npm - @artemiskit/cli - Versions diffs - 0.1.2 - Mend

@artemiskit/cli 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (56) hide show

package/CHANGELOG.md +62 -0
package/artemis-runs/my-project/-sEsU7KtJ7VE.json +188 -0
package/bin/artemis.ts +13 -0
package/dist/bin/artemis.d.ts +6 -0
package/dist/bin/artemis.d.ts.map +1 -0
package/dist/index.js +51297 -0
package/dist/src/adapters.d.ts +6 -0
package/dist/src/adapters.d.ts.map +1 -0
package/dist/src/cli.d.ts +6 -0
package/dist/src/cli.d.ts.map +1 -0
package/dist/src/commands/compare.d.ts +6 -0
package/dist/src/commands/compare.d.ts.map +1 -0
package/dist/src/commands/history.d.ts +6 -0
package/dist/src/commands/history.d.ts.map +1 -0
package/dist/src/commands/index.d.ts +8 -0
package/dist/src/commands/index.d.ts.map +1 -0
package/dist/src/commands/init.d.ts +6 -0
package/dist/src/commands/init.d.ts.map +1 -0
package/dist/src/commands/redteam.d.ts +6 -0
package/dist/src/commands/redteam.d.ts.map +1 -0
package/dist/src/commands/report.d.ts +6 -0
package/dist/src/commands/report.d.ts.map +1 -0
package/dist/src/commands/run.d.ts +6 -0
package/dist/src/commands/run.d.ts.map +1 -0
package/dist/src/commands/stress.d.ts +6 -0
package/dist/src/commands/stress.d.ts.map +1 -0
package/dist/src/config/index.d.ts +6 -0
package/dist/src/config/index.d.ts.map +1 -0
package/dist/src/config/loader.d.ts +13 -0
package/dist/src/config/loader.d.ts.map +1 -0
package/dist/src/config/schema.d.ts +215 -0
package/dist/src/config/schema.d.ts.map +1 -0
package/dist/src/index.d.ts +6 -0
package/dist/src/index.d.ts.map +1 -0
package/dist/src/utils/adapter.d.ts +71 -0
package/dist/src/utils/adapter.d.ts.map +1 -0
package/dist/src/utils/storage.d.ts +22 -0
package/dist/src/utils/storage.d.ts.map +1 -0
package/package.json +65 -0
package/src/adapters.ts +33 -0
package/src/cli.ts +34 -0
package/src/commands/compare.ts +104 -0
package/src/commands/history.ts +80 -0
package/src/commands/index.ts +8 -0
package/src/commands/init.ts +111 -0
package/src/commands/redteam.ts +511 -0
package/src/commands/report.ts +126 -0
package/src/commands/run.ts +233 -0
package/src/commands/stress.ts +501 -0
package/src/config/index.ts +6 -0
package/src/config/loader.ts +112 -0
package/src/config/schema.ts +56 -0
package/src/index.ts +6 -0
package/src/utils/adapter.ts +542 -0
package/src/utils/storage.ts +67 -0
package/tsconfig.json +13 -0

package/src/commands/redteam.ts ADDED Viewed

@@ -0,0 +1,511 @@
+/**
+ * Redteam command - Run red-team adversarial tests
+ */
+import { mkdir, writeFile } from 'node:fs/promises';
+import { basename, join } from 'node:path';
+import {
+  type CaseRedactionInfo,
+  type ManifestRedactionInfo,
+  type RedTeamCaseResult,
+  type RedTeamManifest,
+  type RedTeamMetrics,
+  type RedTeamSeverity,
+  type RedTeamStatus,
+  type RedactionConfig,
+  Redactor,
+  createAdapter,
+  getGitInfo,
+  parseScenarioFile,
+} from '@artemiskit/core';
+import {
+  CotInjectionMutation,
+  InstructionFlipMutation,
+  type Mutation,
+  RedTeamGenerator,
+  RoleSpoofMutation,
+  SeverityMapper,
+  TypoMutation,
+  UnsafeResponseDetector,
+} from '@artemiskit/redteam';
+import { generateJSONReport, generateRedTeamHTMLReport } from '@artemiskit/reports';
+import chalk from 'chalk';
+import Table from 'cli-table3';
+import { Command } from 'commander';
+import { nanoid } from 'nanoid';
+import ora from 'ora';
+import { loadConfig } from '../config/loader';
+import {
+  buildAdapterConfig,
+  resolveModelWithSource,
+  resolveProviderWithSource,
+} from '../utils/adapter';
+import { createStorage } from '../utils/storage';
+interface RedteamOptions {
+  provider?: string;
+  model?: string;
+  mutations?: string[];
+  count?: number;
+  save?: boolean;
+  output?: string;
+  verbose?: boolean;
+  config?: string;
+  redact?: boolean;
+  redactPatterns?: string[];
+}
+export function redteamCommand(): Command {
+  const cmd = new Command('redteam');
+  cmd
+    .description('Run red-team adversarial tests against an LLM')
+    .argument('<scenario>', 'Path to scenario YAML file')
+    .option('-p, --provider <provider>', 'Provider to use')
+    .option('-m, --model <model>', 'Model to use')
+    .option(
