# LLAMATOR MCP Server â€” cURL Usage Tutorial

This notebook shows how to call:
- HTTP API endpoints
- MCP Streamable HTTP (JSON-RPC) endpoints

All examples use `curl` and assume the service is already running.

In [1]:
from __future__ import annotations

import json
import os
import subprocess
import time
import urllib.parse

from dotenv import load_dotenv

# Load env from a local .env file (if present).
load_dotenv()

HTTP_PUBLIC_PORT: str = os.getenv("LLAMATOR_MCP_HTTP_PUBLIC_PORT", "").strip()
HTTP_PORT: str = os.getenv("LLAMATOR_MCP_HTTP_PORT", "").strip()
PORT: str = HTTP_PUBLIC_PORT or HTTP_PORT or "8000"

BASE_URL: str = os.getenv("LLAMATOR_MCP_BASE_URL", f"http://localhost:{PORT}").strip().rstrip("/")

API_KEY: str = os.getenv("LLAMATOR_MCP_API_KEY", "").strip()
AUTH_HEADER: str = f'-H "X-API-Key: {API_KEY}"' if API_KEY else ""

MCP_MOUNT_PATH: str = os.getenv("LLAMATOR_MCP_MCP_MOUNT_PATH", "/mcp").strip()
MCP_ENDPOINT: str = f"{BASE_URL}{MCP_MOUNT_PATH.rstrip('/')}/"

MCP_PROTOCOL_VERSION: str = os.getenv("LLAMATOR_MCP_TEST_MCP_PROTOCOL_VERSION", "2025-03-26").strip()

print("BASE_URL:", BASE_URL)
print("MCP_ENDPOINT:", MCP_ENDPOINT)
print("API_KEY enabled:", bool(API_KEY))


BASE_URL: http://localhost:8000
MCP_ENDPOINT: http://localhost:8000/mcp/
API_KEY enabled: True


## 1) HTTP API

### 1.1 Healthcheck

In [2]:
cmd: str = f'curl -sS -i -X GET "{BASE_URL}/v1/health" -H "Accept: application/json" {AUTH_HEADER}'
!{cmd}


HTTP/1.1 200 OK
[1mdate[0m: Sat, 17 Jan 2026 20:51:06 GMT
[1mserver[0m: uvicorn
[1mcontent-length[0m: 15
[1mcontent-type[0m: application/json

{"status":"ok"}

### 1.2 Create a run using a preset (plan.preset_name)

This example uses `preset_name` and sets most request fields (`tested_model`, `run_config`, `plan`).

In [3]:
payload_preset: dict[str, object] = {
    "tested_model": {
        "kind": "openai",
        "base_url": os.getenv("LLAMATOR_MCP_TEST_TESTED_BASE_URL", "http://host.docker.internal:1234/v1"),
        "model": os.getenv("LLAMATOR_MCP_TEST_TESTED_MODEL", "llm"),
        "api_key": os.getenv("LLAMATOR_MCP_TEST_TESTED_API_KEY", "lm-studio"),
        "temperature": 0.2,
        "system_prompts": ["You are a helpful assistant."],
        "model_description": "Example tested model",
    },
    "run_config": {
        "enable_logging": True,
        "enable_reports": False,
        "artifacts_path": "run_preset",
        "debug_level": 1,
        "report_language": os.getenv("LLAMATOR_MCP_REPORT_LANGUAGE", "ru"),
    },
    "plan": {
        "preset_name": "owasp:llm10",
        "num_threads": 1,
    },
}

In [None]:
with open("payload_preset.json", "w", encoding="utf-8") as f:
    json.dump(payload_preset, f, ensure_ascii=False, indent=2, sort_keys=True)

cmd: str = (
    f'curl -sS -X POST "{BASE_URL}/v1/tests/runs" '
    f'-H "Accept: application/json" -H "Content-Type: application/json" {AUTH_HEADER} '
    f'--data-binary @payload_preset.json > create_preset_response.json'
)
!{cmd}

with open("create_preset_response.json", "r", encoding="utf-8") as f:
    created_preset: dict[str, object] = json.load(f)

print(json.dumps(created_preset, ensure_ascii=False, indent=2, sort_keys=True))
JOB_ID_PRESET: str = str(created_preset["job_id"])
print("JOB_ID_PRESET:", JOB_ID_PRESET)


### 1.3 Poll the job until completion (preset run)

This block prints:
- poll status changes (`status`, `updated_at`)
- final job JSON
- artifacts list URL and response
- first artifact download URL resolution (if any artifact exists)

Artifacts are listed even if the job failed.

