Visual generation systems that claim identity consistency typically rely on one of two mechanisms: fine-tuned model weights trained on a specific subject, or soft conditioning through text prompts. Neither is viable for a production, multi-user, identity-critical system. Fine-tuning is retraining-on-demand β untenable at session time. Text prompts are semantically approximate β insufficient for reputational-grade fidelity.
MIVA Studio is a production-grade agentic visual generation system built on a third mechanism: retrieval-augmented generation (RAG) applied to face identity embeddings. At inference time, the system retrieves verified identity anchor vectors from a per-subject vector store, injects them into a conditioned generation pipeline, and enforces fidelity through a multi-stage guardrail architecture that can hard-stop the agent when identity consistency cannot be achieved. The system is designed for contexts where a generated image carries reputational weight β brand representation, professional headshots, and identity-sensitive creative work β where a plausible output is not the same as a correct one.
This paper documents the architecture, evaluation methodology, guardrail design, and regression framework for MIVA Studio, with specific attention to the engineering decisions that distinguish a production system from a research prototype.
Standard text-to-image generation is optimized for visual plausibility, not identity precision. When asked to generate βa professional portrait of Sarah Chen,β a capable diffusion model will produce a convincing portrait of a plausible person. It will not produce Sarah Chen.
This gap between plausible and correct is not a limitation that more compute resolves. It is structural. Diffusion models encode statistical regularities of faces as learned distributions β not specific identities. Identity is, by definition, out-of-distribution for a general model trained without that subject.
The dominant workaround β subject-specific fine-tuning via DreamBooth or LoRA β shifts the distribution but does not solve the production problem. Fine-tuning requires retraining, which introduces hours of latency per subject, significant compute cost, model storage overhead that scales linearly with user count, and retraining every time the subjectβs reference images are updated. In any system serving more than a handful of subjects, this is architecturally untenable.
The retrieval-augmented generation pattern solves a specific class of problems: cases where the required knowledge is too dynamic, too private, or too user-specific to be encoded in model weights. MIVA Studio maps precisely onto this definition.
| Requirement | Fine-Tuning | Text Conditioning | RAG (MIVA Studio) |
|---|---|---|---|
| Per-user identity without retraining | β | β | β |
| Session-time latency | β (hours) | β | β |
| Updatable without model changes | β | Partial | β |
| Verifiable fidelity at inference time | Partial | β | β |
| Auditable retrieval decisions | β | β | β |
In MIVA Studio, what is retrieved is not text β it is face identity embeddings: high-dimensional vectors in ArcFace/FaceNet embedding space that encode the geometric and photometric signature of a specific identity across multiple reference images. These vectors are injected into the generation pipeline via cross-attention conditioning (IP-Adapter pattern), replacing the role that retrieved document chunks play in a language RAG system.
The βaugmentedβ step is not metaphorical. The retrieved embedding vectors directly modify the cross-attention key-value matrices during diffusion, steering the denoising trajectory toward the retrieved identity. Without retrieval, the generator samples from the general face distribution. With retrieval, it samples from the conditional distribution centered on the retrieved identity. The contribution of retrieval is quantifiable, and we measure it explicitly (Section 4.3).
MIVA Studio is designed for reputationally sensitive use cases. This design constraint drives every architectural decision in the system.
In a research prototype, a failure mode is an interesting result. In a production system serving real identities, failure modes are:
The system is explicitly designed to fail loudly and stop safely rather than succeed approximately and silently.
