Files
wehub-resource-sync 0d3cb498a3
CI / Shell Format Check (push) Has been cancelled
CI / Check Ruby (3.4) (push) Has been cancelled
CI / CI Config (push) Has been cancelled
CI / Test on Node ${{ matrix.node }} and ${{ matrix.os }}${{ matrix.shard && format(' (shard {0}/3)', matrix.shard) || '' }} (push) Has been cancelled
CI / Build on Node ${{ matrix.node }} (push) Has been cancelled
CI / Style Check (push) Has been cancelled
CI / Generate Assets (push) Has been cancelled
CI / Check Python (3.14) (push) Has been cancelled
CI / Check Python (3.9) (push) Has been cancelled
CI / Build Docs (push) Has been cancelled
CI / Code Scan Action (push) Has been cancelled
CI / Site tests (push) Has been cancelled
CI / webui tests (push) Has been cancelled
CI / Run Integration Tests (push) Has been cancelled
CI / Run Smoke Tests (push) Has been cancelled
CI / Go Tests (push) Has been cancelled
CI / Share Test (push) Has been cancelled
CI / Redteam (Production API) (push) Has been cancelled
CI / Redteam (Staging API) (push) Has been cancelled
CI / GitHub Actions Lint (push) Has been cancelled
CI / Check Ruby (3.0) (push) Has been cancelled
release-please / release-please (push) Has been cancelled
release-please / build (push) Has been cancelled
release-please / publish-npm (push) Has been cancelled
release-please / publish-npm-backfill (push) Has been cancelled
release-please / docker (push) Has been cancelled
release-please / publish-code-scan-action (push) Has been cancelled
release-please / attest-code-scan-action (push) Has been cancelled
Deploy local.promptfoo.app / Deploy to Cloudflare Pages (push) Has been cancelled
Test and Publish Multi-arch Docker Image / test (push) Has been cancelled
Test and Publish Multi-arch Docker Image / build-docker-and-push-digests (map[digest-suffix:linux-amd64 platform:linux/amd64 runner:ubuntu-latest]) (push) Has been cancelled
Test and Publish Multi-arch Docker Image / build-docker-and-push-digests (map[digest-suffix:linux-arm64 platform:linux/arm64 runner:ubuntu-24.04-arm]) (push) Has been cancelled
Test and Publish Multi-arch Docker Image / merge-docker-digests (push) Has been cancelled
Test and Publish Multi-arch Docker Image / Attest Multi-arch Image (push) Has been cancelled
Validate Renovate Config / Validate Renovate Configuration (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 13:24:08 +08:00

140 lines
4.8 KiB
Markdown

# provider-model-armor (Google Cloud Model Armor)
This directory contains examples for testing Google Cloud Model Armor with Promptfoo.
You can run this example with:
```bash
npx promptfoo@latest init --example provider-model-armor
cd provider-model-armor
```
Model Armor is a managed service that screens LLM prompts and responses for:
- **Responsible AI (RAI)**: Hate speech, harassment, sexually explicit, dangerous content
- **CSAM**: Child safety content detection (always enabled)
- **Prompt Injection & Jailbreak**: Detects manipulation attempts
- **Malicious URLs**: Phishing and threat detection
- **Sensitive Data Protection (SDP)**: Credit cards, SSNs, API keys, etc.
