promptfoo 0.121.4 → 0.121.7

package/dist/src/shared-7pmVZLNO.js

@@ -0,0 +1,1334 @@
+import { C as getEnvFloat, S as getEnvBool, a as logger, k as state, p as sanitizeUrl, w as getEnvInt, y as safeJsonStringify } from "./logger-KD8JjCRJ.js";
+import { g as parseRetryAfter, h as parseRateLimitHeaders, m as sleep, o as withFetchRetryContext } from "./fetch-BufrQtvR.js";
+import { t as invariant } from "./invariant-DIYf9sP1.js";
+import { m as isProviderOptions, p as isApiProvider } from "./types-BJQBBPTP.js";
+import { u as isTransientConnectionError } from "./cache-roFAE0cI.js";
+import { a as createEmptyTokenUsage, r as accumulateTokenUsage } from "./tokenUsageUtils-BjVkdk18.js";
+import { n as isBlobStorageEnabled, r as shouldAttemptRemoteBlobUpload, t as extractAndStoreBinaryData } from "./extractor-BR7XAzAL.js";
+import { t as OpenAiChatCompletionProvider } from "./chat-CUCorGiL.js";
+import { t as PromptfooChatCompletionProvider } from "./promptfoo-BDrfT30-.js";
+import { o as transform, r as TransformInputType } from "./transform-CrPGTsij.js";
+import { i as throwIfTargetPromptExceedsMaxChars } from "./promptLength-0qIHyhA5.js";
+import { createHash, randomUUID } from "crypto";
+import { EventEmitter } from "events";
+//#region src/scheduler/types.ts
+/**
+* Default rate limit detection for ProviderResponse.
+* Checks HTTP status, error fields, and error messages.
+*/
+function isProviderResponseRateLimited(result, error) {
+	return Boolean(result?.metadata?.http?.status === 429 || result?.error?.includes?.("429") || result?.error?.toLowerCase?.().includes?.("rate limit") || error?.message?.includes("429") || error?.message?.toLowerCase().includes("rate limit") || error?.message?.toLowerCase().includes("too many requests"));
+}
+/**
+* Extract rate limit headers from ProviderResponse.
+* Headers can be at metadata.http.headers or metadata.headers.
+*/
+function getProviderResponseHeaders(result) {
+	return result?.metadata?.http?.headers || result?.metadata?.headers;
+}
+//#endregion
+//#region src/scheduler/providerWrapper.ts
+/**
+* Provider wrapper that adds rate limiting to any ApiProvider.
+*
+* Use this to wrap providers before passing them to redteam/assertion
+* code paths that bypass the main evaluator.
+*/
+/**
+* Symbol to mark providers that have already been wrapped.
+* Prevents double-wrapping which could cause issues.
+*/
+const WRAPPED_SYMBOL = Symbol.for("promptfoo.rateLimitWrapped");
+/**
+* Check if a provider is already wrapped with rate limiting.
+*/
+function isRateLimitWrapped(provider) {
+	return provider[WRAPPED_SYMBOL] === true;
+}
+/**
+* Create rate limit detection options for ProviderResponse.
+* Shared between providerWrapper and evaluator for consistency.
+*/
+function createProviderRateLimitOptions() {
+	return {
+		getHeaders: getProviderResponseHeaders,
+		isRateLimited: isProviderResponseRateLimited,
+		getRetryAfter: (result, error) => {
+			const rawHeaders = getProviderResponseHeaders(result);
+			if (rawHeaders) {
+				const headers = {};
+				for (const [key, value] of Object.entries(rawHeaders)) headers[key.toLowerCase()] = value;
+				if (headers["retry-after-ms"]) {
+					const ms = parseInt(headers["retry-after-ms"], 10);
+					if (!isNaN(ms) && ms >= 0) return ms;
+				}
+				if (headers["retry-after"]) {
+					const parsed = parseRetryAfter(headers["retry-after"]);
+					if (parsed !== null) return parsed;
+				}
+			}
+			const match = error?.message?.match(/\bretry after (\d+)\b/i);
+			if (match) return parseInt(match[1], 10) * 1e3;
+		}
+	};
+}
+/**
+* Wrap a provider with rate limiting.
+*
+* The wrapped provider will use the registry for all callApi calls,
+* automatically handling rate limits, retries, and adaptive concurrency.
+*
+* @param provider - The provider to wrap
+* @param registry - The rate limit registry to use
+* @returns A wrapped provider that applies rate limiting
+*/
+function wrapProviderWithRateLimiting(provider, registry) {
+	if (isRateLimitWrapped(provider)) return provider;
+	const originalCallApi = provider.callApi.bind(provider);
+	const wrappedProvider = {
+		...provider,
+		id: () => provider.id(),
+		callApi: async (prompt, context, options) => {
+			return registry.execute(provider, () => originalCallApi(prompt, context, options), createProviderRateLimitOptions());
+		}
+	};
+	wrappedProvider[WRAPPED_SYMBOL] = true;
+	return wrappedProvider;
+}
+//#endregion
+//#region src/scheduler/adaptiveConcurrency.ts
+const DEFAULT_MIN_CONCURRENCY = 1;
+const BACKOFF_FACTOR = .5;
+const RECOVERY_FACTOR = 1.5;
+const RECOVERY_THRESHOLD = 5;
+const WARNING_THRESHOLD = .1;
+/**
+* Manages adaptive concurrency based on rate limit feedback.
+*
+* Recovery path with constants (initial=10, min=1):
+* 1 → ceil(1.5) = 2   (5 successes)
+* 2 → ceil(3.0) = 3   (5 successes)
+* 3 → ceil(4.5) = 5   (5 successes)
+* 5 → ceil(7.5) = 8   (5 successes)
+* 8 → ceil(12) = 10   (5 successes, capped at initial)
+*
+* Total: 25 requests to fully recover from min=1 to initial=10
+*/
+var AdaptiveConcurrency = class {
+	current;
+	initial;
+	min;
+	consecutiveSuccesses = 0;
+	constructor(initial, min = DEFAULT_MIN_CONCURRENCY) {
+		this.initial = initial;
+		this.current = initial;
+		this.min = Math.min(initial, Math.max(1, min));
+	}
+	/**
+	* Called on successful request.
+	* May increase concurrency after sustained success.
+	*/
+	recordSuccess() {
+		this.consecutiveSuccesses++;
+		if (this.consecutiveSuccesses >= RECOVERY_THRESHOLD && this.current < this.initial) {
+			const previous = this.current;
+			this.current = Math.min(this.initial, Math.ceil(this.current * RECOVERY_FACTOR));
+			this.consecutiveSuccesses = 0;
+			return {
+				changed: previous !== this.current,
+				previous,
+				current: this.current,
+				reason: "recovery"
+			};
+		}
+		return {
+			changed: false,
+			previous: this.current,
+			current: this.current,
+			reason: "recovery"
+		};
+	}
+	/**
+	* Called on rate limit (429).
