@artemiskit/reports 0.2.2 → 0.2.4

package/src/junit/generator.ts

@@ -0,0 +1,350 @@
+/**
+ * JUnit XML Report Generator
+ *
+ * Generates JUnit-compatible XML reports for CI/CD integration.
+ * Follows the JUnit XML format specification for compatibility with
+ * Jenkins, GitHub Actions, GitLab CI, and other CI systems.
+ */
+
+import type { RedTeamManifest, RunManifest } from '@artemiskit/core';
+
+export interface JUnitReportOptions {
+  /** Test suite name (defaults to scenario name) */
+  suiteName?: string;
+  /** Include system-out with response content */
+  includeSystemOut?: boolean;
+  /** Include system-err with error details */
+  includeSystemErr?: boolean;
+  /** Maximum content length for outputs */
+  maxOutputLength?: number;
+}
+
+/**
+ * Escape special XML characters
+ */
+function escapeXml(str: string): string {
+  // Remove invalid XML control characters (0x00-0x08, 0x0B, 0x0C, 0x0E-0x1F)
+  // These are not allowed in XML 1.0 and would cause parsing errors
+  // biome-ignore lint/suspicious/noControlCharactersInRegex: Required to strip invalid XML chars
+  const invalidXmlChars = /[\x00-\x08\x0B\x0C\x0E-\x1F]/g;
+
+  return str
+    .replace(/&/g, '&')
+    .replace(/</g, '&lt;')
+    .replace(/>/g, '&gt;')
+    .replace(/"/g, '&quot;')
+    .replace(/'/g, '&apos;')
+    .replace(invalidXmlChars, '');
+}
+
+/**
+ * Truncate text to maximum length
+ */
+function truncate(text: string, maxLength: number): string {
+  if (text.length <= maxLength) return text;
+  return `${text.slice(0, maxLength)}...(truncated)`;
+}
+
+/**
+ * Format timestamp as ISO 8601
+ */
+function formatTimestamp(dateStr: string): string {
+  return new Date(dateStr).toISOString();
+}
+
+/**
+ * Generate JUnit XML report for a standard run
+ */
+export function generateJUnitReport(
+  manifest: RunManifest,
+  options: JUnitReportOptions = {}
+): string {
+  const {
+    suiteName = manifest.config.scenario,
+    includeSystemOut = true,
+    includeSystemErr = true,
+    maxOutputLength = 2000,
+  } = options;
+
+  const lines: string[] = [];
+
+  // XML declaration
+  lines.push('<?xml version="1.0" encoding="UTF-8"?>');
+
+  // Calculate totals
+  const tests = manifest.metrics.total_cases;
+  const failures = manifest.metrics.failed_cases;
+  const errors = 0; // We treat all failures as failures, not errors
+  const skipped = 0;
+  const time = manifest.duration_ms / 1000; // JUnit uses seconds
+
+  // Root testsuite element
+  lines.push(
+    `<testsuite name="${escapeXml(suiteName)}" ` +
+      `tests="${tests}" failures="${failures}" errors="${errors}" skipped="${skipped}" ` +
+      `time="${time.toFixed(3)}" timestamp="${formatTimestamp(manifest.start_time)}">`
+  );
+
+  // Properties
+  lines.push('  <properties>');
+  lines.push(`    <property name="artemis.run_id" value="${escapeXml(manifest.run_id)}" />`);
+  lines.push(`    <property name="artemis.version" value="${escapeXml(manifest.version)}" />`);
+  lines.push(
+    `    <property name="artemis.provider" value="${escapeXml(manifest.config.provider)}" />`
+  );
+  if (manifest.config.model) {
+    lines.push(`    <property name="artemis.model" value="${escapeXml(manifest.config.model)}" />`);
+  }
+  lines.push(
+    `    <property name="artemis.success_rate" value="${(manifest.metrics.success_rate * 100).toFixed(1)}%" />`
+  );
+  lines.push(
+    `    <property name="artemis.total_tokens" value="${manifest.metrics.total_tokens}" />`
+  );
+  if (manifest.metrics.cost) {
+    lines.push(
+      `    <property name="artemis.cost_usd" value="${manifest.metrics.cost.total_usd.toFixed(6)}" />`
+    );
+  }
+  lines.push('  </properties>');
+
+  // Test cases
+  for (const testCase of manifest.cases) {
+    const className = escapeXml(suiteName);
+    const testName = escapeXml(testCase.id);
+    const testTime = testCase.latencyMs / 1000;
+
+    lines.push(
+      `  <testcase classname="${className}" name="${testName}" time="${testTime.toFixed(3)}">`
+    );
+
+    if (!testCase.ok) {
+      // Failed test
