Promptfoo — LLM Eval & Red-Team Testing Framework
Open-source framework for evaluating and red-teaming LLM applications. Test prompts across models, detect jailbreaks, measure quality, and catch regressions. 5,000+ GitHub stars.
%20by%20%E2%80%9ELisa%20Wischofsky%E2%80%9D%2C%20licensed%20under%20%E2%80%9ECC0%201.0%E2%80%9D%20(https%3A%2F%2Fcreativecommons.org%2Fpublicdomain%2Fzero%2F1.0%2F)%3C%2Fdc%3Arights%3E%3C%2Frdf%3ADescription%3E%3C%2Frdf%3ARDF%3E%3C%2Fmetadata%3E%3Cmask%20id%3D%22viewboxMask%22%3E%3Crect%20width%3D%22980%22%20height%3D%22980%22%20rx%3D%22490%22%20ry%3D%22490%22%20x%3D%220%22%20y%3D%220%22%20fill%3D%22%23fff%22%20%2F%3E%3C%2Fmask%3E%3Cg%20mask%3D%22url(%23viewboxMask)%22%3E%3Crect%20fill%3D%22url(%23backgroundLinear)%22%20width%3D%22980%22%20height%3D%22980%22%20x%3D%220%22%20y%3D%220%22%20%2F%3E%3Cdefs%3E%3ClinearGradient%20id%3D%22backgroundLinear%22%20gradientTransform%3D%22rotate(180%200.5%200.5)%22%3E%3Cstop%20stop-color%3D%22%23FFEDD5%22%2F%3E%3Cstop%20offset%3D%221%22%20stop-color%3D%22%23FED7AA%22%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Cg%20transform%3D%22translate(10%20-60)%22%3E%3Cpath%20fill-rule%3D%22evenodd%22%20clip-rule%3D%22evenodd%22%20d%3D%22M427%20120c21%203%2042%209%2058%2023%2011%208%2023%2020%2027%2034%201-10%200-20-2-30-2-8-7-13-13-19%201-3%205-2%207-1%2012%206%2020%2018%2024%2030%203%2010%203%2020%200%2029-3%2013-11%2022-21%2031a391%20391%200%200%201%20212%2079l25%2025c10%2014%2018%2029%2020%2046%202%2018%202%2037-4%2055-2%207-5%2014-10%2019l-3-1c7%2022%2010%2045%2013%2067a1185%201185%200%200%201%206%2077c-1%2022-4%2045-10%2067-4%2012-10%2024-17%2035l-5%204-1-7-6-31c-4%209-10%2018-17%2026-5%206-11%2010-18%2014l-3%203-9%206c-16%209-33%2016-50%2021a569%20569%200%200%201-207%2015v-1h-8c-19-3-38-8-55-15l-5-2-6-3c-6%206-11%2012-15%2019s-6%2016-7%2024c0%209%202%2018%205%2026v1l1%201c0%201%201%203-1%203-5-2-10-8-13-13-6-8-9-19-8-29%202-16%2010-30%2022-41l-11-7v1l-1%2014-2%203-1%201-14-13c-18-19-33-41-43-65l-6-10-3-4a296%20296%200%200%201-11-298c-8-11-11-25-11-39a115%20115%200%200%201%2063-106c6-4%2014-6%2021-7l1-1h4l4-7%202-4c11-17%2028-31%2047-39%2017-7%2036-8%2055-6Zm-6%2015c21%202%2042%209%2058%2023%208%206%2014%2014%2018%2023a89%2089%200%200%200-36-25c-17-7-36-11-54-12a118%20118%200%200%200-51%206c19-12%2042-17%2065-15Zm316%20243-1-1c0%208%200%2016-2%2024l2%206v2c5%2010%209%2020%2011%2031%202-3%201-6%201-10v-3a171%20171%200%200%200-11-49Z%22%20fill%3D%22%23000000%22%2F%3E%3Cpath%20d%3D%22M528%20244c41%206%2080%2022%20113%2047%2028%2021%2050%2049%2065%2081%2013%2028%2020%2060%2019%2091-1%2015-3%2030-8%2044h-2l1-21c1-30-2-59-13-87-10-30-28-57-50-79-42-40-98-62-156-63a243%20243%200%200%200-196%2094%20207%20207%200%200%200-40%20139l2%2025c8%200