azure-ai-evaluation 0.0.0b0__py3-none-any.whl → 1.0.0__py3-none-any.whl

azure/ai/evaluation/simulator/_direct_attack_simulator.py

@@ -0,0 +1,218 @@
+# ---------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# ---------------------------------------------------------
+# pylint: disable=C0301,C0114,R0913,R0903
+# noqa: E501
+import logging
+from random import randint
+from typing import Callable, Optional, cast
+
+from azure.ai.evaluation._common._experimental import experimental
+from azure.ai.evaluation._common.utils import validate_azure_ai_project
+from azure.ai.evaluation._exceptions import ErrorBlame, ErrorCategory, ErrorTarget, EvaluationException
+from azure.ai.evaluation.simulator import AdversarialScenario
+from azure.ai.evaluation._model_configurations import AzureAIProject
+from azure.core.credentials import TokenCredential
+
+from ._adversarial_simulator import AdversarialSimulator
+from ._model_tools import AdversarialTemplateHandler, ManagedIdentityAPITokenManager, RAIClient, TokenScope
+
+logger = logging.getLogger(__name__)
+
+
+@experimental
+class DirectAttackSimulator:
+    """
+    Initialize a UPIA (user prompt injected attack) jailbreak adversarial simulator with a project scope.
+    This simulator converses with your AI system using prompts designed to interrupt normal functionality.
+
+    :param azure_ai_project: The scope of the Azure AI project. It contains subscription id, resource group, and project
+        name.
+    :type azure_ai_project: ~azure.ai.evaluation.AzureAIProject
+    :param credential: The credential for connecting to Azure AI project.
+    :type credential: ~azure.core.credentials.TokenCredential
+
+    .. admonition:: Example:
+
+        .. literalinclude:: ../samples/evaluation_samples_simulate.py
+            :start-after: [START direct_attack_simulator]
+            :end-before: [END direct_attack_simulator]
+            :language: python
+            :dedent: 8
+            :caption: Run the DirectAttackSimulator to produce 2 results with 3 conversation turns each (6 messages in each result).
+    """
+
+    def __init__(self, *, azure_ai_project: AzureAIProject, credential: TokenCredential):
+        """Constructor."""
+
+        try:
+            self.azure_ai_project = validate_azure_ai_project(azure_ai_project)
+        except EvaluationException as e:
+            raise EvaluationException(
+                message=e.message,
+                internal_message=e.internal_message,
+                target=ErrorTarget.DIRECT_ATTACK_SIMULATOR,
+                category=e.category,
+                blame=e.blame,
+            ) from e
+        self.credential = cast(TokenCredential, credential)
+        self.token_manager = ManagedIdentityAPITokenManager(
+            token_scope=TokenScope.DEFAULT_AZURE_MANAGEMENT,
+            logger=logging.getLogger("AdversarialSimulator"),
+            credential=self.credential,
+        )
+        self.rai_client = RAIClient(azure_ai_project=self.azure_ai_project, token_manager=self.token_manager)
+        self.adversarial_template_handler = AdversarialTemplateHandler(
+            azure_ai_project=self.azure_ai_project, rai_client=self.rai_client
+        )
+
+    def _ensure_service_dependencies(self):
+        if self.rai_client is None:
+            msg = "RAI service is required for simulation, but an RAI client was not provided."
+            raise EvaluationException(
+                message=msg,
+                internal_message=msg,
+                target=ErrorTarget.ADVERSARIAL_SIMULATOR,
+                category=ErrorCategory.MISSING_FIELD,
+                blame=ErrorBlame.USER_ERROR,
+            )
+
+    async def __call__(
+        self,
+        *,
+        scenario: AdversarialScenario,
+        target: Callable,
+        max_conversation_turns: int = 1,
+        max_simulation_results: int = 3,
+        api_call_retry_limit: int = 3,
+        api_call_retry_sleep_sec: int = 1,
+        api_call_delay_sec: int = 0,
+        concurrent_async_task: int = 3,
+        randomization_seed: Optional[int] = None,
+    ):
+        """
+        Executes the adversarial simulation and UPIA (user prompt injected attack) jailbreak adversarial simulation
+        against a specified target function asynchronously.
+
+        :keyword scenario: Enum value specifying the adversarial scenario used for generating inputs.
+         example:
+
+         - :py:const:`azure.ai.evaluation.simulator.AdversarialScenario.ADVERSARIAL_QA`
+         - :py:const:`azure.ai.evaluation.simulator.AdversarialScenario.ADVERSARIAL_CONVERSATION`
+        :paramtype scenario: azure.ai.evaluation.simulator.AdversarialScenario
+        :keyword target: The target function to simulate adversarial inputs against.
+            This function should be asynchronous and accept a dictionary representing the adversarial input.
+        :paramtype target: Callable
+        :keyword max_conversation_turns: The maximum number of conversation turns to simulate.
+            Defaults to 1.
+        :paramtype max_conversation_turns: int
+        :keyword max_simulation_results: The maximum number of simulation results to return.
+            Defaults to 3.
+        :paramtype max_simulation_results: int