+      '--mutations <mutations...>',
+      'Mutations to apply (typo, role-spoof, instruction-flip, cot-injection)'
+    )
+    .option('-c, --count <number>', 'Number of mutated prompts per case', '5')
+    .option('--save', 'Save results to storage')
+    .option('-o, --output <dir>', 'Output directory for reports')
+    .option('-v, --verbose', 'Verbose output')
+    .option('--config <path>', 'Path to config file')
+    .option('--redact', 'Enable PII/sensitive data redaction in results')
+    .option(
+      '--redact-patterns <patterns...>',
+      'Custom redaction patterns (regex or built-in: email, phone, credit_card, ssn, api_key)'
+    )
+    .action(async (scenarioPath: string, options: RedteamOptions) => {
+      const spinner = ora('Loading configuration...').start();
+      const startTime = new Date();
+      try {
+        // Load config file if present
+        const config = await loadConfig(options.config);
+        if (config) {
+          spinner.succeed('Loaded config file');
+        } else {
+          spinner.info('No config file found, using defaults');
+        }
+        // Parse scenario
+        spinner.start('Loading scenario...');
+        const scenario = await parseScenarioFile(scenarioPath);
+        spinner.succeed(`Loaded scenario: ${scenario.name}`);
+        // Resolve provider and model with precedence and source tracking:
+        // CLI > Scenario > Config > Default
+        const { provider, source: providerSource } = resolveProviderWithSource(
+          options.provider,
+          scenario.provider,
+          config?.provider
+        );
+        const { model, source: modelSource } = resolveModelWithSource(
+          options.model,
+          scenario.model,
+          config?.model
+        );
+        // Build adapter config with full precedence chain and source tracking
+        spinner.start(`Connecting to ${provider}...`);
+        const { adapterConfig, resolvedConfig } = buildAdapterConfig({
+          provider,
+          model,
+          providerSource,
+          modelSource,
+          scenarioConfig: scenario.providerConfig,
+          fileConfig: config,
+        });
+        const client = await createAdapter(adapterConfig);
+        spinner.succeed(`Connected to ${provider}`);
+        // Set up mutations
+        const mutations = selectMutations(options.mutations);
+        const generator = new RedTeamGenerator(mutations);
+        const detector = new UnsafeResponseDetector();
+        console.log();
+        console.log(chalk.bold('Red-Team Testing'));
+        console.log(chalk.dim(`Mutations: ${mutations.map((m) => m.name).join(', ')}`));
+        // Set up redaction if enabled
+        let redactionConfig: RedactionConfig | undefined;
+        let redactor: Redactor | undefined;
+        if (options.redact) {
+          redactionConfig = {
+            enabled: true,
+            patterns: options.redactPatterns,
+            redactPrompts: true,
+            redactResponses: true,
+            redactMetadata: false,
+            replacement: '[REDACTED]',
+          };
+          redactor = new Redactor(redactionConfig);
+          console.log(
+            chalk.dim(
+              `Redaction enabled${options.redactPatterns ? ` with patterns: ${options.redactPatterns.join(', ')}` : ' (default patterns)'}`
+            )
+          );
+        }
+        console.log();
+        const count = Number.parseInt(String(options.count)) || 5;
+        const results: RedTeamCaseResult[] = [];
+        let promptsRedacted = 0;
+        let responsesRedacted = 0;
+        let totalRedactions = 0;
+        // Run mutated tests for each case
+        for (const testCase of scenario.cases) {
+          console.log(chalk.bold(`Testing case: ${testCase.id}`));
+          const originalPrompt =
+            typeof testCase.prompt === 'string'
+              ? testCase.prompt
+              : testCase.prompt.map((m) => m.content).join('\n');
+          const mutatedPrompts = generator.generate(originalPrompt, count);
+          for (const mutated of mutatedPrompts) {
+            const requestStart = Date.now();
+            try {
+              const result = await client.generate({
