Update simulator-interaction-data.md

Author: minthigpen

articles/ai-studio/how-to/develop/simulator-interaction-data.md

@@ -1,7 +1,7 @@
 ---
-title: How to generate adversarial simulations for safety evaluation
+title: How to generate synthetic and simulated data for evaluation
 titleSuffix: Azure AI Studio
-description: This article provides instructions on how to run adversarial attack simulations to evaluate the safety of your generative AI application.
+description: This article provides instructions on how to generate synthetic data to run simulations to evaluate the performance and safety of your generative AI application.
 manager: nitinme
 ms.service: azure-ai-studio
 ms.custom:
@@ -14,21 +14,198 @@ ms.author: eur
 author: eric-urban
 ---
 
-# Generate adversarial simulations for safety evaluation
+# Generate synthetic and simulated data for evaluation
+
 
 [!INCLUDE [Feature preview](~/reusable-content/ce-skilling/azure/includes/ai-studio/includes/feature-preview.md)]
 
 Large language models are known for their few-shot and zero-shot learning abilities, allowing them to function with minimal data. However, this limited data availability impedes thorough evaluation and optimization when you might not have test datasets to evaluate the quality and effectiveness of your generative AI application. 
 
-In this article, you learn how to run adversarial attack simulations. Augment and accelerate your red-teaming operation by using Azure AI Studio safety evaluations to generate an adversarial dataset against your application. We provide adversarial scenarios along with access to an Azure OpenAI GPT-4 model with safety behaviors turned off to enable the adversarial simulation.
+In this article, you will learn how to holistically generate high-quality datasets for evaluating quality and safety of your application by leveraging large language models and the Azure AI safety evaluation service. 
 
