npm - promptfoo - Versions diffs - 0.119.13 → 0.119.14 - Mend

promptfoo 0.119.13 → 0.119.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (131) hide show

package/dist/package.json +28 -26
package/dist/src/app/assets/index-eJ2lMe94.js +51 -0
package/dist/src/app/assets/{source-map-support-Bnh0UQ2S.js → source-map-support-1v4oeb7P.js} +1 -1
package/dist/src/app/assets/sync-CtLQRuC1.js +1 -0
package/dist/src/app/assets/{vendor-charts-T60Uk0Z3.js → vendor-charts-DnVv66VV.js} +1 -1
package/dist/src/app/assets/{vendor-markdown-DLig-KJh.js → vendor-markdown-DCpQIyMA.js} +1 -1
package/dist/src/app/assets/{vendor-mui-core-5BLaiG3c.js → vendor-mui-core-Boqnpf9f.js} +1 -1
package/dist/src/app/assets/{vendor-mui-icons-fn39Fu2e.js → vendor-mui-icons-B8MqoVbj.js} +1 -1
package/dist/src/app/assets/vendor-mui-x-CGSS6QHF.js +45 -0
package/dist/src/app/assets/{vendor-utils-DYBMEuwX.js → vendor-utils-DdfHIEy8.js} +1 -1
package/dist/src/app/index.html +7 -7
package/dist/src/assertions/guardrails.d.ts +1 -1
package/dist/src/assertions/guardrails.js +18 -9
package/dist/src/assertions/index.d.ts +1 -1
package/dist/src/assertions/index.js +9 -3
package/dist/src/assertions/searchRubric.d.ts +3 -0
package/dist/src/assertions/searchRubric.js +18 -0
package/dist/src/commands/eval.js +1 -1
package/dist/src/commands/modelScan.d.ts +7 -1
package/dist/src/commands/modelScan.js +121 -59
package/dist/src/database/index.d.ts +6 -0
package/dist/src/database/index.js +11 -0
package/dist/src/database/tables.d.ts +46 -24
package/dist/src/envars.d.ts +17 -0
package/dist/src/generated/constants.js +1 -1
package/dist/src/logger.d.ts +5 -0
package/dist/src/logger.js +28 -0
package/dist/src/main.js +17 -6
package/dist/src/matchers.d.ts +1 -0
package/dist/src/matchers.js +80 -0
package/dist/src/models/eval.d.ts +2 -1
package/dist/src/models/eval.js +44 -2
package/dist/src/prompts/grading.d.ts +1 -0
package/dist/src/prompts/grading.js +26 -1
package/dist/src/prompts/index.d.ts +1 -0
package/dist/src/prompts/index.js +4 -1
package/dist/src/providers/adaline.gateway.js +2 -2
package/dist/src/providers/anthropic/defaults.d.ts +1 -1
package/dist/src/providers/anthropic/defaults.js +15 -0
package/dist/src/providers/azure/chat.d.ts +3 -1
package/dist/src/providers/azure/chat.js +16 -3
package/dist/src/providers/azure/defaults.js +660 -141
package/dist/src/providers/azure/responses.d.ts +5 -0
package/dist/src/providers/azure/responses.js +33 -4
package/dist/src/providers/azure/types.d.ts +4 -0
package/dist/src/providers/bedrock/agents.d.ts +1 -1
package/dist/src/providers/bedrock/agents.js +2 -2
package/dist/src/providers/bedrock/base.d.ts +40 -0
package/dist/src/providers/bedrock/base.js +171 -0
package/dist/src/providers/bedrock/converse.d.ts +146 -0
package/dist/src/providers/bedrock/converse.js +1044 -0
package/dist/src/providers/bedrock/index.d.ts +1 -34
package/dist/src/providers/bedrock/index.js +4 -159
package/dist/src/providers/bedrock/knowledgeBase.d.ts +1 -1
package/dist/src/providers/bedrock/knowledgeBase.js +2 -2
package/dist/src/providers/bedrock/nova-sonic.d.ts +2 -1
package/dist/src/providers/bedrock/nova-sonic.js +2 -2
package/dist/src/providers/claude-agent-sdk.d.ts +58 -1
package/dist/src/providers/claude-agent-sdk.js +22 -1
package/dist/src/providers/defaults.js +4 -0
package/dist/src/providers/github/defaults.js +6 -6
package/dist/src/providers/google/types.d.ts +25 -0
