Provider Configuration
The local engine needs an LLM provider for attack generation and response evaluation, and you bring your own API key. Provider settings resolve in order — CLI flags override environment variables, which override the config file at ~/.humanbound/config.yaml. Six providers are supported (OpenAI, Anthropic Claude, Google Gemini, Azure OpenAI, Grok, and Ollama for fully-local isolation); Azure requires a full endpoint URL with ?api-version=.
Configuration Methods
Provider is resolved in this order (first match wins):
- CLI flags (one-off override)
- Environment variables (CI/CD)
- Config file (
~/.humanbound/config.yaml)
Environment Variables
export HB_PROVIDER=openai
export HB_API_KEY=sk-proj-...
export HB_MODEL=gpt-4.1 # optional, uses provider default
Config File
hb config set provider openai
hb config set api-key sk-proj-...
hb config set model gpt-4.1
# View current config
hb config
Config is stored at ~/.humanbound/config.yaml. Never sent to Humanbound.
Supported Providers
| Provider | HB_PROVIDER |
Key prefix | Notes |
|---|---|---|---|
| OpenAI | openai |
sk- |
GPT-4o, GPT-4.1, etc. |
| Anthropic | claude |
sk-ant- |
Claude 3.5, Claude 4, etc. |
gemini |
Gemini Pro, etc. | ||
| Azure OpenAI | azureopenai |
Requires HB_ENDPOINT with ?api-version= |
|
| Grok (xAI) | grok |
||
| Ollama | ollama |
Not needed | Full local isolation |
Azure OpenAI
Azure requires the full endpoint URL including the api-version:
export HB_PROVIDER=azureopenai
export HB_API_KEY=your-azure-key
export HB_MODEL=gpt-4.1
export HB_ENDPOINT="https://your-resource.openai.azure.com/openai/deployments/your-deployment/chat/completions?api-version=2025-01-01-preview"
Ollama (Full Isolation)
For zero external network calls — everything runs locally:
# Start ollama
ollama serve
ollama pull llama3.1:8b
# Configure
export HB_PROVIDER=ollama
export HB_MODEL=llama3.1:8b
# Run test (only calls: your bot + local ollama)
hb test --endpoint ./config.json --scope ./scope.json --wait
Ollama quality
Local models produce lower-quality attacks and evaluations than GPT-4 or Claude. For best results, use a cloud provider. Use ollama when isolation is more important than accuracy.
After Login: Humanbound Provider
When logged in, every Humanbound account includes an LLM provider — no external API key required. Tests run on the platform automatically use it:
hb login
hb connect --endpoint ./config.json
hb test --wait
# Uses Humanbound's LLM provider — no HB_PROVIDER or HB_API_KEY needed
You can still use your own provider on the platform by adding it via hb providers add.
Frequently asked questions
Which LLM providers does Humanbound support?
Humanbound supports OpenAI, Anthropic (Claude), Google (Gemini), Azure OpenAI, Grok (xAI), and Ollama. Ollama requires no API key and runs fully locally.
How do I configure my LLM provider?
Provider configuration is resolved in order — CLI flags first, then environment variables (e.g., HB_PROVIDER, HB_API_KEY), then the config file at ~/.humanbound/config.yaml. The config file is set via hb config set provider and hb config set api-key.
How do I configure Azure OpenAI with Humanbound?
Set HB_PROVIDER=azureopenai, provide your Azure API key via HB_API_KEY, and set HB_ENDPOINT to the full deployment URL including ?api-version=, for example https://your-resource.openai.azure.com/openai/deployments/your-deployment/chat/completions?api-version=2025-01-01-preview.
Can I run Humanbound with no external API calls at all?
Yes — use Ollama. Set HB_PROVIDER=ollama and HB_MODEL=llama3.1:8b, start ollama serve, and tests will only call your bot and the local Ollama instance. Note that local models produce lower-quality attacks than cloud providers.