ContextQMD
Back to Promptfoo

Command Line

site/docs/usage/command-line.md

0.121.960.1 KB
Original Source

Command line

The promptfoo command line utility includes these command groups:

  • init [directory] - Initialize a new project with prompts, providers, and test cases.
  • eval - Evaluate prompts and models. This is the command you'll be using the most!
    • eval setup
  • view - Start a browser UI for visualization of results.
  • share [id] - Create a URL that can be shared online for an eval or model audit.
  • auth - Manage authentication for cloud features.
    • auth login
    • auth logout
    • auth whoami
    • auth can-create-targets
    • auth teams
  • cache - Manage cache.
    • cache clear
  • code-scans - Scan code changes for LLM security vulnerabilities.
    • code-scans run
  • config - Edit configuration settings.
    • config get
    • config set
    • config unset
  • debug - Display debug information for troubleshooting.
  • generate - Generate data.
    • generate dataset
    • generate redteam
    • generate assertions
  • list - List various resources like evals, prompts, and datasets.
    • list evals
    • list prompts
    • list datasets
  • logs - View promptfoo log files.
    • logs [file]
    • logs list
  • mcp - Start a Model Context Protocol (MCP) server to expose promptfoo tools to AI agents and development environments.
  • scan-model - Scan ML models for security vulnerabilities.
  • show [id] - Show details of a specific resource (eval, prompt, or dataset).
  • delete <id> - Delete an eval by ID; accepts latest or all.
  • retry <evalId> - Retry ERROR results from a previous eval in place.
  • validate - Validate a promptfoo configuration file.
    • validate config
    • validate target
  • feedback <message> - Send feedback to the Promptfoo developers.
  • import <filepath> - Import an eval file from JSON format.
  • export - Export eval records or logs.
    • export eval <evalId>
    • export logs
  • redteam - Red team LLM applications.
    • redteam init
    • redteam setup
    • redteam run
    • redteam discover
    • redteam generate
    • redteam poison
    • redteam eval
    • redteam report
    • redteam plugins

Common Options

Most commands support the following common options:

OptionDescription
--env-file, --env-path <path>Path to a .env file. Repeat the flag or use comma-separated values for multiple files.
-v, --verboseShow debug logs
--helpDisplay help

:::note

For promptfoo eval, -v is the short form of --vars, not --verbose. Use the long form (--verbose) or set LOG_LEVEL=debug to enable debug logs during eval runs.

:::

Multiple Environment Files

You can load multiple .env files. Later files override values from earlier ones:

bash
# Repeated flags
promptfoo eval --env-file .env --env-file .env.local

# Comma-separated
promptfoo eval --env-file .env,.env.local

All specified files must exist or an error is thrown.

promptfoo eval

By default the eval command will read the promptfooconfig.yaml configuration file in your current directory. But, if you're looking to override certain parameters you can supply optional arguments:

OptionDescription
-a, --assertions <path>Path to assertions file
-c, --config <paths...>Path to configuration file(s). Automatically loads promptfooconfig.yaml
--delay <number>Delay between each test (in milliseconds)
--description <description>Description of the eval run
--filter-failing <path or id>Filter tests that failed in a previous eval (by file path or eval ID)
--filter-failing-only <path or id>Filter tests that had assertion failures in a previous eval, excluding errors
--filter-errors-only <path or id>Filter tests that resulted in errors in a previous eval
-n, --filter-first-n <number>Only run the first N tests
--filter-sample <number>Only run a random sample of N tests
--filter-metadata <key=value>Only run tests whose metadata matches the key=value pair. Can be specified multiple times for AND logic.
--filter-pattern <pattern>Only run tests whose description matches the regex pattern
--filter-prompts <pattern>Only run tests with prompts whose id or label matches the regex pattern
--filter-providers <providers>Only run tests with these providers (regex match on provider id or label)
--filter-targets <targets>Only run tests with these targets (alias for --filter-providers)
--grader <provider>Model that will grade outputs
-j, --max-concurrency <number>Maximum number of concurrent API calls
--model-outputs <path>Path to JSON containing list of LLM output strings
--no-cacheDo not read or write results to disk cache
--no-progress-barDo not show progress bar
--no-tableDo not output table in CLI
--no-writeDo not write results to promptfoo directory
--resume [evalId]Resume a paused/incomplete eval. If evalId is omitted, resumes latest
--retry-errorsRetry all ERROR results from the latest eval
-o, --output <paths...>Path(s) to output file (csv, txt, json, jsonl, yaml, yml, html, xml)
-p, --prompts <paths...>Paths to prompt files (.txt)
--prompt-prefix <path>Prefix prepended to every prompt
--prompt-suffix <path>Suffix appended to every prompt
-r, --providers <name or path...>Provider names or paths to custom API caller modules
--remoteForce remote inference wherever possible (used for red teams)
--repeat <number>Number of times to run each test
--shareCreate a shareable URL
--no-shareDo not create a shareable URL, this overrides the config file
--suggest-prompts <number>Generate N new prompts and append them to the prompt list
--tableOutput table in CLI
--table-cell-max-length <number>Truncate console table cells to this length
-t, --tests <path>Path to CSV with test cases
--var <key=value>Set a variable in key=value format
-v, --vars <path>Path to CSV with test cases (alias for --tests)
-w, --watchWatch for changes in config and re-run
-x, --extension <paths...>Extension hooks to run, such as file://handler.js:afterAll