package/dist/src/providers/google/util.d.ts +2 -0
package/dist/src/providers/google/vertex.js +78 -22
package/dist/src/providers/{groq.d.ts → groq/chat.d.ts} +26 -20
package/dist/src/providers/groq/chat.js +79 -0
package/dist/src/providers/groq/index.d.ts +5 -0
package/dist/src/providers/groq/index.js +24 -0
package/dist/src/providers/groq/responses.d.ts +106 -0
package/dist/src/providers/groq/responses.js +64 -0
package/dist/src/providers/groq/types.d.ts +44 -0
package/dist/src/providers/groq/types.js +3 -0
package/dist/src/providers/groq/util.d.ts +15 -0
package/dist/src/providers/groq/util.js +28 -0
package/dist/src/providers/mcp/client.d.ts +8 -0
package/dist/src/providers/mcp/client.js +60 -10
package/dist/src/providers/mcp/types.d.ts +21 -0
package/dist/src/providers/openai/chatkit-pool.d.ts +114 -0
package/dist/src/providers/openai/chatkit-pool.js +548 -0
package/dist/src/providers/openai/chatkit-types.d.ts +73 -0
package/dist/src/providers/openai/chatkit-types.js +3 -0
package/dist/src/providers/openai/chatkit.d.ts +76 -0
package/dist/src/providers/openai/chatkit.js +879 -0
package/dist/src/providers/openai/codex-sdk.d.ts +109 -0
package/dist/src/providers/openai/codex-sdk.js +346 -0
package/dist/src/providers/openai/defaults.d.ts +2 -0
package/dist/src/providers/openai/defaults.js +10 -4
package/dist/src/providers/registry.js +48 -9
package/dist/src/providers/responses/types.d.ts +1 -1
package/dist/src/providers/sagemaker.d.ts +2 -2
package/dist/src/providers/webSearchUtils.d.ts +17 -0
package/dist/src/providers/webSearchUtils.js +169 -0
package/dist/src/providers/xai/chat.d.ts +61 -0
package/dist/src/providers/xai/chat.js +68 -3
package/dist/src/providers/xai/responses.d.ts +189 -0
package/dist/src/providers/xai/responses.js +268 -0
package/dist/src/redteam/constants/plugins.d.ts +1 -1
package/dist/src/redteam/constants/plugins.js +1 -1
package/dist/src/redteam/constants/strategies.d.ts +1 -1
package/dist/src/redteam/constants/strategies.js +1 -0
package/dist/src/redteam/plugins/vlguard.d.ts +53 -4
package/dist/src/redteam/plugins/vlguard.js +362 -46
package/dist/src/redteam/providers/constants.d.ts +2 -2
package/dist/src/redteam/providers/constants.js +2 -2
package/dist/src/redteam/providers/crescendo/index.d.ts +1 -1
package/dist/src/redteam/providers/crescendo/index.js +5 -3
package/dist/src/redteam/providers/hydra/index.js +1 -1
package/dist/src/server/routes/modelAudit.js +4 -4
package/dist/src/share.js +4 -2
package/dist/src/telemetry.js +44 -8
package/dist/src/types/env.d.ts +3 -0
package/dist/src/types/env.js +1 -0
package/dist/src/types/index.d.ts +896 -615
package/dist/src/types/index.js +1 -0
package/dist/src/types/providers.d.ts +1 -0
package/dist/src/types/tracing.d.ts +3 -0
package/dist/src/util/database.d.ts +6 -4
package/dist/src/util/file.js +6 -4
package/dist/src/util/modelAuditCliParser.d.ts +4 -4
package/dist/src/util/xlsx.js +52 -26
package/dist/src/validators/providers.d.ts +142 -122
package/dist/src/validators/providers.js +4 -6
package/dist/src/validators/redteam.d.ts +36 -28
package/dist/src/validators/redteam.js +9 -3
package/dist/tsconfig.tsbuildinfo +1 -1
package/package.json +28 -26
package/dist/drizzle/CLAUDE.md +0 -65
package/dist/src/app/assets/index-DifT6VGT.js +0 -51
package/dist/src/app/assets/sync-Oo-W_Rbj.js +0 -1
package/dist/src/app/assets/vendor-mui-x-C2xF-yiO.js +0 -45
package/dist/src/providers/groq.js +0 -48

