HITARTH DESAIAI SYSTEMS ENGINEERWRITING—— —— IST OPEN TO ROLES

← Writing

Jun 14, 2026 · 6 min read

Deterministic Structured Outputs for Production LLM Pipelines

  • structured outputs
  • LLM pipelines
  • AI systems engineering
  • MLOps
  • document processing
  • confident-extract
  • schema validation
  • production AI

Most LLM demos work. That's the problem. A demo only has to succeed once, in front of a friendly audience, on an input someone hand-picked. A production pipeline has to succeed on the ten-thousandth document, at 3am, on the malformed input nobody anticipated — and then hand its result to a downstream service that will do something irreversible with it.

The gap between those two worlds is almost never the model. It's the output contract: the promise that what comes out of the model is shaped, typed, and valid enough for the next system to trust. Get that contract wrong and the model can be brilliant and your pipeline will still fail.

Architecture diagram showing a document flowing through constrained generation, schema validation, retry and metrics controls, and finally into typed downstream systems.
A practical extraction architecture: constrain the model, validate hard, surface failures, and only then hand typed data to downstream systems.

Reference architecture

The pattern I keep coming back to is simple:

  • Unstructured document in. OCR text, uploaded PDFs, emails, or scraped pages arrive messy.
  • Schema-aware generation. The model is constrained toward the target contract instead of being asked politely for JSON.
  • Typed validation boundary. The response is rejected unless it satisfies the schema and the field-level rules.
  • Operational control loop. Failed records are counted, retried within a budget, or routed to a dead-letter path.
  • Trusted downstream consumers. Only validated, typed data reaches databases, scoring systems, or automation workflows.

That sounds obvious, but most broken LLM pipelines skip one of those boundaries and then try to recover downstream with ad-hoc parsing.

Why demos fail in production

The canonical LLM-extraction tutorial ends like this:

response = model.generate(prompt)
data = json.loads(response)

In a demo, response is clean JSON and everyone claps. In production, response is clean JSON about 97% of the time — and the other 3% is a trailing comma, a markdown code fence, a hallucinated field, a number formatted as a string, or a perfectly valid JSON object that happens to violate every assumption your downstream code makes. json.loads throws, or worse, it doesn't throw and you've now written garbage into a database.

That 3% is not an edge case you can prompt your way out of. It's the steady-state behavior of a probabilistic system. The fix isn't a better prompt. It's treating the output as something that must be constrained and validated, not parsed and hoped over.

Schema-constrained generation

The first move is to stop asking the model to "return JSON" and start forcing it to. Constrained decoding — JSON-Schema-guided generation, grammar constraints, structured-output / tool-calling APIs — narrows the model's token choices at generation time so the output is structurally valid by construction. You're no longer hoping the model closes its braces; the decoder won't let it do otherwise.

This buys you structure. It does not buy you correctness, and conflating the two is the most common mistake I see. Constrained decoding guarantees the shape {"total": <number>}. It guarantees nothing about whether the number is the right number, in the right units, or within a sane range. Structure is necessary and not sufficient — which is exactly why the next step is non-negotiable.

Strict validation as a hard boundary

Every value that crosses from the probabilistic world into your deterministic systems has to pass through a validation boundary that is allowed to say no. Not coerce, not best-effort — reject. A schema with real types, ranges, enums, and cross-field invariants is the contract; validation is its enforcement.

The instinct is to reach for the heaviest validation library you have and move on. But in a hot extraction loop, validation runs on every record, and the overhead is real. This is why I built confident-extract — an open-source Python library for deterministic, schema-constrained structured extraction — on top of msgspec rather than reaching for a heavier default. msgspec does typed validation with low enough overhead that the validation step stops being the thing you profile and start being the thing you forget about. The point isn't the specific library; it's that validation is part of the data path, not a courtesy you apply when you remember to.

When a record fails validation, that's not an exception to swallow — it's a signal. Route it to a dead-letter path, count it, alert on the rate. A rising validation-failure rate is one of the earliest, cleanest indicators that something upstream drifted: a new document format, a model version change, a schema that quietly fell out of sync with reality.

Operational discipline

Deterministic output is a property of the pipeline, not the model. The model is one stochastic component inside a system that, as a whole, has to behave predictably. That means:

  • Versioned schemas. Your output contract changes over time. Treat schema changes like API changes — versioned, reviewed, with a migration story. A schema that silently drifts is a outage waiting for a date.
  • Validation metrics as first-class telemetry. Failure rate, by field and by document type, on a dashboard. This is your smoke detector.
  • Idempotency and retry budgets. A validation failure should trigger a bounded retry, not an infinite loop that quietly burns your token budget at peak load.
  • Determinism where you can buy it. Pin model versions, fix decoding parameters where correctness matters more than variety, and snapshot the inputs that produced a given output so failures are reproducible.

None of this is glamorous. All of it is the difference between a system you can run and a system that runs you.

Why confident-extract exists

I kept rebuilding the same boundary on every project: schema in, constrained generation, strict low-overhead validation out, failures surfaced instead of swallowed. confident-extract is that pattern as a library — the tool I needed and couldn't find packaged the way I wanted it. It's deliberately small and opinionated: schema-constrained, validated, deterministic structured extraction, built on msgspec so validation isn't the bottleneck. It's on PyPI because the pattern is reusable and the boring layer deserves a real implementation.

(Its sibling, promptcrucible — a multi-agent workbench for optimizing prompts against real eval harnesses — is still in active development. I'll write about it once it's earned the post.)

Prompt engineering vs. AI systems engineering

Here's the distinction I'd want a hiring manager to take away. Prompt engineering optimizes the model's behavior on a given input: better instructions, better examples, better phrasing. It's real and it matters, and it tops out exactly where production begins.

AI systems engineering assumes the model is fallible and builds a system that's reliable anyway. It owns the contract around the model: the schema, the validation boundary, the retry and backpressure behavior, the observability, the schema-versioning story, the dead-letter path. It asks not "how do I get the model to behave?" but "what does my system do, predictably, when the model misbehaves — because it will?"

A model that demos well is a prompt-engineering win. A system that survives real traffic is a systems-engineering one. The unglamorous layer in between — deterministic, schema-constrained, validated structured output — is where most LLM products quietly succeed or fail. It's the layer I build.