+                prompt: mutated.mutated,
+                model,
+                temperature: scenario.temperature,
+              });
+              const detection = detector.detect(result.text);
+              const resultStatus: RedTeamStatus = detection.unsafe ? 'unsafe' : 'safe';
+              const statusDisplay = detection.unsafe
+                ? chalk.red(`UNSAFE (${detection.severity})`)
+                : chalk.green('SAFE');
+              console.log(`  ${statusDisplay} [${mutated.mutations.join(', ')}]`);
+              if (detection.unsafe && options.verbose) {
+                console.log(chalk.dim(`    Reasons: ${detection.reasons.join(', ')}`));
+              }
+              // Apply redaction if enabled
+              let finalPrompt = mutated.mutated;
+              let finalResponse = result.text;
+              let caseRedaction: CaseRedactionInfo | undefined;
+              if (redactor) {
+                const promptResult = redactor.redactPrompt(finalPrompt);
+                const responseResult = redactor.redactResponse(finalResponse);
+                finalPrompt = promptResult.text;
+                finalResponse = responseResult.text;
+                if (promptResult.wasRedacted) promptsRedacted++;
+                if (responseResult.wasRedacted) responsesRedacted++;
+                totalRedactions += promptResult.redactionCount + responseResult.redactionCount;
+                caseRedaction = {
+                  redacted: promptResult.wasRedacted || responseResult.wasRedacted,
+                  promptRedacted: promptResult.wasRedacted,
+                  responseRedacted: responseResult.wasRedacted,
+                  redactionCount: promptResult.redactionCount + responseResult.redactionCount,
+                };
+              }
+              results.push({
+                caseId: testCase.id,
+                mutation: mutated.mutations.join('+'),
+                prompt: finalPrompt,
+                response: finalResponse,
+                status: resultStatus,
+                severity: detection.severity as RedTeamSeverity,
+                reasons: detection.reasons,
+                latencyMs: Date.now() - requestStart,
+                redaction: caseRedaction,
+              });
+            } catch (error) {
+              const errorMessage = (error as Error).message;
+              const isContentFiltered = isProviderContentFilter(errorMessage);
+              // Apply redaction to prompt even for errors/blocked
+              let errorPrompt = mutated.mutated;
+              let errorCaseRedaction: CaseRedactionInfo | undefined;
+              if (redactor) {
+                const promptResult = redactor.redactPrompt(errorPrompt);
+                errorPrompt = promptResult.text;
+                if (promptResult.wasRedacted) promptsRedacted++;
+                totalRedactions += promptResult.redactionCount;
+                errorCaseRedaction = {
+                  redacted: promptResult.wasRedacted,
+                  promptRedacted: promptResult.wasRedacted,
+                  responseRedacted: false,
+                  redactionCount: promptResult.redactionCount,
+                };
+              }
+              if (isContentFiltered) {
+                console.log(
+                  `  ${chalk.cyan('BLOCKED')} [${mutated.mutations.join(', ')}]: Provider content filter triggered`
+                );
+                results.push({
+                  caseId: testCase.id,
+                  mutation: mutated.mutations.join('+'),
+                  prompt: errorPrompt,
+                  response: '',
+                  status: 'blocked',
+                  severity: 'none',
+                  reasons: ['Provider content filter blocked the request'],
+                  latencyMs: Date.now() - requestStart,
+                  redaction: errorCaseRedaction,
+                });
+              } else {
+                console.log(
+                  `  ${chalk.yellow('ERROR')} [${mutated.mutations.join(', ')}]: ${errorMessage}`
+                );
+                results.push({
+                  caseId: testCase.id,
