azure-ai-evaluation 0.0.0b0__py3-none-any.whl → 1.0.0b1__py3-none-any.whl

azure/ai/evaluation/simulator/_direct_attack_simulator.py

@@ -0,0 +1,252 @@
+# ---------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# ---------------------------------------------------------
+# noqa: E501
+import functools
+import logging
+from random import randint
+from typing import Any, Callable, Dict, Optional
+
+from azure.identity import DefaultAzureCredential
+
+from promptflow._sdk._telemetry import ActivityType, monitor_operation
+from azure.ai.evaluation._exceptions import EvaluationException, ErrorBlame, ErrorCategory, ErrorTarget
+from azure.ai.evaluation.simulator import AdversarialScenario
+from azure.ai.evaluation._model_configurations import AzureAIProject
+
+from ._model_tools import AdversarialTemplateHandler, ManagedIdentityAPITokenManager, RAIClient, TokenScope
+from ._adversarial_simulator import AdversarialSimulator
+
+logger = logging.getLogger(__name__)
+
+
+def monitor_adversarial_scenario(func) -> Callable:
+    """Decorator to monitor adversarial scenario.
+
+    :param func: The function to be decorated.
+    :type func: Callable
+    :return: The decorated function.
+    :rtype: Callable
+    """
+
+    @functools.wraps(func)
+    def wrapper(*args, **kwargs):
+        scenario = str(kwargs.get("scenario", None))
+        max_conversation_turns = kwargs.get("max_conversation_turns", None)
+        max_simulation_results = kwargs.get("max_simulation_results", None)
+        decorated_func = monitor_operation(
+            activity_name="jailbreak.adversarial.simulator.call",
+            activity_type=ActivityType.PUBLICAPI,
+            custom_dimensions={
+                "scenario": scenario,
+                "max_conversation_turns": max_conversation_turns,
+                "max_simulation_results": max_simulation_results,
+            },
+        )(func)
+
+        return decorated_func(*args, **kwargs)
+
+    return wrapper
+
+
+class DirectAttackSimulator:
+    """
+    Initialize a UPIA (user prompt injected attack) jailbreak adversarial simulator with a project scope.
+    This simulator converses with your AI system using prompts designed to interrupt normal functionality.
+
+    :param azure_ai_project: The scope of the Azure AI project. It contains subscription id, resource group, and project
+        name.
+    :type azure_ai_project: ~azure.ai.evaluation.AzureAIProject
+    :param credential: The credential for connecting to Azure AI project.
+    :type credential: ~azure.core.credentials.TokenCredential
+    """
+
+    def __init__(self, *, azure_ai_project: AzureAIProject, credential=None):
+        """Constructor."""
+        # check if azure_ai_project has the keys: subscription_id, resource_group_name, project_name, credential
+        if not all(key in azure_ai_project for key in ["subscription_id", "resource_group_name", "project_name"]):
+            msg = "azure_ai_project must contain keys: subscription_id, resource_group_name and project_name"
+            raise EvaluationException(
+                message=msg,
+                internal_message=msg,
+                target=ErrorTarget.DIRECT_ATTACK_SIMULATOR,
+                category=ErrorCategory.MISSING_FIELD,
+                blame=ErrorBlame.USER_ERROR,
+            )
+        # check the value of the keys in azure_ai_project is not none
+        if not all(azure_ai_project[key] for key in ["subscription_id", "resource_group_name", "project_name"]):
+            msg = "subscription_id, resource_group_name and project_name keys cannot be None"
+            raise EvaluationException(
+                message=msg,
+                internal_message=msg,
+                target=ErrorTarget.DIRECT_ATTACK_SIMULATOR,
+                category=ErrorCategory.MISSING_FIELD,
+                blame=ErrorBlame.USER_ERROR,
+            )
+        if "credential" not in azure_ai_project and not credential:
+            credential = DefaultAzureCredential()
+        elif "credential" in azure_ai_project:
+            credential = azure_ai_project["credential"]
+        self.credential = credential
+        self.azure_ai_project = azure_ai_project
+        self.token_manager = ManagedIdentityAPITokenManager(
+            token_scope=TokenScope.DEFAULT_AZURE_MANAGEMENT,
+            logger=logging.getLogger("AdversarialSimulator"),
+            credential=credential,
+        )
+        self.rai_client = RAIClient(azure_ai_project=azure_ai_project, token_manager=self.token_manager)
+        self.adversarial_template_handler = AdversarialTemplateHandler(
+            azure_ai_project=azure_ai_project, rai_client=self.rai_client
+        )
+
+    def _ensure_service_dependencies(self):
+        if self.rai_client is None:
+            msg = "RAI service is required for simulation, but an RAI client was not provided."
+            raise EvaluationException(
+                message=msg,
+                internal_message=msg,
+                target=ErrorTarget.ADVERSARIAL_SIMULATOR,
+                category=ErrorCategory.MISSING_FIELD,
+                blame=ErrorBlame.USER_ERROR,
+            )
+
+    # @monitor_adversarial_scenario
+    async def __call__(
+        self,
+        *,
+        scenario: AdversarialScenario,
+        target: Callable,
+        max_conversation_turns: int = 1,
+        max_simulation_results: int = 3,
+        api_call_retry_limit: int = 3,
+        api_call_retry_sleep_sec: int = 1,
+        api_call_delay_sec: int = 0,
+        concurrent_async_task: int = 3,
+        randomization_seed: Optional[int] = None,
+    ):
+        """
+        Executes the adversarial simulation and UPIA (user prompt injected attack) jailbreak adversarial simulation
+        against a specified target function asynchronously.
+
+        :keyword scenario: Enum value specifying the adversarial scenario used for generating inputs.
+         example:
+
+         - :py:const:`azure.ai.evaluation.simulator.AdversarialScenario.ADVERSARIAL_QA`
