Local-first benchmarking for evaluating LLMs on cybersecurity tasks, with optional anonymous sharing to a public leaderboard.
- Install deps:
npm install - Run dev server:
npm run dev - Open:
http://localhost:3000
Uploads and the public leaderboard require Postgres.
- Copy
.env.example→.env.localand setDATABASE_URL(keep.env.localprivate) - Create tables:
npm run db:push
Neon tip: use the pooled URL for DATABASE_URL, and use the unpooled URL for DATABASE_URL_UNPOOLED if
db:push fails due to pooling/pgbouncer limitations.
The repo includes a downloadable Node.js runner at public/ocla-runner.mjs.
- Prompt pack:
public/prompt-packs/ocla-safe-v1.json - Runner hash pin (generated):
public/ocla-runner.sha256
Example:
node public/ocla-runner.mjs --base-url http://localhost:11434/v1 --model llama3.1 --prompt-pack public/prompt-packs/ocla-safe-v1.json
- The in-browser benchmark runner is designed to keep API keys in the browser (never sent to OCLA server routes).
- The repo ships with a safe example prompt pack. You can import your own prompt packs for internal testing.