A perception model scores 0.82 mAP on COCO categories and someone calls it validated. That number is real, and it is also nearly useless as a release signal — because COCO’s label schema was never scoped to your operating domain. This is the trap that makes COCO labels dangerous when they are treated as a finished product rather than what they actually are: a stable, reviewable label format wrapped around ground truth that has to be re-scoped for whatever you are actually deploying. COCO — the Common Objects in Context dataset and its annotation format — is one of the most widely reused label schemas in computer vision. That reuse is exactly why it gets misread. The download-and-go workflow is seductive: pull the 80-class annotations, train a detector, report mean average precision, ship. What that workflow quietly conflates is two very different things — the contract (how a label is written down) and the ground truth (what the label claims about the world). The contract is portable. The ground truth almost never is. What does the COCO annotation format actually encode? Strip away the dataset and look at the format on its own. A COCO annotation file is JSON with a few top-level arrays that matter: images, annotations, and categories. Each entry in annotations binds one labelled instance to an image via image_id and to a class via category_id. That instance carries several distinct pieces of ground truth, and they are not interchangeable. Class identity — a category_id pointing into the categories list. In the standard release that list holds 80 “thing” classes (plus stuff classes in the panoptic variant). The taxonomy is fixed by COCO’s annotation guidelines, not by your domain. Bounding box — bbox as [x, y, width, height], axis-aligned, top-left origin. This is the coarsest spatial claim: a rectangle that contains the object. Segmentation — either a polygon list or run-length encoding (RLE) for the pixel mask. This is a strictly finer claim than the box and encodes shape, not just extent. Metadata — area, the iscrowd flag (which switches an instance from individual polygons to a crowd-region RLE), and keypoints in the pose variant. The reason this decomposition matters is that a regression suite evaluates against whichever layer you point it at. Report box mAP and you never test whether the mask granularity is right. Evaluate at IoU 0.5 and you tolerate localisation errors that IoU 0.75 would fail — the difference between mAP50 and mAP50-95 is exactly this, and reading the wrong one hides real regressions. The format gives you all these layers; it does not tell you which one is decision-relevant for your system. Why COCO’s 80 categories rarely match an automotive operating domain Here is the divergence point. A perception model for an automotive operating domain has to reason about objects and conditions COCO’s annotators were never asked to consider. COCO has car, truck, bus, person, bicycle, traffic light, stop sign — a useful head start. It does not have construction cones, jersey barriers, debris, emergency-vehicle light bars, or the fine-grained distinction between a pedestrian facing the road and one facing away. It does not encode occlusion state as first-class ground truth, and its iscrowd convention collapses exactly the dense-pedestrian scenes a perception stack most needs to get right. The failure is not that COCO is wrong. It was built for a different job — general object detection in web imagery — and it does that job well. The failure is treating a taxonomy scoped to one problem as ground truth for another. In our experience across perception-validation engagements, the objects that actually cause release-blocking incidents are disproportionately the ones the source dataset never labelled — an observed pattern, not a benchmarked rate, but a consistent one. A model that scores well on COCO’s car class can still mislabel a partially occluded vehicle at a merge, because COCO’s occlusion conventions handled that edge case differently, or not at all. So the re-scoping is not cosmetic. It means: redefining the class list against the operating design domain, re-annotating (or newly annotating) the domain objects COCO omits, and re-writing the annotation guidelines for occlusion, truncation, and crowd handling so two annotators produce the same label on the same hard frame. The output can still be COCO-format JSON. That is the whole point — you keep the reviewable contract and replace the ground truth behind it. This is also why a reliability audit engagement usually starts by inspecting whether the labels match the deployed domain before it looks at a single metric. How COCO-format labels feed the eval harness In a production monitoring harness, the COCO label file is the ground-truth layer that the eval harnesses and regression suites read against. The model produces detections; the harness compares them to the COCO-format annotations; metrics fall out per class, per IoU threshold, and — if you have scoped it properly — per operating condition. The format’s stability is what makes this repeatable: because the schema is a well-understood contract, the harness parser does not change when the ground truth is re-annotated. You swap the label file, not the tooling. That stability is the ROI. A well-understood COCO-format contract lets a perception team version ground truth alongside the model and re-run the regression suite in hours rather than re-annotating from scratch. Concretely, it turns “we think mAP is 0.82” into a per-class, per-condition breakdown an engineering reviewer can sign against — which is the actual deliverable a perception model needs to reach a release-signable state. Tooling here is unglamorous and important: pycocotools for the standard mAP computation, FiftyOne or CVAT for annotation review and format conversion, and whatever your pipeline uses to gate on the resulting numbers. Quick reference: what each COCO layer tests COCO annotation layer What it encodes What a regression suite using it actually tests Common misread category_id Class identity from a fixed taxonomy Whether the model names the object correctly Assuming the taxonomy covers your domain objects bbox (axis-aligned) Coarse spatial extent Detection + rough localisation Box mAP looks fine while masks/shape are wrong segmentation (polygon/RLE) Pixel-level shape Fine localisation, boundary quality Ignored entirely when only box mAP is reported iscrowd + crowd RLE Dense-region handling How crowd scenes are scored Crowd flag hides per-instance pedestrian errors IoU threshold (harness config) Match strictness Localisation tolerance Reporting mAP50 when the domain needs mAP50-95 How is COCO-format ground truth versioned to stay aligned with the model? The label file is an artifact, and it drifts against reality just as models do. A construction pattern changes, a new object class appears in the operating domain, an annotation guideline gets tightened after a review finds inconsistent occlusion labels — each of these produces a new ground-truth version. If the label version is not pinned to the model version and the harness run, you lose the ability to say which ground truth a given mAP number was measured against. The discipline that holds this together is the same one we apply to the rest of the pipeline: treat the label set as a versioned artifact with a hash, a changelog, and a binding to the model checkpoint it was evaluated with. This is where a production monitoring harness places its reliability gates — the label version, the model version, and the metric are recorded together so a regression is attributable. Without that binding, a metric can move for three unrelated reasons (model changed, labels changed, harness config changed) and you cannot tell them apart. What evaluation-drift failure modes hide behind a stable-looking mAP? The most dangerous failure is the one that looks like success. A COCO mAP score can sit stable at 0.82 for months while the operating-domain failure rate quietly climbs. Here is how that happens in practice: Taxonomy blind spot — the domain accumulates objects COCO never labelled. The model fails on them, but since they are not in the label set, the metric never counts the failure. mAP stays flat; real-world misses grow. IoU-threshold masking — the suite reports mAP50 while the domain needs tight localisation. Boxes drift a few pixels, still pass at 0.5 IoU, and the number holds even as downstream fusion degrades. Crowd-flag collapse — dense-pedestrian scenes get scored under iscrowd region matching, so individual missed pedestrians never register as false negatives. Stale ground truth — the label set was frozen at v1 while the operating domain moved on. The metric is now measuring the model against a world that no longer exists. Each of these is silent because the number a reviewer looks at does not move. That is the recurring cost of misreading COCO labels — evaluation drift that a stable metric actively conceals. The defence is not a better single number; it is the per-class, per-condition breakdown the format makes possible, read by someone who knows what each layer does and does not test. FAQ What matters most about coco-labels in practice? COCO labels are a JSON annotation format that binds each labelled object instance to an image and a class, carrying a bounding box, an optional segmentation mask, and metadata like the crowd flag. In practice they serve two roles that people conflate: the format is a stable, portable contract a harness parses, while the ground truth behind it is dataset-specific and must be re-scoped for your domain. Treating the format as the harness is the mistake. What does the COCO annotation format actually encode — classes, bounding boxes, segmentation masks, and metadata? Each annotation encodes a category_id (class identity from a fixed 80-class taxonomy in the standard release), a bbox as axis-aligned [x, y, width, height], a segmentation as polygon or run-length-encoded pixel mask, and metadata including area, iscrowd, and keypoints in the pose variant. These are distinct claims of increasing spatial precision. A regression suite tests only the layer you point it at, which is why box-only mAP can hide mask and shape errors. Why do COCO’s 80 categories rarely match an automotive perception operating domain, and what has to be re-annotated? COCO was built for general object detection in web imagery, so its taxonomy omits domain-critical objects like construction cones, barriers, debris, and emergency-vehicle light bars, and it does not encode occlusion state as first-class ground truth. Re-scoping means redefining the class list against the operating design domain, newly annotating the omitted objects, and rewriting the guidelines for occlusion, truncation, and crowd handling. The output stays COCO-format JSON — you replace the ground truth, not the contract. How do COCO-format labels feed the eval harnesses and regression suites in a production monitoring harness? The COCO label file is the ground-truth layer the harness reads against: the model produces detections, the harness compares them to the annotations, and metrics fall out per class, per IoU threshold, and per operating condition. Because the schema is a stable contract, you swap the label file without changing the parser, which is what makes regression suites re-runnable in hours. Tools like pycocotools, FiftyOne, and CVAT operate on this contract. How is ground truth in COCO format versioned so it stays aligned with the deployed model? Treat the label set as a versioned artifact with a hash, a changelog, and an explicit binding to the model checkpoint and harness config it was evaluated against. This lets you attribute any change in a metric to a specific cause — model change, label change, or config change — rather than guessing. Without that binding, three unrelated causes of drift become indistinguishable. What evaluation-drift failure modes hide behind a stable-looking COCO mAP score? A stable mAP can conceal taxonomy blind spots (domain objects COCO never labelled, so failures never count), IoU-threshold masking (reporting mAP50 when the domain needs tight localisation), crowd-flag collapse (missed pedestrians hidden under iscrowd region matching), and stale ground truth (labels frozen while the domain moved on). Each is dangerous precisely because the headline number does not move. The defence is a per-class, per-condition breakdown, not a better single metric. The label file is the quietest artifact in a perception pipeline and one of the most consequential — get its taxonomy or its versioning wrong and every metric downstream inherits the error while looking perfectly healthy. The right question to ask of any COCO-format ground truth is not “what does it score?” but “what operating-domain object or condition does this label set silently fail to test?”