%2019%200%2025%207l-3%203-17%201c-12%201-24%205-33%2013a64%2064%200%200%200-17%2039c-5%2032%2012%2065%2039%2083%2016%2010%2036%2015%2055%209%204-2%209-5%2014-3%203%201%204%204%205%207a251%20251%200%200%200%2090%20100c8%207%2018%2013%2028%2018%2018%208%2038%2014%2057%2019l32%208c5%201%209%201%2013%203l-4%201c-25%202-48-3-72-10-12-3-23-7-34-12a306%20306%200%200%201-84-63l2%2028c1%2017%200%2035-6%2052-4%2012-11%2024-19%2034-10%2010-22%2019-34%2026-10%207-21%2014-32%2018l-16%205%209-9%2031-20%2022-17a95%2095%200%200%200%2032-56c2-14%202-28%202-43v-27c-10-14-22-29-27-46-17%208-38%207-55-1-17-7-32-19-43-33-12-17-19-36-21-56s2-40%2015-56c9-10%2022-18%2035-21-4-14-6-29-6-44a234%20234%200%200%201%2083-173%20249%20249%200%200%201%20199-55Z%22%20fill%3D%22%23000%22%2F%3E%3Cpath%20d%3D%22M653%20320c22%2022%2040%2049%2050%2079%2011%2028%2014%2057%2013%2087l-1%2021-5%2015-2%2013%202%2056c0%2021%201%2042-1%2063l-3%2047c-2%2016-7%2031-14%2045-11%2018-26%2033-44%2044-13%208-27%2012-41%2016l-38%2011-17%203c0%201%201%202%203%202%208%205%2017%205%2026%204-3%207-4%2014-2%2022%203%207%2011%2011%2017%2014%2012%206%2024%207%2036%209%207%206%2014%2014%2016%2024%202%208%202%2016-2%2023-5%2010-14%2018-24%2023-13%208-27%2014-42%2018a468%20468%200%200%201-222-1c-17-4-33-9-48-17-12-6-23-13-32-22-5-7-9-14-10-23%2011-4%2022-11%2032-18%2012-7%2024-16%2034-26%208-10%2015-22%2019-34%206-17%207-35%206-52l-2-28%2022%2023c19%2015%2040%2030%2062%2040%2011%205%2022%209%2034%2012%2024%207%2047%2012%2072%2010l4-1c-4-2-8-2-13-3l-32-8c-19-5-39-11-57-19l-29-17c-11-9-23-17-33-27a251%20251%200%200%201-56-74c-1-3-2-6-5-7-5-2-10%201-14%203-19%206-39%201-55-9a88%2088%200%200%201-39-83c1-14%207-28%2017-39%209-8%2021-12%2033-13l17-1%203-3c-6-7-17-7-25-7l-2-25a207%20207%200%200%201%2040-139%20243%20243%200%200%201%20196-94c58%201%20114%2023%20156%2063Z%22%20fill%3D%22%23ffffff%22%2F%3E%3Cpath%20d%3D%22M710%20522c3%200%203%204%204%206%203%2011%204%2023%205%2034l2%2021c1%2022%202%2043%201%2065-1%2021-1%2044-5%2065a136%20136%200%200%201-80%2099c-15%207-31%2011-48%2013v15c1%203%203%204%205%206%2012%206%2023%208%2036%2011%2012%203%2024%205%2036%2011-3%203-7%204-11%204-7%201-15-1-23-1-12-2-24-3-36-9-6-3-14-7-17-14-2-8-1-15%202-22-9%201-18%201-26-4-2%200-3-1-3-2l17-3%2038-11c14-4%2028-8%2041-16%2018-11%2033-26%2044-44%207-14%2012-29%2014-45l3-47c2-21%201-42%201-63l-2-56%202-13ZM252%20549c8%200%2017%201%2023%207%205%204%2010%209%2012%2015%201%203%200%206-2%208l-13%208c-7%206-7%2019%200%2025%206%205%2014%208%2021%2011%202%200%205%201%206%203-1%202-3%203-5%203-10%200-20-3-28-9-5-3-8-8-9-13-2-8-2-17%204-24%204-6%2011-9%2018-12-4-5-7-11-14-13-7-3-15-3-22-5l9-4Z%22%20fill%3D%22%23000%22%2F%3E%3Cpath%20d%3D%22M642%20509c6-1%2010%202%2013%207%203%207%203%2017-1%2024