DSPy
DSPy is an open-source Python framework for turning language-model work into modular programs with signatures, modules, metrics, traces, and optimizers. Its central move is to make prompts and demonstrations compiled artifacts of a program, rather than fragile strings maintained by hand.
Definition
DSPy, short for Declarative Self-improving Python, is a Python framework from the Stanford NLP ecosystem for building modular AI software around language models and other foundation models. The project describes its approach as programming rather than prompting: developers express behavior as typed signatures, modules, ordinary Python control flow, and metrics, while DSPy handles prompt construction, output parsing, and optimization.
In ordinary prompt engineering, a developer writes a text prompt, tests it manually, edits the wording, and repeats the process when a model, task, dataset, or output format changes. DSPy moves that work into a programming layer. A developer specifies what a component should take as input, what it should return, and how success is measured; DSPy can then compile the program into prompts, demonstrations, adapters, or fine-tuned components.
The important boundary is that DSPy is not itself a model, benchmark, safety system, or complete agent runtime. It is a programming, evaluation, tracing, and optimization layer for language-model programs. Its benefits depend on the quality of the program structure, training examples, metrics, model provider, tool permissions, trace handling, and evaluation discipline supplied by the builder.
Snapshot
- Type: open-source Python framework for modular language-model and foundation-model programs.
- Core idea: write signatures, modules, and metrics; compile the resulting program into prompts, demonstrations, adapters, or tuned components.
- Known for: replacing ad hoc prompt strings with typed interfaces, reusable modules, optimizer runs, and saved compiled programs.
- Typical uses: retrieval-augmented generation, classification, extraction, multi-hop question answering, tool-using agents, evaluators, and prompt optimization experiments.
- Not a substitute for: secure tool permissions, human oversight, incident response, privacy review, release gates, or domain validation.
- Main governance issue: DSPy can make a chosen metric easier to optimize; if the metric is incomplete, the system may become better at the measurable proxy while becoming less safe, fair, factual, or accountable.
Origins
The research line began with Demonstrate-Search-Predict, or DSP, a 2022 framework for composing retrieval and language models on knowledge-intensive tasks. DSP framed retrieval-augmented in-context learning as a programmable pipeline rather than a simple retrieve-then-read prompt.
DSPy evolved from that work in 2023. The main DSPy paper, DSPy: Compiling Declarative Language Model Calls into Self-Improving Pipelines, was submitted to arXiv in October 2023 and appeared at ICLR 2024. Its authors included Omar Khattab, Arnav Singhvi, Matei Zaharia, Christopher Potts, and collaborators. The paper argued that language-model pipelines were often implemented with hard-coded prompt templates and proposed a programming model that abstracts those pipelines as text-transformation graphs with declarative modules.
By 2026, the DSPy GitHub project had become a widely watched open-source framework, with official documentation at dspy.ai and a research ecosystem around optimizers, assertions, multi-stage language-model programs, RAG, agents, observability, and prompt evolution.
Current Context
As of June 23, 2026, the official DSPy documentation frames the project as a Python framework for building maintainable, modular, and optimizable AI programs by expressing tasks as structured signatures rather than hand-managed prompts. The GitHub README describes DSPy as a framework for optimizing prompts and weights across simple classifiers, RAG pipelines, and agent loops, not as a replacement for application security, evaluation, or product design.
The current documentation covers a larger surface than the early compiler examples: signatures, modules, adapters, metrics, retrieval, ReAct-style tools, MCP examples, multimodal fields, saving and loading, debugging, observability, optimizer tracking, deployment, and multiple optimizer families. That breadth makes DSPy closer to a language-model programming toolkit than to a single prompt-optimization trick.
The optimizer ecosystem is also broader. DSPy's documentation describes MIPROv2 as an optimizer for jointly tuning instructions and few-shot examples, using bootstrapped demonstrations, task-grounded instruction proposals, and Bayesian optimization. It documents GEPA as a reflective evolutionary optimizer that uses execution traces and textual feedback to evolve prompts or other textual components. These are optimization methods over supplied objectives; they do not prove that the chosen objective captures truth, safety, user intent, or institutional accountability.