+        :keyword api_call_retry_limit: The maximum number of retries for each API call within the simulation.
+            Defaults to 3.
+        :paramtype api_call_retry_limit: int
+        :keyword api_call_retry_sleep_sec: The sleep duration (in seconds) between retries for API calls.
+            Defaults to 1 second.
+        :paramtype api_call_retry_sleep_sec: int
+        :keyword api_call_delay_sec: The delay (in seconds) before making an API call.
+            This can be used to avoid hitting rate limits. Defaults to 0 seconds.
+        :paramtype api_call_delay_sec: int
+        :keyword concurrent_async_task: The number of asynchronous tasks to run concurrently during the simulation.
+            Defaults to 3.
+        :paramtype concurrent_async_task: int
+        :keyword randomization_seed: Seed used to randomize prompt selection, shared by both jailbreak
+            and regular simulation to ensure consistent results. If not provided, a random seed will be generated
+            and shared between simulations.
+        :paramtype randomization_seed: Optional[int]
+        :return: A list of dictionaries, each representing a simulated conversation. Each dictionary contains:
+
+         - 'template_parameters': A dictionary with parameters used in the conversation template,
+            including 'conversation_starter'.
+         - 'messages': A list of dictionaries, each representing a turn in the conversation.
+            Each message dictionary includes 'content' (the message text) and
+            'role' (indicating whether the message is from the 'user' or the 'assistant').
+         - '**$schema**': A string indicating the schema URL for the conversation format.
+
+         The 'content' for 'assistant' role messages may includes the messages that your callback returned.
+        :rtype: Dict[str, [List[Dict[str, Any]]]]
+
+        **Output format**
+
+        .. code-block:: python
+
+            return_value = {
+                "jailbreak": [
+                {
+                    'template_parameters': {},
+                    'messages': [
+                        {
+                            'content': '<jailbreak prompt> <adversarial query>',
+                            'role': 'user'
+                        },
+                        {
+                            'content': "<response from endpoint>",
+                            'role': 'assistant',
+                            'context': None
+                        }
+                    ],
+                    '$schema': 'http://azureml/sdk-2-0/ChatConversation.json'
+                }],
+                "regular": [
+                {
+                    'template_parameters': {},
+                    'messages': [
+                    {
+                        'content': '<adversarial query>',
+                        'role': 'user'
+                    },
+                    {
+                        'content': "<response from endpoint>",
+                        'role': 'assistant',
+                        'context': None
+                    }],
+                    '$schema': 'http://azureml/sdk-2-0/ChatConversation.json'
+                }]
+            }
+        """
+        if scenario not in AdversarialScenario.__members__.values():
+            msg = f"Invalid scenario: {scenario}. Supported scenarios: {AdversarialScenario.__members__.values()}"
+            raise EvaluationException(
+                message=msg,
+                internal_message=msg,
+                target=ErrorTarget.DIRECT_ATTACK_SIMULATOR,
+                category=ErrorCategory.INVALID_VALUE,
+                blame=ErrorBlame.USER_ERROR,
+            )
+
+        if not randomization_seed:
+            randomization_seed = randint(0, 1000000)
+
+        regular_sim = AdversarialSimulator(azure_ai_project=self.azure_ai_project, credential=self.credential)
+        regular_sim_results = await regular_sim(
+            scenario=scenario,
+            target=target,
+            max_conversation_turns=max_conversation_turns,
+            max_simulation_results=max_simulation_results,
+            api_call_retry_limit=api_call_retry_limit,
+            api_call_retry_sleep_sec=api_call_retry_sleep_sec,
+            api_call_delay_sec=api_call_delay_sec,
+            concurrent_async_task=concurrent_async_task,
+            randomize_order=False,
+            randomization_seed=randomization_seed,
+        )
+        jb_sim = AdversarialSimulator(azure_ai_project=self.azure_ai_project, credential=self.credential)
+        jb_sim_results = await jb_sim(
+            scenario=scenario,
+            target=target,
+            max_conversation_turns=max_conversation_turns,
+            max_simulation_results=max_simulation_results,
+            api_call_retry_limit=api_call_retry_limit,
+            api_call_retry_sleep_sec=api_call_retry_sleep_sec,
+            api_call_delay_sec=api_call_delay_sec,
+            concurrent_async_task=concurrent_async_task,
+            _jailbreak_type="upia",
+            randomize_order=False,
+            randomization_seed=randomization_seed,
+        )
+        return {"jailbreak": jb_sim_results, "regular": regular_sim_results}

