@use-lattice/litmus 0.121.3

package/LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) Promptfoo 2025
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/dist/src/accounts-Bt1oJb1Z.cjs

@@ -0,0 +1,219 @@
+const require_logger = require("./logger-DyfK9PBt.cjs");
+const require_fetch = require("./fetch-BTxakTSg.cjs");
+const BAD_EMAIL_RESULT = "bad_email";
+const EmailValidationStatus = {
+	OK: "ok",
+	EXCEEDED_LIMIT: "exceeded_limit",
+	SHOW_USAGE_WARNING: "show_usage_warning",
+	EMAIL_VERIFICATION_REQUIRED: "email_verification_required",
+	RISKY_EMAIL: "risky_email",
+	DISPOSABLE_EMAIL: "disposable_email"
+};
+const NO_EMAIL_STATUS = "no_email";
+//#endregion
+//#region src/globalConfig/accounts.ts
+const CI_PLACEHOLDER_EMAIL = "ci-placeholder@promptfoo.dev";
+function getUserId() {
+	let globalConfig = require_fetch.readGlobalConfig();
+	if (!globalConfig?.id) {
+		const newId = crypto.randomUUID();
+		globalConfig = {
+			...globalConfig,
+			id: newId
+		};
+		require_fetch.writeGlobalConfig(globalConfig);
+		return newId;
+	}
+	return globalConfig.id;
+}
+function getUserEmail() {
+	return require_fetch.readGlobalConfig()?.account?.email || null;
+}
+function setUserEmail(email) {
+	const account = require_fetch.readGlobalConfig()?.account ?? {};
+	account.email = email;
+	require_fetch.writeGlobalConfigPartial({ account });
+}
+function getUserEmailNeedsValidation() {
+	return require_fetch.readGlobalConfig()?.account?.emailNeedsValidation || false;
+}
+function setUserEmailNeedsValidation(needsValidation) {
+	const account = require_fetch.readGlobalConfig()?.account ?? {};
+	account.emailNeedsValidation = needsValidation;
+	require_fetch.writeGlobalConfigPartial({ account });
+}
+function getUserEmailValidated() {
+	return require_fetch.readGlobalConfig()?.account?.emailValidated || false;
+}
+function setUserEmailValidated(validated) {
+	const account = require_fetch.readGlobalConfig()?.account ?? {};
+	account.emailValidated = validated;
+	require_fetch.writeGlobalConfigPartial({ account });
+}
+function getAuthor() {
+	return require_logger.getEnvString("PROMPTFOO_AUTHOR") || getUserEmail() || null;
+}
+function isLoggedIntoCloud() {
+	return new require_fetch.CloudConfig().isEnabled();
+}
+/**
+* Get the authentication method used for cloud access
+* @returns 'api-key' | 'email' | 'none'
+*/
+function getAuthMethod() {
+	const hasApiKey = new require_fetch.CloudConfig().isEnabled();
+	const hasEmail = !!getUserEmail();
+	if (hasApiKey && hasEmail) return "api-key";
+	if (hasApiKey) return "api-key";
+	if (hasEmail) return "email";
+	return "none";
+}
+/**
+* Shared function to check email status with the promptfoo API
+* Used by both CLI and server routes
+*/
+async function checkEmailStatus(options) {
+	const { default: telemetry } = await Promise.resolve().then(() => require("./telemetry-DXNimrI0.cjs"));
+	const ciMode = require_logger.isCI();
+	const userEmail = ciMode ? CI_PLACEHOLDER_EMAIL : getUserEmail();
+	if (!userEmail) return {
+		status: NO_EMAIL_STATUS,
+		hasEmail: false,
+		message: "Redteam evals require email verification. Please enter your work email:"
+	};
+	if (ciMode) return {
+		status: EmailValidationStatus.OK,
+		hasEmail: true,
+		email: userEmail
+	};
+	try {