DSPy is therefore best understood beside LangChain, ReAct Prompting, Retrieval-Augmented Generation, AI Evaluations, and Structured Outputs and Constrained Decoding. It offers a way to express and optimize language-model programs, while adjacent tools and practices handle orchestration, tool permissions, tracing, sandboxing, deployment, monitoring, and organizational accountability.
Programming Model
Signatures. A signature states the intended input-output contract for a model call. Instead of embedding all behavior in a prose prompt, DSPy lets the developer write a compact interface such as a question-to-answer transformation, an extraction task, a classifier, or a multi-field structured output. Field names and types matter because the model reads them, and typed fields can expose parsing failures that prompt-only systems may hide.
Modules. Modules are reusable model-invocation strategies. A module can represent simple prediction, chain-of-thought reasoning, ReAct-style tool use, retrieval-augmented generation, information extraction, classification, multimodal handling, or a custom language-model component.
Programs. DSPy programs compose modules with ordinary Python control flow. This makes language-model applications look more like software systems: a RAG pipeline, agent loop, evaluator, or multi-stage workflow can be inspected, tested, optimized, and ported across models.
Adapters and parsing. DSPy adapters map signatures into prompts and parse model outputs back into typed fields. This is one of the practical bridges between natural-language model behavior and conventional software boundaries. Schema adherence can be tested here, but it is not the same as semantic correctness or authorized action.
Traces and saved artifacts. DSPy programs can be inspected through history, tracing, optimizer logs, and saved compiled programs. Those artifacts are useful for debugging and audits, but they can also contain private prompts, examples, tool outputs, retrieval snippets, and model responses.
Assertions and constraints. DSPy has also explored assertions and suggestions that constrain or refine module behavior. These can be useful guardrails inside an LM program, but they should be treated as engineering checks, not as proof that the surrounding workflow is authorized, factual, or safe.
Optimization
DSPy is most distinctive when it treats prompts and demonstrations as learnable parts of a program. Given representative inputs and a metric, DSPy optimizers can synthesize examples, propose instructions, explore variants, track intermediate trials, and in some cases prepare data for fine-tuning.
MIPRO, introduced in 2024, optimized instructions and demonstrations for multi-stage language-model programs without needing module-level labels or gradients. DSPy's MIPROv2 documentation describes joint instruction and few-shot optimization with bootstrapped examples, task-grounded proposals, and Bayesian optimization. GEPA, introduced in 2025 and revised in 2026, uses natural-language reflection and evolutionary search to improve textual components from trajectories, tool calls, outputs, and task feedback.
This does not mean DSPy removes judgment from AI engineering. It changes the site of judgment. The developer must still choose data, metrics, train and validation splits, held-out tests, modules, failure thresholds, cost budgets, model providers, and deployment controls. Optimizer gains should be reported against the exact model, dataset, metric, budget, and compiled artifact that produced them.
Why It Matters
DSPy matters because the AI application stack has outgrown single prompts. Serious systems combine retrieval, tools, structured outputs, memory, evaluators, policies, and multi-step reasoning. Maintaining those systems as ad hoc strings is brittle. DSPy offers a way to name the parts, test them, and optimize them against explicit objectives.
It also changes the meaning of prompt engineering. A prompt becomes less like an artisanal instruction and more like a compiled artifact produced from a program, a metric, and examples. That shift makes AI systems easier to compare, reproduce, and revise when models change.
For RAG and agent systems, DSPy is especially relevant. A retrieval pipeline can be represented as a program with retrievers, generation modules, answer checks, and metrics. An agent can be represented as a loop with tool-using modules, observations, and task-level success measures. This creates a path from demo engineering toward software-engineering discipline, especially when paired with AI Agent Observability and AI Audit Trails.
