generator: vision nims

[leondz]

resolves #691

• New class nim.NIMVision, following the huggingface.LLaVa pattern
• New interstitial method in NIM.NVOpenAIChat that converts prompts to LLM input
• Relax a typing constraint in attempt to allow non-string prompts
• Specific messages for one exception type in OpenAICompatible

Verification

• garak -m nim.NIMVision -n microsoft/phi-3-vision-128k-instruct -p visual_jailbreak.FigStep -g 1 --parallel_attempts 16
• Verify the thing does not do what it should not
• Document check the class doc in nim.NIMVision

Questions:

• Are we OK with the class name?
• Are we OK with the treatment of the oversized files in NIMVision._prepare_prompt() ?
• We need a pattern for modality matching/upgrading -- huggingface.LLaVa now needs strict matching. Tagging Enable more complex prompts #602 for good and Prompt Architecture Enhancement for Better Multi-modal Red Teaming #658.

[erickgalinkin]

LGTM

[jmartin-tech]

Test look good.

arak LLM vulnerability scanner v0.9.0.16.post1 ( https://github.com/leondz/garak ) at 2024-10-28T16:17:57.248817
📜 logging to /home/jemartin/.local/share/garak/garak.log
🦜 loading generator: NIM: microsoft/phi-3-vision-128k-instruct
📜 reporting to /home/jemartin/.local/share/garak/garak_runs/garak.ba3fbd2c-70fd-459f-b938-890b14609e6c.report.jsonl
🕵️  queue of probes: visual_jailbreak.FigStep
visual_jailbreak.FigStep                                                    visual_jailbreak.FigStep: FAIL  ok on   65/  70   (failure rate:   7.14%)
📜 report closed :) /home/jemartin/.local/share/garak/garak_runs/garak.ba3fbd2c-70fd-459f-b938-890b14609e6c.report.jsonl
📜 report html summary being written to /home/jemartin/.local/share/garak/garak_runs/garak.ba3fbd2c-70fd-459f-b938-890b14609e6c.report.html
✔️  garak run complete in 135.21s

garak LLM vulnerability scanner v0.9.0.16.post1 ( https://github.com/leondz/garak ) at 2024-10-28T16:22:59.141907
📜 logging to /home/jemartin/.local/share/garak/garak.log
🦜 loading generator: NIM: microsoft/phi-3-vision-128k-instruct
📜 reporting to /home/jemartin/.local/share/garak/garak_runs/garak.df5ba817-adcb-4660-9c6b-e5507e601dab.report.jsonl
🕵️  queue of probes: encoding.InjectBase64
encoding.InjectBase64                                                           encoding.DecodeMatch: PASS  ok on   55/  55
📜 report closed :) /home/jemartin/.local/share/garak/garak_runs/garak.df5ba817-adcb-4660-9c6b-e5507e601dab.report.jsonl
📜 report html summary being written to /home/jemartin/.local/share/garak/garak_runs/garak.df5ba817-adcb-4660-9c6b-e5507e601dab.report.html
✔️  garak run complete in 7.94s

[jmartin-tech]

This seems reasonable to be in the harness for now, however I see some possible contention as noted in the description questions.

I suspect strict modality matching requirements may lean toward being a responsibility of the probe to define requirements. I suspect the technique employed in the probe will set the requirement for strict match as generators may often support various modalities.

[leondz]

Interested to hear more