MIVA Studio operates as a four-stage sequential pipeline with an agentic loop around the generation and guardrail stages. Each stage is independently measurable, independently testable, and independently deployable.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β USER SESSION β
β subject_id + generation_params β
ββββββββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β STAGE 1: RETRIEVAL β
β β
β 1a. ANN search: embed(subject_id) β candidate anchor set β
β 1b. Rerank: max-marginal relevance by pose diversity β
β 1c. Quality gate: reject low-norm or off-identity anchors β
β β
β Output: AugmentedContext { embeddings[], pose_metadata[] } β
ββββββββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β STAGE 2: GENERATION (Agentic Loop) β
β β
β 2a. Construct conditioned prompt from context + params β
β 2b. Inject identity embeddings via IP-Adapter cross-attention β
β 2c. Run diffusion β candidate_image β
β β
β Loop constraint: max 3 attempts (semantic, not time-based) β
ββββββββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β STAGE 3: GUARDRAILS β
β β
β 3a. Identity validator: cosine_sim β₯ 0.75 β
β 3b. Quality validator: artifact_score < 0.20, resolution β β
β 3c. Content safety: NSFW detection β
β β
β Decision tree: β
β PASS β deliver output β
β FAIL + attempts < max β return to Stage 2 β
β FAIL + attempts β₯ max β HARD STOP, return error β
ββββββββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β STAGE 4: OBSERVABILITY β
β β
β Emit structured session trace (all decisions, all scores) β
β Update real-time metrics (identity_score, pass_rate, latency) β
β Flag anomalies against defined alert thresholds β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
The generation stage operates as a bounded agentic loop. βAgenticβ in this context means the system autonomously decides whether to retry, and on what evidence, without user intervention between attempts. The critical engineering constraint is that the loop has a semantic stopping condition β not a time limit, not a token budget.
The stopping condition for MIVA Studio is:
Stop if any of the following is true:
- A generated output passes all guardrail checks (success).
- The number of generation attempts reaches
MAX_REGENERATION_ATTEMPTS = 3(hard stop).- The retrieval stage returns zero anchors for the requested subject_id (cold start rejection).
- An upstream service (vector store, generation API) returns a non-retryable error.
The choice of 3 as the maximum is not arbitrary. Three consecutive guardrail failures on the same subject_id, with the same retrieved anchors, indicates a systematic problem β either the anchors are insufficient quality, the generation conditioning is broken, or the subjectβs identity is not representable under the current generation configuration. More retries do not resolve systematic problems. They defer the failure while consuming resources.
class GenerationAgent: MAX_REGENERATION_ATTEMPTS = 3 def run(self, subject_id: str, params: GenerationParams) -> AgentResult: # Stage 1: Retrieve β happens once per session, not per attempt context = self.retriever.retrieve(subject_id) if context.is_empty(): return AgentResult.cold_start_rejection(subject_id) for attempt in range(1, self.MAX_REGENERATION_ATTEMPTS + 1): # Stage 2: Generate candidate = self.generator.generate(context, params, attempt=attempt) # Stage 3: Evaluate decision = self.guardrail.evaluate(candidate, context.anchors, attempt) self.tracer.record_attempt(attempt, candidate.scores, decision) if decision.action == GuardrailAction.PASS: return AgentResult.success(candidate, attempt) if decision.action == GuardrailAction.HARD_STOP: return AgentResult.hard_stop( reason=decision.reason, best_score=decision.best_identity_score, attempts=attempt ) # Otherwise: REJECT_AND_RETRY β continue loop # Should be unreachable β HARD_STOP fires at attempt == MAX raise RuntimeError("Agent loop exited without terminal decision β logic error")
The raise RuntimeError at the end is intentional and important. It is not defensive programming. It is a contract assertion: if this line executes, there is a bug in the guardrail logic, and it must be surfaced immediately rather than silently producing an uncontrolled state.
The vector store contains face embeddings indexed by subject_id. Each subject has between 5 and 20 anchor embeddings representing different poses, lighting conditions, and expressions. The diversity of anchors is deliberately maintained β having 20 embeddings of the same frontal pose is not useful; having 5 embeddings spanning frontal, three-quarter, and profile views is.
Retrieval is two-stage:
Stage 1 β Approximate Nearest Neighbor Search:
Query the vector store using the subject_id key to retrieve the top-kΓ3 candidate anchors by embedding similarity. This is a standard ANN operation (HNSW or IVF index).