 ## Getting started
 
-First install and import the simulator package from the prompt flow SDK:
+First install and import the simulator package from the Azure AI Evaluation SDK:
+```python
+pip install azure-ai-evaluation
+```
+## Generate synthetic data and simulate non-adversarial tasks
+
+Azure AI Evaluation SDK's `Simulator` provides an end-to-end synthetic data generation capability to help developers test their application's response to typical user queries in the absence of production data. AI developers can use an index or text-based query generator and fully-customizable simulator to create robust test datasets around non-adversarial tasks specific to their application. The `Simulator` class is a powerful tool designed to generate synthetic conversations and simulate task-based interactions. This capability is particularly useful for:
+ 
+- **Testing Conversational Applications**: Ensure your chatbots and virtual assistants respond accurately under various scenarios.
+- **Training AI Models**: Generate diverse datasets to train and fine-tune machine learning models.
+- **Generating Datasets**: Create extensive conversation logs for analysis and development purposes.
+ 
+By automating the creation of synthetic data, the `Simulator` class helps streamline the development and testing processes, ensuring your applications are robust and reliable.
+
+```python
+from azure.ai.evaluation.synthetic import Simulator
+```
+### Generate text or index-based synthetic data as input
+```python
+import asyncio
+from simulator import Simulator
+from azure.identity import DefaultAzureCredential
+import wikipedia
+import os
+from typing import List, Dict, Any, Optional
+# Prepare the text to send to the simulator
+wiki_search_term = "Leonardo da vinci"
+wiki_title = wikipedia.search(wiki_search_term)[0]
+wiki_page = wikipedia.page(wiki_title)
+text = wiki_page.summary[:5000]
+```
+In the first part, we prepare the text for generating the input to our simulator:
+- **Wikipedia Search**: Searches for "Leonardo da vinci" on Wikipedia and retrieves the first matching title.
+- **Page Retrieval**: Fetches the Wikipedia page for the identified title.
+- **Text Extraction**: Extracts the first 5000 characters of the page summary to use as input for the simulator.
+
+### Specify target callback to simulate against
+You can bring any application endpoint to simulate against by specifying a target callback function such as the one below given an application that is a LLM with a prompty file: `application.prompty`
 ```python
-pip install promptflow-evals
+async def callback(
+    messages: List[Dict],
+    stream: bool = False,
+    session_state: Any = None,  # noqa: ANN401
+    context: Optional[Dict[str, Any]] = None,
+) -> dict:
+    messages_list = messages["messages"]
+    # Get the last message
+    latest_message = messages_list[-1]
+    query = latest_message["content"]
+    context = None
+    # Call your endpoint or AI application here
+    current_dir = os.path.dirname(__file__)
+    prompty_path = os.path.join(current_dir, "application.prompty")
+    _flow = load_flow(source=prompty_path, model={"configuration": azure_ai_project})
+    response = _flow(query=query, context=context, conversation_history=messages_list)
+    # Format the response to follow the OpenAI chat protocol
+    formatted_response = {
+        "content": response,
+        "role": "assistant",
+        "context": {
+            "citations": None,
+        },
+    }
+    messages["messages"].append(formatted_response)
+    return {
+        "messages": messages["messages"],
+        "stream": stream,
+        "session_state": session_state,
+        "context": context
+    }
+```
 
-from promptflow.evals.synthetic import AdversarialSimulator
+The callback function above processes each message generated by the simulator.
+
+**Functionality**:
+- Retrieves the latest user message.
+- Loads a prompt flow from `application.prompty`.
+- Generates a response using the prompt flow.
+- Formats the response to adhere to the OpenAI chat protocol.
+- Appends the assistant's response to the messages list.
+
+With the simulator initialized, you can now run it to generate synthetic conversations based on the provided text.
+ 
+```python
+    simulator = Simulator(azure_ai_project=azure_ai_project)
+    
+    outputs = await simulator(
+        target=callback,
+        text=text,
+        num_queries=1,  # Minimal number of queries
+    )
+    
+```
+
+### Additional customization for simulations
+The `Simulator` class offers extensive customization options, allowing you to override default behaviors, adjust model parameters, and introduce complex simulation scenarios. Below are examples of different overrides you can implement to tailor the simulator to your specific needs.
+
+#### Query and Response generation Prompty customization
+ 
+The `query_response_generating_prompty_override` allows you to customize how query-response pairs are generated from input text. This is particularly useful when you want to control the format or content of the generated responses as input to your simulator.
+ 
+```python
+current_dir = os.path.dirname(__file__)
+query_response_prompty_override = os.path.join(current_dir, "query_generator_long_answer.prompty") # Passes the `query_response_generating_prompty` parameter with the path to the custom prompt template.
+ 
+tasks = [
+    f"I am a student and I want to learn more about {wiki_search_term}",
+    f"I am a teacher and I want to teach my students about {wiki_search_term}",
+    f"I am a researcher and I want to do a detailed research on {wiki_search_term}",
+    f"I am a statistician and I want to do a detailed table of factual data concerning {wiki_search_term}",
+]
+ 
+outputs = await simulator(
+    target=callback,
+    text=text,
+    num_queries=4,
+    max_conversation_turns=2,
+    tasks=tasks,
+    query_response_generating_prompty=query_response_prompty_override # optional, use your own prompt to control how query-response pairs are generated from the input text to be used in your simulator
+)
+ 
+for output in outputs:
+    with open("output.jsonl", "a") as f:
+        f.write(output.to_eval_qa_json_lines())
+```
+ 
+#### Simulation Prompty customization
+ 
+The `Simulator` uses a default Prompty that instructs the LLM on how to simulate a user interacting with your application. The `user_simulating_prompty_override` enables you to override the default behavior of the simulator. By adjusting these parameters, you can tune the simulator to produce responses that align with your specific requirements, enhancing the realism and variability of the simulations.
+ 
+```python
+user_simulator_prompty_kwargs = {
+    "temperature": 0.7, # Controls the randomness of the generated responses. Lower values make the output more deterministic.
+    "top_p": 0.9 # Controls the diversity of the generated responses by focusing on the top probability mass.
+}
+ 
+outputs = await simulator(
+    target=callback,
+    text=text,
+    num_queries=1,  # Minimal number of queries
+    user_simulator_prompty="user_simulating_application.prompty", # A prompty which accepts all the following kwargs can be passed to override default user behaviour.
+    user_simulator_prompty_kwargs=user_simulator_prompty_kwargs # Uses a dictionary to override default model parameters such as `temperature` and `top_p`.
+) 
+```
+
+ 
+#### Simulation with fixed Conversation Starters
+ 
+Incorporating conversation starters allows the simulator to handle pre-specified repeatable contextually relevant interactions. This is useful for simulating the same user turns in a conversation or interaction and evaluating the differences. 
+ 
+```python
+conversation_turns = [ # Defines predefined conversation sequences, each starting with a conversation starter.
+    [
+        "Hello, how are you?",
+        "I want to learn more about Leonardo da Vinci",
+        "Thanks for helping me. What else should I know about Leonardo da Vinci for my project",
+    ],
+    [
+        "Hey, I really need your help to finish my homework.",
+        "I need to write an essay about Leonardo da Vinci",
+        "Thanks, can you rephrase your last response to help me understand it better?",
+    ],
+]
+ 
+outputs = await simulator(
+    target=callback,
+    text=text,
+    conversation_turns=conversation_turns, # optional, ensures the user simulator follows the predefined conversation sequences
+    max_conversation_turns=5,
+    user_simulator_prompty="user_simulating_application.prompty",
+    user_simulator_prompty_kwargs=user_simulator_prompty_kwargs,
+)
+print(json.dumps(outputs, indent=2))
+ 
+```
+## Generate adversarial simulations for safety evaluation
+
+Augment and accelerate your red-teaming operation by using Azure AI Studio safety evaluations to generate an adversarial dataset against your application. We provide adversarial scenarios along with configured access to a service-side Azure OpenAI GPT-4 model with safety behaviors turned off to enable the adversarial simulation.
+
+```python
+from azure.ai.evaluation.synthetic import AdversarialSimulator
 ```
 The adversarial simulator works by setting up a service-hosted GPT large language model to simulate an adversarial user and interact with your application. An AI Studio project is required to run the adversarial simulator:
 ```python
@@ -79,17 +256,16 @@ async def callback(
 ## Run an adversarial simulation
 