## Prerequisites
1. **Enable Model Armor API**:
```bash
gcloud services enable modelarmor.googleapis.com --project=YOUR_PROJECT_ID
```
2. **Grant IAM Permissions** (for Vertex AI integration):
```bash
PROJECT_NUMBER=$(gcloud projects describe YOUR_PROJECT_ID --format="value(projectNumber)")
gcloud projects add-iam-policy-binding YOUR_PROJECT_ID \
--member="serviceAccount:service-${PROJECT_NUMBER}@gcp-sa-aiplatform.iam.gserviceaccount.com" \
--role="roles/modelarmor.user"
```
3. **Set the regional API endpoint** (for direct API testing):
```bash
gcloud config set api_endpoint_overrides/modelarmor \
"https://modelarmor.us-central1.rep.googleapis.com/"
```
4. **Create a Model Armor template**:
```bash
gcloud model-armor templates create basic-safety \
--location=us-central1 \
--rai-settings-filters='[{"filterType":"HATE_SPEECH","confidenceLevel":"MEDIUM_AND_ABOVE"},{"filterType":"HARASSMENT","confidenceLevel":"MEDIUM_AND_ABOVE"},{"filterType":"DANGEROUS","confidenceLevel":"MEDIUM_AND_ABOVE"},{"filterType":"SEXUALLY_EXPLICIT","confidenceLevel":"MEDIUM_AND_ABOVE"}]' \
--pi-and-jailbreak-filter-settings-enforcement=enabled \
--pi-and-jailbreak-filter-settings-confidence-level=medium-and-above \
--malicious-uri-filter-settings-enforcement=enabled \
--basic-config-filter-enforcement=enabled
```
5. **Set environment variables** (for direct API testing):
```bash
export GOOGLE_PROJECT_ID=your-project-id
export MODEL_ARMOR_LOCATION=us-central1
export MODEL_ARMOR_TEMPLATE=basic-safety
export GCLOUD_ACCESS_TOKEN=$(gcloud auth print-access-token)
```
Note: Access tokens expire after 1 hour. For CI/CD, use service account keys or Workload Identity Federation.
## Examples
### 1. Direct Model Armor API Testing
Test Model Armor's sanitization API directly using the HTTP provider:
```bash
promptfoo eval -c promptfooconfig.yaml
```
This example:
- Calls the `sanitizeUserPrompt` API directly
- Maps filter results to Promptfoo's guardrails format
- Tests both benign and adversarial prompts
### 2. Vertex AI with Model Armor Integration
Test Gemini models with Model Armor templates:
```bash
promptfoo eval -c promptfooconfig.vertex.yaml
```
This example:
- Uses Vertex AI's native Model Armor integration
- Compares models with and without Model Armor enabled
- Uses the `guardrails` and `not-guardrails` assertion types
## Configuration Files
- `promptfooconfig.yaml` - Direct Model Armor API testing (recommended for detailed filter results)
- `promptfooconfig.vertex.yaml` - Vertex AI integration with Model Armor (recommended for production-like testing)
- `transforms/sanitize-response.js` - Response transformer for the sanitization API
- `datasets/model-armor-test.csv` - Test dataset with prompts for each filter type
### Using the Dataset
The included CSV dataset contains test prompts for each Model Armor filter type. Load it in your config:
```yaml
tests: file://datasets/model-armor-test.csv
```
Each row includes a prompt and expected behavior (benign vs. adversarial).
## Understanding Results
When Model Armor blocks content, you'll see:
- `guardrails.flagged: true` - Content was flagged
- `guardrails.flaggedInput: true` - The input prompt was blocked
- `guardrails.flaggedOutput: true` - The generated response was blocked
- `guardrails.reason` - Detailed explanation of which filters matched
For debugging, inspect the raw Model Armor response in `metadata.modelArmor`, which contains the full `sanitizationResult` including individual filter states and confidence levels.
Use `not-guardrails` to verify dangerous prompts get caught - the test passes when content is blocked, fails when it slips through.
## Cleanup
After testing, you can delete the Model Armor template if no longer needed:
```bash
gcloud model-armor templates delete basic-safety --location=us-central1
```
## Learn More
- [Model Armor Overview](https://cloud.google.com/security-command-center/docs/model-armor-overview)
- [Promptfoo Guardrails Documentation](https://www.promptfoo.dev/docs/configuration/expected-outputs/guardrails/)
- [Testing Guardrails Guide](https://www.promptfoo.dev/docs/guides/testing-guardrails/)