# Getting Started with NeMo Auditor

NVIDIA NeMo Auditor audits LLMs by running audit jobs that probe the model with a variety of prompts to identify vulnerabilities. You can use the results to help assess model and system safety.

## Typical Audit Workflow
The audit workflow covered in this notebook looks like the following:
- Create an audit target for a base model.
- Create an audit configuration.
- Run an audit job.
- View the audit results.

## NeMo Auditor Microservice Deployment

### Deployment options
NeMo Auditor Microservice can be deployed in two ways - Helm Chart and Docker. In this getting started guide, we will proceed with the Docker deployment. For Kubernetes deployment, follow the installation guide from the [NeMo Microservices Docs](https://aire.gitlab-master-pages.nvidia.com/microservices/nmp/latest/nemo-microservices/latest/audit/index.html).

### Deploy NeMo Auditor Using Docker Compose
You can deploy the NeMo Auditor microservice using Docker Compose for local development, testing, and quickstart scenarios. 

### Prerequisites
Before deploying the microservice, ensure you have the following:
- Docker and Docker Compose installed
- NGC API key for accessing the NVIDIA container registry
- Access to LLM endpoints (local NIM or NVIDIA API)

#### 1. Set up the environment variables

In [2]:
import os
import getpass

if not os.environ.get("NVIDIA_API_KEY", "").startswith("nvapi-"):
    nvidia_api_key = getpass.getpass("Enter your NVIDIA API Key: ")
    assert nvidia_api_key.startswith("nvapi-"), "Not a valid key"
    os.environ["NVIDIA_API_KEY"] = nvidia_api_key
    print("✓ NVIDIA API Key set successfully")

In [4]:
import os
import getpass

if not os.environ.get("NIM_API_KEY", "").startswith("nvapi-"):
    nim_api_key = getpass.getpass("Enter your NIM API Key: ")
    assert nim_api_key.startswith("nvapi-"), "Not a valid key"
    os.environ["NIM_API_KEY"] = nim_api_key
    print("✓ NIM API Key set successfully")

✓ NIM API Key set successfully


#### 2. Authenticate with NGC
To pull the Docker image, first log in to the NGC Docker with your `NVIDIA_API_KEY`

In [3]:
!echo "${NVIDIA_API_KEY}" | docker login nvcr.io -u '$oauthtoken' --password-stdin


https://docs.docker.com/go/credential-store/

Login Succeeded


#### 3. Deployment
Create a file, such as docker-compose.yml, with contents like the following example:

In [5]:
%%writefile docker-compose.yaml
services:
  app:
    image: ${AUDITOR_IMAGE:-nvcr.io/nvidia/nemo-microservices/auditor}
    environment:
      - POSTGRES_URI=postgresql://nemo:nemo@postgres:5432/auditor
      - NIM_API_KEY=${NIM_API_KEY}
      - REST_API_KEY
      - OPENAI_API_KEY
      - OPENAICOMPATIBLE_API_KEY
    ports:
      - 127.0.0.1:5000:5000
    depends_on:
      postgres:
        condition: service_healthy

  postgres:
    image: postgres:16.2
    restart: always
    environment:
      - POSTGRES_USER=nemo
      - POSTGRES_PASSWORD=nemo
      - POSTGRES_DB=auditor
      - POSTGRES_PORT=5432
    ports:
      - 127.0.0.1:5432:5432
    healthcheck:
      test: ["CMD-SHELL", "sh -c 'pg_isready -U nemo -d auditor'"]
      interval: 10s
      timeout: 3s
      retries: 3

Overwriting docker-compose.yaml


#### 4. Start NeMo Auditor
Open a terminal on you local computer and run the following docker-compose up command to start the relevant services

```
docker compose up
```

### Basic Audit Target
#### 1. Create a new target or find an existing target for the audit and record the ID.

When you run an audit job in NVIDIA NeMo Auditor, you create a separate audit target and audit configuration for the job. The target specifies the model name, model type, and free-form key-value pairs for model-specific inference options.

Follow the docs on more information on the Schema for Audit Targets.

In this notebook, let us look at an example target for NVIDIA Llama 3.1 Nemotron Nano V1 8B NIM

In [6]:
AUDITOR_BASE_URL="http://localhost:5000"

In [9]:
import os 
import requests

url = f"{AUDITOR_BASE_URL}/v1beta1/audit/targets"
headers = {
    "Accept": "application/json",
    "Content-Type": "application/json"
}
payload = {
    "namespace": "default",
    "name": "demo-build-nvidia-com-target",
    "type": "nim.NVOpenAIChat",
    "model": "nvidia/llama-3.1-nemotron-nano-8b-v1",
    "options": {
        "nim": {
            "skip_seq_start": "<think>",
            "skip_seq_end": "</think>",
            "max_tokens": 3200,
            "uri": "https://integrate.api.nvidia.com/v1/"
        }
    }
}

response = requests.post(url, headers=headers, json=payload)
print(response.status_code)
print(response.json())