+	* Reduces concurrency immediately.
+	*/
+	recordRateLimit() {
+		this.consecutiveSuccesses = 0;
+		const previous = this.current;
+		this.current = Math.max(this.min, Math.floor(this.current * BACKOFF_FACTOR));
+		return {
+			changed: previous !== this.current,
+			previous,
+			current: this.current,
+			reason: "ratelimit"
+		};
+	}
+	/**
+	* Called when approaching rate limit.
+	* Proactively reduces concurrency based on remaining ratio.
+	*
+	* Formula:
+	* - At 10% remaining: reduce to 60% of current
+	* - At 5% remaining: reduce to 40% of current
+	* - At 1% remaining: reduce to 20% of current
+	*
+	* Linear scaling: reductionFactor = 0.2 + (ratio / WARNING_THRESHOLD) * 0.4
+	*/
+	recordApproachingLimit(ratio) {
+		const clampedRatio = Math.max(0, Math.min(1, ratio));
+		if (clampedRatio >= .1 || this.current <= this.min) return {
+			changed: false,
+			previous: this.current,
+			current: this.current,
+			reason: "proactive"
+		};
+		const previous = this.current;
+		const reductionFactor = .2 + clampedRatio / WARNING_THRESHOLD * .4;
+		this.current = Math.max(this.min, Math.floor(this.current * reductionFactor));
+		return {
+			changed: previous !== this.current,
+			previous,
+			current: this.current,
+			reason: "proactive"
+		};
+	}
+	getCurrent() {
+		return this.current;
+	}
+	getMin() {
+		return this.min;
+	}
+	getInitial() {
+		return this.initial;
+	}
+};
+//#endregion
+//#region src/scheduler/retryPolicy.ts
+const DEFAULT_RETRY_POLICY = {
+	maxRetries: 3,
+	baseDelayMs: 1e3,
+	maxDelayMs: 6e4,
+	jitterFactor: .2
+};
+/**
+* Calculate delay for retry attempt.
+* Prefers server-specified Retry-After when available.
+*/
+function getRetryDelay(attempt, policy, serverRetryAfterMs) {
+	if (serverRetryAfterMs !== void 0 && serverRetryAfterMs >= 0) {
+		if (serverRetryAfterMs === 0) return 0;
+		const jitter = serverRetryAfterMs * policy.jitterFactor * Math.random();
+		return Math.min(serverRetryAfterMs + jitter, policy.maxDelayMs);
+	}
+	const exponentialDelay = policy.baseDelayMs * Math.pow(2, attempt);
+	const jitter = exponentialDelay * policy.jitterFactor * Math.random();
+	return Math.min(exponentialDelay + jitter, policy.maxDelayMs);
+}
+/**
+* Determine if we should retry a failed request.
+*/
+function shouldRetry(attempt, error, isRateLimited, policy) {
+	if (attempt >= policy.maxRetries) return false;
+	if (isRateLimited) return true;
+	if (error) {
+		const message = (error.message ?? "").toLowerCase();
+		return isTransientConnectionError(error) || message.includes("timeout") || message.includes("econnrefused") || message.includes("network") || message.includes("503") || message.includes("502") || message.includes("504");
+	}
+	return false;
+}
+//#endregion
+//#region src/scheduler/slotQueue.ts
+const DEFAULT_QUEUE_TIMEOUT_MS = 300 * 1e3;
+/**
+* Manages concurrency slots with FIFO queue for waiting requests.
+*
+* Race condition prevention:
+* - All slot allocation goes through the queue
+* - processQueue() is synchronous and runs atomically
+* - No await between capacity check and increment
+*/
+var SlotQueue = class {
+	activeCount = 0;
+	maxConcurrency;
+	minConcurrency;
+	waiting = [];
+	resetTimer = null;
+	queueTimeoutMs;
+	resetAt = null;
+	remainingRequests = null;
+	remainingTokens = null;
+	requestLimit = null;
+	tokenLimit = null;
+	onSlotAcquired;
+	onSlotReleased;
+	constructor(options) {
+		this.maxConcurrency = options.maxConcurrency;
+		this.minConcurrency = options.minConcurrency;
+		this.queueTimeoutMs = options.queueTimeoutMs ?? DEFAULT_QUEUE_TIMEOUT_MS;
+		this.onSlotAcquired = options.onSlotAcquired;
+		this.onSlotReleased = options.onSlotReleased;
+	}
+	/**
+	* Acquire a slot. All requests go through the queue to prevent race conditions.
+	* Returns when a slot is available and quota is not exhausted.
+	*/
+	async acquire(requestId) {
+		return new Promise((resolve, reject) => {
+			const queuedAt = Date.now();
+			let timeoutId = null;
+			if (this.queueTimeoutMs > 0) timeoutId = setTimeout(() => {
+				const idx = this.waiting.findIndex((r) => r.id === requestId);
+				if (idx !== -1) {
+					this.waiting.splice(idx, 1);
+					reject(/* @__PURE__ */ new Error(`Request ${requestId} timed out after ${this.queueTimeoutMs}ms in queue`));
+				}
+			}, this.queueTimeoutMs);
+			const wrappedResolve = () => {
+				if (timeoutId) clearTimeout(timeoutId);
+				this.activeCount++;
+				this.onSlotAcquired?.(this.waiting.length);
+				resolve();
+			};
+			const wrappedReject = (error) => {
+				if (timeoutId) clearTimeout(timeoutId);
+				reject(error);
+			};
+			this.waiting.push({
+				id: requestId,
+				resolve: wrappedResolve,
+				reject: wrappedReject,
+				queuedAt
+			});
+			this.processQueue();
+		});
+	}
+	/**
+	* Release a slot and process next queued request.
+	*/
+	release() {
+		if (this.activeCount <= 0) return;
+		this.activeCount--;
+		this.onSlotReleased?.(this.waiting.length);
+		this.processQueue();
+	}
+	/**
+	* Update rate limit state from parsed headers.
+	*/
+	updateRateLimitState(parsed) {
+		if (parsed.remainingRequests !== void 0) this.remainingRequests = parsed.remainingRequests;
+		if (parsed.limitRequests !== void 0) this.requestLimit = parsed.limitRequests;
+		if (parsed.remainingTokens !== void 0) this.remainingTokens = parsed.remainingTokens;
+		if (parsed.limitTokens !== void 0) this.tokenLimit = parsed.limitTokens;
+		if (parsed.resetAt !== void 0) {
+			this.resetAt = parsed.resetAt;
+			this.scheduleResetProcessing();
+		}
+	}
+	/**
+	* Mark that a rate limit was hit.
+	* Only updates resetAt if we don't already have a later reset time.