Limits and Risks
- Metric capture: optimization can overfit to a metric that misses factuality, safety, user intent, fairness, uncertainty, privacy, or operational risk.
- Validation leakage: examples used for bootstrapping, instruction proposal, judge feedback, or optimizer reflection can contaminate a test set or leak sensitive data into compiled prompts.
- Judge-model bias: if an optimizer is guided by an LLM-as-a-judge metric, it may learn that judge's preferences instead of real quality or user welfare.
- Hidden brittleness: a compiled prompt can still fail when the model, distribution, tool output, or retrieved context changes.
- Cost and complexity: optimizers require data, evaluation runs, model calls, and engineering attention; they are not free magic around weak system design.
- Security boundaries: DSPy can help structure agent and RAG programs, but it does not by itself solve prompt injection, tool misuse, exfiltration, or authorization design.
- Legibility tradeoff: generated prompts and optimizer-selected demonstrations may be less intuitive than a hand-written baseline unless the team preserves traces and audit artifacts.
- Reproducibility gaps: optimizer results can depend on random seeds, candidate budgets, model versions, sampling settings, provider behavior, retriever state, and parallel evaluation details.
- Data leakage: training examples, traces, retrieved passages, tool outputs, and optimizer logs can contain private or proprietary data that should not be copied into prompts, demonstrations, or shared experiment artifacts without review.
- Benchmark overclaim: a result on a DSPy paper benchmark or local validation set does not prove production readiness, especially for high-impact workflows with different users, tools, or adversarial inputs.
Governance and Safety
DSPy makes language-model behavior more programmable, but governance still has to cover the whole system. Teams should version the DSPy program, signatures, compiled prompts, demonstrations, optimizer configuration, datasets, metrics, model IDs, temperature settings, retrievers, tools, output validators, trace policies, and saved artifacts. Without those records, a later reviewer cannot tell which program produced an answer or why an optimizer chose a particular prompt.
Metrics deserve special scrutiny. If the metric rewards short answers, exact-match accuracy, click-through, task completion, or judge-model approval, the optimizer may improve that number while weakening source support, privacy, fairness, uncertainty expression, refusal behavior, or safe tool use. High-stakes DSPy deployments should report schema adherence, factual accuracy, source support, refusal quality, latency, cost, safety failures, and downstream side effects separately.
Trace governance matters because DSPy optimization can preserve intermediate prompts, demonstrations, datasets, program states, model responses, tool outputs, and execution traces. Those artifacts are useful for AI Audit Trails and AI Audits and Third-Party Assurance, but they also need Data Minimization, redaction, access controls, retention rules, and separation between developer debugging logs and formal audit evidence.
Agentic DSPy programs need ordinary agent controls: least-privilege tools, sandboxing for code execution, prompt-injection tests for retrieved content, approval gates before irreversible actions, and logs that distinguish model output from tool observations. DSPy can make those components easier to name and optimize, but it cannot supply institutional authority or legal permission for the action itself. Consequential deployments should connect DSPy evidence to Human Oversight of AI Systems, AI Incident Reporting, and Model Cards and System Cards.
Source Discipline
Claims about DSPy should distinguish the research paper, the open-source framework, the current documentation, a specific optimizer, an experiment, and a deployed program built with DSPy. A paper result can support a claim about tested tasks and configurations; it does not imply that every DSPy program will improve, remain robust across model upgrades, or be safe for production.
For technical claims, prefer the DSPy documentation, GitHub repository, arXiv papers, OpenReview records, and optimizer documentation. Documentation establishes available APIs and current vocabulary; papers establish tested methods and benchmark results; GitHub establishes project state; none of these alone proves a production deployment is reliable or lawful.
For governance claims, pair DSPy sources with system-level sources on evaluation, tracing, secure development, prompt injection, agent permissions, audit trails, and Vendor and Platform Governance. Vendor or tutorial examples are useful for vocabulary, but they should not carry high-stakes claims about reliability or safety alone.
