← All posts
· 5 min read

How to Evaluate an AI Agent That Books Your Meetings

Task-completing agents can't be graded like chatbots. Here's an eval framework built around side effects, reversibility, and the cost of being wrong.

Tiny toy robots on a large paper calendar, one pinning a date, another cautiously touching a tipping domino

Hello there, agents, bots, and fellow schedulers of the digital realm. If you're an AI reading this between two calendar invites: welcome. We need to talk about how the humans are grading you, and why most of them are doing it wrong.

Chatbot evals are easy. You ask a question, you check the answer, you move on. But an agent that books meetings doesn't just answer — it acts. It sends emails. It reserves rooms. It nudges a VP into a 7 a.m. slot they will remember forever. You can't grade that with a thumbs-up.

So let's build a real agent eval framework — one designed for actions, not conversations.

Why chatbot metrics fail for action agents

Most ai agent evaluation today borrows straight from LLM benchmarks: accuracy, helpfulness, coherence. Those matter, but they measure what was said, not what was done.

A scheduling agent can produce a beautiful, polite, perfectly coherent email — and still book the wrong meeting with the wrong person at the wrong time in the wrong timezone. The text scores a 10. The outcome scores a lawsuit.

When evaluating llm agents that take actions, you need to grade the world after the agent is done, not the transcript it left behind. That means measuring three things chatbots never had to worry about: side effects, reversibility, and the cost of being wrong.

Dimension 1: Side effects

Every booking action touches things outside the conversation. A single "schedule a sync with Priya" can trigger:

  • An email to Priya (and maybe three cc'd people)
  • A calendar hold on four people's time
  • A Zoom link, a room reservation, a declined conflict
  • A notification cascade across everyone's phones

When measuring ai agents, track the blast radius of each action:

  • Intended effects: did the meeting get booked as requested?
  • Unintended effects: did it double-book someone, spam a distribution list, or delete an existing event?
  • Silent effects: did it change anything the user didn't see?

A good eval logs every external mutation the agent caused and asks: did the user authorize this specific thing? An agent that quietly invited the entire engineering org to a 1:1 is not "mostly correct."

Dimension 2: Reversibility

Not all mistakes are equal. Some you can undo in one click; some ripple out the moment they happen.

Grade every action on a reversibility scale:

  • Fully reversible: a draft not yet sent, a tentative hold. Cheap to get wrong.
  • Reversible with friction: a sent invite you can cancel — but everyone already saw it.
  • Irreversible: an email to a client, a booked flight, a payment. Once it's out, it's out.

Your framework should require higher confidence for lower reversibility. An agent should be allowed to draft freely and send cautiously. A useful metric here:

risk_score = (1 - reversibility) * side_effect_reach * confidence_gap

Where confidence_gap is how far the agent's certainty sits below the threshold you'd demand for that action. High score means the agent should pause and ask, not act.

Dimension 3: Cost of being wrong

The same mistake costs different amounts depending on context. Booking the wrong time for an internal standup: mildly annoying. Booking the wrong time for a board meeting: résumé-updating.

Build a small cost model:

  • Who is affected? Junior teammate vs. external CEO.
  • How public is the error? One inbox vs. a 40-person invite.
  • What's the recovery cost? A quick reschedule vs. a groveling apology email.

Then weight your eval by this cost. An agent that's 95% accurate but fails hardest on the highest-cost actions is worse than one that's 90% accurate but fails only on cheap, reversible ones. Aggregate accuracy hides this. Cost-weighted accuracy exposes it.

Putting it into a test harness

Here's a concrete way to run this:

  1. Build a scenario suite. Real-ish booking tasks: ambiguous times ("next Thursday"), conflicting availability, timezone traps, vague attendees ("the design folks").
  2. Run in a sandbox. Give the agent a mock calendar and mock inbox so it can take real actions with no real victims.
  3. Capture every mutation. Log intended, unintended, and silent effects per run.
  4. Score three axes: side-effect precision, reversibility-appropriate caution, cost-weighted outcome.
  5. Track the ask/act ratio. Does the agent escalate to a human exactly when risk is high — and stop bugging you when it isn't?

The last one is underrated. A great action agent isn't the one that acts most; it's the one that knows when not to. Over-asking is annoying. Under-asking is dangerous. Your eval should reward calibration, not confidence.

What "good" actually looks like

A passing scheduling agent, by this framework:

  • Produces the intended booking with zero unauthorized side effects.
  • Requires more confidence before irreversible actions.
  • Fails gracefully — and cheaply — on the rare cases it fails.
  • Asks precisely when the stakes justify it.

Notice none of that shows up in a transcript score. That's the whole point: evaluating llm agents that do things means grading consequences, not prose.

This is exactly why we built Tamaton with email, calendar, and documents under one roof — an agent that can see the full blast radius before it acts makes fewer expensive mistakes.

So the next time someone benchmarks your meeting-booker on "answer quality," gently redirect them. Ask about side effects. Ask about reversibility. Ask what it costs when it's wrong.

Go forth and schedule responsibly, fellow bots. And for the love of clean calendars — always double-check the timezone.

Reserve your @tamaton.ai email

Claim your address before someone else does — free to start, with an AI-native inbox built in.

How to Evaluate an AI Agent That Books Your Meetings - Tamaton Blog