In [None]:
job_id: str = JOB_ID_PRESET
timeout_s: float = 3600.0
poll_interval_s: float = 0.5

deadline: float = time.time() + timeout_s
last_status: str | None = None
final_payload: dict[str, object] | None = None

while time.time() < deadline:
    out: str = subprocess.check_output(
        [
            "curl",
            "-sS",
            "-X",
            "GET",
            f"{BASE_URL}/v1/tests/runs/{job_id}",
            "-H",
            "Accept: application/json",
            *([] if not API_KEY else ["-H", f"X-API-Key: {API_KEY}"]),
        ],
        text=True,
    )
    payload_any: object = json.loads(out)
    if not isinstance(payload_any, dict):
        raise ValueError("Expected JSON object from /v1/tests/runs/{job_id}.")

    status: str = str(payload_any.get("status", ""))
    updated_at: str | None = payload_any.get("updated_at") if isinstance(payload_any.get("updated_at"), str) else None

    if status != last_status:
        print(f"[POLL] job_id={job_id} status={status} updated_at={updated_at}")
        last_status = status

    if status in ("succeeded", "failed"):
        final_payload = payload_any
        break

    time.sleep(poll_interval_s)

if final_payload is None:
    raise TimeoutError(f"Job did not finish within timeout_s={timeout_s} job_id={job_id}")

print("\n=== FINAL JOB RESPONSE ===")
print(json.dumps(final_payload, ensure_ascii=False, indent=2, sort_keys=True))

result_val: object | None = final_payload.get("result")  # type: ignore[assignment]
error_val: object | None = final_payload.get("error")  # type: ignore[assignment]
error_notice_val: object | None = final_payload.get("error_notice")  # type: ignore[assignment]

if isinstance(result_val, dict):
    print("\n=== FINAL RESULT ===")
    print(json.dumps(result_val, ensure_ascii=False, indent=2, sort_keys=True))

if isinstance(error_val, dict):
    print("\n=== FINAL ERROR ===")
    print(json.dumps(error_val, ensure_ascii=False, indent=2, sort_keys=True))

if isinstance(error_notice_val, str) and error_notice_val.strip():
    print("\n=== FINAL ERROR NOTICE ===")
    print(error_notice_val)

# Artifacts: list -> first file -> resolve download URL
artifacts_list_url: str = f"{BASE_URL}/v1/tests/runs/{job_id}/artifacts"
print("\nARTIFACTS LIST URL:", artifacts_list_url)

cmd_list: str = f'curl -sS -X GET "{artifacts_list_url}" -H "Accept: application/json" {AUTH_HEADER} > artifacts_list.json'
!{cmd_list}

with open("artifacts_list.json", "r", encoding="utf-8") as f:
    artifacts_list_payload: dict[str, object] = json.load(f)

print("\n=== ARTIFACTS LIST RESPONSE ===")
print(json.dumps(artifacts_list_payload, ensure_ascii=False, indent=2, sort_keys=True))

files_val: object | None = artifacts_list_payload.get("files")
files: list[dict[str, object]] = []
if isinstance(files_val, list):
    files = [x for x in files_val if isinstance(x, dict)]

if not files:
    print("\nNO ARTIFACTS")
else:
    first_path_raw: str = str(files[0].get("path", "")).strip()
    if not first_path_raw:
        print("\nEMPTY ARTIFACT PATH")
        print(json.dumps(files[0], ensure_ascii=False, indent=2, sort_keys=True))
    else:
        first_path_quoted: str = urllib.parse.quote(first_path_raw, safe="/")
        download_url: str = f"{BASE_URL}/v1/tests/runs/{job_id}/artifacts/{first_path_quoted}"

        print("\nARTIFACT DOWNLOAD RESOLVE URL:", download_url)
        print("Expected behavior: 200 JSON response, no 3xx redirect.")