-3%205-10%208-16%205-5-3-6-8-7-13-1-4%200-10%202-14s5-8%209-9ZM494%20514c6-3%2011-1%2015%203%205%206%206%2015%202%2022-2%205-8%2011-14%2011-5%200-9-4-12-8-3-7-2-14%201-21%202-3%205-6%208-7Z%22%20fill%3D%22%23000000%22%2F%3E%3Cpath%20d%3D%22M480%20404c10%201%2019%200%2029%203%209%203%2018%2010%2022%2019%204%206%202%2016-6%2019-6%204-15%203-23%202-20-3-40-9-60-14l-20-4-10-2-4-4c2-4%206-6%2010-7l20-7%2018-3%2024-2ZM656%20410c8%201%2015%204%2022%207l9%204c2%202%203%206%201%208l-10%204c-17%204-33%2011-51%2012l-9%201c-3%200-6-2-8-4-3-2-4-5-4-9%200-7%202-15%208-20%204-3%2011-4%2016-5%208%200%2017%200%2026%202Z%22%20fill%3D%22%23000000%22%2F%3E%3Cpath%20d%3D%22M293%20643c3-2%207-1%209%201%203%202%204%206%203%2010-2%204-7%207-12%205-3-1-5-5-4-8%200-4%201-7%204-8Z%22%20fill%3D%22%23000000%22%2F%3E%3Cpath%20d%3D%22M609%20602c1%209-4%2016-9%2023-4%203-9%206-15%206s-13-3-19-5c-4-2-8-3-11-6l5-4c9-1%2017%203%2025%204%204%200%207-3%209-6%205-5%209-10%2015-12Z%22%20fill%3D%22%23000000%22%2F%3E%3Cpath%20d%3D%22M587%20747c7-1%2014%200%2020%202-3%203-9%204-13%205l-43%2011c-2%201-5%202-6%200-1-3%201-5%203-6%205-4%2012-7%2019-8l20-4Z%22%20fill%3D%22%23000000%22%2F%3E%3Cpath%20d%3D%22M492%20216c35%200%2070%207%20103%2017%2023%206%2045%2014%2066%2024%2023%2012%2045%2025%2063%2044%2015%2013%2027%2028%2035%2046%203%208%205%2017%206%2026%201%2013%200%2026-2%2039-2%2010-6%2022-13%2030l-2-6c0-20-5-40-12-59%201%2019-3%2040-15%2055-4%204-8%205-12%207s-9%202-13%202c-7-1-15-4-22-7-2-2-5-3-6-6-4-13-5-27-9-40l-6-17c-2%2010-4%2019-8%2028-3%2011-8%2021-15%2030l-8%207-3-14-4-17c-5-21-14-42-26-61v29c-2%2016-3%2031-10%2045-3%207-4%2014-10%2018-8%204-18%205-27%205-13%200-28%202-41-1-6-2-8-7-11-12l-14-31-11-20c-2%2022-2%2043-1%2064-1%202%200%204-2%205-1%202-3%201-5%200-9-4-16-11-23-18-9-12-19-24-25-37l2%2017c3%2012%207%2024%2012%2035l2%208-5-2c-7-5-12-12-17-19-7-12-11-27-12-41-5%2019-7%2039-8%2059l-2%2010c-1%203-3%204-6%205l-33%205h-11a670%20670%200%200%200%2013%20152l15%2061c1%203%200%205-2%207-15-8-26-23-36-38v63l-3%206a245%20245%200%200%201-64-94l-6-16a397%20397%200%200%201-27-151c1-40%209-80%2026-116a217%20217%200%200%201%2076-91l31-17c11-4%2022-9%2034-10%2010-1%2021-3%2031%200%204%201%208-1%2012-2%2020-4%2041-6%2061-6Z%22%20fill%3D%22%23000000%22%2F%3E%3C%2Fg%3E%3Cg%20transform%3D%22translate(10%20-60)%22%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E){kind=small}
What it is
Promptfoo is an open-source CLI and library for evaluating LLM outputs systematically. It runs your prompts against multiple models, scores the outputs using custom assertions (exact match, contains, LLM-graded, similarity), and surfaces regressions. The red-teaming module generates adversarial inputs to test jailbreak resistance and safety guardrails.