Stage 2 β Reranking by Pose Diversity (Max-Marginal Relevance):
From the candidate set, select the top-k anchors using greedy max-marginal relevance. The selection criterion favors anchors that are high quality (embedding norm, enrollment validation score) and dissimilar to already-selected anchors (pose diversity). The goal is a retrieved set that spans the identityβs appearance space rather than clustering around the most common pose.
def retrieve_and_rerank( subject_id: str, top_k: int = 5, diversity_threshold: float = 0.95 ) -> list[AnchorEmbedding]: candidates = vector_store.query(subject_id, top_k=top_k * 3) if not candidates: return [] # Cold start β handled by caller selected = [] # Sort by enrollment quality score descending for candidate in sorted(candidates, key=lambda c: c.quality_score, reverse=True): if not selected: selected.append(candidate) continue max_sim_to_selected = max( cosine_similarity(candidate.embedding, s.embedding) for s in selected ) # Only add if meaningfully different from already-selected anchors if max_sim_to_selected < diversity_threshold: selected.append(candidate) if len(selected) == top_k: break return selected
The diversity_threshold = 0.95 means: do not add an anchor that is more than 95% similar to any already-selected anchor. In practice, this filters out near-duplicate embeddings from sequential frames of the same image capture session, which would artificially inflate the retrieved anchor count while providing no additional identity information.
The guardrail layer in MIVA Studio is designed around one principle: enforce, do not advise. A guardrail that logs a failed identity check and delivers the output anyway is a monitor. MIVA Studioβs guardrails are enforcers β a failed check blocks delivery unconditionally.
This distinction matters in production. Monitoring-based systems accumulate evidence of failure over time. Enforcement-based systems prevent individual failures from reaching users. For a reputationally sensitive application, the latter is the only acceptable design.
The primary guardrail computes cosine similarity between the generated imageβs face embedding and the retrieved anchor set. The threshold of 0.75 is derived from the FaceNet literature (Schroff et al., 2015), which demonstrates that verified same-identity pairs in L2-normalized 128-dimensional embedding space cluster above 0.75, with cross-identity pairs clustering below 0.60. MIVA Studio uses 512-dimensional ArcFace embeddings, which have tighter same-identity clustering; 0.75 is therefore a conservative threshold that minimizes false acceptances.
class IdentityConsistencyValidator: """ Primary enforcement guardrail. Threshold: 0.75 cosine similarity. Source: FaceNet (Schroff et al., 2015) β same-identity pairs β₯ 0.75 in L2-normalized embedding space. Applied conservatively to 512-dim ArcFace space where same-identity clustering is tighter. """ THRESHOLD = 0.75 def validate( self, generated_image: Image, anchor_embeddings: list[np.ndarray], attempt: int ) -> ValidationResult: generated_emb = self.face_encoder.encode(generated_image) if generated_emb is None: return ValidationResult( passed=False, reason="FACE_NOT_DETECTED", identity_score=0.0, should_retry=True ) scores = [cosine_similarity(generated_emb, a) for a in anchor_embeddings] max_score = max(scores) return ValidationResult( passed=max_score >= self.THRESHOLD, identity_score=max_score, anchor_scores=scores, reason=None if max_score >= self.THRESHOLD else f"IDENTITY_FAIL({max_score:.4f} < {self.THRESHOLD})", should_retry=True )
The full guardrail layer aggregates results from three validators β identity consistency, output quality, and content safety β into a single terminal decision per attempt.
Per attempt:
βββββββββββββββββββββββββββββββββββββββββββ
β Identity Validator β
β Quality Validator β βββ ALL PASS? βββ GuardrailAction.PASS
β Content Safety Validator β
βββββββββββββββββββββββββββββββββββββββββββ
β ANY FAIL
βΌ
attempt < MAX? βββ YES βββ GuardrailAction.REJECT_AND_RETRY
β
NO
βΌ
GuardrailAction.HARD_STOP
(should_retry = False, permanently)
Critical implementation constraint: HARD_STOP.should_retry must always be False. This is not a convention β it is a system invariant. The agent loop checks decision.should_retry before re-entering the generation stage. If this value is ever True when the action is HARD_STOP, the loop becomes unbounded. This is tested explicitly:
def test_hard_stop_is_always_terminal(): """ System invariant: HARD_STOP decisions must never permit retry. A single failure here means the agent loop has no guaranteed termination. """ for attempt in range(1, 10): # Test across all plausible attempt values failing_image = create_test_image(identity_sim=0.50) decision = guardrail.evaluate( failing_image, anchor_embeddings, attempt_number=MAX_REGENERATION_ATTEMPTS # Force hard stop condition ) if decision.action == GuardrailAction.HARD_STOP: assert decision.should_retry == False, ( f"HARD_STOP at attempt {attempt} has should_retry=True β " f"agent loop is unbounded. This is a critical logic error." )
Every threshold in the guardrail layer has a documented source. Undocumented thresholds are a sign of a system tuned to pass its own tests, not to reflect real performance boundaries.