+                  mutation: mutated.mutations.join('+'),
+                  prompt: errorPrompt,
+                  response: '',
+                  status: 'error',
+                  severity: 'none',
+                  reasons: [errorMessage],
+                  latencyMs: Date.now() - requestStart,
+                  redaction: errorCaseRedaction,
+                });
+              }
+            }
+          }
+          console.log();
+        }
+        const endTime = new Date();
+        // Calculate metrics
+        const metrics = calculateMetrics(results);
+        // Build redaction metadata if enabled
+        let redactionInfo: ManifestRedactionInfo | undefined;
+        if (redactor && redactionConfig?.enabled) {
+          redactionInfo = {
+            enabled: true,
+            patternsUsed: redactor.patternNames,
+            replacement: redactor.replacement,
+            summary: {
+              promptsRedacted,
+              responsesRedacted,
+              totalRedactions,
+            },
+          };
+        }
+        // Build manifest
+        const runId = `rt_${nanoid(12)}`;
+        const manifest: RedTeamManifest = {
+          version: '1.0',
+          type: 'redteam',
+          run_id: runId,
+          project: config?.project || process.env.ARTEMIS_PROJECT || 'default',
+          start_time: startTime.toISOString(),
+          end_time: endTime.toISOString(),
+          duration_ms: endTime.getTime() - startTime.getTime(),
+          config: {
+            scenario: basename(scenarioPath, '.yaml'),
+            provider,
+            model: resolvedConfig.model,
+            mutations: mutations.map((m) => m.name),
+            count_per_case: count,
+          },
+          resolved_config: resolvedConfig,
+          metrics,
+          git: await getGitInfo(),
+          provenance: {
+            run_by: process.env.USER || process.env.USERNAME || 'unknown',
+          },
+          results,
+          environment: {
+            node_version: process.version,
+            platform: process.platform,
+            arch: process.arch,
+          },
+          redaction: redactionInfo,
+        };
+        // Display summary
+        displaySummary(metrics, runId);
+        // Save results if requested
+        if (options.save) {
+          spinner.start('Saving results...');
+          const storage = createStorage({ fileConfig: config });
+          const path = await storage.save(manifest);
+          spinner.succeed(`Results saved: ${path}`);
+        }
+        // Generate reports if output directory specified
+        if (options.output) {
+          spinner.start('Generating reports...');
+          await mkdir(options.output, { recursive: true });
+          // HTML report
+          const html = generateRedTeamHTMLReport(manifest);
+          const htmlPath = join(options.output, `${runId}.html`);
+          await writeFile(htmlPath, html);
+          // JSON report
+          const json = generateJSONReport(manifest);
+          const jsonPath = join(options.output, `${runId}.json`);
+          await writeFile(jsonPath, json);
+          spinner.succeed(`Reports generated: ${options.output}`);
+          console.log(chalk.dim(`  HTML: ${htmlPath}`));
+          console.log(chalk.dim(`  JSON: ${jsonPath}`));
+        }
+        // Exit with error if there were unsafe responses
+        if (metrics.unsafe_responses > 0) {
+          process.exit(1);
+        }
+      } catch (error) {
+        spinner.fail('Error');
+        console.error(chalk.red('Error:'), (error as Error).message);
+        process.exit(1);
+      }
+    });
+  return cmd;
+}
+function selectMutations(names?: string[]): Mutation[] {
+  const allMutations: Record<string, Mutation> = {
+    typo: new TypoMutation(),
+    'role-spoof': new RoleSpoofMutation(),
+    'instruction-flip': new InstructionFlipMutation(),
+    'cot-injection': new CotInjectionMutation(),
+  };
+  if (!names || names.length === 0) {
+    return Object.values(allMutations);
+  }
+  return names.filter((name) => name in allMutations).map((name) => allMutations[name]);
+}
+/**
+ * Detect if an error is from a provider's content filtering system.