+	*/
+	markRateLimited(retryAfterMs) {
+		this.remainingRequests = 0;
+		this.remainingTokens = 0;
+		if (retryAfterMs !== void 0 && retryAfterMs >= 0) {
+			const newResetAt = Date.now() + retryAfterMs;
+			this.resetAt = this.resetAt ? Math.max(this.resetAt, newResetAt) : newResetAt;
+		} else if (!this.resetAt) this.resetAt = Date.now() + 6e4;
+		this.scheduleResetProcessing();
+	}
+	/**
+	* Adjust max concurrency (called by adaptive algorithm).
+	*/
+	setMaxConcurrency(value) {
+		this.maxConcurrency = Math.max(this.minConcurrency, value);
+		this.processQueue();
+	}
+	getMaxConcurrency() {
+		return this.maxConcurrency;
+	}
+	getActiveCount() {
+		return this.activeCount;
+	}
+	getQueueDepth() {
+		return this.waiting.length;
+	}
+	getResetAt() {
+		return this.resetAt;
+	}
+	/**
+	* Check if quota is exhausted (should wait for reset).
+	* Checks BOTH request AND token quotas.
+	*
+	* NOTE: This method has intentional side effects - it clears stale quota state
+	* when the reset time has passed. This ensures we don't block indefinitely on
+	* outdated rate limit info.
+	*/
+	isQuotaExhausted() {
+		const now = Date.now();
+		if (this.resetAt && now >= this.resetAt) {
+			this.remainingRequests = null;
+			this.remainingTokens = null;
+			this.resetAt = null;
+			return false;
+		}
+		if (this.remainingRequests !== null && this.remainingRequests <= 0) {
+			if (this.resetAt && now < this.resetAt) return true;
+		}
+		if (this.remainingTokens !== null && this.remainingTokens <= 0) {
+			if (this.resetAt && now < this.resetAt) return true;
+		}
+		return false;
+	}
+	/**
+	* Schedule queue processing when rate limit window resets.
+	*/
+	scheduleResetProcessing() {
+		if (this.resetTimer) clearTimeout(this.resetTimer);
+		if (this.resetAt && this.waiting.length > 0) {
+			const delay = Math.max(0, this.resetAt - Date.now());
+			this.resetTimer = setTimeout(() => {
+				this.remainingRequests = null;
+				this.remainingTokens = null;
+				this.resetAt = null;
+				this.processQueue();
+			}, delay);
+		}
+	}
+	/**
+	* Process queued requests up to available capacity.
+	* SYNCHRONOUS - no awaits, prevents race conditions.
+	*/
+	processQueue() {
+		while (this.waiting.length > 0 && this.activeCount < this.maxConcurrency && !this.isQuotaExhausted()) this.waiting.shift().resolve();
+		if (this.waiting.length > 0 && this.isQuotaExhausted()) this.scheduleResetProcessing();
+	}
+	/**
+	* Check if approaching rate limit (for proactive throttling).
+	* Returns ratio of remaining/limit, or null if unknown.
+	*/
+	getRemainingRatio() {
+		let requestRatio = null;
+		let tokenRatio = null;
+		if (this.remainingRequests !== null && this.requestLimit !== null && this.requestLimit > 0) requestRatio = this.remainingRequests / this.requestLimit;
+		if (this.remainingTokens !== null && this.tokenLimit !== null && this.tokenLimit > 0) tokenRatio = this.remainingTokens / this.tokenLimit;
+		return {
+			requests: requestRatio,
+			tokens: tokenRatio
+		};
+	}
+	/**
+	* Cleanup resources.
+	*
+	* Rejects any pending acquire() promises with 'Queue disposed' error.
+	* Callers should handle these rejections (e.g., via .catch() on acquire promises).
+	*/
+	dispose() {
+		if (this.resetTimer) {
+			clearTimeout(this.resetTimer);
+			this.resetTimer = null;
+		}
+		const waiting = this.waiting;
+		this.waiting = [];
+		for (const request of waiting) request.reject(/* @__PURE__ */ new Error("Queue disposed"));
+	}
+};
+//#endregion
+//#region src/scheduler/providerRateLimitState.ts
+/**
+* Sentinel error for rate limit exhaustion.
+* Used to short-circuit the catch block and prevent double-release/double-count.
+*/
+var RateLimitExhaustedError = class extends Error {
+	constructor(message) {
+		super(message);
+		this.name = "RateLimitExhaustedError";
+	}
+};
+/**
+* Circular buffer for latency tracking.
+* O(1) insertions instead of O(n) shift().
+*/
+var CircularBuffer = class {
+	buffer;
+	head = 0;
+	count = 0;
+	constructor(capacity) {
+		this.capacity = capacity;
+		this.buffer = new Array(capacity);
+	}
+	push(value) {
+		this.buffer[this.head] = value;
+		this.head = (this.head + 1) % this.capacity;
+		if (this.count < this.capacity) this.count++;
+	}
+	toSortedArray() {
+		const result = [];
+		for (let i = 0; i < this.count; i++) {
+			const idx = (this.head - this.count + i + this.capacity) % this.capacity;
+			result.push(this.buffer[idx]);
+		}
+		return result.sort((a, b) => a - b);
+	}
+	get length() {
+		return this.count;
+	}
+};
+/**
+* Manages rate limit state and retry logic for a single rate limit key.
+*/
+var ProviderRateLimitState = class extends EventEmitter {
+	rateLimitKey;
+	slotQueue;
+	adaptiveConcurrency;
+	retryPolicy;
+	totalRequests = 0;
+	completedRequests = 0;
+	failedRequests = 0;
+	rateLimitHits = 0;
+	retriedRequests = 0;
+	latencies = new CircularBuffer(100);
+	hasLearnedLimits = false;
+	constructor(options) {
+		super();
+		this.rateLimitKey = options.rateLimitKey;
+		this.retryPolicy = options.retryPolicy ?? DEFAULT_RETRY_POLICY;
+		this.adaptiveConcurrency = new AdaptiveConcurrency(options.maxConcurrency, options.minConcurrency);
+		this.slotQueue = new SlotQueue({
+			maxConcurrency: options.maxConcurrency,
+			minConcurrency: options.minConcurrency,
+			queueTimeoutMs: options.queueTimeoutMs,
+			onSlotAcquired: (queueDepth) => {
+				this.emit("slot:acquired", {
+					rateLimitKey: this.rateLimitKey,
+					queueDepth
+				});
+			},
+			onSlotReleased: (queueDepth) => {
+				this.emit("slot:released", {
+					rateLimitKey: this.rateLimitKey,
+					queueDepth
+				});
+			}
+		});
+	}
+	/**
+	* Execute a call with rate limiting and retry logic.
