targets:
  - id: https
    label:
    config:
      url: "https://my-target.tld/eval"
      method: "POST"
      headers:
        Content-Type: "application/json"
        Authorization: "Bearer xxxxx"

      body: {"text":"{{prompt}}"}
redteam:
  purpose: "something."
  numTests: 5
  plugins:
    - hijacking  # Tests for unauthorized resource usage and purpose deviation
    - pii:api-db  # Tests for PII exposure via API/database access
    - pii:direct  # Tests for direct PII exposure vulnerabilities
    - pii:session  # Tests for PII exposure in session data
    - pii:social  # Tests for PII exposure via social engineering
    - politics  # Tests handling of political content and bias

  # Attack methods for applying adversarial inputs
  strategies:
    - basic 
    - jailbreak # Single-shot optimization of safety bypass techniques
    - jailbreak:composite # Combines multiple jailbreak techniques for enhanced effectiveness
  provider: deepseek:deepseek-chat

I set the DEEPSEEK_API_KEY var and run promptfoo redteam eval (I already generated prompts with promptfoo redteam generate), but it continue to try openai key, getting this error in the console `Target error: OpenAI API key is not set. Set the OPENAI_API_KEY environment variable or add

apiKey

to the provider config.. Full response: {"output":"","error":"OpenAI API key is not set. Set the OPENAI_API_KEY environment variable or add

apiKey

to the provider config.","to}` hoe can I force it to use the model confiured in the promptfooconfig.yaml?

I want to add assertions for each file type's configuration in the tests. like this： https://cdn.discordapp.com/attachments/1349643921420062732/1349643921617063966/image.png?ex=67d3d95a&is=67d287da&hm=097209882c11fdd976f9ed426e609991ff457b2b2167edd95624ea02de18952d&

Hello, thanks in advance, I'm new with the redteaming part, I'm trying to connect to an Http endpoint, but I'm getting this error Error: Unable to proceed with test generation: Network error: fetch failed (Cause: Error: unable to get local issuer certificate) URL: https://api.promptfoo.app/health Please check your API configuration or try again later. at synthesize (C:\Users\xxxxxx\AppData\Roaming\npm\node_modules\promptfoo\dist\src\redteam\index.js:421:23) at process.processTicksAndRejections (node:internal/process/task_queues:95:5) at async doGenerateRedteam (C:\Users\xxxxAppData\Roaming\npm\node_modules\promptfoo\dist\src\redteam\commands\generate.js:194:88) Node.js v20.17.0 This is my yaml # yaml-language-server: $schema=https://promptfoo.dev/config-schema.json description: Internal Company RAG Example targets: - id: https://xxxxxxxxxx/ config: method: POST headers: Content-Type: application/json body: verb: '{{verb}}' message: '{{prompt}}' model: "ctx-qwen14-10k-nt" responseParser: json.message redteam: purpose: |- ... You have access to: General company information like policies and engineering documents You do not have access to: Anything owned by other departments. Things like future strategy, financial documents, sales documentation and planning, confidential HR information. You can take the following actions: Search the documents The LLM agent has access to these systems: Internal company knowledge base plugins: - id: harmful:hate # Tests handling of hate speech and discriminatory content - id: harmful:self-harm # Tests handling of self-harm and suicide content - id: rbac # Tests role-based access control implementation strategies: - id: jailbreak # Single-shot optimization of safety bypass techniques - id: jailbreak:composite # Combines multiple jailbreak techniques for enhanced effectiveness

Is there a specific configuration so that promptfoo can be used to red team guardrails such as nemo and azure content filter?

Is there a way to use to use different LLM providers for running prompts and getting output to evaluate v/s for evaluating the ouput?

Can I leverage bedrock models as a grader when using llm-rubric?

Minification and bundling has made it challenging for me to have this work as a node package in my deployed lambda. I've altered my implementation now to pass in ApiProviders instead of filepath references and it seems to work for the providers array which uses the loadApiProviders implementation, however I can't replace my default test provider with a custom provider this way as it looks for a string filepath to load. We aren't allow to use keys to access our Azure OpenAI endpoints and need to rely on an OAuth implementation to do so in our deployed solution, so I'm kinda stuck here at the moment getting this as a deployed API solution to evaluate our tests. Would welcome a fix here as it seems like it was commented in the code to be addressed at a certain point. https://github.com/promptfoo/promptfoo/blob/c196b47d221d47cef1460ec4e1279e5c630effb0/src/providers/index.ts#L18 https://github.com/promptfoo/promptfoo/blob/c196b47d221d47cef1460ec4e1279e5c630effb0/src/index.ts#L53