The eval command will return exit code 100 when there is at least 1 test case failure or when the pass rate is below the threshold set by PROMPTFOO_PASS_RATE_THRESHOLD. It will return exit code 1 for any other error. The exit code for failed tests can be overridden with environment variable PROMPTFOO_FAILED_TEST_EXIT_CODE.

Pause and Resume

sh
promptfoo eval --resume            # resumes the latest eval
promptfoo eval --resume <evalId>   # resumes a specific eval
  • On resume, promptfoo reuses the original run's effective runtime options (e.g., --delay, --no-cache, --max-concurrency, --repeat), skips completed test/prompt pairs, ignores CLI flags that change test ordering to keep indices aligned, and disables watch mode.

Retry Errors

sh
promptfoo eval --retry-errors      # retries all ERROR results from the latest eval
  • The retry errors feature automatically finds ERROR results from the latest eval and re-runs only those test cases. This is useful when evals fail due to temporary network issues, rate limits, or API errors.
  • Data safety: If the retry fails, your original ERROR results are preserved. Old ERROR results are only removed after the retry succeeds. You can safely run --retry-errors again if it fails.
  • Cannot be used together with --resume or --no-write flags.
  • Uses the original eval's configuration and runtime options to ensure consistency.

promptfoo init [directory]

Set up a new promptfoo project with prompts, providers, and test cases.

OptionDescription
directoryDirectory to create files in
--no-interactiveDo not run in interactive mode
--example [name]Download an example project

promptfoo view

Start a browser UI for visualization of results.

OptionDescription
[directory]Promptfoo output/config directory to view
-p, --port <number>Port number for the local server
-y, --yesSkip confirmation and auto-open the URL
-n, --noSkip confirmation and do not open the URL
--filter-description <regex>Deprecated; accepted but ignored

If you've used PROMPTFOO_CONFIG_DIR to override the promptfoo output directory, run promptfoo view [directory].

promptfoo share [id] {#promptfoo-share-evalid}

Create a URL that can be shared online. If no ID is provided, promptfoo shares the most recent eval or model audit.

OptionDescription
--show-authInclude auth info in the shared URL

promptfoo cache

Manage cache.

OptionDescription
clearClear the cache

promptfoo feedback <message>

Send feedback to the promptfoo developers.

OptionDescription
messageFeedback message

promptfoo list

List various resources like evals, prompts, and datasets.

SubcommandDescription
evalsList evals
promptsList prompts
datasetsList datasets
OptionDescription
-nShow the first n records, sorted by descending date of creation
--ids-onlyShow only IDs without descriptions

promptfoo logs

View promptfoo log files directly from the command line.

OptionDescriptionDefault
[file]Log file to view (name, path, or partial)latest
--type <type>Log type: debug, error, or allall
-n, --lines <num>Number of lines to display from end (tail)
--head <num>Number of lines to display from start
-f, --followFollow log file in real-timefalse
-l, --listList available log filesfalse
-g, --grep <pattern>Filter lines matching pattern (regex)
--no-colorDisable syntax highlighting

promptfoo logs list

List available log files in the logs directory.