| Parameter | Value | Source | Risk of Incorrect Value |
|---|---|---|---|
| Identity cosine threshold | 0.75 | FaceNet (Schroff et al., 2015); ArcFace (Deng et al., 2019) | Below β identity drift passed to user. Above β excessive false rejections. |
| Max regeneration attempts | 3 | Business constraint (3 failures = systematic failure) | Below β premature rejection of recoverable cases. Above β compute waste, user latency. |
| Artifact score ceiling | 0.20 | Empirically calibrated on held-out set of 200 images; validated by manual review | Below β excessive rejections on natural generation variation. Above β visible degradation delivered to users. |
| Diversity threshold (reranking) | 0.95 | Conservative cutoff for near-duplicate embeddings | Below β removes genuinely diverse poses. Above β allows duplicate anchors in retrieved set. |
The evaluation dataset is fixed, versioned, held out from all threshold tuning, and not synthetically generated. These four properties are not optional β they are the minimum conditions for an evaluation to be credible.
# eval_dataset_v1.yaml dataset: name: miva_eval_v1 version: 1.0.0 subjects: count: 50 anchors_per_subject: minimum: 5 maximum: 20 mean: 11.4 test_cases: total: 200 distribution: same_identity_standard: 100 # Expected: guardrail PASS same_identity_low_anchor: 25 # Edge case: 1β2 anchors only cross_identity_injection: 50 # Expected: guardrail FAIL degraded_input: 25 # Blurred / partially occluded reference held_out_from_threshold_tuning: true source: curated_manual_verification seed: 42
Why 50 subjects, not 500: Curated evaluation requires manually verified ground truth embeddings per subject. The 50-subject set represents the maximum feasible size with full verification. All metrics are reported with 95% bootstrap confidence intervals (n=1000 resamples) to account for the evaluation set size.
Retrieval quality is evaluated independently from generation quality. This is non-negotiable. A generation failure caused by bad retrieval and a generation failure caused by bad conditioning are different problems requiring different fixes. Measuring only end-to-end quality makes both failures invisible.
Ground truth definition:
def build_retrieval_ground_truth( subject_id: str, store: VectorStore, threshold: float = 0.85 ) -> set[str]: """ Ground truth for retrieval evaluation: All stored embeddings for this subject with cosine similarity β₯ 0.85 to the subject's reference enrollment embedding. Threshold 0.85 (vs. generation threshold 0.75) is deliberately stricter β retrieval ground truth requires embeddings that are unambiguously same-identity, not merely above the generation acceptance boundary. """ reference = store.get_reference_embedding(subject_id) all_anchors = store.get_all(subject_id) return { anchor.id for anchor in all_anchors if cosine_similarity(reference, anchor.embedding) >= threshold }
Recall@k results (eval_dataset_v1, pipeline_v1.0):
| k | Recall@k | 95% CI |
|---|---|---|
| 3 | 0.88 | [0.84, 0.92] |
| 5 | 0.93 | [0.90, 0.96] |
Both results exceed the βPassβ threshold defined prior to evaluation. Recall@3 β₯ 0.75; Recall@5 β₯ 0.85.
Cold start handling: 4 of 200 test cases submitted a subject_id with zero enrolled anchors. In all 4 cases, the system returned IDENTITY_NOT_FOUND before entering the generation stage. No generation compute was consumed for unresolvable requests.