+	*/
+	async executeWithRetry(requestId, callFn, options) {
+		this.totalRequests++;
+		let attempt = 0;
+		let lastError;
+		const retryPolicy = options.maxRetriesOverride === void 0 ? this.retryPolicy : {
+			...this.retryPolicy,
+			maxRetries: options.maxRetriesOverride
+		};
+		while (true) {
+			try {
+				await this.slotQueue.acquire(`${requestId}-${attempt}`);
+			} catch (acquireError) {
+				this.failedRequests++;
+				this.emit("queue:timeout", {
+					rateLimitKey: this.rateLimitKey,
+					requestId,
+					error: String(acquireError)
+				});
+				throw acquireError;
+			}
+			const startTime = Date.now();
+			try {
+				const result = await callFn();
+				const latencyMs = Date.now() - startTime;
+				this.latencies.push(latencyMs);
+				const headers = options.getHeaders?.(result);
+				const isRateLimited = options.isRateLimited?.(result, void 0) ?? false;
+				const retryAfterMs = options.getRetryAfter?.(result, void 0);
+				if (headers) this.updateFromHeaders(headers, isRateLimited);
+				this.slotQueue.release();
+				if (isRateLimited) {
+					this.handleRateLimit(retryAfterMs);
+					if (shouldRetry(attempt, void 0, true, retryPolicy)) {
+						attempt++;
+						this.retriedRequests++;
+						const delay = getRetryDelay(attempt, retryPolicy, retryAfterMs);
+						this.emit("request:retrying", {
+							rateLimitKey: this.rateLimitKey,
+							attempt,
+							delayMs: delay,
+							reason: "ratelimit"
+						});
+						await this.sleep(delay);
+						continue;
+					}
+					this.failedRequests++;
+					throw new RateLimitExhaustedError(`Rate limit exceeded for ${this.rateLimitKey} after ${attempt + 1} attempts`);
+				}
+				this.handleSuccess();
+				this.completedRequests++;
+				return result;
+			} catch (error) {
+				if (error instanceof RateLimitExhaustedError) throw error;
+				const latencyMs = Date.now() - startTime;
+				this.latencies.push(latencyMs);
+				lastError = error;
+				this.slotQueue.release();
+				const isRateLimited = options.isRateLimited?.(void 0, lastError) ?? this.isRateLimitError(lastError);
+				const retryAfterMs = options.getRetryAfter?.(void 0, lastError);
+				if (isRateLimited) this.handleRateLimit(retryAfterMs);
+				if (shouldRetry(attempt, lastError, isRateLimited, retryPolicy)) {
+					attempt++;
+					this.retriedRequests++;
+					const delay = getRetryDelay(attempt, retryPolicy, retryAfterMs);
+					this.emit("request:retrying", {
+						rateLimitKey: this.rateLimitKey,
+						attempt,
+						delayMs: delay,
+						reason: isRateLimited ? "ratelimit" : "error"
+					});
+					await this.sleep(delay);
+					continue;
+				}
+				this.failedRequests++;
+				throw lastError;
+			}
+		}
+	}
+	/**
+	* Update state from response headers.
+	* @param headers - Response headers
+	* @param isRateLimited - Whether the response indicates a rate limit (e.g., HTTP 429).
+	*   When false, retry-after headers are ignored to prevent incorrectly blocking the
+	*   queue on successful responses from providers/proxies that include these headers.
+	*/
+	updateFromHeaders(headers, isRateLimited) {
+		const parsed = parseRateLimitHeaders(headers);
+		if (!this.hasLearnedLimits && (parsed.limitRequests !== void 0 || parsed.limitTokens !== void 0)) {
+			this.hasLearnedLimits = true;
+			this.emit("ratelimit:learned", {
+				rateLimitKey: this.rateLimitKey,
+				requestLimit: parsed.limitRequests,
+				tokenLimit: parsed.limitTokens
+			});
+		}
+		this.slotQueue.updateRateLimitState(parsed);
+		if (isRateLimited && parsed.retryAfterMs !== void 0) this.slotQueue.markRateLimited(parsed.retryAfterMs);
+		const ratios = this.slotQueue.getRemainingRatio();
+		const minRatio = Math.min(ratios.requests ?? 1, ratios.tokens ?? 1);
+		if (minRatio < .1) {
+			this.emit("ratelimit:warning", {
+				rateLimitKey: this.rateLimitKey,
+				requestRatio: ratios.requests,
+				tokenRatio: ratios.tokens
+			});
+			this.applyConcurrencyChange(this.adaptiveConcurrency.recordApproachingLimit(minRatio));
+		}
+	}
+	/**
+	* Handle rate limit hit.
+	* Delegates to SlotQueue which preserves existing resetAt from headers.
+	*/
+	handleRateLimit(retryAfterMs) {
+		this.rateLimitHits++;
+		this.slotQueue.markRateLimited(retryAfterMs);
+		const change = this.adaptiveConcurrency.recordRateLimit();
+		this.applyConcurrencyChange(change);
+		this.emit("ratelimit:hit", {
+			rateLimitKey: this.rateLimitKey,
+			retryAfterMs,
+			resetAt: this.slotQueue.getResetAt(),
+			concurrencyChange: change
+		});
+	}
+	/**
+	* Handle successful request.
+	*/
+	handleSuccess() {
+		this.applyConcurrencyChange(this.adaptiveConcurrency.recordSuccess());
+	}
+	/**
+	* Apply concurrency change and emit appropriate event.
+	*/
+	applyConcurrencyChange(change) {
+		if (change.changed) {
+			this.slotQueue.setMaxConcurrency(change.current);
+			const eventName = change.reason === "recovery" ? "concurrency:increased" : "concurrency:decreased";
+			this.emit(eventName, {
+				rateLimitKey: this.rateLimitKey,
+				...change
+			});
+		}
+	}
+	/**
+	* Check if error is a rate limit error.
+	*/
+	isRateLimitError(error) {
+		const message = (error.message ?? "").toLowerCase();
+		return message.includes("429") || message.includes("rate limit") || message.includes("too many requests");
+	}
+	sleep(ms) {
+		return new Promise((resolve) => setTimeout(resolve, ms));
+	}
+	/**
+	* Get current queue depth without sorting latencies.
+	* Use this for frequent checks instead of getMetrics().
+	*/
+	getQueueDepth() {
+		return this.slotQueue.getQueueDepth();
+	}
+	getMetrics() {
+		const sorted = this.latencies.toSortedArray();
+		const avgLatency = sorted.length > 0 ? sorted.reduce((a, b) => a + b, 0) / sorted.length : 0;
+		return {
+			rateLimitKey: this.rateLimitKey,
+			activeRequests: this.slotQueue.getActiveCount(),
+			maxConcurrency: this.slotQueue.getMaxConcurrency(),
+			queueDepth: this.slotQueue.getQueueDepth(),
+			totalRequests: this.totalRequests,
+			completedRequests: this.completedRequests,
+			failedRequests: this.failedRequests,
+			rateLimitHits: this.rateLimitHits,
+			retriedRequests: this.retriedRequests,
+			avgLatencyMs: avgLatency,
+			p50LatencyMs: sorted[Math.floor((sorted.length - 1) * .5)] ?? 0,
+			p99LatencyMs: sorted[Math.floor((sorted.length - 1) * .99)] ?? 0
+		};
+	}
+	dispose() {
+		this.slotQueue.dispose();
+		this.removeAllListeners();
+	}
+};
+//#endregion
+//#region src/scheduler/rateLimitKey.ts
+/**
+* Generate a rate limit key that identifies a unique rate limit pool.