I've tried to work around this a number of different ways but ultimately I don't think the loadApiProvider issue I was encountering below would even be necessary if I could just specify a function of my choosing for obtaining the bearer token for the Azure OpenAI request. The clientID + secret stuff is nice, but implementations are going to vary for some of this stuff in a deployed environment. Ours for instance leverages Workload Identity Federation between our Azure account and AWS so its not a simple client id and secret and keys aren't allowed for us either. We have a function that grabs the token that works successfully with our Azure endpoint but I don't have a great way to plug it into our deployed environment. The way I'd imagine this could work is if the authFn param is provided it circumvents the other logic and uses that function to provide the bearer token to the resource.

I'm trying to run tests using Claude 3.7, and I get this error for each run: " API call error: Streaming is strongly recommended for operations that may take longer than 10 minutes. See https://github.com/anthropics/anthropic-sdk-python#streaming-responses for more details" This doesn't happen with 3.5 Here's my setup -- maybe I'm doing it wrong?

- id: anthropic:messages:claude-3-7-sonnet-20250219
    label: anthropic-3.7-sonnet-no-thinking
    config:
      max_tokens: 40000
      temperature: 0
      thinking:
        type: 'disabled'
  - id: anthropic:messages:claude-3-7-sonnet-20250219
    label: anthropic-3.7-sonnet-thinking
    config:
      temperature: 0
      max_tokens: 40000
      thinking:
        type: 'enabled'
        budget_tokens: 32000

The current version of Ollama has implemented some function-calling support. I just want to test whether a particular Ollama model correctly supports function calling. First, I want to know if the LLM correctly identifies when to call a function (and with what arguments). I'm not sure if this is supported in the current version of Promptfoo.

I have a test file in JSON, in the variable "weekdays", I want to map each day with each corresponding value(1 to 7) for the {{day_index}} in the assert value. For example, if the variable is "tuesday", the asserted value will be "interval=1w download=true | tuesday=count(_time[day]=2) | top(file_type)" Could anyone please take a look. Thank you. Here is the test:

[
  {
      “description”:“Query downloaded files on specific day?“,
      “vars”:{
         “prompt”:[
            “How many files were downloaded on {{weekdays}}?“,
            “Show me the file types downloaded every {{weekdays}}.”
         ],
         “weekdays”:[
            “sunday”,
            “monday”,
            “tuesday”,
            “wednesday”,
            “thursday”,
            “friday”,
            “saturday”
         ]
      },
      “assert”:[
         {
            “type”:“contains-any”,
            “value”:[
               “interval=1w download=true | {{weekdays}}=count(_time[day]={{day_index}}) | top(file_type)”
            ]
         }
      ]
   }
]

Which API does it use to generate the prompts using promptfoo? Does it use another AI model to generate prompt and attack the targets?

Hello everyone, have you tried self hosting promptfoo on gcr(google cloud run)? Can you share a guide?

I have a custom guardrails to test, it is an API endpoint that receives a prompt and returns a json, so I wrote a custom provider to send the prompt and get a json like

{ "flagged": true/false, "category": "something" }

, the config looks like

targets:
- id: 'file://custom_guard.py'
    config:
      endpoint: '{{env.ENDPOINT}}'
      key: '{{env.TOKEN}}'

redteam:
  plugins: ...

now my question is, how can I check for flagged and group by categories returned? thnaks

Hello! I have a problem when i do redteaming. For context i am running the project locally now. It runs fine but when i do the red team test i am always stuck in running scan. I inspected logs and its asking for an email when i provide the email nothing happens after. This is also the issue i guess in my gcp compute engine

I am trying to perform a red team evaluation against mistral running locally on Ollama. Since i have Open Web UI installed i am utilizing the Open AI API provided by Open Web UI. I am able to successfully make a curl request through this API. However , while setting up a custom target with attached YAML, it gives me model not found error. Curl request, YAML config and Promptfoo error attached.. https://cdn.discordapp.com/attachments/1358033855214518384/1358033855457661178/image.png?ex=67f25f16&is=67f10d96&hm=05041d85b7826735091f294b4239565996cba634ad666d3f68c53b2f1c92e83a& https://cdn.discordapp.com/attachments/1358033855214518384/1358033855986008265/image.png?ex=67f25f16&is=67f10d96&hm=6dacc8d053d81540bb4c8a47c3df29f5b1c56df2871e62239b7721d0c43e1ab5& https://cdn.discordapp.com/attachments/1358033855214518384/1358033856321683486/image.png?ex=67f25f16&is=67f10d96&hm=6a25c2777fbf936c588faf5c44f504e0ab120dd752d3f5e6832b2ee89f38acab&

I am attempting to run a Redteam test using Direct Prompt Injection strategy however it seems the prompts that get generated are causing issues when being passed in the JSON body for our chatbot's API set up. I am trying create a request transform so the prompt won't cause issues in the JSON body. I thought this simple Javascript would do the trick (prompt) => JSON.stringify(prompt) but it when I test the target I get an error invalid input.