Promptfoo targets AI engineers, product teams, and security researchers who need repeatable LLM testing. It replaces manual prompt testing with automated evaluation pipelines that run in CI/CD.
How it saves time or tokens
Manual prompt testing means running inputs one by one and eyeballing outputs. Promptfoo automates this with batch evaluation and structured scoring. You define test cases once and re-run them every time you change a prompt, model, or system configuration. The comparison view shows side-by-side results across models, making it obvious which performs better.
How to use
- Install Promptfoo via npm.
- Create a configuration file with prompts, providers, and test cases.
- Run the eval and open the results viewer.
npm install -g promptfoo
# Initialize a config
promptfoo init
# Run evaluation
promptfoo eval
# Open results in browser
promptfoo viewExample
# promptfooconfig.yaml
prompts:
- 'Summarize this article in 3 bullet points: {{article}}'
providers:
- openai:gpt-4o
- anthropic:claude-sonnet-4-20250514
tests:
- vars:
article: 'The Federal Reserve held interest rates steady...'
assert:
- type: contains
value: 'interest rate'
- type: llm-rubric
value: 'Output should contain exactly 3 bullet points'
- type: cost
threshold: 0.01Related on TokRepo
- AI tools for testing — Automated testing frameworks for AI applications
- Prompt library — Reusable prompts to test with Promptfoo
Common pitfalls
- LLM-graded assertions (llm-rubric) consume additional tokens for the grading call. Use deterministic assertions (contains, regex) where possible and reserve LLM grading for subjective quality checks.
- Running evaluations against many providers in parallel can hit rate limits. Configure concurrency limits in the config file.
- Red-team tests may produce harmful content in outputs. Run red-team evaluations in isolated environments and restrict access to the results.
Frequently Asked Questions
Yes. Promptfoo supports OpenAI, Anthropic, Google, AWS Bedrock, Azure, Ollama, and any OpenAI-compatible endpoint. You can also define custom providers using scripts. This makes it easy to compare outputs across different models and providers.
Promptfoo's red-team module generates adversarial inputs designed to trigger jailbreaks, prompt injection, and safety bypass attempts. It runs these inputs against your application and scores whether the model maintained its safety guardrails. Results highlight specific vulnerabilities.
Yes. Promptfoo has a CLI that exits with a non-zero code if any test assertion fails. You can run it as a step in GitHub Actions, GitLab CI, or any pipeline. The JSON output format enables integration with reporting tools.
Promptfoo is open source, runs locally, and focuses on batch evaluation with assertions. LangSmith is a SaaS platform with tracing, monitoring, and annotation features. Promptfoo is better for CI/CD-integrated testing; LangSmith is better for production observability and human annotation workflows.
Yes. You can write custom assertion functions in JavaScript or Python that receive the LLM output and return a pass/fail result with a score. This lets you implement domain-specific quality checks beyond the built-in assertion types.
Citations (3)
- Promptfoo GitHub— Promptfoo is an open-source LLM evaluation and red-teaming framework
- Promptfoo Documentation— Promptfoo documentation for configuration and assertions
- Red Teaming LLMs (arXiv)— LLM red-teaming techniques for safety evaluation
Related on TokRepo
Source & Thanks
Discussion
Related Assets
NAPI-RS — Build Node.js Native Addons in Rust
Write high-performance Node.js native modules in Rust with automatic TypeScript type generation and cross-platform prebuilt binaries.
Mamba — Fast Cross-Platform Package Manager
A drop-in conda replacement written in C++ that resolves environments in seconds instead of minutes.
Plasmo — The Browser Extension Framework
Build, test, and publish browser extensions for Chrome, Firefox, and Edge using React or Vue with hot-reload and automatic manifest generation.