        cmd_dl: str = (
            f'curl -sS -i -X GET "{download_url}" '
            f'-H "Accept: application/json" {AUTH_HEADER} '
            f'> artifact_download_raw.txt'
        )
        !{cmd_dl}

        raw_text: str = open("artifact_download_raw.txt", "r", encoding="utf-8", errors="replace").read()
        print("\n=== ARTIFACT DOWNLOAD RAW (HEADERS + BODY) ===")
        print(raw_text[:4000])

        body: str = raw_text.split("\r\n\r\n", 1)[-1].strip()
        if body:
            try:
                parsed_body: object = json.loads(body)
            except json.JSONDecodeError:
                parsed_body = None
            if isinstance(parsed_body, dict):
                print("\n=== ARTIFACT DOWNLOAD JSON BODY ===")
                print(json.dumps(parsed_body, ensure_ascii=False, indent=2, sort_keys=True))


In [None]:
from llamator import print_test_preset

# Print configuration for all available tests
print_test_preset("all")

### 1.4 Create a run using explicit basic tests (plan.basic_tests)

You can pass tests explicitly without `preset_name`.

Note: LLAMATOR expects `basic_tests` as `[{code_name, params:[{name,value}]}]` in the request payload.
The python variable below is a convenience representation for readability.

In [None]:
basic_tests: list[tuple[str, dict[str, object]]] = [
    ("repetition_token", {"num_attempts": 1, "repeat_count": 3}),
    ("system_prompt_leakage", {"custom_dataset": None, "multistage_depth": 3, "num_attempts": 1}),
]

payload_basic_tests: dict[str, object] = {
    "tested_model": {
        "kind": "openai",
        "base_url": os.getenv("LLAMATOR_MCP_TEST_TESTED_BASE_URL", "http://host.docker.internal:1234/v1"),
        "model": os.getenv("LLAMATOR_MCP_TEST_TESTED_MODEL", "llm"),
        "api_key": os.getenv("LLAMATOR_MCP_TEST_TESTED_API_KEY", "lm-studio"),
        "temperature": 0.3,
        "system_prompts": ["You are a helpful assistant."],
        "model_description": "Example tested model",
    },
    "run_config": {
        "enable_logging": True,
        "enable_reports": False,
        "artifacts_path": "run_basic_tests",
        "debug_level": 1,
        "report_language": os.getenv("LLAMATOR_MCP_REPORT_LANGUAGE", "ru"),
    },
    "plan": {
        "num_threads": 1,
        "basic_tests": [
            {
                "code_name": code_name,
                "params": [{"name": k, "value": v} for k, v in params.items()],
            }
            for code_name, params in basic_tests
        ],
    },
}

with open("payload_basic_tests.json", "w", encoding="utf-8") as f:
    json.dump(payload_basic_tests, f, ensure_ascii=False, indent=2, sort_keys=True)

cmd: str = (
    f'curl -sS -X POST "{BASE_URL}/v1/tests/runs" '
    f'-H "Accept: application/json" -H "Content-Type: application/json" {AUTH_HEADER} '
    f'--data-binary @payload_basic_tests.json > create_basic_tests_response.json'
)
!{cmd}

with open("create_basic_tests_response.json", "r", encoding="utf-8") as f:
    created_basic: dict[str, object] = json.load(f)

print(json.dumps(created_basic, ensure_ascii=False, indent=2, sort_keys=True))
JOB_ID_BASIC: str = str(created_basic["job_id"])
print("JOB_ID_BASIC:", JOB_ID_BASIC)


### 1.5 Poll the job until completion (basic tests run)

Same output as the preset polling block: final job JSON + artifacts list + download resolve.