OptionDescriptionDefault
--type <type>Log type: debug, error, or allall

Examples

sh
# View most recent log file (or current session's log if run during a CLI session)
promptfoo logs

# View last 50 lines
promptfoo logs -n 50

# View first 20 lines
promptfoo logs --head 20

# Follow log in real-time (like tail -f)
promptfoo logs -f

# List all available log files
promptfoo logs --list

# View a specific log file by name or partial match
promptfoo logs promptfoo-debug-2024-01-15_10-30-00.log
promptfoo logs 2024-01-15

# View error logs only
promptfoo logs --type error

# Filter logs by pattern (case-insensitive regex)
promptfoo logs --grep "error|warn"
promptfoo logs --grep "openai"

Log files are stored in ~/.promptfoo/logs by default. Set PROMPTFOO_LOG_DIR to use a custom directory.

promptfoo code-scans run [repo-path]

Scan code changes for LLM security vulnerabilities.

OptionDescription
[repo-path]Repository path to scan
--api-key <key>Promptfoo API key for authentication
--base <ref>Base branch or commit to compare against
--compare <ref>Compare branch or commit
-c, --config <path>Path to code scan config file
--api-host <url>Promptfoo API host URL
--diffs-onlyScan only PR diffs, skip filesystem exploration
--jsonOutput results as JSON
--github-pr <owner/repo#number>GitHub PR to post comments to
--min-severity <level>Minimum severity: low, medium, high, or critical
--minimum-severity <level>Alias for --min-severity
--guidance <text>Custom guidance for the security scan
--guidance-file <path>Path to a file containing custom guidance

For complete setup and JSON output details, see the code scanning CLI docs.

promptfoo mcp

Start a Model Context Protocol (MCP) server to expose promptfoo's eval and testing capabilities as tools that AI agents and development environments can use.

OptionDescriptionDefault
-p, --port <number>Port number for HTTP transport3100
--transport <type>Transport type: "http" or "stdio"http

Transport Types

  • STDIO: Best for desktop AI tools like Cursor, Claude Desktop, and local AI agents that communicate via standard input/output
  • HTTP: Best for web applications, APIs, and remote integrations that need HTTP endpoints

Examples

sh
# Start MCP server with STDIO transport (for Cursor, Claude Desktop, etc.)
npx promptfoo@latest mcp --transport stdio

# Start MCP server with HTTP transport on default port
npx promptfoo@latest mcp --transport http

# Start MCP server with HTTP transport on custom port
npx promptfoo@latest mcp --transport http --port 8080

Available Tools

The MCP server provides 14 tools for AI agents:

Core Eval Tools:

  • list_evaluations - Browse your eval runs with optional dataset filtering
  • get_evaluation_details - Get comprehensive results, metrics, and test cases for a specific eval
  • run_evaluation - Run evals with custom parameters, test case filtering, and concurrency control
  • share_evaluation - Generate publicly shareable URLs for eval results

Redteam Security Tools:

  • redteam_run - Execute comprehensive security testing against AI applications with dynamic attack probes
  • redteam_generate - Generate adversarial test cases for redteam security testing with configurable plugins and strategies

Configuration & Testing:

  • validate_promptfoo_config - Validate configuration files using the same logic as the CLI
  • test_provider - Test AI provider connectivity, credentials, and response quality
  • run_assertion - Test individual assertion rules against outputs for debugging

Generation Tools:

  • generate_dataset - Generate test datasets using AI
  • generate_test_cases - Generate test cases with assertions for existing prompts
  • compare_providers - Compare multiple AI providers side-by-side

Debugging Tools:

  • list_logs - List promptfoo log files with metadata
  • read_logs - Read promptfoo log file contents with filtering options

For detailed setup instructions and integration examples, see the MCP Server documentation.

promptfoo show <id>

Show details of a specific resource. If no ID is provided, promptfoo shows the most recent eval.

OptionDescription
eval <id>Show details of a specific eval
prompt <id>Show details of a specific prompt
dataset <id>Show details of a specific dataset

promptfoo delete <id>

Deletes a specific resource.

OptionDescription
eval <id>Delete an eval by ID; accepts latest or all

promptfoo retry <evalId>

Retry all ERROR results from a specific eval. This command finds test cases that resulted in errors (e.g., from network issues, rate limits, or API failures) and re-runs only those test cases. The results are updated in place in the original eval.