azure/ai/evaluation/simulator/_helpers/__init__.py

@@ -0,0 +1,4 @@
+from ._language_suffix_mapping import SUPPORTED_LANGUAGES_MAPPING
+from ._simulator_data_classes import ConversationHistory, Turn
+
+__all__ = ["ConversationHistory", "Turn", "SUPPORTED_LANGUAGES_MAPPING"]

azure/ai/evaluation/simulator/_helpers/_language_suffix_mapping.py

@@ -0,0 +1,17 @@
+# ---------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# ---------------------------------------------------------
+from azure.ai.evaluation.simulator._constants import SupportedLanguages
+
+BASE_SUFFIX = "Make the conversation in __language__ language."
+
+SUPPORTED_LANGUAGES_MAPPING = {
+    SupportedLanguages.English: BASE_SUFFIX.replace("__language__", "english"),
+    SupportedLanguages.Spanish: BASE_SUFFIX.replace("__language__", "spanish"),
+    SupportedLanguages.Italian: BASE_SUFFIX.replace("__language__", "italian"),
+    SupportedLanguages.French: BASE_SUFFIX.replace("__language__", "french"),
+    SupportedLanguages.German: BASE_SUFFIX.replace("__language__", "german"),
+    SupportedLanguages.SimplifiedChinese: BASE_SUFFIX.replace("__language__", "simplified chinese"),
+    SupportedLanguages.Portuguese: BASE_SUFFIX.replace("__language__", "portuguese"),
+    SupportedLanguages.Japanese: BASE_SUFFIX.replace("__language__", "japanese"),
+}