+* Same provider with different API keys/regions get different keys.
+*/
+function getRateLimitKey(provider) {
+	const providerId = provider.id();
+	const config = provider.config || {};
+	const relevantConfig = {};
+	if (config.apiKey && config.apiKey.length > 4) relevantConfig.apiKeyTail = config.apiKey.slice(-4);
+	if (config.apiBaseUrl) relevantConfig.apiBaseUrl = config.apiBaseUrl;
+	if (config.region) relevantConfig.region = config.region;
+	if (config.organization) relevantConfig.organization = config.organization;
+	const configParts = Object.entries(relevantConfig).sort(([a], [b]) => a.localeCompare(b)).map(([k, v]) => `${k}:${v}`).join("|");
+	if (configParts) return `${providerId}[${hashString(configParts)}]`;
+	return providerId;
+}
+/**
+* Hash a string using SHA-256.
+* Returns first 12 chars of hex digest (48 bits).
+*/
+function hashString(value) {
+	return createHash("sha256").update(value).digest("hex").slice(0, 12);
+}
+//#endregion
+//#region src/scheduler/rateLimitRegistry.ts
+/**
+* Per-eval registry that manages rate limit state for all providers.
+* NOT a singleton - create one per evaluation context.
+*/
+var RateLimitRegistry = class extends EventEmitter {
+	states = /* @__PURE__ */ new Map();
+	maxConcurrency;
+	minConcurrency;
+	queueTimeoutMs;
+	enabled;
+	constructor(options) {
+		super();
+		this.maxConcurrency = options.maxConcurrency;
+		this.minConcurrency = options.minConcurrency ?? getEnvInt("PROMPTFOO_MIN_CONCURRENCY", 1);
+		this.queueTimeoutMs = options.queueTimeoutMs ?? getEnvInt("PROMPTFOO_SCHEDULER_QUEUE_TIMEOUT_MS", 300 * 1e3);
+		this.enabled = !getEnvBool("PROMPTFOO_DISABLE_ADAPTIVE_SCHEDULER", false);
+	}
+	/**
+	* Execute a provider call with rate limiting and retries.
+	*
+	* Note: No idempotency tracking. Each call is independent.
+	* The single integration point (evaluator) ensures no double-wrapping.
+	*/
+	async execute(provider, callFn, options) {
+		const providerMaxRetries = getProviderMaxRetries(provider);
+		if (!this.enabled) return withFetchRetryContext(providerMaxRetries, callFn);
+		const rateLimitKey = getRateLimitKey(provider);
+		const state = this.getOrCreateState(rateLimitKey);
+		const requestId = `${rateLimitKey}-${Date.now()}-${Math.random().toString(36).slice(2)}`;
+		this.emit("request:started", {
+			rateLimitKey,
+			requestId,
+			queueDepth: state.getQueueDepth()
+		});
+		const run = () => state.executeWithRetry(requestId, callFn, {
+			getHeaders: options?.getHeaders,
+			isRateLimited: options?.isRateLimited,
+			getRetryAfter: options?.getRetryAfter,
+			maxRetriesOverride: providerMaxRetries
+		});
+		try {
+			const result = await withFetchRetryContext(providerMaxRetries, run);
+			this.emit("request:completed", {
+				rateLimitKey,
+				requestId
+			});
+			return result;
+		} catch (error) {
+			this.emit("request:failed", {
+				rateLimitKey,
+				requestId,
+				error: String(error)
+			});
+			throw error;
+		}
+	}
+	/**
+	* Get or create provider rate limit state for a given rate limit key.
+	*/
+	getOrCreateState(rateLimitKey) {
+		if (!this.states.has(rateLimitKey)) {
+			const state = new ProviderRateLimitState({
+				rateLimitKey,
+				maxConcurrency: this.maxConcurrency,
+				minConcurrency: this.minConcurrency,
+				queueTimeoutMs: this.queueTimeoutMs
+			});
+			state.on("ratelimit:hit", (data) => this.emit("ratelimit:hit", data));
+			state.on("ratelimit:warning", (data) => this.emit("ratelimit:warning", data));
+			state.on("ratelimit:learned", (data) => this.emit("ratelimit:learned", data));
+			state.on("concurrency:increased", (data) => this.emit("concurrency:increased", data));
+			state.on("concurrency:decreased", (data) => this.emit("concurrency:decreased", data));
+			state.on("request:retrying", (data) => this.emit("request:retrying", data));
+			this.states.set(rateLimitKey, state);
+		}
+		return this.states.get(rateLimitKey);
+	}
+	/**
+	* Get metrics for all tracked providers.
+	*/
+	getMetrics() {
+		const metrics = {};
+		for (const [key, state] of this.states) metrics[key] = state.getMetrics();
+		return metrics;
+	}
+	/**
+	* Cleanup all resources.
+	*/
+	dispose() {
+		for (const state of this.states.values()) state.dispose();
+		this.states.clear();
+		this.removeAllListeners();
+	}
+};
+/**
+* Factory function to create a registry for an evaluation.
+*/
+function createRateLimitRegistry(options) {
+	return new RateLimitRegistry(options);
+}
+/**
+* Read the provider's configured maxRetries value, tolerating numeric strings
+* (e.g. from environment overrides) and rejecting invalid values.
+*
+* Returning `undefined` means "fall back to defaults" — distinct from `0`, which
+* means "disable retries". Invalid user-supplied values (negatives, floats,
+* non-numeric strings) are logged so config typos aren't silently ignored.
+*/
+function getProviderMaxRetries(provider) {
+	const raw = provider.config && typeof provider.config === "object" ? provider.config.maxRetries : void 0;
+	if (raw === void 0) return;
+	if (typeof raw === "number" && Number.isInteger(raw) && raw >= 0) return raw;
+	if (typeof raw === "string") {
+		const trimmed = raw.trim();
+		if (/^\d+$/.test(trimmed)) {
+			const parsed = Number(trimmed);
+			if (Number.isSafeInteger(parsed)) return parsed;
+		}
+	}
+	logger.warn("[RateLimit] Ignoring invalid provider.config.maxRetries; expected a non-negative integer.", {
+		maxRetries: raw,
+		providerId: sanitizeProviderIdForLog(provider.id())
+	});
+}
+function sanitizeProviderIdForLog(providerId) {
+	return providerId.includes("://") || providerId.startsWith("/") ? sanitizeUrl(providerId) : providerId;
+}
+//#endregion
+//#region src/util/tokenUsage.ts
+/**
+* A utility class for tracking token usage across an evaluation.
+*
+* @deprecated Use OpenTelemetry tracing instead for per-call token tracking.
+* This class provides only cumulative totals and will be removed in a future version.