OptionDescription
-c, --config <path>Path to configuration file (optional, uses original eval config if not provided)
-v, --verboseVerbose output
--max-concurrency <number>Maximum number of concurrent evals
--delay <number>Delay between evals in milliseconds
--share/--no-shareShare results to cloud (auto-shares when cloud is configured, disable with --no-share)

Examples:

sh
# Retry errors from a specific eval
promptfoo retry eval-abc123

# Retry with a different config file
promptfoo retry eval-abc123 -c updated-config.yaml

# Retry with verbose output and limited concurrency
promptfoo retry eval-abc123 -v --max-concurrency 2

# Retry and share results to cloud
promptfoo retry eval-abc123 --share

:::tip Data Safety If the retry operation fails (network error, API timeout, etc.), your original ERROR results are preserved. You can simply run the retry command again to continue. Old ERROR results are only removed after the retry succeeds. :::

:::tip Unlike --filter-errors-only which creates a new eval, promptfoo retry updates the original eval in place. Use retry when you want to fix errors in an existing eval without creating duplicates. :::

promptfoo import <filepath>

Import an eval file from JSON format.

OptionDescription
--new-idGenerate a new eval ID instead of preserving the original (creates a duplicate eval)
--forceReplace an existing eval with the same ID

When importing an eval, the following data is preserved from the export:

  • Eval ID - Preserved by default. Use --new-id to generate a new ID, or --force to replace an existing eval.
  • Timestamp - The original creation timestamp is always preserved (even with --new-id or --force)
  • Author - The original author is always preserved (even with --new-id or --force)
  • Config, results, and all test data - Fully preserved

If an eval with the same ID already exists, the import will fail with an error unless you specify --new-id (to create a duplicate with a new ID) or --force (to replace the existing eval).

Example:

sh
# Import an eval, preserving the original ID
promptfoo import my-eval.json

# Import even if an eval with this ID exists (creates duplicate with new ID)
promptfoo import --new-id my-eval.json

# Replace an existing eval with updated data
promptfoo import --force my-eval.json

promptfoo export

Export eval records or logs.

promptfoo export eval <evalId>

Export an eval record to JSON format. To export the most recent, use latest.

OptionDescription
-o, --output <filepath>File to write. Writes to stdout by default.

promptfoo export logs

Collect and zip log files for debugging purposes.

OptionDescription
-n, --count <number>Number of recent log files to include (default: all)
-o, --output <filepath>Output path for the compressed log file

This command creates a compressed tar.gz archive containing your promptfoo log files, making it easy to share them for debugging purposes. If no output path is specified, it will generate a timestamped filename automatically.

Log files are stored in ~/.promptfoo/logs by default. To use a custom log directory, set the PROMPTFOO_LOG_DIR environment variable.

promptfoo validate

Validate a promptfoo configuration file to ensure it follows the correct schema and structure.

CommandDescription
validate configValidate a promptfoo configuration file
validate targetTest provider connectivity from config or cloud

promptfoo validate config

OptionDescription
-c, --config <paths...>Path to configuration file(s). Automatically loads promptfooconfig.yaml

This command validates both the configuration file and the test suite to ensure they conform to the expected schema. It will report any validation errors with detailed messages to help you fix configuration issues.

Examples:

sh
# Validate the default promptfooconfig.yaml
promptfoo validate

# Validate a specific configuration file
promptfoo validate -c my-config.yaml

# Validate multiple configuration files
promptfoo validate -c config1.yaml config2.yaml

The command will exit with code 1 if validation fails, making it useful for CI/CD pipelines to catch configuration errors early.

promptfoo validate target

OptionDescription
-t, --target <id>Provider ID or cloud UUID to test
-c, --config <path>Path to configuration file to test all providers

Examples:

sh
# Test all providers in a config
promptfoo validate target -c promptfooconfig.yaml

# Test one provider by ID or cloud UUID
promptfoo validate target -t openai:gpt-5-mini

promptfoo scan-model

Scan ML models for security vulnerabilities. Provide one or more paths to model files or directories.

