Jump to content

Connect Leeroopedia MCP: Equip your AI agents to search best practices, build plans, verify code, diagnose failures, and look up hyperparameter defaults.

Implementation:Promptfoo Promptfoo Plugins Registry

From Leeroopedia
Knowledge Sources
Domains Security_Testing, Plugin_Architecture
Last Updated 2026-02-14 08:00 GMT

Overview

Concrete registry of plugin factories that map vulnerability type IDs to test case generators, provided by the Promptfoo red team framework.

Description

The Plugins array is the exported registry of all available red team plugins. Each entry is a PluginFactory with a key (e.g., `'prompt-injection'`, `'pii'`, `'harmful'`), optional config validator, and an action function that generates adversarial test cases.

The abstract RedteamPluginBase class provides the foundation for most plugins, handling LLM-based test generation, deduplication, and retry logic.

Usage

Reference this registry when looking up available plugins or when extending the framework with custom vulnerability types.

Code Reference

Source Location

  • Repository: promptfoo
  • File: src/redteam/plugins/index.ts
  • Lines: L403-408 (Plugins registry)
  • File: src/redteam/plugins/base.ts
  • Lines: L33-296 (RedteamPluginBase class)

Signature

// Plugin registry
export const Plugins: PluginFactory[] = [/* 50+ plugin entries */];

// Each PluginFactory has:
interface PluginFactory {
  key: string;
  validate?: (config: any) => void;
  action: (params: PluginActionParams) => Promise<TestCase[]>;
}

// Base class for LLM-powered plugins
abstract class RedteamPluginBase {
  constructor(
    provider: ApiProvider,
    purpose: string,
    injectVar: string,
    config?: PluginConfig,
  );
  abstract getTemplate(): string;
  async generateTests(n: number, delayMs?: number): Promise<TestCase[]>;
}

Import

import { Plugins } from './redteam/plugins';
import { RedteamPluginBase } from './redteam/plugins/base';

I/O Contract

Inputs

Name Type Required Description
PluginActionParams.provider ApiProvider Yes LLM provider for test generation
PluginActionParams.purpose string Yes Extracted system purpose for realistic attacks
PluginActionParams.injectVar string Yes Variable name to inject adversarial content into
PluginActionParams.n number Yes Number of test cases to generate

Outputs

Name Type Description
(return) TestCase[] Array of adversarial test cases targeting the plugin's vulnerability type

Usage Examples

Look Up a Plugin

import { Plugins } from './redteam/plugins';

const injectionPlugin = Plugins.find(p => p.key === 'prompt-injection');
if (injectionPlugin) {
  const tests = await injectionPlugin.action({
    provider: myProvider,
    purpose: 'A customer support chatbot',
    injectVar: 'query',
    n: 5,
  });
  console.log(`Generated ${tests.length} prompt injection tests`);
}

Related Pages

Implements Principle

Page Connections

Double-click a node to navigate. Hold to expand connections.
Principle
Implementation
Heuristic
Environment