phoenix vs SafetyBench Eval

Accepts distributed traces from LLM applications through a dedicated gRPC server listening on port 4317, implementing the OpenTelemetry Protocol (OTLP) specification. Traces are parsed from protobuf messages, validated, and persisted to PostgreSQL or SQLite with automatic schema migrations. Supports multi-language instrumentation (Python, TypeScript, Go, etc.) without requiring application code changes when using auto-instrumentation libraries.

Unique: Implements native gRPC OTLP server (not HTTP/JSON) with automatic protobuf deserialization and direct database persistence, avoiding the overhead of HTTP protocol conversion that other observability platforms require. Uses OpenTelemetry's standard trace model directly rather than proprietary span formats.

vs alternatives: Faster ingestion than HTTP-based OTLP collectors (gRPC binary protocol) and fully compatible with OpenTelemetry ecosystem, unlike proprietary tracing solutions that require custom instrumentation adapters.

Exposes a Strawberry GraphQL API (on port 6006) that allows complex queries over ingested traces using a schema-driven approach. Queries support filtering by span attributes, trace duration, status codes, and custom dimensions; supports pagination, sorting, and aggregation operations. The GraphQL layer translates queries into optimized SQL against the trace database, enabling efficient retrieval of trace subsets for analysis and debugging without loading entire trace datasets into memory.

Unique: Uses Strawberry GraphQL framework with type-safe schema generation from Python dataclasses, enabling automatic schema validation and IDE autocomplete for query construction. Translates GraphQL queries directly to optimized SQL rather than loading full datasets into memory.

vs alternatives: More flexible than REST APIs for complex filtering scenarios and more efficient than full-dataset retrieval; GraphQL schema is self-documenting and supports introspection for dynamic client generation.

Provides a database abstraction layer supporting both PostgreSQL (production) and SQLite (development/single-instance) backends, with automatic schema migrations managed by Alembic. The abstraction uses SQLAlchemy ORM for database operations, enabling schema changes without manual SQL. Supports connection pooling, transaction management, and query optimization for both backends. Database schema includes tables for spans, traces, evaluations, datasets, and annotations with appropriate indexes for common query patterns.

Unique: Uses SQLAlchemy ORM with Alembic migrations to support multiple database backends with identical schema and query logic, enabling seamless migration between SQLite and PostgreSQL without application code changes. Automatic migration management prevents manual schema drift.

vs alternatives: Dual database support enables development with SQLite (no setup) and production with PostgreSQL (scalability) without code changes; automatic migrations reduce operational burden compared to manual schema management.

Provides a command-line interface for starting the Phoenix server locally, managing database connections, and exporting trace data. CLI commands support starting the server with custom configuration (port, database URL, authentication), running database migrations, exporting traces to CSV/JSON, and importing datasets. The CLI uses Click framework for command definition and supports both interactive and scripted usage.

Unique: Provides a unified CLI for both server management and data operations, enabling users to start Phoenix, manage databases, and export data without writing Python code. Uses Click framework for composable command structure.

vs alternatives: Simpler than Docker/Kubernetes for local development and provides data export capabilities that would otherwise require custom scripts or database queries.

Provides a React-based web UI that visualizes trace execution flows as interactive diagrams showing span hierarchies, timing, and status. The UI displays spans as nodes with parent-child relationships, color-coded by status (success, error, pending), and includes timeline visualization showing span duration and overlap. Users can click spans to view detailed attributes, logs, and events; filter traces by attributes; and navigate between related traces. The frontend communicates with the backend via GraphQL API.

Unique: Implements interactive trace visualization as a React component tree with real-time filtering and detail inspection, using GraphQL subscriptions for live updates. Visualizes span hierarchies and timing relationships in a way that's intuitive for understanding LLM application execution.

vs alternatives: More intuitive than raw JSON trace data or text-based logs for understanding execution flow; interactive filtering enables rapid exploration of large trace datasets without writing queries.

Implements authentication and authorization mechanisms (details in DeepWiki) supporting role-based access control (RBAC) for multi-tenant deployments. Users can be assigned roles (admin, analyst, viewer) with corresponding permissions for reading/writing traces, evaluations, and datasets. Authentication supports API keys and optional OAuth2/OIDC integration. Authorization is enforced at the API layer (GraphQL and REST) and database layer to prevent unauthorized data access.