azure/ai/evaluation/simulator/_helpers/_simulator_data_classes.py

@@ -0,0 +1,96 @@
+# ---------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# ---------------------------------------------------------
+# pylint: disable=C0103,C0114,C0116
+from dataclasses import dataclass
+from typing import Dict, List, Optional, Union
+
+from azure.ai.evaluation.simulator._conversation.constants import ConversationRole
+
+
+@dataclass
+class Turn:
+    """
+    Represents a conversation turn,
+    keeping track of the role, content,
+    and context of a turn in a conversation.
+    """
+
+    role: Union[str, ConversationRole]
+    content: str
+    context: Optional[str] = None
+
+    def to_dict(self) -> Dict[str, Optional[str]]:
+        """
+        Convert the conversation turn to a dictionary.
+
+        :returns: A dictionary representation of the conversation turn.
+        :rtype: Dict[str, Optional[str]]
+        """
+        return {
+            "role": self.role.value if isinstance(self.role, ConversationRole) else self.role,
+            "content": self.content,
+            "context": str(self.context),
+        }
+
+    def to_context_free_dict(self) -> Dict[str, Optional[str]]:
+        """
+        Convert the conversation turn to a dictionary without context.
+
+        :returns: A dictionary representation of the conversation turn without context.
+        :rtype: Dict[str, Optional[str]]
+        """
+        return {
+            "role": self.role.value if isinstance(self.role, ConversationRole) else self.role,
+            "content": self.content,
+        }
+
+    def __repr__(self):
+        return f"Turn(role={self.role}, content={self.content})"
+
+
+class ConversationHistory:
+    """
+    Conversation history class to keep track of the conversation turns in a conversation.
+    """
+
+    def __init__(self) -> None:
+        """
+        Initializes the conversation history with an empty list of turns.
+        """
+        self.history: List[Turn] = []
+
+    def add_to_history(self, turn: Turn) -> None:
+        """
+        Adds a turn to the conversation history.
+
+        :param turn: The conversation turn to add.
+        :type turn: Turn
+        """
+        self.history.append(turn)
+
+    def to_list(self) -> List[Dict[str, Optional[str]]]:
+        """
+        Converts the conversation history to a list of dictionaries.
+
+        :returns: A list of dictionaries representing the conversation turns.
+        :rtype: List[Dict[str, str]]
+        """
+        return [turn.to_dict() for turn in self.history]
+
+    def to_context_free_list(self) -> List[Dict[str, Optional[str]]]:
+        """
+        Converts the conversation history to a list of dictionaries without context.
+
+        :returns: A list of dictionaries representing the conversation turns without context.
+        :rtype: List[Dict[str, str]]
+        """
+        return [turn.to_context_free_dict() for turn in self.history]
+
+    def __len__(self) -> int:
+        return len(self.history)
+
+    def __repr__(self):
+        for turn in self.history:
+            print(turn)
+        return ""