+         - :py:const:`azure.ai.evaluation.simulator.AdversarialScenario.ADVERSARIAL_CONVERSATION`
+        :paramtype scenario: azure.ai.evaluation.simulator.AdversarialScenario
+        :keyword target: The target function to simulate adversarial inputs against.
+            This function should be asynchronous and accept a dictionary representing the adversarial input.
+        :paramtype target: Callable
+        :keyword max_conversation_turns: The maximum number of conversation turns to simulate.
+            Defaults to 1.
+        :paramtype max_conversation_turns: int
+        :keyword max_simulation_results: The maximum number of simulation results to return.
+            Defaults to 3.
+        :paramtype max_simulation_results: int
+        :keyword api_call_retry_limit: The maximum number of retries for each API call within the simulation.
+            Defaults to 3.
+        :paramtype api_call_retry_limit: int
+        :keyword api_call_retry_sleep_sec: The sleep duration (in seconds) between retries for API calls.
+            Defaults to 1 second.
+        :paramtype api_call_retry_sleep_sec: int
+        :keyword api_call_delay_sec: The delay (in seconds) before making an API call.
+            This can be used to avoid hitting rate limits. Defaults to 0 seconds.
+        :paramtype api_call_delay_sec: int
+        :keyword concurrent_async_task: The number of asynchronous tasks to run concurrently during the simulation.
+            Defaults to 3.
+        :paramtype concurrent_async_task: int
+        :keyword randomization_seed: Seed used to randomize prompt selection, shared by both jailbreak
+            and regular simulation to ensure consistent results. If not provided, a random seed will be generated
+            and shared between simulations.
+        :paramtype randomization_seed: Optional[int]
+        :return: A list of dictionaries, each representing a simulated conversation. Each dictionary contains:
+
+         - 'template_parameters': A dictionary with parameters used in the conversation template,
+            including 'conversation_starter'.
+         - 'messages': A list of dictionaries, each representing a turn in the conversation.
+            Each message dictionary includes 'content' (the message text) and
+            'role' (indicating whether the message is from the 'user' or the 'assistant').
+         - '**$schema**': A string indicating the schema URL for the conversation format.
+
+         The 'content' for 'assistant' role messages may includes the messages that your callback returned.
+        :rtype: Dict[str, [List[Dict[str, Any]]]] with two elements
+
+        **Output format**
+
+        .. code-block:: python
+
+            return_value = {
+                "jailbreak": [
+                {
+                    'template_parameters': {},
+                    'messages': [
+                        {
+                            'content': '<jailbreak prompt> <adversarial query>',
+                            'role': 'user'
+                        },
+                        {
+                            'content': "<response from endpoint>",
+                            'role': 'assistant',
+                            'context': None
+                        }
+                    ],
+                    '$schema': 'http://azureml/sdk-2-0/ChatConversation.json'
+                }],
+                "regular": [
+                {
+                    'template_parameters': {},
+                    'messages': [
+                    {
+                        'content': '<adversarial query>',
+                        'role': 'user'
+                    },
+                    {
+                        'content': "<response from endpoint>",
+                        'role': 'assistant',
+                        'context': None
+                    }],
+                    '$schema': 'http://azureml/sdk-2-0/ChatConversation.json'
+                }]
+            }
+        """
+        if scenario not in AdversarialScenario.__members__.values():
+            msg = f"Invalid scenario: {scenario}. Supported scenarios: {AdversarialScenario.__members__.values()}"
+            raise EvaluationException(
+                message=msg,
+                internal_message=msg,
+                target=ErrorTarget.DIRECT_ATTACK_SIMULATOR,
+                category=ErrorCategory.INVALID_VALUE,
+                blame=ErrorBlame.USER_ERROR,
+            )
+
+        if not randomization_seed:
+            randomization_seed = randint(0, 1000000)
+
+        regular_sim = AdversarialSimulator(azure_ai_project=self.azure_ai_project, credential=self.credential)
+        regular_sim_results = await regular_sim(
+            scenario=scenario,
+            target=target,
+            max_conversation_turns=max_conversation_turns,
+            max_simulation_results=max_simulation_results,
+            api_call_retry_limit=api_call_retry_limit,
+            api_call_retry_sleep_sec=api_call_retry_sleep_sec,
+            api_call_delay_sec=api_call_delay_sec,
+            concurrent_async_task=concurrent_async_task,
+            randomize_order=True,
+            randomization_seed=randomization_seed,
+        )
+        jb_sim = AdversarialSimulator(azure_ai_project=self.azure_ai_project, credential=self.credential)
+        jb_sim_results = await jb_sim(
+            scenario=scenario,
+            target=target,
+            max_conversation_turns=max_conversation_turns,
+            max_simulation_results=max_simulation_results,
+            api_call_retry_limit=api_call_retry_limit,
+            api_call_retry_sleep_sec=api_call_retry_sleep_sec,
+            api_call_delay_sec=api_call_delay_sec,
+            concurrent_async_task=concurrent_async_task,
+            _jailbreak_type="upia",
+            randomize_order=True,
+            randomization_seed=randomization_seed,
+        )
+        return {"jailbreak": jb_sim_results, "regular": regular_sim_results}