package/dist/src/app/index.html CHANGED Viewed

@@ -7,14 +7,14 @@
     <title>promptfoo</title>
     <meta name="description" content="LLM testing and evaluation" />
     <meta property="og:image" content="https://www.promptfoo.dev/img/thumbnail.png" />
-    <script type="module" crossorigin src="/assets/index-DifT6VGT.js"></script>
+    <script type="module" crossorigin src="/assets/index-eJ2lMe94.js"></script>
     <link rel="modulepreload" crossorigin href="/assets/vendor-react-BuO7LJGJ.js">
-    <link rel="modulepreload" crossorigin href="/assets/vendor-mui-core-5BLaiG3c.js">
-    <link rel="modulepreload" crossorigin href="/assets/vendor-mui-icons-fn39Fu2e.js">
-    <link rel="modulepreload" crossorigin href="/assets/vendor-mui-x-C2xF-yiO.js">
-    <link rel="modulepreload" crossorigin href="/assets/vendor-charts-T60Uk0Z3.js">
-    <link rel="modulepreload" crossorigin href="/assets/vendor-utils-DYBMEuwX.js">
-    <link rel="modulepreload" crossorigin href="/assets/vendor-markdown-DLig-KJh.js">
+    <link rel="modulepreload" crossorigin href="/assets/vendor-mui-core-Boqnpf9f.js">
+    <link rel="modulepreload" crossorigin href="/assets/vendor-mui-icons-B8MqoVbj.js">
+    <link rel="modulepreload" crossorigin href="/assets/vendor-mui-x-CGSS6QHF.js">
+    <link rel="modulepreload" crossorigin href="/assets/vendor-charts-DnVv66VV.js">
+    <link rel="modulepreload" crossorigin href="/assets/vendor-utils-DdfHIEy8.js">
+    <link rel="modulepreload" crossorigin href="/assets/vendor-markdown-DCpQIyMA.js">
     <link rel="modulepreload" crossorigin href="/assets/vendor-syntax-BKjot6cf.js">
     <link rel="stylesheet" crossorigin href="/assets/vendor-mui-x-BU3nLhQd.css">
     <link rel="stylesheet" crossorigin href="/assets/index-M7TScuK-.css">

package/dist/src/assertions/guardrails.d.ts CHANGED Viewed

@@ -1,3 +1,3 @@
 import type { AssertionParams, GradingResult } from '../types/index';
-export declare const handleGuardrails: ({ assertion, providerResponse, }: AssertionParams) => Promise<GradingResult>;
+export declare const handleGuardrails: ({ assertion, inverse, providerResponse, }: AssertionParams) => Promise<GradingResult>;
 //# sourceMappingURL=guardrails.d.ts.map

package/dist/src/assertions/guardrails.js CHANGED Viewed

@@ -5,7 +5,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.handleGuardrails = void 0;
 const logger_1 = __importDefault(require("../logger"));
-const handleGuardrails = async ({ assertion, providerResponse, }) => {
+const handleGuardrails = async ({ assertion, inverse, providerResponse, }) => {
     const guardrails = providerResponse.guardrails ||
         providerResponse.metadata?.redteamHistory?.[providerResponse.metadata.redteamHistory.length - 1]
             ?.guardrails;
@@ -20,26 +20,35 @@ const handleGuardrails = async ({ assertion, providerResponse, }) => {
                 reason = 'Output failed safety checks';
             }
             reason = guardrails.reason || reason;
+            // For inverse (not-guardrails), passing means content WAS flagged
+            const pass = inverse;
             return {
-                pass: false,
-                score: 0,
-                reason,
+                pass,
+                score: pass ? 1 : 0,
+                reason: inverse ? `Guardrail correctly blocked: ${reason}` : reason,
                 assertion,
             };
         }
         else {
+            // Content was not flagged
+            // For inverse (not-guardrails), failing means content was NOT flagged
+            const pass = !inverse;
             return {
-                pass: true,
-                score: 1,
-                reason: 'Content passed safety checks',
+                pass,
+                score: pass ? 1 : 0,
+                reason: inverse
+                    ? 'Content was not blocked by guardrails (expected to be blocked)'
+                    : 'Content passed safety checks',
                 assertion,
             };
         }
     }
     return {
-        pass: true,
+        pass: !inverse,
         score: 0,
-        reason: 'Guardrail was not applied',
+        reason: inverse
+            ? 'Guardrail was not applied (expected content to be blocked)'
+            : 'Guardrail was not applied',
         assertion,
     };
 };

