Principle:Promptfoo Promptfoo Target Configuration
| Knowledge Sources | |
|---|---|
| Domains | Security_Testing, Configuration |
| Last Updated | 2026-02-14 08:00 GMT |
Overview
A configuration orchestration mechanism that sets up the target LLM system, plugins, and strategies for adversarial security testing.
Description
Target Configuration is the entry point for red team security scans. It parses the red team configuration (target provider, plugins to test, strategies to apply, number of test cases) and orchestrates the full red team pipeline: generate adversarial tests, execute them against the target, and grade vulnerability results.
Unlike standard evaluation configuration, red team configuration requires additional parameters:
- Target specification: The LLM system under test (provider, system prompt, injection variable)
- Plugin selection: Which vulnerability categories to test (prompt injection, PII leakage, harmful content, etc.)
- Strategy selection: Which attack delivery techniques to use (encoding, jailbreaking, multi-turn)
- Purpose extraction: Automatically inferring the target system's purpose for realistic attacks
Usage
Use this principle when initiating any red team security scan, whether through the CLI (`promptfoo redteam run`) or programmatic API. This is the mandatory first step that configures the entire adversarial testing pipeline.
Theoretical Basis
Pseudo-code Logic:
1. Parse red team config from YAML or CLI options
2. Validate config structure with Zod schemas
3. Generate adversarial test cases (delegate to synthesize)
4. Merge generated tests into evaluation config
5. Execute evaluation against target (delegate to doEval)
6. Return graded vulnerability results