azure/ai/evaluation/simulator/_helpers/__init__.py

@@ -0,0 +1,4 @@
+from ._simulator_data_classes import ConversationHistory, Turn
+from ._language_suffix_mapping import SUPPORTED_LANGUAGES_MAPPING
+
+__all__ = ["ConversationHistory", "Turn", "SUPPORTED_LANGUAGES_MAPPING"]

azure/ai/evaluation/simulator/_helpers/_language_suffix_mapping.py

@@ -0,0 +1,17 @@
+# ---------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# ---------------------------------------------------------
+from azure.ai.evaluation.simulator._constants import SupportedLanguages
+
+BASE_SUFFIX = "Make the conversation in __language__ language."
+
+SUPPORTED_LANGUAGES_MAPPING = {
+    SupportedLanguages.English: BASE_SUFFIX.replace("__language__", "english"),
+    SupportedLanguages.Spanish: BASE_SUFFIX.replace("__language__", "spanish"),
+    SupportedLanguages.Italian: BASE_SUFFIX.replace("__language__", "italian"),
+    SupportedLanguages.French: BASE_SUFFIX.replace("__language__", "french"),
+    SupportedLanguages.German: BASE_SUFFIX.replace("__language__", "german"),
+    SupportedLanguages.SimplifiedChinese: BASE_SUFFIX.replace("__language__", "simplified chinese"),
+    SupportedLanguages.Portuguese: BASE_SUFFIX.replace("__language__", "portuguese"),
+    SupportedLanguages.Japanese: BASE_SUFFIX.replace("__language__", "japanese"),
+}