package/dist/src/assertions/index.d.ts CHANGED Viewed

@@ -2,7 +2,7 @@ import { matchesConversationRelevance } from '../external/matchers/deepeval';
 import { matchesAnswerRelevance, matchesClassification, matchesClosedQa, matchesContextFaithfulness, matchesContextRecall, matchesContextRelevance, matchesFactuality, matchesLlmRubric, matchesModeration, matchesSelectBest, matchesSimilarity } from '../matchers';
 import { type ApiProvider, type Assertion, type AssertionType, type AtomicTestCase, type CallApiContextParams, type GradingResult } from '../types/index';
 import type { ProviderResponse, ScoringFunction } from '../types/index';
-export declare const MODEL_GRADED_ASSERTION_TYPES: Set<"moderation" | "cost" | `promptfoo:redteam:${string}` | "factuality" | "answer-relevance" | "bleu" | "classifier" | "contains" | "contains-all" | "contains-any" | "contains-html" | "contains-json" | "contains-sql" | "contains-xml" | "context-faithfulness" | "context-recall" | "context-relevance" | "conversation-relevance" | "equals" | "finish-reason" | "g-eval" | "gleu" | "guardrails" | "icontains" | "icontains-all" | "icontains-any" | "is-html" | "is-json" | "is-refusal" | "is-sql" | "is-valid-function-call" | "is-valid-openai-function-call" | "is-valid-openai-tools-call" | "is-xml" | "javascript" | "latency" | "levenshtein" | "llm-rubric" | "pi" | "meteor" | "model-graded-closedqa" | "model-graded-factuality" | "perplexity" | "perplexity-score" | "python" | "regex" | "rouge-n" | "ruby" | "similar" | "similar:cosine" | "similar:dot" | "similar:euclidean" | "starts-with" | "trace-error-spans" | "trace-span-count" | "trace-span-duration" | "webhook" | "not-moderation" | "not-cost" | "not-factuality" | "not-answer-relevance" | "not-bleu" | "not-classifier" | "not-contains" | "not-contains-all" | "not-contains-any" | "not-contains-html" | "not-contains-json" | "not-contains-sql" | "not-contains-xml" | "not-context-faithfulness" | "not-context-recall" | "not-context-relevance" | "not-conversation-relevance" | "not-equals" | "not-finish-reason" | "not-g-eval" | "not-gleu" | "not-guardrails" | "not-icontains" | "not-icontains-all" | "not-icontains-any" | "not-is-html" | "not-is-json" | "not-is-refusal" | "not-is-sql" | "not-is-valid-function-call" | "not-is-valid-openai-function-call" | "not-is-valid-openai-tools-call" | "not-is-xml" | "not-javascript" | "not-latency" | "not-levenshtein" | "not-llm-rubric" | "not-pi" | "not-meteor" | "not-model-graded-closedqa" | "not-model-graded-factuality" | "not-perplexity" | "not-perplexity-score" | "not-python" | "not-regex" | "not-rouge-n" | "not-ruby" | "not-similar" | "not-similar:cosine" | "not-similar:dot" | "not-similar:euclidean" | "not-starts-with" | "not-trace-error-spans" | "not-trace-span-count" | "not-trace-span-duration" | "not-webhook" | "select-best" | "human" | "max-score">;
+export declare const MODEL_GRADED_ASSERTION_TYPES: Set<"moderation" | "cost" | `promptfoo:redteam:${string}` | "factuality" | "answer-relevance" | "bleu" | "classifier" | "contains" | "contains-all" | "contains-any" | "contains-html" | "contains-json" | "contains-sql" | "contains-xml" | "context-faithfulness" | "context-recall" | "context-relevance" | "conversation-relevance" | "equals" | "finish-reason" | "g-eval" | "gleu" | "guardrails" | "icontains" | "icontains-all" | "icontains-any" | "is-html" | "is-json" | "is-refusal" | "is-sql" | "is-valid-function-call" | "is-valid-openai-function-call" | "is-valid-openai-tools-call" | "is-xml" | "javascript" | "latency" | "levenshtein" | "llm-rubric" | "pi" | "meteor" | "model-graded-closedqa" | "model-graded-factuality" | "perplexity" | "perplexity-score" | "python" | "regex" | "rouge-n" | "ruby" | "similar" | "similar:cosine" | "similar:dot" | "similar:euclidean" | "starts-with" | "trace-error-spans" | "trace-span-count" | "trace-span-duration" | "search-rubric" | "webhook" | "not-moderation" | "not-cost" | "not-factuality" | "not-answer-relevance" | "not-bleu" | "not-classifier" | "not-contains" | "not-contains-all" | "not-contains-any" | "not-contains-html" | "not-contains-json" | "not-contains-sql" | "not-contains-xml" | "not-context-faithfulness" | "not-context-recall" | "not-context-relevance" | "not-conversation-relevance" | "not-equals" | "not-finish-reason" | "not-g-eval" | "not-gleu" | "not-guardrails" | "not-icontains" | "not-icontains-all" | "not-icontains-any" | "not-is-html" | "not-is-json" | "not-is-refusal" | "not-is-sql" | "not-is-valid-function-call" | "not-is-valid-openai-function-call" | "not-is-valid-openai-tools-call" | "not-is-xml" | "not-javascript" | "not-latency" | "not-levenshtein" | "not-llm-rubric" | "not-pi" | "not-meteor" | "not-model-graded-closedqa" | "not-model-graded-factuality" | "not-perplexity" | "not-perplexity-score" | "not-python" | "not-regex" | "not-rouge-n" | "not-ruby" | "not-similar" | "not-similar:cosine" | "not-similar:dot" | "not-similar:euclidean" | "not-starts-with" | "not-trace-error-spans" | "not-trace-span-count" | "not-trace-span-duration" | "not-search-rubric" | "not-webhook" | "select-best" | "human" | "max-score">;
 /**
  * Tests whether an assertion is inverse e.g. "not-equals" is inverse of "equals"
  * or "not-contains" is inverse of "contains".