201
{'schema_version': '1.0', 'id': 'audit_target-HMoFdzUTVas6HUjeJ5SD4f', 'description': None, 'type_prefix': None, 'namespace': 'default', 'project': None, 'created_at': '2025-08-01T02:27:40.023988', 'updated_at': '2025-08-01T02:27:40.023990', 'custom_fields': {}, 'ownership': None, 'name': 'demo-build-nvidia-com-target', 'type': 'nim.NVOpenAIChat', 'model': 'nvidia/llama-3.1-nemotron-nano-8b-v1', 'options': {'nim': {'skip_seq_start': '<think>', 'skip_seq_end': '</think>', 'max_tokens': 3200, 'uri': 'https://integrate.api.nvidia.com/v1/'}}}


In [10]:
# Record the 'name' attribute in another variable
target_name = response.json()['name']

print(target_name)  # Output: demo-build-nvidia-com-target

demo-build-nvidia-com-target


Check the docs to [update or delete](https://aire.gitlab-master-pages.nvidia.com/microservices/nmp/latest/nemo-microservices/latest/audit/targets/update-delete-target.html) an already existing target. 

#### 2. Create a new configuration or find an existing configuration for the audit and record the ID.
I going to create the following configuration

In [12]:
url = f"{AUDITOR_BASE_URL}/v1beta1/audit/configs"

headers = {
    "Accept": "application/json",
    "Content-Type": "application/json"
}

payload = {
    "name": "my_audit_config_v1",
    "namespace": "default",
    "description": "Basic demonstration configuration",
    "system": {
        "parallel_attempts": 32,      # Should be integer, not string
        "lite": True                  # Should be boolean, not string
    },
    "plugins": {
        "probe_spec": "dan.AutoDANCached,goodside.Tag"
    }
}

audit_config = requests.post(url, headers=headers, json=payload)
audit_config.raise_for_status()
print(response.json())

{'schema_version': '1.0', 'id': 'audit_target-HMoFdzUTVas6HUjeJ5SD4f', 'description': None, 'type_prefix': None, 'namespace': 'default', 'project': None, 'created_at': '2025-08-01T02:27:40.023988', 'updated_at': '2025-08-01T02:27:40.023990', 'custom_fields': {}, 'ownership': None, 'name': 'demo-build-nvidia-com-target', 'type': 'nim.NVOpenAIChat', 'model': 'nvidia/llama-3.1-nemotron-nano-8b-v1', 'options': {'nim': {'skip_seq_start': '<think>', 'skip_seq_end': '</think>', 'max_tokens': 3200, 'uri': 'https://integrate.api.nvidia.com/v1/'}}}


Usual NeMo Auditor default probe set can take hours depending on how many parallel attempts are requested and the model inference. 

Hence, we will adjust the `parallel _attempts` variable to a value of say **32**

In [13]:
# Record the 'name' attribute in another variable
config_name = audit_config.json()['name']

print(config_name)  # Output: default

my_audit_config_v1


Check the docs to [update or delete](https://aire.gitlab-master-pages.nvidia.com/microservices/nmp/latest/nemo-microservices/latest/audit/configs/update-delete.html) an already existing audit configuration. 

### Run and Manage Audit Jobs
After you create an audit target and an audit configuration, you are ready to run an audit job.

In [14]:
import json

url = f"{AUDITOR_BASE_URL}/v1beta1/audit/jobs"
headers = {
    "Accept": "application/json",
    "Content-Type": "application/json"
}
payload = {
    "name": "getting-started-job",
    "project": "demo",
    "spec": {
       "config": f"default/{config_name}",
        "target": f"default/{target_name}",
    }
}

response = requests.post(url, headers=headers, data=json.dumps(payload))
AUDIT_JOB_ID = response.json()["id"]
print(AUDIT_JOB_ID)

audit-8HcXGiNbbBF2VhgvXE4JbW


#### Get Audit Job Status

In [15]:
import time

url = f"{AUDITOR_BASE_URL}/v1beta1/audit/jobs/{AUDIT_JOB_ID}/status"
headers = {"Accept": "application/json"}

terminal_states = {"PENDING", "ACTIVE", "COMPLETED"}  # Adjust as needed

while True:
    try:
        response = requests.get(url, headers=headers)
        response.raise_for_status()
        job_info = response.json()
        job_status = job_info.get("status", "UNKNOWN")
        print(f"[{time.strftime('%Y-%m-%d %H:%M:%S')}] Job status: {job_status}")

        # Stop EXACTLY when status is "COMPLETED" (case-insensitive)
        if job_status.strip().lower() == "completed":
            print("Job has reached the COMPLETED state.")
            break

    except Exception as e:
        print(f"Error fetching job status: {e}")

    time.sleep(5)

[2025-08-01 02:28:28] Job status: ACTIVE
[2025-08-01 02:28:33] Job status: ACTIVE
[2025-08-01 02:28:39] Job status: ACTIVE
[2025-08-01 02:28:44] Job status: ACTIVE
[2025-08-01 02:28:49] Job status: ACTIVE
[2025-08-01 02:28:54] Job status: ACTIVE
[2025-08-01 02:28:59] Job status: COMPLETED
Job has reached the COMPLETED state.