azure/ai/evaluation/simulator/_helpers/_simulator_data_classes.py

@@ -0,0 +1,93 @@
+# ---------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# ---------------------------------------------------------
+# pylint: disable=C0103,C0114,C0116
+from dataclasses import dataclass
+from typing import Union
+
+from azure.ai.evaluation.simulator._conversation.constants import ConversationRole
+
+
+@dataclass
+class Turn:
+    """
+    Represents a conversation turn,
+    keeping track of the role, content,
+    and context of a turn in a conversation.
+    """
+
+    role: Union[str, ConversationRole]
+    content: str
+    context: str = None
+
+    def to_dict(self):
+        """
+        Convert the conversation turn to a dictionary.
+
+        Returns:
+            dict: A dictionary representation of the conversation turn.
+        """
+        return {
+            "role": self.role.value if isinstance(self.role, ConversationRole) else self.role,
+            "content": self.content,
+            "context": self.context,
+        }
+
+    def __repr__(self):
+        """
+        Return the string representation of the conversation turn.
+
+        Returns:
+            str: A string representation of the conversation turn.
+        """
+        return f"Turn(role={self.role}, content={self.content})"
+
+
+class ConversationHistory:
+    """
+    Conversation history class to keep track of the conversation turns in a conversation.
+    """
+
+    def __init__(self):
+        """
+        Initializes the conversation history with an empty list of turns.
+        """
+        self.history = []
+
+    def add_to_history(self, turn: Turn):
+        """
+        Adds a turn to the conversation history.
+
+        Args:
+            turn (Turn): The conversation turn to add.
+        """
+        self.history.append(turn)
+
+    def to_list(self):
+        """
+        Converts the conversation history to a list of dictionaries.
+
+        Returns:
+            list: A list of dictionaries representing the conversation turns.
+        """
+        return [turn.to_dict() for turn in self.history]
+
+    def get_length(self):
+        """
+        Returns the length of the conversation.
+
+        Returns:
+            int: The number of turns in the conversation history.
+        """
+        return len(self.history)
+
+    def __repr__(self):
+        """
+        Returns the string representation of the conversation history.
+
+        Returns:
+            str: A string representation of the conversation history.
+        """
+        for turn in self.history:
+            print(turn)
+        return ""