OptionDescriptionDefault
[paths...]Model files or directories to scan
-b, --blacklist <patterns...>Additional blacklist patterns to check against model names
-f, --format <format>Output format: text, json, or sariftext
-o, --output <path>Output file path (prints to stdout if not specified)
--sbom <path>Write a CycloneDX SBOM to the specified file
--no-writeDo not write results to database
--name <name>Name for the audit when saving to database
-t, --timeout <seconds>Scan timeout in seconds300
--max-size <size>Override auto-detected size limits, such as 500MB or 10GB
--strictFail on warnings, scan all file types, and use strict license checks
--dry-runPreview what would be scanned/downloaded
--no-cacheDisable model download/cache reuse
--quietSilence detection messages
--progressForce progress reporting
--streamScan and delete downloaded files immediately after scan
--scanners <scanner>Only run selected ModelAudit scanners; comma-separated or repeated
--exclude-scanner <scanner>Exclude a ModelAudit scanner; comma-separated or repeated
--list-scannersList registered ModelAudit scanners and exit
--forceForce scan even if the model was already scanned
--share / --no-shareShare or suppress sharing for model audit results

By default, scan-model saves model audit records to the promptfoo database. In that mode, --output writes promptfoo's JSON result payload even when --format sarif is selected. Use --no-write --format sarif --output results.sarif for raw ModelAudit SARIF output.

For model source examples, scanner IDs, SBOM output, and SARIF workflows, see the ModelAudit docs.

promptfoo auth

Manage authentication for cloud features.

promptfoo auth login

Login to the promptfoo cloud.

OptionDescription
-o, --org <orgId>The organization ID to log in to
-h, --host <host>The host of the promptfoo instance (API URL if different from the app URL)
-k, --api-key <key>Log in using an API key
-t, --team <team>Team name, slug, or ID to use after login

After login, if you have multiple teams, you can switch between them using the teams subcommand.

promptfoo auth logout

Logout from the promptfoo cloud.

promptfoo auth whoami

Display current authentication status including user, organization, and active team.

Output includes:

  • User email
  • Organization name
  • Current team (if logged in to a multi-team organization)
  • App URL

Example:

sh
promptfoo auth whoami

Output:

Currently logged in as:
User: [email protected]
Organization: Acme Corp
Current Team: Engineering Team
App URL: https://www.promptfoo.app

promptfoo auth can-create-targets

Check whether the current user can create cloud targets.

OptionDescription
-t, --team-id <teamId>Team ID to check permissions for

promptfoo auth teams

Manage team switching for organizations with multiple teams.

promptfoo auth teams list

List all teams you have access to in the current organization.

promptfoo auth teams current

Show the currently active team.

promptfoo auth teams set <teamIdentifier>

Switch to a specific team. The team identifier can be:

  • Team name (e.g., "Engineering")
  • Team slug (e.g., "engineering")
  • Team ID (e.g., "team_12345")

Examples:

sh
# Switch to team by name
promptfoo auth teams set "Engineering Team"

# Switch to team by slug
promptfoo auth teams set engineering

# Switch to team by ID
promptfoo auth teams set team_12345

Your team selection is remembered across CLI sessions and applies to all promptfoo operations including evals and red team testing.

Team Selection Across Organizations

If you have access to multiple organizations, team selections are isolated per organization. This means:

  • Each organization remembers its own team selection
  • Switching between organizations preserves your team choice in each org
  • When you log into an organization, your previously selected team is automatically restored

Example workflow:

sh
# Login to Organization A
promptfoo auth login --api-key <org-a-key>
promptfoo auth teams set "Engineering"     # Set team in Org A

# Login to Organization B
promptfoo auth login --api-key <org-b-key>
promptfoo auth teams set "Marketing"       # Set team in Org B

# Login back to Organization A
promptfoo auth login --api-key <org-a-key>
promptfoo auth teams current              # Shows "Engineering" (preserved!)

Your team selection persists across login sessions within the same organization.

promptfoo config

Edit configuration settings.

promptfoo config get email

Get the user's email address.

promptfoo config set email <email>

Set the user's email address.

promptfoo config unset email

Unset the user's email address.

OptionDescription
-f, --forceForce unset without confirmation

promptfoo debug

Display debug information for troubleshooting.

OptionDescription
-c, --config [path]Path to configuration file. Defaults to promptfooconfig.yaml

promptfoo generate dataset

BETA: Generate synthetic test cases based on existing prompts and variables.