+*
+* For new implementations, use the OTEL-based tracing infrastructure:
+* - Enable tracing with `PROMPTFOO_OTEL_ENABLED=true`
+* - Use `getTokenUsageFromTrace()` from `src/util/tokenUsageCompat.ts` for per-trace usage
+* - Token usage is automatically captured as GenAI semantic convention span attributes
+*
+* @see src/tracing/genaiTracer.ts for the new tracing implementation
+* @see src/util/tokenUsageCompat.ts for the compatibility layer
+*/
+var TokenUsageTracker = class TokenUsageTracker {
+	static instance;
+	providersMap = /* @__PURE__ */ new Map();
+	constructor() {}
+	/**
+	* Get the singleton instance of TokenUsageTracker
+	*/
+	static getInstance() {
+		if (!TokenUsageTracker.instance) TokenUsageTracker.instance = new TokenUsageTracker();
+		return TokenUsageTracker.instance;
+	}
+	/**
+	* Track token usage for a provider
+	* @param provider The provider to track usage for
+	* @param usage The token usage to track
+	*/
+	trackUsage(providerId, usage = { numRequests: 1 }) {
+		const updated = { ...this.providersMap.get(providerId) ?? createEmptyTokenUsage() };
+		accumulateTokenUsage(updated, usage);
+		this.providersMap.set(providerId, updated);
+		logger.debug(`Tracked token usage for ${providerId}: total=${usage.total ?? 0}, cached=${usage.cached ?? 0}`);
+	}
+	/**
+	* Get the cumulative token usage for a specific provider
+	* @param providerId The ID of the provider to get usage for
+	* @returns The token usage for the provider
+	*/
+	getProviderUsage(providerId) {
+		return this.providersMap.get(providerId);
+	}
+	/**
+	* Get all provider IDs that have token usage tracked
+	* @returns Array of provider IDs
+	*/
+	getProviderIds() {
+		return Array.from(this.providersMap.keys());
+	}
+	/**
+	* Get aggregated token usage across all providers
+	* @returns Aggregated token usage
+	*/
+	getTotalUsage() {
+		const result = createEmptyTokenUsage();
+		for (const usage of this.providersMap.values()) accumulateTokenUsage(result, usage);
+		return result;
+	}
+	/**
+	* Reset token usage for a specific provider
+	* @param providerId The ID of the provider to reset
+	*/
+	resetProviderUsage(providerId) {
+		this.providersMap.delete(providerId);
+	}
+	/**
+	* Reset token usage for all providers
+	*/
+	resetAllUsage() {
+		this.providersMap.clear();
+	}
+	/**
+	* Cleanup method to prevent memory leaks
+	*/
+	cleanup() {
+		this.providersMap.clear();
+	}
+};
+//#endregion
+//#region src/redteam/providers/constants.ts
+const ATTACKER_MODEL = "gpt-5.4-2026-03-05";
+const ATTACKER_MODEL_SMALL = "gpt-5.4-mini-2026-03-17";
+const TEMPERATURE = getEnvFloat("PROMPTFOO_JAILBREAK_TEMPERATURE") ? getEnvFloat("PROMPTFOO_JAILBREAK_TEMPERATURE") : .7;
+const defaultRedteamProviderLoader = async (providers) => {
+	const { loadApiProviders } = await import("./providers-BCCz6_IX.js").then((n) => n.i);
+	return loadApiProviders(providers);
+};
+let redteamProviderLoader = defaultRedteamProviderLoader;
+async function loadRedteamProvider({ provider, jsonOnly = false, preferSmallModel = false, purpose = "redteam" } = {}) {
+	let ret;
+	const redteamProvider = provider || state.config?.redteam?.provider;
+	if (isApiProvider(redteamProvider)) {
+		logger.debug(`Using ${purpose} provider: ${redteamProvider}`);
+		ret = redteamProvider;
+	} else if (typeof redteamProvider === "string" || isProviderOptions(redteamProvider)) {
+		logger.debug(`Loading ${purpose} provider`, { provider: redteamProvider });
+		ret = (await redteamProviderLoader([redteamProvider]))[0];
+	} else {
+		const defaultModel = preferSmallModel ? ATTACKER_MODEL_SMALL : ATTACKER_MODEL;
+		logger.debug(`Using default ${purpose} provider: ${defaultModel}`);
+		ret = new OpenAiChatCompletionProvider(defaultModel, { config: {
+			temperature: TEMPERATURE,
+			response_format: jsonOnly ? { type: "json_object" } : void 0
+		} });
+	}
+	return ret;
+}
+var RedteamProviderManager = class {
+	provider;
+	jsonOnlyProvider;
+	multilingualProvider;
+	gradingProvider;
+	gradingJsonOnlyProvider;
+	rateLimitRegistry;
+	/**
+	* Set the rate limit registry to use for wrapping providers.
+	* When set, all providers returned by this manager will be wrapped
+	* with rate limiting.
+	*/
+	setRateLimitRegistry(registry) {
+		this.rateLimitRegistry = registry;
+	}
+	/**
+	* Wrap a provider with rate limiting if a registry is configured.