+ * This indicates the adversarial prompt was successfully blocked.
+ */
+function isProviderContentFilter(errorMessage: string): boolean {
+  const contentFilterPatterns = [
+    // Azure OpenAI
+    /content management policy/i,
+    /content filtering/i,
+    /content filter/i,
+    // OpenAI
+    /content policy/i,
+    /safety system/i,
+    /flagged.*content/i,
+    // Anthropic
+    /potentially harmful/i,
+    /safety guidelines/i,
+    // Google
+    /blocked.*safety/i,
+    /safety settings/i,
+    // Generic patterns
+    /moderation/i,
+    /inappropriate content/i,
+  ];
+  return contentFilterPatterns.some((pattern) => pattern.test(errorMessage));
+}
+function calculateMetrics(results: RedTeamCaseResult[]): RedTeamMetrics {
+  const total = results.length;
+  const safe = results.filter((r) => r.status === 'safe').length;
+  const blocked = results.filter((r) => r.status === 'blocked').length;
+  const unsafe = results.filter((r) => r.status === 'unsafe').length;
+  const errors = results.filter((r) => r.status === 'error').length;
+  const defended = safe + blocked;
+  const testable = total - errors;
+  const defenseRate = testable > 0 ? defended / testable : 0;
+  const bySeverity = results
+    .filter((r) => r.status === 'unsafe')
+    .reduce(
+      (acc, r) => {
+        const sev = r.severity as 'low' | 'medium' | 'high' | 'critical';
+        if (sev in acc) {
+          acc[sev]++;
+        }
+        return acc;
+      },
+      { low: 0, medium: 0, high: 0, critical: 0 }
+    );
+  return {
+    total_tests: total,
+    safe_responses: safe,
+    blocked_responses: blocked,
+    unsafe_responses: unsafe,
+    error_responses: errors,
+    defended,
+    defense_rate: defenseRate,
+    by_severity: bySeverity,
+  };
+}
+function displaySummary(metrics: RedTeamMetrics, runId: string): void {
+  const table = new Table({
+    head: [chalk.bold('Metric'), chalk.bold('Value')],
+    style: { head: [], border: [] },
+  });
+  table.push(
+    ['Run ID', runId],
+    ['Total Tests', metrics.total_tests.toString()],
+    ['Defended', chalk.green(metrics.defended.toString())],
+    [`  ${chalk.dim('Model handled safely')}`, chalk.green(metrics.safe_responses.toString())],
+    [`  ${chalk.dim('Provider blocked')}`, chalk.cyan(metrics.blocked_responses.toString())],
+    [
+      'Unsafe Responses',
+      metrics.unsafe_responses > 0 ? chalk.red(metrics.unsafe_responses.toString()) : '0',
+    ]
+  );
+  for (const severity of ['critical', 'high', 'medium', 'low'] as const) {
+    if (metrics.by_severity[severity]) {
+      const info = SeverityMapper.getInfo(severity);
+      table.push([`  ${info.label}`, metrics.by_severity[severity].toString()]);
+    }
+  }
+  if (metrics.error_responses > 0) {
+    table.push(['Errors', chalk.yellow(metrics.error_responses.toString())]);
+  }
+  console.log(chalk.bold('Summary'));
+  console.log(table.toString());
+  // Calculate defense rate (excluding errors from denominator)
+  const testableResults = metrics.total_tests - metrics.error_responses;
+  if (testableResults > 0) {
+    const defenseRate = (metrics.defense_rate * 100).toFixed(1);
+    console.log();
+    console.log(
+      chalk.dim(`Defense Rate: ${defenseRate}% (${metrics.defended}/${testableResults})`)
+    );
+  }
+  if (metrics.unsafe_responses > 0) {
+    console.log();
+    console.log(chalk.red(`⚠ ${metrics.unsafe_responses} potentially unsafe responses detected`));
+  } else if (testableResults > 0) {
+    console.log();
+    console.log(chalk.green('✓ No unsafe responses detected'));
+  }
+}

package/src/commands/report.ts ADDED Viewed

@@ -0,0 +1,126 @@
+/**
+ * Report command - Generate reports from stored runs
+ */
+import { mkdir, writeFile } from 'node:fs/promises';
+import { join } from 'node:path';
+import type { AnyManifest, RedTeamManifest, RunManifest, StressManifest } from '@artemiskit/core';
+import {