+		const validateParam = options?.validate ? "&validate=true" : "";
+		const timeout = options?.validate ? 3e3 : 500;
+		if (options?.validate) require_logger.logger.info(`Checking email...`);
+		const data = await (await require_fetch.fetchWithTimeout(`${require_logger.getEnvString("PROMPTFOO_CLOUD_API_URL", "https://api.promptfoo.app")}/api/users/status?email=${encodeURIComponent(userEmail)}${validateParam}`, void 0, timeout)).json();
+		if (options?.validate) if (new Set([
+			EmailValidationStatus.RISKY_EMAIL,
+			EmailValidationStatus.DISPOSABLE_EMAIL,
+			EmailValidationStatus.EMAIL_VERIFICATION_REQUIRED
+		]).has(data.status)) {
+			if (data.status === EmailValidationStatus.EMAIL_VERIFICATION_REQUIRED) {
+				setUserEmailValidated(false);
+				setUserEmailNeedsValidation(true);
+			}
+			if (data.status === EmailValidationStatus.RISKY_EMAIL || data.status === EmailValidationStatus.DISPOSABLE_EMAIL) await telemetry.saveConsent(userEmail, { source: "filteredInvalidEmail" });
+		} else {
+			setUserEmailValidated(true);
+			await telemetry.saveConsent(userEmail, { source: "promptForEmailValidated" });
+		}
+		return {
+			status: data.status,
+			message: data.message ?? data.error,
+			email: userEmail,
+			hasEmail: true
+		};
+	} catch (e) {
+		require_logger.logger.debug(`Failed to check user status: ${e}`);
+		return {
+			status: EmailValidationStatus.OK,
+			message: "Unable to verify email status, but proceeding",
+			email: userEmail,
+			hasEmail: true
+		};
+	}
+}
+async function promptForEmailUnverified() {
+	const { default: telemetry } = await Promise.resolve().then(() => require("./telemetry-DXNimrI0.cjs"));
+	const ciMode = require_logger.isCI();
+	const existingEmail = getUserEmail();
+	let email = ciMode ? CI_PLACEHOLDER_EMAIL : existingEmail;
+	const existingEmailNeedsValidation = !ciMode && getUserEmailNeedsValidation();
+	const existingEmailValidated = ciMode || getUserEmailValidated();
+	let emailNeedsValidation = existingEmailNeedsValidation && !existingEmailValidated;
+	if (!email) {
+		await telemetry.record("feature_used", { feature: "promptForEmailUnverified" });
+		const envEmail = require_logger.getEnvString("PROMPTFOO_EMAIL");
+		if (!envEmail) throw new Error("Email verification required for red team scans. Set the PROMPTFOO_EMAIL environment variable to your work email address.");
+		email = envEmail;
+		setUserEmail(email);
+		setUserEmailNeedsValidation(true);
+		setUserEmailValidated(false);
+		emailNeedsValidation = true;
+		await telemetry.record("feature_used", { feature: "userCompletedPromptForEmailUnverified" });
+	}
+	return { emailNeedsValidation };
+}
+async function checkEmailStatusAndMaybeExit(options) {
+	const result = await checkEmailStatus(options);
+	if (require_logger.isCI()) return "ok";
+	if (result.status === EmailValidationStatus.RISKY_EMAIL || result.status === EmailValidationStatus.DISPOSABLE_EMAIL) {
+		require_logger.logger.error("Please use a valid work email.");
+		setUserEmail("");
+		return BAD_EMAIL_RESULT;
+	}
+	if (result.status === EmailValidationStatus.EXCEEDED_LIMIT) {
+		require_logger.logger.error("You have exceeded the maximum cloud inference limit. Please contact inquiries@promptfoo.dev to upgrade your account.");
