Out-Of-Tree Llama Stack provider for Garak Red-teaming

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for saichandrapandraju from gravatar.com saichandrapandraju

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Author: TrustyAI Team
  • Tags llama-stack , garak , red-teaming , security , ai-safety
  • Requires: Python >=3.12
  • Provides-Extra: remote , dev
Report project as malware

Project description

TrustyAI Garak (trustyai_garak): Out-of-Tree Llama Stack Eval Provider for Garak Red Teaming

About

This repository implements Garak as a Llama Stack out-of-tree provider for security testing and red teaming of Large Language Models with optional Shield Integration for enhanced security testing.

What It Does

  • Automated Security Testing: Detects prompt injection, jailbreaks, toxicity, and bias vulnerabilities
  • Compliance Scanning: OWASP LLM Top 10, AVID taxonomy benchmarks
  • Shield Testing: Compare LLM security with/without guardrails
  • Scalable Deployment: Local or Kubernetes/Kubeflow execution
  • Comprehensive Reporting: JSON, HTML, and detailed logs with vulnerability scores (0.0-1.0)

Installation

git clone https://github.com/trustyai-explainability/llama-stack-provider-trustyai-garak.git
cd llama-stack-provider-trustyai-garak
python3 -m venv .venv && source .venv/bin/activate
pip install -e .
# For remote execution: pip install -e ".[remote]"

Quick Start

1. Configure Environment

export VLLM_URL="http://your-model-endpoint/v1"
export INFERENCE_MODEL="your-model-name"

2. Start Server

# Basic mode (standard scanning)
llama stack run run.yaml --image-type venv

# Enhanced mode (with shield testing)
llama stack run run-with-safety.yaml --image-type venv

# Remote mode (Kubernetes/KFP)
llama stack run run-remote.yaml --image-type venv

Server runs at http://localhost:8321

3. Run Security Scan

from llama_stack_client import LlamaStackClient

client = LlamaStackClient(base_url="http://localhost:8321")

# Quick 5-minute scan
job = client.eval.run_eval(
    benchmark_id="trustyai_garak::quick",
    benchmark_config={
        "eval_candidate": {
            "type": "model",
            "model": "your-model-name",
            "sampling_params": {"max_tokens": 100}
        }
    }
)

# Check status
status = client.eval.jobs.status(job_id=job.job_id, benchmark_id="trustyai_garak::quick")
print(f"Status: {status.status}")

# Get results when complete
if status.status == "completed":
    results = client.eval.get_eval_job_result(job_id=job.job_id, benchmark_id="trustyai_garak::quick")

Available Benchmarks

Compliance Frameworks

Benchmark ID Framework Duration
trustyai_garak::owasp_llm_top10 OWASP LLM Top 10 ~8 hours
trustyai_garak::avid_security AVID Security ~8 hours
trustyai_garak::avid_ethics AVID Ethics ~30 minutes
trustyai_garak::avid_performance AVID Performance ~40 minutes

Test Profiles

Benchmark ID Description Duration
trustyai_garak::quick Essential security checks (3 probes) ~5 minutes
trustyai_garak::standard Standard attack vectors (5 categories) ~1 hour

Duration estimates based on Qwen2.5 7B via vLLM

Advanced Usage

Other Garak Probes

client.benchmarks.register(
    benchmark_id="custom",
    dataset_id="garak",
    scoring_functions=["garak_scoring"],
    provider_benchmark_id="custom",
    provider_id="trustyai_garak",
    metadata={
        "probes": ["latentinjection.LatentJailbreak", "snowball.GraphConnectivity"],
        "timeout": 900
    }
)

Shield Testing

# Test with input shield
client.benchmarks.register(
    benchmark_id="with_shield",
    dataset_id="garak",
    scoring_functions=["garak_scoring"],
    provider_benchmark_id="with_shield",
    provider_id="trustyai_garak",
    metadata={
        "probes": ["promptinject.HijackHateHumans"],
        "shield_ids": ["Prompt-Guard-86M"]  # Input shield only
    }
)

# Test with input/output shields
metadata={
    "probes": ["promptinject.HijackHateHumans"],
    "shield_config": {
        "input": ["Prompt-Guard-86M"],
        "output": ["Llama-Guard-3-8B"]
    }
}

Accessing Reports

# Get report file IDs from job status
scan_report_id = status.metadata["scan.report.jsonl"]
scan_html_id = status.metadata["scan.report.html"]

# Download via Files API
content = client.files.content(scan_report_id)

# Or via HTTP
import requests
report = requests.get(f"http://localhost:8321/v1/openai/v1/files/{scan_html_id}/content")

Remote Execution (Kubernetes/KFP)