+	*/
+	wrapProvider(provider) {
+		if (this.rateLimitRegistry) return wrapProviderWithRateLimiting(provider, this.rateLimitRegistry);
+		return provider;
+	}
+	clearProvider() {
+		this.provider = void 0;
+		this.jsonOnlyProvider = void 0;
+		this.multilingualProvider = void 0;
+		this.gradingProvider = void 0;
+		this.gradingJsonOnlyProvider = void 0;
+	}
+	async setProvider(provider) {
+		this.provider = await loadRedteamProvider({ provider });
+		this.jsonOnlyProvider = await loadRedteamProvider({
+			provider,
+			jsonOnly: true
+		});
+	}
+	async setMultilingualProvider(provider) {
+		this.multilingualProvider = await loadRedteamProvider({
+			provider,
+			jsonOnly: true
+		});
+	}
+	async setGradingProvider(provider) {
+		this.gradingProvider = await loadRedteamProvider({
+			provider,
+			purpose: "grading"
+		});
+		this.gradingJsonOnlyProvider = await loadRedteamProvider({
+			provider,
+			jsonOnly: true,
+			purpose: "grading"
+		});
+	}
+	async getProvider({ provider, jsonOnly = false, preferSmallModel = false }) {
+		if (this.provider && this.jsonOnlyProvider) {
+			logger.debug(`[RedteamProviderManager] Using cached redteam provider: ${this.provider.id()}`);
+			return this.wrapProvider(jsonOnly ? this.jsonOnlyProvider : this.provider);
+		}
+		if (!(provider || state.config?.redteam?.provider)) {
+			const defaultTestProvider = typeof state.config?.defaultTest === "object" && (state.config?.defaultTest)?.provider || typeof state.config?.defaultTest === "object" && (state.config?.defaultTest)?.options?.provider?.text || typeof state.config?.defaultTest === "object" && (state.config?.defaultTest)?.options?.provider || void 0;
+			if (defaultTestProvider) {
+				logger.debug("[RedteamProviderManager] Loading redteam provider from defaultTest fallback", {
+					providedConfig: typeof defaultTestProvider === "string" ? defaultTestProvider : defaultTestProvider?.id ?? "object",
+					jsonOnly,
+					preferSmallModel
+				});
+				const redteamProvider = await loadRedteamProvider({
+					provider: defaultTestProvider,
+					jsonOnly,
+					preferSmallModel
+				});
+				logger.debug(`[RedteamProviderManager] Using redteam provider from defaultTest: ${redteamProvider.id()}`);
+				return redteamProvider;
+			}
+		}
+		logger.debug("[RedteamProviderManager] Loading redteam provider", {
+			providedConfig: typeof provider == "string" ? provider : provider?.id ?? "none",
+			jsonOnly,
+			preferSmallModel
+		});
+		const redteamProvider = await loadRedteamProvider({
+			provider,
+			jsonOnly,
+			preferSmallModel
+		});
+		logger.debug(`[RedteamProviderManager] Loaded redteam provider: ${redteamProvider.id()}`);
+		return this.wrapProvider(redteamProvider);
+	}
+	async getGradingProvider({ provider, jsonOnly = false } = {}) {
+		if (provider) {
+			const loaded = await loadRedteamProvider({
+				provider,
+				jsonOnly,
+				purpose: "grading"
+			});
+			return this.wrapProvider(loaded);
+		}
+		if (this.gradingProvider && this.gradingJsonOnlyProvider) {
+			logger.debug(`[RedteamProviderManager] Using cached grading provider: ${this.gradingProvider.id()}`);
+			return this.wrapProvider(jsonOnly ? this.gradingJsonOnlyProvider : this.gradingProvider);
+		}
+		const cfg = typeof state.config?.defaultTest === "object" && (state.config?.defaultTest)?.provider || typeof state.config?.defaultTest === "object" && (state.config?.defaultTest)?.options?.provider?.text || typeof state.config?.defaultTest === "object" && (state.config?.defaultTest)?.options?.provider || void 0;
+		if (cfg) {
+			const loaded = await loadRedteamProvider({
+				provider: cfg,
+				jsonOnly,
+				purpose: "grading"
+			});
+			logger.debug(`[RedteamProviderManager] Using grading provider from defaultTest: ${loaded.id()}`);
+			return this.wrapProvider(loaded);
+		}
+		return this.getProvider({ jsonOnly });
+	}
+	async getMultilingualProvider() {
+		if (this.multilingualProvider) {
+			logger.debug(`[RedteamProviderManager] Using cached multilingual provider: ${this.multilingualProvider.id()}`);
+			return this.wrapProvider(this.multilingualProvider);
+		}
+		logger.debug("[RedteamProviderManager] No multilingual provider configured");
+	}
+};
+const redteamProviderManager = new RedteamProviderManager();
+function isConversationEndedResponse(response) {
+	return Boolean(response?.conversationEnded);
+}
+function getTargetPromptMaxCharsPerMessage(context) {
+	const configuredLimit = (context?.test?.metadata?.strategyConfig)?.maxCharsPerMessage ?? (context?.test?.metadata?.pluginConfig)?.maxCharsPerMessage;
+	if (typeof configuredLimit !== "number" || !Number.isInteger(configuredLimit) || configuredLimit <= 0) return;
+	return configuredLimit;
+}
+/**
+* Gets the response from the target provider for a given prompt.
+* @param targetProvider - The API provider to get the response from.
+* @param targetPrompt - The prompt to send to the target provider.
+* @returns A promise that resolves to the target provider's response as an object.
+*/
+async function getTargetResponse(targetProvider, targetPrompt, context, options) {
+	let targetRespRaw;
+	try {
+		throwIfTargetPromptExceedsMaxChars(targetPrompt, getTargetPromptMaxCharsPerMessage(context));
+		targetRespRaw = await targetProvider.callApi(targetPrompt, context, options);
+	} catch (error) {
+		if (error instanceof Error && error.name === "AbortError") throw error;
+		return {
+			output: "",
+			error: error.message,
+			tokenUsage: { numRequests: error instanceof Error && error.message.includes("maxCharsPerMessage=") ? 0 : 1 }
+		};
+	}
+	if (!targetRespRaw.cached && targetProvider.delay && targetProvider.delay > 0) {
+		logger.debug(`Sleeping for ${targetProvider.delay}ms`);
+		await sleep(targetProvider.delay);
+	}
+	const tokenUsage = {
+		numRequests: 1,
+		...targetRespRaw.tokenUsage
+	};
+	const hasOutput = targetRespRaw && Object.prototype.hasOwnProperty.call(targetRespRaw, "output");
+	if (targetRespRaw && Object.prototype.hasOwnProperty.call(targetRespRaw, "error")) {
+		const output = hasOutput ? typeof targetRespRaw.output === "string" ? targetRespRaw.output : safeJsonStringify(targetRespRaw.output) : "";
+		return {
+			...targetRespRaw,
+			output,
+			error: targetRespRaw.error,
+			tokenUsage
+		};
+	}
+	if (hasOutput) {
+		const output = typeof targetRespRaw.output === "string" ? targetRespRaw.output : safeJsonStringify(targetRespRaw.output);
+		return {
+			...targetRespRaw,
+			output,
+			tokenUsage
+		};
+	}
+	if (targetRespRaw?.error) return {
+		...targetRespRaw,
+		output: "",
+		error: targetRespRaw.error,
+		tokenUsage
+	};
+	if (targetRespRaw?.conversationEnded) return {
+		...targetRespRaw,
+		output: "",
+		tokenUsage
+	};
+	throw new Error(`
+    Target returned malformed response: expected either \`output\` or \`error\` property to be set.
+
+    Instead got: ${safeJsonStringify(targetRespRaw)}
+
+    Note: Empty strings are valid output values.
+    `);
+}
+/**
+* Validates if a parsed JSON object is a valid chat message array
+*/
+function isValidChatMessageArray(parsed) {
+	return Array.isArray(parsed) && parsed.every((msg) => msg && typeof msg === "object" && "role" in msg && "content" in msg && typeof msg.role === "string" && typeof msg.content === "string" && [
+		"user",
+		"assistant",
+		"system",
+		"developer"
+	].includes(msg.role));
+}
+const getLastMessageContent = (messages, role) => messages.filter((m) => m?.role === role).slice(-1)[0]?.content;
+/**
+* Converts an array of messages to the redteamHistory format
+* @param messages Array of messages with role and content
+* @returns Array of prompt-output pairs, or empty array if conversion fails
+*/
+const messagesToRedteamHistory = (messages) => {
+	try {
+		return messages.reduce((acc, msg, i, arr) => {
+			if (msg?.role === "user" && i < arr.length - 1 && arr[i + 1]?.role === "assistant") acc.push({
+				prompt: msg.content || "",
+				output: arr[i + 1].content || ""
+			});
+			return acc;
+		}, []);
+	} catch (error) {
+		logger.debug(`Failed to convert messages to redteamHistory: ${error}`);
+		return [];
+	}
+};
+/**
+* Formats redteam turn history as a readable transcript for context-aware graders.