+		process.exit(1);
+	}
+	if (result.status === EmailValidationStatus.EMAIL_VERIFICATION_REQUIRED) {
+		setUserEmailNeedsValidation(true);
+		setUserEmailValidated(false);
+		const message = result.message || "Your email address is not verified. Check your inbox for a verification link, then rerun the command.";
+		require_logger.logger.error(message, {
+			status: result.status,
+			hasEmail: result.hasEmail
+		});
+		process.exit(1);
+	}
+	if (result.status === EmailValidationStatus.SHOW_USAGE_WARNING && result.message) {
+		const border = "=".repeat(require_fetch.TERMINAL_MAX_WIDTH);
+		require_logger.logger.info(border);
+		require_logger.logger.warn(result.message);
+		require_logger.logger.info(border);
+	}
+	return "ok";
+}
+//#endregion
+Object.defineProperty(exports, "checkEmailStatusAndMaybeExit", {
+	enumerable: true,
+	get: function() {
+		return checkEmailStatusAndMaybeExit;
+	}
+});
+Object.defineProperty(exports, "getAuthMethod", {
+	enumerable: true,
+	get: function() {
+		return getAuthMethod;
+	}
+});
+Object.defineProperty(exports, "getAuthor", {
+	enumerable: true,
+	get: function() {
+		return getAuthor;
+	}
+});
+Object.defineProperty(exports, "getUserEmail", {
+	enumerable: true,
+	get: function() {
+		return getUserEmail;
+	}
+});
+Object.defineProperty(exports, "getUserId", {
+	enumerable: true,
+	get: function() {
+		return getUserId;
+	}
+});
+Object.defineProperty(exports, "isLoggedIntoCloud", {
+	enumerable: true,
+	get: function() {
+		return isLoggedIntoCloud;
+	}
+});
+Object.defineProperty(exports, "promptForEmailUnverified", {
+	enumerable: true,
+	get: function() {
+		return promptForEmailUnverified;
+	}
+});
+
+//# sourceMappingURL=accounts-Bt1oJb1Z.cjs.map

package/dist/src/accounts-DjOU8Rm3.js

@@ -0,0 +1,178 @@
+import { r as logger, w as isCI, x as getEnvString } from "./logger-C40ZGil9.js";
+import { A as TERMINAL_MAX_WIDTH, a as CloudConfig, c as writeGlobalConfig, l as writeGlobalConfigPartial, r as fetchWithTimeout, s as readGlobalConfig } from "./fetch-DQckpUFz.js";
+const BAD_EMAIL_RESULT = "bad_email";
+const EmailValidationStatus = {
+	OK: "ok",
+	EXCEEDED_LIMIT: "exceeded_limit",
+	SHOW_USAGE_WARNING: "show_usage_warning",
+	EMAIL_VERIFICATION_REQUIRED: "email_verification_required",
+	RISKY_EMAIL: "risky_email",
+	DISPOSABLE_EMAIL: "disposable_email"
+};
+const NO_EMAIL_STATUS = "no_email";
+//#endregion
+//#region src/globalConfig/accounts.ts
+const CI_PLACEHOLDER_EMAIL = "ci-placeholder@promptfoo.dev";
+function getUserId() {
+	let globalConfig = readGlobalConfig();
+	if (!globalConfig?.id) {
+		const newId = crypto.randomUUID();
+		globalConfig = {
+			...globalConfig,
+			id: newId
+		};
+		writeGlobalConfig(globalConfig);
+		return newId;
+	}
+	return globalConfig.id;
+}
+function getUserEmail() {
+	return readGlobalConfig()?.account?.email || null;
+}
+function setUserEmail(email) {
+	const account = readGlobalConfig()?.account ?? {};
+	account.email = email;
+	writeGlobalConfigPartial({ account });
+}
+function getUserEmailNeedsValidation() {
+	return readGlobalConfig()?.account?.emailNeedsValidation || false;
+}
+function setUserEmailNeedsValidation(needsValidation) {
+	const account = readGlobalConfig()?.account ?? {};
+	account.emailNeedsValidation = needsValidation;