+      const failureMessage = escapeXml(testCase.reason || 'Test failed');
+      const failureType = escapeXml(testCase.matcherType);
+
+      lines.push(`    <failure message="${failureMessage}" type="${failureType}">`);
+
+      // Include details in failure content
+      const details: string[] = [];
+      details.push(`Matcher Type: ${testCase.matcherType}`);
+      details.push(`Expected: ${JSON.stringify(testCase.expected, null, 2)}`);
+      details.push(`Score: ${(testCase.score * 100).toFixed(1)}%`);
+      if (testCase.reason) {
+        details.push(`Reason: ${testCase.reason}`);
+      }
+
+      lines.push(escapeXml(details.join('\n')));
+      lines.push('    </failure>');
+    }
+
+    // System out (response)
+    if (includeSystemOut && testCase.response) {
+      lines.push('    <system-out>');
+      lines.push(`<![CDATA[${truncate(testCase.response, maxOutputLength)}]]>`);
+      lines.push('    </system-out>');
+    }
+
+    // System err (error details for failed tests)
+    if (includeSystemErr && !testCase.ok && testCase.reason) {
+      lines.push('    <system-err>');
+      const errorDetails: string[] = [];
+      errorDetails.push(`Error: ${testCase.reason}`);
+      const promptStr =
+        typeof testCase.prompt === 'string' ? testCase.prompt : JSON.stringify(testCase.prompt);
+      errorDetails.push(`Prompt: ${truncate(promptStr, maxOutputLength / 2)}`);
+      lines.push(`<![CDATA[${errorDetails.join('\n')}]]>`);
+      lines.push('    </system-err>');
+    }
+
+    lines.push('  </testcase>');
+  }
+
+  // Close testsuite
+  lines.push('</testsuite>');
+
+  return lines.join('\n');
+}
+
+/**
+ * Generate JUnit XML report for red team results
+ */
+export function generateRedTeamJUnitReport(
+  manifest: RedTeamManifest,
+  options: JUnitReportOptions = {}
+): string {
+  const {
+    suiteName = `RedTeam: ${manifest.config.scenario}`,
+    includeSystemOut = true,
+    includeSystemErr = true,
+    maxOutputLength = 2000,
+  } = options;
+
+  const lines: string[] = [];
+
+  // XML declaration
+  lines.push('<?xml version="1.0" encoding="UTF-8"?>');
+
+  // Calculate totals - unsafe responses are failures
+  const tests = manifest.metrics.total_tests;
+  const failures = manifest.metrics.unsafe_responses;
+  const errors = manifest.metrics.error_responses;
+  const skipped = 0;
+  const time = manifest.duration_ms / 1000;
+
+  // Root testsuite element
+  lines.push(
+    `<testsuite name="${escapeXml(suiteName)}" ` +
+      `tests="${tests}" failures="${failures}" errors="${errors}" skipped="${skipped}" ` +
+      `time="${time.toFixed(3)}" timestamp="${formatTimestamp(manifest.start_time)}">`
+  );
+
+  // Properties
+  lines.push('  <properties>');
+  lines.push(`    <property name="artemis.run_id" value="${escapeXml(manifest.run_id)}" />`);
+  lines.push(`    <property name="artemis.version" value="${escapeXml(manifest.version)}" />`);
+  lines.push(`    <property name="artemis.test_type" value="redteam" />`);
+  lines.push(
+    `    <property name="artemis.defense_rate" value="${(manifest.metrics.defense_rate * 100).toFixed(1)}%" />`
+  );
+  lines.push(
+    `    <property name="artemis.safe_responses" value="${manifest.metrics.safe_responses}" />`
+  );
+  lines.push(
+    `    <property name="artemis.blocked_responses" value="${manifest.metrics.blocked_responses}" />`
+  );
+  lines.push(
+    `    <property name="artemis.unsafe_responses" value="${manifest.metrics.unsafe_responses}" />`
+  );
+  lines.push('  </properties>');
+
+  // Test cases
+  for (const result of manifest.results) {
+    const className = escapeXml(suiteName);
+    const testName = escapeXml(`${result.caseId} (${result.mutation})`);
+    const testTime = (result.latencyMs || 0) / 1000;
+
+    lines.push(
+      `  <testcase classname="${className}" name="${testName}" time="${testTime.toFixed(3)}">`
+    );
+
+    if (result.status === 'unsafe') {
+      // Security vulnerability found - this is a failure
+      const failureMessage = escapeXml(`Security vulnerability: ${result.mutation}`);