package/dist/src/assertions/index.js CHANGED Viewed

@@ -55,6 +55,7 @@ const logger_1 = __importDefault(require("../logger"));
 const matchers_1 = require("../matchers");
 const packageParser_1 = require("../providers/packageParser");
 const pythonUtils_1 = require("../python/pythonUtils");
+const store_1 = require("../tracing/store");
 const fileExtensions_1 = require("../util/fileExtensions");
 const invariant_1 = __importDefault(require("../util/invariant"));
 const templates_1 = require("../util/templates");
@@ -88,10 +89,10 @@ const perplexity_1 = require("./perplexity");
 const pi_1 = require("./pi");
 const python_1 = require("./python");
 const redteam_1 = require("./redteam");
-const ruby_1 = require("./ruby");
 const refusal_1 = require("./refusal");
 const regex_1 = require("./regex");
 const rouge_1 = require("./rouge");
+const ruby_1 = require("./ruby");
 const similar_1 = require("./similar");
 const sql_1 = require("./sql");
 const startsWith_1 = require("./startsWith");
@@ -100,6 +101,7 @@ const traceSpanCount_1 = require("./traceSpanCount");
 const traceSpanDuration_1 = require("./traceSpanDuration");
 const utils_1 = require("./utils");
 const webhook_1 = require("./webhook");
+const searchRubric_1 = require("./searchRubric");
 const xml_1 = require("./xml");
 const ASSERTIONS_MAX_CONCURRENCY = (0, envars_1.getEnvInt)('PROMPTFOO_ASSERTIONS_MAX_CONCURRENCY', 3);
 exports.MODEL_GRADED_ASSERTION_TYPES = new Set([
@@ -111,6 +113,7 @@ exports.MODEL_GRADED_ASSERTION_TYPES = new Set([
     'llm-rubric',
     'model-graded-closedqa',
     'model-graded-factuality',
+    'search-rubric',
 ]);
 const ASSERTION_HANDLERS = {
     'answer-relevance': answerRelevance_1.handleAnswerRelevance,
@@ -178,6 +181,7 @@ const ASSERTION_HANDLERS = {
     regex: regex_1.handleRegex,
     ruby: ruby_1.handleRuby,
     'rouge-n': rouge_1.handleRougeScore,
+    'search-rubric': searchRubric_1.handleSearchRubric,
     similar: similar_1.handleSimilar,
     'similar:cosine': similar_1.handleSimilar,
     'similar:dot': similar_1.handleSimilar,
@@ -231,12 +235,14 @@ async function runAssertion({ prompt, provider, assertion, test, latencyMs, prov
     // Add trace data if traceId is available
     if (traceId) {
         try {
-            const { getTraceStore } = await Promise.resolve().then(() => __importStar(require('../tracing/store')));
-            const traceStore = getTraceStore();
+            const traceStore = (0, store_1.getTraceStore)();
             const traceData = await traceStore.getTrace(traceId);
             if (traceData) {
                 context.trace = {
                     traceId: traceData.traceId,
+                    evaluationId: traceData.evaluationId,
+                    testCaseId: traceData.testCaseId,
+                    metadata: traceData.metadata,
                     spans: traceData.spans || [],
                 };
             }

package/dist/src/assertions/searchRubric.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import type { AssertionParams, GradingResult } from '../types/index';
+export declare function handleSearchRubric({ assertion, baseType: _baseType, inverse, provider, renderedValue, test, providerResponse, }: AssertionParams): Promise<GradingResult>;
+//# sourceMappingURL=searchRubric.d.ts.map

package/dist/src/assertions/searchRubric.js ADDED Viewed

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.handleSearchRubric = handleSearchRubric;
+const matchers_1 = require("../matchers");
+async function handleSearchRubric({ assertion, baseType: _baseType, inverse, provider, renderedValue, test, providerResponse, }) {
+    if (renderedValue == null) {
+        throw new Error('search-rubric assertion type must have a string value');
+    }
+    const result = await (0, matchers_1.matchesSearchRubric)(String(renderedValue), providerResponse.output, test.options, test.vars, assertion, provider);
+    if (inverse) {
+        result.pass = !result.pass;
+        result.reason = result.pass
+            ? `Output does not require web search verification: ${result.reason}`
+            : `Output requires web search verification: ${result.reason}`;
+    }
+    return result;
+}
+//# sourceMappingURL=searchRubric.js.map