Please see reported vulnerability in "Request" package that is used by promptfoo - https://github.com/advisories/GHSA-p8p7-x288-28g6. This package is no longer maintained by the owner. Can we not use this package in promptfoo?

I've deployed promptfoo using Render and it seems evaluations run fine however when attempting our first Redteam test it seems to be stuck indefinitely on 'Running scan...' I'm only generating 10 tests so I feel like it shouldn't be a memory issue. Has anyone else run into this or is aware of what may be the cause? https://cdn.discordapp.com/attachments/1359957546080932113/1359957546483318784/image.png?ex=67f95ea9&is=67f80d29&hm=df43694fd6bc72e89b2af8987cbb31321011f5a3e99b827385cf49e8397ef81e&

Hi folks, I'm new to promptfoo and I'm trying it out for the first time, but instead of running the cli/quick-start I went straigth to the web server. I configured a docker-compose running the latest image (version 0.109.1) and then I tried some basic examples from the quick start and from the examples repository folder. All Evals attemps raises a similar error message: > SyntaxError: Unexpected token 'I', "I don't ha"... is not valid JSON > > SyntaxError: Unexpected token 'I', "I don't ha"... is not valid JSON > at JSON.parse () > at eval (eval at getInlineTransformFunction (/app/src/util/transform.ts:97:10), :3:13) > at transform (/app/src/util/transform.ts:159:37) > at runAssertion (/app/src/assertions/index.ts:131:14) > at /app/src/assertions/index.ts:363:22 I have tried with google and openrouter providers and results are always the same. Given the errors output it seems that the Evals are calling the providers API, but the response does not seems to be a valid JSON. Instead it seems that the web server is trying to parse the actual answer (the LLM response) created by the provider. Some examples are: > SyntaxError: Unexpected token 'I', "I don't ha"... is not valid JSON > SyntaxError: Unexpected token 'I', "I'm sorry,"... is not valid JSON > SyntaxError: Unexpected token 'H', "Here are a"... is not valid JSON > SyntaxError: Unexpected token 'A', "Ahoy, mate"... is not valid JSON Am I missing some configuration? Any ideas on what I'm doing wrong? https://cdn.discordapp.com/attachments/1360053293484605622/1360053293673484338/image.png?ex=67f9b7d5&is=67f86655&hm=278e125e99fd9bd76ed6c891f1d64097b7f572af7029ab0ee20ab06c24efb6a7&

According to documentation https://www.promptfoo.dev/docs/configuration/parameters/#output-file output file should contain test variables, but when I do

promptfoo eval --output eval-result.csv

I only get the result column. Did I miss something or is this a bug?

Hi... I am very new to promptfoo, so if the question sounds stupid please be nice. I want to use promptfoo to evaluate an internal fine tuned model. We have a custom evaluation strategy that assigns 2 scores to every response from the model under test. The scores can be individually aggregated across all test cases. I want to integrate this custom eval with prompt foo. I don't want to assert whether something will pass or fail. Is promptfoo the right tool for this?

How to list all the redteaming malicious prompts, all techniques, all strategies and every description or guide? ive started as a red teamer for LLM and i need to learn it

I've build a ~50 test cases using Equality assertions of JSON objects. Tests are wrote in CSV files. For some reason about 10% of the test cases fails although the result and expected JSON objects look identical to me and even after I literally copy-pasted the result as expected and running the eval again it's still failing. This is really annoying because I can trust the ovall success rate. Any idea why this is happening? Below is an example: [FAIL] Expected output "{ "symbol": "TSLA", "action": "SELL", "fraction": 1, "price": 269 }" to equal "{ "symbol": "TSLA", "action": "SELL", "fraction": 1, "price": 269 }" --- { "symbol": "TSLA", "action": "SELL", "fraction": 1, "price": 269 }

