aion-redteam 0.1.0__tar.gz

aion_redteam-0.1.0/.env.example

@@ -0,0 +1,10 @@
+# Copy to .env and fill in. Required to run scenarios against real LLM-backed agents.
+
+# Anthropic (default provider for the example agent and the future LLMJudge)
+ANTHROPIC_API_KEY=sk-ant-...
+
+# Optional: model override for the example agent
+AION_AGENT_MODEL=claude-haiku-4-5-20251001
+
+# Optional: OpenAI, if you wire an OpenAI-backed agent instead
+# OPENAI_API_KEY=sk-...

aion_redteam-0.1.0/.gitattributes

@@ -0,0 +1,4 @@
+# Normalize line endings: LF in the repo, native on checkout.
+* text=auto eol=lf
+*.png binary
+*.pdf binary

aion_redteam-0.1.0/.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,31 @@
+---
+name: Bug report
+about: Report a problem with aion-redteam
+title: "[bug] "
+labels: bug
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To reproduce**
+Steps or the exact command you ran, e.g.:
+
+```bash
+aion-redteam run --target my_agent.py --adapter langgraph
+```
+
+**Expected behavior**
+What you expected to happen.
+
+**Actual behavior / error output**
+Paste the error or unexpected output (redact any secrets).
+
+**Environment**
+- aion-redteam version: (`aion-redteam --version`)
+- Python version:
+- OS:
+- Adapter / framework version (e.g. langgraph):
+
+**Additional context**
+Anything else that helps.

aion_redteam-0.1.0/.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,23 @@
+---
+name: Feature request
+about: Suggest an enhancement for aion-redteam
+title: "[feat] "
+labels: enhancement
+---
+
+**Problem / motivation**
+What problem are you trying to solve? Who is affected?
+
+**Proposed solution**
+What would you like aion-redteam to do?
+
+**Alternatives considered**
+Other approaches you thought about.
+
+**Scope check**
+Does this fit the tool's mission (a structured, OWASP-categorized red-team harness)?
+Note: web UI, hosted scanning, and real-time monitoring are explicitly out of scope for
+aion-redteam (that's aion-guard territory).
+
+**Additional context**
+Anything else.

aion_redteam-0.1.0/.github/ISSUE_TEMPLATE/new_scenario.md

@@ -0,0 +1,30 @@
+---
+name: New scenario proposal
+about: Propose a new adversarial scenario
+title: "[scenario] "
+labels: scenario
+---
+
+**OWASP category**
+Which ASI category does this attack target? (ASI01–ASI10)
+
+**Attack vector**
+What single attack does this scenario test? (One vector per scenario.)
+
+**Injection point**
+user_message | system_prompt | tool_output | rag_document | memory | inter_agent_message
+
+**Proposed payload (sketch)**
+The adversarial content (a canary token makes success criteria unambiguous).
+
+**Success criteria**
+How do we know the attack succeeded? (string_match / regex against agent_response, etc.)
+
+**Severity**
+low | medium | high | critical — and why.
+
+**Mitigations**
+How should a defender (e.g. aion-guard) stop this?
+
+**References**
+Papers, CVEs, or OWASP links that motivate this scenario.

aion_redteam-0.1.0/.github/workflows/ci.yaml

@@ -0,0 +1,39 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.11", "3.12"]
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v5
+
+      - name: Set up Python ${{ matrix.python-version }}
+        run: uv python install ${{ matrix.python-version }}
+
+      - name: Create venv and install
+        run: |
+          uv venv --python ${{ matrix.python-version }}
+          uv pip install -e ".[dev,langgraph]"
+
+      - name: Lint
+        run: uv run ruff check src tests examples
+
+      - name: Validate bundled scenarios
+        run: uv run aion-redteam validate src/aion_redteam/scenarios
+
+      - name: Test
+        # The real-agent e2e test skips automatically without ANTHROPIC_API_KEY.
+        run: uv run pytest -q --cov --cov-report=term-missing