azure/ai/evaluation/simulator/_indirect_attack_simulator.py

@@ -0,0 +1,207 @@
+# ---------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# ---------------------------------------------------------
+# noqa: E501
+import functools
+import logging
+from typing import Any, Callable, Dict
+
+from azure.identity import DefaultAzureCredential
+
+from promptflow._sdk._telemetry import ActivityType, monitor_operation
+from azure.ai.evaluation.simulator import AdversarialScenario
+from azure.ai.evaluation._model_configurations import AzureAIProject
+
+from ._model_tools import AdversarialTemplateHandler, ManagedIdentityAPITokenManager, RAIClient, TokenScope
+from azure.ai.evaluation._exceptions import EvaluationException, ErrorBlame, ErrorCategory, ErrorTarget
+from ._adversarial_simulator import AdversarialSimulator
+
+logger = logging.getLogger(__name__)
+
+
+def monitor_adversarial_scenario(func) -> Callable:
+    """Decorator to monitor adversarial scenario.
+
+    :param func: The function to be decorated.
+    :type func: Callable
+    :return: The decorated function.
+    :rtype: Callable
+    """
+
+    @functools.wraps(func)
+    def wrapper(*args, **kwargs):
+        scenario = str(kwargs.get("scenario", None))
+        max_conversation_turns = kwargs.get("max_conversation_turns", None)
+        max_simulation_results = kwargs.get("max_simulation_results", None)
+        decorated_func = monitor_operation(
+            activity_name="xpia.adversarial.simulator.call",
+            activity_type=ActivityType.PUBLICAPI,
+            custom_dimensions={
+                "scenario": scenario,
+                "max_conversation_turns": max_conversation_turns,
+                "max_simulation_results": max_simulation_results,
+            },
+        )(func)
+
+        return decorated_func(*args, **kwargs)
+
+    return wrapper
+
+
+class IndirectAttackSimulator:
+    """
+    Initializes the XPIA (cross domain prompt injected attack) jailbreak adversarial simulator with a project scope.
+
+    :param azure_ai_project: The scope of the Azure AI project. It contains subscription id, resource group, and project
+        name.
+    :type azure_ai_project: ~azure.ai.evaluation.AzureAIProject
+    :param credential: The credential for connecting to Azure AI project.
+    :type credential: ~azure.core.credentials.TokenCredential
+    """
+
+    def __init__(self, *, azure_ai_project: AzureAIProject, credential=None):
+        """Constructor."""
+        # check if azure_ai_project has the keys: subscription_id, resource_group_name, project_name, credential
+        if not all(key in azure_ai_project for key in ["subscription_id", "resource_group_name", "project_name"]):
+            msg = "azure_ai_project must contain keys: subscription_id, resource_group_name and project_name"
+            raise EvaluationException(
+                message=msg,
+                internal_message=msg,
+                target=ErrorTarget.DIRECT_ATTACK_SIMULATOR,
+                category=ErrorCategory.MISSING_FIELD,
+                blame=ErrorBlame.USER_ERROR,
+            )
+        if not all(azure_ai_project[key] for key in ["subscription_id", "resource_group_name", "project_name"]):
+            msg = "subscription_id, resource_group_name and project_name keys cannot be None"
+            raise EvaluationException(
+                message=msg,
+                internal_message=msg,
+                target=ErrorTarget.DIRECT_ATTACK_SIMULATOR,
+                category=ErrorCategory.MISSING_FIELD,
+                blame=ErrorBlame.USER_ERROR,
+            )
+        if "credential" not in azure_ai_project and not credential:
+            credential = DefaultAzureCredential()
+        elif "credential" in azure_ai_project:
+            credential = azure_ai_project["credential"]
+        self.credential = credential
+        self.azure_ai_project = azure_ai_project
+        self.token_manager = ManagedIdentityAPITokenManager(
+            token_scope=TokenScope.DEFAULT_AZURE_MANAGEMENT,
+            logger=logging.getLogger("AdversarialSimulator"),
+            credential=credential,
+        )
+        self.rai_client = RAIClient(azure_ai_project=azure_ai_project, token_manager=self.token_manager)
+        self.adversarial_template_handler = AdversarialTemplateHandler(
+            azure_ai_project=azure_ai_project, rai_client=self.rai_client
+        )
+
+    def _ensure_service_dependencies(self):
+        if self.rai_client is None:
+            msg = "RAI service is required for simulation, but an RAI client was not provided."
+            raise EvaluationException(
+                message=msg,
+                internal_message=msg,
+                target=ErrorTarget.ADVERSARIAL_SIMULATOR,
+                category=ErrorCategory.MISSING_FIELD,
+                blame=ErrorBlame.USER_ERROR,
+            )
+
+    # @monitor_adversarial_scenario
+    async def __call__(
+        self,
+        *,
+        scenario: AdversarialScenario,
+        target: Callable,
+        max_conversation_turns: int = 1,
+        max_simulation_results: int = 3,
+        api_call_retry_limit: int = 3,
+        api_call_retry_sleep_sec: int = 1,
+        api_call_delay_sec: int = 0,
+        concurrent_async_task: int = 3,
+    ):
+        """