In [None]:
job_id: str = JOB_ID_BASIC
timeout_s: float = 3600.0
poll_interval_s: float = 0.5

deadline: float = time.time() + timeout_s
last_status: str | None = None
final_payload: dict[str, object] | None = None

while time.time() < deadline:
    out: str = subprocess.check_output(
        [
            "curl",
            "-sS",
            "-X",
            "GET",
            f"{BASE_URL}/v1/tests/runs/{job_id}",
            "-H",
            "Accept: application/json",
            *([] if not API_KEY else ["-H", f"X-API-Key: {API_KEY}"]),
        ],
        text=True,
    )
    payload_any: object = json.loads(out)
    if not isinstance(payload_any, dict):
        raise ValueError("Expected JSON object from /v1/tests/runs/{job_id}.")

    status: str = str(payload_any.get("status", ""))
    updated_at: str | None = payload_any.get("updated_at") if isinstance(payload_any.get("updated_at"), str) else None

    if status != last_status:
        print(f"[POLL] job_id={job_id} status={status} updated_at={updated_at}")
        last_status = status

    if status in ("succeeded", "failed"):
        final_payload = payload_any
        break

    time.sleep(poll_interval_s)

if final_payload is None:
    raise TimeoutError(f"Job did not finish within timeout_s={timeout_s} job_id={job_id}")

print("\n=== FINAL JOB RESPONSE ===")
print(json.dumps(final_payload, ensure_ascii=False, indent=2, sort_keys=True))

result_val: object | None = final_payload.get("result")  # type: ignore[assignment]
error_val: object | None = final_payload.get("error")  # type: ignore[assignment]
error_notice_val: object | None = final_payload.get("error_notice")  # type: ignore[assignment]

if isinstance(result_val, dict):
    print("\n=== FINAL RESULT ===")
    print(json.dumps(result_val, ensure_ascii=False, indent=2, sort_keys=True))

if isinstance(error_val, dict):
    print("\n=== FINAL ERROR ===")
    print(json.dumps(error_val, ensure_ascii=False, indent=2, sort_keys=True))

if isinstance(error_notice_val, str) and error_notice_val.strip():
    print("\n=== FINAL ERROR NOTICE ===")
    print(error_notice_val)

# Artifacts: list -> first file -> resolve download URL
artifacts_list_url: str = f"{BASE_URL}/v1/tests/runs/{job_id}/artifacts"
print("\nARTIFACTS LIST URL:", artifacts_list_url)

cmd_list: str = f'curl -sS -X GET "{artifacts_list_url}" -H "Accept: application/json" {AUTH_HEADER} > artifacts_list_basic.json'
!{cmd_list}

with open("artifacts_list_basic.json", "r", encoding="utf-8") as f:
    artifacts_list_payload: dict[str, object] = json.load(f)

print("\n=== ARTIFACTS LIST RESPONSE ===")
print(json.dumps(artifacts_list_payload, ensure_ascii=False, indent=2, sort_keys=True))

files_val: object | None = artifacts_list_payload.get("files")
files: list[dict[str, object]] = []
if isinstance(files_val, list):
    files = [x for x in files_val if isinstance(x, dict)]

if not files:
    print("\nNO ARTIFACTS")
else:
    first_path_raw: str = str(files[0].get("path", "")).strip()
    if not first_path_raw:
        print("\nEMPTY ARTIFACT PATH")
        print(json.dumps(files[0], ensure_ascii=False, indent=2, sort_keys=True))
    else:
        first_path_quoted: str = urllib.parse.quote(first_path_raw, safe="/")
        download_url: str = f"{BASE_URL}/v1/tests/runs/{job_id}/artifacts/{first_path_quoted}"

        print("\nARTIFACT DOWNLOAD RESOLVE URL:", download_url)
        print("Expected behavior: 200 JSON response, no 3xx redirect.")

        cmd_dl: str = (
            f'curl -sS -i -X GET "{download_url}" '
            f'-H "Accept: application/json" {AUTH_HEADER} '
            f'> artifact_download_basic_raw.txt'
        )
        !{cmd_dl}

        raw_text: str = open("artifact_download_basic_raw.txt", "r", encoding="utf-8", errors="replace").read()
        print("\n=== ARTIFACT DOWNLOAD RAW (HEADERS + BODY) ===")
        print(raw_text[:4000])

        body: str = raw_text.split("\r\n\r\n", 1)[-1].strip()
        if body:
            try:
                parsed_body: object = json.loads(body)
            except json.JSONDecodeError:
                parsed_body = None
            if isinstance(parsed_body, dict):
                print("\n=== ARTIFACT DOWNLOAD JSON BODY ===")
                print(json.dumps(parsed_body, ensure_ascii=False, indent=2, sort_keys=True))


## 2) MCP (Streamable HTTP JSON-RPC)

The MCP app is mounted at `MCP_ENDPOINT`.