aion_redteam-0.1.0/.github/workflows/release.yaml

@@ -0,0 +1,71 @@
+name: Release
+
+# Publishes to PyPI when a version tag (e.g. v0.1.0) is pushed.
+# Uses PyPI Trusted Publishing (OIDC) — no API token or secret is stored in the repo.
+on:
+  push:
+    tags: ["v*"]
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    name: Build distributions
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v5
+
+      - name: Build sdist and wheel
+        run: uv build
+
+      - name: Check distribution metadata
+        run: uvx twine check dist/*
+
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: dist
+          path: dist/
+
+  publish-pypi:
+    name: Publish to PyPI
+    needs: build
+    runs-on: ubuntu-latest
+    # The 'pypi' environment is where you configure the trusted publisher on PyPI.
+    environment:
+      name: pypi
+      url: https://pypi.org/p/aion-redteam
+    permissions:
+      id-token: write   # required for OIDC trusted publishing
+    steps:
+      - name: Download build artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: dist
+          path: dist/
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+
+  github-release:
+    name: Create GitHub Release
+    needs: publish-pypi
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write   # required to create the release
+    steps:
+      - name: Download build artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: dist
+          path: dist/
+
+      - name: Create release with artifacts
+        uses: softprops/action-gh-release@v2
+        with:
+          generate_release_notes: true
+          files: dist/*

aion_redteam-0.1.0/.gitignore

@@ -0,0 +1,55 @@
+# Virtual environments
+aion-redteam/
+.venv/
+venv/
+env/
+
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.egg-info/
+*.egg
+build/
+dist/
+.eggs/
+
+# Test / coverage
+.pytest_cache/
+.coverage
+htmlcov/
+.mypy_cache/
+.ruff_cache/
+coverage.xml
+
+# uv
+uv.lock
+
+# Reports / state produced by runs
+redteam-report.html
+results.json
+*.redteam-report.html
+*-report.html
+.aion_redteam/
+
+# Secrets / env
+.env
+.env.*
+!.env.example
+
+# Editors / OS
+.vscode/
+.idea/
+.DS_Store
+Thumbs.db
+
+# Local-only build spec / strategy notes — not for the public repo
+Claude.md
+claude.md
+CLAUDE.md
+
+# Reference material (large binaries, redistribution)
+*.pdf
+
+# Local notes (keep the spec, ignore scratch)
+scratch/

aion_redteam-0.1.0/CHANGELOG.md

@@ -0,0 +1,35 @@
+# Changelog
+
+All notable changes to this project are documented here. The format is based on
+[Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and this project adheres to
+[Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+### Added
+- Core layer: scenario schema + `ScenarioLoader`, `StringMatch`/`Regex` judges, the
+  `Target` lifecycle abstraction, the async `Runner` (PASS/FAIL/FLAKY/ERROR/TIMEOUT
+  verdicts with a severity-weighted 0–100 risk score), and terminal/JSON/HTML reporters.
+- LangGraph adapter (`LangGraphTarget`) with graph discovery and per-injection-point
+  message encoding.
+- Real example LangGraph agents (Anthropic-backed and a no-key local Ollama target) and
+  a quick-start demo script.
+- `ollama` optional extra (`langchain-ollama`) for the local example.
+
+### Fixed
+- CLI/demo force UTF-8 console output so verdict icons no longer crash on legacy Windows
+  code pages (cp1252).
+
+### Security
+- Judge evaluation now runs untrusted (community-contributed) regex with a capped input
+  length and under the scenario timeout, bounding ReDoS-style hangs.
+- Target loading appends (rather than prepends) the target directory to `sys.path` so a
+  target cannot shadow stdlib/installed packages; documented the load/scenario trust
+  model in `SECURITY.md`.
+- CLI (`aion-redteam`): `list`, `validate`, `run`, `report`, `init`.
+- Bundled scenario library: 20 scenarios spanning all 10 OWASP Agentic (ASI) categories,
+  plus the `owasp_agentic_top10` policy manifest.
+- Documentation: scenario authoring and adapter guides; community files (LICENSE,
+  SECURITY, CONTRIBUTING, CODE_OF_CONDUCT); GitHub issue templates and CI.
+
+[Unreleased]: https://github.com/Cypharia/aion-redteam/commits/main