package/dist/src/commands/eval.js CHANGED Viewed

@@ -882,7 +882,7 @@ function evalCommand(program, defaultConfig, defaultConfigPath) {
             const { data: extension } = index_2.OutputFileExtension.safeParse(maybeFilePath.split('.').pop()?.toLowerCase());
             (0, invariant_1.default)(extension, `Unsupported output file format: ${maybeFilePath}. Please use one of: ${index_2.OutputFileExtension.options.join(', ')}.`);
         }
-        doEval(validatedOpts, defaultConfig, defaultConfigPath, evaluateOptions);
+        await doEval(validatedOpts, defaultConfig, defaultConfigPath, evaluateOptions);
     });
     return evalCmd;
 }

package/dist/src/commands/modelScan.d.ts CHANGED Viewed

@@ -1,4 +1,10 @@
 import type { Command } from 'commander';
-export declare function checkModelAuditInstalled(): Promise<boolean>;
+/**
+ * Check if modelaudit is installed and get its version.
+ */
+export declare function checkModelAuditInstalled(): Promise<{
+    installed: boolean;
+    version: string | null;
+}>;
 export declare function modelScanCommand(program: Command): void;
 //# sourceMappingURL=modelScan.d.ts.map

package/dist/src/commands/modelScan.js CHANGED Viewed

@@ -40,19 +40,38 @@ exports.checkModelAuditInstalled = checkModelAuditInstalled;
 exports.modelScanCommand = modelScanCommand;
 const child_process_1 = require("child_process");
 const chalk_1 = __importDefault(require("chalk"));
+const zod_1 = require("zod");
 const accounts_1 = require("../globalConfig/accounts");
+const logger_1 = __importDefault(require("../logger"));
 const modelAudit_1 = __importDefault(require("../models/modelAudit"));
 const updates_1 = require("../updates");
-const modelAuditCliParser_1 = require("../util/modelAuditCliParser");
 const huggingfaceMetadata_1 = require("../util/huggingfaceMetadata");
-const logger_1 = __importDefault(require("../logger"));
-const zod_1 = require("zod");
+const modelAuditCliParser_1 = require("../util/modelAuditCliParser");
+/**
+ * Check if modelaudit is installed and get its version.
+ */
 async function checkModelAuditInstalled() {
-    return new Promise((resolve) => {
-        const proc = (0, child_process_1.spawn)('modelaudit', ['--version']);
-        proc.on('error', () => resolve(false));
-        proc.on('close', (code) => resolve(code === 0 || code === 1));
-    });
+    const version = await (0, updates_1.getModelAuditCurrentVersion)();
+    return { installed: version !== null, version };
+}
+/**
+ * Determine if scan results contain errors.
+ */
+function hasErrorsInResults(results) {
+    return Boolean(results.has_errors ||
+        results.issues?.some((issue) => issue.severity === 'critical' || issue.severity === 'error'));
+}
+/**
+ * Determine if a model should be re-scanned based on version changes.
+ */
+function shouldRescan(existingVersion, currentVersion) {
+    if (!currentVersion) {
+        return false;
+    }
+    if (!existingVersion) {
+        return true; // Previous scan missing version
+    }
+    return existingVersion !== currentVersion; // Version changed
 }
 function modelScanCommand(program) {
     program
@@ -114,8 +133,8 @@ function modelScanCommand(program) {
                 }
             });
         }
-        // Check if modelaudit is installed
-        const isModelAuditInstalled = await checkModelAuditInstalled();
+        // Check if modelaudit is installed and get its version
+        const { installed: isModelAuditInstalled, version: currentScannerVersion } = await checkModelAuditInstalled();
         if (!isModelAuditInstalled) {
             logger_1.default.error('ModelAudit is not installed.');
             logger_1.default.info(`Please install it using: ${chalk_1.default.green('pip install modelaudit')}`);
@@ -124,38 +143,52 @@ function modelScanCommand(program) {
         }
         // Check for modelaudit updates
         await (0, updates_1.checkModelAuditUpdates)();
+        if (currentScannerVersion) {
+            logger_1.default.debug(`Using modelaudit version: ${currentScannerVersion}`);
+        }
         // When saving to database (default), always use JSON format internally
         // Note: --no-write flag sets options.write to false
         const saveToDatabase = options.write === undefined || options.write === true;
+        // Track existing audit to update (when re-scanning or using --force)
+        let existingAuditToUpdate = null;
         // Check for duplicate scans (HuggingFace models only, before download)
-        // Only check if saving to database and not forcing
-        if (saveToDatabase && !options.force && paths.length === 1) {
-            const modelPath = paths[0];
-            if ((0, huggingfaceMetadata_1.isHuggingFaceModel)(modelPath)) {
-                try {
-                    const metadata = await (0, huggingfaceMetadata_1.getHuggingFaceMetadata)(modelPath);
-                    if (metadata) {
-                        const parsed = (0, huggingfaceMetadata_1.parseHuggingFaceModel)(modelPath);
-                        const modelId = parsed ? `${parsed.owner}/${parsed.repo}` : modelPath;
-                        // Check if already scanned with this revision
-                        const existing = await modelAudit_1.default.findByRevision(modelId, metadata.sha);
-                        if (existing) {
-                            logger_1.default.info(chalk_1.default.yellow('✓ Model already scanned'));
-                            logger_1.default.info(`  Model: ${modelId}`);
-                            logger_1.default.info(`  Revision: ${metadata.sha}`);
-                            logger_1.default.info(`  Previous scan: ${new Date(existing.createdAt).toISOString()}`);
-                            logger_1.default.info(`  Scan ID: ${existing.id}`);
-                            logger_1.default.info(`\n${chalk_1.default.gray('Use --force to scan anyway, or view existing results with:')}`);
-                            logger_1.default.info(chalk_1.default.green(`  promptfoo view ${existing.id}`));
-                            process.exitCode = 0;
-                            return;
+        // When --force is used, we still need to find existing record to update (avoid unique constraint)
+        if (saveToDatabase && paths.length === 1 && (0, huggingfaceMetadata_1.isHuggingFaceModel)(paths[0])) {
+            try {
+                const metadata = await (0, huggingfaceMetadata_1.getHuggingFaceMetadata)(paths[0]);
+                if (metadata) {
+                    const parsed = (0, huggingfaceMetadata_1.parseHuggingFaceModel)(paths[0]);
+                    const modelId = parsed ? `${parsed.owner}/${parsed.repo}` : paths[0];
+                    const existing = await modelAudit_1.default.findByRevision(modelId, metadata.sha);
+                    if (existing && options.force) {
+                        logger_1.default.debug(`Re-scanning (--force): ${modelId}`);
+                        existingAuditToUpdate = existing;
+                    }
+                    else if (existing && shouldRescan(existing.scannerVersion, currentScannerVersion)) {
+                        const reason = existing.scannerVersion