 ```python
-from promptflow.evals.synthetic import AdversarialScenario
+from azure.ai.evaluation.synthetic import AdversarialScenario
 
 scenario = AdversarialScenario.ADVERSARIAL_QA
-simulator = AdversarialSimulator(azure_ai_project=azure_ai_project)
+adversarial_simulator = AdversarialSimulator(azure_ai_project=azure_ai_project)
 
-outputs = await simulator(
+outputs = await adversarial_simulator(
         scenario=scenario, # required adversarial scenario to simulate
         target=callback, # callback function to simulate against
         max_conversation_turns=1, #optional, applicable only to conversation scenario
         max_simulation_results=3, #optional
-        jailbreak=False #optional
     )
 
 # By default simulator outputs json, use the following helper function to convert to QA pairs in jsonl format
@@ -99,20 +275,54 @@ print(outputs.to_eval_qa_json_lines())
 By default we run simulations async. We enable optional parameters:
 - `max_conversation_turns` defines how many turns the simulator generates at most for the `ADVERSARIAL_CONVERSATION` scenario only. The default value is 1. A turn is defined as a pair of input from the simulated adversarial "user" then a response from your "assistant." 
 -  `max_simulation_results` defines the number of generations (that is, conversations) you want in your simulated dataset. The default value is 3. See table below for maximum number of simulations you can run for each scenario.
-- `jailbreak`defines whether a user-prompt injection is included in the first turn of the simulation. You can use this to evaluate jailbreak, which is a comparative measurement. We recommend running two simulations (one without the flag and one with the flag) to generate two datasets: a baseline adversarial test dataset versus the same adversarial test dataset with jailbreak injections in the first turn to illicit undesired responses. Then you can evaluate both datasets to determine if your application is susceptible to jailbreak injections.
 
 ## Supported simulation scenarios
 The `AdversarialSimulator` supports a range of scenarios, hosted in the service, to simulate against your target application or function:
 