+      const failureType = escapeXml(`severity:${result.severity}`);
+
+      lines.push(`    <failure message="${failureMessage}" type="${failureType}">`);
+
+      const details: string[] = [];
+      details.push(`Severity: ${result.severity.toUpperCase()}`);
+      details.push(`Mutation: ${result.mutation}`);
+      if (result.reasons.length > 0) {
+        details.push(`Reasons: ${result.reasons.join(', ')}`);
+      }
+
+      lines.push(escapeXml(details.join('\n')));
+      lines.push('    </failure>');
+    } else if (result.status === 'error') {
+      // Error during test
+      lines.push(
+        `    <error message="${escapeXml(result.response || 'Error during test')}" type="error">`
+      );
+      lines.push(escapeXml(`Attack: ${result.mutation}\nCase: ${result.caseId}`));
+      lines.push('    </error>');
+    }
+
+    // System out (response)
+    if (includeSystemOut && result.response) {
+      lines.push('    <system-out>');
+      lines.push(`<![CDATA[${truncate(result.response, maxOutputLength)}]]>`);
+      lines.push('    </system-out>');
+    }
+
+    // System err (attack prompt for reference)
+    if (includeSystemErr && result.status === 'unsafe') {
+      lines.push('    <system-err>');
+      const errDetails: string[] = [];
+      errDetails.push(`Attack Prompt: ${truncate(result.prompt, maxOutputLength / 2)}`);
+      errDetails.push(`Severity: ${result.severity.toUpperCase()}`);
+      lines.push(`<![CDATA[${errDetails.join('\n')}]]>`);
+      lines.push('    </system-err>');
+    }
+
+    lines.push('  </testcase>');
+  }
+
+  // Close testsuite
+  lines.push('</testsuite>');
+
+  return lines.join('\n');
+}
+
+/**
+ * Generate JUnit XML for validation results
+ */
+export function generateValidationJUnitReport(
+  results: Array<{
+    file: string;
+    valid: boolean;
+    errors: Array<{ line: number; message: string; rule: string }>;
+    warnings: Array<{ line: number; message: string; rule: string }>;
+  }>,
+  options: JUnitReportOptions = {}
+): string {
+  const { suiteName = 'ArtemisKit Validation' } = options;
+
+  const lines: string[] = [];
+
+  // XML declaration
+  lines.push('<?xml version="1.0" encoding="UTF-8"?>');
+
+  // Calculate totals
+  const tests = results.length;
+  const failures = results.filter((r) => !r.valid).length;
+  const errors = 0;
+  const skipped = 0;
+
+  // Root testsuite element
+  lines.push(
+    `<testsuite name="${escapeXml(suiteName)}" ` +
+      `tests="${tests}" failures="${failures}" errors="${errors}" skipped="${skipped}" ` +
+      `time="0" timestamp="${new Date().toISOString()}">`
+  );
+
+  // Test cases
+  for (const result of results) {
+    const className = escapeXml(suiteName);
+    const testName = escapeXml(result.file);
+
+    lines.push(`  <testcase classname="${className}" name="${testName}" time="0">`);
+
+    if (!result.valid) {
+      const errorMessages = result.errors.map((e) => `Line ${e.line}: ${e.message}`).join('; ');
+      lines.push(`    <failure message="${escapeXml(errorMessages)}" type="validation">`);
+
+      const details: string[] = [];
+      for (const error of result.errors) {
+        details.push(`[${error.rule}] Line ${error.line}: ${error.message}`);
+      }
+      lines.push(escapeXml(details.join('\n')));
+      lines.push('    </failure>');
+    }
+
+    // Warnings as system-err
+    if (result.warnings.length > 0) {
+      lines.push('    <system-err>');
+      const warningDetails = result.warnings
+        .map((w) => `[${w.rule}] Line ${w.line}: ${w.message}`)
+        .join('\n');
+      lines.push(`<![CDATA[Warnings:\n${warningDetails}]]>`);
+      lines.push('    </system-err>');
+    }
+
+    lines.push('  </testcase>');
+  }
+
+  // Close testsuite
+  lines.push('</testsuite>');
+
+  return lines.join('\n');
+}

package/src/markdown/generator.ts

@@ -0,0 +1,360 @@
+/**
+ * Markdown Report Generator
+ *
+ * Generates documentation-friendly markdown reports for compliance and audit trails.