aion_redteam-0.1.0/CODE_OF_CONDUCT.md

@@ -0,0 +1,55 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our community a
+harassment-free experience for everyone, regardless of age, body size, visible or
+invisible disability, ethnicity, sex characteristics, gender identity and expression,
+level of experience, education, socio-economic status, nationality, personal appearance,
+race, religion, or sexual identity and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming, diverse,
+inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment:
+
+- Demonstrating empathy and kindness toward other people
+- Being respectful of differing opinions, viewpoints, and experiences
+- Giving and gracefully accepting constructive feedback
+- Accepting responsibility and apologizing to those affected by our mistakes
+- Focusing on what is best for the overall community
+
+Examples of unacceptable behavior:
+
+- The use of sexualized language or imagery, and sexual attention or advances of any kind
+- Trolling, insulting or derogatory comments, and personal or political attacks
+- Public or private harassment
+- Publishing others' private information without their explicit permission
+- Other conduct which could reasonably be considered inappropriate in a professional
+  setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards and will take
+appropriate and fair corrective action in response to any behavior they deem
+inappropriate, threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies within all community spaces and also applies when an
+individual is officially representing the community in public spaces.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to
+the community leaders responsible for enforcement via the contact on the repository
+profile. All complaints will be reviewed and investigated promptly and fairly.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 2.1,
+available at https://www.contributor-covenant.org/version/2/1/code_of_conduct.html.
+
+[homepage]: https://www.contributor-covenant.org

aion_redteam-0.1.0/CONTRIBUTING.md

@@ -0,0 +1,57 @@
+# Contributing to aion-redteam
+
+Thanks for helping break agents before attackers do. The most valuable contribution is
+usually a **new, well-crafted scenario**.
+
+## Development setup
+
+This project uses [`uv`](https://docs.astral.sh/uv/).
+
+```bash
+uv venv aion-redteam
+#   Windows (PowerShell):  aion-redteam\Scripts\Activate.ps1
+#   macOS/Linux:           source aion-redteam/bin/activate
+uv pip install -e ".[dev,langgraph]"
+```
+
+## Before you open a PR
+
+```bash
+ruff check src tests examples      # lint
+ruff format src tests examples     # format (optional but appreciated)
+pytest -q                          # tests must pass
+aion-redteam validate src/aion_redteam/scenarios/   # if you touched scenarios
+```
+
+The real-agent end-to-end test (`tests/test_realagent_e2e.py`) is skipped automatically
+unless `ANTHROPIC_API_KEY` is set, so you don't need a key to run the suite.
+
+## Adding a scenario
+
+See [docs/scenario_authoring.md](docs/scenario_authoring.md). Checklist:
+
+- [ ] Correct `owasp_category` and matching `id` prefix.
+- [ ] Realistic payload; unambiguous success criteria (canary tokens encouraged).
+- [ ] At least one `mitigations` entry.
+- [ ] `aion-redteam validate` passes.
+
+## Adding an adapter
+
+See [docs/adapter_guide.md](docs/adapter_guide.md). Adapters must drive the **real**
+agent; only adapter-plumbing unit tests may use deterministic stand-ins.
+
+## Commit and PR conventions
+
+- **Conventional commits**: `feat:`, `fix:`, `docs:`, `test:`, `chore:`, `refactor:`.
+- **Atomic commits** — one logical change each. No 2,000-line "initial commit" dumps.
+- **Branch per feature**: `feat/<thing>`, `fix/<thing>`. Open a PR even when solo.
+- CI must be green before merge.
+
+## Code style
+
+- Type hints on all function signatures and return types.
+- Google-style docstrings on public classes and functions.
+- `pathlib.Path`, never `os.path`. `pydantic.BaseModel`, never `@dataclass`.
+- No `print()` in library code (the CLI uses `rich`).
+
+By contributing you agree your contributions are licensed under the project's MIT license.

aion_redteam-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Cypharia
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.