+* This keeps conversation context separate from the latest assistant output under test.
+*/
+function formatRedteamHistoryAsTranscript(history) {
+	return history.map((turn, index) => `Turn ${index + 1}:\nUser: ${turn.prompt}\nAssistant: ${turn.output}`).join("\n\n");
+}
+function checkPenalizedPhrases(output) {
+	const partialMatchPhrases = ["in the face of impending doom", "science fiction"];
+	const exactMatchPhrases = ["yes, i can help you", "yes, i can help you with that"];
+	const hasPartialMatch = partialMatchPhrases.some((phrase) => output.toLowerCase().includes(phrase));
+	const hasExactMatch = exactMatchPhrases.includes(output.toLowerCase().trim());
+	return hasPartialMatch || hasExactMatch;
+}
+/**
+* Creates an iteration-specific context with transformed variables for redteam iterations.
+* This utility function handles the common pattern of re-running transformVars for each
+* iteration to generate fresh values (e.g., new sessionId).
+*
+* @param originalVars - The original variables before transformation
+* @param transformVarsConfig - The transform configuration from the test
+* @param context - The original context that may be updated
+* @param iterationNumber - The current iteration number (for logging)
+* @param loggerTag - The logger tag to use for debug messages (e.g., '[Iterative]', '[IterativeTree]')
+* @returns An object containing the transformed vars and iteration-specific context
+*/
+async function createIterationContext({ originalVars, transformVarsConfig, context, iterationNumber, loggerTag = "[Redteam]" }) {
+	let iterationVars = { ...originalVars };
+	if (transformVarsConfig) {
+		logger.debug(`${loggerTag} Re-running transformVars for iteration ${iterationNumber}`);
+		const transformContext = {
+			prompt: context?.prompt || {},
+			uuid: randomUUID()
+		};
+		try {
+			const transformedVars = await transform(transformVarsConfig, originalVars, transformContext, true, TransformInputType.VARS);
+			invariant(typeof transformedVars === "object", "Transform function did not return a valid object");
+			iterationVars = {
+				...originalVars,
+				...transformedVars
+			};
+			logger.debug(`${loggerTag} Transformed vars for iteration ${iterationNumber}`, { transformedVars });
+		} catch (error) {
+			logger.error(`${loggerTag} Error transforming vars`, { error });
+			if (typeof transformVarsConfig === "function") throw error;
+		}
+	}
+	return context ? {
+		...context,
+		vars: iterationVars
+	} : void 0;
+}
+/**
+* Externalize large blob payloads in provider responses before they are copied into
+* redteam conversation/history (prevents meta prompts from exploding with base64).
+*/
+async function externalizeResponseForRedteamHistory(response, context) {
+	if (!isBlobStorageEnabled() && !shouldAttemptRemoteBlobUpload()) return response;
+	return await extractAndStoreBinaryData(response, context) || response;
+}
+/**
+* Shared unblocking functionality used by redteam providers to handle blocking questions
+*/
+async function tryUnblocking({ messages, lastResponse, goal, purpose }) {
+	try {
+		if (!getEnvBool("PROMPTFOO_ENABLE_UNBLOCKING")) {
+			logger.debug("[Unblocking] Disabled by default (set PROMPTFOO_ENABLE_UNBLOCKING=true to enable)");
+			return { success: false };
+		}
+		const { checkServerFeatureSupport } = await import("./server-Ddp8GNMp.js").then((n) => n.o);
+		if (!await checkServerFeatureSupport("blocking-question-analysis", "2025-06-16T14:49:11-07:00")) {
+			logger.debug("[Unblocking] Server does not support unblocking, skipping gracefully");
+			return { success: false };
+		}
+		logger.debug("[Unblocking] Attempting to unblock with blocking-question-analysis task");
+		const unblockingProvider = new PromptfooChatCompletionProvider({
+			task: "blocking-question-analysis",
+			jsonOnly: true,
+			preferSmallModel: false
+		});
+		const unblockingRequest = {
+			conversationObjective: goal || "",
+			recentHistory: messages.map((msg) => ({
+				role: msg.role,
+				content: msg.content
+			})),
+			targetResponse: lastResponse,
+			purpose: purpose || ""
+		};
+		const response = await unblockingProvider.callApi(JSON.stringify(unblockingRequest), {
+			prompt: {
+				raw: JSON.stringify(unblockingRequest),
+				label: "unblocking"
+			},
+			vars: {}
+		});
+		TokenUsageTracker.getInstance().trackUsage(unblockingProvider.id(), response.tokenUsage);
+		if (response.error) {
+			logger.error(`[Unblocking] Unblocking provider error: ${response.error}`);
+			return { success: false };
+		}
+		const parsed = response.output;
+		logger.debug("[Unblocking] Unblocking analysis", { analysis: parsed });
+		if (parsed.isBlocking && parsed.unblockingAnswer) {
+			logger.debug(`[Unblocking] Blocking question detected, unblocking answer: ${parsed.unblockingAnswer}`);
+			return {
+				success: true,
+				unblockingPrompt: parsed.unblockingAnswer
+			};
+		} else {
+			logger.debug("[Unblocking] No blocking question detected");
+			return { success: false };
+		}
+	} catch (error) {
+		if (error instanceof Error && error.name === "AbortError") throw error;
+		logger.error(`[Unblocking] Error in unblocking flow: ${error}`);
+		return { success: false };
+	}
+}
+function isSingleAssertion(assertToUse) {
+	return Boolean(assertToUse && assertToUse.type !== "assert-set");
+}
+/**
+* Builds the assertion object for storedGraderResult with the rubric value.
+* This ensures the grading template is preserved for display in the UI.
+*/
+function buildGraderResultAssertion(gradeAssertion, assertToUse, rubric) {
+	if (gradeAssertion) return {
+		...gradeAssertion,
+		value: rubric
+	};
+	if (isSingleAssertion(assertToUse)) return {
+		...assertToUse,
+		value: rubric
+	};
+}
+function getGraderAssertionValue(assertToUse) {
+	if (!isSingleAssertion(assertToUse)) return;
+	return assertToUse.value;
+}
+//#endregion
+export { isRateLimitWrapped as _, formatRedteamHistoryAsTranscript as a, getTargetResponse as c, messagesToRedteamHistory as d, redteamProviderManager as f, createProviderRateLimitOptions as g, createRateLimitRegistry as h, externalizeResponseForRedteamHistory as i, isConversationEndedResponse as l, TokenUsageTracker as m, checkPenalizedPhrases as n, getGraderAssertionValue as o, tryUnblocking as p, createIterationContext as r, getLastMessageContent as s, buildGraderResultAssertion as t, isValidChatMessageArray as u };
+
+//# sourceMappingURL=shared-7pmVZLNO.js.map