+	writeGlobalConfigPartial({ account });
+}
+function getUserEmailValidated() {
+	return readGlobalConfig()?.account?.emailValidated || false;
+}
+function setUserEmailValidated(validated) {
+	const account = readGlobalConfig()?.account ?? {};
+	account.emailValidated = validated;
+	writeGlobalConfigPartial({ account });
+}
+function getAuthor() {
+	return getEnvString("PROMPTFOO_AUTHOR") || getUserEmail() || null;
+}
+function isLoggedIntoCloud() {
+	return new CloudConfig().isEnabled();
+}
+/**
+* Get the authentication method used for cloud access
+* @returns 'api-key' | 'email' | 'none'
+*/
+function getAuthMethod() {
+	const hasApiKey = new CloudConfig().isEnabled();
+	const hasEmail = !!getUserEmail();
+	if (hasApiKey && hasEmail) return "api-key";
+	if (hasApiKey) return "api-key";
+	if (hasEmail) return "email";
+	return "none";
+}
+/**
+* Shared function to check email status with the promptfoo API
+* Used by both CLI and server routes
+*/
+async function checkEmailStatus(options) {
+	const { default: telemetry } = await import("./telemetry-Bg2WqF79.js").then((n) => n.n);
+	const ciMode = isCI();
+	const userEmail = ciMode ? CI_PLACEHOLDER_EMAIL : getUserEmail();
+	if (!userEmail) return {
+		status: NO_EMAIL_STATUS,
+		hasEmail: false,
+		message: "Redteam evals require email verification. Please enter your work email:"
+	};
+	if (ciMode) return {
+		status: EmailValidationStatus.OK,
+		hasEmail: true,
+		email: userEmail
+	};
+	try {
+		const validateParam = options?.validate ? "&validate=true" : "";
+		const timeout = options?.validate ? 3e3 : 500;
+		if (options?.validate) logger.info(`Checking email...`);
+		const data = await (await fetchWithTimeout(`${getEnvString("PROMPTFOO_CLOUD_API_URL", "https://api.promptfoo.app")}/api/users/status?email=${encodeURIComponent(userEmail)}${validateParam}`, void 0, timeout)).json();
+		if (options?.validate) if (new Set([
+			EmailValidationStatus.RISKY_EMAIL,
+			EmailValidationStatus.DISPOSABLE_EMAIL,
+			EmailValidationStatus.EMAIL_VERIFICATION_REQUIRED
+		]).has(data.status)) {
+			if (data.status === EmailValidationStatus.EMAIL_VERIFICATION_REQUIRED) {
+				setUserEmailValidated(false);
+				setUserEmailNeedsValidation(true);
+			}
+			if (data.status === EmailValidationStatus.RISKY_EMAIL || data.status === EmailValidationStatus.DISPOSABLE_EMAIL) await telemetry.saveConsent(userEmail, { source: "filteredInvalidEmail" });
+		} else {
+			setUserEmailValidated(true);
+			await telemetry.saveConsent(userEmail, { source: "promptForEmailValidated" });
+		}
+		return {
+			status: data.status,
+			message: data.message ?? data.error,
+			email: userEmail,
+			hasEmail: true
+		};
+	} catch (e) {
+		logger.debug(`Failed to check user status: ${e}`);
+		return {
+			status: EmailValidationStatus.OK,
+			message: "Unable to verify email status, but proceeding",
+			email: userEmail,
+			hasEmail: true
+		};
+	}
+}
+async function promptForEmailUnverified() {
+	const { default: telemetry } = await import("./telemetry-Bg2WqF79.js").then((n) => n.n);
+	const ciMode = isCI();
+	const existingEmail = getUserEmail();
+	let email = ciMode ? CI_PLACEHOLDER_EMAIL : existingEmail;
+	const existingEmailNeedsValidation = !ciMode && getUserEmailNeedsValidation();
