just fast, with reconciliation-driven data pipelines.

JWT Validation in Microservices

Trust boundaries, gateway patterns, and where identity should actually be verified.

Part 1: How We Started

Our first end-to-end RAG pipeline: hybrid retrieval, reranking, and the roadmap that followed.