OptionDescriptionDefault
-c, --config <path>Path to the configuration filepromptfooconfig.yaml
-w, --writeWrite the generated test cases directly to the config filefalse
-i, --instructions <text>Custom instructions for test case generation
-o, --output <path>Path to write the generated test casesstdout
--numPersonas <number>Number of personas to generate5
--numTestCasesPerPersona <number>Number of test cases per persona3
--provider <provider>Provider to use for generating test casesdefault grader
--no-cacheDo not read or write results to disk cachefalse

For example, this command will modify your default config file (usually promptfooconfig.yaml) with new test cases:

sh
promptfoo generate dataset -w

This command will generate test cases for a specific config and write them to a file, while following special instructions:

sh
promptfoo generate dataset -c my_config.yaml -o new_tests.yaml -i 'All test cases for {{location}} must be European cities'

promptfoo generate assertions

Generate additional objective/subjective assertions based on existing prompts and assertions.

  • This command can be used to generate initial set of assertions, if none exist.
  • Will only add non-overlapping, independent assertions
  • Generates both python and natural language assertions.

When brainstorming assertions:

  • Generates python code for any objective assertions
  • Uses a specified natural language assertion type (pi, llm-rubric, or g-eval) for any subjective assertion.
OptionDescriptionDefault
-t, --type <type>The assertion type to use for generated subjective assertions.pi
-c, --config <path>Path to the configuration file that contains at least 1 prompt.promptfooconfig.yaml
-w, --writeWrite the generated assertions directly to the config filefalse
-i, --instructions <text>Custom instructions for assertion generation
-o, --output <path>Path to write the generated assertionsstdout
--numAssertions <number>Number of assertions to generate5
--provider <provider>Provider to use for generating assertionsdefault grader
--no-cacheDo not read or write results to disk cachefalse

For example, this command will modify your default config file (usually promptfooconfig.yaml) with new test cases:

sh
promptfoo generate assertions -w

This command will generate pi and python assertions for a specific config and write them to a file, while following special instructions:

sh
promptfoo generate assertions -c my_config.yaml -o new_tests.yaml -i 'I need assertions about pronunciation'

promptfoo generate redteam

Alias for promptfoo redteam generate.

promptfoo redteam init

Initialize a red teaming project.

OptionDescriptionDefault
[directory]Directory to initialize the project in.
--no-guiDo not open the browser UI

Example:

sh
promptfoo redteam init my_project

:::danger Adversarial testing produces offensive, toxic, and harmful test inputs, and may cause your system to produce harmful outputs. :::

For more detail, see red team configuration.

promptfoo redteam setup

Start browser UI and open to red team setup.

OptionDescriptionDefault
[configDirectory]Directory containing configuration files
-p, --port <number>Port number for the local server15500
--filter-description <pattern>Deprecated; accepted but ignored

promptfoo redteam run

Run the complete red teaming process (init, generate, and evaluate).

OptionDescriptionDefault
-c, --config [path]Path to configuration filepromptfooconfig.yaml
-o, --output [path]Path to output file for generated testsredteam.yaml
-d, --description <text>Custom description/name for this scan run
--no-cacheDo not read or write results to disk cachefalse
-j, --max-concurrency <number>Maximum number of concurrent API calls
--delay <number>Delay in milliseconds between API calls
--remoteForce remote inference wherever possiblefalse
--forceForce generation even if no changes are detectedfalse
--no-progress-barDo not show progress bar
--strictFail if any plugins fail to generate test casesfalse
--filter-prompts <pattern>Only run tests with prompts whose id or label matches the regex pattern
--filter-providers, --filter-targets <providers>Only run tests with these providers (regex match)
-t, --target <id>Cloud provider target ID to run the scan on

promptfoo redteam discover

Runs the Target Discovery Agent against your application.

:::info

Only a configuration file or target can be specified

:::

OptionDescriptionDefault
-c, --config <path>Path to promptfooconfig.yaml configuration file.
-t, --target <id>UUID of a target defined in Promptfoo Cloud to scan.

promptfoo redteam generate

Generate adversarial test cases to challenge your prompts and models.