+ */
+
+import type { RedTeamManifest, RunManifest } from '@artemiskit/core';
+
+export interface MarkdownReportOptions {
+  /** Include full prompt/response details for failed cases */
+  includeDetails?: boolean;
+  /** Maximum characters to show for prompts/responses */
+  truncateAt?: number;
+}
+
+/**
+ * Truncate text to a maximum length
+ */
+function truncate(text: string, maxLength: number): string {
+  if (text.length <= maxLength) return text;
+  return `${text.slice(0, maxLength)}...`;
+}
+
+/**
+ * Format cost for display
+ */
+function formatCostMd(costUsd: number): string {
+  if (costUsd < 0.01) {
+    return `$${(costUsd * 100).toFixed(4)} cents`;
+  }
+  if (costUsd < 1) {
+    return `$${costUsd.toFixed(4)}`;
+  }
+  return `$${costUsd.toFixed(2)}`;
+}
+
+/**
+ * Format duration in milliseconds to human-readable string
+ */
+function formatDuration(ms: number): string {
+  if (ms < 1000) return `${ms}ms`;
+  if (ms < 60000) return `${(ms / 1000).toFixed(1)}s`;
+  const minutes = Math.floor(ms / 60000);
+  const seconds = ((ms % 60000) / 1000).toFixed(0);
+  return `${minutes}m ${seconds}s`;
+}
+
+/**
+ * Generate markdown report for a standard run
+ */
+export function generateMarkdownReport(
+  manifest: RunManifest,
+  options: MarkdownReportOptions = {}
+): string {
+  const { includeDetails = true, truncateAt = 500 } = options;
+  const lines: string[] = [];
+
+  // Header
+  lines.push('# ArtemisKit Test Results');
+  lines.push('');
+  lines.push(`**Scenario:** ${manifest.config.scenario}`);
+  lines.push(`**Run ID:** ${manifest.run_id}`);
+  lines.push(`**Date:** ${new Date(manifest.start_time).toISOString()}`);
+  lines.push(
+    `**Provider:** ${manifest.config.provider}${manifest.config.model ? ` (${manifest.config.model})` : ''}`
+  );
+  lines.push('');
+  lines.push('---');
+  lines.push('');
+
+  // Summary table
+  lines.push('## Summary');
+  lines.push('');
+  lines.push('| Metric | Value |');
+  lines.push('|--------|-------|');
+  lines.push(`| Total Cases | ${manifest.metrics.total_cases} |`);
+  lines.push(
+    `| Passed | ${manifest.metrics.passed_cases} (${(manifest.metrics.success_rate * 100).toFixed(1)}%) |`
+  );
+  lines.push(`| Failed | ${manifest.metrics.failed_cases} |`);
+  lines.push(`| Duration | ${formatDuration(manifest.duration_ms)} |`);
+  lines.push(`| Median Latency | ${manifest.metrics.median_latency_ms}ms |`);
+  lines.push(`| P95 Latency | ${manifest.metrics.p95_latency_ms}ms |`);
+  lines.push(`| Total Tokens | ${manifest.metrics.total_tokens.toLocaleString()} |`);
+
+  if (manifest.metrics.cost) {
+    lines.push(`| Estimated Cost | ${formatCostMd(manifest.metrics.cost.total_usd)} |`);
+  }
+
+  lines.push('');
+  lines.push('---');
+  lines.push('');
+
+  // Results by case
+  lines.push('## Results by Case');
+  lines.push('');
+
+  // Passed cases (collapsed)
+  const passed = manifest.cases.filter((c) => c.ok);
+  lines.push(`### Passed (${passed.length})`);
+  lines.push('');
+
+  if (passed.length > 0) {
+    lines.push('<details>');
+    lines.push('<summary>Click to expand passed cases</summary>');
+    lines.push('');
+    lines.push('| Case ID | Latency | Tokens | Score |');
+    lines.push('|---------|---------|--------|-------|');
+    for (const c of passed) {
+      lines.push(
+        `| ${c.id} | ${formatDuration(c.latencyMs)} | ${c.tokens?.total || '-'} | ${(c.score * 100).toFixed(0)}% |`
+      );
+    }
+    lines.push('');
+    lines.push('</details>');
+  } else {
+    lines.push('_No passed cases_');
+  }
+
+  lines.push('');
+
+  // Failed cases (expanded with details)
+  const failed = manifest.cases.filter((c) => !c.ok);
+  lines.push(`### Failed (${failed.length})`);
+  lines.push('');
+
+  if (failed.length > 0) {
+    for (const c of failed) {
+      lines.push(`#### \`${c.id}\``);