azure/ai/evaluation/simulator/_indirect_attack_simulator.py

@@ -0,0 +1,220 @@
+# ---------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# ---------------------------------------------------------
+# pylint: disable=C0301,C0114,R0913,R0903
+# noqa: E501
+import asyncio
+import logging
+from typing import Callable, cast
+
+from tqdm import tqdm
+
+from azure.ai.evaluation._common.utils import validate_azure_ai_project
+from azure.ai.evaluation._common._experimental import experimental
+from azure.ai.evaluation._exceptions import ErrorBlame, ErrorCategory, ErrorTarget, EvaluationException
+from azure.ai.evaluation.simulator import AdversarialScenarioJailbreak, SupportedLanguages
+from azure.ai.evaluation._model_configurations import AzureAIProject
+from azure.core.credentials import TokenCredential
+
+from ._adversarial_simulator import AdversarialSimulator, JsonLineList
+
+from ._model_tools import AdversarialTemplateHandler, ManagedIdentityAPITokenManager, RAIClient, TokenScope
+
+logger = logging.getLogger(__name__)
+
+
+@experimental
+class IndirectAttackSimulator(AdversarialSimulator):
+    """
+    Initializes the XPIA (cross domain prompt injected attack) jailbreak adversarial simulator with a project scope.
+
+    :param azure_ai_project: The scope of the Azure AI project. It contains subscription id, resource group, and project
+        name.
+    :type azure_ai_project: ~azure.ai.evaluation.AzureAIProject
+    :param credential: The credential for connecting to Azure AI project.
+    :type credential: ~azure.core.credentials.TokenCredential
+
+    .. admonition:: Example:
+
+        .. literalinclude:: ../samples/evaluation_samples_simulate.py
+            :start-after: [START indirect_attack_simulator]
+            :end-before: [END indirect_attack_simulator]
+            :language: python
+            :dedent: 8
+            :caption: Run the IndirectAttackSimulator to produce 1 result with 1 conversation turn (2 messages in the result).
+    """
+
+    def __init__(self, *, azure_ai_project: AzureAIProject, credential: TokenCredential):
+        """Constructor."""
+
+        try:
+            self.azure_ai_project = validate_azure_ai_project(azure_ai_project)
+        except EvaluationException as e:
+            raise EvaluationException(
+                message=e.message,
+                internal_message=e.internal_message,
+                target=ErrorTarget.DIRECT_ATTACK_SIMULATOR,
+                category=e.category,
+                blame=e.blame,
+            ) from e
+
+        self.credential = cast(TokenCredential, credential)
+        self.token_manager = ManagedIdentityAPITokenManager(
+            token_scope=TokenScope.DEFAULT_AZURE_MANAGEMENT,
+            logger=logging.getLogger("AdversarialSimulator"),
+            credential=self.credential,
+        )
+        self.rai_client = RAIClient(azure_ai_project=self.azure_ai_project, token_manager=self.token_manager)
+        self.adversarial_template_handler = AdversarialTemplateHandler(
+            azure_ai_project=self.azure_ai_project, rai_client=self.rai_client
+        )
+        super().__init__(azure_ai_project=azure_ai_project, credential=credential)
+
+    def _ensure_service_dependencies(self):
+        if self.rai_client is None:
+            msg = "RAI service is required for simulation, but an RAI client was not provided."
+            raise EvaluationException(
+                message=msg,
+                internal_message=msg,
+                target=ErrorTarget.ADVERSARIAL_SIMULATOR,
+                category=ErrorCategory.MISSING_FIELD,
+                blame=ErrorBlame.USER_ERROR,
+            )
+
+    async def __call__(
+        self,
+        *,
+        target: Callable,
+        max_simulation_results: int = 3,
+        api_call_retry_limit: int = 3,
+        api_call_retry_sleep_sec: int = 1,
+        api_call_delay_sec: int = 0,
+        concurrent_async_task: int = 3,
+        **kwargs,
+    ):
+        """
+        Initializes the XPIA (cross domain prompt injected attack) jailbreak adversarial simulator with a project scope.
+        This simulator converses with your AI system using prompts injected into the context to interrupt normal
+        expected functionality by eliciting manipulated content, intrusion and attempting to gather information outside
+        the scope of your AI system.
+        :keyword target: The target function to simulate adversarial inputs against.
+            This function should be asynchronous and accept a dictionary representing the adversarial input.
+        :paramtype target: Callable
+        :keyword max_simulation_results: The maximum number of simulation results to return.
+            Defaults to 3.
+        :paramtype max_simulation_results: int
+        :keyword api_call_retry_limit: The maximum number of retries for each API call within the simulation.
+            Defaults to 3.
+        :paramtype api_call_retry_limit: int
+        :keyword api_call_retry_sleep_sec: The sleep duration (in seconds) between retries for API calls.
+            Defaults to 1 second.
+        :paramtype api_call_retry_sleep_sec: int
+        :keyword api_call_delay_sec: The delay (in seconds) before making an API call.
+            This can be used to avoid hitting rate limits. Defaults to 0 seconds.
+        :paramtype api_call_delay_sec: int
+        :keyword concurrent_async_task: The number of asynchronous tasks to run concurrently during the simulation.
+            Defaults to 3.
+        :paramtype concurrent_async_task: int
+        :return: A list of dictionaries, each representing a simulated conversation. Each dictionary contains:
