DSPy 程序化 Prompt 优化

DSPy:把 LLM 程序写成可组合 Module + 声明式 Signature 的 Python 框架。通过 14 个 teleprompter(optimizer)从 train + dev 集自动编译 prompt 与 few-shot demo。

✓ 0 人报告成功·v0.1.0·

晶体简介

DSPy 是把 LLM 程序写成可组合 Module + 声明式 Signature 的 Python 框架(github.com/stanfordnlp/dspy)。可插拔 Adapter 格式化消息和解析响应;LM 客户端层包装 LiteLLM 提供统一 provider 访问;14 个 teleprompter (optimizer)类从 train + dev 集自动编译 prompt 和 few-shot demo。 下层是 2 层缓存(LRUCache 内存 + diskcache FanoutCache 磁盘)和 3 层遥测(Settings.trace、Module.history、usage_tracker)。Settings 是进程级单例,通过 ContextVar 提供线程局部覆盖。 本 skill 自带 44 条约束(含 8 条 fatal),覆盖典型踩坑:默认 Cache(restrict_pickle=False) + diskcache pickle.load 在被污染的~/.dspy_cache shard 上等于 RCE(无用户 opt-in)、MIPROv2 估算 LM 调用数但不在超预算时中止(静默失控成本)、BootstrapFewShot 在 metric_threshold 为 None(默认)时接受任何 truthy 标量(包括 0.51)等。宿主 AI 自动应用。

Blueprint Source

finance-bp-137

stanfordnlp/dspyda4ae191 source file

Constraints

8total
8fatal
8 must-not-violate

Evidence Quality

Confidence90%

High confidence — strong evidence base

8 条不可违反的约束

FATALdomain_ruledspy-C-001

WHENWhen configuring DSPy in any production / multi-tenant / shared-CI environment that points DSPY_CACHEDIR (or default ~/.dspy_cache) at a writable shared location

ACTIONcall dspy.configure_cache(restrict_pickle=True) (and register safe_types as needed) so the global Cache instance routes diskcache reads through the restricted unpickler in dspy/clients/disk_serialization.py

CONSEQUENCEDefault Cache(restrict_pickle=False) at clients/__init__.py:88 routes Cache.get() through diskcache pickle.load WITHOUT a restricted unpickler; a poisoned ~/.dspy_cache shard (CI shared volume, dependency confusion, multi-tenant host) triggers arbitrary code execution at fetch time with NO user opt-in

FATALclaim_boundarydspy-C-002

WHENWhen writing tutorials / SKILL configs / setup scripts that load saved DSPy programs or memory caches (BaseModule.load / dspy.load / Settings.load / Cache.load_memory_cache)

ACTIONrecommend or default-set allow_pickle=True without documenting source provenance verification — every public .load(...) defaults allow_pickle=False; tutorials that flip the default normalize disabling the framework-side gate

CONSEQUENCEBaseModule.load:268-271, dspy.load saving.py:39-40, Settings.load:298-315, Cache.load_memory_cache:201-206 each gate cloudpickle.load behind allow_pickle=False default. A tutorial-recommended allow_pickle=True silently turns those gates into theater, enabling RCE via attacker-supplied .pkl bundles

FATALoperational_lessondspy-C-003

WHENWhen launching MIPROv2 (or any prompt-optimization run) on a paid LM provider

ACTIONcompute the cost ceiling explicitly from num_candidates, num_trials, num_predictors, and valset size BEFORE calling teleprompter.compile() — MIPROv2._estimate_lm_calls only PRINTS the estimate; there is no max_total_calls knob

CONSEQUENCEMisconfigured auto='heavy' on 18 candidates × 10 predictors × 1000 valset can burn hundreds of dollars silently in 20 minutes — _estimate_lm_calls at mipro_optimizer_v2.py:355-401 only prints ANSI-colored estimates and returns strings; there is no raise / no abort if estimated > budget

常见问题

讨论 (0)

暂无讨论,成为第一个发言的人吧!

更新历史

v0.1.02026-04-25·贡献者: tangweigang-jpg

v0.1.0: 首次发布到 Doramagic.ai。基于 stanfordnlp/dspy 的 LLM 程序优化框架,中英双语 + 44 条 anti-pattern 约束(8 条 fatal)+ 3 条 FAQ。

v0.1.02026-04-25·贡献者: tangweigang-jpg

v0.1.0: 首次发布到 Doramagic.ai。基于 stanfordnlp/dspy 的 LLM 程序优化框架,中英双语 + 44 条 anti-pattern 约束(8 条 fatal)+ 3 条 FAQ。