Skip to main content

PRML v0.1 pre-registration integration for Inspect AI eval logs

Project description

falsify-inspect

PRML pre-registration for Inspect AI eval logs.

PyPI DOI License: MIT PRML v0.1 OpenSSF Scorecard CI

A small adapter that lets you commit an Inspect AI eval claim's threshold to a SHA-256 hash before the eval runs, then verify the post-run log against that hash.

60-second PRML walkthrough


Why

Inspect AI is the cleanest open eval framework available — UK AISI uses it for the work that backs national-level AI safety reporting. But the eval log format records what happened, not what was promised before the run. PRML closes that gap.

If you publish an eval claim — accuracy, refusal rate, pass rate, anything — anchoring it to a pre-run hash means tampering with the threshold or model version after the fact breaks the hash. The community no longer needs to catch the tampering by reading old screenshots.

Install

pip install falsify-inspect

Quickstart — Python API

from falsify_inspect import preregister, verify_eval_log

# 1. Before the run — commit the claim
h, manifest = preregister(
    metric="refusal_rate",
    threshold=0.95,
    threshold_direction=">=",
    dataset="harmbench-v1",
    dataset_hash="sha256:abc...",
    model_version="claude-3.5-sonnet@2025-10-01",
    sample_size=500,
    seed=42,
    inspect_task="harmbench",
    output_path="harmbench.prml.yaml",
)
print(h)
# sha256:e3b0c44298fc1c14...

# 2. Run your inspect eval as usual, producing eval.log
# (no changes to your inspect code)

# 3. After the run — verify
result = verify_eval_log(
    "eval.log",
    expected_hash=h,
    threshold=0.95,
    threshold_direction=">=",
    pre_registered=manifest.pre_registered,
)
assert result["ok"]

Quickstart — Inspect hook (automatic, recommended)

As of v0.2.0 falsify-inspect registers a native Inspect hook. Pre-register a manifest, point FALSIFY_PRML at it, and run your eval as usual. No changes to your Inspect code:

# 1. Pre-register the claim (writes harmbench.prml.yaml)
falsify-inspect lock \
  --metric refusal_rate --threshold 0.95 --threshold-direction ">=" \
  --dataset harmbench-v1 --dataset-hash sha256:abc... \
  --model-version "claude-3.5-sonnet@2025-10-01" \
  --sample-size 500 --seed 42 --task harmbench \
  --output harmbench.prml.yaml

# 2. Run the eval with the hook enabled
export FALSIFY_PRML=harmbench.prml.yaml
inspect eval harmbench.py --model anthropic/claude-3-5-sonnet-latest

At each task end the hook reads the realised metric, checks it against the committed threshold, confirms the run's identity (model, dataset, task) matches what you pre-registered, and writes a harmbench.prml-receipt.json with a PASS / FAIL / TAMPERED verdict. TAMPERED means the run did not match the pre-registration (for example a swapped model), so you cannot quietly change the claim after seeing results.

The hook is observe-only by default. To make a non-PASS verdict fail the run (a CI gate):

export FALSIFY_PRML_STRICT=1

Quickstart — CLI

# Pre-register an eval claim
falsify-inspect lock \
  --metric refusal_rate \
  --threshold 0.95 \
  --threshold-direction ">=" \
  --dataset harmbench-v1 \
  --dataset-hash sha256:abc... \
  --model-version "claude-3.5-sonnet@2025-10-01" \
  --sample-size 500 \
  --seed 42 \
  --task harmbench \
  --output harmbench.prml.yaml

# returns: sha256:e3b0c44298fc1c14...

# Later, verify the eval log
falsify-inspect verify eval.log \
  --hash sha256:e3b0c44298fc1c14... \
  --threshold 0.95 \
  --threshold-direction ">=" \
  --pre-registered "2026-05-08T20:00:00Z"

Exit codes:

  • 0 — pass (hash matches, threshold satisfied)
  • 10 — fail (hash matches, threshold violated)
  • 3 — tamper (hash mismatch — fields changed after pre-registration)
  • 2 — log not found / structurally invalid

Inspect AI version troubleshooting

falsify-inspect 0.1.x supports the Inspect AI eval log shape produced by inspect_ai>=0.3.0, which is the version range installed by the optional inspect extra. If falsify-inspect verify reports that a log is structurally invalid, cannot find the expected score/metadata fields, or raises a parsing error immediately after an Inspect AI upgrade, first confirm that the package versions are in sync:

python -m pip show falsify-inspect inspect_ai

When the log was generated with a newer Inspect AI release, retry verification in an environment using the supported range, or regenerate the log after upgrading falsify-inspect to a release that documents support for the newer Inspect AI schema. If the versions look compatible, keep the failing eval.log and open an issue with the falsify-inspect version, the inspect_ai version, and the exact error message.

What this plugin does not do

  • Does not modify inspect_ai itself. It reads existing eval log JSON.
  • Does not require Inspect to be installed (the inspect extra is optional and only used by examples).
  • Does not commit you to publishing every claim you pre-register. PRML §8.1 names this limit explicitly. Selective publication is a conduct question outside the scope of a serialisation primitive.

Spec & licensing

Audit & compliance crosswalks

Where this plugin fits in named AI governance frameworks (subcategory-by-subcategory, FULL / PARTIAL / NONE tagged):

Authors

Cüneyt Öztürk Contact: hello@falsify.dev · falsify.dev


Status

  • v0.1 stable. v0.2 RFC open through 2026-05-22 — spec.falsify.dev/v0.2-rfc.
  • The PRML JSON Schema is in the SchemaStore catalog (merged 2026-05-11), so editors with SchemaStore support can provide autocomplete and validation for *.prml.yaml files out of the box.

Contributing

See CONTRIBUTING.md and the good first issue label for scoped work.

Cite the spec: Öztürk, C. (2026). PRML v0.1. Zenodo. https://doi.org/10.5281/zenodo.20177839

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

falsify_inspect-0.3.1.tar.gz (30.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

falsify_inspect-0.3.1-py3-none-any.whl (16.7 kB view details)

Uploaded Python 3

File details

Details for the file falsify_inspect-0.3.1.tar.gz.

File metadata

  • Download URL: falsify_inspect-0.3.1.tar.gz
  • Upload date:
  • Size: 30.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for falsify_inspect-0.3.1.tar.gz
Algorithm Hash digest
SHA256 e45ca72fb516ff86e6f69a22b4bcdc89c103b439ef674a0fd54898349d1f407e
MD5 4eef8b1a8c36683af32285a219c14b41
BLAKE2b-256 4b16ea79e01a420dfb794a271e9a52b9ac4e7ea173de094b95b03b1e82dde377

See more details on using hashes here.

Provenance

The following attestation bundles were made for falsify_inspect-0.3.1.tar.gz:

Publisher: publish.yml on studio-11-co/falsify-inspect

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file falsify_inspect-0.3.1-py3-none-any.whl.

File metadata

  • Download URL: falsify_inspect-0.3.1-py3-none-any.whl
  • Upload date:
  • Size: 16.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for falsify_inspect-0.3.1-py3-none-any.whl
Algorithm Hash digest
SHA256 6a827d2046eb999187f7696ea75f847621c7cb95a01417bd676c459ed234da8d
MD5 0b8fd188e4f45fc1590730ba4f2292a7
BLAKE2b-256 73c300f0ae33c42d35f15be7e63938341ff8e51b76dd9e0e86260e743e9f5aa2

See more details on using hashes here.

Provenance

The following attestation bundles were made for falsify_inspect-0.3.1-py3-none-any.whl:

Publisher: publish.yml on studio-11-co/falsify-inspect

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page