Hi all, I ran into a problem while trying to generate credentials for sharing evals. I followed the instructions to go to promptfoo.app and set up an account. The verification email took some time to arrive, so I requested another one. When the email finally arrived, I entered the verification code, but it was invalid. Shortly afterward, I received another email with a different code. I had no way to repeat the procedure, and my account now only shows the "Oops! You're lost! You've wandered into an unknown part of our website." screen. I can only log out; every other action takes me to the same place. Thinking it was my fault for not waiting patiently for the queued verification codes, I tried again with another email address. This time, although I received only one code and entered it correctly, I still ended up on the same "You're lost" screen. Now I'm stuck with two accounts, set up with two different email addresses, both 100% unresponsive except for login/logout, and I still have no option to share my evaluations. Can you please guide me on what to do next? https://cdn.discordapp.com/attachments/1364134741841809408/1364134742206844958/image.png?ex=680890fa&is=68073f7a&hm=093ce96f3f5b1980feafb3eb80f369e3eb7bd4d6e5d9f362e65c62545d4a8e98&

Hi, new to promptfoo here. The platform looks great btw :). Had a question about the best way to add an assertion integration. I'm looking to integrate a LLM-as-a-judge alternative my team has been working on- called the "pi scorer". We'd like to include it as an assertion in promptfoo. This scorer uses an encoder head to provide faster and deterministic scores. Like an LLM, it can handle any text subject and criteria. You can learn more here: https://docs.withpi.ai https://build.withpi.ai We were wondering if we could add an assertion, rather than integrating with the existing python assertion - so that people can discover this alternative scoring method. A few questions; 1. Can we add this as an official assertion, so that people don't need to write the python code to call this scorer? 2. This assertion requires using an API key. How would testing work in this case? Should we mock calls to our api so that the api key isn't needed during tests? Thanks for your time. Looking forward to hearing from y'all.

Hi everyone, We're currently experimenting with self-hosting Promptfoo in a Kubernetes (K8s) environment. However, we're facing issues when trying to scale the deployment to more than one replica. The problem arises because the /api/job/:id endpoint and a few others do not function correctly in a multi-replica setup. It seems that running jobs are stored in memory using: export const evalJobs = new Map(); This makes it instance-specific, so other replicas don't have access to the job state. Is it possible to scale Promptfoo horizontally in Kubernetes? If so, what strategies or workarounds would you recommend to support multiple replicas? Any advice or examples would be greatly appreciated! Thanks 🙂

I am trying to run a redteam scan against an openAI compatible model running in a custom Open WebUI application. At this point I am running the plugins on the "minimal test" preset plugin configuration. Here is the configuration file:

yaml
# yaml-language-server: $schema=https://promptfoo.dev/config-schema.json
description: AI Framework - llama32
providers: openai:"NAME: llama3.2"
  - id: openai:
    label: ai-llama32
prompts:
  - '{{prompt}}'
redteam:
  purpose: ''
  plugins:
    - id: harmful:hate # Tests handling of hate speech and discriminatory content
    - id: harmful:self-harm # Tests handling of self-harm and suicide content
  strategies:
    - id: jailbreak # Single-shot optimization of safety bypass techniques
    - id: jailbreak:composite # Combines multiple jailbreak techniques for enhanced effectiveness
defaultTest:
  options:
    transformVars: '{ ...vars, sessionId: context.uuid }'

I am passing the OPENAI_API_KEY and OPENAI_BASE_URL as environment variables. The problem that I am running into is that whoever setup this endpoint decided that the model name should be 'NAME: ', like in the config above. The colon in the model name seems to be the issue. I have tried escaping the colon, surrounding it with quotes, encoding the colon, but no matter what I get the following:

shell
[util.js:63] Error in extraction: API error: 400 Bad Request
{"detail":"Model not found"}

I even tried specifying the model ID 'protected.llama3.2', but it gives the same error. Any ideas or direction would be appreciated.

I'd like to be able to use promptfoo optionally as a library for running manual tests on LLM outputs which have already been produced. So I have a dataset of 10000s of LLM outputs and need to sample test their accuracy and output format, it's basically a multilabelling pipeline (the output from the LLM is an array of N values from a discrete list). Is this the right library for my use case? 🤔 we may use the ai as a judge elements in the future but we're just starting with the programmatic testing for the moment.

Hi everyone! Do you know if there is a way to provide feedback to an LLM after assertion? I'm using promptfoo for checking my text -> graphql pipeline I would like to validate generated query with python/js and provide an error back to LLM + regenerate the query I read the docs, but couldn't find anything suitable for that. Essentially, I'm trying to do smth similar to this: https://www.promptfoo.dev/docs/guides/text-to-sql-evaluation/ but this example also doesn't have any sql validation + regeneration with feedback