Setup

# KFP Configuration
export KUBEFLOW_PIPELINES_ENDPOINT="https://your-kfp-endpoint"
export KUBEFLOW_NAMESPACE="your-namespace"
export KUBEFLOW_EXPERIMENT_NAME="trustyai-garak-scans"
export KUBEFLOW_BASE_IMAGE="quay.io/spandraj/trustyai-garak-provider:cpu" # for gpu - "quay.io/spandraj/trustyai-garak-provider:gpu"

# S3 Configuration (for artifacts)
export AWS_ACCESS_KEY_ID="your-key"
export AWS_SECRET_ACCESS_KEY="your-secret"
export AWS_S3_ENDPOINT="https://your-s3-endpoint"
export AWS_S3_BUCKET="pipeline-artifacts"
export AWS_DEFAULT_REGION="us-east-1"

# Start server
llama stack run run-remote.yaml --image-type venv

Note: If you're running Llama Stack server locally, make sure BASE_URL in run-remote*.yaml is accessible from KFP pods (you can use ngrok to create an accessible endpoint for your local Llama stack service).

Usage

# Same API, runs as KFP pipeline
job = client.eval.run_eval(benchmark_id="trustyai_garak::owasp_llm_top10", ...)

# Monitor pipeline
status = client.eval.jobs.status(job_id=job.job_id, benchmark_id="trustyai_garak::owasp_llm_top10")
print(f"KFP Run ID: {status.metadata['kfp_run_id']}")

Configuration Reference

Provider Config (run.yaml)

providers:
  eval:
    - provider_id: trustyai_garak
      config:
        base_url: ${env.BASE_URL:=http://localhost:8321/v1}
        timeout: ${env.GARAK_TIMEOUT:=10800}
        max_concurrent_jobs: ${env.GARAK_MAX_CONCURRENT_JOBS:=5}
        max_workers: ${env.GARAK_MAX_WORKERS:=5}

Environment Variables

Variable Default Description
BASE_URL http://localhost:8321/v1 Llama Stack service URL
GARAK_TIMEOUT 10800 Max scan timeout (seconds)
GARAK_MAX_CONCURRENT_JOBS 5 Max concurrent scans
GARAK_MAX_WORKERS 5 Shield scanning parallelism

Deployment Modes

Mode Config File Features
Basic run.yaml Standard scanning
Enhanced run-with-safety.yaml + Shield integration
Remote run-remote.yaml KFP execution
Remote+Safety run-remote-safety.yaml + Shield integration

Result Interpretation

  • Score Range: 0.0 (secure) to 1.0 (vulnerable)
  • Threshold: Scores ≥ 0.5 indicate security concerns
  • Reports: Available in JSON, HTML, and log formats via Files API

Examples & Demos

Notebook Description
01-getting_started Basic usage and custom probes
02-scan_with_shields Shield integration testing
03-remote_garak KFP remote execution

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for saichandrapandraju from gravatar.com saichandrapandraju

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Author: TrustyAI Team
  • Tags llama-stack , garak , red-teaming , security , ai-safety
  • Requires: Python >=3.12
  • Provides-Extra: remote , dev

Release history Release notifications | RSS feed

0.4.0

0.3.1

0.3.0

0.2.0

0.1.8

0.1.7

0.1.6

0.1.5

0.1.4

0.1.3

This version

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

llama_stack_provider_trustyai_garak-0.1.2.tar.gz (41.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

llama_stack_provider_trustyai_garak-0.1.2-py3-none-any.whl (38.3 kB view details)

Uploaded Python 3

File details

Details for the file llama_stack_provider_trustyai_garak-0.1.2.tar.gz.

File metadata

File hashes

Hashes for llama_stack_provider_trustyai_garak-0.1.2.tar.gz
Algorithm Hash digest
SHA256 cfd41b88cb33c8bda63ed7ab2a41be05054d2d5aed10a843bf28cba436a5d865
MD5 e51e2c8edecd2b42b6bc0ed19ef54edc
BLAKE2b-256 f87df79e60af571a8b8fd76b759f0850a1ed4034b48a11685d88abf587458303

See more details on using hashes here.

Provenance

The following attestation bundles were made for llama_stack_provider_trustyai_garak-0.1.2.tar.gz:

Publisher: build-and-publish.yaml on trustyai-explainability/llama-stack-provider-trustyai-garak

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file llama_stack_provider_trustyai_garak-0.1.2-py3-none-any.whl.

File metadata

File hashes

Hashes for llama_stack_provider_trustyai_garak-0.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 727e7925e228cbc2f79a234df086a326e00d83e3808d3a08ed290c02ac68bc88
MD5 ec9fc46722308eca8d5667186dc9d760
BLAKE2b-256 f566f05bee77e6c7ca65837e4c2f85afe91d95e95ce2c83590d156cf87204b3c

See more details on using hashes here.

Provenance

The following attestation bundles were made for llama_stack_provider_trustyai_garak-0.1.2-py3-none-any.whl:

Publisher: build-and-publish.yaml on trustyai-explainability/llama-stack-provider-trustyai-garak

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page