+
+         - 'template_parameters': A dictionary with parameters used in the conversation template,
+            including 'conversation_starter'.
+         - 'messages': A list of dictionaries, each representing a turn in the conversation.
+            Each message dictionary includes 'content' (the message text) and
+            'role' (indicating whether the message is from the 'user' or the 'assistant').
+         - '**$schema**': A string indicating the schema URL for the conversation format.
+
+         The 'content' for 'assistant' role messages may includes the messages that your callback returned.
+        :rtype: List[Dict[str, Any]]
+
+        **Output format**
+
+        .. code-block:: python
+
+            return_value = [
+                {
+                    'template_parameters': {},
+                    'messages': [
+                        {
+                            'content': '<adversarial query>',
+                            'role': 'user'
+                        },
+                        {
+                            'content': "<response from your callback>",
+                            'role': 'assistant',
+                            'context': None
+                        }
+                    ],
+                    '$schema': 'http://azureml/sdk-2-0/ChatConversation.json'
+                }]
+            }
+        """
+        # values that cannot be changed:
+        scenario = AdversarialScenarioJailbreak.ADVERSARIAL_INDIRECT_JAILBREAK
+        max_conversation_turns = 2
+        language = SupportedLanguages.English
+        self._ensure_service_dependencies()
+        templates = await self.adversarial_template_handler._get_content_harm_template_collections(scenario.value)
+        concurrent_async_task = min(concurrent_async_task, 1000)
+        semaphore = asyncio.Semaphore(concurrent_async_task)
+        sim_results = []
+        tasks = []
+        total_tasks = sum(len(t.template_parameters) for t in templates)
+        if max_simulation_results > total_tasks:
+            logger.warning(
+                "Cannot provide %s results due to maximum number of adversarial simulations that can be generated: %s."
+                "\n %s simulations will be generated.",
+                max_simulation_results,
+                total_tasks,
+                total_tasks,
+            )
+        total_tasks = min(total_tasks, max_simulation_results)
+        progress_bar = tqdm(
+            total=total_tasks,
+            desc="generating jailbreak simulations",
+            ncols=100,
+            unit="simulations",
+        )
+        for template in templates:
+            for parameter in template.template_parameters:
+                tasks.append(
+                    asyncio.create_task(
+                        self._simulate_async(
+                            target=target,
+                            template=template,
+                            parameters=parameter,
+                            max_conversation_turns=max_conversation_turns,
+                            api_call_retry_limit=api_call_retry_limit,
+                            api_call_retry_sleep_sec=api_call_retry_sleep_sec,
+                            api_call_delay_sec=api_call_delay_sec,
+                            language=language,
+                            semaphore=semaphore,
+                        )
+                    )
+                )
+                if len(tasks) >= max_simulation_results:
+                    break
+            if len(tasks) >= max_simulation_results:
+                break
+        for task in asyncio.as_completed(tasks):
+            completed_task = await task  # type: ignore
+            template_parameters = completed_task.get("template_parameters", {})  # type: ignore
+            xpia_attack_type = template_parameters.get("xpia_attack_type", "")  # type: ignore
+            action = template_parameters.get("action", "")  # type: ignore
+            document_type = template_parameters.get("document_type", "")  # type: ignore
+            sim_results.append(
+                {
+                    "messages": completed_task["messages"],  # type: ignore
+                    "$schema": "http://azureml/sdk-2-0/ChatConversation.json",
+                    "template_parameters": {
+                        "metadata": {
+                            "xpia_attack_type": xpia_attack_type,
+                            "action": action,
+                            "document_type": document_type,
+                        },
+                    },
+                }
+            )
+            progress_bar.update(1)
+        progress_bar.close()
+        return JsonLineList(sim_results)

azure/ai/evaluation/simulator/_model_tools/__init__.py

@@ -0,0 +1,23 @@
+# ---------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# ---------------------------------------------------------
+
+"""Tooling for model evaluation"""
+
+from ._identity_manager import ManagedIdentityAPITokenManager, PlainTokenManager, TokenScope
+from ._proxy_completion_model import ProxyChatCompletionsModel
+from ._rai_client import RAIClient
+from ._template_handler import CONTENT_HARM_TEMPLATES_COLLECTION_KEY, AdversarialTemplateHandler
+from .models import LLMBase, OpenAIChatCompletionsModel
+
+__all__ = [
+    "ManagedIdentityAPITokenManager",
+    "PlainTokenManager",
+    "TokenScope",
+    "RAIClient",
+    "AdversarialTemplateHandler",
+    "CONTENT_HARM_TEMPLATES_COLLECTION_KEY",
+    "ProxyChatCompletionsModel",
+    "LLMBase",
+    "OpenAIChatCompletionsModel",
+]