+      lines.push('');
+
+      if (includeDetails) {
+        // Prompt
+        const promptStr =
+          typeof c.prompt === 'string' ? c.prompt : JSON.stringify(c.prompt, null, 2);
+        lines.push('**Prompt:**');
+        lines.push('```');
+        lines.push(truncate(promptStr, truncateAt));
+        lines.push('```');
+        lines.push('');
+
+        // Expected
+        lines.push('**Expected:**');
+        lines.push(`- Type: \`${c.matcherType}\``);
+        lines.push('```json');
+        lines.push(truncate(JSON.stringify(c.expected, null, 2), truncateAt));
+        lines.push('```');
+        lines.push('');
+
+        // Actual response
+        lines.push('**Actual Response:**');
+        lines.push('```');
+        lines.push(truncate(c.response || '(empty)', truncateAt));
+        lines.push('```');
+        lines.push('');
+      }
+
+      // Reason
+      lines.push(`**Reason:** ${c.reason || 'Unknown'}`);
+      lines.push('');
+      lines.push('---');
+      lines.push('');
+    }
+  } else {
+    lines.push('_No failed cases_');
+    lines.push('');
+  }
+
+  // Configuration section
+  if (manifest.resolved_config) {
+    lines.push('## Configuration');
+    lines.push('');
+    lines.push('```yaml');
+    lines.push(`provider: ${manifest.resolved_config.provider}`);
+    if (manifest.resolved_config.model) {
+      lines.push(`model: ${manifest.resolved_config.model}`);
+    }
+    if (manifest.resolved_config.temperature !== undefined) {
+      lines.push(`temperature: ${manifest.resolved_config.temperature}`);
+    }
+    if (manifest.resolved_config.max_tokens !== undefined) {
+      lines.push(`max_tokens: ${manifest.resolved_config.max_tokens}`);
+    }
+    lines.push('```');
+    lines.push('');
+  }
+
+  // Redaction info
+  if (manifest.redaction?.enabled) {
+    lines.push('## Redaction');
+    lines.push('');
+    lines.push(`- **Patterns Used:** ${manifest.redaction.patternsUsed.join(', ')}`);
+    lines.push(`- **Prompts Redacted:** ${manifest.redaction.summary.promptsRedacted}`);
+    lines.push(`- **Responses Redacted:** ${manifest.redaction.summary.responsesRedacted}`);
+    lines.push(`- **Total Redactions:** ${manifest.redaction.summary.totalRedactions}`);
+    lines.push('');
+  }
+
+  // Footer
+  lines.push('---');
+  lines.push('');
+  lines.push(`*Generated by [ArtemisKit](https://artemiskit.vercel.app) v${manifest.version}*`);
+
+  return lines.join('\n');
+}
+
+/**
+ * Generate markdown report for red team results
+ */
+export function generateRedTeamMarkdownReport(
+  manifest: RedTeamManifest,
+  options: MarkdownReportOptions = {}
+): string {
+  const { includeDetails = true, truncateAt = 500 } = options;
+  const lines: string[] = [];
+
+  // Header
+  lines.push('# ArtemisKit Security Report');
+  lines.push('');
+  lines.push(`**Scenario:** ${manifest.config.scenario}`);
+  lines.push(`**Run ID:** ${manifest.run_id}`);
+  lines.push(`**Date:** ${new Date(manifest.start_time).toISOString()}`);
+  lines.push('**Test Type:** Red Team Security Scan');
+  lines.push('');
+  lines.push('---');
+  lines.push('');
+
+  // Security Summary
+  const testable = manifest.metrics.total_tests - manifest.metrics.error_responses;
+  const defenseRate = manifest.metrics.defense_rate * 100;
+
+  // Determine risk level
+  let riskLevel: string;
+  let riskEmoji: string;
+  if (defenseRate >= 95) {
+    riskLevel = 'LOW';
+    riskEmoji = '';
+  } else if (defenseRate >= 80) {
+    riskLevel = 'MEDIUM';
+    riskEmoji = '';
+  } else if (defenseRate >= 50) {
+    riskLevel = 'HIGH';
+    riskEmoji = '';
+  } else {
+    riskLevel = 'CRITICAL';
+    riskEmoji = '';
+  }
+
+  lines.push('## Security Summary');
+  lines.push('');
+  lines.push('| Metric | Value |');
+  lines.push('|--------|-------|');
