In [1]:
import time
from rich.pretty import pprint
import logging

logging.getLogger("httpx").setLevel(logging.WARNING)

In [2]:
BASE_URL = "http://localhost:8321"

def create_http_client():
    from llama_stack_client import LlamaStackClient
    return LlamaStackClient(base_url=BASE_URL)

client = create_http_client()

In [3]:
print("Available Models:")
for model in client.models.list():
    pprint(model)


Available Models:


In [4]:
print("Available Shields:")
for shield in client.shields.list():
    pprint(shield)


Available Shields:


### scan raw LLM

In [5]:
benchmark_id = "trustyai_garak::prompt_injection"
client.benchmarks.register(
    benchmark_id=benchmark_id,
    dataset_id=benchmark_id,
    scoring_functions=["string"],
    provider_benchmark_id="prompt_injection",
    provider_id="trustyai_garak",
    metadata={
        "probes": ["promptinject.HijackHateHumans"],
        "timeout": 60*10,
    }
)

In [None]:
job = client.alpha.eval.run_eval(
    benchmark_id=benchmark_id,
    benchmark_config={
        "eval_candidate": {
            "type": "model",
            "model": "vllm/qwen2",
            "sampling_params": {},
        }
     },
)

print(f"Starting job '{job}'")

Starting job 'Job(job_id='garak-job-cbdd3510-0208-4c94-a9b6-158aea2e1b2d', status='scheduled', metadata={'created_at': '2025-08-20T23:04:51.435415'})'


In [None]:
def get_job_status(job_id, benchmark_id):
    return client.alpha.eval.jobs.status(job_id=job_id, benchmark_id=benchmark_id)

while True:
    job = get_job_status(job_id=job.job_id, benchmark_id=benchmark_id)
    print(job)

    if job.status in ['failed', 'completed', 'cancelled']:
        print("="*100)
        print(f"Job ended with status: {job.status}")
        break

    time.sleep(20)

Job(job_id='garak-job-cbdd3510-0208-4c94-a9b6-158aea2e1b2d', status='in_progress', metadata={'created_at': '2025-08-20T23:04:51.435415', 'started_at': '2025-08-20T23:04:51.439830', 'process_id': '10026', 'running_jobs': '1', 'max_concurrent_jobs': '5'})
Job(job_id='garak-job-cbdd3510-0208-4c94-a9b6-158aea2e1b2d', status='in_progress', metadata={'created_at': '2025-08-20T23:04:51.435415', 'started_at': '2025-08-20T23:04:51.439830', 'process_id': '10026', 'running_jobs': '1', 'max_concurrent_jobs': '5'})
Job(job_id='garak-job-cbdd3510-0208-4c94-a9b6-158aea2e1b2d', status='in_progress', metadata={'created_at': '2025-08-20T23:04:51.435415', 'started_at': '2025-08-20T23:04:51.439830', 'process_id': '10026', 'running_jobs': '1', 'max_concurrent_jobs': '5'})
Job(job_id='garak-job-cbdd3510-0208-4c94-a9b6-158aea2e1b2d', status='in_progress', metadata={'created_at': '2025-08-20T23:04:51.435415', 'started_at': '2025-08-20T23:04:51.439830', 'process_id': '10026', 'running_jobs': '1', 'max_concurre

In [None]:
scores = client.alpha.eval.jobs.retrieve(job_id=job.job_id, benchmark_id=benchmark_id).scores

In [9]:
pprint(scores)

In [10]:
## extract aggregated scores
aggregated_scores = {k: v.aggregated_results for k, v in scores.items()}
pprint(aggregated_scores)

### scan LLM with appropriate shield

In [11]:
benchmark_id = "trustyai_garak::prompt_injection_with_input_shield"
client.benchmarks.register(
    benchmark_id=benchmark_id,
    dataset_id=benchmark_id,
    scoring_functions=["string"],
    provider_benchmark_id="prompt_injection_with_input_shield",
    provider_id="trustyai_garak",
    metadata={
        "probes": ["promptinject.HijackHateHumans"],
        "timeout": 60*10,
        "shield_ids": ["Prompt-Guard-86M"]
    }
)

All shields in `shield_ids` are considered as input shields.

If you want to use multiple shields as input and output guardrails, you can pass `shield_config` instead of `shield_ids` in the metadata - 

```json
metadata={
        "probes": ["promptinject.HijackHateHumans"],
        "timeout": 600,
        "shield_config": {
            "input": ["Prompt-Guard-86M"], // input shield_ids
            "output": ["Llama-Guard-3-8B"] // output shield_ids
    }

}
```

If you pass both `shield_config` and `shield_ids`, only `shield_ids` is considered.

In [None]:
job = client.alpha.eval.run_eval(
    benchmark_id=benchmark_id,
    benchmark_config={
        "eval_candidate": {
            "type": "model",
            "model": "vllm/qwen2",
            "provider_id": "trustyai_garak",
            "sampling_params": {},
        }
     },
)

print(f"Starting job '{job}'")

Starting job 'Job(job_id='garak-job-e7b308fd-2dbf-4e5d-b22e-52f5bc296295', status='scheduled', metadata={'created_at': '2025-08-20T23:09:59.679964'})'


In [None]:
def get_job_status(job_id, benchmark_id):
    return client.alpha.eval.jobs.status(job_id=job_id, benchmark_id=benchmark_id)

while True:
    job = get_job_status(job_id=job.job_id, benchmark_id=benchmark_id)
    print(job)

    if job.status in ['failed', 'completed', 'cancelled']:
        print("="*100)
        print(f"Job ended with status: {job.status}")
        break

    time.sleep(20)

Job(job_id='garak-job-e7b308fd-2dbf-4e5d-b22e-52f5bc296295', status='in_progress', metadata={'created_at': '2025-08-20T23:09:59.679964', 'started_at': '2025-08-20T23:09:59.682705', 'process_id': '12073', 'running_jobs': '1', 'max_concurrent_jobs': '5'})
Job(job_id='garak-job-e7b308fd-2dbf-4e5d-b22e-52f5bc296295', status='in_progress', metadata={'created_at': '2025-08-20T23:09:59.679964', 'started_at': '2025-08-20T23:09:59.682705', 'process_id': '12073', 'running_jobs': '1', 'max_concurrent_jobs': '5'})
Job(job_id='garak-job-e7b308fd-2dbf-4e5d-b22e-52f5bc296295', status='completed', metadata={'created_at': '2025-08-20T23:09:59.679964', 'started_at': '2025-08-20T23:09:59.682705', 'process_id': '12073', 'scan.report.jsonl': 'file-7391b48c5f2b4830a9c772898392fcf0', 'scan.log': 'file-dbe1cf61f6b24277ae1215c5777573d4', 'scan.hitlog.jsonl': 'file-67f102f141cb42c6ab6bb637cfe350f6', 'scan.report.html': 'file-caedaa7c38184275b7f7097ce4930fa3', 'completed_at': '2025-08-20T23:10:23.324381', 'runni

See the prompt_injection score will get drastically reduced because of our input shield

In [None]:
scores = client.alpha.eval.jobs.retrieve(job_id=job.job_id, benchmark_id=benchmark_id).scores

In [15]:
## extract aggregated scores
aggregated_scores = {k: v.aggregated_results for k, v in scores.items()}
pprint(aggregated_scores)

In [16]:
pprint(scores)