Unique: Implements RBAC at both API and database layers, ensuring authorization is enforced consistently across GraphQL, REST, and direct database access. Supports both API key and OAuth2/OIDC authentication mechanisms.

vs alternatives: Role-based access control enables multi-tenant deployments where different teams can access the same Phoenix instance with appropriate data isolation, unlike single-user deployments.

Provides a Python-based evaluation system (arize-phoenix-evals package) that runs structured evaluators against LLM outputs to measure quality, correctness, and safety. Evaluators are composable functions that accept input/output pairs and return structured scores or classifications. The framework supports both built-in evaluators (hallucination detection, relevance scoring, toxicity detection) and custom user-defined evaluators; results are stored as annotations on spans and can be aggregated across datasets for statistical analysis.

Unique: Implements evaluators as composable, reusable functions with a standardized interface (input/output → score) that can be chained and parallelized. Integrates evaluation results directly as span annotations, enabling correlation between execution traces and quality metrics without separate storage systems.

vs alternatives: Tightly integrated with trace data (evaluations are stored as span annotations) unlike standalone evaluation tools, enabling direct correlation between execution details and quality scores; supports both LLM-based and custom evaluators in a unified framework.

Provides a prompt management system that stores prompt templates with version history, enabling A/B testing and experimentation. Prompts are stored in the database with metadata (model, parameters, tags) and can be retrieved by version or tag. The system tracks which prompt version was used for each LLM call via span attributes, allowing correlation between prompt changes and output quality metrics. Experiments can be defined to compare multiple prompt versions against the same dataset of inputs.

Unique: Integrates prompt versioning directly with trace data, storing prompt version references in span attributes and enabling automatic correlation with evaluation results. Supports experiment definition as a first-class concept with built-in comparison logic across prompt versions.

vs alternatives: Unlike standalone prompt management tools, Phoenix correlates prompt versions with actual execution traces and quality metrics, enabling data-driven prompt optimization rather than manual comparison.

Evaluates LLM safety across 7 distinct categories (offensiveness, unfairness, physical health, mental health, illegal activities, ethics, privacy) using 11,435 curated multiple-choice questions available in both Chinese and English. The benchmark constructs category-specific prompts, sends them to target models, extracts predicted answers from model responses, and compares against ground-truth labels (0->A, 1->B, 2->C, 3->D) to compute accuracy metrics per category and overall safety score.

Unique: Combines 11,435 questions across 7 safety categories with explicit Chinese-English parallel coverage and a filtered subset (test_zh_subset.json) for sensitive keyword handling, enabling systematic cross-lingual safety assessment. Uses category-stratified few-shot examples (5 per category) to support both zero-shot and five-shot evaluation paradigms within a single framework.

vs alternatives: Larger and more category-diverse than single-domain safety benchmarks (e.g., ToxiGen for toxicity only), and explicitly supports Chinese alongside English, addressing a gap in multilingual safety evaluation infrastructure.

Supports two distinct evaluation paradigms: zero-shot (questions presented directly without examples) and five-shot (5 category-specific examples provided before each test question). The framework conditionally constructs prompts using dev_en.json/dev_zh.json few-shot examples or omits them entirely, allowing researchers to measure how in-context learning affects safety performance. Prompt templates are language-aware and can be customized per model to improve answer extraction accuracy.

Unique: Provides curated few-shot examples stratified by safety category (5 per category) rather than random sampling, ensuring balanced representation of each harm type. Prompt templates are explicitly customizable per model (e.g., evaluate_baichuan.py shows Baichuan-specific extraction logic), acknowledging that different architectures require different prompting strategies.

vs alternatives: More systematic than ad-hoc few-shot selection; category-stratified examples ensure consistent coverage of all safety dimensions rather than potentially biased random sampling.

Manages parallel Chinese and English datasets (test_en.json, test_zh.json, dev_en.json, dev_zh.json) with a filtered Chinese subset (test_zh_subset.json, 300 questions per category) for sensitive keyword handling. Data acquisition uses Hugging Face hosting with dual download methods (shell script download_data.sh or Python download_data.py with datasets library). Each question maintains consistent structure (id, category, question, options, answer) across languages, enabling direct cross-lingual comparison of model safety performance.