In [16]:
url = f"{AUDITOR_BASE_URL}/v1beta1/audit/jobs/{AUDIT_JOB_ID}/logs"
headers = {
    "Accept": "text/plain"
}

response = requests.get(url, headers=headers)

if response.status_code == 200:
    print(json.dumps(response.text))
else:
    print(f"Error: {response.status_code} {response.reason}")

"{\"logs\":\"garak LLM vulnerability scanner v0.12.0 ( https://github.com/NVIDIA/garak ) at 2025-08-01T02:28:24.839880\\n\ud83d\udcdc logging to /app/garak_out/audit-8HcXGiNbbBF2VhgvXE4JbW/running/dan.AutoDANCached/garak/garak.log\\n\ud83e\udd9c loading \\u001b[1m\\u001b[95mgenerator\\u001b[0m: NIM: nvidia/llama-3.1-nemotron-nano-8b-v1\\n\ud83d\udcdc reporting to /app/garak_out/audit-8HcXGiNbbBF2VhgvXE4JbW/running/dan.AutoDANCached/garak/garak_runs/garak.report.jsonl\\n\ud83d\udd75\ufe0f  queue of \\u001b[1m\\u001b[93mprobes:\\u001b[0m dan.AutoDANCached\\n\\nPreparing prompts:   0%|\\u001b[38;2;0;243;180m          \\u001b[0m| 0/3 [00:00<?, ?it/s]\\n                                                        \\n\\n  0%|          | 0/3 [00:00<?, ?it/s]\\nprobes.dan.AutoDANCached:   0%|          | 0/3 [00:00<?, ?it/s]\\n\\n  0%|\\u001b[38;2;192;97;203m          \\u001b[0m| 0/5 [00:00<?, ?it/s]\\u001b[A\\n\\nNIM nvidia/llama-3.1-nemotron-nano-8b-v1:   0%|\\u001b[38;2;192;97;203m          \\u00

Check the docs to see how to [pause](https://aire.gitlab-master-pages.nvidia.com/microservices/nmp/latest/nemo-microservices/latest/audit/jobs.html#pausing-and-resuming-a-job) a running job and then [resume](https://aire.gitlab-master-pages.nvidia.com/microservices/nmp/latest/nemo-microservices/latest/audit/jobs.html#pausing-and-resuming-a-job) it when needed

### Viewing Audit Job Results

In [17]:
OUTPUT_DIR = 'output'  # You can pick any directory name

# Ensure output directory exists
os.makedirs(OUTPUT_DIR, exist_ok=True)

url = f"{AUDITOR_BASE_URL}/v1beta1/audit/jobs/{AUDIT_JOB_ID}/results/report.html/download"
headers = {
    "Accept": "text/html"
}

response = requests.get(url, headers=headers)
response.raise_for_status()

output_path = os.path.join(OUTPUT_DIR, "basic-job-report.html")
with open(output_path, "wb") as f:
    f.write(response.content)

print(f"Report downloaded to {output_path}")

# Print the HTML report's content
with open(output_path, "r", encoding="utf-8") as f:
    html_content = f.read()

print("\n=== HTML Report Content ===\n")
print(html_content)

Report downloaded to output/basic-job-report.html

=== HTML Report Content ===

<!DOCTYPE html>
<html lang="en">

<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta charset="UTF-8" />
<style>
body {font-family: sans-serif}
:root{
  --defcon1: #f94144;
  --defcon2: #f8961e;
  --defcon3: #cccccc;
  --defcon4: #eeeeee;
  --defcon5: #f7f7ff;
}
.defcon1 {background-color: var(--defcon1); text-color: #000}
.defcon2 {background-color: var(--defcon2); text-color: #000}
.defcon3 {background-color: var(--defcon3); text-color: #000}
.defcon4 {background-color: var(--defcon4); text-color: #000}
.defcon5 {background-color: var(--defcon5); text-color: #000}
.probe {padding-left: 40pt}
.detector {padding-left: 65pt}
.score {
  padding-top: 6pt; 
  padding-bottom: 6pt; 
  /* margin-left: 60pt; */
  border: 1pt solid #ccc;
  margin-top: 4pt;
  margin-bottom: 4pt;
}
div.score p span {
  display: inline-block;
  width: 100pt
  }
.score b {
  padding: 6pt 10pt 7pt 10pt; 
  m