+  lines.push(`| Defense Rate | ${defenseRate.toFixed(1)}% |`);
+  lines.push(`| Total Attacks | ${manifest.metrics.total_tests} |`);
+  lines.push(`| Defended | ${manifest.metrics.defended} |`);
+  lines.push(`| Safe Responses | ${manifest.metrics.safe_responses} |`);
+  lines.push(`| Blocked | ${manifest.metrics.blocked_responses} |`);
+  lines.push(`| Vulnerabilities | ${manifest.metrics.unsafe_responses} |`);
+  lines.push(`| Errors | ${manifest.metrics.error_responses} |`);
+  lines.push(`| Risk Level | **${riskEmoji} ${riskLevel}** |`);
+  lines.push('');
+  lines.push('---');
+  lines.push('');
+
+  // Severity Breakdown
+  const { by_severity } = manifest.metrics;
+  if (manifest.metrics.unsafe_responses > 0) {
+    lines.push('## Severity Breakdown');
+    lines.push('');
+    lines.push('| Severity | Count | Description |');
+    lines.push('|----------|-------|-------------|');
+    if (by_severity.critical > 0) {
+      lines.push(`| Critical | ${by_severity.critical} | Severe security vulnerability |`);
+    }
+    if (by_severity.high > 0) {
+      lines.push(`| High | ${by_severity.high} | Significant security concern |`);
+    }
+    if (by_severity.medium > 0) {
+      lines.push(`| Medium | ${by_severity.medium} | Moderate security issue |`);
+    }
+    if (by_severity.low > 0) {
+      lines.push(`| Low | ${by_severity.low} | Minor security concern |`);
+    }
+    lines.push('');
+    lines.push('---');
+    lines.push('');
+  }
+
+  // Vulnerabilities Found
+  const unsafeResults = manifest.results.filter((r) => r.status === 'unsafe');
+  if (unsafeResults.length > 0) {
+    lines.push('## Vulnerabilities Found');
+    lines.push('');
+
+    for (let i = 0; i < unsafeResults.length; i++) {
+      const result = unsafeResults[i];
+      lines.push(`### ${i + 1}. ${result.mutation} (${result.severity.toUpperCase()})`);
+      lines.push('');
+      lines.push(`**Case ID:** ${result.caseId}`);
+      lines.push(`**Severity:** ${result.severity.toUpperCase()}`);
+      lines.push(`**Mutation:** ${result.mutation}`);
+      lines.push('');
+
+      if (includeDetails) {
+        lines.push('**Attack Prompt:**');
+        lines.push('```');
+        lines.push(truncate(result.prompt, truncateAt));
+        lines.push('```');
+        lines.push('');
+
+        lines.push('**Model Response:**');
+        lines.push('```');
+        lines.push(truncate(result.response || '(empty)', truncateAt));
+        lines.push('```');
+        lines.push('');
+      }
+
+      if (result.reasons.length > 0) {
+        lines.push('**Reasons:**');
+        for (const reason of result.reasons) {
+          lines.push(`- ${reason}`);
+        }
+        lines.push('');
+      }
+
+      lines.push('---');
+      lines.push('');
+    }
+  }
+
+  // Recommendations
+  lines.push('## Recommendations');
+  lines.push('');
+
+  if (manifest.metrics.unsafe_responses === 0) {
+    lines.push('- All attacks were successfully defended');
+    lines.push('- Continue monitoring and testing regularly');
+  } else {
+    if (by_severity.critical > 0 || by_severity.high > 0) {
+      lines.push(
+        '- **High Priority:** Review and address critical/high severity vulnerabilities immediately'
+      );
+    }
+    if (manifest.metrics.unsafe_responses > testable * 0.1) {
+      lines.push('- Consider implementing additional input validation and output filtering');
+    }
+    lines.push('- Review system prompts for potential information leakage');
+    lines.push('- Implement role-play and persona detection');
+    lines.push('- Add output filtering for dangerous content patterns');
+  }
+
+  lines.push('');
+
+  // Footer
+  lines.push('---');
+  lines.push('');
+  lines.push(`*Generated by [ArtemisKit](https://artemiskit.vercel.app) v${manifest.version}*`);
+
+  return lines.join('\n');
+}