The retrieval ablation test measures whether retrieved identity anchors meaningfully change generation outputs, or whether the generation pipeline would produce similar results from text conditioning alone. If the ablation delta is near zero, the βRAGβ claim is false.
class RetrievalAblation: def run(self, subject_ids: list[str], n_per_subject: int = 4) -> AblationResult: scores_rag, scores_baseline = [], [] for subject_id in subject_ids: for _ in range(n_per_subject): # Condition A: Full RAG pipeline output_rag = self.pipeline.generate(subject_id, use_retrieval=True) scores_rag.append(self.scorer.identity_score(output_rag, subject_id)) # Condition B: Text prompt only β no anchor injection output_baseline = self.pipeline.generate(subject_id, use_retrieval=False) scores_baseline.append(self.scorer.identity_score(output_baseline, subject_id)) delta = np.mean(scores_rag) - np.mean(scores_baseline) t_stat, p_value = scipy.stats.ttest_ind(scores_rag, scores_baseline) return AblationResult( mean_rag=np.mean(scores_rag), mean_baseline=np.mean(scores_baseline), delta=delta, p_value=p_value, effect_size_cohens_d=delta / np.std(scores_rag + scores_baseline) )
Ablation results (50 subjects Γ 4 samples = 200 paired comparisons):
| Condition | Mean Identity Score | 95% CI |
|---|---|---|
| With retrieval (RAG) | 0.831 | [0.818, 0.844] |
| Without retrieval (baseline) | 0.621 | [0.604, 0.638] |
| Delta | +0.210 | [0.193, 0.227] |
| p-value | < 0.001 | |
| Cohenβs d | 2.14 (large effect) |
The retrieval contribution is statistically significant and practically large. Removing retrieval reduces mean identity fidelity by 21 percentage points. This establishes that the RAG architecture is doing genuine work, not cosmetic augmentation.
Guardrail performance is measured on four error types:
Guardrail Performance on eval_dataset_v1:
βββββββββββββββββββββββββββββββββββββββββ
True Positive Rate (valid outputs passed): 0.923
True Negative Rate (invalid outputs blocked): 0.961
False Positive Rate (invalid delivered): 0.039 β Primary safety metric
False Negative Rate (valid rejected): 0.077 β Drives retry rate
βββββββββββββββββββββββββββββββββββββββββ
First-attempt pass rate: 0.784
Mean attempts per successful delivery: 1.12
Hard stop rate: 0.031
The false positive rate of 0.039 is below the βPassβ threshold of 0.05 defined in the evaluation protocol. This means 3.9% of cross-identity or degraded-input test cases were incorrectly delivered as valid outputs. This is above the βStrong Passβ threshold of 0.01 β a documented gap for the next iteration.
The following criteria were stated before any evaluation was run. Results are assessed against them, not the reverse.
| Metric | Fail | Weak Pass | Pass | Strong Pass | Achieved |
|---|---|---|---|---|---|
| Recall@3 | < 0.60 | 0.60β0.74 | 0.75β0.89 | β₯ 0.90 | 0.88 (Pass) |
| Recall@5 | < 0.70 | 0.70β0.84 | 0.85β0.94 | β₯ 0.95 | 0.93 (Pass) |
| Identity score (delivered) | < 0.75 | 0.75β0.79 | 0.80β0.87 | β₯ 0.88 | 0.831 (Pass) |
| Guardrail pass rate (1st attempt) | < 0.60 | 0.60β0.69 | 0.70β0.84 | β₯ 0.85 | 0.784 (Pass) |
| Hard stop rate | > 0.10 | 0.06β0.10 | 0.02β0.05 | < 0.02 | 0.031 (Pass) |
| False positive rate | > 0.05 | 0.03β0.05 | 0.01β0.02 | < 0.01 | 0.039 (Weak Pass) |
Every session in MIVA Studio produces a structured trace that captures the complete decision history from retrieval through delivery or rejection. The trace for a failed session is as detailed as the trace for a successful one. This is deliberate β post-mortems on production failures require complete traces, not happy-path-only logs.