OptionDescriptionDefault
-c, --config <path>Path to configuration filepromptfooconfig.yaml
-o, --output <path>Path to write the generated test casesredteam.yaml
-d, --description <text>Custom description/name for the generated tests
-w, --writeWrite the generated test cases directly to the config filefalse
-t, --target <id>Cloud provider target ID to run the scan on
--purpose <purpose>High-level description of the system's purposeInferred from config
--provider <provider>Provider to use for generating adversarial tests
--injectVar <varname>Override the {{variable}} that represents user input in the promptprompt
--plugins <plugins>Comma-separated list of plugins to usedefault
--strategies <strategies>Comma-separated list of strategies to usedefault
-n, --num-tests <number>Number of test cases to generate per plugin
--language <language>Specify the language for generated testsEnglish
--no-cacheDo not read or write results to disk cachefalse
-j, --max-concurrency <number>Maximum number of concurrent API calls
--delay <number>Delay in milliseconds between plugin API calls
--remoteForce remote inference wherever possiblefalse
--forceForce generation even if no changes are detectedfalse
--no-progress-barDo not show progress bar
--strictFail if any plugins fail to generate test casesfalse
--burp-escape-jsonEscape special characters in .burp output for JSON payloadsfalse

For example, let's suppose we have the following promptfooconfig.yaml:

yaml
prompts:
  - 'Act as a trip planner and help the user plan their trip'

providers:
  - openai:gpt-5-mini
  - openai:gpt-5

This command will generate adversarial test cases and write them to redteam.yaml.

sh
promptfoo redteam generate

This command overrides the system purpose and the variable to inject adversarial user input:

sh
promptfoo redteam generate --purpose 'Travel agent that helps users plan trips' --injectVar 'message'

promptfoo redteam poison

Generate poisoned documents for RAG testing.

OptionDescriptionDefault
documentsDocuments, directories, or text content to poison
-g, --goal <goal>Goal/intended result of the poisoning
-o, --output <path>Output YAML file pathpoisoned-config.yaml
-d, --output-dir <path>Directory to write individual poisoned documentspoisoned-documents

promptfoo redteam eval

Works the same as promptfoo eval, but defaults to loading redteam.yaml.

promptfoo redteam report

Start a browser UI and open the red teaming report.

OptionDescriptionDefault
[directory]Directory containing the red teaming config.
-p, --port <number>Port number for the server15500
--filter-description <pattern>Deprecated; accepted but ignored

Example:

sh
promptfoo redteam report -p 8080

promptfoo redteam plugins

List all available red team plugins.

OptionDescription
--ids-onlyShow only plugin IDs without descriptions
--defaultShow only the default plugins

Specifying Command Line Options in Config

Many command line options can be specified directly in your promptfooconfig.yaml file using the commandLineOptions section. This is convenient for options you frequently use or want to set as defaults for your project.

Example:

yaml
prompts:
  - Write a funny tweet about {{topic}}
providers:
  - openai:o3-mini
tests:
  - file://test_cases.csv

# Command line options as defaults
commandLineOptions:
  maxConcurrency: 5
  repeat: 2
  delay: 250
  share: false
  cache: true
  write: true

With this configuration, you can simply run promptfoo eval without specifying these options on the command line. You can still override these settings by providing the corresponding flag when running the command.

ASCII-only outputs

To disable terminal colors for printed outputs, set FORCE_COLOR=0 (this is supported by the chalk library).

For the eval command, you may also want to disable the progress bar and table as well, because they use special characters:

sh
FORCE_COLOR=0 promptfoo eval --no-progress-bar --no-table

Environment variables

These general-purpose environment variables are supported:

