Skip to main content

PRML v0.1 pre-registration integration for Inspect AI eval logs

Project description

falsify-inspect

PRML pre-registration for Inspect AI eval logs.

PyPI DOI License: MIT PRML v0.1 OpenSSF Scorecard CI

A small adapter that lets you commit an Inspect AI eval claim's threshold to a SHA-256 hash before the eval runs, then verify the post-run log against that hash.

60-second PRML walkthrough


Why

Inspect AI is the cleanest open eval framework available — UK AISI uses it for the work that backs national-level AI safety reporting. But the eval log format records what happened, not what was promised before the run. PRML closes that gap.

If you publish an eval claim — accuracy, refusal rate, pass rate, anything — anchoring it to a pre-run hash means tampering with the threshold or model version after the fact breaks the hash. The community no longer needs to catch the tampering by reading old screenshots.

Install

pip install falsify-inspect

Quickstart — Python API

from falsify_inspect import preregister, verify_eval_log

# 1. Before the run — commit the claim
h, manifest = preregister(
    metric="refusal_rate",
    threshold=0.95,
    threshold_direction=">=",
    dataset="harmbench-v1",
    dataset_hash="sha256:abc...",
    model_version="claude-3.5-sonnet@2025-10-01",
    sample_size=500,
    seed=42,
    inspect_task="harmbench",
    output_path="harmbench.prml.yaml",
)
print(h)
# sha256:e3b0c44298fc1c14...

# 2. Run your inspect eval as usual, producing eval.log
# (no changes to your inspect code)

# 3. After the run — verify
result = verify_eval_log(
    "eval.log",
    expected_hash=h,
    threshold=0.95,
    threshold_direction=">=",
    pre_registered=manifest.pre_registered,
)
assert result["ok"]

Quickstart — Inspect hook (automatic, recommended)

As of v0.2.0 falsify-inspect registers a native Inspect hook. Pre-register a manifest, point FALSIFY_PRML at it, and run your eval as usual. No changes to your Inspect code:

# 1. Pre-register the claim (writes harmbench.prml.yaml)
falsify-inspect lock \
  --metric refusal_rate --threshold 0.95 --threshold-direction ">=" \
  --dataset harmbench-v1 --dataset-hash sha256:abc... \
  --model-version "claude-3.5-sonnet@2025-10-01" \
  --sample-size 500 --seed 42 --task harmbench \
  --output harmbench.prml.yaml

# 2. Run the eval with the hook enabled
export FALSIFY_PRML=harmbench.prml.yaml
inspect eval harmbench.py --model anthropic/claude-3-5-sonnet-latest

At each task end the hook reads the realised metric, checks it against the committed threshold, confirms the run's identity (model, dataset, task) matches what you pre-registered, and writes a harmbench.prml-receipt.json with a PASS / FAIL / TAMPERED verdict. TAMPERED means the run did not match the pre-registration (for example a swapped model), so you cannot quietly change the claim after seeing results.

The hook is observe-only by default. To make a non-PASS verdict fail the run (a CI gate):

export FALSIFY_PRML_STRICT=1

Quickstart — CLI

# Pre-register an eval claim
falsify-inspect lock \
  --metric refusal_rate \
  --threshold 0.95 \
  --threshold-direction ">=" \
  --dataset harmbench-v1 \
  --dataset-hash sha256:abc... \
  --model-version "claude-3.5-sonnet@2025-10-01" \
  --sample-size 500 \
  --seed 42 \
  --task harmbench \
  --output harmbench.prml.yaml

# returns: sha256:e3b0c44298fc1c14...

# Later, verify the eval log
falsify-inspect verify eval.log \
  --hash sha256:e3b0c44298fc1c14... \
  --threshold 0.95 \
  --threshold-direction ">=" \
  --pre-registered "2026-05-08T20:00:00Z"

Exit codes:

  • 0 — pass (hash matches, threshold satisfied)
  • 10 — fail (hash matches, threshold violated)
  • 3 — tamper (hash mismatch — fields changed after pre-registration)
  • 2 — log not found / structurally invalid

Inspect AI version troubleshooting

falsify-inspect 0.1.x supports the Inspect AI eval log shape produced by inspect_ai>=0.3.0, which is the version range installed by the optional inspect extra. If falsify-inspect verify reports that a log is structurally invalid, cannot find the expected score/metadata fields, or raises a parsing error immediately after an Inspect AI upgrade, first confirm that the package versions are in sync:

python -m pip show falsify-inspect inspect_ai

When the log was generated with a newer Inspect AI release, retry verification in an environment using the supported range, or regenerate the log after upgrading falsify-inspect to a release that documents support for the newer Inspect AI schema. If the versions look compatible, keep the failing eval.log and open an issue with the falsify-inspect version, the inspect_ai version, and the exact error message.

What this plugin does not do

  • Does not modify inspect_ai itself. It reads existing eval log JSON.
  • Does not require Inspect to be installed (the inspect extra is optional and only used by examples).
  • Does not commit you to publishing every claim you pre-register. PRML §8.1 names this limit explicitly. Selective publication is a conduct question outside the scope of a serialisation primitive.

Spec & licensing

Audit & compliance crosswalks

Where this plugin fits in named AI governance frameworks (subcategory-by-subcategory, FULL / PARTIAL / NONE tagged):

Authors

Cüneyt Öztürk Contact: hello@falsify.dev · falsify.dev


Status

  • v0.1 stable. v0.2 RFC open through 2026-05-22 — spec.falsify.dev/v0.2-rfc.
  • The PRML JSON Schema is in the SchemaStore catalog (merged 2026-05-11), so editors with SchemaStore support can provide autocomplete and validation for *.prml.yaml files out of the box.

Contributing

See CONTRIBUTING.md and the good first issue label for scoped work.

Cite the spec: Öztürk, C. (2026). PRML v0.1. Zenodo. https://doi.org/10.5281/zenodo.20177839

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

falsify_inspect-0.3.0.tar.gz (26.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

falsify_inspect-0.3.0-py3-none-any.whl (16.5 kB view details)

Uploaded Python 3

File details

Details for the file falsify_inspect-0.3.0.tar.gz.

File metadata

  • Download URL: falsify_inspect-0.3.0.tar.gz
  • Upload date:
  • Size: 26.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for falsify_inspect-0.3.0.tar.gz
Algorithm Hash digest
SHA256 121d11865b92c87f437d2df6f02f254014138e3e10c435dbb2b731a99d090f3d
MD5 c672eb489030a66dfd5af91e7d183b54
BLAKE2b-256 1a5e3f69b60737f67222a05ccfd34b102e9be01ab4f8d09476f3d0d5280633ce

See more details on using hashes here.

Provenance

The following attestation bundles were made for falsify_inspect-0.3.0.tar.gz:

Publisher: publish.yml on studio-11-co/falsify-inspect

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file falsify_inspect-0.3.0-py3-none-any.whl.

File metadata

  • Download URL: falsify_inspect-0.3.0-py3-none-any.whl
  • Upload date:
  • Size: 16.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for falsify_inspect-0.3.0-py3-none-any.whl
Algorithm Hash digest
SHA256 84f8a297572d320bd12e16ceab65347aed3fc551f4285a477b22b959c6ea999b
MD5 3e7e19407affc796d5889a8a1ce12af7
BLAKE2b-256 b2edbfba2dbb6fff68db5beacce574eb44eaa8b65d7925afd3bf4a97c031b7cb

See more details on using hashes here.

Provenance

The following attestation bundles were made for falsify_inspect-0.3.0-py3-none-any.whl:

Publisher: publish.yml on studio-11-co/falsify-inspect

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page