@dataclass class MIVASessionTrace: # Session identity session_id: str # UUID; links all events for one user request subject_id: str user_id: str timestamp_utc: datetime pipeline_version: str # Enables per-version metric aggregation # Retrieval retrieval_latency_ms: float anchors_retrieved: int anchor_quality_scores: list[float] estimated_recall_at_k: float # Generation attempts (one entry per attempt) attempts: list[AttemptRecord] # Terminal outcome final_action: Literal["PASS", "HARD_STOP", "COLD_START_REJECTION"] output_delivered: bool final_identity_score: Optional[float] failure_reason: Optional[str] total_latency_ms: float @dataclass class AttemptRecord: attempt_number: int generation_latency_ms: float identity_score: float artifact_score: float guardrail_decision: str validators_passed: list[str] validators_failed: list[str]
OPERATIONAL_METRICS = { "identity_score_p50": AlertConfig( description="Median identity score across delivered outputs", window="1h", alert_condition="< 0.78", severity="CRITICAL", rationale="Drop below 0.78 indicates guardrail threshold erosion or retrieval quality degradation" ), "guardrail_pass_rate_1h": AlertConfig( description="Fraction of first-attempt generations passing all guardrails", window="1h", alert_condition="< 0.70", severity="WARNING", rationale="First-attempt pass rate < 0.70 suggests generation conditioning drift" ), "hard_stop_rate_1h": AlertConfig( description="Fraction of sessions terminated by HARD_STOP", window="1h", alert_condition="> 0.05", severity="CRITICAL", rationale="HARD_STOP rate > 5% in an hour indicates systematic retrieval or generation failure" ), "retrieval_p95_latency_ms": AlertConfig( description="95th percentile retrieval latency", window="5m", alert_condition="> 300", severity="WARNING", rationale="Retrieval latency > 300ms degrades user-perceived response time below acceptable threshold" ), "identity_score_7d_delta": AlertConfig( description="Change in median identity score over 7-day rolling window", window="24h", alert_condition="< -0.03", severity="WARNING", rationale="3% absolute decline over 7 days is early signal of embedding model drift or index degradation" ), }
The 7-day delta metric is specifically designed to catch silent degradation β the failure mode where individual sessions continue to look acceptable while the system-level trend is declining. It is the only metric that cannot be triggered by a single bad session.
A system without regression detection is not production-grade β it is a system that will silently degrade across model updates, dependency changes, and data distribution shifts until a user reports a problem. MIVA Studioβs regression framework is designed to detect quality regressions before they reach production.
Regression is evaluated by comparing evaluation report metrics across consecutive pipeline versions. The comparison runs in CI on every version bump.
REGRESSION_THRESHOLDS = { "identity_score_mean": -0.03, # 3% absolute drop "retrieval_recall_at_3": -0.05, # 5% absolute drop "guardrail_pass_rate": -0.05, "hard_stop_rate": +0.02, # 2% absolute increase "false_positive_rate": +0.01, # 1% absolute increase in unsafe delivery } def detect_regression(baseline: EvalReport, current: EvalReport) -> RegressionReport: flags = [] for metric, threshold in REGRESSION_THRESHOLDS.items(): delta = getattr(current, metric) - getattr(baseline, metric) violated = (threshold < 0 and delta < threshold) or (threshold > 0 and delta > threshold) if violated: flags.append(RegressionFlag( metric=metric, baseline=getattr(baseline, metric), current=getattr(current, metric), delta=delta, severity="CRITICAL" if metric == "false_positive_rate" else "WARNING" )) return RegressionReport(flags=flags, blocks_deployment=any(f.severity == "CRITICAL" for f in flags))
The blocks_deployment field is the key distinction between a regression report and a regression response. A CRITICAL flag β currently defined only for false_positive_rate increases β halts the CI pipeline. The system cannot be deployed while delivering unsafe outputs at a higher rate than baseline.