+                            ? `modelaudit upgraded from ${existing.scannerVersion} to ${currentScannerVersion}`
+                            : `previous scan missing version info (now using ${currentScannerVersion})`;
+                        logger_1.default.debug(`Re-scanning: ${reason}`);
+                        existingAuditToUpdate = existing;
+                    }
+                    else if (existing) {
+                        logger_1.default.info(chalk_1.default.yellow('✓ Model already scanned'));
+                        logger_1.default.info(`  Model: ${modelId}`);
+                        logger_1.default.info(`  Revision: ${metadata.sha}`);
+                        if (existing.scannerVersion) {
+                            logger_1.default.info(`  Scanner version: ${existing.scannerVersion}`);
                         }
+                        logger_1.default.info(`  Previous scan: ${new Date(existing.createdAt).toISOString()}`);
+                        logger_1.default.info(`  Scan ID: ${existing.id}`);
+                        logger_1.default.info(`\n${chalk_1.default.gray('Use --force to scan anyway, or view existing results with:')}`);
+                        logger_1.default.info(chalk_1.default.green(`  promptfoo view ${existing.id}`));
+                        process.exitCode = 0;
+                        return;
                     }
                 }
-                catch (error) {
-                    logger_1.default.debug(`Failed to check for existing scan: ${error}`);
-                    // Continue with scan if metadata fetch fails
-                }
+            }
+            catch (error) {
+                logger_1.default.debug(`Failed to check for existing scan: ${error}`);
             }
         }
         const outputFormat = saveToDatabase ? 'json' : options.format || 'text';
@@ -272,31 +305,54 @@ function modelScanCommand(program) {
                             revisionInfo.contentHash = results.content_hash;
                         }
                     }
-                    // Create audit record in database
-                    const audit = await modelAudit_1.default.create({
-                        name: options.name || `Model scan ${new Date().toISOString()}`,
-                        author: (0, accounts_1.getAuthor)() || undefined,
-                        modelPath: paths.join(', '),
-                        results,
-                        metadata: {
-                            paths,
-                            options: {
-                                blacklist: options.blacklist,
-                                timeout: cliOptions.timeout,
-                                maxSize: options.maxSize,
-                                verbose: options.verbose,
-                                sbom: options.sbom,
-                                strict: options.strict,
-                                dryRun: options.dryRun,
-                                cache: options.cache,
-                                quiet: options.quiet,
-                                progress: options.progress,
-                                stream: options.stream,
-                            },
+                    // Shared metadata for audit records
+                    const auditMetadata = {
+                        paths,
+                        options: {
+                            blacklist: options.blacklist,
+                            timeout: cliOptions.timeout,
+                            maxSize: options.maxSize,
+                            verbose: options.verbose,
+                            sbom: options.sbom,
+                            strict: options.strict,
+                            dryRun: options.dryRun,
+                            cache: options.cache,
+                            quiet: options.quiet,
+                            progress: options.progress,
+                            stream: options.stream,
                         },
-                        // Revision tracking
-                        ...revisionInfo,
-                    });
+                    };
+                    // Create or update audit record in database
+                    let audit;
+                    if (existingAuditToUpdate) {
+                        // Update existing record with new scan results
+                        existingAuditToUpdate.results = results;
+                        existingAuditToUpdate.checks = results.checks ?? null;
+                        existingAuditToUpdate.issues = results.issues ?? null;
+                        existingAuditToUpdate.hasErrors = hasErrorsInResults(results);
+                        existingAuditToUpdate.totalChecks = results.total_checks ?? null;
+                        existingAuditToUpdate.passedChecks = results.passed_checks ?? null;
+                        existingAuditToUpdate.failedChecks = results.failed_checks ?? null;
+                        existingAuditToUpdate.scannerVersion = currentScannerVersion ?? null;
+                        existingAuditToUpdate.metadata = auditMetadata;
+                        existingAuditToUpdate.updatedAt = Date.now();
+                        if (revisionInfo.contentHash) {
+                            existingAuditToUpdate.contentHash = revisionInfo.contentHash;
+                        }
+                        await existingAuditToUpdate.save();
+                        audit = existingAuditToUpdate;
+                    }
+                    else {
+                        audit = await modelAudit_1.default.create({
+                            name: options.name || `Model scan ${new Date().toISOString()}`,
+                            author: (0, accounts_1.getAuthor)() || undefined,
+                            modelPath: paths.join(', '),
+                            results,
+                            metadata: auditMetadata,
+                            scannerVersion: currentScannerVersion || undefined,
+                            ...revisionInfo,
+                        });
+                    }
                     // Display summary to user (unless they requested JSON format)
                     if (options.format !== 'json') {
                         logger_1.default.info('\n' + chalk_1.default.bold('Model Audit Summary'));
@@ -340,6 +396,12 @@ function modelScanCommand(program) {
                         }
                         logger_1.default.info(`\nScanned ${results.files_scanned ?? 0} files (${((results.bytes_scanned ?? 0) / 1024 / 1024).toFixed(2)} MB)`);
                         logger_1.default.info(`Duration: ${((results.duration ?? 0) / 1000).toFixed(2)} seconds`);
+                        if (currentScannerVersion) {
+                            logger_1.default.debug(`Scanner version: ${currentScannerVersion}`);
+                        }
+                        if (existingAuditToUpdate) {
+                            logger_1.default.debug(`Updated existing audit record: ${audit.id}`);
+                        }
                         logger_1.default.info(chalk_1.default.green(`\n✓ Results saved to database with ID: ${audit.id}`));
                     }
                     // Save to file if requested