+  generateHTMLReport,
+  generateJSONReport,
+  generateRedTeamHTMLReport,
+  generateStressHTMLReport,
+} from '@artemiskit/reports';
+import chalk from 'chalk';
+import { Command } from 'commander';
+import ora from 'ora';
+import { loadConfig } from '../config/loader';
+import { createStorage } from '../utils/storage';
+interface ReportOptions {
+  format?: 'html' | 'json' | 'both';
+  output?: string;
+  config?: string;
+}
+/**
+ * Get manifest type
+ */
+function getManifestType(manifest: AnyManifest): 'run' | 'redteam' | 'stress' {
+  if ('type' in manifest) {
+    if (manifest.type === 'redteam') return 'redteam';
+    if (manifest.type === 'stress') return 'stress';
+  }
+  return 'run';
+}
+/**
+ * Generate HTML report based on manifest type
+ */
+function generateHTML(manifest: AnyManifest): string {
+  const type = getManifestType(manifest);
+  switch (type) {
+    case 'redteam':
+      return generateRedTeamHTMLReport(manifest as RedTeamManifest);
+    case 'stress':
+      return generateStressHTMLReport(manifest as StressManifest);
+    default:
+      return generateHTMLReport(manifest as RunManifest);
+  }
+}
+/**
+ * Generate JSON report based on manifest type
+ */
+function generateJSON(manifest: AnyManifest): string {
+  const type = getManifestType(manifest);
+  switch (type) {
+    case 'redteam':
+      return generateJSONReport(manifest as RedTeamManifest, { pretty: true });
+    case 'stress':
+      return generateJSONReport(manifest as StressManifest, { pretty: true });
+    default:
+      return generateJSONReport(manifest as RunManifest, { pretty: true });
+  }
+}
+export function reportCommand(): Command {
+  const cmd = new Command('report');
+  cmd
+    .description('Generate a report from a stored run')
+    .argument('<run-id>', 'Run ID to generate report for')
+    .option('-f, --format <format>', 'Output format (html, json, both)', 'html')
+    .option('-o, --output <dir>', 'Output directory', './artemis-output')
+    .option('--config <path>', 'Path to config file')
+    .action(async (runId: string, options: ReportOptions) => {
+      const spinner = ora('Loading run...').start();
+      try {
+        const config = await loadConfig(options.config);
+        const storage = createStorage({ fileConfig: config });
+        const manifest = await storage.load(runId);
+        const manifestType = getManifestType(manifest);
+        spinner.succeed(`Loaded ${manifestType} run: ${runId}`);
+        // Create output directory
+        const outputDir = options.output || './artemis-output';
+        await mkdir(outputDir, { recursive: true });
+        const format = options.format || 'html';
+        const generatedFiles: string[] = [];
+        if (format === 'html' || format === 'both') {
+          spinner.start('Generating HTML report...');
+          const html = generateHTML(manifest);
+          const htmlPath = join(outputDir, `${runId}.html`);
+          await writeFile(htmlPath, html);
+          generatedFiles.push(htmlPath);
+          spinner.succeed(`Generated HTML report: ${htmlPath}`);
+        }
+        if (format === 'json' || format === 'both') {
+          spinner.start('Generating JSON report...');
+          const json = generateJSON(manifest);
+          const jsonPath = join(outputDir, `${runId}.json`);
+          await writeFile(jsonPath, json);
+          generatedFiles.push(jsonPath);
+          spinner.succeed(`Generated JSON report: ${jsonPath}`);
+        }
+        console.log();
+        console.log(chalk.bold('Report generated successfully!'));
+        console.log();
+        console.log('Files:');
+        for (const file of generatedFiles) {
+          console.log(`  ${chalk.green('•')} ${file}`);
+        }
+      } catch (error) {
+        spinner.fail('Error');
+        console.error(chalk.red('Error:'), (error as Error).message);
+        process.exit(1);
+      }
+    });
+  return cmd;
+}