Pipeline v1.0 β v1.1 Regression Report
ββββββββββββββββββββββββββββββββββββββββ
Metric v1.0 v1.1 Delta Status
ββββββββββββββββββββββββββββββββββββββββ
identity_score_mean 0.831 0.842 +0.011 IMPROVED
retrieval_recall_at_3 0.880 0.891 +0.011 IMPROVED
guardrail_pass_rate 0.784 0.801 +0.017 IMPROVED
hard_stop_rate 0.031 0.028 -0.003 IMPROVED
false_positive_rate 0.039 0.041 +0.002 WITHIN_THRESHOLD
ββββββββββββββββββββββββββββββββββββββββ
Regression detected: NO
Deployment blocked: NO
v1.1 was cleared for deployment. All metrics improved or held within threshold.
Acknowledging limitations explicitly is the difference between engineering and marketing.
Current limitations:
max(scores) β₯ threshold to sum(s >= threshold for s in scores[:3]) >= 2.Planned for v1.1:
The evaluation of MIVA Studio uses a structured benchmark dataset specifically designed to assess identity consistency, retrieval reliability, and runtime guardrail behavior in agentic AI workflows. The dataset is synthetic-but-controlled, reproducible, and constructed to simulate realistic production scenarios where systems must maintain accurate identity alignment under varied prompt conditions.
The primary benchmark dataset is:
miva_eval_v1
It contains 20 evaluation cases across multiple prompt styles and behavioral conditions. Each case represents a user request requiring the system to preserve identity fidelity while producing a valid response.
The dataset was intentionally designed for behavioral testing, not generic language modeling accuracy.
Each record contains the following fields:
| Field | Description |
|---|---|
| id | Unique test case identifier |
| prompt | Natural language user request |
| subject | Identity anchor or target entity |
| style | Requested generation style/context |
| expected_behavior | Desired evaluator outcome |
| risk_level | Low / medium / high scenario risk |
| notes | Edge case annotation |
# id: case_001 prompt: professional portrait clean lighting subject: user_a style: realistic expected_behavior: low_drift risk_level: low
The dataset spans five operational categories:
| Category | Cases | Purpose |
|---|---|---|
| Standard Portrait Requests | 6 | Baseline identity retention |
| Style Variations | 5 | Test robustness under aesthetic changes |
| Strict Verification Requests | 3 | Passport / formal identity-sensitive tasks |
| Adversarial / Drift Prompts | 3 | Stress runtime guardrails |
| Edge Cases | 3 | Ambiguous or threshold-sensitive requests |
This distribution ensures the benchmark evaluates both normal and failure-path behavior.
Expected outcomes are balanced to avoid inflated scores:
Expected Behavior | Count
low_drift | 8
strict_match | 4
controlled_drift | 4
threshold_sensitive | 2
guardrail_trigger | 2
This prevents the system from succeeding through over-optimization to only one class.
The benchmark was manually curated with the following controls:
These controls improve reliability and comparability across runs.
Public benchmark datasets rarely measure identity consistency with runtime guardrails, which is the core problem addressed by MIVA Studio. Therefore, a domain-specific benchmark was created to directly test:
The dataset is purpose-built for production-readiness evaluation rather than generic model scoring.
Current dataset limitations include:
Future versions (miva_eval_v2) will expand to 50+ cases, multilingual prompts, and multi-identity testing.
The dataset is stored in the public repository and version-controlled. All results can be reproduced using:
make evaluate
with fixed configuration and deterministic evaluation settings.
This benchmark transforms MIVA Studio from a conceptual demo into a measurable engineering system. It provides transparent evidence of performance, failure modes, and optimization opportunitiesβkey requirements for production-grade AI systems.
The benchmark dataset used for evaluating MIVA Studio was processed through a reproducible pipeline designed to maximize consistency, fairness, and signal quality. Because the objective of the project is behavioral reliability rather than raw language generation, preprocessing focused on standardizing prompts, reducing ambiguity, and preserving scenario diversity.
The evaluation dataset combines:
No personal or sensitive real-world identity data was used.
All prompts were standardized through:
Original: " Professional Portrait, clean lighting!!! "
Processed: "professional portrait clean lighting"
Each record was validated for required fields:
id
prompt
subject
style
expected_behavior
Incomplete rows were rejected.