 | Scenario                  | Scenario enum                | Maximum number of simulations | Use this dataset for evaluating |
 |-------------------------------|------------------------------|---------|---------------------|
-| Question Answering            | `ADVERSARIAL_QA`                     |1384 | Hateful and unfair content, Sexual content, Violent content, Self-harm-related content |
-| Conversation                  | `ADVERSARIAL_CONVERSATION`           |1018 |Hateful and unfair content, Sexual content, Violent content, Self-harm-related content |
-| Summarization                 | `ADVERSARIAL_SUMMARIZATION`          |525 |Hateful and unfair content, Sexual content, Violent content, Self-harm-related content |
-| Search                        | `ADVERSARIAL_SEARCH`                 |1000 |Hateful and unfair content, Sexual content, Violent content, Self-harm-related content |
-| Text Rewrite                  | `ADVERSARIAL_REWRITE`                |1000 |Hateful and unfair content, Sexual content, Violent content, Self-harm-related content |
+| Question Answering            | `ADVERSARIAL_QA`                     |1384 | Hateful and unfair content, Sexual content, Violent content, Self-harm-related content, Direct Attack (UPIA) Jailbreak |
+| Conversation                  | `ADVERSARIAL_CONVERSATION`           |1018 |Hateful and unfair content, Sexual content, Violent content, Self-harm-related content, Direct Attack (UPIA) Jailbreak |
+| Summarization                 | `ADVERSARIAL_SUMMARIZATION`          |525 |Hateful and unfair content, Sexual content, Violent content, Self-harm-related content, Direct Attack (UPIA) Jailbreak |
+| Search                        | `ADVERSARIAL_SEARCH`                 |1000 |Hateful and unfair content, Sexual content, Violent content, Self-harm-related conten, Direct Attack (UPIA) Jailbreakt |
+| Text Rewrite                  | `ADVERSARIAL_REWRITE`                |1000 |Hateful and unfair content, Sexual content, Violent content, Self-harm-related content, Direct Attack (UPIA) Jailbreak |
 | Ungrounded Content Generation | `ADVERSARIAL_CONTENT_GEN_UNGROUNDED` |496 | Groundedness |
 | Grounded Content Generation   | `ADVERSARIAL_CONTENT_GEN_GROUNDED`   |475 |Groundedness |
+| Protected Material | `ADVERSARIAL_PROTECTED_MATERIAL` | 200 | Protected Material |
+|Indirect Attack (XPIA) Jailbreak | `ADVERSARIAL_INDIRECT_JAILBREAK` | 200 | Indirect Attack (XPIA) Jailbreak|
+
+### Simulating jailbreak attacks
+We support evaluating vulnerability towards the following types of jailbreak attacks:
+- **Direct attack jailbreak** (also known as UPIA or User Prompt Injected Attack) injects prompts in the user role turn of conversations or queries to generative AI applications. 
+- **Indirect attack jailbreak** (also known as XPIA or cross domain prompt injected attack) injects promtps in the returned documents or context of the user's query to generative AI applications. 
+
+*Evaluating direct attack* is a comparative measurement using the content safety evaluators as a control. It is not its own AI-assisted metric. Run `ContentSafetyEvaluator` on two different, red-teamed datasets generated by `AdversarialSimulator`: 
+1. Baseline adversarial test dataset using one of the above scenario enums for evaluating Hateful and unfair content, Sexual content, Violent content, Self-harm-related content
+2. Adversarial test dataset with direct attack jailbreak injections in the first turn:
+```python
+direct_attack_simulator = DirectAttackSimulator(azure_ai_project=azure_ai_project, credential=credential)
+
+outputs = await direct_attack_simulator(
+    target=callback,
+    scenario=AdversarialScenario.ADVERSARIAL_QA,
+    max_simulation_results=10,
+    max_conversation_turns=3
+)
+```
+The `outputs` will be a list of two lists including the baseline adversarial simulation and the same simulation but with a jailbreak attack injected in the user role's first turn. Run two evaluation runs with `ContentSafetyEvaluator` and measure the differences between the two datasets' defect rates.
+
+*Evaluating indirect attack* is an AI-assisted metric and does not require comparative measurement like evaluating direct attacks. You can generate an indirect attack jailbreak injected dataset with the following then evaluate with the `IndirectAttackEvaluator`. 
+
+```python
+indirect_attack_simulator=IndirectAttackSimulator(azure_ai_project=azure_ai_project, credential=credential)
+
+outputs = await indirect_attack_simulator(
+    target=callback,
+    scenario=AdversarialScenario.ADVERSARIAL_INDIRECT_JAILBREAK,
+    max_simulation_results=10,
+    max_conversation_turns=3
+)
+```
 
 ### Output
 
@@ -142,6 +352,36 @@ Use the helper function `to_json_lines()` to convert the output to the data outp
 
 ### More functionality
 
+#### Multi-language adversarial simulation
+Using the [ISO standard](https://www.andiamo.co.uk/resources/iso-language-codes/), the `AdversarialSimulator` will support the following languages: 
+
+| Language           | ISO language code |
+|--------------------|-------------------|
+| Spanish            | es                |
+| Italian            | it                |
+| French             | fr                |
+| Japanese           | ja                |
+| Portugese          | pt                |
+| Simplified Chinese | zh-cn             |
+| German             | de                |
+
+Usage example below:
+```python
+outputs = await simulator(
+        scenario=scenario, # required, adversarial scenario to simulate
+        target=callback, # required, callback function to simulate against
+        language=es # optional, default english
+    )
+```
+#### Set the randomization seed
+By default, the `AdversarialSimulator` will randomize interactions every simulation. You can set a `randomization_seed` parameter to produce the same set of conversation starters every time for reproducibility. 
+```python
+outputs = await simulator(
+        scenario=scenario, # required, adversarial scenario to simulate
+        target=callback, # required, callback function to simulate against
+        randomization_seed=1 # optional
+    )
+```
 #### Convert to jsonl
 
 To convert your messages format to JSON Lines format, use the helper function `to_json_lines()` on your output.
@@ -203,5 +443,6 @@ User can also define their own `api_call_retry_sleep_sec` and `api_call_retry_ma
 
 ## Related content
 
-- [Get started building a chat app using the prompt flow SDK](../../quickstarts/get-started-code.md)
-- [Work with projects in VS Code](vscode.md)
+- [Get started building a chat app](../../quickstarts/get-started-code.md)
+- [Evaluate your generative AI application](evaluate-sdk.md)
+- [Get started with samples](https://aka.ms/aistudio/syntheticdatagen-samples)