+	const existingEmailValidated = ciMode || getUserEmailValidated();
+	let emailNeedsValidation = existingEmailNeedsValidation && !existingEmailValidated;
+	if (!email) {
+		await telemetry.record("feature_used", { feature: "promptForEmailUnverified" });
+		const envEmail = getEnvString("PROMPTFOO_EMAIL");
+		if (!envEmail) throw new Error("Email verification required for red team scans. Set the PROMPTFOO_EMAIL environment variable to your work email address.");
+		email = envEmail;
+		setUserEmail(email);
+		setUserEmailNeedsValidation(true);
+		setUserEmailValidated(false);
+		emailNeedsValidation = true;
+		await telemetry.record("feature_used", { feature: "userCompletedPromptForEmailUnverified" });
+	}
+	return { emailNeedsValidation };
+}
+async function checkEmailStatusAndMaybeExit(options) {
+	const result = await checkEmailStatus(options);
+	if (isCI()) return "ok";
+	if (result.status === EmailValidationStatus.RISKY_EMAIL || result.status === EmailValidationStatus.DISPOSABLE_EMAIL) {
+		logger.error("Please use a valid work email.");
+		setUserEmail("");
+		return BAD_EMAIL_RESULT;
+	}
+	if (result.status === EmailValidationStatus.EXCEEDED_LIMIT) {
+		logger.error("You have exceeded the maximum cloud inference limit. Please contact inquiries@promptfoo.dev to upgrade your account.");
+		process.exit(1);
+	}
+	if (result.status === EmailValidationStatus.EMAIL_VERIFICATION_REQUIRED) {
+		setUserEmailNeedsValidation(true);
+		setUserEmailValidated(false);
+		const message = result.message || "Your email address is not verified. Check your inbox for a verification link, then rerun the command.";
+		logger.error(message, {
+			status: result.status,
+			hasEmail: result.hasEmail
+		});
+		process.exit(1);
+	}
+	if (result.status === EmailValidationStatus.SHOW_USAGE_WARNING && result.message) {
+		const border = "=".repeat(TERMINAL_MAX_WIDTH);
+		logger.info(border);
+		logger.warn(result.message);
+		logger.info(border);
+	}
+	return "ok";
+}
+//#endregion
+export { getUserId as a, getUserEmail as i, getAuthMethod as n, isLoggedIntoCloud as o, getAuthor as r, promptForEmailUnverified as s, checkEmailStatusAndMaybeExit as t };
+
+//# sourceMappingURL=accounts-DjOU8Rm3.js.map

package/dist/src/agentic-utils-D03IiXQc.js

@@ -0,0 +1,153 @@
+import { r as logger } from "./logger-C40ZGil9.js";
+import { a as isCacheEnabled, i as getCache } from "./cache-BkrqU5Ba.js";
+import fs from "fs";
+import path from "path";
+import dedent from "dedent";
+import crypto from "crypto";
+//#region src/providers/agentic-utils.ts
+/**
+* Shared utilities for agentic providers (Claude Agent SDK, OpenCode SDK, etc.)
+*
+* These utilities handle common functionality needed by coding agent providers:
+* - Working directory fingerprinting for cache key generation
+* - Response caching with fingerprint support
+*/
+/**
+* Timeout for working directory fingerprint generation (ms)
+* Prevents hanging on extremely large directories
+*/
+const FINGERPRINT_TIMEOUT_MS = 2e3;
+/**
+* Get a fingerprint for a working directory to use as a cache key.
+* Checks directory mtime and descendant file mtimes recursively.
+*
+* This allows for caching prompts that use the same working directory
+* when the files haven't changed.