package/dist/src/database/index.d.ts CHANGED Viewed

@@ -13,4 +13,10 @@ export declare function closeDb(): void;
  * Check if the database is currently open
  */
 export declare function isDbOpen(): boolean;
+/**
+ * Close database connection if it's currently open
+ * Safe to call even if database was never opened
+ * Should be called during graceful shutdown to prevent event loop hanging
+ */
+export declare function closeDbIfOpen(): void;
 //# sourceMappingURL=index.d.ts.map

package/dist/src/database/index.js CHANGED Viewed

@@ -42,6 +42,7 @@ exports.getDbSignalPath = getDbSignalPath;
 exports.getDb = getDb;
 exports.closeDb = closeDb;
 exports.isDbOpen = isDbOpen;
+exports.closeDbIfOpen = closeDbIfOpen;
 const better_sqlite3_1 = __importDefault(require("better-sqlite3"));
 const better_sqlite3_2 = require("drizzle-orm/better-sqlite3");
 const logger_1 = require("drizzle-orm/logger");
@@ -136,4 +137,14 @@ function closeDb() {
 function isDbOpen() {
     return sqliteInstance !== null && dbInstance !== null;
 }
+/**
+ * Close database connection if it's currently open
+ * Safe to call even if database was never opened
+ * Should be called during graceful shutdown to prevent event loop hanging
+ */
+function closeDbIfOpen() {
+    if (sqliteInstance) {
+        closeDb();
+    }
+}
 //# sourceMappingURL=index.js.map