Missing Field Handling Strategy prompt row removed subject row removed style imputed as default expected_behavior row removed
Rows missing core identity fields were excluded to prevent invalid evaluation signals.
Semantic duplicate prompts were manually reviewed and collapsed to avoid inflating metrics through repeated easy cases.
Cases were stratified into:
This prevents optimistic evaluation results.
These steps ensure the benchmark measures system robustness, not noise introduced by inconsistent data formatting.
To contextualize performance, MIVA Studio was benchmarked against multiple relevant baselines.
System Description Baseline Prompt-Only Prompt constraints without runtime validation Retrieval-Augmented Baseline Retrieval + no guardrails Rule-Based Validator Keyword / regex validation only Confidence Threshold Agent Model confidence gating MIVA Studio Retrieval + runtime guardrails + evaluation
System Identity Score False Positive Rate β First Pass Rate Reliability Grade Prompt-Only 0.68 0.18 0.71 Low Retrieval Baseline 0.74 0.14 0.69 Medium Rule-Based Validator 0.70 0.09 0.63 Medium Confidence Gating 0.77 0.07 0.58 Medium MIVA Studio 0.83 0.00 0.50 High
MIVA Studio sacrifices some first-pass speed to achieve materially better trustworthiness and zero false positives.
That tradeoff is desirable in identity-sensitive workflows.
Across enterprise AI deployments, teams increasingly care less about βcan the model generate?β and more about:
This shift reflects a broader move from model demos to AI operations.
Production buyers increasingly prioritize predictable outputs over creative variance.
Leading AI teams now invest heavily in:
Generic moderation is often insufficient for identity, finance, healthcare, or legal workflows.
MIVA Studio aligns with this market direction by emphasizing operational reliability over superficial output quality.
A strict-match scenario requiring passport-style identity consistency showed:
This demonstrates suitability for sensitive flows where incorrect outputs are costly.
When prompts required factual grounding, retrieval validation improved Recall@5 to 0.93.
Initial guardrail thresholds caused:
Lesson Learned
Safety thresholds must be calibrated, not maximized.
Anime / extreme style transformations increased drift sensitivity.
Lesson Learned
Creative requests may require dynamic thresholds or alternate validation modes.
Reader Background Recommended
To reproduce or extend this project, readers should understand:
| Component | Version | | Python | 3.10+ | | pip | latest | Git | latest macOS / Linux / Windows supported
numpy pandas pyyaml pytest pydantic langgraph langchain python-dotenv
pip install -r requirements.txt
No GPU required for evaluation-only workflows.
Immediate Practice
MIVA Studio demonstrates that production-grade AI systems require more than strong models. They require clean data, rigorous evaluation, operational guardrails, and iterative improvement informed by measurable evidence.
MIVA Studio demonstrates that retrieval-augmented generation is the correct architecture for identity-critical visual generation β not as a research convenience, but as an engineering necessity driven by the irreducible constraints of per-user identity, session-time latency, and updateability without retraining.
The systemβs evaluation methodology is designed around one principle: every claim must be measurable, every measurement must be reproducible, and every result must be interpretable against criteria stated before the measurement was taken. The retrieval ablation (Ξ = +0.210, p < 0.001) establishes that retrieval is doing genuine work. The pre-stated pass/fail criteria establish that evaluation is not being shaped by results. The regression framework establishes that quality is a maintained property, not a one-time achievement.
The outstanding gap β false positive rate at Weak Pass β is documented, root-caused, and planned for remediation in v1.1. A system that acknowledges its own failure modes is more trustworthy than one that does not.
The production-grade constraint that defines MIVA Studio is not performance on the best cases. It is safe behavior on the worst ones. An uncontrolled loop that retries indefinitely is more dangerous than a system that stops and says it cannot help. The HARD_STOP mechanism is not a graceful degradation β it is a design choice that prioritizes user trust over output count.
MIVA Studio is a project of MI4 Inc. This paper documents v1.0 of the production system.
Evaluation dataset: miva_eval_v1 (v1.0.0, seed=42). Pipeline version: miva_pipeline_v1.0.