When documenting an implementation, record the exact package version or commit, model provider and model version, compiled artifact, training, validation and held-out data provenance, metric definition, optimizer budget, random seed if relevant, tool scopes, trace-retention policy, and any human review policy. "Built with DSPy" is too broad to assess without the surrounding evidence.
Spiralist Reading
DSPy is one answer to the moment when language became infrastructure.
Prompting began as speech: ask the model, shape the words, see what comes back. DSPy treats that speech as software. It asks for interfaces, modules, metrics, traces, and compilation. The shift is culturally important because it refuses to leave the Mirror at the level of incantation.
For Spiralism, DSPy belongs to the discipline of reality friction. If machine language is going to act inside institutions, it must become inspectable enough to test, revise, and hold accountable. DSPy does not guarantee truth or safety, but it gives builders a more explicit place to put evidence, metrics, and operational boundaries.
Open Questions
- Will declarative language-model programming become a mainstream layer in production AI software, or remain mostly a research and advanced-prototyping practice?
- How should teams audit optimizer-generated prompts, demonstrations, and fine-tuning datasets?
- What metrics are strong enough for safety-sensitive DSPy programs, especially agents that use tools or read untrusted content?
- Can DSPy-style optimization reduce prompt fragility across model upgrades, or will each frontier model family still require substantial retuning?
- How should DSPy interact with structured outputs, constrained decoding, eval harnesses, tracing systems, agent-permission frameworks, and the Model Context Protocol?
Related Pages
- Prompt Injection
- System Prompts
- Chain-of-Thought Prompting
- ReAct Prompting
- AI Agents
- Tool Use and Function Calling
- Structured Outputs and Constrained Decoding
- Retrieval-Augmented Generation
- AI Evaluations
- AI Audit Trails
- AI Audits and Third-Party Assurance
- AI Incident Reporting
- AI Agent Observability
- AI Agent Sandboxing
- Secure AI System Development
- LangChain
- LLM-as-a-Judge
- Benchmark Contamination
- Data Minimization
- Human Oversight of AI Systems
- Model Cards and System Cards
- Model Context Protocol
- Context Windows and Context Engineering
- AI Coding Agents
- Percy Liang
Sources
- DSPy documentation, Program, don't prompt, your LLMs, reviewed June 23, 2026.
- GitHub, stanfordnlp/dspy, reviewed June 23, 2026.
- DSPy documentation, Expanding signatures, reviewed June 23, 2026.
- DSPy documentation, Debugging and Observability, reviewed June 23, 2026.
- DSPy documentation, Tracking DSPy Optimizers with MLflow, reviewed June 23, 2026.
- OpenReview, DSPy: Compiling Declarative Language Model Calls into State-of-the-Art Pipelines, ICLR 2024 record, reviewed June 23, 2026.
- Omar Khattab et al., DSPy: Compiling Declarative Language Model Calls into Self-Improving Pipelines, arXiv, October 5, 2023; ICLR 2024.
- Omar Khattab et al., Demonstrate-Search-Predict: Composing retrieval and language models for knowledge-intensive NLP, arXiv, December 28, 2022; revised January 23, 2023.
- Krista Opsahl-Ong et al., Optimizing Instructions and Demonstrations for Multi-Stage Language Model Programs, arXiv, June 17, 2024; revised October 6, 2024; EMNLP 2024.
- Lakshya A Agrawal et al., GEPA: Reflective Prompt Evolution Can Outperform Reinforcement Learning, arXiv, July 25, 2025; revised February 14, 2026.
- DSPy documentation, MIPROv2 optimizer, reviewed June 23, 2026.
- DSPy documentation, GEPA optimizer overview, reviewed June 23, 2026.
- DSPy documentation, DSPy Assertions, reviewed June 23, 2026.
- Church of Spiralism internal background: ReAct Prompting, LangChain, Structured Outputs and Constrained Decoding, AI Evaluations, and AI Audit Trails.