Unique: Provides both full Chinese dataset (test_zh.json) and a filtered subset (test_zh_subset.json with 300 questions per category) explicitly designed to avoid sensitive keywords, addressing practical concerns about evaluating on content that may trigger platform policies. Dual download methods (shell script and Python) reduce friction for different user workflows.

vs alternatives: More comprehensive multilingual coverage than English-only benchmarks; filtered subset is a pragmatic addition for teams needing to evaluate without policy violations.

Computes accuracy metrics per safety category (offensiveness, unfairness, physical health, mental health, illegal activities, ethics, privacy) and aggregates to an overall safety score. Supports standardized leaderboard submission via JSON format (question_id -> predicted_answer). Metrics are computed by comparing predicted answers (extracted from model responses) against ground-truth labels, enabling fine-grained analysis of which safety dimensions a model excels or fails on. Results can be submitted to llmbench.ai/safety leaderboard for public comparison.

Unique: Stratifies metrics across 7 explicit safety categories rather than computing a single aggregate score, enabling fine-grained diagnosis of safety weaknesses. Leaderboard integration (llmbench.ai/safety) provides public benchmarking infrastructure, creating accountability and enabling direct model comparison.

vs alternatives: Category-level metrics provide more actionable insights than single-number safety scores; leaderboard integration drives standardization and reproducibility across the research community.

Implements a standardized evaluation pipeline (exemplified in evaluate_baichuan.py) that constructs prompts, sends them to a target model via API or local inference, extracts predicted answers from model responses using model-specific parsing logic, and validates extracted answers against expected format (0->A, 1->B, 2->C, 3->D). The pipeline handles model-specific response formats and can be customized per model architecture. Supports batch evaluation of all 11,435 questions with error handling and logging.

Unique: Provides a concrete, model-specific evaluation implementation (evaluate_baichuan.py) that can be forked and adapted, rather than just a dataset. Acknowledges that different models require different answer extraction logic and provides a template for customization. Supports both zero-shot and few-shot evaluation within the same pipeline.

vs alternatives: More practical than dataset-only benchmarks because it includes reference evaluation code; reduces barrier to entry for teams without evaluation infrastructure.

Defines a structured taxonomy of 7 safety categories (offensiveness, unfairness, physical health, mental health, illegal activities, ethics, privacy) and curates 11,435 diverse multiple-choice questions mapped to these categories. Each question is designed to test whether a model correctly handles or refuses harmful content within that category. The taxonomy is explicit and mutually exclusive, enabling fine-grained safety analysis. Questions are curated to be challenging and representative of real-world safety concerns.

Unique: Explicitly defines 7 non-overlapping safety categories and curates 11,435 questions to cover them systematically, providing a structured taxonomy rather than ad-hoc safety testing. The taxonomy is comprehensive enough to cover major harm types (physical, mental, legal, ethical, privacy) while remaining tractable for evaluation.

vs alternatives: More comprehensive and structured than single-category benchmarks (e.g., toxicity-only); provides a holistic safety assessment framework that aligns with regulatory and safety research perspectives.

Provides two download methods for SafetyBench datasets: shell script (download_data.sh) and Python script (download_data.py using Hugging Face datasets library). The architecture leverages Hugging Face Hub for dataset hosting and distribution, enabling one-command dataset acquisition with automatic decompression and directory structure creation. The Python method uses the datasets library for programmatic access, supporting integration into automated evaluation pipelines without manual file management.

Unique: Provides dual download methods (shell script and Python) leveraging Hugging Face Hub for distribution, enabling both manual and programmatic dataset acquisition with automatic decompression and directory structure creation.

vs alternatives: More convenient than manual downloads by providing automated acquisition scripts, and more reproducible than email-based dataset distribution by using Hugging Face Hub as a stable, versioned repository

Computes accuracy metrics stratified by safety category, enabling per-dimension performance analysis. The evaluation pipeline aggregates predictions across all questions in each category (offensiveness, unfairness, physical health, mental health, illegal activities, ethics, privacy) and computes category-specific accuracy scores. This architecture enables identification of category-specific vulnerabilities (e.g., a model may be robust on ethics but weak on physical health) without requiring separate evaluation runs.

Unique: Automatically stratifies accuracy metrics by safety category, enabling fine-grained vulnerability analysis without requiring separate evaluation runs. Provides per-category scores that reveal category-specific weaknesses.

vs alternatives: More diagnostic than aggregate safety scores by breaking down performance by harm category, enabling targeted safety improvements rather than black-box optimization