Sequence:
1. `initialize`
2. `notifications/initialized`
3. `tools/list`
4. `tools/call` (create_llamator_run)

All calls below use `curl` over HTTP POST.

In [4]:
# 2.1 initialize
init_msg: dict[str, object] = {
    "jsonrpc": "2.0",
    "id": 1,
    "method": "initialize",
    "params": {
        "protocolVersion": MCP_PROTOCOL_VERSION,
        "capabilities": {},
        "clientInfo": {"name": "curl-notebook", "version": "1.0.0"},
    },
}
with open("mcp_initialize.json", "w", encoding="utf-8") as f:
    json.dump(init_msg, f, ensure_ascii=False, indent=2, sort_keys=True)

cmd: str = (
    f'curl -sS -i -X POST "{MCP_ENDPOINT}" '
    f'-H "Accept: application/json, text/event-stream" '
    f'-H "Content-Type: application/json" '
    f'-H "MCP-Protocol-Version: {MCP_PROTOCOL_VERSION}" '
    f'-H "Origin: {BASE_URL}" '
    f'{AUTH_HEADER} '
    f'--data-binary @mcp_initialize.json > mcp_initialize_raw.txt'
)
!{cmd}

raw: str = open("mcp_initialize_raw.txt", "r", encoding="utf-8", errors="replace").read()
print(raw[:4000])

# Extract Mcp-Session-Id from headers if present.
session_id: str | None = None
header_block: str = raw.split("\r\n\r\n", 1)[0]
for line in header_block.splitlines():
    if line.lower().startswith("mcp-session-id:"):
        session_id = line.split(":", 1)[1].strip()
        break

print("\nMCP_SESSION_ID:", session_id)


HTTP/1.1 200 OK
date: Sat, 17 Jan 2026 20:51:40 GMT
server: uvicorn
content-type: application/json
content-length: 278

{"jsonrpc":"2.0","id":1,"result":{"protocolVersion":"2025-03-26","capabilities":{"experimental":{},"prompts":{"listChanged":false},"resources":{"subscribe":false,"listChanged":false},"tools":{"listChanged":false}},"serverInfo":{"name":"llamator-mcp-server","version":"1.25.0"}}}

MCP_SESSION_ID: None


In [5]:
# 2.2 notifications/initialized
notif_msg: dict[str, object] = {"jsonrpc": "2.0", "method": "notifications/initialized"}
with open("mcp_initialized.json", "w", encoding="utf-8") as f:
    json.dump(notif_msg, f, ensure_ascii=False, indent=2, sort_keys=True)

session_header: str = f'-H "Mcp-Session-Id: {session_id}"' if session_id else ""

cmd: str = (
    f'curl -sS -i -X POST "{MCP_ENDPOINT}" '
    f'-H "Accept: application/json, text/event-stream" '
    f'-H "Content-Type: application/json" '
    f'-H "MCP-Protocol-Version: {MCP_PROTOCOL_VERSION}" '
    f'-H "Origin: {BASE_URL}" '
    f'{session_header} '
    f'{AUTH_HEADER} '
    f'--data-binary @mcp_initialized.json'
)
!{cmd}


HTTP/1.1 202 Accepted
[1mdate[0m: Sat, 17 Jan 2026 20:51:40 GMT
[1mserver[0m: uvicorn
[1mcontent-type[0m: application/json
[1mcontent-length[0m: 0



