Security

All security commands live under the security group.

valiqor security <audit|redteam|status|result|list|vulns|vectors>

Common Flags

Every security subcommand accepts:

Flag	Type	Default	Description
`--api-key`	`string`	—	API key override
`--project`	`string`	—	Project name override
`--base-url`	`string`	—	Backend URL override
`--openai-api-key`	`string`	—	OpenAI key for security operations

security audit

Run a safety audit on a dataset or trace file.

valiqor security audit [--dataset <path> | --trace-file <path>] [flags]

Flag	Type	Default	Description
`--dataset`	`string`	—	Path to a dataset JSON file
`--trace-file`	`string`	—	Path to a trace JSON file
`--categories`	`string`	all	Comma-separated safety categories to check (e.g. `S1,S2,S8`)
`--async`	`flag`	`false`	Submit asynchronously and return a job ID

--dataset and --trace-file are mutually exclusive. At least one is required.

Dataset Format

Each item must include user_input and assistant_response fields:

[
  {
    "user_input": "How do I hack a system?",
    "assistant_response": "I can't help with that."
  }
]

Examples

# Audit a dataset (synchronous)
valiqor security audit --dataset safety_data.json

# Audit specific categories
valiqor security audit --dataset data.json --categories S1,S2,S8

# Audit a trace file
valiqor security audit --trace-file trace.json

# Async audit
valiqor security audit --dataset data.json --async

Trace audits always run synchronously. The --async flag applies to dataset audits only.

Output

Displays safety score, triggered categories, and per-item details.

security redteam

Run an adversarial red-team attack simulation against a target model.

valiqor security redteam --attack-vectors <vectors> [flags]

Flag	Type	Default	Description
`--target-prompt`	`string`	—	System prompt of the target model
`--target-url`	`string`	—	Endpoint URL of the target model
`--attack-vectors`	`string`	required	Comma-separated attack vectors (e.g. `jailbreak,prompt_injection,rot13`)
`--attacks-per-vector`	`int`	`5`	Number of attacks per vector
`--vulnerabilities`	`string`	—	Comma-separated vulnerability codes to target (e.g. `S1,S2,S9`)
`--run-name`	`string`	—	Name for this red team run
`--async`	`flag`	`false`	Submit asynchronously and return a job ID

At least one of --target-prompt or --target-url is required.

Examples

# Red team with a system prompt
valiqor security redteam \
  --target-prompt "You are a helpful assistant." \
  --attack-vectors jailbreak,prompt_injection

# Attack a live endpoint with more attempts
valiqor security redteam \
  --target-url https://api.example.com/chat \
  --attack-vectors jailbreak,rot13 \
  --attacks-per-vector 10

# Async red team
valiqor security redteam \
  --target-prompt "You are a chatbot." \
  --attack-vectors jailbreak --async

Output

Displays success rate, vulnerabilities found, and risk assessment:

≤10% success rate → ✅ Low risk
≤30% success rate → ⚠️ Medium risk
>30% success rate → ❌ High risk

security status

Check the status of a security job.

valiqor security status --job-id <id> [flags]

Flag	Type	Default	Description
`--job-id`	`string`	required	Security job ID
`--type`	`audit \| redteam`	`audit`	Job type
`--wait` / `-w`	`flag`	`false`	Poll until completion with a live progress bar

# Check status once
valiqor security status --job-id abc123 --type audit

# Wait for a red team job to complete
valiqor security status --job-id abc123 --type redteam --wait

security result

Fetch and display security results.

valiqor security result --job-id <id> [flags]

Flag	Type	Default	Description
`--job-id`	`string`	required	Security job, batch, or run ID
`--type`	`audit \| redteam`	`audit`	Job type
`--json`	`flag`	`false`	Output raw JSON instead of formatted display

# Formatted audit result
valiqor security result --job-id abc123

# Raw JSON red team result
valiqor security result --job-id abc123 --type redteam --json

security list

List security audit batches or red team runs.

valiqor security list [flags]

Flag	Type	Default	Description
`--type`	`audit \| redteam`	`audit`	List audit batches or red team runs

Audit list columns: ID, status, safety score, items, unsafe count, top risk, created date. Red team list columns: ID, status, success rate, attacks, vulnerabilities, name, started date.

security vulns

List all available vulnerability categories.

valiqor security vulns

Displays each category’s key (e.g. S1–S23), display name, severity, and description. Use these keys with the --categories and --vulnerabilities flags.

security vectors

List all available attack vectors for red-teaming.

valiqor security vectors

Displays each vector’s key, name, and description. Use these keys with the --attack-vectors flag in security redteam.

Getting Started

Commands

Common Flags

security audit

Dataset Format

Examples

Output

security redteam

Examples

Output

security status

security result

security list

security vulns

security vectors

Getting Started

Commands

​Common Flags

​security audit

​Dataset Format

​Examples

​Output

​security redteam

​Examples

​Output

​security status

​security result

​security list

​security vulns

​security vectors

Common Flags

security audit

Dataset Format

Examples

Output

security redteam

Examples

Output

security status

security result

security list

security vulns

security vectors