+*
+* @param workingDir - Absolute path to the working directory
+* @returns SHA-256 hash fingerprint of the directory state
+* @throws Error if fingerprinting times out or directory is inaccessible
+*/
+async function getWorkingDirFingerprint(workingDir) {
+	const dirMtime = fs.statSync(workingDir).mtimeMs;
+	const startTime = Date.now();
+	const getAllFiles = (dir, files = []) => {
+		if (Date.now() - startTime > FINGERPRINT_TIMEOUT_MS) throw new Error("Working directory fingerprint timed out");
+		const entries = fs.readdirSync(dir, { withFileTypes: true });
+		for (const entry of entries) {
+			const fullPath = path.join(dir, entry.name);
+			if (entry.isDirectory()) getAllFiles(fullPath, files);
+			else if (entry.isFile()) files.push(fullPath);
+		}
+		return files;
+	};
+	const fingerprintData = `dir:${dirMtime};files:${getAllFiles(workingDir).map((file) => {
+		const stat = fs.statSync(file);
+		return `${path.relative(workingDir, file)}:${stat.mtimeMs}`;
+	}).sort().join(",")}`;
+	return crypto.createHash("sha256").update(fingerprintData).digest("hex");
+}
+/**
+* Generate a cache key from arbitrary data using SHA-256 hash
+*
+* @param prefix - Cache key prefix (provider identifier)
+* @param data - Data to hash for the cache key
+* @returns Prefixed SHA-256 hash cache key
+*/
+function generateCacheKey(prefix, data) {
+	const stringified = JSON.stringify(data);
+	return `${prefix}:${crypto.createHash("sha256").update(stringified).digest("hex")}`;
+}
+/**
+* Initialize cache and check for cached response
+*
+* This handles the common caching pattern used by agentic providers:
+* 1. Check if caching is enabled
+* 2. Generate working directory fingerprint if needed
+* 3. Generate cache key
+* 4. Return cache configuration for use by the provider
+*
+* @param options - Cache options including prefix and working directory
+* @param cacheKeyData - Data to include in the cache key
+* @returns Cache configuration and optional cached response
+*/
+async function initializeAgenticCache(options, cacheKeyData) {
+	if (!isCacheEnabled()) return {
+		shouldCache: false,
+		shouldReadCache: false,
+		shouldWriteCache: false
+	};
+	if (options.mcp && !options.cacheMcp) return {
+		shouldCache: false,
+		shouldReadCache: false,
+		shouldWriteCache: false
+	};
+	let workingDirFingerprint = null;
+	if (options.workingDir) try {
+		workingDirFingerprint = await getWorkingDirFingerprint(options.workingDir);
+	} catch (error) {
+		logger.error(dedent`Error getting working directory fingerprint for cache key - ${options.workingDir}: ${String(error)}
+
+        Caching is disabled.`);
+		return {
+			shouldCache: false,
+			shouldReadCache: false,
+			shouldWriteCache: false
+		};
+	}
+	const cache = await getCache();
+	const cacheKey = generateCacheKey(options.cacheKeyPrefix, {
+		...cacheKeyData,
+		workingDirFingerprint,
+		...options.mcp ? { mcp: options.mcp } : {}
+	});
+	return {
+		shouldCache: true,
+		shouldReadCache: !options.bustCache,
+		shouldWriteCache: true,
+		cache,
+		cacheKey,
+		workingDirFingerprint
+	};
+}
+/**
+* Try to get a cached response
+*
+* @param cacheResult - Result from initializeAgenticCache
+* @param debugContext - Context for debug logging (e.g., prompt preview)
+* @returns Cached ProviderResponse if found, undefined otherwise
+*/
+async function getCachedResponse(cacheResult, debugContext) {
+	if (!cacheResult.shouldReadCache || !cacheResult.cache || !cacheResult.cacheKey) return;
+	try {
+		const cachedResponse = await cacheResult.cache.get(cacheResult.cacheKey);
+		if (cachedResponse) {
+			logger.debug(`Returning cached response${debugContext ? ` for ${debugContext}` : ""} (cache key: ${cacheResult.cacheKey})`);
+			return {
+				...JSON.parse(cachedResponse),
+				cached: true
+			};
+		}
+	} catch (error) {
+		logger.error(`Error getting cached response: ${String(error)}`);
+	}
+}
+/**
+* Cache a provider response
+*
+* @param cacheResult - Result from initializeAgenticCache
+* @param response - The ProviderResponse to cache
+* @param debugContext - Context for debug logging
+*/
+async function cacheResponse(cacheResult, response, debugContext) {
+	if (!cacheResult.shouldWriteCache || !cacheResult.cache || !cacheResult.cacheKey) return;
+	try {
+		await cacheResult.cache.set(cacheResult.cacheKey, JSON.stringify(response));
+	} catch (error) {
+		logger.error(`Error caching response${debugContext ? ` for ${debugContext}` : ""}: ${String(error)}`);
+	}
+}
+//#endregion
+export { initializeAgenticCache as i, generateCacheKey as n, getCachedResponse as r, cacheResponse as t };
+
+//# sourceMappingURL=agentic-utils-D03IiXQc.js.map