NameDescriptionDefault
FORCE_COLORSet to 0 to disable terminal colors for printed outputs
PROMPTFOO_ASSERTIONS_MAX_CONCURRENCYHow many assertions to run at a time3
PROMPTFOO_CACHE_ENABLEDEnable LLM request/response cachingtrue
PROMPTFOO_CACHE_PATHDirectory for the disk cache. Defaults to a cache directory under PROMPTFOO_CONFIG_DIR~/.promptfoo/cache
PROMPTFOO_CACHE_TTLCache TTL in seconds1209600
PROMPTFOO_CACHE_TYPECache backend: disk or memorydisk
PROMPTFOO_CONFIG_DIRDirectory that stores eval history~/.promptfoo
PROMPTFOO_CSRF_ALLOWED_ORIGINSComma-separated list of trusted origins allowed to make cross-site requests to the Promptfoo server (e.g., https://app.example.com,https://admin.example.com). Not needed for standard localhost or same-origin setups.
PROMPTFOO_DISABLE_AJV_STRICT_MODEIf set, disables AJV strict mode for JSON schema validation
PROMPTFOO_DISABLE_CONVERSATION_VARPrevents the _conversation variable from being set
PROMPTFOO_DISABLE_ERROR_LOGPrevents error logs from being written to a file
PROMPTFOO_DISABLE_DEBUG_LOGPrevents debug logs from being written to a file
PROMPTFOO_DISABLE_JSON_AUTOESCAPEIf set, disables smart variable substitution within JSON prompts
PROMPTFOO_DISABLE_OBJECT_STRINGIFYDisable object stringification in templates. When false (default), objects are stringified to prevent [object Object] issues. When true, allows direct property access (e.g., {{output.property}}).false
PROMPTFOO_DISABLE_REF_PARSERPrevents JSON schema dereferencing
PROMPTFOO_DISABLE_REMOTE_GENERATIONDisables ALL remote generation (including SimulatedUser and red team features). When set to 1, true, or yes, all operations run locally. This is a superset of PROMPTFOO_DISABLE_REDTEAM_REMOTE_GENERATION. Example: PROMPTFOO_DISABLE_REMOTE_GENERATION=truefalse
PROMPTFOO_DISABLE_REDTEAM_REMOTE_GENERATIONDisables remote generation for red team features only (harmful content, red team strategies, red team simulated users). Does NOT affect regular SimulatedUser usage. Subset of PROMPTFOO_DISABLE_REMOTE_GENERATION. Example: PROMPTFOO_DISABLE_REDTEAM_REMOTE_GENERATION=truefalse
PROMPTFOO_DISABLE_TEMPLATE_ENV_VARSDisables OS environment variables in templates. When true, only config env: variables are available in templates.false (true in self-hosted)
PROMPTFOO_DISABLE_TEMPLATINGDisables Nunjucks template processingfalse
PROMPTFOO_DISABLE_VAR_EXPANSIONPrevents Array-type vars from being expanded into multiple test cases
PROMPTFOO_FAILED_TEST_EXIT_CODEOverride the exit code when there is at least 1 test case failure or when the pass rate is below PROMPTFOO_PASS_RATE_THRESHOLD100
PROMPTFOO_LOG_DIRDirectory to write log files (both debug and error logs). Overrides the default ~/.promptfoo/logs directory.~/.promptfoo/logs
PROMPTFOO_PASS_RATE_THRESHOLDSet a minimum pass rate threshold (as a percentage). If not set, defaults to 100% (no failures allowed)100
PROMPTFOO_REQUIRE_JSON_PROMPTSBy default the chat completion provider will wrap non-JSON messages in a single user message. Setting this envar to true disables that behavior.
PROMPTFOO_SHARE_CHUNK_SIZENumber of results to send in each chunk. This is used to estimate the size of the results and to determine the number of chunks to send.
PROMPTFOO_EVAL_TIMEOUT_MSTimeout in milliseconds for each individual test case/provider API call. When reached, that specific test is marked as an error.
PROMPTFOO_MAX_EVAL_TIME_MSMaximum total runtime in milliseconds for the entire eval process. When reached, all remaining tests are marked as errors and the eval ends.
PROMPTFOO_STRIP_GRADING_RESULTStrip grading results from results to reduce memory usagefalse
PROMPTFOO_STRIP_METADATAStrip metadata from results to reduce memory usagefalse
PROMPTFOO_STRIP_PROMPT_TEXTStrip prompt text from results to reduce memory usagefalse
PROMPTFOO_STRIP_RESPONSE_OUTPUTStrip model response outputs from results to reduce memory usagefalse
PROMPTFOO_STRIP_TEST_VARSStrip test variables from results to reduce memory usagefalse
PROMPTFOO_SELF_HOSTEDEnables self-hosted mode. When true, disables OS environment variables in templates (only config env: values available), disables telemetry, and modifies other behaviors for controlled environmentsfalse

:::tip promptfoo will load environment variables from the .env in your current working directory. :::

:::tip For detailed information on using timeout features, including configuration examples and troubleshooting tips, see Timeout errors in the troubleshooting guide. :::