1.18.0 (2026-07-06)
Bugs Fixed
-
Evaluators now raise
EvaluationException(instead of bareValueError/TypeError) for input and
configuration validation failures, and consistently setblame=ErrorBlame.USER_ERRORwith an
appropriatecategoryandtarget. Affected evaluators includeContentSafetyEvaluator,
QAEvaluator,RougeScoreEvaluator,DocumentRetrievalEvaluator, the task navigation efficiency
evaluator, and the shared evaluator base (conversation/tool-call input validation). -
Fixed
RedTeam.scan()storing decoded plaintext instead of the actual
encoded payload for converter-based attack strategies (Base64, Flip,
Morse, ROT13, etc.) inevaluation_results.json/results.json. The
persistedconversation[].contentfor user turns now reflects what the
target actually received (converted_value). The pre-converter
adversarial objective is additionally retained as anoriginal_value
field on user messages in the intermediate per-strategy.jsonl
artifacts (it is not surfaced in the customer-facingresults.json,
which continues to expose onlyrole/content/name). Baseline
(non-encoded) strategies are unaffected.
Resolves #47228.