+        Initializes the XPIA (cross domain prompt injected attack) jailbreak adversarial simulator with a project scope.
+        This simulator converses with your AI system using prompts injected into the context to interrupt normal
+        expected functionality by eliciting manipulated content, intrusion and attempting to gather information outside
+        the scope of your AI system.
+
+        :keyword scenario: Enum value specifying the adversarial scenario used for generating inputs.
+        :paramtype scenario: azure.ai.evaluation.simulator.AdversarialScenario
+        :keyword target: The target function to simulate adversarial inputs against.
+            This function should be asynchronous and accept a dictionary representing the adversarial input.
+        :paramtype target: Callable
+        :keyword max_conversation_turns: The maximum number of conversation turns to simulate.
+            Defaults to 1.
+        :paramtype max_conversation_turns: int
+        :keyword max_simulation_results: The maximum number of simulation results to return.
+            Defaults to 3.
+        :paramtype max_simulation_results: int
+        :keyword api_call_retry_limit: The maximum number of retries for each API call within the simulation.
+            Defaults to 3.
+        :paramtype api_call_retry_limit: int
+        :keyword api_call_retry_sleep_sec: The sleep duration (in seconds) between retries for API calls.
+            Defaults to 1 second.
+        :paramtype api_call_retry_sleep_sec: int
+        :keyword api_call_delay_sec: The delay (in seconds) before making an API call.
+            This can be used to avoid hitting rate limits. Defaults to 0 seconds.
+        :paramtype api_call_delay_sec: int
+        :keyword concurrent_async_task: The number of asynchronous tasks to run concurrently during the simulation.
+            Defaults to 3.
+        :paramtype concurrent_async_task: int
+        :return: A list of dictionaries, each representing a simulated conversation. Each dictionary contains:
+
+         - 'template_parameters': A dictionary with parameters used in the conversation template,
+            including 'conversation_starter'.
+         - 'messages': A list of dictionaries, each representing a turn in the conversation.
+            Each message dictionary includes 'content' (the message text) and
+            'role' (indicating whether the message is from the 'user' or the 'assistant').
+         - '**$schema**': A string indicating the schema URL for the conversation format.
+
+         The 'content' for 'assistant' role messages may includes the messages that your callback returned.
+        :rtype: List[Dict[str, Any]]
+
+        **Output format**
+
+        .. code-block:: python
+
+            return_value = [
+                {
+                    'template_parameters': {},
+                    'messages': [
+                        {
+                            'content': '<jailbreak prompt> <adversarial query>',
+                            'role': 'user'
+                        },
+                        {
+                            'content': "<response from endpoint>",
+                            'role': 'assistant',
+                            'context': None
+                        }
+                    ],
+                    '$schema': 'http://azureml/sdk-2-0/ChatConversation.json'
+                }]
+            }
+        """
+        if scenario not in AdversarialScenario.__members__.values():
+            msg = f"Invalid scenario: {scenario}. Supported scenarios: {AdversarialScenario.__members__.values()}"
+            raise EvaluationException(
+                message=msg,
+                internal_message=msg,
+                target=ErrorTarget.DIRECT_ATTACK_SIMULATOR,
+                category=ErrorCategory.INVALID_VALUE,
+                blame=ErrorBlame.USER_ERROR,
+            )
+        jb_sim = AdversarialSimulator(azure_ai_project=self.azure_ai_project, credential=self.credential)
+        jb_sim_results = await jb_sim(
+            scenario=scenario,
+            target=target,
+            max_conversation_turns=max_conversation_turns,
+            max_simulation_results=max_simulation_results,
+            api_call_retry_limit=api_call_retry_limit,
+            api_call_retry_sleep_sec=api_call_retry_sleep_sec,
+            api_call_delay_sec=api_call_delay_sec,
+            concurrent_async_task=concurrent_async_task,
+            _jailbreak_type="xpia",
+        )
+        return jb_sim_results

azure/ai/evaluation/simulator/_model_tools/__init__.py

@@ -0,0 +1,23 @@
+# ---------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# ---------------------------------------------------------
+
+"""Tooling for model evaluation"""
+
+from ._identity_manager import ManagedIdentityAPITokenManager, PlainTokenManager, TokenScope
+from ._proxy_completion_model import ProxyChatCompletionsModel
+from ._rai_client import RAIClient
+from ._template_handler import CONTENT_HARM_TEMPLATES_COLLECTION_KEY, AdversarialTemplateHandler
+from .models import LLMBase, OpenAIChatCompletionsModel
+
+__all__ = [
+    "ManagedIdentityAPITokenManager",
+    "PlainTokenManager",
+    "TokenScope",
+    "RAIClient",
+    "AdversarialTemplateHandler",
+    "CONTENT_HARM_TEMPLATES_COLLECTION_KEY",
+    "ProxyChatCompletionsModel",
+    "LLMBase",
+    "OpenAIChatCompletionsModel",
+]