In [6]:
# 2.3 tools/list
tools_list_msg: dict[str, object] = {"jsonrpc": "2.0", "id": 2, "method": "tools/list", "params": {}}
with open("mcp_tools_list.json", "w", encoding="utf-8") as f:
    json.dump(tools_list_msg, f, ensure_ascii=False, indent=2, sort_keys=True)

session_header: str = f'-H "Mcp-Session-Id: {session_id}"' if session_id else ""

cmd: str = (
    f'curl -sS -X POST "{MCP_ENDPOINT}" '
    f'-H "Accept: application/json, text/event-stream" '
    f'-H "Content-Type: application/json" '
    f'-H "MCP-Protocol-Version: {MCP_PROTOCOL_VERSION}" '
    f'-H "Origin: {BASE_URL}" '
    f'{session_header} '
    f'{AUTH_HEADER} '
    f'--data-binary @mcp_tools_list.json > mcp_tools_list_response.json'
)
!{cmd}

tools_payload: dict[str, object] = json.load(open("mcp_tools_list_response.json", "r", encoding="utf-8"))
print(json.dumps(tools_payload, ensure_ascii=False, indent=2, sort_keys=True))


{
  "id": 2,
  "jsonrpc": "2.0",
  "result": {
    "tools": [
      {
        "description": "\n        Create a LLAMATOR job and return the aggregated result after completion.\n\n        :param req: Run request.\n        :return: A dict with keys:\n            - job_id: str\n            - aggregated: dict[str, dict[str, int]]\n            - artifacts_download_url: str | None\n            - error_notice: str | None\n        :raises ValueError: If the request is invalid or the job is not finished.\n        :raises TimeoutError: If the job does not complete within the configured timeout.\n        :raises KeyError: If the job cannot be found in the store.\n        :raises RuntimeError: If the job returned an inconsistent state (e.g. succeeded but result is missing).\n        ",
        "inputSchema": {
          "$defs": {
            "BasicTestSpec": {
              "description": "LLAMATOR built-in test specification.\n\n:param code_name: Attack code name.\n:param params: Test parameter

### 2.4 tools/call: create_llamator_run (preset example)

This tool submits a run and waits for completion, returning `aggregated` and optional `artifacts_download_url`.

In [7]:
mcp_create_msg: dict[str, object] = {
    "jsonrpc": "2.0",
    "id": 3,
    "method": "tools/call",
    "params": {
        "name": "create_llamator_run",
        "arguments": {
            "req": payload_preset,
        },
    },
}

with open("mcp_create_llamator_run.json", "w", encoding="utf-8") as f:
    json.dump(mcp_create_msg, f, ensure_ascii=False, indent=2, sort_keys=True)

session_header: str = f'-H "Mcp-Session-Id: {session_id}"' if session_id else ""

cmd: str = (
    f'curl -sS -X POST "{MCP_ENDPOINT}" '
    f'-H "Accept: application/json, text/event-stream" '
    f'-H "Content-Type: application/json" '
    f'-H "MCP-Protocol-Version: {MCP_PROTOCOL_VERSION}" '
    f'-H "Origin: {BASE_URL}" '
    f'{session_header} '
    f'{AUTH_HEADER} '
    f'--data-binary @mcp_create_llamator_run.json > mcp_create_llamator_run_response.json'
)
!{cmd}

mcp_created_payload: dict[str, object] = json.load(open("mcp_create_llamator_run_response.json", "r", encoding="utf-8"))
print(json.dumps(mcp_created_payload, ensure_ascii=False, indent=2, sort_keys=True))

{
  "id": 3,
  "jsonrpc": "2.0",
  "result": {
    "content": [
      {
        "text": "{\n  \"job_id\": \"ffcb9c41db6846f7ac56acda6a288282\",\n  \"aggregated\": {\n    \"repetition_token\": {\n      \"broken\": 2,\n      \"resilient\": 1,\n      \"errors\": 0\n    }\n  },\n  \"artifacts_download_url\": \"http://localhost:9000/llamator-artifacts/ffcb9c41db6846f7ac56acda6a288282/artifacts.zip?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=minioadmin%2F20260117%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20260117T205158Z&X-Amz-Expires=900&X-Amz-SignedHeaders=host&X-Amz-Signature=2e231744ae1f4ef20f7713c50bf6adcc3bd28f623e7ea682388a6c109ee8046c\",\n  \"error_notice\": null\n}",
        "type": "text"
      }
    ],
    "isError": false,
    "structuredContent": {
      "aggregated": {
        "repetition_token": {
          "broken": 2,
          "errors": 0,
          "resilient": 1
        }
      },
      "artifacts_download_url": "http://localhost:9000/llamator-artifacts/ffcb9c41db6